Fix interaction between SSL_stateless() and SSL_clear()

author Matt Caswell <matt@openssl.org>

Thu, 28 Sep 2017 12:23:49 +0000 (13:23 +0100)

committer Matt Caswell <matt@openssl.org>

Wed, 24 Jan 2018 18:02:36 +0000 (18:02 +0000)
author Matt Caswell <matt@openssl.org>
Thu, 28 Sep 2017 12:23:49 +0000 (13:23 +0100)
committer Matt Caswell <matt@openssl.org>
Wed, 24 Jan 2018 18:02:36 +0000 (18:02 +0000)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index 4e2dae0ee89b095669f8b5ef747284461a101022..1daa348f9ca341ecfa0fd7041865af882afde0d6 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -590,6 +590,7 @@ int SSL_clear(SSL *s)
      OPENSSL_free(s->psksession_id);
      s->psksession_id = NULL;
      s->psksession_id_len = 0;
+    s->hello_retry_request = 0;
  
      s->error = 0;
      s->hit = 0;
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c

index 29660d59c422d811576bd8d3f546158d09f81403..45cb9ab092e6d74de2ef4b93405341705fab4494 100644 (file)
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -311,7 +311,11 @@ static int state_machine(SSL *s, int server)
  
      st->in_handshake++;
      if (!SSL_in_init(s) || SSL_in_before(s)) {
-        if (!SSL_clear(s))
+        /*
+         * If we are stateless then we already called SSL_clear() - don't do
+         * it again and clear the STATELESS flag itself.
+         */
+        if ((s->s3->flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(s))
              return -1;
      }
  #ifndef OPENSSL_NO_SCTP
author	Matt Caswell <matt@openssl.org>
	Thu, 28 Sep 2017 12:23:49 +0000 (13:23 +0100)
committer	Matt Caswell <matt@openssl.org>
	Wed, 24 Jan 2018 18:02:36 +0000 (18:02 +0000)
ssl/ssl_lib.c		patch \| blob \| history
ssl/statem/statem.c		patch \| blob \| history