diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2015-02-09 10:53:29 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2015-02-09 10:53:29 +0000 |
| commit | a725554be70ff9ce930ed2c9c3865e280b509385 (patch) | |
| tree | 462c658ed2647e48e5774f87c092a22c37b161e5 /lib/libssl/d1_srvr.c | |
| parent | 2088aa64921b23b77a9a29e73b29a501f5a72bc8 (diff) | |
Jettison DTLS over SCTP.
OpenBSD does not have SCTP support and it sees little use in the wild.
OPENSSL_NO_SCTP is already specified via opensslfeatures.h, hence this
is a code removal only and symbols should remain unchanged.
ok beck@ miod@ tedu@
Diffstat (limited to 'lib/libssl/d1_srvr.c')
| -rw-r--r-- | lib/libssl/d1_srvr.c | 131 |
1 files changed, 1 insertions, 130 deletions
diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c index 1c732c5b085..4e6d0da3b39 100644 --- a/lib/libssl/d1_srvr.c +++ b/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.48 2015/02/07 08:56:39 jsing Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.49 2015/02/09 10:53:28 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -182,10 +182,6 @@ dtls1_accept(SSL *s) int ret = -1; int new_state, state, skip = 0; int listen; -#ifndef OPENSSL_NO_SCTP - unsigned char sctpauthkey[64]; - char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; -#endif ERR_clear_error(); errno = 0; @@ -203,14 +199,6 @@ dtls1_accept(SSL *s) SSL_clear(s); s->d1->listen = listen; -#ifndef OPENSSL_NO_SCTP - /* Notify SCTP BIO socket to enter handshake - * mode and prevent stream identifier other - * than 0. Will be ignored if no SCTP is used. - */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, - s->in_handshake, NULL); -#endif if (s->cert == NULL) { SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET); @@ -266,9 +254,6 @@ dtls1_accept(SSL *s) * the output is sent in a way that TCP likes :-) * ...but not with SCTP :-) */ -#ifndef OPENSSL_NO_SCTP - if (!BIO_dgram_is_sctp(SSL_get_wbio(s))) -#endif if (!ssl_init_wbio_buffer(s, 1)) { ret = -1; goto end; @@ -368,40 +353,6 @@ dtls1_accept(SSL *s) } break; -#ifndef OPENSSL_NO_SCTP - case DTLS1_SCTP_ST_SR_READ_SOCK: - - if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) { - s->s3->in_read_app_data = 2; - s->rwstate = SSL_READING; - BIO_clear_retry_flags(SSL_get_rbio(s)); - BIO_set_retry_read(SSL_get_rbio(s)); - ret = -1; - goto end; - } - - s->state = SSL3_ST_SR_FINISHED_A; - break; - - case DTLS1_SCTP_ST_SW_WRITE_SOCK: - ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); - if (ret < 0) - goto end; - - if (ret == 0) { - if (s->d1->next_state != SSL_ST_OK) { - s->s3->in_read_app_data = 2; - s->rwstate = SSL_READING; - BIO_clear_retry_flags(SSL_get_rbio(s)); - BIO_set_retry_read(SSL_get_rbio(s)); - ret = -1; - goto end; - } - } - - s->state = s->d1->next_state; - break; -#endif case SSL3_ST_SW_SRVR_HELLO_A: case SSL3_ST_SW_SRVR_HELLO_B: @@ -412,22 +363,6 @@ dtls1_accept(SSL *s) goto end; if (s->hit) { -#ifndef OPENSSL_NO_SCTP - /* Add new shared key for SCTP-Auth, - * will be ignored if no SCTP used. - */ - snprintf((char*)labelbuffer, - sizeof(DTLS1_SCTP_AUTH_LABEL), - DTLS1_SCTP_AUTH_LABEL); - - SSL_export_keying_material(s, sctpauthkey, - sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); - - BIO_ctrl(SSL_get_wbio(s), - BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, - sizeof(sctpauthkey), sctpauthkey); -#endif if (s->tlsext_ticket_expected) s->state = SSL3_ST_SW_SESSION_TICKET_A; else @@ -503,12 +438,6 @@ dtls1_accept(SSL *s) skip = 1; s->s3->tmp.cert_request = 0; s->state = SSL3_ST_SW_SRVR_DONE_A; -#ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { - s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A; - s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK; - } -#endif } else { s->s3->tmp.cert_request = 1; dtls1_start_timer(s); @@ -516,12 +445,6 @@ dtls1_accept(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_SW_SRVR_DONE_A; -#ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { - s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A; - s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK; - } -#endif s->init_num = 0; } break; @@ -578,22 +501,6 @@ dtls1_accept(SSL *s) ret = ssl3_get_client_key_exchange(s); if (ret <= 0) goto end; -#ifndef OPENSSL_NO_SCTP - /* Add new shared key for SCTP-Auth, - * will be ignored if no SCTP used. - */ - snprintf((char *)labelbuffer, - sizeof(DTLS1_SCTP_AUTH_LABEL), - DTLS1_SCTP_AUTH_LABEL); - - SSL_export_keying_material(s, sctpauthkey, - sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); - - BIO_ctrl(SSL_get_wbio(s), - BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, - sizeof(sctpauthkey), sctpauthkey); -#endif s->state = SSL3_ST_SR_CERT_VRFY_A; s->init_num = 0; @@ -628,12 +535,6 @@ dtls1_accept(SSL *s) ret = ssl3_get_cert_verify(s); if (ret <= 0) goto end; -#ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && - state == SSL_ST_RENEGOTIATE) - s->state = DTLS1_SCTP_ST_SR_READ_SOCK; - else -#endif s->state = SSL3_ST_SR_FINISHED_A; s->init_num = 0; break; @@ -689,15 +590,6 @@ dtls1_accept(SSL *s) if (ret <= 0) goto end; -#ifndef OPENSSL_NO_SCTP - if (!s->hit) { - /* Change to new shared key of SCTP-Auth, - * will be ignored if no SCTP used. - */ - BIO_ctrl(SSL_get_wbio(s), - BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); - } -#endif s->state = SSL3_ST_SW_FINISHED_A; s->init_num = 0; @@ -723,21 +615,8 @@ dtls1_accept(SSL *s) if (s->hit) { s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A; -#ifndef OPENSSL_NO_SCTP - /* Change to new shared key of SCTP-Auth, - * will be ignored if no SCTP used. - */ - BIO_ctrl(SSL_get_wbio(s), - BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); -#endif } else { s->s3->tmp.next_state = SSL_ST_OK; -#ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { - s->d1->next_state = s->s3->tmp.next_state; - s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK; - } -#endif } s->init_num = 0; break; @@ -802,14 +681,6 @@ end: /* BIO_flush(s->wbio); */ s->in_handshake--; -#ifndef OPENSSL_NO_SCTP - /* Notify SCTP BIO socket to leave handshake - * mode and prevent stream identifier other - * than 0. Will be ignored if no SCTP is used. - */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, - s->in_handshake, NULL); -#endif if (cb != NULL) cb(s, SSL_CB_ACCEPT_EXIT, ret); |