diff options
| author |   tb <tb@openbsd.org> | 2020-09-01 05:32:11 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2020-09-01 05:32:11 +0000 |
| commit | 9a6864026c29fd1cdd96f6e673b2ced46dbc03cc (patch) | |
| tree | db8e6b9fe356245c7d5dae96ebb5ee4a81a8713a /lib/libssl/t1_lib.c | |
| parent | Use sysctl_bounded_args for simple cases in cpu_sysctl on loongson (diff) | |
| download | wireguard-openbsd-9a6864026c29fd1cdd96f6e673b2ced46dbc03cc.tar.xz wireguard-openbsd-9a6864026c29fd1cdd96f6e673b2ced46dbc03cc.zip | |
simplify tls1_process_ticket() exit path
tls1_process_ticket() - the only caller of tls_decrypt_ticket() - ends
in a switch over the return value of tls_decrypt_ticket() to decide
whether or not to set s->internal->tlsext_ticket_expected = 1.
Since tls_decrypt_ticket() already knows what it will return and
partly bases its decision on what to return on whether or not the
ticket needs to be renewed, it can also take care of setting this flag.
This way we don't need to have a confusing switch that conflates some
return values and sets this flag. Moreover, we can get rid of the ugly
TLS1_TICKET_DECRYPTED_RENEW whose only purpose is to signal that the
flag should be set.
ok jsing
Diffstat (limited to 'lib/libssl/t1_lib.c')
| -rw-r--r-- | lib/libssl/t1_lib.c | 23 |
1 files changed, 6 insertions, 17 deletions
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index b0fc630236b..64e64bf9023 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.171 2020/08/31 14:34:01 tb Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.172 2020/09/01 05:32:11 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -844,18 +844,7 @@ tls1_process_ticket(SSL *s, CBS *session_id, CBS *ext_block, int *alert, return TLS1_TICKET_NOT_DECRYPTED; } - switch (tls_decrypt_ticket(s, session_id, &ext_data, alert, ret)) { - case TLS1_TICKET_NOT_DECRYPTED: - s->internal->tlsext_ticket_expected = 1; - return TLS1_TICKET_NOT_DECRYPTED; - case TLS1_TICKET_DECRYPTED: - return TLS1_TICKET_DECRYPTED; - case TLS1_TICKET_DECRYPTED_RENEW: - s->internal->tlsext_ticket_expected = 1; - return TLS1_TICKET_DECRYPTED; - default: - return TLS1_TICKET_FATAL_ERROR; - } + return tls_decrypt_ticket(s, session_id, &ext_data, alert, ret); } /* tls_decrypt_ticket attempts to decrypt a session ticket. @@ -869,7 +858,6 @@ tls1_process_ticket(SSL *s, CBS *session_id, CBS *ext_block, int *alert, * TLS1_TICKET_FATAL_ERROR: error from parsing or decrypting the ticket. * TLS1_TICKET_NOT_DECRYPTED: the ticket couldn't be decrypted. * TLS1_TICKET_DECRYPTED: a ticket was decrypted and *psess was set. - * TLS1_TICKET_DECRYPTED_RENEW: same as 3, but the ticket needs to be renewed. */ static int tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, int *alert, @@ -1017,13 +1005,14 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, int *alert, sess = NULL; if (renew_ticket) - ret = TLS1_TICKET_DECRYPTED_RENEW; - else - ret = TLS1_TICKET_DECRYPTED; + s->internal->tlsext_ticket_expected = 1; + + ret = TLS1_TICKET_DECRYPTED; goto done; derr: + s->internal->tlsext_ticket_expected = 1; ret = TLS1_TICKET_NOT_DECRYPTED; goto done; |