Jettison DTLS over SCTP.

OpenBSD does not have SCTP support and it sees little use in the wild. OPENSSL_NO_SCTP is already specified via opensslfeatures.h, hence this is a code removal only and symbols should remain unchanged. ok beck@ miod@ tedu@
author: jsing <> 2015-02-09 10:53:28 +0000
committer: jsing <> 2015-02-09 10:53:28 +0000
commit: 02bf7aab1edd295f175128c3cbf04d8c1b69a7cf (patch)
tree: 26c8e0794ca281a87b301ecbd4dde188ac6918e4 /src/lib/libssl/d1_srvr.c
parent: 157b832965c968aac98859f2f0bc3494c13ef7ef (diff)
download: openbsd-02bf7aab1edd295f175128c3cbf04d8c1b69a7cf.tar.gz
openbsd-02bf7aab1edd295f175128c3cbf04d8c1b69a7cf.tar.bz2
openbsd-02bf7aab1edd295f175128c3cbf04d8c1b69a7cf.zip
1 files changed, 1 insertions, 130 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 1c732c5b08..4e6d0da3b3 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.48 2015/02/07 08:56:39 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.49 2015/02/09 10:53:28 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -182,10 +182,6 @@ dtls1_accept(SSL *s)
        int ret = -1;
        int new_state, state, skip = 0;
        int listen;
-#ifndef OPENSSL_NO_SCTP
-        unsigned char sctpauthkey[64];
-        char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
-#endif
        ERR_clear_error();
        errno = 0;
@@ -203,14 +199,6 @@ dtls1_accept(SSL *s)
                SSL_clear(s);
        s->d1->listen = listen;
-#ifndef OPENSSL_NO_SCTP
-        /* Notify SCTP BIO socket to enter handshake
-         * mode and prevent stream identifier other
-         * than 0. Will be ignored if no SCTP is used.
-         */
-        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
-            s->in_handshake, NULL);
-#endif
        if (s->cert == NULL) {
                SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
@@ -266,9 +254,6 @@ dtls1_accept(SSL *s)
                                 * the output is sent in a way that TCP likes :-)
                                 * ...but not with SCTP :-)
                                 */
-#ifndef OPENSSL_NO_SCTP
-                                if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
-#endif
                                if (!ssl_init_wbio_buffer(s, 1)) {
                                        ret = -1;
                                        goto end;
@@ -368,40 +353,6 @@ dtls1_accept(SSL *s)
                        }
                        break;
-#ifndef OPENSSL_NO_SCTP
-                case DTLS1_SCTP_ST_SR_READ_SOCK:
-                        if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
-                                s->s3->in_read_app_data = 2;
-                                s->rwstate = SSL_READING;
-                                BIO_clear_retry_flags(SSL_get_rbio(s));
-                                BIO_set_retry_read(SSL_get_rbio(s));
-                                ret = -1;
-                                goto end;
-                        }
-                        s->state = SSL3_ST_SR_FINISHED_A;
-                        break;
-                case DTLS1_SCTP_ST_SW_WRITE_SOCK:
-                        ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
-                        if (ret < 0)
-                                goto end;
-                        if (ret == 0) {
-                                if (s->d1->next_state != SSL_ST_OK) {
-                                        s->s3->in_read_app_data = 2;
-                                        s->rwstate = SSL_READING;
-                                        BIO_clear_retry_flags(SSL_get_rbio(s));
-                                        BIO_set_retry_read(SSL_get_rbio(s));
-                                        ret = -1;
-                                        goto end;
-                                }
-                        }
-                        s->state = s->d1->next_state;
-                        break;
-#endif
                case SSL3_ST_SW_SRVR_HELLO_A:
                case SSL3_ST_SW_SRVR_HELLO_B:
@@ -412,22 +363,6 @@ dtls1_accept(SSL *s)
                                goto end;
                        if (s->hit) {
-#ifndef OPENSSL_NO_SCTP
-                                /* Add new shared key for SCTP-Auth,
-                                 * will be ignored if no SCTP used.
-                                 */
-                                snprintf((char*)labelbuffer,
-                                    sizeof(DTLS1_SCTP_AUTH_LABEL),
-                                    DTLS1_SCTP_AUTH_LABEL);
-                                SSL_export_keying_material(s, sctpauthkey,
-                                    sizeof(sctpauthkey), labelbuffer,
-                                    sizeof(labelbuffer), NULL, 0, 0);
-                                BIO_ctrl(SSL_get_wbio(s),
-                                    BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
-                                    sizeof(sctpauthkey), sctpauthkey);
-#endif
                                if (s->tlsext_ticket_expected)
                                        s->state = SSL3_ST_SW_SESSION_TICKET_A;
                                else
@@ -503,12 +438,6 @@ dtls1_accept(SSL *s)
                                skip = 1;
                                s->s3->tmp.cert_request = 0;
                                s->state = SSL3_ST_SW_SRVR_DONE_A;
-#ifndef OPENSSL_NO_SCTP
-                                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-                                        s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
-                                        s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
-                                }
-#endif
                        } else {
                                s->s3->tmp.cert_request = 1;
                                dtls1_start_timer(s);
@@ -516,12 +445,6 @@ dtls1_accept(SSL *s)
                                if (ret <= 0)
                                        goto end;
                                s->state = SSL3_ST_SW_SRVR_DONE_A;
-#ifndef OPENSSL_NO_SCTP
-                                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-                                        s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
-                                        s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
-                                }
-#endif
                                s->init_num = 0;
                        }
                        break;
@@ -578,22 +501,6 @@ dtls1_accept(SSL *s)
                        ret = ssl3_get_client_key_exchange(s);
                        if (ret <= 0)
                                goto end;
-#ifndef OPENSSL_NO_SCTP
-                        /* Add new shared key for SCTP-Auth,
-                         * will be ignored if no SCTP used.
-                         */
-                        snprintf((char *)labelbuffer,
-                            sizeof(DTLS1_SCTP_AUTH_LABEL),
-                            DTLS1_SCTP_AUTH_LABEL);
-                        SSL_export_keying_material(s, sctpauthkey,
-                            sizeof(sctpauthkey), labelbuffer,
-                            sizeof(labelbuffer), NULL, 0, 0);
-                        BIO_ctrl(SSL_get_wbio(s),
-                            BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
-                            sizeof(sctpauthkey), sctpauthkey);
-#endif
                        s->state = SSL3_ST_SR_CERT_VRFY_A;
                        s->init_num = 0;
@@ -628,12 +535,6 @@ dtls1_accept(SSL *s)
                        ret = ssl3_get_cert_verify(s);
                        if (ret <= 0)
                                goto end;
-#ifndef OPENSSL_NO_SCTP
-                        if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
-                            state == SSL_ST_RENEGOTIATE)
-                                s->state = DTLS1_SCTP_ST_SR_READ_SOCK;
-                        else
-#endif
                                s->state = SSL3_ST_SR_FINISHED_A;
                        s->init_num = 0;
                        break;
@@ -689,15 +590,6 @@ dtls1_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
-#ifndef OPENSSL_NO_SCTP
-                        if (!s->hit) {
-                                /* Change to new shared key of SCTP-Auth,
-                                 * will be ignored if no SCTP used.
-                                 */
-                                BIO_ctrl(SSL_get_wbio(s),
-                                    BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
-                        }
-#endif
                        s->state = SSL3_ST_SW_FINISHED_A;
                        s->init_num = 0;
@@ -723,21 +615,8 @@ dtls1_accept(SSL *s)
                        if (s->hit) {
                                s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
-#ifndef OPENSSL_NO_SCTP
-                                /* Change to new shared key of SCTP-Auth,
-                                 * will be ignored if no SCTP used.
-                                 */
-                                BIO_ctrl(SSL_get_wbio(s),
-                                    BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
-#endif
                        } else {
                                s->s3->tmp.next_state = SSL_ST_OK;
-#ifndef OPENSSL_NO_SCTP
-                                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-                                        s->d1->next_state = s->s3->tmp.next_state;
-                                        s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
-                                }
-#endif
                        }
                        s->init_num = 0;
                        break;
@@ -802,14 +681,6 @@ end:
        /* BIO_flush(s->wbio); */
        s->in_handshake--;
-#ifndef OPENSSL_NO_SCTP
-        /* Notify SCTP BIO socket to leave handshake
-         * mode and prevent stream identifier other
-         * than 0. Will be ignored if no SCTP is used.
-         */
-        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
-            s->in_handshake, NULL);
-#endif
        if (cb != NULL)
                cb(s, SSL_CB_ACCEPT_EXIT, ret);
author	jsing <>	2015-02-09 10:53:28 +0000
committer	jsing <>	2015-02-09 10:53:28 +0000
commit	02bf7aab1edd295f175128c3cbf04d8c1b69a7cf (patch)
tree	26c8e0794ca281a87b301ecbd4dde188ac6918e4 /src/lib/libssl/d1_srvr.c
parent	157b832965c968aac98859f2f0bc3494c13ef7ef (diff)
download	openbsd-02bf7aab1edd295f175128c3cbf04d8c1b69a7cf.tar.gz openbsd-02bf7aab1edd295f175128c3cbf04d8c1b69a7cf.tar.bz2 openbsd-02bf7aab1edd295f175128c3cbf04d8c1b69a7cf.zip

diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 1c732c5b08..4e6d0da3b3 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_srvr.c,v 1.48 2015/02/07 08:56:39 jsing Exp $ */	1	/* $OpenBSD: d1_srvr.c,v 1.49 2015/02/09 10:53:28 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -182,10 +182,6 @@ dtls1_accept(SSL *s)
182	int ret = -1;	182	int ret = -1;
183	int new_state, state, skip = 0;	183	int new_state, state, skip = 0;
184	int listen;	184	int listen;
185	#ifndef OPENSSL_NO_SCTP
186	unsigned char sctpauthkey[64];
187	char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
188	#endif
189		185
190	ERR_clear_error();	186	ERR_clear_error();
191	errno = 0;	187	errno = 0;
@@ -203,14 +199,6 @@ dtls1_accept(SSL *s)
203	SSL_clear(s);	199	SSL_clear(s);
204		200
205	s->d1->listen = listen;	201	s->d1->listen = listen;
206	#ifndef OPENSSL_NO_SCTP
207	/* Notify SCTP BIO socket to enter handshake
208	* mode and prevent stream identifier other
209	* than 0. Will be ignored if no SCTP is used.
210	*/
211	BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
212	s->in_handshake, NULL);
213	#endif
214		202
215	if (s->cert == NULL) {	203	if (s->cert == NULL) {
216	SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);	204	SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
@@ -266,9 +254,6 @@ dtls1_accept(SSL *s)
266	* the output is sent in a way that TCP likes :-)	254	* the output is sent in a way that TCP likes :-)
267	* ...but not with SCTP :-)	255	* ...but not with SCTP :-)
268	*/	256	*/
269	#ifndef OPENSSL_NO_SCTP
270	if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
271	#endif
272	if (!ssl_init_wbio_buffer(s, 1)) {	257	if (!ssl_init_wbio_buffer(s, 1)) {
273	ret = -1;	258	ret = -1;
274	goto end;	259	goto end;
@@ -368,40 +353,6 @@ dtls1_accept(SSL *s)
368	}	353	}
369	break;	354	break;
370		355
371	#ifndef OPENSSL_NO_SCTP
372	case DTLS1_SCTP_ST_SR_READ_SOCK:
373
374	if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
375	s->s3->in_read_app_data = 2;
376	s->rwstate = SSL_READING;
377	BIO_clear_retry_flags(SSL_get_rbio(s));
378	BIO_set_retry_read(SSL_get_rbio(s));
379	ret = -1;
380	goto end;
381	}
382
383	s->state = SSL3_ST_SR_FINISHED_A;
384	break;
385
386	case DTLS1_SCTP_ST_SW_WRITE_SOCK:
387	ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
388	if (ret < 0)
389	goto end;
390
391	if (ret == 0) {
392	if (s->d1->next_state != SSL_ST_OK) {
393	s->s3->in_read_app_data = 2;
394	s->rwstate = SSL_READING;
395	BIO_clear_retry_flags(SSL_get_rbio(s));
396	BIO_set_retry_read(SSL_get_rbio(s));
397	ret = -1;
398	goto end;
399	}
400	}
401
402	s->state = s->d1->next_state;
403	break;
404	#endif
405		356
406	case SSL3_ST_SW_SRVR_HELLO_A:	357	case SSL3_ST_SW_SRVR_HELLO_A:
407	case SSL3_ST_SW_SRVR_HELLO_B:	358	case SSL3_ST_SW_SRVR_HELLO_B:
@@ -412,22 +363,6 @@ dtls1_accept(SSL *s)
412	goto end;	363	goto end;
413		364
414	if (s->hit) {	365	if (s->hit) {
415	#ifndef OPENSSL_NO_SCTP
416	/* Add new shared key for SCTP-Auth,
417	* will be ignored if no SCTP used.
418	*/
419	snprintf((char*)labelbuffer,
420	sizeof(DTLS1_SCTP_AUTH_LABEL),
421	DTLS1_SCTP_AUTH_LABEL);
422
423	SSL_export_keying_material(s, sctpauthkey,
424	sizeof(sctpauthkey), labelbuffer,
425	sizeof(labelbuffer), NULL, 0, 0);
426
427	BIO_ctrl(SSL_get_wbio(s),
428	BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
429	sizeof(sctpauthkey), sctpauthkey);
430	#endif
431	if (s->tlsext_ticket_expected)	366	if (s->tlsext_ticket_expected)
432	s->state = SSL3_ST_SW_SESSION_TICKET_A;	367	s->state = SSL3_ST_SW_SESSION_TICKET_A;
433	else	368	else
@@ -503,12 +438,6 @@ dtls1_accept(SSL *s)
503	skip = 1;	438	skip = 1;
504	s->s3->tmp.cert_request = 0;	439	s->s3->tmp.cert_request = 0;
505	s->state = SSL3_ST_SW_SRVR_DONE_A;	440	s->state = SSL3_ST_SW_SRVR_DONE_A;
506	#ifndef OPENSSL_NO_SCTP
507	if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
508	s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
509	s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
510	}
511	#endif
512	} else {	441	} else {
513	s->s3->tmp.cert_request = 1;	442	s->s3->tmp.cert_request = 1;
514	dtls1_start_timer(s);	443	dtls1_start_timer(s);
@@ -516,12 +445,6 @@ dtls1_accept(SSL *s)
516	if (ret <= 0)	445	if (ret <= 0)
517	goto end;	446	goto end;
518	s->state = SSL3_ST_SW_SRVR_DONE_A;	447	s->state = SSL3_ST_SW_SRVR_DONE_A;
519	#ifndef OPENSSL_NO_SCTP
520	if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
521	s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
522	s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
523	}
524	#endif
525	s->init_num = 0;	448	s->init_num = 0;
526	}	449	}
527	break;	450	break;
@@ -578,22 +501,6 @@ dtls1_accept(SSL *s)
578	ret = ssl3_get_client_key_exchange(s);	501	ret = ssl3_get_client_key_exchange(s);
579	if (ret <= 0)	502	if (ret <= 0)
580	goto end;	503	goto end;
581	#ifndef OPENSSL_NO_SCTP
582	/* Add new shared key for SCTP-Auth,
583	* will be ignored if no SCTP used.
584	*/
585	snprintf((char *)labelbuffer,
586	sizeof(DTLS1_SCTP_AUTH_LABEL),
587	DTLS1_SCTP_AUTH_LABEL);
588
589	SSL_export_keying_material(s, sctpauthkey,
590	sizeof(sctpauthkey), labelbuffer,
591	sizeof(labelbuffer), NULL, 0, 0);
592
593	BIO_ctrl(SSL_get_wbio(s),
594	BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
595	sizeof(sctpauthkey), sctpauthkey);
596	#endif
597		504
598	s->state = SSL3_ST_SR_CERT_VRFY_A;	505	s->state = SSL3_ST_SR_CERT_VRFY_A;
599	s->init_num = 0;	506	s->init_num = 0;
@@ -628,12 +535,6 @@ dtls1_accept(SSL *s)
628	ret = ssl3_get_cert_verify(s);	535	ret = ssl3_get_cert_verify(s);
629	if (ret <= 0)	536	if (ret <= 0)
630	goto end;	537	goto end;
631	#ifndef OPENSSL_NO_SCTP
632	if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
633	state == SSL_ST_RENEGOTIATE)
634	s->state = DTLS1_SCTP_ST_SR_READ_SOCK;
635	else
636	#endif
637	s->state = SSL3_ST_SR_FINISHED_A;	538	s->state = SSL3_ST_SR_FINISHED_A;
638	s->init_num = 0;	539	s->init_num = 0;
639	break;	540	break;
@@ -689,15 +590,6 @@ dtls1_accept(SSL *s)
689	if (ret <= 0)	590	if (ret <= 0)
690	goto end;	591	goto end;
691		592
692	#ifndef OPENSSL_NO_SCTP
693	if (!s->hit) {
694	/* Change to new shared key of SCTP-Auth,
695	* will be ignored if no SCTP used.
696	*/
697	BIO_ctrl(SSL_get_wbio(s),
698	BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
699	}
700	#endif
701		593
702	s->state = SSL3_ST_SW_FINISHED_A;	594	s->state = SSL3_ST_SW_FINISHED_A;
703	s->init_num = 0;	595	s->init_num = 0;
@@ -723,21 +615,8 @@ dtls1_accept(SSL *s)
723	if (s->hit) {	615	if (s->hit) {
724	s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;	616	s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
725		617
726	#ifndef OPENSSL_NO_SCTP
727	/* Change to new shared key of SCTP-Auth,
728	* will be ignored if no SCTP used.
729	*/
730	BIO_ctrl(SSL_get_wbio(s),
731	BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
732	#endif
733	} else {	618	} else {
734	s->s3->tmp.next_state = SSL_ST_OK;	619	s->s3->tmp.next_state = SSL_ST_OK;
735	#ifndef OPENSSL_NO_SCTP
736	if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
737	s->d1->next_state = s->s3->tmp.next_state;
738	s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
739	}
740	#endif
741	}	620	}
742	s->init_num = 0;	621	s->init_num = 0;
743	break;	622	break;
@@ -802,14 +681,6 @@ end:
802	/* BIO_flush(s->wbio); */	681	/* BIO_flush(s->wbio); */
803		682
804	s->in_handshake--;	683	s->in_handshake--;
805	#ifndef OPENSSL_NO_SCTP
806	/* Notify SCTP BIO socket to leave handshake
807	* mode and prevent stream identifier other
808	* than 0. Will be ignored if no SCTP is used.
809	*/
810	BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
811	s->in_handshake, NULL);
812	#endif
813		684
814	if (cb != NULL)	685	if (cb != NULL)
815	cb(s, SSL_CB_ACCEPT_EXIT, ret);	686	cb(s, SSL_CB_ACCEPT_EXIT, ret);