Disallow handshake messages in the middle of early_data

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
2017-02-23 12:36:35 +00:00 · 2017-02-23 12:36:35 +00:00 · 10109364bf
commit 10109364bf
parent c117af6765
1 changed files with 6 additions and 0 deletions
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@ -129,6 +129,12 @@ static int ossl_statem_server13_read_transition(SSL *s, int mt)
        break;

    case TLS_ST_OK:
+        /*
+         * Its never ok to start processing handshake messages in the middle of
+         * early data (i.e. before we've received the end of early data alert)
+         */
+        if (s->early_data_state == SSL_EARLY_DATA_READING)
+            break;
        if (mt == SSL3_MT_KEY_UPDATE) {
            st->hand_state = TLS_ST_SR_KEY_UPDATE;
            return 1;