mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-01 19:28:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

Make the "ticket" function return codes clearer

Browse Source 
Remove "magic" return values and use an enum instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
This commit is contained in:
Matt Caswell 2017-01-20 16:01:27 +00:00
parent 1f5b44e943
commit ddf6ec0069
3 changed files with 41 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
ssl/ssl_locl.h
View File

@ -2191,18 +2191,24 @@ __owur int tls1_get_curvelist(SSL *s, int sess, const unsigned char **pcurves,
void ssl_set_default_md(SSL *s); void ssl_set_default_md(SSL *s);
__owur int tls1_set_server_sigalgs(SSL *s); __owur int tls1_set_server_sigalgs(SSL *s);
__owur int tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
SSL_SESSION **ret);
/* Return codes for tls_decrypt_ticket */ /* Return codes for tls_get_ticket_from_client() and tls_decrypt_ticket() */
#define TICKET_FATAL_ERR_MALLOC -2 typedef enum ticket_en {
#define TICKET_FATAL_ERR_OTHER -1 TICKET_FATAL_ERR_MALLOC,
#define TICKET_NO_DECRYPT 2 TICKET_FATAL_ERR_OTHER,
#define TICKET_SUCCESS 3 TICKET_NONE,
#define TICKET_SUCCESS_RENEW 4 TICKET_EMPTY,
__owur int tls_decrypt_ticket(SSL *s, const unsigned char *etick, TICKET_NO_DECRYPT,
size_t eticklen, const unsigned char *sess_id, TICKET_SUCCESS,
size_t sesslen, SSL_SESSION **psess); TICKET_SUCCESS_RENEW
} TICKET_RETURN;
__owur TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
SSL_SESSION **ret);
__owur TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
size_t eticklen,
const unsigned char *sess_id,
size_t sesslen, SSL_SESSION **psess);
__owur int tls_use_ticket(SSL *s); __owur int tls_use_ticket(SSL *s);

18
ssl/ssl_sess.c
View File

@ -465,7 +465,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
SSL_SESSION *ret = NULL; SSL_SESSION *ret = NULL;
int fatal = 0; int fatal = 0;
int try_session_cache = 0; int try_session_cache = 0;
int r; TICKET_RETURN r;
if (SSL_IS_TLS13(s)) { if (SSL_IS_TLS13(s)) {
int al; int al;
@ -479,18 +479,18 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
/* sets s->ext.ticket_expected */ /* sets s->ext.ticket_expected */
r = tls_get_ticket_from_client(s, hello, &ret); r = tls_get_ticket_from_client(s, hello, &ret);
switch (r) { switch (r) {
case -1: /* Error during processing */ case TICKET_FATAL_ERR_MALLOC:
case TICKET_FATAL_ERR_OTHER: /* Error during processing */
fatal = 1; fatal = 1;
goto err; goto err;
case 0: /* No ticket found */ case TICKET_NONE: /* No ticket found */
case 1: /* Zero length ticket found */ case TICKET_EMPTY: /* Zero length ticket found */
try_session_cache = 1; try_session_cache = 1;
break; /* Ok to carry on processing session id. */ break; /* Ok to carry on processing session id. */
case 2: /* Ticket found but not decrypted. */ case TICKET_NO_DECRYPT: /* Ticket found but not decrypted. */
case 3: /* Ticket decrypted, *ret has been set. */ case TICKET_SUCCESS: /* Ticket decrypted, *ret has been set. */
case TICKET_SUCCESS_RENEW:
break; break;
default:
abort();
} }
} }

34
ssl/t1_lib.c
View File

@ -1049,8 +1049,8 @@ int tls1_set_server_sigalgs(SSL *s)
* s->ctx->ext.ticket_key_cb asked to renew the client's ticket. * s->ctx->ext.ticket_key_cb asked to renew the client's ticket.
* Otherwise, s->ext.ticket_expected is set to 0. * Otherwise, s->ext.ticket_expected is set to 0.
*/ */
int tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
SSL_SESSION **ret) SSL_SESSION **ret)
{ {
int retv; int retv;
size_t size; size_t size;
@ -1065,11 +1065,11 @@ int tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
* resumption. * resumption.
*/ */
if (s->version <= SSL3_VERSION || !tls_use_ticket(s)) if (s->version <= SSL3_VERSION || !tls_use_ticket(s))
return 0; return TICKET_NONE;
ticketext = &hello->pre_proc_exts[TLSEXT_IDX_session_ticket]; ticketext = &hello->pre_proc_exts[TLSEXT_IDX_session_ticket];
if (!ticketext->present) if (!ticketext->present)
return 0; return TICKET_NONE;
size = PACKET_remaining(&ticketext->data); size = PACKET_remaining(&ticketext->data);
if (size == 0) { if (size == 0) {
@ -1078,7 +1078,7 @@ int tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
* one. * one.
*/ */
s->ext.ticket_expected = 1; s->ext.ticket_expected = 1;
return 1; return TICKET_EMPTY;
} }
if (s->ext.session_secret_cb) { if (s->ext.session_secret_cb) {
/* /*
@ -1087,7 +1087,7 @@ int tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
* abbreviated handshake based on external mechanism to * abbreviated handshake based on external mechanism to
* calculate the master secret later. * calculate the master secret later.
*/ */
return 2; return TICKET_NO_DECRYPT;
} }
retv = tls_decrypt_ticket(s, PACKET_data(&ticketext->data), size, retv = tls_decrypt_ticket(s, PACKET_data(&ticketext->data), size,
@ -1095,17 +1095,17 @@ int tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
switch (retv) { switch (retv) {
case TICKET_NO_DECRYPT: /* ticket couldn't be decrypted */ case TICKET_NO_DECRYPT: /* ticket couldn't be decrypted */
s->ext.ticket_expected = 1; s->ext.ticket_expected = 1;
return 2; return TICKET_NO_DECRYPT;
case TICKET_SUCCESS: /* ticket was decrypted */ case TICKET_SUCCESS: /* ticket was decrypted */
return 3; return TICKET_SUCCESS;
case TICKET_SUCCESS_RENEW: /* ticket decrypted but need to renew */ case TICKET_SUCCESS_RENEW: /* ticket decrypted but need to renew */
s->ext.ticket_expected = 1; s->ext.ticket_expected = 1;
return 3; return TICKET_SUCCESS;
default: /* fatal error */ default: /* fatal error */
return -1; return TICKET_FATAL_ERR_OTHER;
} }
} }
@ -1128,19 +1128,15 @@ int tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
* set. * set.
* TICKET_SUCCESS_RENEW: same as 3, but the ticket needs to be renewed * TICKET_SUCCESS_RENEW: same as 3, but the ticket needs to be renewed
*/ */
#define TICKET_FATAL_ERR_MALLOC -2 TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
#define TICKET_FATAL_ERR_OTHER -1 size_t eticklen, const unsigned char *sess_id,
#define TICKET_NO_DECRYPT 2 size_t sesslen, SSL_SESSION **psess)
#define TICKET_SUCCESS 3
#define TICKET_SUCCESS_RENEW 4
int tls_decrypt_ticket(SSL *s, const unsigned char *etick, size_t eticklen,
const unsigned char *sess_id, size_t sesslen,
SSL_SESSION **psess)
{ {
SSL_SESSION *sess; SSL_SESSION *sess;
unsigned char *sdec; unsigned char *sdec;
const unsigned char *p; const unsigned char *p;
int slen, renew_ticket = 0, ret = TICKET_FATAL_ERR_OTHER, declen; int slen, renew_ticket = 0, declen;
TICKET_RETURN ret = TICKET_FATAL_ERR_OTHER;
size_t mlen; size_t mlen;
unsigned char tick_hmac[EVP_MAX_MD_SIZE]; unsigned char tick_hmac[EVP_MAX_MD_SIZE];
HMAC_CTX *hctx = NULL; HMAC_CTX *hctx = NULL;