diff options
| author | jsing <> | 2018-08-24 18:10:25 +0000 |
|---|---|---|
| committer | jsing <> | 2018-08-24 18:10:25 +0000 |
| commit | 84fe391fb9021a6be2b592ffb9543ccc421a80be (patch) | |
| tree | fabc473b718cb60026ab4e730baa46df5eaee4dc /src/lib/libssl/ssl_srvr.c | |
| parent | 32564ad6b169c4d391b5303bf7ed7e516be54aca (diff) | |
| download | openbsd-84fe391fb9021a6be2b592ffb9543ccc421a80be.tar.gz openbsd-84fe391fb9021a6be2b592ffb9543ccc421a80be.tar.bz2 openbsd-84fe391fb9021a6be2b592ffb9543ccc421a80be.zip | |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively
have two lots of code that parse a ClientHello and two lots of code that
parse TLS extensions. Partially simplify this by passing a CBS containing
the extension block through to the session handling functions, removing the
need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
Diffstat (limited to 'src/lib/libssl/ssl_srvr.c')
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index b9b2c58705..f06491e558 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.44 2018/08/24 17:44:22 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.45 2018/08/24 18:10:25 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -818,7 +818,6 @@ ssl3_get_client_hello(SSL *s) | |||
| 818 | unsigned long alg_k; | 818 | unsigned long alg_k; |
| 819 | const SSL_METHOD *method; | 819 | const SSL_METHOD *method; |
| 820 | uint16_t shared_version; | 820 | uint16_t shared_version; |
| 821 | unsigned char *end; | ||
| 822 | 821 | ||
| 823 | /* | 822 | /* |
| 824 | * We do this so that we will respond with our native type. | 823 | * We do this so that we will respond with our native type. |
| @@ -842,8 +841,6 @@ ssl3_get_client_hello(SSL *s) | |||
| 842 | if (n < 0) | 841 | if (n < 0) |
| 843 | goto err; | 842 | goto err; |
| 844 | 843 | ||
| 845 | end = (unsigned char *)s->internal->init_msg + n; | ||
| 846 | |||
| 847 | CBS_init(&cbs, s->internal->init_msg, n); | 844 | CBS_init(&cbs, s->internal->init_msg, n); |
| 848 | 845 | ||
| 849 | /* Parse client hello up until the extensions (if any). */ | 846 | /* Parse client hello up until the extensions (if any). */ |
| @@ -928,10 +925,12 @@ ssl3_get_client_hello(SSL *s) | |||
| 928 | if (!ssl_get_new_session(s, 1)) | 925 | if (!ssl_get_new_session(s, 1)) |
| 929 | goto err; | 926 | goto err; |
| 930 | } else { | 927 | } else { |
| 931 | /* XXX - pass CBS through instead... */ | 928 | CBS ext_block; |
| 932 | i = ssl_get_prev_session(s, | 929 | |
| 933 | (unsigned char *)CBS_data(&session_id), | 930 | CBS_dup(&cbs, &ext_block); |
| 934 | CBS_len(&session_id), end); | 931 | |
| 932 | i = ssl_get_prev_session(s, CBS_data(&session_id), | ||
| 933 | CBS_len(&session_id), &ext_block); | ||
| 935 | if (i == 1) { /* previous session */ | 934 | if (i == 1) { /* previous session */ |
| 936 | s->internal->hit = 1; | 935 | s->internal->hit = 1; |
| 937 | } else if (i == -1) | 936 | } else if (i == -1) |