diff options
| author | tb <> | 2020-09-07 08:04:29 +0000 |
|---|---|---|
| committer | tb <> | 2020-09-07 08:04:29 +0000 |
| commit | 77b88b2247bcb0c074683c42916b6580754b574b (patch) | |
| tree | 7d86d39a479543d40cc3a12dcf306e3f461f81fa | |
| parent | 385a0acb8b98c52710c935ff179ce287cc60d7ae (diff) | |
| download | openbsd-77b88b2247bcb0c074683c42916b6580754b574b.tar.gz openbsd-77b88b2247bcb0c074683c42916b6580754b574b.tar.bz2 openbsd-77b88b2247bcb0c074683c42916b6580754b574b.zip | |
Garbage collect renew_ticket in tls_decrypt_ticket
This is only set in one place and read in one place to set the badly
named tlsext_ticket_expected flag. It seems preferable to set this
flag directly, thus simplifying the logic. This slightly changes the
behavior in that this flag is now set earlier, but this seems preferable
anyway. Any error between the old and the new position where the flag
is set is either fatal (so the connection will be closed) or a decrypt
error (so the flag will be set).
discussed with jsing
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index dc6ffae418..2bc830b2ed 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.174 2020/09/01 12:40:53 tb Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.175 2020/09/07 08:04:29 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -870,7 +870,6 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess) | |||
| 870 | SSL_CTX *tctx = s->initial_ctx; | 870 | SSL_CTX *tctx = s->initial_ctx; |
| 871 | int slen, hlen; | 871 | int slen, hlen; |
| 872 | int alert_desc = SSL_AD_INTERNAL_ERROR; | 872 | int alert_desc = SSL_AD_INTERNAL_ERROR; |
| 873 | int renew_ticket = 0; | ||
| 874 | int ret = TLS1_TICKET_FATAL_ERROR; | 873 | int ret = TLS1_TICKET_FATAL_ERROR; |
| 875 | 874 | ||
| 876 | *psess = NULL; | 875 | *psess = NULL; |
| @@ -904,8 +903,10 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess) | |||
| 904 | goto err; | 903 | goto err; |
| 905 | if (rv == 0) | 904 | if (rv == 0) |
| 906 | goto derr; | 905 | goto derr; |
| 907 | if (rv == 2) | 906 | if (rv == 2) { |
| 908 | renew_ticket = 1; | 907 | /* Renew ticket. */ |
| 908 | s->internal->tlsext_ticket_expected = 1; | ||
| 909 | } | ||
| 909 | 910 | ||
| 910 | /* | 911 | /* |
| 911 | * Now that the cipher context is initialised, we can extract | 912 | * Now that the cipher context is initialised, we can extract |
| @@ -988,11 +989,7 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess) | |||
| 988 | *psess = sess; | 989 | *psess = sess; |
| 989 | sess = NULL; | 990 | sess = NULL; |
| 990 | 991 | ||
| 991 | if (renew_ticket) | ||
| 992 | s->internal->tlsext_ticket_expected = 1; | ||
| 993 | |||
| 994 | ret = TLS1_TICKET_DECRYPTED; | 992 | ret = TLS1_TICKET_DECRYPTED; |
| 995 | |||
| 996 | goto done; | 993 | goto done; |
| 997 | 994 | ||
| 998 | derr: | 995 | derr: |