summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2018-04-07 16:55:14 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2018-04-07 16:55:14 +0000
commit24fcfc985317e1133b3873c6895127aafdc5acca (patch)
tree56b2ec234b211fedcc337f0f25bbcbe36619fbe0
parentc04bbdd8ce4a038362be6b95b02fe74758e0552b (diff)
Nuke SSL3_FLAGS_DELAY_CLIENT_FINISHED and SSL3_FLAGS_POP_BUFFER.
These flags enabled experimental behaviour in the write path, which nothing uses. Removing this code greatly simplifies ssl3_write(). ok beck@ inoguchi@ sthen@ tb@
-rw-r--r--lib/libssl/s3_lib.c51
-rw-r--r--lib/libssl/ssl3.h6
-rw-r--r--lib/libssl/ssl_clnt.c17
-rw-r--r--lib/libssl/ssl_locl.h4
4 files changed, 8 insertions, 70 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 52e0c524102..aa430ee9716 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.165 2018/03/15 12:27:00 jca Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.166 2018/04/07 16:55:13 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -2524,56 +2524,13 @@ ssl3_shutdown(SSL *s)
int
ssl3_write(SSL *s, const void *buf, int len)
{
- int ret, n;
-
-#if 0
- if (s->internal->shutdown & SSL_SEND_SHUTDOWN) {
- s->internal->rwstate = SSL_NOTHING;
- return (0);
- }
-#endif
errno = 0;
+
if (S3I(s)->renegotiate)
ssl3_renegotiate_check(s);
- /*
- * This is an experimental flag that sends the
- * last handshake message in the same packet as the first
- * use data - used to see if it helps the TCP protocol during
- * session-id reuse
- */
- /* The second test is because the buffer may have been removed */
- if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
- /* First time through, we write into the buffer */
- if (S3I(s)->delay_buf_pop_ret == 0) {
- ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA,
- buf, len);
- if (ret <= 0)
- return (ret);
-
- S3I(s)->delay_buf_pop_ret = ret;
- }
-
- s->internal->rwstate = SSL_WRITING;
- n = BIO_flush(s->wbio);
- if (n <= 0)
- return (n);
- s->internal->rwstate = SSL_NOTHING;
-
- /* We have flushed the buffer, so remove it */
- ssl_free_wbio_buffer(s);
- s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
-
- ret = S3I(s)->delay_buf_pop_ret;
- S3I(s)->delay_buf_pop_ret = 0;
- } else {
- ret = s->method->internal->ssl_write_bytes(s,
- SSL3_RT_APPLICATION_DATA, buf, len);
- if (ret <= 0)
- return (ret);
- }
-
- return (ret);
+ return s->method->internal->ssl_write_bytes(s,
+ SSL3_RT_APPLICATION_DATA, buf, len);
}
static int
diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h
index 12ef56b5221..f8833fa1bbf 100644
--- a/lib/libssl/ssl3.h
+++ b/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.46 2017/08/28 17:36:58 jsing Exp $ */
+/* $OpenBSD: ssl3.h,v 1.47 2018/04/07 16:55:13 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -348,11 +348,7 @@ typedef struct ssl3_buffer_st {
*/
#define SSL3_CT_NUMBER 11
-
#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
-#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
-#define SSL3_FLAGS_POP_BUFFER 0x0004
-#define TLS1_FLAGS_TLS_PADDING_BUG 0x0
#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
#define SSL3_FLAGS_CCS_OK 0x0080
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 10dbe83cd59..0ecbae46950 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.23 2018/02/08 11:30:30 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.24 2018/04/07 16:55:13 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -510,15 +510,8 @@ ssl3_connect(SSL *s)
S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
/* clear flags */
- s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
if (s->internal->hit) {
S3I(s)->hs.next_state = SSL_ST_OK;
- if (s->s3->flags &
- SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
- S3I(s)->hs.state = SSL_ST_OK;
- s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
- S3I(s)->delay_buf_pop_ret = 0;
- }
} else {
/* Allow NewSessionTicket if ticket expected */
if (s->internal->tlsext_ticket_expected)
@@ -595,13 +588,7 @@ ssl3_connect(SSL *s)
s->internal->init_buf = NULL;
}
- /*
- * If we are not 'joining' the last two packets,
- * remove the buffering now
- */
- if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
- ssl_free_wbio_buffer(s);
- /* else do it later in ssl3_write */
+ ssl_free_wbio_buffer(s);
s->internal->init_num = 0;
s->internal->renegotiate = 0;
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index d2a99afaa49..64c68e324f8 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.202 2018/01/27 15:30:05 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.203 2018/04/07 16:55:13 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -760,8 +760,6 @@ typedef struct ssl_internal_st {
} SSL_INTERNAL;
typedef struct ssl3_state_internal_st {
- int delay_buf_pop_ret;
-
unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
int read_mac_secret_size;
unsigned char read_mac_secret[EVP_MAX_MD_SIZE];