Nuke SSL3_FLAGS_DELAY_CLIENT_FINISHED and SSL3_FLAGS_POP_BUFFER.

These flags enabled experimental behaviour in the write path, which nothing
uses. Removing this code greatly simplifies ssl3_write().

ok beck@ inoguchi@ sthen@ tb@

4 files changed, 8 insertions, 70 deletions

diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 52e0c524102..aa430ee9716 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.165 2018/03/15 12:27:00 jca Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.166 2018/04/07 16:55:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2524,56 +2524,13 @@ ssl3_shutdown(SSL *s)
 int
 ssl3_write(SSL *s, const void *buf, int len)
 {
-	int	ret, n;
-
-#if 0
-	if (s->internal->shutdown & SSL_SEND_SHUTDOWN) {
-		s->internal->rwstate = SSL_NOTHING;
-		return (0);
-	}
-#endif
 	errno = 0;
+
 	if (S3I(s)->renegotiate)
 		ssl3_renegotiate_check(s);
 
-	/*
-	 * This is an experimental flag that sends the
-	 * last handshake message in the same packet as the first
-	 * use data - used to see if it helps the TCP protocol during
-	 * session-id reuse
-	 */
-	/* The second test is because the buffer may have been removed */
-	if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
-		/* First time through, we write into the buffer */
-		if (S3I(s)->delay_buf_pop_ret == 0) {
-			ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA,
-			    buf, len);
-			if (ret <= 0)
-				return (ret);
-
-			S3I(s)->delay_buf_pop_ret = ret;
-		}
-
-		s->internal->rwstate = SSL_WRITING;
-		n = BIO_flush(s->wbio);
-		if (n <= 0)
-			return (n);
-		s->internal->rwstate = SSL_NOTHING;
-
-		/* We have flushed the buffer, so remove it */
-		ssl_free_wbio_buffer(s);
-		s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
-
-		ret = S3I(s)->delay_buf_pop_ret;
-		S3I(s)->delay_buf_pop_ret = 0;
-	} else {
-		ret = s->method->internal->ssl_write_bytes(s,
-		    SSL3_RT_APPLICATION_DATA, buf, len);
-		if (ret <= 0)
-			return (ret);
-	}
-
-	return (ret);
+	return s->method->internal->ssl_write_bytes(s,
+	    SSL3_RT_APPLICATION_DATA, buf, len);
 }
 
 static int
diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h
index 12ef56b5221..f8833fa1bbf 100644
--- a/lib/libssl/ssl3.h
+++ b/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.46 2017/08/28 17:36:58 jsing Exp $ */
+/* $OpenBSD: ssl3.h,v 1.47 2018/04/07 16:55:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -348,11 +348,7 @@ typedef struct ssl3_buffer_st {
  */
 #define SSL3_CT_NUMBER			11
 
-
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS	0x0001
-#define SSL3_FLAGS_DELAY_CLIENT_FINISHED	0x0002
-#define SSL3_FLAGS_POP_BUFFER			0x0004
-#define TLS1_FLAGS_TLS_PADDING_BUG		0x0
 #define TLS1_FLAGS_SKIP_CERT_VERIFY		0x0010
 #define TLS1_FLAGS_KEEP_HANDSHAKE		0x0020
 #define SSL3_FLAGS_CCS_OK			0x0080
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 10dbe83cd59..0ecbae46950 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.23 2018/02/08 11:30:30 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.24 2018/04/07 16:55:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -510,15 +510,8 @@ ssl3_connect(SSL *s)
 			S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
 
 			/* clear flags */
-			s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
 			if (s->internal->hit) {
 				S3I(s)->hs.next_state = SSL_ST_OK;
-				if (s->s3->flags &
-				    SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
-					S3I(s)->hs.state = SSL_ST_OK;
-					s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
-					S3I(s)->delay_buf_pop_ret = 0;
-				}
 			} else {
 				/* Allow NewSessionTicket if ticket expected */
 				if (s->internal->tlsext_ticket_expected)
@@ -595,13 +588,7 @@ ssl3_connect(SSL *s)
 				s->internal->init_buf = NULL;
 			}
 
-			/*
-			 * If we are not 'joining' the last two packets,
-			 * remove the buffering now
-			 */
-			if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
-				ssl_free_wbio_buffer(s);
-			/* else do it later in ssl3_write */
+			ssl_free_wbio_buffer(s);
 
 			s->internal->init_num = 0;
 			s->internal->renegotiate = 0;
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index d2a99afaa49..64c68e324f8 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.202 2018/01/27 15:30:05 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.203 2018/04/07 16:55:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -760,8 +760,6 @@ typedef struct ssl_internal_st {
 } SSL_INTERNAL;
 
 typedef struct ssl3_state_internal_st {
-	int delay_buf_pop_ret;
-
 	unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
 	int read_mac_secret_size;
 	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];