summaryrefslogtreecommitdiff
path: root/lib/libssl
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libssl')
-rw-r--r--lib/libssl/d1_both.c17
-rw-r--r--lib/libssl/d1_clnt.c146
-rw-r--r--lib/libssl/d1_lib.c9
-rw-r--r--lib/libssl/d1_pkt.c89
-rw-r--r--lib/libssl/d1_srvr.c131
-rw-r--r--lib/libssl/dtls1.h14
-rw-r--r--lib/libssl/ssl3.h10
7 files changed, 7 insertions, 409 deletions
diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c
index bff683d06cf..534db59ee89 100644
--- a/lib/libssl/d1_both.c
+++ b/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.31 2014/12/14 16:07:26 jsing Exp $ */
+/* $OpenBSD: d1_both.c,v 1.32 2015/02/09 10:53:28 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -1397,21 +1397,6 @@ dtls1_shutdown(SSL *s)
{
int ret;
-#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
- !(s->shutdown & SSL_SENT_SHUTDOWN)) {
- ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
- if (ret < 0)
- return -1;
-
- if (ret == 0)
- BIO_ctrl(SSL_get_wbio(s),
- BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL);
- }
-#endif
ret = ssl3_shutdown(s);
-#ifndef OPENSSL_NO_SCTP
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL);
-#endif
return ret;
}
diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c
index c344c1bcdc3..cf25183de50 100644
--- a/lib/libssl/d1_clnt.c
+++ b/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.42 2015/02/06 08:30:23 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.43 2015/02/09 10:53:28 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -180,10 +180,6 @@ dtls1_connect(SSL *s)
void (*cb)(const SSL *ssl, int type, int val) = NULL;
int ret = -1;
int new_state, state, skip = 0;
-#ifndef OPENSSL_NO_SCTP
- unsigned char sctpauthkey[64];
- char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
-#endif
ERR_clear_error();
errno = 0;
@@ -197,14 +193,6 @@ dtls1_connect(SSL *s)
if (!SSL_in_init(s) || SSL_in_before(s))
SSL_clear(s);
-#ifndef OPENSSL_NO_SCTP
- /* Notify SCTP BIO socket to enter handshake
- * mode and prevent stream identifier other
- * than 0. Will be ignored if no SCTP is used.
- */
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
- s->in_handshake, NULL);
-#endif
for (;;) {
state = s->state;
@@ -271,40 +259,6 @@ dtls1_connect(SSL *s)
s->hit = 0;
break;
-#ifndef OPENSSL_NO_SCTP
- case DTLS1_SCTP_ST_CR_READ_SOCK:
-
- if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
- s->s3->in_read_app_data = 2;
- s->rwstate = SSL_READING;
- BIO_clear_retry_flags(SSL_get_rbio(s));
- BIO_set_retry_read(SSL_get_rbio(s));
- ret = -1;
- goto end;
- }
-
- s->state = s->s3->tmp.next_state;
- break;
-
- case DTLS1_SCTP_ST_CW_WRITE_SOCK:
- /* read app data until dry event */
-
- ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
- if (ret < 0)
- goto end;
-
- if (ret == 0) {
- s->s3->in_read_app_data = 2;
- s->rwstate = SSL_READING;
- BIO_clear_retry_flags(SSL_get_rbio(s));
- BIO_set_retry_read(SSL_get_rbio(s));
- ret = -1;
- goto end;
- }
-
- s->state = s->d1->next_state;
- break;
-#endif
case SSL3_ST_CW_CLNT_HELLO_A:
case SSL3_ST_CW_CLNT_HELLO_B:
@@ -330,16 +284,9 @@ dtls1_connect(SSL *s)
s->init_num = 0;
-#ifndef OPENSSL_NO_SCTP
- /* Disable buffering for SCTP */
- if (!BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-#endif
/* turn on buffering for the next lot of output */
if (s->bbio != s->wbio)
s->wbio = BIO_push(s->bbio, s->wbio);
-#ifndef OPENSSL_NO_SCTP
- }
-#endif
break;
case SSL3_ST_CR_SRVR_HELLO_A:
@@ -349,20 +296,6 @@ dtls1_connect(SSL *s)
goto end;
else {
if (s->hit) {
-#ifndef OPENSSL_NO_SCTP
- /* Add new shared key for SCTP-Auth,
- * will be ignored if no SCTP used.
- */
- snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
- DTLS1_SCTP_AUTH_LABEL);
-
- SSL_export_keying_material(s, sctpauthkey,
- sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
-
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
- sizeof(sctpauthkey), sctpauthkey);
-#endif
s->state = SSL3_ST_CR_FINISHED_A;
} else
@@ -453,12 +386,6 @@ dtls1_connect(SSL *s)
s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
s->init_num = 0;
-#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
- state == SSL_ST_RENEGOTIATE)
- s->state = DTLS1_SCTP_ST_CR_READ_SOCK;
- else
-#endif
s->state = s->s3->tmp.next_state;
break;
@@ -481,22 +408,6 @@ dtls1_connect(SSL *s)
if (ret <= 0)
goto end;
-#ifndef OPENSSL_NO_SCTP
- /* Add new shared key for SCTP-Auth,
- * will be ignored if no SCTP used.
- */
- snprintf((char*)labelbuffer,
- sizeof(DTLS1_SCTP_AUTH_LABEL),
- DTLS1_SCTP_AUTH_LABEL);
-
- SSL_export_keying_material(s, sctpauthkey,
- sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
-
- BIO_ctrl(SSL_get_wbio(s),
- BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
- sizeof(sctpauthkey), sctpauthkey);
-#endif
/* EAY EAY EAY need to check for DH fix cert
* sent back */
@@ -505,12 +416,6 @@ dtls1_connect(SSL *s)
if (s->s3->tmp.cert_req == 1) {
s->state = SSL3_ST_CW_CERT_VRFY_A;
} else {
-#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
- s->d1->next_state = SSL3_ST_CW_CHANGE_A;
- s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
- } else
-#endif
s->state = SSL3_ST_CW_CHANGE_A;
s->s3->change_cipher_spec = 0;
}
@@ -524,12 +429,6 @@ dtls1_connect(SSL *s)
ret = dtls1_send_client_verify(s);
if (ret <= 0)
goto end;
-#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
- s->d1->next_state = SSL3_ST_CW_CHANGE_A;
- s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
- } else
-#endif
s->state = SSL3_ST_CW_CHANGE_A;
s->init_num = 0;
s->s3->change_cipher_spec = 0;
@@ -559,15 +458,6 @@ dtls1_connect(SSL *s)
goto end;
}
-#ifndef OPENSSL_NO_SCTP
- if (s->hit) {
- /* Change to new shared key of SCTP-Auth,
- * will be ignored if no SCTP used.
- */
- BIO_ctrl(SSL_get_wbio(s),
- BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
- }
-#endif
dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
break;
@@ -588,31 +478,12 @@ dtls1_connect(SSL *s)
s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
if (s->hit) {
s->s3->tmp.next_state = SSL_ST_OK;
-#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
- s->d1->next_state = s->s3->tmp.next_state;
- s->s3->tmp.next_state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
- }
-#endif
if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
s->state = SSL_ST_OK;
-#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
- s->d1->next_state = SSL_ST_OK;
- s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
- }
-#endif
s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
s->s3->delay_buf_pop_ret = 0;
}
} else {
-#ifndef OPENSSL_NO_SCTP
- /* Change to new shared key of SCTP-Auth,
- * will be ignored if no SCTP used.
- */
- BIO_ctrl(SSL_get_wbio(s),
- BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
-#endif
/* Allow NewSessionTicket if ticket expected */
if (s->tlsext_ticket_expected)
@@ -657,13 +528,6 @@ dtls1_connect(SSL *s)
else
s->state = SSL_ST_OK;
-#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
- state == SSL_ST_RENEGOTIATE) {
- s->d1->next_state = s->state;
- s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
- }
-#endif
s->init_num = 0;
break;
@@ -742,14 +606,6 @@ dtls1_connect(SSL *s)
end:
s->in_handshake--;
-#ifndef OPENSSL_NO_SCTP
- /* Notify SCTP BIO socket to leave handshake
- * mode and allow stream identifier other
- * than 0. Will be ignored if no SCTP is used.
- */
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
- s->in_handshake, NULL);
-#endif
if (buf != NULL)
BUF_MEM_free(buf);
diff --git a/lib/libssl/d1_lib.c b/lib/libssl/d1_lib.c
index 26f5901cc49..9d9a90d76a0 100644
--- a/lib/libssl/d1_lib.c
+++ b/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.26 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.27 2015/02/09 10:53:28 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -297,13 +297,6 @@ dtls1_get_cipher(unsigned int u)
void
dtls1_start_timer(SSL *s)
{
-#ifndef OPENSSL_NO_SCTP
- /* Disable timer for SCTP */
- if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
- memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
- return;
- }
-#endif
/* If timer is not set, initialize duration with 1 second */
if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c
index 91e9c146ac6..c997b7f2120 100644
--- a/lib/libssl/d1_pkt.c
+++ b/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.39 2015/01/21 00:15:50 doug Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.40 2015/02/09 10:53:28 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -231,13 +231,6 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
item->data = rdata;
-#ifndef OPENSSL_NO_SCTP
- /* Store bio_dgram_sctp_rcvinfo struct */
- if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
- (s->state == SSL3_ST_SR_FINISHED_A || s->state == SSL3_ST_CR_FINISHED_A)) {
- BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
- }
-#endif
s->packet = NULL;
s->packet_length = 0;
@@ -582,10 +575,6 @@ again:
/* get another record */
}
-#ifndef OPENSSL_NO_SCTP
- /* Only do replay check if no SCTP bio */
- if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) {
-#endif
/* Check whether this is a repeat, or aged record.
* Don't check if we're listening and this message is
* a ClientHello. They can look as if they're replayed,
@@ -600,9 +589,6 @@ again:
goto again;
/* get another record */
}
-#ifndef OPENSSL_NO_SCTP
- }
-#endif
/* just read a 0 length packet */
if (rr->length == 0)
@@ -692,18 +678,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
/* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
-#ifndef OPENSSL_NO_SCTP
- /* Continue handshake if it had to be interrupted to read
- * app data with SCTP.
- */
- if ((!s->in_handshake && SSL_in_init(s)) ||
- (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
- (s->state == DTLS1_SCTP_ST_SR_READ_SOCK ||
- s->state == DTLS1_SCTP_ST_CR_READ_SOCK) &&
- s->s3->in_read_app_data != 2))
-#else
if (!s->in_handshake && SSL_in_init(s))
-#endif
{
/* type == SSL3_RT_APPLICATION_DATA */
i = s->handshake_func(s);
@@ -732,13 +707,6 @@ start:
pitem *item;
item = pqueue_pop(s->d1->buffered_app_data.q);
if (item) {
-#ifndef OPENSSL_NO_SCTP
- /* Restore bio_dgram_sctp_rcvinfo struct */
- if (BIO_dgram_is_sctp(SSL_get_rbio(s))) {
- DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *) item->data;
- BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
- }
-#endif
dtls1_copy_record(s, item);
@@ -826,29 +794,6 @@ start:
}
}
-#ifndef OPENSSL_NO_SCTP
- /* We were about to renegotiate but had to read
- * belated application data first, so retry.
- */
- if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
- rr->type == SSL3_RT_APPLICATION_DATA &&
- (s->state == DTLS1_SCTP_ST_SR_READ_SOCK ||
- s->state == DTLS1_SCTP_ST_CR_READ_SOCK)) {
- s->rwstate = SSL_READING;
- BIO_clear_retry_flags(SSL_get_rbio(s));
- BIO_set_retry_read(SSL_get_rbio(s));
- }
-
- /* We might had to delay a close_notify alert because
- * of reordered app data. If there was an alert and there
- * is no message to read anymore, finally set shutdown.
- */
- if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
- s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
- s->shutdown |= SSL_RECEIVED_SHUTDOWN;
- return (0);
- }
-#endif
return (n);
}
@@ -1006,20 +951,6 @@ start:
{
s->s3->warn_alert = alert_descr;
if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
-#ifndef OPENSSL_NO_SCTP
- /* With SCTP and streams the socket may deliver app data
- * after a close_notify alert. We have to check this
- * first so that nothing gets discarded.
- */
- if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
- BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
- s->d1->shutdown_received = 1;
- s->rwstate = SSL_READING;
- BIO_clear_retry_flags(SSL_get_rbio(s));
- BIO_set_retry_read(SSL_get_rbio(s));
- return -1;
- }
-#endif
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
return (0);
}
@@ -1093,14 +1024,6 @@ start:
if (s->version == DTLS1_BAD_VER)
s->d1->handshake_read_seq++;
-#ifndef OPENSSL_NO_SCTP
- /* Remember that a CCS has been received,
- * so that an old key of SCTP-Auth can be
- * deleted when a CCS is sent. Will be ignored
- * if no SCTP is used
- */
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
-#endif
goto start;
}
@@ -1217,17 +1140,7 @@ dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
{
int i;
-#ifndef OPENSSL_NO_SCTP
- /* Check if we have to continue an interrupted handshake
- * for reading belated app data with SCTP.
- */
- if ((SSL_in_init(s) && !s->in_handshake) ||
- (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
- (s->state == DTLS1_SCTP_ST_SR_READ_SOCK ||
- s->state == DTLS1_SCTP_ST_CR_READ_SOCK)))
-#else
if (SSL_in_init(s) && !s->in_handshake)
-#endif
{
i = s->handshake_func(s);
if (i < 0)
diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c
index 1c732c5b085..4e6d0da3b39 100644
--- a/lib/libssl/d1_srvr.c
+++ b/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.48 2015/02/07 08:56:39 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.49 2015/02/09 10:53:28 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -182,10 +182,6 @@ dtls1_accept(SSL *s)
int ret = -1;
int new_state, state, skip = 0;
int listen;
-#ifndef OPENSSL_NO_SCTP
- unsigned char sctpauthkey[64];
- char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
-#endif
ERR_clear_error();
errno = 0;
@@ -203,14 +199,6 @@ dtls1_accept(SSL *s)
SSL_clear(s);
s->d1->listen = listen;
-#ifndef OPENSSL_NO_SCTP
- /* Notify SCTP BIO socket to enter handshake
- * mode and prevent stream identifier other
- * than 0. Will be ignored if no SCTP is used.
- */
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
- s->in_handshake, NULL);
-#endif
if (s->cert == NULL) {
SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
@@ -266,9 +254,6 @@ dtls1_accept(SSL *s)
* the output is sent in a way that TCP likes :-)
* ...but not with SCTP :-)
*/
-#ifndef OPENSSL_NO_SCTP
- if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
-#endif
if (!ssl_init_wbio_buffer(s, 1)) {
ret = -1;
goto end;
@@ -368,40 +353,6 @@ dtls1_accept(SSL *s)
}
break;
-#ifndef OPENSSL_NO_SCTP
- case DTLS1_SCTP_ST_SR_READ_SOCK:
-
- if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
- s->s3->in_read_app_data = 2;
- s->rwstate = SSL_READING;
- BIO_clear_retry_flags(SSL_get_rbio(s));
- BIO_set_retry_read(SSL_get_rbio(s));
- ret = -1;
- goto end;
- }
-
- s->state = SSL3_ST_SR_FINISHED_A;
- break;
-
- case DTLS1_SCTP_ST_SW_WRITE_SOCK:
- ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
- if (ret < 0)
- goto end;
-
- if (ret == 0) {
- if (s->d1->next_state != SSL_ST_OK) {
- s->s3->in_read_app_data = 2;
- s->rwstate = SSL_READING;
- BIO_clear_retry_flags(SSL_get_rbio(s));
- BIO_set_retry_read(SSL_get_rbio(s));
- ret = -1;
- goto end;
- }
- }
-
- s->state = s->d1->next_state;
- break;
-#endif
case SSL3_ST_SW_SRVR_HELLO_A:
case SSL3_ST_SW_SRVR_HELLO_B:
@@ -412,22 +363,6 @@ dtls1_accept(SSL *s)
goto end;
if (s->hit) {
-#ifndef OPENSSL_NO_SCTP
- /* Add new shared key for SCTP-Auth,
- * will be ignored if no SCTP used.
- */
- snprintf((char*)labelbuffer,
- sizeof(DTLS1_SCTP_AUTH_LABEL),
- DTLS1_SCTP_AUTH_LABEL);
-
- SSL_export_keying_material(s, sctpauthkey,
- sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
-
- BIO_ctrl(SSL_get_wbio(s),
- BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
- sizeof(sctpauthkey), sctpauthkey);
-#endif
if (s->tlsext_ticket_expected)
s->state = SSL3_ST_SW_SESSION_TICKET_A;
else
@@ -503,12 +438,6 @@ dtls1_accept(SSL *s)
skip = 1;
s->s3->tmp.cert_request = 0;
s->state = SSL3_ST_SW_SRVR_DONE_A;
-#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
- s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
- s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
- }
-#endif
} else {
s->s3->tmp.cert_request = 1;
dtls1_start_timer(s);
@@ -516,12 +445,6 @@ dtls1_accept(SSL *s)
if (ret <= 0)
goto end;
s->state = SSL3_ST_SW_SRVR_DONE_A;
-#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
- s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
- s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
- }
-#endif
s->init_num = 0;
}
break;
@@ -578,22 +501,6 @@ dtls1_accept(SSL *s)
ret = ssl3_get_client_key_exchange(s);
if (ret <= 0)
goto end;
-#ifndef OPENSSL_NO_SCTP
- /* Add new shared key for SCTP-Auth,
- * will be ignored if no SCTP used.
- */
- snprintf((char *)labelbuffer,
- sizeof(DTLS1_SCTP_AUTH_LABEL),
- DTLS1_SCTP_AUTH_LABEL);
-
- SSL_export_keying_material(s, sctpauthkey,
- sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
-
- BIO_ctrl(SSL_get_wbio(s),
- BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
- sizeof(sctpauthkey), sctpauthkey);
-#endif
s->state = SSL3_ST_SR_CERT_VRFY_A;
s->init_num = 0;
@@ -628,12 +535,6 @@ dtls1_accept(SSL *s)
ret = ssl3_get_cert_verify(s);
if (ret <= 0)
goto end;
-#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
- state == SSL_ST_RENEGOTIATE)
- s->state = DTLS1_SCTP_ST_SR_READ_SOCK;
- else
-#endif
s->state = SSL3_ST_SR_FINISHED_A;
s->init_num = 0;
break;
@@ -689,15 +590,6 @@ dtls1_accept(SSL *s)
if (ret <= 0)
goto end;
-#ifndef OPENSSL_NO_SCTP
- if (!s->hit) {
- /* Change to new shared key of SCTP-Auth,
- * will be ignored if no SCTP used.
- */
- BIO_ctrl(SSL_get_wbio(s),
- BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
- }
-#endif
s->state = SSL3_ST_SW_FINISHED_A;
s->init_num = 0;
@@ -723,21 +615,8 @@ dtls1_accept(SSL *s)
if (s->hit) {
s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
-#ifndef OPENSSL_NO_SCTP
- /* Change to new shared key of SCTP-Auth,
- * will be ignored if no SCTP used.
- */
- BIO_ctrl(SSL_get_wbio(s),
- BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
-#endif
} else {
s->s3->tmp.next_state = SSL_ST_OK;
-#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
- s->d1->next_state = s->s3->tmp.next_state;
- s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
- }
-#endif
}
s->init_num = 0;
break;
@@ -802,14 +681,6 @@ end:
/* BIO_flush(s->wbio); */
s->in_handshake--;
-#ifndef OPENSSL_NO_SCTP
- /* Notify SCTP BIO socket to leave handshake
- * mode and prevent stream identifier other
- * than 0. Will be ignored if no SCTP is used.
- */
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
- s->in_handshake, NULL);
-#endif
if (cb != NULL)
cb(s, SSL_CB_ACCEPT_EXIT, ret);
diff --git a/lib/libssl/dtls1.h b/lib/libssl/dtls1.h
index 40940a494ab..1d65dc58217 100644
--- a/lib/libssl/dtls1.h
+++ b/lib/libssl/dtls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dtls1.h,v 1.16 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: dtls1.h,v 1.17 2015/02/09 10:53:28 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -95,9 +95,6 @@ extern "C" {
#ifndef OPENSSL_NO_SSL_INTERN
-#ifndef OPENSSL_NO_SCTP
-#define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP"
-#endif
typedef struct dtls1_bitmap_st {
unsigned long map; /* track 32 packets on 32-bit systems
@@ -225,12 +222,6 @@ typedef struct dtls1_state_st {
unsigned int retransmitting;
unsigned int change_cipher_spec_ok;
-#ifndef OPENSSL_NO_SCTP
- /* used when SSL_ST_XX_FLUSH is entered */
- int next_state;
-
- int shutdown_received;
-#endif
} DTLS1_STATE;
@@ -239,9 +230,6 @@ typedef struct dtls1_record_data_st {
unsigned int packet_length;
SSL3_BUFFER rbuf;
SSL3_RECORD rrec;
-#ifndef OPENSSL_NO_SCTP
- struct bio_dgram_sctp_rcvinfo recordinfo;
-#endif
} DTLS1_RECORD_DATA;
#endif
diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h
index 5f59e18eb45..2d7d35b7b25 100644
--- a/lib/libssl/ssl3.h
+++ b/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.33 2014/12/14 21:49:29 bcook Exp $ */
+/* $OpenBSD: ssl3.h,v 1.34 2015/02/09 10:53:28 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -512,10 +512,6 @@ typedef struct ssl3_state_st {
/*client */
/* extra state */
#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT)
-#ifndef OPENSSL_NO_SCTP
-#define DTLS1_SCTP_ST_CW_WRITE_SOCK (0x310|SSL_ST_CONNECT)
-#define DTLS1_SCTP_ST_CR_READ_SOCK (0x320|SSL_ST_CONNECT)
-#endif
/* write to server */
#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT)
#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT)
@@ -562,10 +558,6 @@ typedef struct ssl3_state_st {
/* server */
/* extra state */
#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT)
-#ifndef OPENSSL_NO_SCTP
-#define DTLS1_SCTP_ST_SW_WRITE_SOCK (0x310|SSL_ST_ACCEPT)
-#define DTLS1_SCTP_ST_SR_READ_SOCK (0x320|SSL_ST_ACCEPT)
-#endif
/* read from client */
/* Do not change the number values, they do matter */
#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT)
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-13 19:09:56 +0000