Commit 0386aad1 authored by Matt Caswell's avatar Matt Caswell
Browse files

Remove use of the SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag 



This flag is never set by anything so remove it.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
parent 97997489

include/openssl/ssl3.h

+1 −0
Original line number Diff line number Diff line
@@ -256,6 +256,7 @@ extern "C" { 
 */

# define SSL3_CT_NUMBER                  9



/* No longer used as of OpenSSL 1.1.1 */

# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001



/* Removed from OpenSSL 1.1.0 */

ssl/record/rec_layer_d1.c

+1 −3
Original line number Diff line number Diff line
@@ -657,7 +657,6 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, 
                            s->msg_callback_arg);



        if (SSL_is_init_finished(s) &&

            !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&

            !s->s3->renegotiate) {

            s->d1->handshake_read_seq++;

            s->new_session = 1;
@@ -838,8 +837,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, 
            goto start;

        }



        if (SSL_is_init_finished(s) &&

            !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {

        if (SSL_is_init_finished(s)) {

            ossl_statem_set_in_init(s, 1);

            s->renegotiate = 1;

            s->new_session = 1;

ssl/record/rec_layer_s3.c

+9 −6
Original line number Diff line number Diff line
@@ -1390,6 +1390,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, 
    /* If we are a client, check for an incoming 'Hello Request': */

    if ((!s->server) &&

        (s->rlayer.handshake_fragment_len >= 4) &&

        !SSL_IS_TLS13(s) &&

        (s->rlayer.handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&

        (s->session != NULL) && (s->session->cipher != NULL)) {

        s->rlayer.handshake_fragment_len = 0;
@@ -1408,7 +1409,6 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, 
                            s->msg_callback_arg);



        if (SSL_is_init_finished(s) &&

            !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&

            !s->s3->renegotiate) {

            ssl3_renegotiate(s);

            if (ssl3_renegotiate_check(s)) {
@@ -1459,6 +1459,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, 
        SSL_is_init_finished(s) &&

        !s->s3->send_connection_binding &&

        (s->version > SSL3_VERSION) &&

        !SSL_IS_TLS13(s) &&

        (s->rlayer.handshake_fragment_len >= 4) &&

        (s->rlayer.handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&

        (s->session != NULL) && (s->session->cipher != NULL) &&
@@ -1557,16 +1558,18 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, 
    }



    /*

     * Unexpected handshake message (Client Hello, or protocol violation)

     * Unexpected handshake message (Client Hello, NewSessionTicket (TLS1.3) or

     * protocol violation)

     */

    if ((s->rlayer.handshake_fragment_len >= 4)

        && !ossl_statem_get_in_handshake(s)) {

        if (SSL_is_init_finished(s) &&

            !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {

        if (SSL_is_init_finished(s)) {

            ossl_statem_set_in_init(s, 1);

            if (!SSL_IS_TLS13(s)) {

                s->renegotiate = 1;

                s->new_session = 1;

            }

        }

        i = s->handshake_func(s);

        if (i < 0)

            return i;

ssl/s3_lib.c

+0 −3
Original line number Diff line number Diff line
@@ -3874,9 +3874,6 @@ int ssl3_renegotiate(SSL *s) 
    if (s->handshake_func == NULL)

        return (1);



    if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)

        return (0);



    s->s3->renegotiate = 1;

    return (1);

}

ssl/statem/statem.c

+45 −39
Original line number Diff line number Diff line
@@ -107,6 +107,7 @@ void ossl_statem_set_renegotiate(SSL *s) 
{

    s->statem.state = MSG_FLOW_RENEGOTIATE;

    s->statem.in_init = 1;

    s->statem.request_state = TLS_ST_SW_HELLO_REQ;

}



/*
@@ -259,9 +260,12 @@ static int state_machine(SSL *s, int server) 
            s->ctx->stats.sess_connect_renegotiate++;

    }



    if (st->state == MSG_FLOW_UNINITED || st->state == MSG_FLOW_RENEGOTIATE) {

    if (st->state == MSG_FLOW_UNINITED

            || st->state == MSG_FLOW_RENEGOTIATE

            || st->state == MSG_FLOW_FINISHED) {

        if (st->state == MSG_FLOW_UNINITED) {

            st->hand_state = TLS_ST_BEFORE;

            st->request_state = TLS_ST_BEFORE;

        }



        s->server = server;
@@ -318,6 +322,7 @@ static int state_machine(SSL *s, int server) 
                goto end;

            }



        if (!SSL_IS_TLS13(s)) {

            if (!server || st->state != MSG_FLOW_RENEGOTIATE) {

                if (!ssl3_init_finished_mac(s)) {

                    ossl_statem_set_error(s);
@@ -346,9 +351,9 @@ static int state_machine(SSL *s, int server) 
                     * HelloRequest

                     */

                    s->ctx->stats.sess_accept_renegotiate++;

            }



                    s->s3->tmp.cert_request = 0;

                }

            } else {

                s->ctx->stats.sess_connect++;
@@ -363,9 +368,11 @@ static int state_machine(SSL *s, int server) 
                }

            }



            st->read_state_first_init = 1;

        }



        st->state = MSG_FLOW_WRITING;

        init_write_state_machine(s);

        st->read_state_first_init = 1;

    }



    while (st->state != MSG_FLOW_FINISHED) {
@@ -396,7 +403,6 @@ static int state_machine(SSL *s, int server) 
        }

    }



    st->state = MSG_FLOW_UNINITED;

    ret = 1;



 end: