Remove redundant SSL_ST_BEFORE-related checks.

SSL_ST_BEFORE isn't a possible state anymore. It seems this state meant the
side wasn't known, back in the early SSLeay days. Now upstream guesses
(sometimes incorrectly with generic methods), and we don't initialize until
later. SSL_shutdown also doesn't bother to call ssl3_shutdown at all if the
side isn't initialized and SSL_ST_BEFORE isn't the uninitialized state, which
seems a much more sensible arrangement.

Likewise, because bare SSL_ST_BEFOREs no longer exist, SSL_in_init implies
SSL_in_before and there is no need to check both.

Change-Id: Ie680838b2f860b895073dabb4d759996e21c2824
Reviewed-on: https://boringssl-review.googlesource.com/2564
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2014-12-11 18:13:28 -05:00 committed by Adam Langley
parent 138c2ac627
commit 7e23746dd4
4 changed files with 14 additions and 9 deletions

View File

@ -860,6 +860,8 @@ struct ssl_ctx_st
int trust; /* Trust setting */ int trust; /* Trust setting */
#endif #endif
/* quiet_shutdown is true if the connection should not send a
* close_notify on shutdown. */
int quiet_shutdown; int quiet_shutdown;
/* Maximum amount of data to send in one fragment. /* Maximum amount of data to send in one fragment.
@ -1205,7 +1207,11 @@ struct ssl_st
* NB: For servers, the 'new' session may actually be a previously * NB: For servers, the 'new' session may actually be a previously
* cached session or even the previous session unless * cached session or even the previous session unless
* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
int quiet_shutdown;/* don't send shutdown packets */
/* quiet_shutdown is true if the connection should not send a
* close_notify on shutdown. */
int quiet_shutdown;
int shutdown; /* we have shut things down, 0x01 sent, 0x02 int shutdown; /* we have shut things down, 0x01 sent, 0x02
* for received */ * for received */
int state; /* where we are */ int state; /* where we are */

View File

@ -1915,12 +1915,11 @@ int ssl3_shutdown(SSL *s)
{ {
int ret; int ret;
/* Don't do anything much if we have not done the handshake or /* Do nothing if configured not to send a close_notify. */
* we don't want to send messages :-) */ if (s->quiet_shutdown)
if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
{ {
s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); s->shutdown = SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN;
return(1); return 1;
} }
if (!(s->shutdown & SSL_SENT_SHUTDOWN)) if (!(s->shutdown & SSL_SENT_SHUTDOWN))

View File

@ -2375,7 +2375,7 @@ int SSL_do_handshake(SSL *s)
s->method->ssl_renegotiate_check(s); s->method->ssl_renegotiate_check(s);
if (SSL_in_init(s) || SSL_in_before(s)) if (SSL_in_init(s))
{ {
ret=s->handshake_func(s); ret=s->handshake_func(s);
} }

View File

@ -794,9 +794,9 @@ void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
int ssl_clear_bad_session(SSL *s) int ssl_clear_bad_session(SSL *s)
{ {
if ( (s->session != NULL) && if (s->session != NULL &&
!(s->shutdown & SSL_SENT_SHUTDOWN) && !(s->shutdown & SSL_SENT_SHUTDOWN) &&
!(SSL_in_init(s) || SSL_in_before(s))) !SSL_in_init(s))
{ {
SSL_CTX_remove_session(s->ctx,s->session); SSL_CTX_remove_session(s->ctx,s->session);
return(1); return(1);