From 74c6f357665a56c34f1de58f6281d8afaaeb64a1 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 24 Sep 2014 13:10:01 -0700 Subject: [PATCH] new handShakeDone flag to allow app data during scr --- cyassl/internal.h | 1 + src/internal.c | 11 ++++++++--- src/sniffer.c | 1 + 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index 42679a83c..8db696371 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1693,6 +1693,7 @@ typedef struct Options { byte serverState; byte clientState; byte handShakeState; + byte handShakeDone; /* at least one handshake complete */ byte side; /* client or server end */ byte verifyPeer; byte verifyNone; diff --git a/src/internal.c b/src/internal.c index d84ed325c..0ce53c297 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1629,6 +1629,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ssl->options.connectState = CONNECT_BEGIN; ssl->options.acceptState = ACCEPT_BEGIN; ssl->options.handShakeState = NULL_STATE; + ssl->options.handShakeDone = 0; ssl->options.processReply = doProcessInit; #ifdef CYASSL_DTLS @@ -4424,6 +4425,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size, ssl->options.serverState = SERVER_FINISHED_COMPLETE; if (!ssl->options.resuming) { ssl->options.handShakeState = HANDSHAKE_DONE; + ssl->options.handShakeDone = 1; #ifdef CYASSL_DTLS if (ssl->options.dtls) { @@ -4438,6 +4440,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size, ssl->options.clientState = CLIENT_FINISHED_COMPLETE; if (ssl->options.resuming) { ssl->options.handShakeState = HANDSHAKE_DONE; + ssl->options.handShakeDone = 1; #ifdef CYASSL_DTLS if (ssl->options.dtls) { @@ -5760,8 +5763,8 @@ int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx) byte decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA]; #endif - if (ssl->options.handShakeState != HANDSHAKE_DONE) { - CYASSL_MSG("Received App data before handshake complete"); + if (ssl->options.handShakeDone == 0) { + CYASSL_MSG("Received App data before a handshake completed"); SendAlert(ssl, alert_fatal, unexpected_message); return OUT_OF_ORDER_E; } @@ -6773,6 +6776,7 @@ int SendFinished(CYASSL* ssl) } else { ssl->options.handShakeState = HANDSHAKE_DONE; + ssl->options.handShakeDone = 1; #ifdef CYASSL_DTLS if (ssl->options.dtls) { /* Other side will soon receive our Finished, go to next @@ -6786,6 +6790,7 @@ int SendFinished(CYASSL* ssl) else { if (ssl->options.side == CYASSL_CLIENT_END) { ssl->options.handShakeState = HANDSHAKE_DONE; + ssl->options.handShakeDone = 1; #ifdef CYASSL_DTLS if (ssl->options.dtls) { /* Other side will soon receive our Finished, go to next @@ -7210,7 +7215,7 @@ int SendAlert(CYASSL* ssl, int severity, int type) /* only send encrypted alert if handshake actually complete, otherwise other side may not be able to handle it */ - if (ssl->keys.encryptionOn && ssl->options.handShakeState == HANDSHAKE_DONE) + if (ssl->keys.encryptionOn && ssl->options.handShakeDone) sendSz = BuildMessage(ssl, output, outputSz, input, ALERT_SIZE, alert); else { diff --git a/src/sniffer.c b/src/sniffer.c index 20443438b..cb25936ad 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -2425,6 +2425,7 @@ doMessage: session->flags.clientCipherOn = 1; Trace(GOT_CHANGE_CIPHER_STR); ssl->options.handShakeState = HANDSHAKE_DONE; + ssl->options.handShakeDone = 1; break; case application_data: Trace(GOT_APP_DATA_STR);