Fix NewSesssionTicket vs ChangeCipherSpec bug

Since we were cheating on state, ssl_read_record() wasn't able to drop out-of-sequence ChangeCipherSpec messages. Cheat a bit less.
2025-01-25 22:01:06 +00:00 · 2014-09-20 13:54:12 +02:00 · 2014-09-20 13:54:12 +02:00 · cd32a50d67
parent a6189f0fb0
commit cd32a50d67
1 changed files with 17 additions and 5 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -2686,6 +2686,7 @@ static int ssl_parse_new_session_ticket( ssl_context *ssl )
    /* We're not waiting for a NewSessionTicket message any more */
    ssl->handshake->new_session_ticket = 0;
    ssl->state = SSL_SERVER_CHANGE_CIPHER_SPEC;
    /*
     * Zero-length ticket means the server changed his mind and doesn't want
@ -2751,6 +2752,16 @@ int ssl_handshake_client_step( ssl_context *ssl )
    }
 #endif
    /* Change state now, so that it is right in ssl_read_record(), used
     * by DTLS for dropping out-of-sequence ChangeCipherSpec records */
 #if defined(POLARSSL_SSL_SESSION_TICKETS)
    if( ssl->state == SSL_SERVER_CHANGE_CIPHER_SPEC &&
        ssl->handshake->new_session_ticket != 0 )
    {
        ssl->state = SSL_SERVER_NEW_SESSION_TICKET;
    }
 #endif
    switch( ssl->state )
    {
        case SSL_HELLO_REQUEST:
@ -2823,13 +2834,14 @@ int ssl_handshake_client_step( ssl_context *ssl )
        *        ChangeCipherSpec
        *        Finished
        */
       case SSL_SERVER_CHANGE_CIPHER_SPEC:
 #if defined(POLARSSL_SSL_SESSION_TICKETS)
-           if( ssl->handshake->new_session_ticket != 0 )
+       case SSL_SERVER_NEW_SESSION_TICKET:
-               ret = ssl_parse_new_session_ticket( ssl );
+           ret = ssl_parse_new_session_ticket( ssl );
-           else
+           break;
 #endif
-               ret = ssl_parse_change_cipher_spec( ssl );
+
       case SSL_SERVER_CHANGE_CIPHER_SPEC:
           ret = ssl_parse_change_cipher_spec( ssl );
           break;
       case SSL_SERVER_FINISHED: