Google Git
Sign in
flutter/third_party/openssl/808d1601612626b09eb4e8a098cd1edc5d105cfa^!/./ssl
commit
808d1601612626b09eb4e8a098cd1edc5d105cfa
[log]
author
Matt Caswell <matt@openssl.org>
Thu Sep 28 13:23:49 2017 +0100
committer
Matt Caswell <matt@openssl.org>
Wed Jan 24 18:02:36 2018 +0000
tree
5cc78edf0b8b1eb77d2028ada12b0395395b4ad3
parent
c7b8ff2502d8f3ee3eef20bdb4d25811f329e9ae [diff]
Fix interaction between SSL_stateless() and SSL_clear()

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4435)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 4e2dae0..1daa348 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -590,6 +590,7 @@
     OPENSSL_free(s->psksession_id);
     s->psksession_id = NULL;
     s->psksession_id_len = 0;
+    s->hello_retry_request = 0;
 
     s->error = 0;
     s->hit = 0;

diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index 29660d5..45cb9ab 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c

@@ -311,7 +311,11 @@
 
     st->in_handshake++;
     if (!SSL_in_init(s) || SSL_in_before(s)) {
-        if (!SSL_clear(s))
+        /*
+         * If we are stateless then we already called SSL_clear() - don't do
+         * it again and clear the STATELESS flag itself.
+         */
+        if ((s->s3->flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(s))
             return -1;
     }
 #ifndef OPENSSL_NO_SCTP