diff options
author | Matt Caswell <matt@openssl.org> | 2017-01-10 23:02:28 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-01-30 10:17:00 +0000 |
commit | c7f47786a5e5f68dc33091ffb2a42e51a73de3a1 (patch) | |
tree | 6ca73f81c1017d62f50a09cd130fdb013df8b0f4 /ssl/statem/statem_dtls.c | |
parent | 0386aad1ab472a4059da85131cceca15aab5ebae (diff) | |
download | openssl-c7f47786a5e5f68dc33091ffb2a42e51a73de3a1.zip openssl-c7f47786a5e5f68dc33091ffb2a42e51a73de3a1.tar.gz openssl-c7f47786a5e5f68dc33091ffb2a42e51a73de3a1.tar.bz2 |
Move state machine knowledge out of the record layer
The record layer was making decisions that should really be left to the
state machine around unexpected handshake messages that are received after
the initial handshake (i.e. renegotiation related messages). This commit
removes that code from the record layer and updates the state machine
accordingly. This simplifies the state machine and paves the way for
handling other messages post-handshake such as the NewSessionTicket in
TLSv1.3.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
Diffstat (limited to 'ssl/statem/statem_dtls.c')
-rw-r--r-- | ssl/statem/statem_dtls.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index 1c1758b..1bc82d1 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -788,8 +788,9 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) return 0; } - if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && - wire[0] == SSL3_MT_HELLO_REQUEST) { + if (!s->server && s->d1->r_msg_hdr.frag_off == 0 + && s->statem.hand_state != TLS_ST_OK + && wire[0] == SSL3_MT_HELLO_REQUEST) { /* * The server may always send 'Hello Request' messages -- we are * doing a handshake anyway now, so ignore them if their format is |