Google Git
Sign in
flutter / third_party / openssl / d4504fe5792b2dcf8ae6ef35634f1494e72d109b^! / . / ssl / statem / extensions_srvr.c
commitd4504fe5792b2dcf8ae6ef35634f1494e72d109b[log] [tgz]
authorMatt Caswell <matt@openssl.org>Fri Jul 14 14:50:48 2017 +0100
committerMatt Caswell <matt@openssl.org>Tue Jul 18 16:51:58 2017 +0100
tree7b51694b056efe6d8c86b92b6677b6eecf83372a
parent1e3f62a3823f7e3db9d403f724fd9d66f5b04cf8 [diff] [blame]
Fix early_data with an HRR

early_data is not allowed after an HRR. We failed to handle that
correctly.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3933)

diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 7f30ac7..9fe58a7 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c

@@ -678,6 +678,11 @@
         return 0;
     }
 
+    if (s->hello_retry_request) {
+        *al = SSL_AD_ILLEGAL_PARAMETER;
+        return 0;
+    }
+
     return 1;
 }