提交 39ef7821 编写于 作者: M Matt Caswell

Fix bug with SSL_read_early_data()

If read_ahead is set, or SSL_MODE_AUTO_RETRY is used then if
SSL_read_early_data() hits an EndOfEarlyData message then it will
immediately retry automatically, but this time read normal data instead
of early data!

Fixes #3041
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3077)
上级 3fd5ece3
...@@ -1496,6 +1496,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, ...@@ -1496,6 +1496,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
*/ */
if ((s->rlayer.handshake_fragment_len >= 4) if ((s->rlayer.handshake_fragment_len >= 4)
&& !ossl_statem_get_in_handshake(s)) { && !ossl_statem_get_in_handshake(s)) {
int ined = (s->early_data_state == SSL_EARLY_DATA_READING);
/* We found handshake data, so we're going back into init */ /* We found handshake data, so we're going back into init */
ossl_statem_set_in_init(s, 1); ossl_statem_set_in_init(s, 1);
...@@ -1507,6 +1509,14 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, ...@@ -1507,6 +1509,14 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
return -1; return -1;
} }
/*
* If we were actually trying to read early data and we found a
* handshake message, then we don't want to continue to try and read
* the application data any more. It won't be "early" now.
*/
if (ined)
return -1;
if (!(s->mode & SSL_MODE_AUTO_RETRY)) { if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
if (SSL3_BUFFER_get_left(rbuf) == 0) { if (SSL3_BUFFER_get_left(rbuf) == 0) {
/* no read-ahead left? */ /* no read-ahead left? */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册