commit 95fcaa4f4b737df12f88e08e2311367d513e0d0b
author David Benjamin <davidben@chromium.org> Tue Aug 05 13:10:14 2014 -0400
committer Adam Langley <agl@google.com> Tue Aug 05 18:07:13 2014 +0000
tree 383c9c4df2d96526c40035fb3f5525cff2590235
parent dd1c246f7f6c3d1c40a99e554df70e116e4dec6a

Fix server-side ClientHello state machine.

- DTLS server code didn't account for the new ClientHello state. This looks
  like it only matters if a DTLS server uses select_certificate_cb and returns
  asynchronously.

- State A transitions immediately to B and is redundant. No code distinguishes
  A and B.

- The ssl_get_message call transitions to the second state (originally C). This
  makes the explicit transition to C a no-op. More of a problem,
  ssl_get_message may return asynchronously and remain in its second state if the
  handshake body had not completed yet. Fix this by splitting state C in two.
  Combined with the above change, this results in only the top few states getting
  reshuffled.

This fixes the server async tests.

Change-Id: I46703bcd205988b118217b6424ba4f88e731be5a
Reviewed-on: https://boringssl-review.googlesource.com/1412
Reviewed-by: Adam Langley <agl@google.com>

ssl/s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index bc19733..97b04f8 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -836,13 +836,11 @@
 	 */
 	switch (s->state) {
 	case SSL3_ST_SR_CLNT_HELLO_A:
-		s->state=SSL3_ST_SR_CLNT_HELLO_B;
-		/* fallthrough */
 	case SSL3_ST_SR_CLNT_HELLO_B:
 		s->first_packet=1;
 		n=s->method->ssl_get_message(s,
+			SSL3_ST_SR_CLNT_HELLO_A,
 			SSL3_ST_SR_CLNT_HELLO_B,
-			SSL3_ST_SR_CLNT_HELLO_C,
 			SSL3_MT_CLIENT_HELLO,
 			SSL3_RT_MAX_PLAIN_LENGTH,
 			&ok);