Disallow handshake messages in the middle of early_data

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
author: Matt Caswell <matt@openssl.org> 2017-02-23 12:36:35 +0000
committer: Matt Caswell <matt@openssl.org> 2017-03-02 17:44:15 +0000
commit: 10109364bf0f07c393bd4283470f1bf57f31cecb (patch)
tree: e733fa38dcd12bfc5cabd0617fe02db0d4c977e7 /ssl/statem/statem_srvr.c
parent: c117af6765928f3fc61585b01f5d722162914d80 (diff)
download: openssl-10109364bf0f07c393bd4283470f1bf57f31cecb.zip
openssl-10109364bf0f07c393bd4283470f1bf57f31cecb.tar.gz
openssl-10109364bf0f07c393bd4283470f1bf57f31cecb.tar.bz2
1 files changed, 6 insertions, 0 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 0f68ddf..e6a84df 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -129,6 +129,12 @@ static int ossl_statem_server13_read_transition(SSL *s, int mt)
         break;
 
     case TLS_ST_OK:
+        /*
+         * Its never ok to start processing handshake messages in the middle of
+         * early data (i.e. before we've received the end of early data alert)
+         */
+        if (s->early_data_state == SSL_EARLY_DATA_READING)
+            break;
         if (mt == SSL3_MT_KEY_UPDATE) {
             st->hand_state = TLS_ST_SR_KEY_UPDATE;
             return 1;
author	Matt Caswell <matt@openssl.org>	2017-02-23 12:36:35 +0000
committer	Matt Caswell <matt@openssl.org>	2017-03-02 17:44:15 +0000
commit	10109364bf0f07c393bd4283470f1bf57f31cecb (patch)
tree	e733fa38dcd12bfc5cabd0617fe02db0d4c977e7 /ssl/statem/statem_srvr.c
parent	c117af6765928f3fc61585b01f5d722162914d80 (diff)
download	openssl-10109364bf0f07c393bd4283470f1bf57f31cecb.zip openssl-10109364bf0f07c393bd4283470f1bf57f31cecb.tar.gz openssl-10109364bf0f07c393bd4283470f1bf57f31cecb.tar.bz2