From 918cc65ccb8a736ea4e71e7d96a3d7e16680c958 Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Mon, 14 Sep 2020 18:25:24 +0000 Subject: Cleanup and simplify SSL_set_session(). SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client. ok beck@ --- lib/libssl/ssl_sess.c | 58 +++++++++++++++++++-------------------------------- 1 file changed, 22 insertions(+), 36 deletions(-) diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index 3af4cfa79c3..4f9252679aa 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.97 2020/09/02 08:04:06 tb Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.98 2020/09/14 18:25:23 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -776,45 +776,31 @@ SSL_SESSION_up_ref(SSL_SESSION *ss) int SSL_set_session(SSL *s, SSL_SESSION *session) { - int ret = 0; - const SSL_METHOD *meth; - - if (session != NULL) { - meth = s->ctx->method->internal->get_ssl_method(session->ssl_version); - if (meth == NULL) - meth = s->method->internal->get_ssl_method(session->ssl_version); - if (meth == NULL) { - SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD); - return (0); - } + const SSL_METHOD *method; - if (meth != s->method) { - if (!SSL_set_ssl_method(s, meth)) - return (0); - } + if (session == NULL) { + SSL_SESSION_free(s->session); + s->session = NULL; - /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ - CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); - if (s->session != NULL) - SSL_SESSION_free(s->session); - s->session = session; - s->verify_result = s->session->verify_result; - /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ - ret = 1; - } else { - if (s->session != NULL) { - SSL_SESSION_free(s->session); - s->session = NULL; - } + return SSL_set_ssl_method(s, s->ctx->method); + } - meth = s->ctx->method; - if (meth != s->method) { - if (!SSL_set_ssl_method(s, meth)) - return (0); - } - ret = 1; + if ((method = tls1_get_client_method(session->ssl_version)) == NULL) + method = dtls1_get_client_method(session->ssl_version); + if (method == NULL) { + SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD); + return (0); } - return (ret); + + if (!SSL_set_ssl_method(s, method)) + return (0); + + CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); + SSL_SESSION_free(s->session); + s->session = session; + s->verify_result = s->session->verify_result; + + return (1); } size_t -- cgit v1.2.3