Fix interaction between SSL_stateless() and SSL_clear()

Reviewed-by: N Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)

Fix interaction between SSL_stateless() and SSL_clear()
Reviewed-by: N Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
808d1601 · Matt Caswell · c7b8ff25 · 808d1601 · 808d1601
显示空白变更内容
内联并排

Showing with 6 addition and 1 deletion

ssl/ssl_lib.c ssl/ssl_lib.c +1 -0

ssl/statem/statem.c ssl/statem/statem.c +5 -1

未找到文件。
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -590,6 +590,7 @@ int SSL_clear(SSL *s)
    OPENSSL_free(s->psksession_id);
    s->psksession_id = NULL;
    s->psksession_id_len = 0;
+    s->hello_retry_request = 0;

    s->error = 0;
    s->hit = 0;

--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -311,7 +311,11 @@ static int state_machine(SSL *s, int server)

    st->in_handshake++;
    if (!SSL_in_init(s) || SSL_in_before(s)) {
-        if (!SSL_clear(s))
+        /*
+         * If we are stateless then we already called SSL_clear() - don't do
+         * it again and clear the STATELESS flag itself.
+         */
+        if ((s->s3->flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(s))
            return -1;
    }
 #ifndef OPENSSL_NO_SCTP