Disallow handshake messages in the middle of early_data

author Matt Caswell <matt@openssl.org>

Thu, 23 Feb 2017 12:36:35 +0000 (12:36 +0000)

committer Matt Caswell <matt@openssl.org>

Thu, 2 Mar 2017 17:44:15 +0000 (17:44 +0000)
author Matt Caswell <matt@openssl.org>
Thu, 23 Feb 2017 12:36:35 +0000 (12:36 +0000)
committer Matt Caswell <matt@openssl.org>
Thu, 2 Mar 2017 17:44:15 +0000 (17:44 +0000)
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c

index 0f68ddf504b7218bb72998235c480a205a7053ad..e6a84dfa7b6f7c584f1e785531dc2ca19694d6e1 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -129,6 +129,12 @@ static int ossl_statem_server13_read_transition(SSL *s, int mt)
          break;
  
      case TLS_ST_OK:
+        /*
+         * Its never ok to start processing handshake messages in the middle of
+         * early data (i.e. before we've received the end of early data alert)
+         */
+        if (s->early_data_state == SSL_EARLY_DATA_READING)
+            break;
          if (mt == SSL3_MT_KEY_UPDATE) {
              st->hand_state = TLS_ST_SR_KEY_UPDATE;
              return 1;
author	Matt Caswell <matt@openssl.org>
	Thu, 23 Feb 2017 12:36:35 +0000 (12:36 +0000)
committer	Matt Caswell <matt@openssl.org>
	Thu, 2 Mar 2017 17:44:15 +0000 (17:44 +0000)