diff options
author | David Benjamin <davidben@chromium.org> | 2014-11-01 12:33:15 -0400 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2014-11-04 00:26:01 +0000 |
commit | a0ca1b742f426abd879adea8567fa1c9a774447e (patch) | |
tree | 674b6eee6de1bf0579b9bcb700f10c4703ddd9e3 | |
parent | be700c6328157c722cbfe96b08a39a8e71b05d07 (diff) | |
download | src-a0ca1b742f426abd879adea8567fa1c9a774447e.tar.gz |
DTLS1_AD_MISSING_HANDSHAKE_MESSAGE does not exist.
This code isn't compiled in. It seems there was some half-baked logic for a
7-byte alert that includes more information about handshake messages
retransmit.
No such alert exists, and the code had a FIXME anyway. If it gets resurrected
in DTLS 1.3 or some extension, we can deal with it then.
Change-Id: I8784ea8ee44bb8da4b0fe5d5d507997526557432
Reviewed-on: https://boringssl-review.googlesource.com/2121
Reviewed-by: Adam Langley <agl@google.com>
-rw-r--r-- | include/openssl/dtls1.h | 9 | ||||
-rw-r--r-- | ssl/d1_both.c | 15 | ||||
-rw-r--r-- | ssl/d1_pkt.c | 57 | ||||
-rw-r--r-- | ssl/t1_enc.c | 4 |
4 files changed, 1 insertions, 84 deletions
diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h index 5aef0c4..a9e3ada 100644 --- a/include/openssl/dtls1.h +++ b/include/openssl/dtls1.h @@ -72,11 +72,6 @@ extern "C" { /* Special value for method supporting multiple versions */ #define DTLS_ANY_VERSION 0x1FFFF -#if 0 -/* this alert description is not specified anywhere... */ -#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 -#endif - /* lengths of messages */ #define DTLS1_COOKIE_LENGTH 256 @@ -89,11 +84,7 @@ extern "C" { #define DTLS1_CCS_HEADER_LENGTH 1 -#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE -#define DTLS1_AL_HEADER_LENGTH 7 -#else #define DTLS1_AL_HEADER_LENGTH 2 -#endif #ifndef OPENSSL_NO_SSL_INTERN diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 8b225e5..82d4a86 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -992,21 +992,6 @@ int dtls1_read_failed(SSL *s, int code) return code; } -#if 0 /* for now, each alert contains only one record number */ - item = pqueue_peek(state->rcvd_records); - if ( item ) - { - /* send an alert immediately for all the missing records */ - } - else -#endif - -#if 0 /* no more alert sending, just retransmit the last set of messages */ - if ( state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT) - ssl3_send_alert(s,SSL3_AL_WARNING, - DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); -#endif - return dtls1_handle_timeout(s); } diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index e2855b8..ee13028 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -918,14 +918,6 @@ start: * may be fragmented--don't always expect dest_maxlen bytes */ if ( rr->length < dest_maxlen) { -#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE - /* - * for normal alerts rr->length is 2, while - * dest_maxlen is 7 if we were to handle this - * non-existing alert... - */ - FIX ME -#endif s->rstate=SSL_ST_READ_HEADER; rr->length = 0; goto start; @@ -1038,31 +1030,6 @@ start: s->shutdown |= SSL_RECEIVED_SHUTDOWN; return(0); } -#if 0 - /* XXX: this is a possible improvement in the future */ - /* now check if it's a missing record */ - if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) - { - unsigned short seq; - unsigned int frag_off; - unsigned char *p = &(s->d1->alert_fragment[2]); - - n2s(p, seq); - n2l3(p, frag_off); - - dtls1_retransmit_message(s, - dtls1_get_queue_priority(frag->msg_header.seq, 0), - frag_off, &found); - if ( ! found && SSL_in_init(s)) - { - /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */ - /* requested a message not yet sent, - send an alert ourselves */ - ssl3_send_alert(s,SSL3_AL_WARNING, - DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); - } - } -#endif } else if (alert_level == 2) /* fatal */ { @@ -1577,24 +1544,6 @@ int dtls1_dispatch_alert(SSL *s) *ptr++ = s->s3->send_alert[0]; *ptr++ = s->s3->send_alert[1]; -#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE - if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) - { - s2n(s->d1->handshake_read_seq, ptr); -#if 0 - if ( s->d1->r_msg_hdr.frag_off == 0) /* waiting for a new msg */ - - else - s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */ -#endif - -#if 0 - fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",s->d1->handshake_read_seq,s->d1->r_msg_hdr.seq); -#endif - l2n3(s->d1->r_msg_hdr.frag_off, ptr); - } -#endif - i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf)); if (i <= 0) { @@ -1603,11 +1552,7 @@ int dtls1_dispatch_alert(SSL *s) } else { - if (s->s3->send_alert[0] == SSL3_AL_FATAL -#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE - || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE -#endif - ) + if (s->s3->send_alert[0] == SSL3_AL_FATAL) (void)BIO_flush(s->wbio); if (s->msg_callback) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 0a4e088..77120c4 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -1407,10 +1407,6 @@ int tls1_alert_code(int code) case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); case SSL_AD_INAPPROPRIATE_FALLBACK:return(SSL3_AD_INAPPROPRIATE_FALLBACK); -#if 0 /* not appropriate for TLS, not used for DTLS */ - case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return - (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); -#endif default: return(-1); } } |