Fix NewSesssionTicket vs ChangeCipherSpec bug

Since we were cheating on state, ssl_read_record() wasn't able to drop out-of-sequence ChangeCipherSpec messages. Cheat a bit less.
2024-11-25 07:38:51 +00:00 · 2014-09-20 13:54:12 +02:00 · 2014-09-20 13:54:12 +02:00 · cd32a50d67
commit cd32a50d67
parent a6189f0fb0
1 changed files with 17 additions and 5 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -2686,6 +2686,7 @@ static int ssl_parse_new_session_ticket( ssl_context *ssl )

    /* We're not waiting for a NewSessionTicket message any more */
    ssl->handshake->new_session_ticket = 0;
+    ssl->state = SSL_SERVER_CHANGE_CIPHER_SPEC;

    /*
     * Zero-length ticket means the server changed his mind and doesn't want
@ -2751,6 +2752,16 @@ int ssl_handshake_client_step( ssl_context *ssl )
    }
 #endif

+    /* Change state now, so that it is right in ssl_read_record(), used
+     * by DTLS for dropping out-of-sequence ChangeCipherSpec records */
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+    if( ssl->state == SSL_SERVER_CHANGE_CIPHER_SPEC &&
+        ssl->handshake->new_session_ticket != 0 )
+    {
+        ssl->state = SSL_SERVER_NEW_SESSION_TICKET;
+    }
+#endif
+
    switch( ssl->state )
    {
        case SSL_HELLO_REQUEST:
@ -2823,13 +2834,14 @@ int ssl_handshake_client_step( ssl_context *ssl )
        *        ChangeCipherSpec
        *        Finished
        */
-       case SSL_SERVER_CHANGE_CIPHER_SPEC:
 #if defined(POLARSSL_SSL_SESSION_TICKETS)
-           if( ssl->handshake->new_session_ticket != 0 )
-               ret = ssl_parse_new_session_ticket( ssl );
-           else
+       case SSL_SERVER_NEW_SESSION_TICKET:
+           ret = ssl_parse_new_session_ticket( ssl );
+           break;
 #endif
-               ret = ssl_parse_change_cipher_spec( ssl );
+
+       case SSL_SERVER_CHANGE_CIPHER_SPEC:
+           ret = ssl_parse_change_cipher_spec( ssl );
           break;

       case SSL_SERVER_FINISHED: