projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Update state machine to send CCS based on whether we did an HRR
[openssl.git]
/
ssl
/
statem
/
extensions.c
diff --git
a/ssl/statem/extensions.c
b/ssl/statem/extensions.c
index 988e91904438e6cfa16e94c650d820ce8f1eaf1e..026126d4d888fa703587922e91026fd112988561 100644
(file)
--- a/
ssl/statem/extensions.c
+++ b/
ssl/statem/extensions.c
@@
-1235,7
+1235,7
@@
static int final_key_share(SSL *s, unsigned int context, int sent)
*/
if (s->server && s->s3->peer_tmp == NULL) {
/* No suitable share */
*/
if (s->server && s->s3->peer_tmp == NULL) {
/* No suitable share */
- if (s->hello_retry_request ==
0
&& sent
+ if (s->hello_retry_request ==
SSL_HRR_NONE
&& sent
&& (!s->hit
|| (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE)
!= 0)) {
&& (!s->hit
|| (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE)
!= 0)) {
@@
-1260,7
+1260,7
@@
static int final_key_share(SSL *s, unsigned int context, int sent)
if (i < num_groups) {
/* A shared group exists so send a HelloRetryRequest */
s->s3->group_id = group_id;
if (i < num_groups) {
/* A shared group exists so send a HelloRetryRequest */
s->s3->group_id = group_id;
- s->hello_retry_request =
1
;
+ s->hello_retry_request =
SSL_HRR_PENDING
;
return 1;
}
}
return 1;
}
}
@@
-1275,8
+1275,8
@@
static int final_key_share(SSL *s, unsigned int context, int sent)
}
/* We have a key_share so don't send any more HelloRetryRequest messages */
}
/* We have a key_share so don't send any more HelloRetryRequest messages */
- if (s->server)
- s->hello_retry_request =
0
;
+ if (s->server
&& s->hello_retry_request == SSL_HRR_PENDING
)
+ s->hello_retry_request =
SSL_HRR_COMPLETE
;
/*
* For a client side resumption with no key_share we need to generate
/*
* For a client side resumption with no key_share we need to generate
@@
-1405,7
+1405,7
@@
int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
* following a HelloRetryRequest then this includes the hash of the first
* ClientHello and the HelloRetryRequest itself.
*/
* following a HelloRetryRequest then this includes the hash of the first
* ClientHello and the HelloRetryRequest itself.
*/
- if (s->hello_retry_request) {
+ if (s->hello_retry_request
== SSL_HRR_PENDING
) {
size_t hdatalen;
void *hdata;
size_t hdatalen;
void *hdata;
@@
-1516,7
+1516,7
@@
static int final_early_data(SSL *s, unsigned int context, int sent)
|| s->session->ext.tick_identity != 0
|| s->early_data_state != SSL_EARLY_DATA_ACCEPTING
|| !s->ext.early_data_ok
|| s->session->ext.tick_identity != 0
|| s->early_data_state != SSL_EARLY_DATA_ACCEPTING
|| !s->ext.early_data_ok
- || s->hello_retry_request) {
+ || s->hello_retry_request
!= SSL_HRR_NONE
) {
s->ext.early_data = SSL_EARLY_DATA_REJECTED;
} else {
s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;
s->ext.early_data = SSL_EARLY_DATA_REJECTED;
} else {
s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;