Don't skip over early_data if we sent an HRR

It is not valid to send early_data after an HRR has been received. Fixes #6734 Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6737)

Don't skip over early_data if we sent an HRR
It is not valid to send early_data after an HRR has been received. Fixes #6734 Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6737)
1c1e4160 · Matt Caswell · 1c073b95 · 1c1e4160
隐藏空白更改
内联并排

Showing with 3 addition and 1 deletion

ssl/statem/statem.c ssl/statem/statem.c +3 -1

未找到文件。
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -179,7 +179,9 @@ int ossl_statem_skip_early_data(SSL *s)
    if (s->ext.early_data != SSL_EARLY_DATA_REJECTED)
        return 0;

-    if (!s->server || s->statem.hand_state != TLS_ST_EARLY_DATA)
+    if (!s->server
+            || s->statem.hand_state != TLS_ST_EARLY_DATA
+            || s->hello_retry_request == SSL_HRR_COMPLETE)
        return 0;

    return 1;