Ensure the end of first server flight processing is done
[openssl.git] / ssl / statem / statem_lib.c
index 6d32666..a971c51 100644 (file)
@@ -326,7 +326,7 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
 
 MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
 {
-    int al;
+    int al = SSL_AD_INTERNAL_ERROR;
     size_t md_len;
 
     /* If this occurs, we have missed a message */
@@ -367,12 +367,14 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
         s->s3->previous_server_finished_len = md_len;
     }
 
-    /* In TLS1.3 we also have to change cipher state */
+    /*
+     * In TLS1.3 we also have to change cipher state and do any final processing
+     * of the initial server flight (if we are a client)
+     */
     if (SSL_IS_TLS13(s)) {
         if (s->server) {
             if (!s->method->ssl3_enc->change_cipher_state(s,
                     SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_READ)) {
-                al = SSL_AD_INTERNAL_ERROR;
                 SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_CANNOT_CHANGE_CIPHER);
                 goto f_err;
             }
@@ -380,16 +382,16 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
             if (!s->method->ssl3_enc->generate_master_secret(s,
                     s->session->master_key, s->handshake_secret, 0,
                     &s->session->master_key_length)) {
-                al = SSL_AD_INTERNAL_ERROR;
                 SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_CANNOT_CHANGE_CIPHER);
                 goto f_err;
             }
             if (!s->method->ssl3_enc->change_cipher_state(s,
                     SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_READ)) {
-                al = SSL_AD_INTERNAL_ERROR;
                 SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_CANNOT_CHANGE_CIPHER);
                 goto f_err;
             }
+            if (!tls_process_initial_server_flight(s, &al))
+                goto f_err;
         }
     }