Fix server-side ClientHello state machine.
- DTLS server code didn't account for the new ClientHello state. This looks
like it only matters if a DTLS server uses select_certificate_cb and returns
asynchronously.
- State A transitions immediately to B and is redundant. No code distinguishes
A and B.
- The ssl_get_message call transitions to the second state (originally C). This
makes the explicit transition to C a no-op. More of a problem,
ssl_get_message may return asynchronously and remain in its second state if the
handshake body had not completed yet. Fix this by splitting state C in two.
Combined with the above change, this results in only the top few states getting
reshuffled.
This fixes the server async tests.
Change-Id: I46703bcd205988b118217b6424ba4f88e731be5a
Reviewed-on: https://boringssl-review.googlesource.com/1412
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 4e4d92a..df691ab 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -282,6 +282,7 @@
case SSL3_ST_SR_CLNT_HELLO_A:
case SSL3_ST_SR_CLNT_HELLO_B:
case SSL3_ST_SR_CLNT_HELLO_C:
+ case SSL3_ST_SR_CLNT_HELLO_D:
s->shutdown=0;
ret=ssl3_get_client_hello(s);
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index bc19733..97b04f8 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -836,13 +836,11 @@
*/
switch (s->state) {
case SSL3_ST_SR_CLNT_HELLO_A:
- s->state=SSL3_ST_SR_CLNT_HELLO_B;
- /* fallthrough */
case SSL3_ST_SR_CLNT_HELLO_B:
s->first_packet=1;
n=s->method->ssl_get_message(s,
+ SSL3_ST_SR_CLNT_HELLO_A,
SSL3_ST_SR_CLNT_HELLO_B,
- SSL3_ST_SR_CLNT_HELLO_C,
SSL3_MT_CLIENT_HELLO,
SSL3_RT_MAX_PLAIN_LENGTH,
&ok);
