generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Disable session related stuff in SSL_ST_OK case of ssl3_accept if we

Browse Source 
just sent a HelloRequest.
This commit is contained in:
Bodo Möller 2001-09-21 07:01:25 +00:00
parent 2260ad21fb
commit b49124f6d9
3 changed files with 22 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@ -30,11 +30,13 @@
*) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
should end in 'break', not 'goto end' which circuments various should end in 'break', not 'goto end' which circuments various
cleanups. cleanups done in state SSL_ST_OK. But session related stuff
must be disabled for SSL_ST_OK in the case that we just sent a
HelloRequest.
Also avoid some overhead by not calling ssl_init_wbio_buffer() Also avoid some overhead by not calling ssl_init_wbio_buffer()
before just sending a HelloRequest. before just sending a HelloRequest.
[Bodo Moeller] [Bodo Moeller, Eric Rescorla <ekr@rtfm.com>]
*) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC reveal whether illegal block cipher padding was found or a MAC

29
ssl/s3_srvr.c
View File

@ -170,6 +170,7 @@ int ssl3_accept(SSL *s)
long num1; long num1;
int ret= -1; int ret= -1;
int new_state,state,skip=0; int new_state,state,skip=0;
int got_new_session=0;
RAND_add(&Time,sizeof(Time),0); RAND_add(&Time,sizeof(Time),0);
ERR_clear_error(); ERR_clear_error();
@ -282,6 +283,7 @@ int ssl3_accept(SSL *s)
s->shutdown=0; s->shutdown=0;
ret=ssl3_get_client_hello(s); ret=ssl3_get_client_hello(s);
if (ret <= 0) goto end; if (ret <= 0) goto end;
got_new_session=1;
s->state=SSL3_ST_SW_SRVR_HELLO_A; s->state=SSL3_ST_SW_SRVR_HELLO_A;
s->init_num=0; s->init_num=0;
break; break;
@ -522,19 +524,23 @@ int ssl3_accept(SSL *s)
/* remove buffering on output */ /* remove buffering on output */
ssl_free_wbio_buffer(s); ssl_free_wbio_buffer(s);
if (s->new_session == 2)
s->new_session=0;
/* if s->new_session is still 1, we have only sent a HelloRequest */
s->init_num=0; s->init_num=0;
ssl_update_cache(s,SSL_SESS_CACHE_SERVER); if (got_new_session) /* skipped if we just sent a HelloRequest */
{
/* actually not necessarily a 'new' session unless
* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
s->ctx->stats.sess_accept_good++; s->new_session=0;
/* s->server=1; */
s->handshake_func=ssl3_accept;
ret=1;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
s->ctx->stats.sess_accept_good++;
/* s->server=1; */
s->handshake_func=ssl3_accept;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
}
goto end; goto end;
/* break; */ /* break; */
@ -702,11 +708,6 @@ static int ssl3_get_client_hello(SSL *s)
} }
} }
if (s->new_session)
/* actually not necessarily a 'new' section unless
* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
s->new_session = 2;
p+=j; p+=j;
n2s(p,i); n2s(p,i);
if ((i == 0) && (j != 0)) if ((i == 0) && (j != 0))

3
ssl/ssl.h
View File

@ -643,8 +643,7 @@ struct ssl_st
int server; /* are we the server side? - mostly used by SSL_clear*/ int server; /* are we the server side? - mostly used by SSL_clear*/
int new_session;/* 1 if we are to use a new session, int new_session;/* 1 if we are to use a new session.
* (sometimes 2 after a new session has in fact been assigned).
* NB: For servers, the 'new' session may actually be a previously * NB: For servers, the 'new' session may actually be a previously
* cached session or even the previous session unless * cached session or even the previous session unless
* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */