kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Fix server-side ClientHello state machine. 

- DTLS server code didn't account for the new ClientHello state. This looks
  like it only matters if a DTLS server uses select_certificate_cb and returns
  asynchronously.

- State A transitions immediately to B and is redundant. No code distinguishes
  A and B.

- The ssl_get_message call transitions to the second state (originally C). This
  makes the explicit transition to C a no-op. More of a problem,
  ssl_get_message may return asynchronously and remain in its second state if the
  handshake body had not completed yet. Fix this by splitting state C in two.
  Combined with the above change, this results in only the top few states getting
  reshuffled.

This fixes the server async tests.

Change-Id: I46703bcd205988b118217b6424ba4f88e731be5a
Reviewed-on: https://boringssl-review.googlesource.com/1412
Reviewed-by: Adam Langley <agl@google.com>
kris/onging/CECPQ3_patch15
David Benjamin 10 years ago
committed by Adam Langley
parent
dd1c246f7f
commit
95fcaa4f4b
2 changed files with 2 additions and 3 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -0
      ssl/d1_srvr.c
  2. +1
    -3
      ssl/s3_srvr.c

+ 1
- 0
ssl/d1_srvr.c View File

@@ -282,6 +282,7 @@ int dtls1_accept(SSL *s)
case SSL3_ST_SR_CLNT_HELLO_A:
case SSL3_ST_SR_CLNT_HELLO_B:
case SSL3_ST_SR_CLNT_HELLO_C:
case SSL3_ST_SR_CLNT_HELLO_D:

s->shutdown=0;
ret=ssl3_get_client_hello(s);


+ 1
- 3
ssl/s3_srvr.c View File

@@ -836,13 +836,11 @@ int ssl3_get_client_hello(SSL *s)
*/
switch (s->state) {
case SSL3_ST_SR_CLNT_HELLO_A:
s->state=SSL3_ST_SR_CLNT_HELLO_B;
/* fallthrough */
case SSL3_ST_SR_CLNT_HELLO_B:
s->first_packet=1;
n=s->method->ssl_get_message(s,
SSL3_ST_SR_CLNT_HELLO_A,
SSL3_ST_SR_CLNT_HELLO_B,
SSL3_ST_SR_CLNT_HELLO_C,
SSL3_MT_CLIENT_HELLO,
SSL3_RT_MAX_PLAIN_LENGTH,
&ok);


Write Preview
Loading…
Cancel
Save