wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Enable the server to call SSL_write() without stopping the ability to call SSL_read_early()

Browse source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
This commit is contained in:
Matt Caswell 2017-02-25 15:59:44 +00:00
parent 564547e482
commit d7f8783ff9
4 changed files with 20 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
include/openssl/ssl.h
View file

@ -900,8 +900,8 @@ typedef enum {
TLS_ST_CW_KEY_UPDATE,
TLS_ST_SR_KEY_UPDATE,
TLS_ST_CR_KEY_UPDATE,
TLS_ST_CW_EARLY_DATA,
TLS_ST_CW_PENDING_EARLY_DATA_END
TLS_ST_EARLY_DATA,
TLS_ST_PENDING_EARLY_DATA_END
} OSSL_HANDSHAKE_STATE;
/*

8
ssl/statem/statem.c
View file

@ -170,9 +170,11 @@ int ossl_statem_skip_early_data(SSL *s)
void ossl_statem_check_finish_init(SSL *s, int send)
{
if ((send && s->statem.hand_state == TLS_ST_CW_PENDING_EARLY_DATA_END)
|| (!send && s->statem.hand_state == TLS_ST_CW_EARLY_DATA))
ossl_statem_set_in_init(s, 1);
if (!s->server) {
if ((send && s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END)
|| (!send && s->statem.hand_state == TLS_ST_EARLY_DATA))
ossl_statem_set_in_init(s, 1);
}
}
void ossl_statem_set_hello_verify_done(SSL *s)

14
ssl/statem/statem_clnt.c
View file

@ -253,7 +253,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
}
break;
case TLS_ST_CW_EARLY_DATA:
case TLS_ST_EARLY_DATA:
/*
* We've not actually selected TLSv1.3 yet, but we have sent early
* data. The only thing allowed now is a ServerHello or a
@ -436,13 +436,13 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
case TLS_ST_CR_FINISHED:
if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY)
st->hand_state = TLS_ST_CW_PENDING_EARLY_DATA_END;
st->hand_state = TLS_ST_PENDING_EARLY_DATA_END;
else
st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT
: TLS_ST_CW_FINISHED;
return WRITE_TRAN_CONTINUE;
case TLS_ST_CW_PENDING_EARLY_DATA_END:
case TLS_ST_PENDING_EARLY_DATA_END:
st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT
: TLS_ST_CW_FINISHED;
return WRITE_TRAN_CONTINUE;
@ -521,7 +521,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
* We are assuming this is a TLSv1.3 connection, although we haven't
* actually selected a version yet.
*/
st->hand_state = TLS_ST_CW_EARLY_DATA;
st->hand_state = TLS_ST_EARLY_DATA;
return WRITE_TRAN_CONTINUE;
}
/*
@ -530,7 +530,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
*/
return WRITE_TRAN_FINISHED;
case TLS_ST_CW_EARLY_DATA:
case TLS_ST_EARLY_DATA:
return WRITE_TRAN_FINISHED;
case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
@ -666,8 +666,8 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst)
}
break;
case TLS_ST_CW_EARLY_DATA:
case TLS_ST_CW_PENDING_EARLY_DATA_END:
case TLS_ST_EARLY_DATA:
case TLS_ST_PENDING_EARLY_DATA_END:
case TLS_ST_OK:
return tls_finish_handshake(s, wst, 1);
}

7
ssl/statem/statem_srvr.c
View file

@ -93,6 +93,7 @@ static int ossl_statem_server13_read_transition(SSL *s, int mt)
}
break;
case TLS_ST_EARLY_DATA:
case TLS_ST_SW_FINISHED:
if (s->s3->tmp.cert_request) {
if (mt == SSL3_MT_CERTIFICATE) {
@ -461,11 +462,14 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)
case TLS_ST_SW_FINISHED:
if (s->early_data_state == SSL_EARLY_DATA_ACCEPTING) {
st->hand_state = TLS_ST_OK;
st->hand_state = TLS_ST_EARLY_DATA;
return WRITE_TRAN_CONTINUE;
}
return WRITE_TRAN_FINISHED;
case TLS_ST_EARLY_DATA:
return WRITE_TRAN_FINISHED;
case TLS_ST_SR_FINISHED:
/*
* Technically we have finished the handshake at this point, but we're
@ -703,6 +707,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst)
}
return WORK_FINISHED_CONTINUE;
case TLS_ST_EARLY_DATA:
case TLS_ST_OK:
return tls_finish_handshake(s, wst, 1);
}