return ssl->statem.hand_state;
}
-int SSL_in_init(SSL *s)
+int SSL_in_init(const SSL *s)
{
return s->statem.in_init;
}
-int SSL_is_init_finished(SSL *s)
+int SSL_is_init_finished(const SSL *s)
{
return !(s->statem.in_init) && (s->statem.hand_state == TLS_ST_OK);
}
-int SSL_in_before(SSL *s)
+int SSL_in_before(const SSL *s)
{
/*
* Historically being "in before" meant before anything had happened. In the
void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
int line)
{
+ ERR_put_error(ERR_LIB_SSL, func, reason, file, line);
/* We shouldn't call SSLfatal() twice. Once is enough */
- assert(s->statem.state != MSG_FLOW_ERROR);
+ if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR)
+ return;
s->statem.in_init = 1;
s->statem.state = MSG_FLOW_ERROR;
- ERR_put_error(ERR_LIB_SSL, func, reason, file, line);
- if (al != SSL_AD_NO_ALERT && !s->statem.invalid_enc_write_ctx)
+ if (al != SSL_AD_NO_ALERT
+ && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID)
ssl3_send_alert(s, SSL3_AL_FATAL, al);
}
if (s->ext.early_data != SSL_EARLY_DATA_REJECTED)
return 0;
- if (!s->server || s->statem.hand_state != TLS_ST_EARLY_DATA)
+ if (!s->server
+ || s->statem.hand_state != TLS_ST_EARLY_DATA
+ || s->hello_retry_request == SSL_HRR_COMPLETE)
return 0;
return 1;
* Validate that we are allowed to move to the new state and move
* to that state if so
*/
- if (!transition(s, mt)) {
- check_fatal(s, SSL_F_READ_STATE_MACHINE);
+ if (!transition(s, mt))
return SUB_STATE_ERROR;
- }
if (s->s3->tmp.message_size > max_message_size(s)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_READ_STATE_MACHINE,