Loading CHANGES +4 −2 Original line number Original line Diff line number Diff line Loading @@ -30,11 +30,13 @@ *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C should end in 'break', not 'goto end' which circuments various should end in 'break', not 'goto end' which circuments various cleanups. cleanups done in state SSL_ST_OK. But session related stuff must be disabled for SSL_ST_OK in the case that we just sent a HelloRequest. Also avoid some overhead by not calling ssl_init_wbio_buffer() Also avoid some overhead by not calling ssl_init_wbio_buffer() before just sending a HelloRequest. before just sending a HelloRequest. [Bodo Moeller] [Bodo Moeller, Eric Rescorla <ekr@rtfm.com>] *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't reveal whether illegal block cipher padding was found or a MAC reveal whether illegal block cipher padding was found or a MAC Loading ssl/s3_srvr.c +17 −16 Original line number Original line Diff line number Diff line Loading @@ -170,6 +170,7 @@ int ssl3_accept(SSL *s) long num1; long num1; int ret= -1; int ret= -1; int new_state,state,skip=0; int new_state,state,skip=0; int got_new_session=0; RAND_add(&Time,sizeof(Time),0); RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); ERR_clear_error(); Loading Loading @@ -282,6 +283,7 @@ int ssl3_accept(SSL *s) s->shutdown=0; s->shutdown=0; ret=ssl3_get_client_hello(s); ret=ssl3_get_client_hello(s); if (ret <= 0) goto end; if (ret <= 0) goto end; got_new_session=1; s->state=SSL3_ST_SW_SRVR_HELLO_A; s->state=SSL3_ST_SW_SRVR_HELLO_A; s->init_num=0; s->init_num=0; break; break; Loading Loading @@ -522,19 +524,23 @@ int ssl3_accept(SSL *s) /* remove buffering on output */ /* remove buffering on output */ ssl_free_wbio_buffer(s); ssl_free_wbio_buffer(s); if (s->new_session == 2) s->new_session=0; /* if s->new_session is still 1, we have only sent a HelloRequest */ s->init_num=0; s->init_num=0; if (got_new_session) /* skipped if we just sent a HelloRequest */ { /* actually not necessarily a 'new' session unless * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ s->new_session=0; ssl_update_cache(s,SSL_SESS_CACHE_SERVER); ssl_update_cache(s,SSL_SESS_CACHE_SERVER); s->ctx->stats.sess_accept_good++; s->ctx->stats.sess_accept_good++; /* s->server=1; */ /* s->server=1; */ s->handshake_func=ssl3_accept; s->handshake_func=ssl3_accept; ret=1; if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); } goto end; goto end; /* break; */ /* break; */ Loading Loading @@ -702,11 +708,6 @@ static int ssl3_get_client_hello(SSL *s) } } } } if (s->new_session) /* actually not necessarily a 'new' section unless * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ s->new_session = 2; p+=j; p+=j; n2s(p,i); n2s(p,i); if ((i == 0) && (j != 0)) if ((i == 0) && (j != 0)) Loading ssl/ssl.h +1 −2 Original line number Original line Diff line number Diff line Loading @@ -643,8 +643,7 @@ struct ssl_st int server; /* are we the server side? - mostly used by SSL_clear*/ int server; /* are we the server side? - mostly used by SSL_clear*/ int new_session;/* 1 if we are to use a new session, int new_session;/* 1 if we are to use a new session. * (sometimes 2 after a new session has in fact been assigned). * NB: For servers, the 'new' session may actually be a previously * NB: For servers, the 'new' session may actually be a previously * cached session or even the previous session unless * cached session or even the previous session unless * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ Loading Loading
CHANGES +4 −2 Original line number Original line Diff line number Diff line Loading @@ -30,11 +30,13 @@ *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C should end in 'break', not 'goto end' which circuments various should end in 'break', not 'goto end' which circuments various cleanups. cleanups done in state SSL_ST_OK. But session related stuff must be disabled for SSL_ST_OK in the case that we just sent a HelloRequest. Also avoid some overhead by not calling ssl_init_wbio_buffer() Also avoid some overhead by not calling ssl_init_wbio_buffer() before just sending a HelloRequest. before just sending a HelloRequest. [Bodo Moeller] [Bodo Moeller, Eric Rescorla <ekr@rtfm.com>] *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't reveal whether illegal block cipher padding was found or a MAC reveal whether illegal block cipher padding was found or a MAC Loading
ssl/s3_srvr.c +17 −16 Original line number Original line Diff line number Diff line Loading @@ -170,6 +170,7 @@ int ssl3_accept(SSL *s) long num1; long num1; int ret= -1; int ret= -1; int new_state,state,skip=0; int new_state,state,skip=0; int got_new_session=0; RAND_add(&Time,sizeof(Time),0); RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); ERR_clear_error(); Loading Loading @@ -282,6 +283,7 @@ int ssl3_accept(SSL *s) s->shutdown=0; s->shutdown=0; ret=ssl3_get_client_hello(s); ret=ssl3_get_client_hello(s); if (ret <= 0) goto end; if (ret <= 0) goto end; got_new_session=1; s->state=SSL3_ST_SW_SRVR_HELLO_A; s->state=SSL3_ST_SW_SRVR_HELLO_A; s->init_num=0; s->init_num=0; break; break; Loading Loading @@ -522,19 +524,23 @@ int ssl3_accept(SSL *s) /* remove buffering on output */ /* remove buffering on output */ ssl_free_wbio_buffer(s); ssl_free_wbio_buffer(s); if (s->new_session == 2) s->new_session=0; /* if s->new_session is still 1, we have only sent a HelloRequest */ s->init_num=0; s->init_num=0; if (got_new_session) /* skipped if we just sent a HelloRequest */ { /* actually not necessarily a 'new' session unless * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ s->new_session=0; ssl_update_cache(s,SSL_SESS_CACHE_SERVER); ssl_update_cache(s,SSL_SESS_CACHE_SERVER); s->ctx->stats.sess_accept_good++; s->ctx->stats.sess_accept_good++; /* s->server=1; */ /* s->server=1; */ s->handshake_func=ssl3_accept; s->handshake_func=ssl3_accept; ret=1; if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); } goto end; goto end; /* break; */ /* break; */ Loading Loading @@ -702,11 +708,6 @@ static int ssl3_get_client_hello(SSL *s) } } } } if (s->new_session) /* actually not necessarily a 'new' section unless * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ s->new_session = 2; p+=j; p+=j; n2s(p,i); n2s(p,i); if ((i == 0) && (j != 0)) if ((i == 0) && (j != 0)) Loading
ssl/ssl.h +1 −2 Original line number Original line Diff line number Diff line Loading @@ -643,8 +643,7 @@ struct ssl_st int server; /* are we the server side? - mostly used by SSL_clear*/ int server; /* are we the server side? - mostly used by SSL_clear*/ int new_session;/* 1 if we are to use a new session, int new_session;/* 1 if we are to use a new session. * (sometimes 2 after a new session has in fact been assigned). * NB: For servers, the 'new' session may actually be a previously * NB: For servers, the 'new' session may actually be a previously * cached session or even the previous session unless * cached session or even the previous session unless * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ Loading
