DTLS1_AD_MISSING_HANDSHAKE_MESSAGE does not exist. This code isn't compiled in. It seems there was some half-baked logic for a 7-byte alert that includes more information about handshake messages retransmit. No such alert exists, and the code had a FIXME anyway. If it gets resurrected in DTLS 1.3 or some extension, we can deal with it then. Change-Id: I8784ea8ee44bb8da4b0fe5d5d507997526557432 Reviewed-on: https://boringssl-review.googlesource.com/2121 Reviewed-by: Adam Langley <agl@google.com>

commit: a0ca1b742f426abd879adea8567fa1c9a774447e [log] [tgz]
author: David Benjamin <davidben@chromium.org> Sat Nov 01 12:33:15 2014 -0400
committer: Adam Langley <agl@google.com> Tue Nov 04 00:26:01 2014 +0000
tree: 674b6eee6de1bf0579b9bcb700f10c4703ddd9e3
parent: be700c6328157c722cbfe96b08a39a8e71b05d07 [diff]
diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h
index 5aef0c4..a9e3ada 100644
--- a/include/openssl/dtls1.h
+++ b/include/openssl/dtls1.h

@@ -72,11 +72,6 @@
 /* Special value for method supporting multiple versions */
 #define DTLS_ANY_VERSION		0x1FFFF
 
-#if 0
-/* this alert description is not specified anywhere... */
-#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110
-#endif
-
 /* lengths of messages */
 #define DTLS1_COOKIE_LENGTH                     256
 
@@ -89,11 +84,7 @@
 
 #define DTLS1_CCS_HEADER_LENGTH                  1
 
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-#define DTLS1_AL_HEADER_LENGTH                   7
-#else
 #define DTLS1_AL_HEADER_LENGTH                   2
-#endif
 
 #ifndef OPENSSL_NO_SSL_INTERN
 

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 8b225e5..82d4a86 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c

@@ -992,21 +992,6 @@
 		return code;
 		}
 
-#if 0 /* for now, each alert contains only one record number */
-	item = pqueue_peek(state->rcvd_records);
-	if ( item )
-		{
-		/* send an alert immediately for all the missing records */
-		}
-	else
-#endif
-
-#if 0  /* no more alert sending, just retransmit the last set of messages */
-	if ( state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
-		ssl3_send_alert(s,SSL3_AL_WARNING,
-			DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
-#endif
-
 	return dtls1_handle_timeout(s);
 	}
 

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index e2855b8..ee13028 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c

@@ -918,14 +918,6 @@
              *  may be fragmented--don't always expect dest_maxlen bytes */
 			if ( rr->length < dest_maxlen)
 				{
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-				/*
-				 * for normal alerts rr->length is 2, while
-				 * dest_maxlen is 7 if we were to handle this
-				 * non-existing alert...
-				 */
-				FIX ME
-#endif
 				s->rstate=SSL_ST_READ_HEADER;
 				rr->length = 0;
 				goto start;
@@ -1038,31 +1030,6 @@
 				s->shutdown |= SSL_RECEIVED_SHUTDOWN;
 				return(0);
 				}
-#if 0
-            /* XXX: this is a possible improvement in the future */
-			/* now check if it's a missing record */
-			if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
-				{
-				unsigned short seq;
-				unsigned int frag_off;
-				unsigned char *p = &(s->d1->alert_fragment[2]);
-
-				n2s(p, seq);
-				n2l3(p, frag_off);
-
-				dtls1_retransmit_message(s,
-										 dtls1_get_queue_priority(frag->msg_header.seq, 0),
-										 frag_off, &found);
-				if ( ! found  && SSL_in_init(s))
-					{
-					/* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */
-					/* requested a message not yet sent, 
-					   send an alert ourselves */
-					ssl3_send_alert(s,SSL3_AL_WARNING,
-						DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
-					}
-				}
-#endif
 			}
 		else if (alert_level == 2) /* fatal */
 			{
@@ -1577,24 +1544,6 @@
 	*ptr++ = s->s3->send_alert[0];
 	*ptr++ = s->s3->send_alert[1];
 
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-	if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
-		{	
-		s2n(s->d1->handshake_read_seq, ptr);
-#if 0
-		if ( s->d1->r_msg_hdr.frag_off == 0)  /* waiting for a new msg */
-
-		else
-			s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */
-#endif
-
-#if 0
-		fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",s->d1->handshake_read_seq,s->d1->r_msg_hdr.seq);
-#endif
-		l2n3(s->d1->r_msg_hdr.frag_off, ptr);
-		}
-#endif
-
 	i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf));
 	if (i <= 0)
 		{
@@ -1603,11 +1552,7 @@
 		}
 	else
 		{
-		if (s->s3->send_alert[0] == SSL3_AL_FATAL
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-		    || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-#endif
-		    )
+		if (s->s3->send_alert[0] == SSL3_AL_FATAL)
 			(void)BIO_flush(s->wbio);
 
 		if (s->msg_callback)

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 0a4e088..77120c4 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c

@@ -1407,10 +1407,6 @@
 	case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
 	case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
 	case SSL_AD_INAPPROPRIATE_FALLBACK:return(SSL3_AD_INAPPROPRIATE_FALLBACK);
-#if 0 /* not appropriate for TLS, not used for DTLS */
-	case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return 
-					  (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
-#endif
 	default:			return(-1);
 		}
 	}
commit	a0ca1b742f426abd879adea8567fa1c9a774447e	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Sat Nov 01 12:33:15 2014 -0400
committer	Adam Langley <agl@google.com>	Tue Nov 04 00:26:01 2014 +0000
tree	674b6eee6de1bf0579b9bcb700f10c4703ddd9e3
parent	be700c6328157c722cbfe96b08a39a8e71b05d07 [diff]