projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1c073b9)
Don't skip over early_data if we sent an HRR
authorMatt Caswell <matt@openssl.org>
Wed, 18 Jul 2018 10:16:28 +0000 (11:16 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 19 Jul 2018 11:46:43 +0000 (12:46 +0100)
It is not valid to send early_data after an HRR has been received.

Fixes #6734

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6737)

ssl/statem/statem.c patch | blob | history

diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index e8367696669648f6a0cd59134cecbaa61fb36407..cf6472c757866422c739e92a01cf5f61f7538646 100644 (file)
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -179,7 +179,9 @@ int ossl_statem_skip_early_data(SSL *s)
     if (s->ext.early_data != SSL_EARLY_DATA_REJECTED)
         return 0;
 
-    if (!s->server || s->statem.hand_state != TLS_ST_EARLY_DATA)
+    if (!s->server
+            || s->statem.hand_state != TLS_ST_EARLY_DATA
+            || s->hello_retry_request == SSL_HRR_COMPLETE)
         return 0;
 
     return 1;
Unnamed repository; edit this file 'description' to name the repository.