diff options
| author | jsing <> | 2015-02-09 10:53:28 +0000 |
|---|---|---|
| committer | jsing <> | 2015-02-09 10:53:28 +0000 |
| commit | b6cf79472f84871a9cffc9c9ee7643d17e8943a4 (patch) | |
| tree | 26c8e0794ca281a87b301ecbd4dde188ac6918e4 /src/lib/libssl/d1_srvr.c | |
| parent | ba83f0a487d169240e07a7f1b6b97c6f5ae100ef (diff) | |
| download | openbsd-b6cf79472f84871a9cffc9c9ee7643d17e8943a4.tar.gz openbsd-b6cf79472f84871a9cffc9c9ee7643d17e8943a4.tar.bz2 openbsd-b6cf79472f84871a9cffc9c9ee7643d17e8943a4.zip | |
Jettison DTLS over SCTP.
OpenBSD does not have SCTP support and it sees little use in the wild.
OPENSSL_NO_SCTP is already specified via opensslfeatures.h, hence this
is a code removal only and symbols should remain unchanged.
ok beck@ miod@ tedu@
Diffstat (limited to 'src/lib/libssl/d1_srvr.c')
| -rw-r--r-- | src/lib/libssl/d1_srvr.c | 131 |
1 files changed, 1 insertions, 130 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 1c732c5b08..4e6d0da3b3 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_srvr.c,v 1.48 2015/02/07 08:56:39 jsing Exp $ */ | 1 | /* $OpenBSD: d1_srvr.c,v 1.49 2015/02/09 10:53:28 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -182,10 +182,6 @@ dtls1_accept(SSL *s) | |||
| 182 | int ret = -1; | 182 | int ret = -1; |
| 183 | int new_state, state, skip = 0; | 183 | int new_state, state, skip = 0; |
| 184 | int listen; | 184 | int listen; |
| 185 | #ifndef OPENSSL_NO_SCTP | ||
| 186 | unsigned char sctpauthkey[64]; | ||
| 187 | char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; | ||
| 188 | #endif | ||
| 189 | 185 | ||
| 190 | ERR_clear_error(); | 186 | ERR_clear_error(); |
| 191 | errno = 0; | 187 | errno = 0; |
| @@ -203,14 +199,6 @@ dtls1_accept(SSL *s) | |||
| 203 | SSL_clear(s); | 199 | SSL_clear(s); |
| 204 | 200 | ||
| 205 | s->d1->listen = listen; | 201 | s->d1->listen = listen; |
| 206 | #ifndef OPENSSL_NO_SCTP | ||
| 207 | /* Notify SCTP BIO socket to enter handshake | ||
| 208 | * mode and prevent stream identifier other | ||
| 209 | * than 0. Will be ignored if no SCTP is used. | ||
| 210 | */ | ||
| 211 | BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, | ||
| 212 | s->in_handshake, NULL); | ||
| 213 | #endif | ||
| 214 | 202 | ||
| 215 | if (s->cert == NULL) { | 203 | if (s->cert == NULL) { |
| 216 | SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET); | 204 | SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET); |
| @@ -266,9 +254,6 @@ dtls1_accept(SSL *s) | |||
| 266 | * the output is sent in a way that TCP likes :-) | 254 | * the output is sent in a way that TCP likes :-) |
| 267 | * ...but not with SCTP :-) | 255 | * ...but not with SCTP :-) |
| 268 | */ | 256 | */ |
| 269 | #ifndef OPENSSL_NO_SCTP | ||
| 270 | if (!BIO_dgram_is_sctp(SSL_get_wbio(s))) | ||
| 271 | #endif | ||
| 272 | if (!ssl_init_wbio_buffer(s, 1)) { | 257 | if (!ssl_init_wbio_buffer(s, 1)) { |
| 273 | ret = -1; | 258 | ret = -1; |
| 274 | goto end; | 259 | goto end; |
| @@ -368,40 +353,6 @@ dtls1_accept(SSL *s) | |||
| 368 | } | 353 | } |
| 369 | break; | 354 | break; |
| 370 | 355 | ||
| 371 | #ifndef OPENSSL_NO_SCTP | ||
| 372 | case DTLS1_SCTP_ST_SR_READ_SOCK: | ||
| 373 | |||
| 374 | if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) { | ||
| 375 | s->s3->in_read_app_data = 2; | ||
| 376 | s->rwstate = SSL_READING; | ||
| 377 | BIO_clear_retry_flags(SSL_get_rbio(s)); | ||
| 378 | BIO_set_retry_read(SSL_get_rbio(s)); | ||
| 379 | ret = -1; | ||
| 380 | goto end; | ||
| 381 | } | ||
| 382 | |||
| 383 | s->state = SSL3_ST_SR_FINISHED_A; | ||
| 384 | break; | ||
| 385 | |||
| 386 | case DTLS1_SCTP_ST_SW_WRITE_SOCK: | ||
| 387 | ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); | ||
| 388 | if (ret < 0) | ||
| 389 | goto end; | ||
| 390 | |||
| 391 | if (ret == 0) { | ||
| 392 | if (s->d1->next_state != SSL_ST_OK) { | ||
| 393 | s->s3->in_read_app_data = 2; | ||
| 394 | s->rwstate = SSL_READING; | ||
| 395 | BIO_clear_retry_flags(SSL_get_rbio(s)); | ||
| 396 | BIO_set_retry_read(SSL_get_rbio(s)); | ||
| 397 | ret = -1; | ||
| 398 | goto end; | ||
| 399 | } | ||
| 400 | } | ||
| 401 | |||
| 402 | s->state = s->d1->next_state; | ||
| 403 | break; | ||
| 404 | #endif | ||
| 405 | 356 | ||
| 406 | case SSL3_ST_SW_SRVR_HELLO_A: | 357 | case SSL3_ST_SW_SRVR_HELLO_A: |
| 407 | case SSL3_ST_SW_SRVR_HELLO_B: | 358 | case SSL3_ST_SW_SRVR_HELLO_B: |
| @@ -412,22 +363,6 @@ dtls1_accept(SSL *s) | |||
| 412 | goto end; | 363 | goto end; |
| 413 | 364 | ||
| 414 | if (s->hit) { | 365 | if (s->hit) { |
| 415 | #ifndef OPENSSL_NO_SCTP | ||
| 416 | /* Add new shared key for SCTP-Auth, | ||
| 417 | * will be ignored if no SCTP used. | ||
| 418 | */ | ||
| 419 | snprintf((char*)labelbuffer, | ||
| 420 | sizeof(DTLS1_SCTP_AUTH_LABEL), | ||
| 421 | DTLS1_SCTP_AUTH_LABEL); | ||
| 422 | |||
| 423 | SSL_export_keying_material(s, sctpauthkey, | ||
| 424 | sizeof(sctpauthkey), labelbuffer, | ||
| 425 | sizeof(labelbuffer), NULL, 0, 0); | ||
| 426 | |||
| 427 | BIO_ctrl(SSL_get_wbio(s), | ||
| 428 | BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, | ||
| 429 | sizeof(sctpauthkey), sctpauthkey); | ||
| 430 | #endif | ||
| 431 | if (s->tlsext_ticket_expected) | 366 | if (s->tlsext_ticket_expected) |
| 432 | s->state = SSL3_ST_SW_SESSION_TICKET_A; | 367 | s->state = SSL3_ST_SW_SESSION_TICKET_A; |
| 433 | else | 368 | else |
| @@ -503,12 +438,6 @@ dtls1_accept(SSL *s) | |||
| 503 | skip = 1; | 438 | skip = 1; |
| 504 | s->s3->tmp.cert_request = 0; | 439 | s->s3->tmp.cert_request = 0; |
| 505 | s->state = SSL3_ST_SW_SRVR_DONE_A; | 440 | s->state = SSL3_ST_SW_SRVR_DONE_A; |
| 506 | #ifndef OPENSSL_NO_SCTP | ||
| 507 | if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { | ||
| 508 | s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A; | ||
| 509 | s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK; | ||
| 510 | } | ||
| 511 | #endif | ||
| 512 | } else { | 441 | } else { |
| 513 | s->s3->tmp.cert_request = 1; | 442 | s->s3->tmp.cert_request = 1; |
| 514 | dtls1_start_timer(s); | 443 | dtls1_start_timer(s); |
| @@ -516,12 +445,6 @@ dtls1_accept(SSL *s) | |||
| 516 | if (ret <= 0) | 445 | if (ret <= 0) |
| 517 | goto end; | 446 | goto end; |
| 518 | s->state = SSL3_ST_SW_SRVR_DONE_A; | 447 | s->state = SSL3_ST_SW_SRVR_DONE_A; |
| 519 | #ifndef OPENSSL_NO_SCTP | ||
| 520 | if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { | ||
| 521 | s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A; | ||
| 522 | s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK; | ||
| 523 | } | ||
| 524 | #endif | ||
| 525 | s->init_num = 0; | 448 | s->init_num = 0; |
| 526 | } | 449 | } |
| 527 | break; | 450 | break; |
| @@ -578,22 +501,6 @@ dtls1_accept(SSL *s) | |||
| 578 | ret = ssl3_get_client_key_exchange(s); | 501 | ret = ssl3_get_client_key_exchange(s); |
| 579 | if (ret <= 0) | 502 | if (ret <= 0) |
| 580 | goto end; | 503 | goto end; |
| 581 | #ifndef OPENSSL_NO_SCTP | ||
| 582 | /* Add new shared key for SCTP-Auth, | ||
| 583 | * will be ignored if no SCTP used. | ||
| 584 | */ | ||
| 585 | snprintf((char *)labelbuffer, | ||
| 586 | sizeof(DTLS1_SCTP_AUTH_LABEL), | ||
| 587 | DTLS1_SCTP_AUTH_LABEL); | ||
| 588 | |||
| 589 | SSL_export_keying_material(s, sctpauthkey, | ||
| 590 | sizeof(sctpauthkey), labelbuffer, | ||
| 591 | sizeof(labelbuffer), NULL, 0, 0); | ||
| 592 | |||
| 593 | BIO_ctrl(SSL_get_wbio(s), | ||
| 594 | BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, | ||
| 595 | sizeof(sctpauthkey), sctpauthkey); | ||
| 596 | #endif | ||
| 597 | 504 | ||
| 598 | s->state = SSL3_ST_SR_CERT_VRFY_A; | 505 | s->state = SSL3_ST_SR_CERT_VRFY_A; |
| 599 | s->init_num = 0; | 506 | s->init_num = 0; |
| @@ -628,12 +535,6 @@ dtls1_accept(SSL *s) | |||
| 628 | ret = ssl3_get_cert_verify(s); | 535 | ret = ssl3_get_cert_verify(s); |
| 629 | if (ret <= 0) | 536 | if (ret <= 0) |
| 630 | goto end; | 537 | goto end; |
| 631 | #ifndef OPENSSL_NO_SCTP | ||
| 632 | if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && | ||
| 633 | state == SSL_ST_RENEGOTIATE) | ||
| 634 | s->state = DTLS1_SCTP_ST_SR_READ_SOCK; | ||
| 635 | else | ||
| 636 | #endif | ||
| 637 | s->state = SSL3_ST_SR_FINISHED_A; | 538 | s->state = SSL3_ST_SR_FINISHED_A; |
| 638 | s->init_num = 0; | 539 | s->init_num = 0; |
| 639 | break; | 540 | break; |
| @@ -689,15 +590,6 @@ dtls1_accept(SSL *s) | |||
| 689 | if (ret <= 0) | 590 | if (ret <= 0) |
| 690 | goto end; | 591 | goto end; |
| 691 | 592 | ||
| 692 | #ifndef OPENSSL_NO_SCTP | ||
| 693 | if (!s->hit) { | ||
| 694 | /* Change to new shared key of SCTP-Auth, | ||
| 695 | * will be ignored if no SCTP used. | ||
| 696 | */ | ||
| 697 | BIO_ctrl(SSL_get_wbio(s), | ||
| 698 | BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); | ||
| 699 | } | ||
| 700 | #endif | ||
| 701 | 593 | ||
| 702 | s->state = SSL3_ST_SW_FINISHED_A; | 594 | s->state = SSL3_ST_SW_FINISHED_A; |
| 703 | s->init_num = 0; | 595 | s->init_num = 0; |
| @@ -723,21 +615,8 @@ dtls1_accept(SSL *s) | |||
| 723 | if (s->hit) { | 615 | if (s->hit) { |
| 724 | s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A; | 616 | s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A; |
| 725 | 617 | ||
| 726 | #ifndef OPENSSL_NO_SCTP | ||
| 727 | /* Change to new shared key of SCTP-Auth, | ||
| 728 | * will be ignored if no SCTP used. | ||
| 729 | */ | ||
| 730 | BIO_ctrl(SSL_get_wbio(s), | ||
| 731 | BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); | ||
| 732 | #endif | ||
| 733 | } else { | 618 | } else { |
| 734 | s->s3->tmp.next_state = SSL_ST_OK; | 619 | s->s3->tmp.next_state = SSL_ST_OK; |
| 735 | #ifndef OPENSSL_NO_SCTP | ||
| 736 | if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { | ||
| 737 | s->d1->next_state = s->s3->tmp.next_state; | ||
| 738 | s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK; | ||
| 739 | } | ||
| 740 | #endif | ||
| 741 | } | 620 | } |
| 742 | s->init_num = 0; | 621 | s->init_num = 0; |
| 743 | break; | 622 | break; |
| @@ -802,14 +681,6 @@ end: | |||
| 802 | /* BIO_flush(s->wbio); */ | 681 | /* BIO_flush(s->wbio); */ |
| 803 | 682 | ||
| 804 | s->in_handshake--; | 683 | s->in_handshake--; |
| 805 | #ifndef OPENSSL_NO_SCTP | ||
| 806 | /* Notify SCTP BIO socket to leave handshake | ||
| 807 | * mode and prevent stream identifier other | ||
| 808 | * than 0. Will be ignored if no SCTP is used. | ||
| 809 | */ | ||
| 810 | BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, | ||
| 811 | s->in_handshake, NULL); | ||
| 812 | #endif | ||
| 813 | 684 | ||
| 814 | if (cb != NULL) | 685 | if (cb != NULL) |
| 815 | cb(s, SSL_CB_ACCEPT_EXIT, ret); | 686 | cb(s, SSL_CB_ACCEPT_EXIT, ret); |