From 5d23e1303c8e4f3c9371cb28366e51fda7a583a7 Mon Sep 17 00:00:00 2001 From: Emilia Kasper Date: Wed, 19 Nov 2014 16:28:11 +0100 Subject: [PATCH] Remove ssl3_check_finished. The client sends a session ID with the session ticket, and uses the returned ID to detect resumption, so we do not need to peek at handshake messages: s->hit tells us explicitly if we're resuming. An equivalent change was independently made in BoringSSL, see commit 407886f589cf2dbaed82db0a44173036c3bc3317. Reviewed-by: Matt Caswell (cherry picked from commit 980bc1ec6114f5511b20c2e6ca741e61a39b99d6) Conflicts: ssl/s3_clnt.c --- ssl/d1_clnt.c | 15 -------------- ssl/s3_clnt.c | 54 +------------------------------------------------- ssl/ssl_locl.h | 1 - 3 files changed, 1 insertion(+), 69 deletions(-) diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 5f25dfc340..171d144586 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -388,20 +388,6 @@ int dtls1_connect(SSL *s) case SSL3_ST_CR_CERT_A: case SSL3_ST_CR_CERT_B: -#ifndef OPENSSL_NO_TLSEXT - ret=ssl3_check_finished(s); - if (ret <= 0) goto end; - if (ret == 2) - { - s->hit = 1; - if (s->tlsext_ticket_expected) - s->state=SSL3_ST_CR_SESSION_TICKET_A; - else - s->state=SSL3_ST_CR_FINISHED_A; - s->init_num=0; - break; - } -#endif /* Check if it is anon DH or PSK */ if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) @@ -850,4 +836,3 @@ f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); return -1; } - diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 4cd7dc9c1b..c7827230d5 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -314,20 +314,6 @@ int ssl3_connect(SSL *s) break; case SSL3_ST_CR_CERT_A: case SSL3_ST_CR_CERT_B: -#ifndef OPENSSL_NO_TLSEXT - ret=ssl3_check_finished(s); - if (ret <= 0) goto end; - if (ret == 2) - { - s->hit = 1; - if (s->tlsext_ticket_expected) - s->state=SSL3_ST_CR_SESSION_TICKET_A; - else - s->state=SSL3_ST_CR_FINISHED_A; - s->init_num=0; - break; - } -#endif /* Check if it is anon DH/ECDH, SRP auth */ /* or PSK */ if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) && @@ -672,11 +658,7 @@ int ssl3_client_hello(SSL *s) SSL_SESSION *sess = s->session; if ((sess == NULL) || (sess->ssl_version != s->version) || -#ifdef OPENSSL_NO_TLSEXT !sess->session_id_length || -#else - (!sess->session_id_length && !sess->tlsext_tick) || -#endif (sess->not_resumable)) { if (!ssl_get_new_session(s,0)) @@ -3684,41 +3666,8 @@ int ssl3_send_next_proto(SSL *s) } return ssl3_do_write(s, SSL3_RT_HANDSHAKE); -} -#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ - -/* Check to see if handshake is full or resumed. Usually this is just a - * case of checking to see if a cache hit has occurred. In the case of - * session tickets we have to check the next message to be sure. - */ - -#ifndef OPENSSL_NO_TLSEXT -int ssl3_check_finished(SSL *s) - { - int ok; - long n; - - /* If we have no ticket it cannot be a resumed session. */ - if (!s->session->tlsext_tick) - return 1; - /* this function is called when we really expect a Certificate - * message, so permit appropriate message length */ - n=s->method->ssl_get_message(s, - SSL3_ST_CR_CERT_A, - SSL3_ST_CR_CERT_B, - -1, - s->max_cert_list, - &ok); - if (!ok) return((int)n); - s->s3->tmp.reuse_message = 1; - - if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) - || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET)) - return 2; - - return 1; } -#endif +#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) { @@ -3737,4 +3686,3 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) i = s->ctx->client_cert_cb(s,px509,ppkey); return i; } - diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 3973fafdc7..f779af6aa3 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1218,7 +1218,6 @@ int ssl3_get_key_exchange(SSL *s); int ssl3_get_server_certificate(SSL *s); int ssl3_check_cert_and_algorithm(SSL *s); #ifndef OPENSSL_NO_TLSEXT -int ssl3_check_finished(SSL *s); # ifndef OPENSSL_NO_NEXTPROTONEG int ssl3_send_next_proto(SSL *s); # endif -- 2.40.0