Google Git
Sign in
flutter / third_party / openssl / 31fd10e60d12ae2e955de8651fa84aff016d719a^! / . / ssl
commit31fd10e60d12ae2e955de8651fa84aff016d719a[log] [tgz]
authorMatt Caswell <matt@openssl.org>Thu Oct 22 12:18:45 2015 +0100
committerMatt Caswell <matt@openssl.org>Fri Oct 30 08:39:47 2015 +0000
treed78fb23d8727df94c5013fc444edcbc68a3c0a3f
parent91eac8d567c2717ef7bfd7a5997f8e73057ce780 [diff]
Fix DTLSv1_listen following state machine changes

Adding the new state machine broke the DTLSv1_listen code because
calling SSL_in_before() was erroneously returning true after DTLSv1_listen
had successfully completed. This change ensures that SSL_in_before returns
false.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 087d6d2..a6f0632 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c

@@ -872,8 +872,11 @@
      */
     SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
 
-    /* Put us into the "init" state so that we don't get our state cleared */
-    ossl_statem_set_in_init(s, 1);
+    /*
+     * Tell the state machine that we've done the initial hello verify
+     * exchange
+     */
+    ossl_statem_set_hello_verify_done(s);
 
     if(BIO_dgram_get_peer(rbio, client) <= 0) {
         SSLerr(SSL_F_DTLS1_LISTEN, ERR_R_INTERNAL_ERROR);

diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index f681ab4..f228019 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c

@@ -187,6 +187,20 @@
     s->statem.in_init = init;
 }
 
+void ossl_statem_set_hello_verify_done(SSL *s)
+{
+    s->statem.state = MSG_FLOW_UNINITED;
+    s->statem.in_init = 1;
+    /*
+     * This will get reset (briefly) back to TLS_ST_BEFORE when we enter
+     * state_machine() because |state| is MSG_FLOW_UNINITED, but until then any
+     * calls to SSL_in_before() will return false. Also calls to
+     * SSL_state_string() and SSL_state_string_long() will return something
+     * sensible.
+     */
+    s->statem.hand_state = TLS_ST_SR_CLNT_HELLO;
+}
+
 int ossl_statem_connect(SSL *s) {
     return state_machine(s, 0);
 }

diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h
index 4c090dc..2dc603a 100644
--- a/ssl/statem/statem.h
+++ b/ssl/statem/statem.h

@@ -161,6 +161,7 @@
 void ossl_statem_set_error(SSL *s);
 int ossl_statem_in_error(const SSL *s);
 void ossl_statem_set_in_init(SSL *s, int init);
+void ossl_statem_set_hello_verify_done(SSL *s);
 __owur int ossl_statem_app_data_allowed(SSL *s);
 #ifndef OPENSSL_NO_SCTP
 void ossl_statem_set_sctp_read_sock(SSL *s, int read_sock);