dead code cleanup: #if 0 in ssl (9e9858d1) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/bio_ssl.c

+0 −12

Original line number	Diff line number	Diff line
		@@ -150,18 +150,6 @@ static int ssl_read(BIO b, char out, int outl)

		BIO_clear_retry_flags(b);

		#if 0
		if (!SSL_is_init_finished(ssl)) {
		/* ret=SSL_do_handshake(ssl); */
		if (ret > 0) {

		outflags = (BIO_FLAGS_READ \| BIO_FLAGS_SHOULD_RETRY);
		ret = -1;
		goto end;
		}
		}
		#endif
		/* if (ret > 0) */
		ret = SSL_read(ssl, out, outl);

		switch (SSL_get_error(ssl, ret)) {

ssl/d1_both.c

+0 −27

Original line number	Diff line number	Diff line
		@@ -144,14 +144,6 @@
		if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
		if (bitmask[ii] != 0xff) { is_complete = 0; break; } }

		#if 0
		# define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \
		long ii; \
		printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \
		printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \
		printf("\n"); }
		#endif

		static unsigned char bitmask_start_values[] =
		{ 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 };
		static unsigned char bitmask_end_values[] =
		@@ -1031,20 +1023,6 @@ int dtls1_read_failed(SSL *s, int code)
		BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
		return code;
		}
		#if 0 /* for now, each alert contains only one
		* record number */
		item = pqueue_peek(state->rcvd_records);
		if (item) {
		/* send an alert immediately for all the missing records */
		} else
		#endif

		#if 0 /* no more alert sending, just retransmit the
		* last set of messages */
		if (state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
		ssl3_send_alert(s, SSL3_AL_WARNING,
		DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
		#endif

		return dtls1_handle_timeout(s);
		}
		@@ -1144,11 +1122,6 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
		dtls1_hm_fragment_free(frag);
		return 0;
		}
		#if 0
		fprintf(stderr, "buffered messge: \ttype = %xx\n", msg_buf->type);
		fprintf(stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len);
		fprintf(stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);
		#endif

		pqueue_insert(s->d1->sent_messages, item);
		return 1;

ssl/d1_clnt.c

+0 −17

Original line number	Diff line number	Diff line
		@@ -714,13 +714,6 @@ int dtls1_connect(SSL *s)
		/* clean a few things up */
		ssl3_cleanup_key_block(s);

		#if 0
		if (s->init_buf != NULL) {
		BUF_MEM_free(s->init_buf);
		s->init_buf = NULL;
		}
		#endif

		/*
		* If we are not 'joining' the last two packets, remove the
		* buffering now
		@@ -816,16 +809,6 @@ static int dtls1_get_hello_verify(SSL *s)
		}

		data = (unsigned char *)s->init_msg;
		#if 0
		if (s->method->version != DTLS_ANY_VERSION &&
		((data[0] != (s->version >> 8)) \|\| (data[1] != (s->version & 0xff))))
		{
		SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION);
		s->version = (s->version & 0xff00) \| data[1];
		al = SSL_AD_PROTOCOL_VERSION;
		goto f_err;
		}
		#endif
		data += 2;

		cookie_len = *(data++);

ssl/d1_pkt.c

+0 −173

Original line number	Diff line number	Diff line
		@@ -187,11 +187,6 @@ static int dtls1_record_replay_check(SSL s, DTLS1_BITMAP bitmap);
		static void dtls1_record_bitmap_update(SSL s, DTLS1_BITMAP bitmap);
		static DTLS1_BITMAP dtls1_get_bitmap(SSL s, SSL3_RECORD *rr,
		unsigned int *is_next_epoch);
		#if 0
		static int dtls1_record_needs_buffering(SSL s, SSL3_RECORD rr,
		unsigned short *priority,
		unsigned long *offset);
		#endif
		static int dtls1_buffer_record(SSL s, record_pqueue q,
		unsigned char *priority);
		static int dtls1_process_record(SSL *s);
		@@ -347,50 +342,6 @@ static int dtls1_process_buffered_records(SSL *s)
		return (1);
		}

		#if 0

		static int dtls1_get_buffered_record(SSL *s)
		{
		pitem *item;
		PQ_64BIT priority =
		(((PQ_64BIT) s->d1->handshake_read_seq) << 32) \|
		((PQ_64BIT) s->d1->r_msg_hdr.frag_off);

		/* if we're not (re)negotiating, nothing buffered */
		if (!SSL_in_init(s))
		return 0;

		item = pqueue_peek(s->d1->rcvd_records);
		if (item && item->priority == priority) {
		/*
		* Check if we've received the record of interest. It must be a
		* handshake record, since data records as passed up without
		* buffering
		*/
		DTLS1_RECORD_DATA *rdata;
		item = pqueue_pop(s->d1->rcvd_records);
		rdata = (DTLS1_RECORD_DATA *)item->data;

		if (s->s3->rbuf.buf != NULL)
		OPENSSL_free(s->s3->rbuf.buf);

		s->packet = rdata->packet;
		s->packet_length = rdata->packet_length;
		memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
		memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));

		OPENSSL_free(item->data);
		pitem_free(item);

		/* s->d1->next_expected_seq_num++; */
		return (1);
		}

		return 0;
		}

		#endif

		static int dtls1_process_record(SSL *s)
		{
		int i, al;
		@@ -1302,15 +1253,7 @@ int dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)

		if (((s->state & SSL_ST_MASK) == SSL_ST_OK) &&
		!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
		#if 0 /* worked only because C operator preferences
		* are not as expected (and because this is
		* not really needed for clients except for
		* detecting protocol violations): */
		s->state = SSL_ST_BEFORE \| (s->server)
		? SSL_ST_ACCEPT : SSL_ST_CONNECT;
		#else
		s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
		#endif
		s->renegotiate = 1;
		s->new_session = 1;
		}
		@@ -1526,41 +1469,6 @@ int do_dtls1_write(SSL s, int type, const unsigned char buf,
		goto err;
		}

		/* DTLS implements explicit IV, so no need for empty fragments */
		#if 0
		/*
		* 'create_empty_fragment' is true only when this function calls itself
		*/
		if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
		&& SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
		{
		/*
		* countermeasure against known-IV weakness in CBC ciphersuites (see
		* http://www.openssl.org/~bodo/tls-cbc.txt)
		*/

		if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
		/*
		* recursive function call with 'create_empty_fragment' set; this
		* prepares and buffers the data for an empty fragment (these
		* 'prefix_len' bytes are sent out later together with the actual
		* payload)
		*/
		prefix_len = s->method->do_ssl_write(s, type, buf, 0, 1);
		if (prefix_len <= 0)
		goto err;

		if (s->s3->wbuf.len <
		(size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) {
		/* insufficient space */
		SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
		goto err;
		}
		}

		s->s3->empty_fragment_done = 1;
		}
		#endif
		p = wb->buf + prefix_len;

		/* write the header */
		@@ -1672,13 +1580,6 @@ int do_dtls1_write(SSL s, int type, const unsigned char buf,
		wr->type = type; /* not needed but helps for debugging */
		wr->length += DTLS1_RT_HEADER_LENGTH;

		#if 0 /* this is now done at the message layer */
		/* buffer the record, making it easy to handle retransmits */
		if (type == SSL3_RT_HANDSHAKE \|\| type == SSL3_RT_CHANGE_CIPHER_SPEC)
		dtls1_buffer_record(s, wr->data, wr->length,
		((PQ_64BIT ) & (s->s3->write_sequence[0])));
		#endif

		ssl3_record_sequence_update(&(s->s3->write_sequence[0]));

		if (create_empty_fragment) {
		@@ -1766,20 +1667,6 @@ int dtls1_dispatch_alert(SSL *s)
		#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
		if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
		s2n(s->d1->handshake_read_seq, ptr);
		# if 0
		if (s->d1->r_msg_hdr.frag_off == 0)
		/*
		* waiting for a new msg
		*/
		else
		s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */
		# endif

		# if 0
		fprintf(stderr,
		"s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",
		s->d1->handshake_read_seq, s->d1->r_msg_hdr.seq);
		# endif
		l2n3(s->d1->r_msg_hdr.frag_off, ptr);
		}
		#endif
		@@ -1833,66 +1720,6 @@ static DTLS1_BITMAP dtls1_get_bitmap(SSL s, SSL3_RECORD *rr,
		return NULL;
		}

		#if 0
		static int
		dtls1_record_needs_buffering(SSL s, SSL3_RECORD rr,
		unsigned short priority, unsigned long offset)
		{

		/* alerts are passed up immediately */
		if (rr->type == SSL3_RT_APPLICATION_DATA \|\| rr->type == SSL3_RT_ALERT)
		return 0;

		/*
		* Only need to buffer if a handshake is underway. (this implies that
		* Hello Request and Client Hello are passed up immediately)
		*/
		if (SSL_in_init(s)) {
		unsigned char *data = rr->data;
		/* need to extract the HM/CCS sequence number here */
		if (rr->type == SSL3_RT_HANDSHAKE \|\|
		rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
		unsigned short seq_num;
		struct hm_header_st msg_hdr;
		struct ccs_header_st ccs_hdr;

		if (rr->type == SSL3_RT_HANDSHAKE) {
		dtls1_get_message_header(data, &msg_hdr);
		seq_num = msg_hdr.seq;
		*offset = msg_hdr.frag_off;
		} else {
		dtls1_get_ccs_header(data, &ccs_hdr);
		seq_num = ccs_hdr.seq;
		*offset = 0;
		}

		/*
		* this is either a record we're waiting for, or a retransmit of
		* something we happened to previously receive (higher layers
		* will drop the repeat silently
		*/
		if (seq_num < s->d1->handshake_read_seq)
		return 0;
		if (rr->type == SSL3_RT_HANDSHAKE &&
		seq_num == s->d1->handshake_read_seq &&
		msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off)
		return 0;
		else if (seq_num == s->d1->handshake_read_seq &&
		(rr->type == SSL3_RT_CHANGE_CIPHER_SPEC \|\|
		msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off))
		return 0;
		else {
		*priority = seq_num;
		return 1;
		}
		} else /* unknown record type */
		return 0;
		}

		return 0;
		}
		#endif

		void dtls1_reset_seq_numbers(SSL *s, int rw)
		{
		unsigned char *seq;

ssl/d1_srtp.c

+0 −10

Original line number	Diff line number	Diff line
		@@ -129,16 +129,6 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
		"SRTP_AES128_CM_SHA1_32",
		SRTP_AES128_CM_SHA1_32,
		},
		# if 0
		{
		"SRTP_NULL_SHA1_80",
		SRTP_NULL_SHA1_80,
		},
		{
		"SRTP_NULL_SHA1_32",
		SRTP_NULL_SHA1_32,
		},
		# endif
		{0}
		};