From 7cd5924cec939cde5d906d387b8ec04e82b11e26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 2 Aug 2013 13:24:41 +0200 Subject: [PATCH] Rework NewSessionTicket handling in state machine Fixes bug: NewSessionTicket was ommited in resumed sessions. --- library/ssl_cli.c | 14 +++++++------- library/ssl_srv.c | 12 ++++++------ library/ssl_tls.c | 10 ---------- 3 files changed, 13 insertions(+), 23 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 9b643926d..40b9f23cc 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1967,10 +1967,11 @@ static int ssl_parse_new_session_ticket( ssl_context *ssl ) return( POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET ); } - ssl->state = SSL_SERVER_CHANGE_CIPHER_SPEC; - SSL_DEBUG_MSG( 3, ( "ticket length: %d", ticket_len ) ); + /* We're not waiting for a NewSessionTicket message any more */ + ssl->handshake->new_session_ticket = 0; + /* * Zero-length ticket means the server changed his mind and doesn't want * to send a ticket after all, so just forget it @@ -2094,12 +2095,11 @@ int ssl_handshake_client_step( ssl_context *ssl ) * ChangeCipherSpec * Finished */ - case SSL_SERVER_NEW_SESSION_TICKET: - ret = ssl_parse_new_session_ticket( ssl ); - break; - case SSL_SERVER_CHANGE_CIPHER_SPEC: - ret = ssl_parse_change_cipher_spec( ssl ); + if( ssl->handshake->new_session_ticket != 0 ) + ret = ssl_parse_new_session_ticket( ssl ); + else + ret = ssl_parse_change_cipher_spec( ssl ); break; case SSL_SERVER_FINISHED: diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 59c91c4b9..faa110ac1 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2358,7 +2358,8 @@ static int ssl_write_new_session_ticket( ssl_context *ssl ) return( ret ); } - ssl->state = SSL_SERVER_CHANGE_CIPHER_SPEC; + /* No need to remember writing a NewSessionTicket any more */ + ssl->handshake->new_session_ticket = 0; SSL_DEBUG_MSG( 2, ( "<= write new session ticket" ) ); @@ -2452,12 +2453,11 @@ int ssl_handshake_server_step( ssl_context *ssl ) * ChangeCipherSpec * Finished */ - case SSL_SERVER_NEW_SESSION_TICKET: - ret = ssl_write_new_session_ticket( ssl ); - break; - case SSL_SERVER_CHANGE_CIPHER_SPEC: - ret = ssl_write_change_cipher_spec( ssl ); + if( ssl->handshake->new_session_ticket != 0 ) + ret = ssl_write_new_session_ticket( ssl ); + else + ret = ssl_write_change_cipher_spec( ssl ); break; case SSL_SERVER_FINISHED: diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 27a503f13..7e8ff343c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2619,11 +2619,6 @@ int ssl_write_finished( ssl_context *ssl ) else ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC; } - else if( ssl->endpoint == SSL_IS_CLIENT && - ssl->handshake->new_session_ticket != 0 ) - { - ssl->state = SSL_SERVER_NEW_SESSION_TICKET; - } else ssl->state++; @@ -2736,11 +2731,6 @@ int ssl_parse_finished( ssl_context *ssl ) if( ssl->endpoint == SSL_IS_SERVER ) ssl->state = SSL_HANDSHAKE_WRAPUP; } - else if( ssl->endpoint == SSL_IS_SERVER && - ssl->handshake->new_session_ticket != 0 ) - { - ssl->state = SSL_SERVER_NEW_SESSION_TICKET; - } else ssl->state++;