diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index f3afd1b6..668508c4 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -348,7 +348,6 @@ struct ssl_method_st int (*ssl_pending)(const SSL *s); int (*num_ciphers)(void); const SSL_CIPHER *(*get_cipher)(unsigned ncipher); - const struct ssl_method_st *(*get_ssl_method)(int version); struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ int (*ssl_version)(void); long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); @@ -2074,7 +2073,6 @@ OPENSSL_EXPORT int SSL_shutdown(SSL *s); OPENSSL_EXPORT const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); OPENSSL_EXPORT const SSL_METHOD *SSL_get_ssl_method(SSL *s); -OPENSSL_EXPORT int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); OPENSSL_EXPORT const char *SSL_alert_type_string_long(int value); OPENSSL_EXPORT const char *SSL_alert_type_string(int value); OPENSSL_EXPORT const char *SSL_alert_desc_string_long(int value); diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 3af756b9..60bb12ad 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -125,38 +125,24 @@ #include "ssl_locl.h" -static const SSL_METHOD *dtls1_get_client_method(int ver); static int dtls1_get_hello_verify(SSL *s); -static const SSL_METHOD *dtls1_get_client_method(int ver) - { - if (ver == DTLS1_VERSION) - return(DTLSv1_client_method()); - else if (ver == DTLS1_2_VERSION) - return(DTLSv1_2_client_method()); - else - return(NULL); - } - IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, DTLSv1_client_method, ssl_undefined_function, dtls1_connect, - dtls1_get_client_method, DTLSv1_enc_data) IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, DTLSv1_2_client_method, ssl_undefined_function, dtls1_connect, - dtls1_get_client_method, DTLSv1_2_enc_data) IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, DTLS_client_method, ssl_undefined_function, dtls1_connect, - dtls1_get_client_method, DTLSv1_2_enc_data) int dtls1_connect(SSL *s) diff --git a/ssl/d1_meth.c b/ssl/d1_meth.c index 47e2d5c3..172a7458 100644 --- a/ssl/d1_meth.c +++ b/ssl/d1_meth.c @@ -55,41 +55,23 @@ * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). */ -#include - -#include - #include "ssl_locl.h" -static const SSL_METHOD *dtls1_get_method(int ver); -static const SSL_METHOD *dtls1_get_method(int ver) - { - if (ver == DTLS1_VERSION) - return(DTLSv1_method()); - else if (ver == DTLS1_2_VERSION) - return(DTLSv1_2_method()); - else - return(NULL); - } - IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, DTLSv1_method, dtls1_accept, dtls1_connect, - dtls1_get_method, DTLSv1_enc_data) IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, DTLSv1_2_method, dtls1_accept, dtls1_connect, - dtls1_get_method, DTLSv1_2_enc_data) IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, DTLS_method, dtls1_accept, dtls1_connect, - dtls1_get_method, DTLSv1_2_enc_data) diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 0bb99b6c..6d6c46e2 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -125,38 +125,24 @@ #include "ssl_locl.h" -static const SSL_METHOD *dtls1_get_server_method(int ver); static int dtls1_send_hello_verify_request(SSL *s); -static const SSL_METHOD *dtls1_get_server_method(int ver) - { - if (ver == DTLS1_VERSION) - return(DTLSv1_server_method()); - else if (ver == DTLS1_2_VERSION) - return(DTLSv1_2_server_method()); - else - return(NULL); - } - IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, DTLSv1_server_method, dtls1_accept, ssl_undefined_function, - dtls1_get_server_method, DTLSv1_enc_data) IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, DTLSv1_2_server_method, dtls1_accept, ssl_undefined_function, - dtls1_get_server_method, DTLSv1_2_enc_data) IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, DTLS_server_method, dtls1_accept, ssl_undefined_function, - dtls1_get_server_method, DTLSv1_2_enc_data) int dtls1_accept(SSL *s) diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index a65b216b..7ca3a7ed 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -116,24 +116,12 @@ #include "ssl_locl.h" -static const SSL_METHOD *ssl23_get_client_method(int ver); static int ssl23_client_hello(SSL *s); static int ssl23_get_server_hello(SSL *s); -static const SSL_METHOD *ssl23_get_client_method(int ver) - { - /* When SSL_set_session is called, do NOT switch to the version-specific - * method table. The server may still negotiate a different version when - * rejecting the session. - * - * TODO(davidben): Clean this up. This duplicates logic from the - * version-specific tables. https://crbug.com/403378 */ - return SSLv23_client_method(); - } IMPLEMENT_ssl23_meth_func(SSLv23_client_method, ssl_undefined_function, - ssl23_connect, - ssl23_get_client_method) + ssl23_connect) int ssl23_connect(SSL *s) { @@ -299,16 +287,14 @@ static int ssl23_client_hello(SSL *s) buf=(unsigned char *)s->init_buf->data; if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { - /* Check if the session is resumable. If not, drop it. */ - if (s->session != NULL) - { - if (s->session->ssl_version > version || + /* If the configured session was created at a version + * higher than our maximum version, drop it. */ + if (s->session && + (s->session->ssl_version > version || s->session->session_id_length == 0 || - s->session->not_resumable) - { - SSL_SESSION_free(s->session); - s->session = NULL; - } + s->session->not_resumable)) + { + SSL_set_session(s, NULL); } p=s->s3->client_random; diff --git a/ssl/s23_meth.c b/ssl/s23_meth.c index f3af9598..8f365997 100644 --- a/ssl/s23_meth.c +++ b/ssl/s23_meth.c @@ -55,30 +55,9 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include - -#include - #include "ssl_locl.h" -static const SSL_METHOD *ssl23_get_method(int ver); -static const SSL_METHOD *ssl23_get_method(int ver) - { - if (ver == SSL3_VERSION) - return(SSLv3_method()); - else - if (ver == TLS1_VERSION) - return(TLSv1_method()); - else if (ver == TLS1_1_VERSION) - return(TLSv1_1_method()); - else if (ver == TLS1_2_VERSION) - return(TLSv1_2_method()); - else - return(NULL); - } - IMPLEMENT_ssl23_meth_func(SSLv23_method, ssl23_accept, - ssl23_connect, - ssl23_get_method) + ssl23_connect) diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index b4290bbe..7cf83c9b 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -118,7 +118,6 @@ #include "ssl_locl.h" -static const SSL_METHOD *ssl23_get_server_method(int ver); static int ssl23_get_client_hello(SSL *s); static int ssl23_get_v2_client_hello(SSL *s); @@ -138,8 +137,7 @@ static const SSL_METHOD *ssl23_get_server_method(int ver) IMPLEMENT_ssl23_meth_func(SSLv23_server_method, ssl23_accept, - ssl_undefined_function, - ssl23_get_server_method) + ssl_undefined_function) int ssl23_accept(SSL *s) { diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 700d0cb7..66f32d54 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -165,45 +165,24 @@ #include "ssl_locl.h" #include "../crypto/dh/internal.h" -static const SSL_METHOD *ssl3_get_client_method(int ver) - { - switch (ver) - { - case TLS1_2_VERSION: - return TLSv1_2_client_method(); - case TLS1_1_VERSION: - return TLSv1_1_client_method(); - case TLS1_VERSION: - return TLSv1_client_method(); - case SSL3_VERSION: - return SSLv3_client_method(); - default: - return NULL; - } - } - IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_client_method, ssl_undefined_function, ssl3_connect, - ssl3_get_client_method, TLSv1_2_enc_data) IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_client_method, ssl_undefined_function, ssl3_connect, - ssl3_get_client_method, TLSv1_1_enc_data) IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_client_method, ssl_undefined_function, ssl3_connect, - ssl3_get_client_method, TLSv1_enc_data) IMPLEMENT_tls_meth_func(SSL3_VERSION, SSLv3_client_method, ssl_undefined_function, ssl3_connect, - ssl3_get_client_method, SSLv3_enc_data) int ssl3_connect(SSL *s) diff --git a/ssl/s3_meth.c b/ssl/s3_meth.c index e730d472..49bbc647 100644 --- a/ssl/s3_meth.c +++ b/ssl/s3_meth.c @@ -55,50 +55,25 @@ * [including the GNU Public Licence.] */ -#include - -#include - #include "ssl_locl.h" -static const SSL_METHOD *ssl3_get_method(int ver) - { - switch (ver) - { - case TLS1_2_VERSION: - return TLSv1_2_method(); - case TLS1_1_VERSION: - return TLSv1_1_method(); - case TLS1_VERSION: - return TLSv1_method(); - case SSL3_VERSION: - return SSLv3_method(); - default: - return NULL; - } - } - IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_method, ssl3_accept, ssl3_connect, - ssl3_get_method, TLSv1_2_enc_data) IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_method, ssl3_accept, ssl3_connect, - ssl3_get_method, TLSv1_1_enc_data) IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_method, ssl3_accept, ssl3_connect, - ssl3_get_method, TLSv1_enc_data) IMPLEMENT_tls_meth_func(SSL3_VERSION, SSLv3_method, ssl3_accept, ssl3_connect, - ssl3_get_method, SSLv3_enc_data) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index e166735c..f3b3779f 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -172,45 +172,24 @@ #include "../crypto/internal.h" #include "../crypto/dh/internal.h" -static const SSL_METHOD *ssl3_get_server_method(int ver) - { - switch (ver) - { - case TLS1_2_VERSION: - return TLSv1_2_server_method(); - case TLS1_1_VERSION: - return TLSv1_1_server_method(); - case TLS1_VERSION: - return TLSv1_server_method(); - case SSL3_VERSION: - return SSLv3_server_method(); - default: - return NULL; - } - } - IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_server_method, ssl3_accept, ssl_undefined_function, - ssl3_get_server_method, TLSv1_2_enc_data) IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_server_method, ssl3_accept, ssl_undefined_function, - ssl3_get_server_method, TLSv1_1_enc_data) IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_server_method, ssl3_accept, ssl_undefined_function, - ssl3_get_server_method, TLSv1_enc_data) IMPLEMENT_tls_meth_func(SSL3_VERSION, SSLv3_server_method, ssl3_accept, ssl_undefined_function, - ssl3_get_server_method, SSLv3_enc_data) int ssl3_accept(SSL *s) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 4367f1e4..4cbf86dd 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2294,33 +2294,6 @@ const SSL_METHOD *SSL_get_ssl_method(SSL *s) return(s->method); } -int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) - { - int conn= -1; - int ret=1; - - if (s->method != meth) - { - if (s->handshake_func != NULL) - conn=(s->handshake_func == s->method->ssl_connect); - - if (s->method->version == meth->version) - s->method=meth; - else - { - s->method->ssl_free(s); - s->method=meth; - ret=s->method->ssl_new(s); - } - - if (conn == 1) - s->handshake_func=meth->ssl_connect; - else if (conn == 0) - s->handshake_func=meth->ssl_accept; - } - return(ret); - } - int SSL_get_error(const SSL *s,int i) { int reason; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index b1c18997..23b8be20 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -650,7 +650,7 @@ extern SSL3_ENC_METHOD DTLSv1_enc_data; extern SSL3_ENC_METHOD DTLSv1_2_enc_data; #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \ - s_get_meth, enc_data) \ + enc_data) \ const SSL_METHOD *func_name(void) \ { \ static const SSL_METHOD func_name##_data= { \ @@ -675,7 +675,6 @@ const SSL_METHOD *func_name(void) \ ssl3_pending, \ ssl3_num_ciphers, \ ssl3_get_cipher, \ - s_get_meth, \ &enc_data, \ ssl_undefined_void_function, \ ssl3_callback_ctrl, \ @@ -684,7 +683,7 @@ const SSL_METHOD *func_name(void) \ return &func_name##_data; \ } -#define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \ +#define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect) \ const SSL_METHOD *func_name(void) \ { \ static const SSL_METHOD func_name##_data= { \ @@ -709,7 +708,6 @@ const SSL_METHOD *func_name(void) \ ssl_undefined_const_function, \ ssl3_num_ciphers, \ ssl3_get_cipher, \ - s_get_meth, \ &TLSv1_2_enc_data, \ ssl_undefined_void_function, \ ssl3_callback_ctrl, \ @@ -719,7 +717,7 @@ const SSL_METHOD *func_name(void) \ } #define IMPLEMENT_dtls1_meth_func(version, func_name, s_accept, s_connect, \ - s_get_meth, enc_data) \ + enc_data) \ const SSL_METHOD *func_name(void) \ { \ static const SSL_METHOD func_name##_data= { \ @@ -744,7 +742,6 @@ const SSL_METHOD *func_name(void) \ ssl3_pending, \ ssl3_num_ciphers, \ dtls1_get_cipher, \ - s_get_meth, \ &enc_data, \ ssl_undefined_void_function, \ ssl3_callback_ctrl, \ diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index c0cb1d39..90e8b3e0 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -681,52 +681,18 @@ void SSL_SESSION_free(SSL_SESSION *ss) int SSL_set_session(SSL *s, SSL_SESSION *session) { - int ret=0; - const SSL_METHOD *meth; + if (s->session == session) + return 1; + if (s->session != NULL) + SSL_SESSION_free(s->session); + s->session = session; if (session != NULL) { - meth=s->ctx->method->get_ssl_method(session->ssl_version); - if (meth == NULL) - meth=s->method->get_ssl_method(session->ssl_version); - if (meth == NULL) - { - OPENSSL_PUT_ERROR(SSL, SSL_set_session, SSL_R_UNABLE_TO_FIND_SSL_METHOD); - return(0); - } - - if (meth != s->method) - { - if (!SSL_set_ssl_method(s,meth)) - return(0); - } - - /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ - CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION); - if (s->session != NULL) - SSL_SESSION_free(s->session); - s->session=session; - s->verify_result = s->session->verify_result; - /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ - ret=1; + CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); + s->verify_result = session->verify_result; } - else - { - if (s->session != NULL) - { - SSL_SESSION_free(s->session); - s->session=NULL; - } - - meth=s->ctx->method; - if (meth != s->method) - { - if (!SSL_set_ssl_method(s,meth)) - return(0); - } - ret=1; - } - return(ret); + return 1; } long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)