summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2014-05-30 05:27:33 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2014-05-30 05:27:33 +0000
commit5e5527b3e65377286505a3ba5f9a7f0fa64f00f1 (patch)
tree27bb980642a97537baf25061e62f7eea3dc87c46
parent76cbe72b07ef459cb652f5b2c2262fb5cd374a36 (diff)
While working on another diff I ended up looking to see why on earth the
DTLS code had a chunk that checked to see if the SSL version was *not* DTLS. Turns out that this is inside a big #if 0 block with a comment explaining why DTLS will never need this code... The DTLS code was clearly written by wholesale copying the SSLv3 code. Any code not applicable to DTLS was seemingly #if 0'd or commented out and left for others to find. d1_pkt.c is copied from s3_pkt.c and it has a do_dtls1_write() function that has the same function signature as do_ssl3_write(), except that the create_empty_fragement (yes, that is the spelling in ssl_locl.h) argument is unused for DTLS (although there is code that pretends to use it) since it uses explicit IV (as the comment notes). Instead of leaving this turd lying around, nuke the #if 0'd code (along with the check for *not* DTLS) and remove the pointless create_empty_fragment argument given the only two do_dtls1_write() calls specify zero. This kind of thing also makes you wonder how much actual peer review occurred before the code was initially committed... ok beck@
-rw-r--r--lib/libssl/d1_pkt.c44
-rw-r--r--lib/libssl/ssl_locl.h2
2 files changed, 6 insertions, 40 deletions
diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c
index db898f507a4..d2f63b890b7 100644
--- a/lib/libssl/d1_pkt.c
+++ b/lib/libssl/d1_pkt.c
@@ -1361,12 +1361,12 @@ dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
s->rwstate = SSL_NOTHING;
- i = do_dtls1_write(s, type, buf, len, 0);
+ i = do_dtls1_write(s, type, buf, len);
return i;
}
int
-do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment)
+do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
{
unsigned char *p, *pseq;
int i, mac_size, clear = 0;
@@ -1391,7 +1391,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int
/* if it went, fall through and send more stuff */
}
- if (len == 0 && !create_empty_fragment)
+ if (len == 0)
return 0;
wr = &(s->s3->wrec);
@@ -1410,35 +1410,8 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int
goto err;
}
- /* DTLS implements explicit IV, so no need for empty fragments */
-#if 0
- /* 'create_empty_fragment' is true only when this function calls itself */
- if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done &&
- SSL_version(s) != DTLS1_VERSION &&
- SSL_version(s) != DTLS1_BAD_VER) {
- /* countermeasure against known-IV weakness in CBC ciphersuites
- * (see http://www.openssl.org/~bodo/tls-cbc.txt)
- */
-
- if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
- /* recursive function call with 'create_empty_fragment' set;
- * this prepares and buffers the data for an empty fragment
- * (these 'prefix_len' bytes are sent out later
- * together with the actual payload) */
- prefix_len = s->method->do_ssl_write(s, type, buf, 0, 1);
- if (prefix_len <= 0)
- goto err;
-
- if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) {
- /* insufficient space */
- SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- }
+ /* DTLS implements explicit IV, so no need for empty fragments. */
- s->s3->empty_fragment_done = 1;
- }
-#endif
p = wb->buf + prefix_len;
/* write the header */
@@ -1542,13 +1515,6 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int
ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
- if (create_empty_fragment) {
- /* we are in a recursive call;
- * just return the length, don't write out anything here
- */
- return wr->length;
- }
-
/* now let's set up wb */
wb->left = prefix_len + wr->length;
wb->offset = 0;
@@ -1644,7 +1610,7 @@ dtls1_dispatch_alert(SSL *s)
}
#endif
- i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
+ i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf));
if (i <= 0) {
s->s3->alert_dispatch = 1;
/* fprintf( stderr, "not done with alert\n" ); */
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 16d31f33d23..208610dac19 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -806,7 +806,7 @@ int dtls1_shutdown(SSL *s);
long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
int dtls1_get_record(SSL *s);
int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
- unsigned int len, int create_empty_fragement);
+ unsigned int len);
int dtls1_dispatch_alert(SSL *s);
int dtls1_enc(SSL *s, int snd);