X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fstatem%2Fstatem.c;h=ac78d2dc24a0ee1b51d36a31ab296b4ef6adc7bd;hp=901a3f2c49763129b0ace32f3554dbe290385a6d;hb=0386aad1ab472a4059da85131cceca15aab5ebae;hpb=eda757514ea3018c8510b4738b5e37479aeadc5e diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 901a3f2c49..ac78d2dc24 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -107,6 +107,7 @@ void ossl_statem_set_renegotiate(SSL *s) { s->statem.state = MSG_FLOW_RENEGOTIATE; s->statem.in_init = 1; + s->statem.request_state = TLS_ST_SW_HELLO_REQ; } /* @@ -251,20 +252,6 @@ static int state_machine(SSL *s, int server) } #endif -#ifndef OPENSSL_NO_HEARTBEATS - /* - * If we're awaiting a HeartbeatResponse, pretend we already got and - * don't await it anymore, because Heartbeats don't make sense during - * handshakes anyway. - */ - if (s->tlsext_hb_pending) { - if (SSL_IS_DTLS(s)) - dtls1_stop_timer(s); - s->tlsext_hb_pending = 0; - s->tlsext_hb_seq++; - } -#endif - /* Initialise state machine */ if (st->state == MSG_FLOW_RENEGOTIATE) { @@ -273,9 +260,12 @@ static int state_machine(SSL *s, int server) s->ctx->stats.sess_connect_renegotiate++; } - if (st->state == MSG_FLOW_UNINITED || st->state == MSG_FLOW_RENEGOTIATE) { + if (st->state == MSG_FLOW_UNINITED + || st->state == MSG_FLOW_RENEGOTIATE + || st->state == MSG_FLOW_FINISHED) { if (st->state == MSG_FLOW_UNINITED) { st->hand_state = TLS_ST_BEFORE; + st->request_state = TLS_ST_BEFORE; } s->server = server; @@ -332,52 +322,57 @@ static int state_machine(SSL *s, int server) goto end; } - if (!server || st->state != MSG_FLOW_RENEGOTIATE) { - if (!ssl3_init_finished_mac(s)) { - ossl_statem_set_error(s); - goto end; + if (!SSL_IS_TLS13(s)) { + if (!server || st->state != MSG_FLOW_RENEGOTIATE) { + if (!ssl3_init_finished_mac(s)) { + ossl_statem_set_error(s); + goto end; + } } - } - if (server) { - if (st->state != MSG_FLOW_RENEGOTIATE) { - s->ctx->stats.sess_accept++; - } else if (!s->s3->send_connection_binding && - !(s->options & - SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { - /* - * Server attempting to renegotiate with client that doesn't - * support secure renegotiation. - */ - SSLerr(SSL_F_STATE_MACHINE, - SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - ossl_statem_set_error(s); - goto end; + if (server) { + if (st->state != MSG_FLOW_RENEGOTIATE) { + s->ctx->stats.sess_accept++; + } else if (!s->s3->send_connection_binding && + !(s->options & + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { + /* + * Server attempting to renegotiate with client that doesn't + * support secure renegotiation. + */ + SSLerr(SSL_F_STATE_MACHINE, + SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + ossl_statem_set_error(s); + goto end; + } else { + /* + * st->state == MSG_FLOW_RENEGOTIATE, we will just send a + * HelloRequest + */ + s->ctx->stats.sess_accept_renegotiate++; + + s->s3->tmp.cert_request = 0; + } } else { - /* - * st->state == MSG_FLOW_RENEGOTIATE, we will just send a - * HelloRequest - */ - s->ctx->stats.sess_accept_renegotiate++; - } - } else { - s->ctx->stats.sess_connect++; + s->ctx->stats.sess_connect++; - /* mark client_random uninitialized */ - memset(s->s3->client_random, 0, sizeof(s->s3->client_random)); - s->hit = 0; + /* mark client_random uninitialized */ + memset(s->s3->client_random, 0, sizeof(s->s3->client_random)); + s->hit = 0; - s->s3->tmp.cert_request = 0; + s->s3->tmp.cert_req = 0; - if (SSL_IS_DTLS(s)) { - st->use_timer = 1; + if (SSL_IS_DTLS(s)) { + st->use_timer = 1; + } } + + st->read_state_first_init = 1; } st->state = MSG_FLOW_WRITING; init_write_state_machine(s); - st->read_state_first_init = 1; } while (st->state != MSG_FLOW_FINISHED) { @@ -408,7 +403,6 @@ static int state_machine(SSL *s, int server) } } - st->state = MSG_FLOW_UNINITED; ret = 1; end: