diff options
| author | Matt Caswell <matt@openssl.org> | 2016-10-22 17:24:37 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-11-09 09:10:29 +0000 |
| commit | 1ab3836b3bb8ccfa4da7ce529d420e750cd56b32 (patch) | |
| tree | e4016bd7c0a51549753f49bf644042a10a26235c /ssl/ssl_sess.c | |
| parent | e3fb4d3d52e188b83ccb8506aa2f16cb686f4d6c (diff) | |
Refactor ClientHello processing so that extensions get parsed earlier
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl/ssl_sess.c')
| -rw-r--r-- | ssl/ssl_sess.c | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 44101cbb0c..a8bfeb7761 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -445,7 +445,7 @@ int ssl_get_new_session(SSL *s, int session) * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1 * if the server should issue a new session ticket (to 0 otherwise). */ -int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id) +int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) { /* This is used only by servers. */ @@ -454,11 +454,11 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id) int try_session_cache = 1; int r; - if (PACKET_remaining(session_id) == 0) + if (hello->session_id_len == 0) try_session_cache = 0; - /* sets s->tlsext_ticket_expected and extended master secret flag */ - r = tls_check_serverhello_tlsext_early(s, ext, session_id, &ret); + /* sets s->tlsext_ticket_expected */ + r = tls_get_ticket_from_client(s, hello, &ret); switch (r) { case -1: /* Error during processing */ fatal = 1; @@ -479,14 +479,12 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id) !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { SSL_SESSION data; - size_t local_len; + data.ssl_version = s->version; memset(data.session_id, 0, sizeof(data.session_id)); - if (!PACKET_copy_all(session_id, data.session_id, - sizeof(data.session_id), &local_len)) { - goto err; - } - data.session_id_length = local_len; + memcpy(data.session_id, hello->session_id, hello->session_id_len); + data.session_id_length = hello->session_id_len; + CRYPTO_THREAD_read_lock(s->session_ctx->lock); ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data); if (ret != NULL) { @@ -501,8 +499,9 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id) if (try_session_cache && ret == NULL && s->session_ctx->get_session_cb != NULL) { int copy = 1; - ret = s->session_ctx->get_session_cb(s, PACKET_data(session_id), - (int)PACKET_remaining(session_id), + + ret = s->session_ctx->get_session_cb(s, hello->session_id, + hello->session_id_len, ©); if (ret != NULL) { |