From 24fcfc985317e1133b3873c6895127aafdc5acca Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Sat, 7 Apr 2018 16:55:14 +0000 Subject: Nuke SSL3_FLAGS_DELAY_CLIENT_FINISHED and SSL3_FLAGS_POP_BUFFER. These flags enabled experimental behaviour in the write path, which nothing uses. Removing this code greatly simplifies ssl3_write(). ok beck@ inoguchi@ sthen@ tb@ --- lib/libssl/s3_lib.c | 51 ++++----------------------------------------------- lib/libssl/ssl3.h | 6 +----- lib/libssl/ssl_clnt.c | 17 ++--------------- lib/libssl/ssl_locl.h | 4 +--- 4 files changed, 8 insertions(+), 70 deletions(-) (limited to 'lib/libssl') diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 52e0c524102..aa430ee9716 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.165 2018/03/15 12:27:00 jca Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.166 2018/04/07 16:55:13 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2524,56 +2524,13 @@ ssl3_shutdown(SSL *s) int ssl3_write(SSL *s, const void *buf, int len) { - int ret, n; - -#if 0 - if (s->internal->shutdown & SSL_SEND_SHUTDOWN) { - s->internal->rwstate = SSL_NOTHING; - return (0); - } -#endif errno = 0; + if (S3I(s)->renegotiate) ssl3_renegotiate_check(s); - /* - * This is an experimental flag that sends the - * last handshake message in the same packet as the first - * use data - used to see if it helps the TCP protocol during - * session-id reuse - */ - /* The second test is because the buffer may have been removed */ - if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { - /* First time through, we write into the buffer */ - if (S3I(s)->delay_buf_pop_ret == 0) { - ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, - buf, len); - if (ret <= 0) - return (ret); - - S3I(s)->delay_buf_pop_ret = ret; - } - - s->internal->rwstate = SSL_WRITING; - n = BIO_flush(s->wbio); - if (n <= 0) - return (n); - s->internal->rwstate = SSL_NOTHING; - - /* We have flushed the buffer, so remove it */ - ssl_free_wbio_buffer(s); - s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; - - ret = S3I(s)->delay_buf_pop_ret; - S3I(s)->delay_buf_pop_ret = 0; - } else { - ret = s->method->internal->ssl_write_bytes(s, - SSL3_RT_APPLICATION_DATA, buf, len); - if (ret <= 0) - return (ret); - } - - return (ret); + return s->method->internal->ssl_write_bytes(s, + SSL3_RT_APPLICATION_DATA, buf, len); } static int diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h index 12ef56b5221..f8833fa1bbf 100644 --- a/lib/libssl/ssl3.h +++ b/lib/libssl/ssl3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl3.h,v 1.46 2017/08/28 17:36:58 jsing Exp $ */ +/* $OpenBSD: ssl3.h,v 1.47 2018/04/07 16:55:13 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -348,11 +348,7 @@ typedef struct ssl3_buffer_st { */ #define SSL3_CT_NUMBER 11 - #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 -#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 -#define SSL3_FLAGS_POP_BUFFER 0x0004 -#define TLS1_FLAGS_TLS_PADDING_BUG 0x0 #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 #define SSL3_FLAGS_CCS_OK 0x0080 diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index 10dbe83cd59..0ecbae46950 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.23 2018/02/08 11:30:30 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.24 2018/04/07 16:55:13 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -510,15 +510,8 @@ ssl3_connect(SSL *s) S3I(s)->hs.state = SSL3_ST_CW_FLUSH; /* clear flags */ - s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; if (s->internal->hit) { S3I(s)->hs.next_state = SSL_ST_OK; - if (s->s3->flags & - SSL3_FLAGS_DELAY_CLIENT_FINISHED) { - S3I(s)->hs.state = SSL_ST_OK; - s->s3->flags |= SSL3_FLAGS_POP_BUFFER; - S3I(s)->delay_buf_pop_ret = 0; - } } else { /* Allow NewSessionTicket if ticket expected */ if (s->internal->tlsext_ticket_expected) @@ -595,13 +588,7 @@ ssl3_connect(SSL *s) s->internal->init_buf = NULL; } - /* - * If we are not 'joining' the last two packets, - * remove the buffering now - */ - if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) - ssl_free_wbio_buffer(s); - /* else do it later in ssl3_write */ + ssl_free_wbio_buffer(s); s->internal->init_num = 0; s->internal->renegotiate = 0; diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index d2a99afaa49..64c68e324f8 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.202 2018/01/27 15:30:05 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.203 2018/04/07 16:55:13 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -760,8 +760,6 @@ typedef struct ssl_internal_st { } SSL_INTERNAL; typedef struct ssl3_state_internal_st { - int delay_buf_pop_ret; - unsigned char read_sequence[SSL3_SEQUENCE_SIZE]; int read_mac_secret_size; unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; -- cgit v1.2.3