Remove redundant SSL_ST_BEFORE-related checks.

SSL_ST_BEFORE isn't a possible state anymore. It seems this state meant the side wasn't known, back in the early SSLeay days. Now upstream guesses (sometimes incorrectly with generic methods), and we don't initialize until later. SSL_shutdown also doesn't bother to call ssl3_shutdown at all if the side isn't initialized and SSL_ST_BEFORE isn't the uninitialized state, which seems a much more sensible arrangement. Likewise, because bare SSL_ST_BEFOREs no longer exist, SSL_in_init implies SSL_in_before and there is no need to check both. Change-Id: Ie680838b2f860b895073dabb4d759996e21c2824 Reviewed-on: https://boringssl-review.googlesource.com/2564 Reviewed-by: Adam Langley <agl@google.com>
2014-12-11 18:13:28 -05:00 · 2014-12-11 18:13:28 -05:00 · 7e23746dd4
commit 7e23746dd4
parent 138c2ac627
4 changed files with 14 additions and 9 deletions
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@ -860,6 +860,8 @@ struct ssl_ctx_st
 	int trust;		/* Trust setting */
 #endif

+	/* quiet_shutdown is true if the connection should not send a
+	 * close_notify on shutdown. */
 	int quiet_shutdown;

 	/* Maximum amount of data to send in one fragment.
@ -1205,7 +1207,11 @@ struct ssl_st
 	                 * NB: For servers, the 'new' session may actually be a previously
 	                 * cached session or even the previous session unless
 	                 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
-	int quiet_shutdown;/* don't send shutdown packets */
+
+	/* quiet_shutdown is true if the connection should not send a
+	 * close_notify on shutdown. */
+	int quiet_shutdown;
+
 	int shutdown;	/* we have shut things down, 0x01 sent, 0x02
 			 * for received */
 	int state;	/* where we are */
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@ -1915,12 +1915,11 @@ int ssl3_shutdown(SSL *s)
 	{
 	int ret;

-	/* Don't do anything much if we have not done the handshake or
-	 * we don't want to send messages :-) */
-	if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
+	/* Do nothing if configured not to send a close_notify. */
+	if (s->quiet_shutdown)
 		{
-		s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-		return(1);
+		s->shutdown = SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN;
+		return 1;
 		}

 	if (!(s->shutdown & SSL_SENT_SHUTDOWN))
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -2375,7 +2375,7 @@ int SSL_do_handshake(SSL *s)

 	s->method->ssl_renegotiate_check(s);

-	if (SSL_in_init(s) || SSL_in_before(s))
+	if (SSL_in_init(s))
 		{
 		ret=s->handshake_func(s);
 		}
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@ -794,9 +794,9 @@ void SSL_CTX_flush_sessions(SSL_CTX *s, long t)

 int ssl_clear_bad_session(SSL *s)
 	{
-	if (	(s->session != NULL) &&
+	if (s->session != NULL &&
 		!(s->shutdown & SSL_SENT_SHUTDOWN) &&
-		!(SSL_in_init(s) || SSL_in_before(s)))
+		!SSL_in_init(s))
 		{
 		SSL_CTX_remove_session(s->ctx,s->session);
 		return(1);