Enable the server to call SSL_write() without stopping the ability to call SSL_read_early() (d7f8783f) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

include/openssl/ssl.h

+2 −2

Original line number	Diff line number	Diff line
		@@ -900,8 +900,8 @@ typedef enum {
		TLS_ST_CW_KEY_UPDATE,
		TLS_ST_SR_KEY_UPDATE,
		TLS_ST_CR_KEY_UPDATE,
		TLS_ST_CW_EARLY_DATA,
		TLS_ST_CW_PENDING_EARLY_DATA_END
		TLS_ST_EARLY_DATA,
		TLS_ST_PENDING_EARLY_DATA_END
		} OSSL_HANDSHAKE_STATE;

		/*

ssl/statem/statem.c

+5 −3

Original line number	Diff line number	Diff line
		@@ -170,10 +170,12 @@ int ossl_statem_skip_early_data(SSL *s)

		void ossl_statem_check_finish_init(SSL *s, int send)
		{
		if ((send && s->statem.hand_state == TLS_ST_CW_PENDING_EARLY_DATA_END)
		\|\| (!send && s->statem.hand_state == TLS_ST_CW_EARLY_DATA))
		if (!s->server) {
		if ((send && s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END)
		\|\| (!send && s->statem.hand_state == TLS_ST_EARLY_DATA))
		ossl_statem_set_in_init(s, 1);
		}
		}

		void ossl_statem_set_hello_verify_done(SSL *s)
		{

ssl/statem/statem_clnt.c

+7 −7

Original line number	Diff line number	Diff line
		@@ -253,7 +253,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
		}
		break;

		case TLS_ST_CW_EARLY_DATA:
		case TLS_ST_EARLY_DATA:
		/*
		* We've not actually selected TLSv1.3 yet, but we have sent early
		* data. The only thing allowed now is a ServerHello or a
		@@ -436,13 +436,13 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)

		case TLS_ST_CR_FINISHED:
		if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY)
		st->hand_state = TLS_ST_CW_PENDING_EARLY_DATA_END;
		st->hand_state = TLS_ST_PENDING_EARLY_DATA_END;
		else
		st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT
		: TLS_ST_CW_FINISHED;
		return WRITE_TRAN_CONTINUE;

		case TLS_ST_CW_PENDING_EARLY_DATA_END:
		case TLS_ST_PENDING_EARLY_DATA_END:
		st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT
		: TLS_ST_CW_FINISHED;
		return WRITE_TRAN_CONTINUE;
		@@ -521,7 +521,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
		* We are assuming this is a TLSv1.3 connection, although we haven't
		* actually selected a version yet.
		*/
		st->hand_state = TLS_ST_CW_EARLY_DATA;
		st->hand_state = TLS_ST_EARLY_DATA;
		return WRITE_TRAN_CONTINUE;
		}
		/*
		@@ -530,7 +530,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
		*/
		return WRITE_TRAN_FINISHED;

		case TLS_ST_CW_EARLY_DATA:
		case TLS_ST_EARLY_DATA:
		return WRITE_TRAN_FINISHED;

		case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
		@@ -666,8 +666,8 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst)
		}
		break;

		case TLS_ST_CW_EARLY_DATA:
		case TLS_ST_CW_PENDING_EARLY_DATA_END:
		case TLS_ST_EARLY_DATA:
		case TLS_ST_PENDING_EARLY_DATA_END:
		case TLS_ST_OK:
		return tls_finish_handshake(s, wst, 1);
		}

ssl/statem/statem_srvr.c

+6 −1

Original line number	Diff line number	Diff line
		@@ -93,6 +93,7 @@ static int ossl_statem_server13_read_transition(SSL *s, int mt)
		}
		break;

		case TLS_ST_EARLY_DATA:
		case TLS_ST_SW_FINISHED:
		if (s->s3->tmp.cert_request) {
		if (mt == SSL3_MT_CERTIFICATE) {
		@@ -461,11 +462,14 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)

		case TLS_ST_SW_FINISHED:
		if (s->early_data_state == SSL_EARLY_DATA_ACCEPTING) {
		st->hand_state = TLS_ST_OK;
		st->hand_state = TLS_ST_EARLY_DATA;
		return WRITE_TRAN_CONTINUE;
		}
		return WRITE_TRAN_FINISHED;

		case TLS_ST_EARLY_DATA:
		return WRITE_TRAN_FINISHED;

		case TLS_ST_SR_FINISHED:
		/*
		* Technically we have finished the handshake at this point, but we're
		@@ -703,6 +707,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst)
		}
		return WORK_FINISHED_CONTINUE;

		case TLS_ST_EARLY_DATA:
		case TLS_ST_OK:
		return tls_finish_handshake(s, wst, 1);
		}