Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
TLS_ST_CW_KEY_UPDATE,
TLS_ST_SR_KEY_UPDATE,
TLS_ST_CR_KEY_UPDATE,
TLS_ST_CW_KEY_UPDATE,
TLS_ST_SR_KEY_UPDATE,
TLS_ST_CR_KEY_UPDATE,
- TLS_ST_CW_EARLY_DATA,
- TLS_ST_CW_PENDING_EARLY_DATA_END
+ TLS_ST_EARLY_DATA,
+ TLS_ST_PENDING_EARLY_DATA_END
} OSSL_HANDSHAKE_STATE;
/*
} OSSL_HANDSHAKE_STATE;
/*
void ossl_statem_check_finish_init(SSL *s, int send)
{
void ossl_statem_check_finish_init(SSL *s, int send)
{
- if ((send && s->statem.hand_state == TLS_ST_CW_PENDING_EARLY_DATA_END)
- || (!send && s->statem.hand_state == TLS_ST_CW_EARLY_DATA))
- ossl_statem_set_in_init(s, 1);
+ if (!s->server) {
+ if ((send && s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END)
+ || (!send && s->statem.hand_state == TLS_ST_EARLY_DATA))
+ ossl_statem_set_in_init(s, 1);
+ }
}
void ossl_statem_set_hello_verify_done(SSL *s)
}
void ossl_statem_set_hello_verify_done(SSL *s)
- case TLS_ST_CW_EARLY_DATA:
+ case TLS_ST_EARLY_DATA:
/*
* We've not actually selected TLSv1.3 yet, but we have sent early
* data. The only thing allowed now is a ServerHello or a
/*
* We've not actually selected TLSv1.3 yet, but we have sent early
* data. The only thing allowed now is a ServerHello or a
case TLS_ST_CR_FINISHED:
if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY)
case TLS_ST_CR_FINISHED:
if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY)
- st->hand_state = TLS_ST_CW_PENDING_EARLY_DATA_END;
+ st->hand_state = TLS_ST_PENDING_EARLY_DATA_END;
else
st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT
: TLS_ST_CW_FINISHED;
return WRITE_TRAN_CONTINUE;
else
st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT
: TLS_ST_CW_FINISHED;
return WRITE_TRAN_CONTINUE;
- case TLS_ST_CW_PENDING_EARLY_DATA_END:
+ case TLS_ST_PENDING_EARLY_DATA_END:
st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT
: TLS_ST_CW_FINISHED;
return WRITE_TRAN_CONTINUE;
st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT
: TLS_ST_CW_FINISHED;
return WRITE_TRAN_CONTINUE;
* We are assuming this is a TLSv1.3 connection, although we haven't
* actually selected a version yet.
*/
* We are assuming this is a TLSv1.3 connection, although we haven't
* actually selected a version yet.
*/
- st->hand_state = TLS_ST_CW_EARLY_DATA;
+ st->hand_state = TLS_ST_EARLY_DATA;
return WRITE_TRAN_CONTINUE;
}
/*
return WRITE_TRAN_CONTINUE;
}
/*
*/
return WRITE_TRAN_FINISHED;
*/
return WRITE_TRAN_FINISHED;
- case TLS_ST_CW_EARLY_DATA:
+ case TLS_ST_EARLY_DATA:
return WRITE_TRAN_FINISHED;
case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
return WRITE_TRAN_FINISHED;
case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
- case TLS_ST_CW_EARLY_DATA:
- case TLS_ST_CW_PENDING_EARLY_DATA_END:
+ case TLS_ST_EARLY_DATA:
+ case TLS_ST_PENDING_EARLY_DATA_END:
case TLS_ST_OK:
return tls_finish_handshake(s, wst, 1);
}
case TLS_ST_OK:
return tls_finish_handshake(s, wst, 1);
}
+ case TLS_ST_EARLY_DATA:
case TLS_ST_SW_FINISHED:
if (s->s3->tmp.cert_request) {
if (mt == SSL3_MT_CERTIFICATE) {
case TLS_ST_SW_FINISHED:
if (s->s3->tmp.cert_request) {
if (mt == SSL3_MT_CERTIFICATE) {
case TLS_ST_SW_FINISHED:
if (s->early_data_state == SSL_EARLY_DATA_ACCEPTING) {
case TLS_ST_SW_FINISHED:
if (s->early_data_state == SSL_EARLY_DATA_ACCEPTING) {
- st->hand_state = TLS_ST_OK;
+ st->hand_state = TLS_ST_EARLY_DATA;
return WRITE_TRAN_CONTINUE;
}
return WRITE_TRAN_FINISHED;
return WRITE_TRAN_CONTINUE;
}
return WRITE_TRAN_FINISHED;
+ case TLS_ST_EARLY_DATA:
+ return WRITE_TRAN_FINISHED;
+
case TLS_ST_SR_FINISHED:
/*
* Technically we have finished the handshake at this point, but we're
case TLS_ST_SR_FINISHED:
/*
* Technically we have finished the handshake at this point, but we're
}
return WORK_FINISHED_CONTINUE;
}
return WORK_FINISHED_CONTINUE;
+ case TLS_ST_EARLY_DATA:
case TLS_ST_OK:
return tls_finish_handshake(s, wst, 1);
}
case TLS_ST_OK:
return tls_finish_handshake(s, wst, 1);
}
projects / openssl.git / commitdiff