PR: 1833
authorDr. Stephen Henson <steve@openssl.org>
Fri, 27 Aug 2010 11:57:42 +0000 (11:57 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 27 Aug 2010 11:57:42 +0000 (11:57 +0000)
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix other cases not covered by original patch.

ssl/d1_clnt.c
ssl/d1_pkt.c
ssl/d1_srvr.c
ssl/s3_clnt.c
ssl/s3_pkt.c
ssl/s3_srvr.c
ssl/ssl.h
ssl/ssl_lib.c
ssl/t1_lib.c

index 255c19d..5bc9eb6 100644 (file)
@@ -171,7 +171,7 @@ int dtls1_connect(SSL *s)
                switch(s->state)
                        {
                case SSL_ST_RENEGOTIATE:
-                       s->renegotiate=1;
+                       s->new_session=1;
                        s->state=SSL_ST_CONNECT;
                        s->ctx->stats.sess_connect_renegotiate++;
                        /* break */
@@ -539,7 +539,6 @@ int dtls1_connect(SSL *s)
                        /* else do it later in ssl3_write */
 
                        s->init_num=0;
-                       s->renegotiate=0;
                        s->new_session=0;
 
                        ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
index ee67561..1fd58bf 100644 (file)
@@ -957,7 +957,6 @@ start:
                        !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
                        !s->s3->renegotiate)
                        {
-                       s->new_session = 1;
                        ssl3_renegotiate(s);
                        if (ssl3_renegotiate_check(s))
                                {
@@ -1164,7 +1163,6 @@ start:
 #else
                        s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
 #endif
-                       s->renegotiate=1;
                        s->new_session=1;
                        }
                i=s->handshake_func(s);
index ac4fbda..301ceda 100644 (file)
@@ -177,7 +177,7 @@ int dtls1_accept(SSL *s)
                switch (s->state)
                        {
                case SSL_ST_RENEGOTIATE:
-                       s->renegotiate=1;
+                       s->new_session=1;
                        /* s->state=SSL_ST_ACCEPT; */
 
                case SSL_ST_BEFORE:
@@ -299,7 +299,7 @@ int dtls1_accept(SSL *s)
                        
                case SSL3_ST_SW_SRVR_HELLO_A:
                case SSL3_ST_SW_SRVR_HELLO_B:
-                       s->renegotiate = 2;
+                       s->new_session = 2;
                        dtls1_start_timer(s);
                        ret=dtls1_send_server_hello(s);
                        if (ret <= 0) goto end;
@@ -620,12 +620,11 @@ int dtls1_accept(SSL *s)
 
                        s->init_num=0;
 
-                       if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */
+                       if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
                                {
                                /* actually not necessarily a 'new' session unless
                                 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
                                
-                               s->renegotiate=0;
                                s->new_session=0;
                                
                                ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
index 99b2f49..41769fe 100644 (file)
@@ -207,7 +207,7 @@ int ssl3_connect(SSL *s)
                switch(s->state)
                        {
                case SSL_ST_RENEGOTIATE:
-                       s->renegotiate=1;
+                       s->new_session=1;
                        s->state=SSL_ST_CONNECT;
                        s->ctx->stats.sess_connect_renegotiate++;
                        /* break */
@@ -546,7 +546,6 @@ int ssl3_connect(SSL *s)
                        /* else do it later in ssl3_write */
 
                        s->init_num=0;
-                       s->renegotiate=0;
                        s->new_session=0;
 
                        ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
index a1fec62..b30c032 100644 (file)
@@ -1280,7 +1280,6 @@ start:
 #else
                        s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
 #endif
-                       s->renegotiate=1;
                        s->new_session=1;
                        }
                i=s->handshake_func(s);
index 3a62a95..92f73b6 100644 (file)
@@ -218,7 +218,7 @@ int ssl3_accept(SSL *s)
                switch (s->state)
                        {
                case SSL_ST_RENEGOTIATE:
-                       s->renegotiate=1;
+                       s->new_session=1;
                        /* s->state=SSL_ST_ACCEPT; */
 
                case SSL_ST_BEFORE:
@@ -316,7 +316,7 @@ int ssl3_accept(SSL *s)
                        ret=ssl3_get_client_hello(s);
                        if (ret <= 0) goto end;
                        
-                       s->renegotiate = 2;
+                       s->new_session = 2;
                        s->state=SSL3_ST_SW_SRVR_HELLO_A;
                        s->init_num=0;
                        break;
@@ -673,12 +673,11 @@ int ssl3_accept(SSL *s)
 
                        s->init_num=0;
 
-                       if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */
+                       if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
                                {
                                /* actually not necessarily a 'new' session unless
                                 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
                                
-                               s->renegotiate=0;
                                s->new_session=0;
                                
                                ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
index 6e6f27c..e6244b0 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1007,14 +1007,12 @@ struct ssl_st
 
        int server;     /* are we the server side? - mostly used by SSL_clear*/
 
-       int new_session;/* Generate a new session or reuse an old one.
-                                        * NB: For servers, the 'new' session may actually be a previously
-                                        * cached session or even the previous session unless
-                                        * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
-       int renegotiate;/* 1 if we are renegotiating.
-                                        * 2 if we are a server and are inside a handshake
-                                        *   (i.e. not just sending a HelloRequest) */
-
+       int new_session;/* 1 if we are to use a new session.
+                        * 2 if we are a server and are inside a handshake
+                        *   (i.e. not just sending a HelloRequest)
+                        * NB: For servers, the 'new' session may actually be a previously
+                        * cached session or even the previous session unless
+                        * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
        int quiet_shutdown;/* don't send shutdown packets */
        int shutdown;   /* we have shut things down, 0x01 sent, 0x02
                         * for received */
@@ -1663,7 +1661,6 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
 
 int SSL_do_handshake(SSL *s);
 int SSL_renegotiate(SSL *s);
-int SSL_renegotiate_abbreviated(SSL *s);
 int SSL_renegotiate_pending(SSL *s);
 int SSL_shutdown(SSL *s);
 
index d4fc4aa..d4ca62e 100644 (file)
@@ -202,9 +202,9 @@ int SSL_clear(SSL *s)
        * needed because SSL_clear is not called when doing renegotiation) */
        /* This is set if we are doing dynamic renegotiation so keep
         * the old cipher.  It is sort of a SSL_clear_lite :-) */
-       if (s->renegotiate) return(1);
+       if (s->new_session) return(1);
 #else
-       if (s->renegotiate)
+       if (s->new_session)
                {
                SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
                return 0;
@@ -1008,29 +1008,18 @@ int SSL_shutdown(SSL *s)
 
 int SSL_renegotiate(SSL *s)
        {
-       if (s->renegotiate == 0)
-               s->renegotiate=1;
-
-       s->new_session=1;
-
+       if (s->new_session == 0)
+               {
+               s->new_session=1;
+               }
        return(s->method->ssl_renegotiate(s));
        }
 
-int SSL_renegotiate_abbreviated(SSL *s)
-{
-       if (s->renegotiate == 0)
-               s->renegotiate=1;
-       
-       s->new_session=0;
-       
-       return(s->method->ssl_renegotiate(s));
-}
-
 int SSL_renegotiate_pending(SSL *s)
        {
        /* becomes true when negotiation is requested;
         * false again once a handshake has finished */
-       return (s->renegotiate != 0);
+       return (s->new_session != 0);
        }
 
 long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
@@ -1383,7 +1372,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
        /* If p == q, no ciphers and caller indicates an error. Otherwise
         * add SCSV if not renegotiating.
         */
-       if (p != q && !s->new_session)
+       if (p != q && !s->renegotiate)
                {
                static SSL_CIPHER scsv =
                        {
@@ -1430,7 +1419,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
                        (p[n-1] == (SSL3_CK_SCSV & 0xff)))
                        {
                        /* SCSV fatal if renegotiating */
-                       if (s->new_session)
+                       if (s->renegotiate)
                                {
                                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 
@@ -2530,7 +2519,6 @@ SSL *SSL_dup(SSL *s)
        ret->in_handshake = s->in_handshake;
        ret->handshake_func = s->handshake_func;
        ret->server = s->server;
-       ret->renegotiate = s->renegotiate;
        ret->new_session = s->new_session;
        ret->quiet_shutdown = s->quiet_shutdown;
        ret->shutdown=s->shutdown;
index ef40e5e..521a419 100644 (file)
@@ -317,7 +317,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                }
 
         /* Add RI if renegotiating */
-        if (s->new_session)
+        if (s->renegotiate)
           {
           int el;
           
@@ -969,7 +969,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 
        /* Need RI if renegotiating */
 
-       if (!renegotiate_seen && s->new_session &&
+       if (!renegotiate_seen && s->renegotiate &&
                !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
                {
                *al = SSL_AD_HANDSHAKE_FAILURE;