[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Fri Dec 4 20:28:41 UTC 2015
The branch master has been updated
via ad3819c29ed91ee31ebc806939e6104970694811 (commit)
from 1c86d8fd41458d35736ef5b04d7a76cbcf1a274c (commit)
- Log -----------------------------------------------------------------
commit ad3819c29ed91ee31ebc806939e6104970694811
Author: Matt Caswell <matt at openssl.org>
Date: Fri Dec 4 10:18:01 2015 +0000
Fix EAP FAST in the new state machine
The new state machine code missed an allowed transition when resuming a
session via EAP FAST. This commits adds the missing check for the
transition.
Reviewed-by: Andy Polyakov <appro at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_clnt.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 527101b..b49f498 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -283,6 +283,19 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
if (SSL_IS_DTLS(s) && mt == DTLS1_MT_HELLO_VERIFY_REQUEST) {
st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST;
return 1;
+ } else if (s->version >= TLS1_VERSION
+ && s->tls_session_secret_cb != NULL
+ && s->session->tlsext_tick != NULL
+ && mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+ /*
+ * Normally, we can tell if the server is resuming the session
+ * from the session ID. EAP-FAST (RFC 4851), however, relies on
+ * the next server message after the ServerHello to determine if
+ * the server is resuming.
+ */
+ s->hit = 1;
+ st->hand_state = TLS_ST_CR_CHANGE;
+ return 1;
} else if (!(s->s3->tmp.new_cipher->algorithm_auth
& (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
if (mt == SSL3_MT_CERTIFICATE) {
More information about the openssl-commits
mailing list