From bb15e3ddb5c696c862e8362ba155b400a6c55ded Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 29 Nov 2014 16:03:41 -0500 Subject: [PATCH] Remove method-switching codepath in SSL_clear. Although the comment suggests this was added with an s->session check to account for SSL_set_session switching methods (which we will remove in the next commit) and to account for SSLv23_method switching methods (which we hope to remove after a long tower of cleanup), the current codepath never runs and can't work: If it is called prior to handshaking or setting a session, no method switch has happened so that codepath is dead. If it is called after setting a session, the s->session check will keep it from running. If it is called after a handshake, we will have established a session so that check will again keep it from running. (Finally, if it is called during the handshake, the in_handshake check will stop; that there is an SSL_clear call in the handshake state machine at all is a bug that will be addressed once more things are disentangled. See upstream's 979689aa5cfa100ccbc1f25064e9398be4b7b05c.) Were that code to ever run, the SSL* would be in an inconsistent state. It switches the method, but not the handshake_func. The handshake_func isn't switched to NULL, so that will keep the SSL_connect and SSL_accept code from fixing it. It seems the intent was that the caller would always call SSL_set_{connect,accept}_state to fix this. But as of upstream's b31b04d951e9b65bde29657e1ae057b76f0f0a73, this is not necessary and indeed isn't called by a lot of consumer code. Change-Id: I710652b1d565b77bc26f913c2066ce749a9025c9 Reviewed-on: https://boringssl-review.googlesource.com/2430 Reviewed-by: Adam Langley --- ssl/ssl_lib.c | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 6b48a0c1..4367f1e4 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -234,19 +234,7 @@ int SSL_clear(SSL *s) s->first_packet=0; -#if 1 - /* Check to see if we were changed into a different method, if - * so, revert back if we are not doing session-id reuse. */ - if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) - { - s->method->ssl_free(s); - s->method=s->ctx->method; - if (!s->method->ssl_new(s)) - return(0); - } - else -#endif - s->method->ssl_clear(s); + s->method->ssl_clear(s); return(1); }