Disable session related stuff in SSL_ST_OK case of ssl3_accept if we

just sent a HelloRequest.
2001-09-21 07:01:25 +00:00 · 2001-09-21 07:01:25 +00:00 · b49124f6d9
commit b49124f6d9
parent 2260ad21fb
3 changed files with 22 additions and 20 deletions
--- a/6
+++ b/6
@ -30,11 +30,13 @@

  *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
     should end in 'break', not 'goto end' which circuments various
-     cleanups.
+     cleanups done in state SSL_ST_OK.   But session related stuff
+     must be disabled for SSL_ST_OK in the case that we just sent a
+     HelloRequest.

     Also avoid some overhead by not calling ssl_init_wbio_buffer()
     before just sending a HelloRequest.
-     [Bodo Moeller]
+     [Bodo Moeller, Eric Rescorla <ekr@rtfm.com>]

  *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
     reveal whether illegal block cipher padding was found or a MAC
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@ -170,6 +170,7 @@ int ssl3_accept(SSL *s)
 	long num1;
 	int ret= -1;
 	int new_state,state,skip=0;
+	int got_new_session=0;

 	RAND_add(&Time,sizeof(Time),0);
 	ERR_clear_error();
@ -282,6 +283,7 @@ int ssl3_accept(SSL *s)
 			s->shutdown=0;
 			ret=ssl3_get_client_hello(s);
 			if (ret <= 0) goto end;
+			got_new_session=1;
 			s->state=SSL3_ST_SW_SRVR_HELLO_A;
 			s->init_num=0;
 			break;
@ -522,19 +524,23 @@ int ssl3_accept(SSL *s)
 			/* remove buffering on output */
 			ssl_free_wbio_buffer(s);

-			if (s->new_session == 2)
-				s->new_session=0;
-			/* if s->new_session is still 1, we have only sent a HelloRequest */
 			s->init_num=0;

+			if (got_new_session) /* skipped if we just sent a HelloRequest */
+				{
+				/* actually not necessarily a 'new' session unless
+				 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
+				
+				s->new_session=0;
+				
 				ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
 				
 				s->ctx->stats.sess_accept_good++;
 				/* s->server=1; */
 				s->handshake_func=ssl3_accept;
-			ret=1;

 				if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+				}
 			
 			goto end;
 			/* break; */
@ -702,11 +708,6 @@ static int ssl3_get_client_hello(SSL *s)
 			}
 		}

-	if (s->new_session)
-		/* actually not necessarily a 'new' section unless
-		 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
-		s->new_session = 2;
-
 	p+=j;
 	n2s(p,i);
 	if ((i == 0) && (j != 0))
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@ -643,8 +643,7 @@ struct ssl_st

 	int server;	/* are we the server side? - mostly used by SSL_clear*/

-	int new_session;/* 1 if we are to use a new session,
-	                 * (sometimes 2 after a new session has in fact been assigned).
+	int new_session;/* 1 if we are to use a new session.
 	                 * NB: For servers, the 'new' session may actually be a previously
 	                 * cached session or even the previous session unless
 	                 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */