kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fill in ssl->session->cipher when resumption is resolved.

Browse Source 
Doing it at ChangeCipherSpec makes it be set twice and, more
importantly, causes us to touch SSL_SESSION objects on resumption. (With
a no-op change, but this still isn't a good idea.)

This should actually let us get rid of ssl->s3->tmp.new_cipher but some
of external code accesses that field directly.

Change-Id: Ia6b7e0964c1b430f963ad0b1a5417b339b7b19d3
Reviewed-on: https://boringssl-review.googlesource.com/6833
Reviewed-by: Adam Langley <alangley@gmail.com>
This commit is contained in:
David Benjamin 2015-12-25 15:40:14 -05:00 committed by Adam Langley
parent 4119d42e7c
commit 0623bceb25
5 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ssl/d1_clnt.c
View File

@ -368,7 +368,6 @@ int dtls1_connect(SSL *ssl) {
ssl->state = SSL3_ST_CW_FINISHED_A;
ssl->init_num = 0;
ssl->session->cipher = ssl->s3->tmp.new_cipher;
if (!ssl->enc_method->setup_key_block(ssl) ||
!ssl->enc_method->change_cipher_state(
ssl, SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {

1
ssl/d1_srvr.c
View File

@ -393,7 +393,6 @@ int dtls1_accept(SSL *ssl) {
case SSL3_ST_SW_CHANGE_A:
case SSL3_ST_SW_CHANGE_B:
ssl->session->cipher = ssl->s3->tmp.new_cipher;
if (!ssl->enc_method->setup_key_block(ssl)) {
ret = -1;
goto end;

3
ssl/s3_clnt.c
View File

@ -388,7 +388,6 @@ int ssl3_connect(SSL *ssl) {
}
ssl->init_num = 0;
ssl->session->cipher = ssl->s3->tmp.new_cipher;
if (!ssl->enc_method->setup_key_block(ssl) ||
!ssl->enc_method->change_cipher_state(
ssl, SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
@ -867,6 +866,8 @@ int ssl3_get_server_hello(SSL *ssl) {
OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_VERSION_NOT_RETURNED);
goto f_err;
}
} else {
ssl->session->cipher = c;
}
ssl->s3->tmp.new_cipher = c;

1
ssl/s3_pkt.c
View File

@ -653,7 +653,6 @@ int ssl3_do_change_cipher_spec(SSL *ssl) {
return 0;
}
ssl->session->cipher = ssl->s3->tmp.new_cipher;
if (!ssl->enc_method->setup_key_block(ssl)) {
return 0;
}

2
ssl/s3_srvr.c
View File

@ -502,7 +502,6 @@ int ssl3_accept(SSL *ssl) {
case SSL3_ST_SW_CHANGE_A:
case SSL3_ST_SW_CHANGE_B:
ssl->session->cipher = ssl->s3->tmp.new_cipher;
if (!ssl->enc_method->setup_key_block(ssl)) {
ret = -1;
goto end;
@ -1059,6 +1058,7 @@ int ssl3_get_client_hello(SSL *ssl) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_CIPHER);
goto f_err;
}
ssl->session->cipher = c;
ssl->s3->tmp.new_cipher = c;
/* Determine whether to request a client certificate. */