Jettison DTLS over SCTP.

OpenBSD does not have SCTP support and it sees little use in the wild. OPENSSL_NO_SCTP is already specified via opensslfeatures.h, hence this is a code removal only and symbols should remain unchanged. ok beck@ miod@ tedu@
author: jsing <> 2015-02-09 10:53:28 +0000
committer: jsing <> 2015-02-09 10:53:28 +0000
commit: 02bf7aab1edd295f175128c3cbf04d8c1b69a7cf (patch)
tree: 26c8e0794ca281a87b301ecbd4dde188ac6918e4 /src/lib/libssl/d1_pkt.c
parent: 157b832965c968aac98859f2f0bc3494c13ef7ef (diff)
download: openbsd-02bf7aab1edd295f175128c3cbf04d8c1b69a7cf.tar.gz
openbsd-02bf7aab1edd295f175128c3cbf04d8c1b69a7cf.tar.bz2
openbsd-02bf7aab1edd295f175128c3cbf04d8c1b69a7cf.zip
1 files changed, 1 insertions, 88 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 91e9c146ac..c997b7f212 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.39 2015/01/21 00:15:50 doug Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.40 2015/02/09 10:53:28 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -231,13 +231,6 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
        item->data = rdata;
-#ifndef OPENSSL_NO_SCTP
-        /* Store bio_dgram_sctp_rcvinfo struct */
-        if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-                (s->state == SSL3_ST_SR_FINISHED_A || s->state == SSL3_ST_CR_FINISHED_A)) {
-                BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
-        }
-#endif
        s->packet = NULL;
        s->packet_length = 0;
@@ -582,10 +575,6 @@ again:
                /* get another record */
        }
-#ifndef OPENSSL_NO_SCTP
-        /* Only do replay check if no SCTP bio */
-        if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) {
-#endif
                /* Check whether this is a repeat, or aged record.
                 * Don't check if we're listening and this message is
                 * a ClientHello. They can look as if they're replayed,
@@ -600,9 +589,6 @@ again:
                        goto again;
                        /* get another record */
                }
-#ifndef OPENSSL_NO_SCTP
-        }
-#endif
        /* just read a 0 length packet */
        if (rr->length == 0)
@@ -692,18 +678,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
        /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
-#ifndef OPENSSL_NO_SCTP
-        /* Continue handshake if it had to be interrupted to read
-         * app data with SCTP.
-         */
-        if ((!s->in_handshake && SSL_in_init(s)) ||
-            (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-            (s->state == DTLS1_SCTP_ST_SR_READ_SOCK ||
-            s->state == DTLS1_SCTP_ST_CR_READ_SOCK) &&
-            s->s3->in_read_app_data != 2))
-#else
        if (!s->in_handshake && SSL_in_init(s))
-#endif
        {
                /* type == SSL3_RT_APPLICATION_DATA */
                i = s->handshake_func(s);
@@ -732,13 +707,6 @@ start:
                pitem *item;
                item = pqueue_pop(s->d1->buffered_app_data.q);
                if (item) {
-#ifndef OPENSSL_NO_SCTP
-                        /* Restore bio_dgram_sctp_rcvinfo struct */
-                        if (BIO_dgram_is_sctp(SSL_get_rbio(s))) {
-                                DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *) item->data;
-                                BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
-                        }
-#endif
                        dtls1_copy_record(s, item);
@@ -826,29 +794,6 @@ start:
                        }
                }
-#ifndef OPENSSL_NO_SCTP
-                /* We were about to renegotiate but had to read
-                 * belated application data first, so retry.
-                 */
-                if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-                    rr->type == SSL3_RT_APPLICATION_DATA &&
-                    (s->state == DTLS1_SCTP_ST_SR_READ_SOCK ||
-                    s->state == DTLS1_SCTP_ST_CR_READ_SOCK)) {
-                        s->rwstate = SSL_READING;
-                        BIO_clear_retry_flags(SSL_get_rbio(s));
-                        BIO_set_retry_read(SSL_get_rbio(s));
-                }
-                /* We might had to delay a close_notify alert because
-                 * of reordered app data. If there was an alert and there
-                 * is no message to read anymore, finally set shutdown.
-                 */
-                if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-                        s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
-                        s->shutdown |= SSL_RECEIVED_SHUTDOWN;
-                        return (0);
-                }
-#endif
                return (n);
        }
@@ -1006,20 +951,6 @@ start:
                {
                        s->s3->warn_alert = alert_descr;
                        if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
-#ifndef OPENSSL_NO_SCTP
-                                /* With SCTP and streams the socket may deliver app data
-                                 * after a close_notify alert. We have to check this
-                                 * first so that nothing gets discarded.
-                                 */
-                                if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-                                        BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
-                                        s->d1->shutdown_received = 1;
-                                        s->rwstate = SSL_READING;
-                                        BIO_clear_retry_flags(SSL_get_rbio(s));
-                                        BIO_set_retry_read(SSL_get_rbio(s));
-                                        return -1;
-                                }
-#endif
                                s->shutdown |= SSL_RECEIVED_SHUTDOWN;
                                return (0);
                        }
@@ -1093,14 +1024,6 @@ start:
                if (s->version == DTLS1_BAD_VER)
                        s->d1->handshake_read_seq++;
-#ifndef OPENSSL_NO_SCTP
-                /* Remember that a CCS has been received,
-                 * so that an old key of SCTP-Auth can be
-                 * deleted when a CCS is sent. Will be ignored
-                 * if no SCTP is used
-                 */
-                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
-#endif
                goto start;
        }
@@ -1217,17 +1140,7 @@ dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
 {
        int i;
-#ifndef OPENSSL_NO_SCTP
-        /* Check if we have to continue an interrupted handshake
-         * for reading belated app data with SCTP.
-         */
-        if ((SSL_in_init(s) && !s->in_handshake) ||
-            (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
-            (s->state == DTLS1_SCTP_ST_SR_READ_SOCK ||
-            s->state == DTLS1_SCTP_ST_CR_READ_SOCK)))
-#else
        if (SSL_in_init(s) && !s->in_handshake)
-#endif
        {
                i = s->handshake_func(s);
                if (i < 0)
author	jsing <>	2015-02-09 10:53:28 +0000
committer	jsing <>	2015-02-09 10:53:28 +0000
commit	02bf7aab1edd295f175128c3cbf04d8c1b69a7cf (patch)
tree	26c8e0794ca281a87b301ecbd4dde188ac6918e4 /src/lib/libssl/d1_pkt.c
parent	157b832965c968aac98859f2f0bc3494c13ef7ef (diff)
download	openbsd-02bf7aab1edd295f175128c3cbf04d8c1b69a7cf.tar.gz openbsd-02bf7aab1edd295f175128c3cbf04d8c1b69a7cf.tar.bz2 openbsd-02bf7aab1edd295f175128c3cbf04d8c1b69a7cf.zip

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 91e9c146ac..c997b7f212 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.39 2015/01/21 00:15:50 doug Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.40 2015/02/09 10:53:28 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -231,13 +231,6 @@ dtls1_buffer_record(SSL s, record_pqueue queue, unsigned char *priority)
231		231
232	item->data = rdata;	232	item->data = rdata;
233		233
234	#ifndef OPENSSL_NO_SCTP
235	/* Store bio_dgram_sctp_rcvinfo struct */
236	if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
237	(s->state == SSL3_ST_SR_FINISHED_A \|\| s->state == SSL3_ST_CR_FINISHED_A)) {
238	BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
239	}
240	#endif
241		234
242	s->packet = NULL;	235	s->packet = NULL;
243	s->packet_length = 0;	236	s->packet_length = 0;
@@ -582,10 +575,6 @@ again:
582	/* get another record */	575	/* get another record */
583	}	576	}
584		577
585	#ifndef OPENSSL_NO_SCTP
586	/* Only do replay check if no SCTP bio */
587	if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) {
588	#endif
589	/* Check whether this is a repeat, or aged record.	578	/* Check whether this is a repeat, or aged record.
590	* Don't check if we're listening and this message is	579	* Don't check if we're listening and this message is
591	* a ClientHello. They can look as if they're replayed,	580	* a ClientHello. They can look as if they're replayed,
@@ -600,9 +589,6 @@ again:
600	goto again;	589	goto again;
601	/* get another record */	590	/* get another record */
602	}	591	}
603	#ifndef OPENSSL_NO_SCTP
604	}
605	#endif
606		592
607	/* just read a 0 length packet */	593	/* just read a 0 length packet */
608	if (rr->length == 0)	594	if (rr->length == 0)
@@ -692,18 +678,7 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
692		678
693	/* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */	679	/* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
694		680
695	#ifndef OPENSSL_NO_SCTP
696	/* Continue handshake if it had to be interrupted to read
697	* app data with SCTP.
698	*/
699	if ((!s->in_handshake && SSL_in_init(s)) \|\|
700	(BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
701	(s->state == DTLS1_SCTP_ST_SR_READ_SOCK \|\|
702	s->state == DTLS1_SCTP_ST_CR_READ_SOCK) &&
703	s->s3->in_read_app_data != 2))
704	#else
705	if (!s->in_handshake && SSL_in_init(s))	681	if (!s->in_handshake && SSL_in_init(s))
706	#endif
707	{	682	{
708	/* type == SSL3_RT_APPLICATION_DATA */	683	/* type == SSL3_RT_APPLICATION_DATA */
709	i = s->handshake_func(s);	684	i = s->handshake_func(s);
@@ -732,13 +707,6 @@ start:
732	pitem *item;	707	pitem *item;
733	item = pqueue_pop(s->d1->buffered_app_data.q);	708	item = pqueue_pop(s->d1->buffered_app_data.q);
734	if (item) {	709	if (item) {
735	#ifndef OPENSSL_NO_SCTP
736	/* Restore bio_dgram_sctp_rcvinfo struct */
737	if (BIO_dgram_is_sctp(SSL_get_rbio(s))) {
738	DTLS1_RECORD_DATA rdata = (DTLS1_RECORD_DATA ) item->data;
739	BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
740	}
741	#endif
742		710
743	dtls1_copy_record(s, item);	711	dtls1_copy_record(s, item);
744		712
@@ -826,29 +794,6 @@ start:
826	}	794	}
827	}	795	}
828		796
829	#ifndef OPENSSL_NO_SCTP
830	/* We were about to renegotiate but had to read
831	* belated application data first, so retry.
832	*/
833	if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
834	rr->type == SSL3_RT_APPLICATION_DATA &&
835	(s->state == DTLS1_SCTP_ST_SR_READ_SOCK \|\|
836	s->state == DTLS1_SCTP_ST_CR_READ_SOCK)) {
837	s->rwstate = SSL_READING;
838	BIO_clear_retry_flags(SSL_get_rbio(s));
839	BIO_set_retry_read(SSL_get_rbio(s));
840	}
841
842	/* We might had to delay a close_notify alert because
843	* of reordered app data. If there was an alert and there
844	* is no message to read anymore, finally set shutdown.
845	*/
846	if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
847	s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
848	s->shutdown \|= SSL_RECEIVED_SHUTDOWN;
849	return (0);
850	}
851	#endif
852	return (n);	797	return (n);
853	}	798	}
854		799
@@ -1006,20 +951,6 @@ start:
1006	{	951	{
1007	s->s3->warn_alert = alert_descr;	952	s->s3->warn_alert = alert_descr;
1008	if (alert_descr == SSL_AD_CLOSE_NOTIFY) {	953	if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
1009	#ifndef OPENSSL_NO_SCTP
1010	/* With SCTP and streams the socket may deliver app data
1011	* after a close_notify alert. We have to check this
1012	* first so that nothing gets discarded.
1013	*/
1014	if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
1015	BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
1016	s->d1->shutdown_received = 1;
1017	s->rwstate = SSL_READING;
1018	BIO_clear_retry_flags(SSL_get_rbio(s));
1019	BIO_set_retry_read(SSL_get_rbio(s));
1020	return -1;
1021	}
1022	#endif
1023	s->shutdown \|= SSL_RECEIVED_SHUTDOWN;	954	s->shutdown \|= SSL_RECEIVED_SHUTDOWN;
1024	return (0);	955	return (0);
1025	}	956	}
@@ -1093,14 +1024,6 @@ start:
1093	if (s->version == DTLS1_BAD_VER)	1024	if (s->version == DTLS1_BAD_VER)
1094	s->d1->handshake_read_seq++;	1025	s->d1->handshake_read_seq++;
1095		1026
1096	#ifndef OPENSSL_NO_SCTP
1097	/* Remember that a CCS has been received,
1098	* so that an old key of SCTP-Auth can be
1099	* deleted when a CCS is sent. Will be ignored
1100	* if no SCTP is used
1101	*/
1102	BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
1103	#endif
1104		1027
1105	goto start;	1028	goto start;
1106	}	1029	}
@@ -1217,17 +1140,7 @@ dtls1_write_app_data_bytes(SSL s, int type, const void buf_, int len)
1217	{	1140	{
1218	int i;	1141	int i;
1219		1142
1220	#ifndef OPENSSL_NO_SCTP
1221	/* Check if we have to continue an interrupted handshake
1222	* for reading belated app data with SCTP.
1223	*/
1224	if ((SSL_in_init(s) && !s->in_handshake) \|\|
1225	(BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
1226	(s->state == DTLS1_SCTP_ST_SR_READ_SOCK \|\|
1227	s->state == DTLS1_SCTP_ST_CR_READ_SOCK)))
1228	#else
1229	if (SSL_in_init(s) && !s->in_handshake)	1143	if (SSL_in_init(s) && !s->in_handshake)
1230	#endif
1231	{	1144	{
1232	i = s->handshake_func(s);	1145	i = s->handshake_func(s);
1233	if (i < 0)	1146	if (i < 0)