Fix dtls timeout dead code

Delete dtls timeout dead code in dtls1_handle_timeout

Fix: #15559

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/16151)

diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h
index 985e40972537f6589259d9465527ba70df0d7277..5dc6b5419c27521a460a417ddbde8700e3c22b1c 100644 (file)
--- a/include/openssl/dtls1.h
+++ b/include/openssl/dtls1.h
@@ -49,10 +49,6 @@ extern "C" {
 
 # define DTLS1_AL_HEADER_LENGTH                   2
 
-/* Timeout multipliers */
-# define DTLS1_TMO_READ_COUNT                      2
-# define DTLS1_TMO_WRITE_COUNT                     2
-
 # define DTLS1_TMO_ALERT_COUNT                     12
 
 #ifdef  __cplusplus

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index a986252866ba1a77f498426eaaba06fea57510ca..95a34093c91b0a3c74a95fe19ff074bc6e020dc2 100644 (file)
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -352,7 +352,7 @@ static void dtls1_double_timeout(SSL *s)
 void dtls1_stop_timer(SSL *s)
 {
     /* Reset everything */
-    memset(&s->d1->timeout, 0, sizeof(s->d1->timeout));
+    s->d1->timeout_num_alerts = 0;
     memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout));
     s->d1->timeout_duration_us = 1000000;
     BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
@@ -365,10 +365,10 @@ int dtls1_check_timeout_num(SSL *s)
 {
     size_t mtu;
 
-    s->d1->timeout.num_alerts++;
+    s->d1->timeout_num_alerts++;
 
     /* Reduce MTU after 2 unsuccessful retransmissions */
-    if (s->d1->timeout.num_alerts > 2
+    if (s->d1->timeout_num_alerts > 2
         && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
         mtu =
             BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
@@ -376,7 +376,7 @@ int dtls1_check_timeout_num(SSL *s)
             s->d1->mtu = mtu;
     }
 
-    if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
+    if (s->d1->timeout_num_alerts > DTLS1_TMO_ALERT_COUNT) {
         /* fail the connection, enough alerts have been sent */
         SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_READ_TIMEOUT_EXPIRED);
         return -1;
@@ -402,11 +402,6 @@ int dtls1_handle_timeout(SSL *s)
         return -1;
     }
 
-    s->d1->timeout.read_timeouts++;
-    if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
-        s->d1->timeout.read_timeouts = 1;
-    }
-
     dtls1_start_timer(s);
     /* Calls SSLfatal() if required */
     return dtls1_retransmit_buffered_messages(s);

diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index dd8231460208ce03b9deb4979f446a7c9a069c62..ce930491804824226ed7f0ceae688ce80c7c2fa3 100644 (file)
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -1862,15 +1862,6 @@ struct hm_header_st {
     struct dtls1_retransmit_state saved_retransmit_state;
 };
 
-struct dtls1_timeout_st {
-    /* Number of read timeouts so far */
-    unsigned int read_timeouts;
-    /* Number of write timeouts so far */
-    unsigned int write_timeouts;
-    /* Number of alerts received so far */
-    unsigned int num_alerts;
-};
-
 typedef struct hm_fragment_st {
     struct hm_header_st msg_header;
     unsigned char *fragment;
@@ -1916,7 +1907,8 @@ typedef struct dtls1_state_st {
     size_t mtu;           /* max DTLS packet size */
     struct hm_header_st w_msg_hdr;
     struct hm_header_st r_msg_hdr;
-    struct dtls1_timeout_st timeout;
+    /* Number of alerts received so far */
+    unsigned int timeout_num_alerts;
     /*
      * Indicates when the last handshake msg sent will timeout
      */