diff options
| author | Matt Caswell <matt@openssl.org> | 2017-02-25 15:59:44 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-03-02 17:44:16 +0000 |
| commit | d7f8783ff9e88ad34e010564d721a55a48c6d674 (patch) | |
| tree | 42f45aced29f5db352b88a6f27a75567af7cd3ea | |
| parent | 564547e482406c2d4c56a59e288b3a479dac2d74 (diff) | |
| download | openssl-d7f8783ff9e88ad34e010564d721a55a48c6d674.tar.gz | |
Enable the server to call SSL_write() without stopping the ability to call SSL_read_early()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
| -rw-r--r-- | include/openssl/ssl.h | 4 | ||||
| -rw-r--r-- | ssl/statem/statem.c | 8 | ||||
| -rw-r--r-- | ssl/statem/statem_clnt.c | 14 | ||||
| -rw-r--r-- | ssl/statem/statem_srvr.c | 7 |
4 files changed, 20 insertions, 13 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index dabcc4a6a2..38185975be 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -900,8 +900,8 @@ typedef enum { TLS_ST_CW_KEY_UPDATE, TLS_ST_SR_KEY_UPDATE, TLS_ST_CR_KEY_UPDATE, - TLS_ST_CW_EARLY_DATA, - TLS_ST_CW_PENDING_EARLY_DATA_END + TLS_ST_EARLY_DATA, + TLS_ST_PENDING_EARLY_DATA_END } OSSL_HANDSHAKE_STATE; /* diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index a1807f2a40..50c4345971 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -170,9 +170,11 @@ int ossl_statem_skip_early_data(SSL *s) void ossl_statem_check_finish_init(SSL *s, int send) { - if ((send && s->statem.hand_state == TLS_ST_CW_PENDING_EARLY_DATA_END) - || (!send && s->statem.hand_state == TLS_ST_CW_EARLY_DATA)) - ossl_statem_set_in_init(s, 1); + if (!s->server) { + if ((send && s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END) + || (!send && s->statem.hand_state == TLS_ST_EARLY_DATA)) + ossl_statem_set_in_init(s, 1); + } } void ossl_statem_set_hello_verify_done(SSL *s) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 6fdb37ec7a..9a29ab5b8b 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -253,7 +253,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) } break; - case TLS_ST_CW_EARLY_DATA: + case TLS_ST_EARLY_DATA: /* * We've not actually selected TLSv1.3 yet, but we have sent early * data. The only thing allowed now is a ServerHello or a @@ -436,13 +436,13 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s) case TLS_ST_CR_FINISHED: if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) - st->hand_state = TLS_ST_CW_PENDING_EARLY_DATA_END; + st->hand_state = TLS_ST_PENDING_EARLY_DATA_END; else st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT : TLS_ST_CW_FINISHED; return WRITE_TRAN_CONTINUE; - case TLS_ST_CW_PENDING_EARLY_DATA_END: + case TLS_ST_PENDING_EARLY_DATA_END: st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT : TLS_ST_CW_FINISHED; return WRITE_TRAN_CONTINUE; @@ -521,7 +521,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) * We are assuming this is a TLSv1.3 connection, although we haven't * actually selected a version yet. */ - st->hand_state = TLS_ST_CW_EARLY_DATA; + st->hand_state = TLS_ST_EARLY_DATA; return WRITE_TRAN_CONTINUE; } /* @@ -530,7 +530,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) */ return WRITE_TRAN_FINISHED; - case TLS_ST_CW_EARLY_DATA: + case TLS_ST_EARLY_DATA: return WRITE_TRAN_FINISHED; case DTLS_ST_CR_HELLO_VERIFY_REQUEST: @@ -666,8 +666,8 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst) } break; - case TLS_ST_CW_EARLY_DATA: - case TLS_ST_CW_PENDING_EARLY_DATA_END: + case TLS_ST_EARLY_DATA: + case TLS_ST_PENDING_EARLY_DATA_END: case TLS_ST_OK: return tls_finish_handshake(s, wst, 1); } diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 2b0ff57bad..9d15252a9f 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -93,6 +93,7 @@ static int ossl_statem_server13_read_transition(SSL *s, int mt) } break; + case TLS_ST_EARLY_DATA: case TLS_ST_SW_FINISHED: if (s->s3->tmp.cert_request) { if (mt == SSL3_MT_CERTIFICATE) { @@ -461,11 +462,14 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) case TLS_ST_SW_FINISHED: if (s->early_data_state == SSL_EARLY_DATA_ACCEPTING) { - st->hand_state = TLS_ST_OK; + st->hand_state = TLS_ST_EARLY_DATA; return WRITE_TRAN_CONTINUE; } return WRITE_TRAN_FINISHED; + case TLS_ST_EARLY_DATA: + return WRITE_TRAN_FINISHED; + case TLS_ST_SR_FINISHED: /* * Technically we have finished the handshake at this point, but we're @@ -703,6 +707,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) } return WORK_FINISHED_CONTINUE; + case TLS_ST_EARLY_DATA: case TLS_ST_OK: return tls_finish_handshake(s, wst, 1); } |