提交 0a5ece5b 编写于 作者: M Matt Caswell

Tighten sanity checks when calling early data functions

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
上级 fd6c1025
...@@ -2359,7 +2359,9 @@ int s_client_main(int argc, char **argv) ...@@ -2359,7 +2359,9 @@ int s_client_main(int argc, char **argv)
break; break;
} }
if (early_data_file != NULL) { if (early_data_file != NULL
&& SSL_get0_session(con) != NULL
&& SSL_SESSION_get_max_early_data(SSL_get0_session(con)) > 0) {
BIO *edfile = BIO_new_file(early_data_file, "r"); BIO *edfile = BIO_new_file(early_data_file, "r");
size_t readbytes, writtenbytes; size_t readbytes, writtenbytes;
int finish = 0; int finish = 0;
......
...@@ -1545,6 +1545,14 @@ int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes) ...@@ -1545,6 +1545,14 @@ int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
return 0; return 0;
} }
if (s->early_data_state != SSL_EARLY_DATA_NONE
&& s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING
&& s->early_data_state != SSL_EARLY_DATA_FINISHED_READING
&& s->early_data_state != SSL_EARLY_DATA_READING) {
SSLerr(SSL_F_SSL_READ_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
struct ssl_async_args args; struct ssl_async_args args;
int ret; int ret;
...@@ -1737,9 +1745,13 @@ int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written) ...@@ -1737,9 +1745,13 @@ int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written)
return -1; return -1;
} }
if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY if (s->early_data_state != SSL_EARLY_DATA_NONE
|| s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY) && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING
&& s->early_data_state != SSL_EARLY_DATA_FINISHED_READING
&& s->early_data_state != SSL_EARLY_DATA_WRITING) {
SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0; return 0;
}
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
int ret; int ret;
...@@ -1801,7 +1813,9 @@ int SSL_write_early(SSL *s, const void *buf, size_t num, size_t *written) ...@@ -1801,7 +1813,9 @@ int SSL_write_early(SSL *s, const void *buf, size_t num, size_t *written)
switch (s->early_data_state) { switch (s->early_data_state) {
case SSL_EARLY_DATA_NONE: case SSL_EARLY_DATA_NONE:
if (!SSL_in_before(s)) { if (!SSL_in_before(s)
|| s->session == NULL
|| s->session->ext.max_early_data == 0) {
SSLerr(SSL_F_SSL_WRITE_EARLY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); SSLerr(SSL_F_SSL_WRITE_EARLY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0; return 0;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册