diff options
| -rw-r--r-- | include/openssl/ssl.h | 1 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 25 | ||||
| -rw-r--r-- | ssl/statem/statem.c | 14 | ||||
| -rw-r--r-- | util/libssl.num | 7 |
4 files changed, 26 insertions, 21 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 38185975be..8445ccd03c 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1626,7 +1626,6 @@ __owur int SSL_write(SSL *ssl, const void *buf, int num); __owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); __owur int SSL_write_early(SSL *s, const void *buf, size_t num, size_t *written); -__owur int SSL_write_early_finish(SSL *s); long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); long SSL_callback_ctrl(SSL *, int, void (*)(void)); long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index baeb3bbec8..5ec116e9f0 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -105,6 +105,8 @@ static const struct { }, }; +static int ssl_write_early_finish(SSL *s); + static int dane_ctx_enable(struct dane_ctx_st *dctx) { const EVP_MD **mdevp; @@ -1753,7 +1755,7 @@ int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written) * We're still writing early data. We need to stop that so we can write * normal data */ - if (!SSL_write_early_finish(s)) + if (!ssl_write_early_finish(s)) return 0; } else if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) { @@ -1853,7 +1855,7 @@ int SSL_write_early(SSL *s, const void *buf, size_t num, size_t *written) } } -int SSL_write_early_finish(SSL *s) +static int ssl_write_early_finish(SSL *s) { int ret; @@ -3242,21 +3244,14 @@ int SSL_do_handshake(SSL *s) return -1; } - if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY - || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) { - /* - * We skip this if we were called via SSL_read_early() or - * SSL_write_early() - */ - if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) { - int edfin; + if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) { + int edfin; - edfin = SSL_write_early_finish(s); - if (edfin <= 0) - return edfin; - } - ossl_statem_set_in_init(s, 1); + edfin = ssl_write_early_finish(s); + if (edfin <= 0) + return edfin; } + ossl_statem_check_finish_init(s, -1); s->method->ssl_renegotiate_check(s, 0); diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 8a251ea1e7..11cbe551a6 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -168,9 +168,21 @@ int ossl_statem_skip_early_data(SSL *s) return 1; } +/* + * Called when we are in SSL_read*(), SSL_write*(), or SSL_accept() + * /SSL_connect()/SSL_do_handshake(). Used to test whether we are in an early + * data state and whether we should attempt to move the handshake on if so. + * |send| is 1 if we are attempting to send data (SSL_write*()), 0 if we are + * attempting to read data (SSL_read*()), or -1 if we are in SSL_do_handshake() + * or similar. + */ void ossl_statem_check_finish_init(SSL *s, int send) { - if (!s->server) { + if (send == -1) { + if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END + || s->statem.hand_state == TLS_ST_EARLY_DATA) + ossl_statem_set_in_init(s, 1); + } else if (!s->server) { if ((send && s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END && s->early_data_state != SSL_EARLY_DATA_WRITING) || (!send && s->statem.hand_state == TLS_ST_EARLY_DATA)) diff --git a/util/libssl.num b/util/libssl.num index 471180160f..fdc66d731f 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -429,7 +429,6 @@ SSL_CTX_set_max_early_data 429 1_1_1 EXIST::FUNCTION: SSL_get_max_early_data 430 1_1_1 EXIST::FUNCTION: SSL_CTX_get_max_early_data 431 1_1_1 EXIST::FUNCTION: SSL_write_early 432 1_1_1 EXIST::FUNCTION: -SSL_write_early_finish 433 1_1_1 EXIST::FUNCTION: -SSL_read_early 434 1_1_1 EXIST::FUNCTION: -SSL_get_early_data_status 435 1_1_1 EXIST::FUNCTION: -SSL_SESSION_get_max_early_data 436 1_1_1 EXIST::FUNCTION: +SSL_read_early 433 1_1_1 EXIST::FUNCTION: +SSL_get_early_data_status 434 1_1_1 EXIST::FUNCTION: +SSL_SESSION_get_max_early_data 435 1_1_1 EXIST::FUNCTION: |