From 808d1601612626b09eb4e8a098cd1edc5d105cfa Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 28 Sep 2017 13:23:49 +0100 Subject: [PATCH] Fix interaction between SSL_stateless() and SSL_clear() Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/4435) --- ssl/ssl_lib.c | 1 + ssl/statem/statem.c | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 4e2dae0ee8..1daa348f9c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -590,6 +590,7 @@ int SSL_clear(SSL *s) OPENSSL_free(s->psksession_id); s->psksession_id = NULL; s->psksession_id_len = 0; + s->hello_retry_request = 0; s->error = 0; s->hit = 0; diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 29660d59c4..45cb9ab092 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -311,7 +311,11 @@ static int state_machine(SSL *s, int server) st->in_handshake++; if (!SSL_in_init(s) || SSL_in_before(s)) { - if (!SSL_clear(s)) + /* + * If we are stateless then we already called SSL_clear() - don't do + * it again and clear the STATELESS flag itself. + */ + if ((s->s3->flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(s)) return -1; } #ifndef OPENSSL_NO_SCTP -- 2.25.1