From e6575156204dfd50a63f6afbe98f6714d0799764 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 6 Nov 2015 09:47:18 +0000 Subject: [PATCH] Don't finish the handshake twice We finish the handshake when we move into the TLS_ST_OK state. At various points we were also unnecessarily finishing it when we were reading/writing the Finished message. It's much simpler just to do it in TLS_ST_OK, so remove the other calls. Reviewed-by: Viktor Dukhovni --- ssl/statem/statem_clnt.c | 8 -------- ssl/statem/statem_lib.c | 2 +- ssl/statem/statem_srvr.c | 6 ------ 3 files changed, 1 insertion(+), 15 deletions(-) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index c9d760f00e..4684098250 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -622,9 +622,6 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) #endif if (statem_flush(s) != 1) return WORK_MORE_B; - - if (s->hit && tls_finish_handshake(s, WORK_MORE_A) != 1) - return WORK_ERROR; break; default: @@ -801,11 +798,6 @@ WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst) return WORK_FINISHED_STOP; #endif - case TLS_ST_CR_FINISHED: - if (!s->hit) - return tls_finish_handshake(s, wst); - else - return WORK_FINISHED_STOP; default: break; } diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 2c100dc817..b0df7d2636 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -331,7 +331,7 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) s->s3->previous_server_finished_len = i; } - return MSG_PROCESS_CONTINUE_PROCESSING; + return MSG_PROCESS_FINISHED_READING; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); ossl_statem_set_error(s); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 6f51d5dc76..0689da0d3e 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -876,12 +876,6 @@ WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst) #endif return WORK_FINISHED_CONTINUE; - - case TLS_ST_SR_FINISHED: - if (s->hit) - return tls_finish_handshake(s, wst); - else - return WORK_FINISHED_STOP; default: break; }