Nuke SSL3_FLAGS_DELAY_CLIENT_FINISHED and SSL3_FLAGS_POP_BUFFER.

These flags enabled experimental behaviour in the write path, which nothing uses. Removing this code greatly simplifies ssl3_write(). ok beck@ inoguchi@ sthen@ tb@
author: jsing <> 2018-04-07 16:55:13 +0000
committer: jsing <> 2018-04-07 16:55:13 +0000
commit: 0f219ed58669d704f7d68056ec8b402987e32858 (patch)
tree: cfbac1978ec7deef97b3d6117cc0b62d0009604c /src
parent: abb1c0eeef1b9e24cbf255fafa8bbb730e86f46d (diff)
download: openbsd-0f219ed58669d704f7d68056ec8b402987e32858.tar.gz
openbsd-0f219ed58669d704f7d68056ec8b402987e32858.tar.bz2
openbsd-0f219ed58669d704f7d68056ec8b402987e32858.zip
4 files changed, 8 insertions, 70 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 52e0c52410..aa430ee971 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.165 2018/03/15 12:27:00 jca Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.166 2018/04/07 16:55:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2524,56 +2524,13 @@ ssl3_shutdown(SSL *s)
 int
 ssl3_write(SSL *s, const void *buf, int len)
 {
-        int     ret, n;
-#if 0
-        if (s->internal->shutdown & SSL_SEND_SHUTDOWN) {
-                s->internal->rwstate = SSL_NOTHING;
-                return (0);
-        }
-#endif
        errno = 0;
        if (S3I(s)->renegotiate)
                ssl3_renegotiate_check(s);
-        /*
+        return s->method->internal->ssl_write_bytes(s,
-         * This is an experimental flag that sends the
+            SSL3_RT_APPLICATION_DATA, buf, len);
-         * last handshake message in the same packet as the first
-         * use data - used to see if it helps the TCP protocol during
-         * session-id reuse
-         */
-        /* The second test is because the buffer may have been removed */
-        if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
-                /* First time through, we write into the buffer */
-                if (S3I(s)->delay_buf_pop_ret == 0) {
-                        ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA,
-                            buf, len);
-                        if (ret <= 0)
-                                return (ret);
-                        S3I(s)->delay_buf_pop_ret = ret;
-                }
-                s->internal->rwstate = SSL_WRITING;
-                n = BIO_flush(s->wbio);
-                if (n <= 0)
-                        return (n);
-                s->internal->rwstate = SSL_NOTHING;
-                /* We have flushed the buffer, so remove it */
-                ssl_free_wbio_buffer(s);
-                s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
-                ret = S3I(s)->delay_buf_pop_ret;
-                S3I(s)->delay_buf_pop_ret = 0;
-        } else {
-                ret = s->method->internal->ssl_write_bytes(s,
-                    SSL3_RT_APPLICATION_DATA, buf, len);
-                if (ret <= 0)
-                        return (ret);
-        }
-        return (ret);
 }
 static int
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 12ef56b522..f8833fa1bb 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.46 2017/08/28 17:36:58 jsing Exp $ */
+/* $OpenBSD: ssl3.h,v 1.47 2018/04/07 16:55:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -348,11 +348,7 @@ typedef struct ssl3_buffer_st {
 */
 #define SSL3_CT_NUMBER                  11
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
-#define SSL3_FLAGS_DELAY_CLIENT_FINISHED        0x0002
-#define SSL3_FLAGS_POP_BUFFER                   0x0004
-#define TLS1_FLAGS_TLS_PADDING_BUG              0x0
 #define TLS1_FLAGS_SKIP_CERT_VERIFY             0x0010
 #define TLS1_FLAGS_KEEP_HANDSHAKE               0x0020
 #define SSL3_FLAGS_CCS_OK                       0x0080
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 10dbe83cd5..0ecbae4695 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.23 2018/02/08 11:30:30 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.24 2018/04/07 16:55:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -510,15 +510,8 @@ ssl3_connect(SSL *s)
                        S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
                        /* clear flags */
-                        s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
                        if (s->internal->hit) {
                                S3I(s)->hs.next_state = SSL_ST_OK;
-                                if (s->s3->flags &
-                                    SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
-                                        S3I(s)->hs.state = SSL_ST_OK;
-                                        s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
-                                        S3I(s)->delay_buf_pop_ret = 0;
-                                }
                        } else {
                                /* Allow NewSessionTicket if ticket expected */
                                if (s->internal->tlsext_ticket_expected)
@@ -595,13 +588,7 @@ ssl3_connect(SSL *s)
                                s->internal->init_buf = NULL;
                        }
-                        /*
+                        ssl_free_wbio_buffer(s);
-                         * If we are not 'joining' the last two packets,
-                         * remove the buffering now
-                         */
-                        if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
-                                ssl_free_wbio_buffer(s);
-                        /* else do it later in ssl3_write */
                        s->internal->init_num = 0;
                        s->internal->renegotiate = 0;
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index d2a99afaa4..64c68e324f 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.202 2018/01/27 15:30:05 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.203 2018/04/07 16:55:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -760,8 +760,6 @@ typedef struct ssl_internal_st {
 } SSL_INTERNAL;
 typedef struct ssl3_state_internal_st {
-        int delay_buf_pop_ret;
        unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
        int read_mac_secret_size;
        unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
author	jsing <>	2018-04-07 16:55:13 +0000
committer	jsing <>	2018-04-07 16:55:13 +0000
commit	0f219ed58669d704f7d68056ec8b402987e32858 (patch)
tree	cfbac1978ec7deef97b3d6117cc0b62d0009604c /src
parent	abb1c0eeef1b9e24cbf255fafa8bbb730e86f46d (diff)
download	openbsd-0f219ed58669d704f7d68056ec8b402987e32858.tar.gz openbsd-0f219ed58669d704f7d68056ec8b402987e32858.tar.bz2 openbsd-0f219ed58669d704f7d68056ec8b402987e32858.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 52e0c52410..aa430ee971 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.165 2018/03/15 12:27:00 jca Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.166 2018/04/07 16:55:13 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2524,56 +2524,13 @@ ssl3_shutdown(SSL *s)
2524	int	2524	int
2525	ssl3_write(SSL s, const void buf, int len)	2525	ssl3_write(SSL s, const void buf, int len)
2526	{	2526	{
2527	int ret, n;
2528
2529	#if 0
2530	if (s->internal->shutdown & SSL_SEND_SHUTDOWN) {
2531	s->internal->rwstate = SSL_NOTHING;
2532	return (0);
2533	}
2534	#endif
2535	errno = 0;	2527	errno = 0;
		2528
2536	if (S3I(s)->renegotiate)	2529	if (S3I(s)->renegotiate)
2537	ssl3_renegotiate_check(s);	2530	ssl3_renegotiate_check(s);
2538		2531
2539	/*	2532	return s->method->internal->ssl_write_bytes(s,
2540	* This is an experimental flag that sends the	2533	SSL3_RT_APPLICATION_DATA, buf, len);
2541	* last handshake message in the same packet as the first
2542	* use data - used to see if it helps the TCP protocol during
2543	* session-id reuse
2544	*/
2545	/* The second test is because the buffer may have been removed */
2546	if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
2547	/* First time through, we write into the buffer */
2548	if (S3I(s)->delay_buf_pop_ret == 0) {
2549	ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA,
2550	buf, len);
2551	if (ret <= 0)
2552	return (ret);
2553
2554	S3I(s)->delay_buf_pop_ret = ret;
2555	}
2556
2557	s->internal->rwstate = SSL_WRITING;
2558	n = BIO_flush(s->wbio);
2559	if (n <= 0)
2560	return (n);
2561	s->internal->rwstate = SSL_NOTHING;
2562
2563	/* We have flushed the buffer, so remove it */
2564	ssl_free_wbio_buffer(s);
2565	s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
2566
2567	ret = S3I(s)->delay_buf_pop_ret;
2568	S3I(s)->delay_buf_pop_ret = 0;
2569	} else {
2570	ret = s->method->internal->ssl_write_bytes(s,
2571	SSL3_RT_APPLICATION_DATA, buf, len);
2572	if (ret <= 0)
2573	return (ret);
2574	}
2575
2576	return (ret);
2577	}	2534	}
2578		2535
2579	static int	2536	static int


diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index 12ef56b522..f8833fa1bb 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl3.h,v 1.46 2017/08/28 17:36:58 jsing Exp $ */	1	/* $OpenBSD: ssl3.h,v 1.47 2018/04/07 16:55:13 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -348,11 +348,7 @@ typedef struct ssl3_buffer_st {
348	*/	348	*/
349	#define SSL3_CT_NUMBER 11	349	#define SSL3_CT_NUMBER 11
350		350
351
352	#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001	351	#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
353	#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
354	#define SSL3_FLAGS_POP_BUFFER 0x0004
355	#define TLS1_FLAGS_TLS_PADDING_BUG 0x0
356	#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010	352	#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
357	#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020	353	#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
358	#define SSL3_FLAGS_CCS_OK 0x0080	354	#define SSL3_FLAGS_CCS_OK 0x0080


diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 10dbe83cd5..0ecbae4695 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.23 2018/02/08 11:30:30 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.24 2018/04/07 16:55:13 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -510,15 +510,8 @@ ssl3_connect(SSL *s)
510	S3I(s)->hs.state = SSL3_ST_CW_FLUSH;	510	S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
511		511
512	/* clear flags */	512	/* clear flags */
513	s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
514	if (s->internal->hit) {	513	if (s->internal->hit) {
515	S3I(s)->hs.next_state = SSL_ST_OK;	514	S3I(s)->hs.next_state = SSL_ST_OK;
516	if (s->s3->flags &
517	SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
518	S3I(s)->hs.state = SSL_ST_OK;
519	s->s3->flags \|= SSL3_FLAGS_POP_BUFFER;
520	S3I(s)->delay_buf_pop_ret = 0;
521	}
522	} else {	515	} else {
523	/* Allow NewSessionTicket if ticket expected */	516	/* Allow NewSessionTicket if ticket expected */
524	if (s->internal->tlsext_ticket_expected)	517	if (s->internal->tlsext_ticket_expected)
@@ -595,13 +588,7 @@ ssl3_connect(SSL *s)
595	s->internal->init_buf = NULL;	588	s->internal->init_buf = NULL;
596	}	589	}
597		590
598	/*	591	ssl_free_wbio_buffer(s);
599	* If we are not 'joining' the last two packets,
600	* remove the buffering now
601	*/
602	if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
603	ssl_free_wbio_buffer(s);
604	/* else do it later in ssl3_write */
605		592
606	s->internal->init_num = 0;	593	s->internal->init_num = 0;
607	s->internal->renegotiate = 0;	594	s->internal->renegotiate = 0;


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index d2a99afaa4..64c68e324f 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.202 2018/01/27 15:30:05 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.203 2018/04/07 16:55:13 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -760,8 +760,6 @@ typedef struct ssl_internal_st {
760	} SSL_INTERNAL;	760	} SSL_INTERNAL;
761		761
762	typedef struct ssl3_state_internal_st {	762	typedef struct ssl3_state_internal_st {
763	int delay_buf_pop_ret;
764
765	unsigned char read_sequence[SSL3_SEQUENCE_SIZE];	763	unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
766	int read_mac_secret_size;	764	int read_mac_secret_size;
767	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];	765	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];