From b6cf79472f84871a9cffc9c9ee7643d17e8943a4 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Mon, 9 Feb 2015 10:53:28 +0000
Subject: Jettison DTLS over SCTP.

OpenBSD does not have SCTP support and it sees little use in the wild.
OPENSSL_NO_SCTP is already specified via opensslfeatures.h, hence this
is a code removal only and symbols should remain unchanged.

ok beck@ miod@ tedu@
---
 src/lib/libssl/d1_clnt.c | 146 +----------------------------------------------
 1 file changed, 1 insertion(+), 145 deletions(-)

(limited to 'src/lib/libssl/d1_clnt.c')

diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index c344c1bcdc..cf25183de5 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.42 2015/02/06 08:30:23 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.43 2015/02/09 10:53:28 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -180,10 +180,6 @@ dtls1_connect(SSL *s)
 	void (*cb)(const SSL *ssl, int type, int val) = NULL;
 	int ret = -1;
 	int new_state, state, skip = 0;
-#ifndef OPENSSL_NO_SCTP
-	unsigned char sctpauthkey[64];
-	char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
-#endif
 
 	ERR_clear_error();
 	errno = 0;
@@ -197,14 +193,6 @@ dtls1_connect(SSL *s)
 	if (!SSL_in_init(s) || SSL_in_before(s))
 		SSL_clear(s);
 
-#ifndef OPENSSL_NO_SCTP
-	/* Notify SCTP BIO socket to enter handshake
-	 * mode and prevent stream identifier other
-	 * than 0. Will be ignored if no SCTP is used.
-	 */
-	BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
-	    s->in_handshake, NULL);
-#endif
 
 	for (;;) {
 		state = s->state;
@@ -271,40 +259,6 @@ dtls1_connect(SSL *s)
 			s->hit = 0;
 			break;
 
-#ifndef OPENSSL_NO_SCTP
-		case DTLS1_SCTP_ST_CR_READ_SOCK:
-
-			if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
-				s->s3->in_read_app_data = 2;
-				s->rwstate = SSL_READING;
-				BIO_clear_retry_flags(SSL_get_rbio(s));
-				BIO_set_retry_read(SSL_get_rbio(s));
-				ret = -1;
-				goto end;
-			}
-
-			s->state = s->s3->tmp.next_state;
-			break;
-
-		case DTLS1_SCTP_ST_CW_WRITE_SOCK:
-			/* read app data until dry event */
-
-			ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
-			if (ret < 0)
-				goto end;
-
-			if (ret == 0) {
-				s->s3->in_read_app_data = 2;
-				s->rwstate = SSL_READING;
-				BIO_clear_retry_flags(SSL_get_rbio(s));
-				BIO_set_retry_read(SSL_get_rbio(s));
-				ret = -1;
-				goto end;
-			}
-
-			s->state = s->d1->next_state;
-			break;
-#endif
 
 		case SSL3_ST_CW_CLNT_HELLO_A:
 		case SSL3_ST_CW_CLNT_HELLO_B:
@@ -330,16 +284,9 @@ dtls1_connect(SSL *s)
 
 			s->init_num = 0;
 
-#ifndef OPENSSL_NO_SCTP
-			/* Disable buffering for SCTP */
-			if (!BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-#endif
 				/* turn on buffering for the next lot of output */
 				if (s->bbio != s->wbio)
 					s->wbio = BIO_push(s->bbio, s->wbio);
-#ifndef OPENSSL_NO_SCTP
-			}
-#endif
 			break;
 
 		case SSL3_ST_CR_SRVR_HELLO_A:
@@ -349,20 +296,6 @@ dtls1_connect(SSL *s)
 				goto end;
 			else {
 				if (s->hit) {
-#ifndef OPENSSL_NO_SCTP
-					/* Add new shared key for SCTP-Auth,
-					 * will be ignored if no SCTP used.
-					 */
-					snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
-					    DTLS1_SCTP_AUTH_LABEL);
-
-					SSL_export_keying_material(s, sctpauthkey,
-					    sizeof(sctpauthkey), labelbuffer,
-					    sizeof(labelbuffer), NULL, 0, 0);
-
-					BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
-					    sizeof(sctpauthkey), sctpauthkey);
-#endif
 
 					s->state = SSL3_ST_CR_FINISHED_A;
 				} else
@@ -453,12 +386,6 @@ dtls1_connect(SSL *s)
 				s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
 			s->init_num = 0;
 
-#ifndef OPENSSL_NO_SCTP
-			if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
-			    state == SSL_ST_RENEGOTIATE)
-				s->state = DTLS1_SCTP_ST_CR_READ_SOCK;
-			else
-#endif
 				s->state = s->s3->tmp.next_state;
 			break;
 
@@ -481,22 +408,6 @@ dtls1_connect(SSL *s)
 			if (ret <= 0)
 				goto end;
 
-#ifndef OPENSSL_NO_SCTP
-			/* Add new shared key for SCTP-Auth,
-			 * will be ignored if no SCTP used.
-			 */
-			snprintf((char*)labelbuffer,
-			    sizeof(DTLS1_SCTP_AUTH_LABEL),
-			    DTLS1_SCTP_AUTH_LABEL);
-
-			SSL_export_keying_material(s, sctpauthkey,
-			    sizeof(sctpauthkey), labelbuffer,
-			    sizeof(labelbuffer), NULL, 0, 0);
-
-			BIO_ctrl(SSL_get_wbio(s),
-			    BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
-			    sizeof(sctpauthkey), sctpauthkey);
-#endif
 
 			/* EAY EAY EAY need to check for DH fix cert
 			 * sent back */
@@ -505,12 +416,6 @@ dtls1_connect(SSL *s)
 			if (s->s3->tmp.cert_req == 1) {
 				s->state = SSL3_ST_CW_CERT_VRFY_A;
 			} else {
-#ifndef OPENSSL_NO_SCTP
-				if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-					s->d1->next_state = SSL3_ST_CW_CHANGE_A;
-					s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
-				} else
-#endif
 					s->state = SSL3_ST_CW_CHANGE_A;
 				s->s3->change_cipher_spec = 0;
 			}
@@ -524,12 +429,6 @@ dtls1_connect(SSL *s)
 			ret = dtls1_send_client_verify(s);
 			if (ret <= 0)
 				goto end;
-#ifndef OPENSSL_NO_SCTP
-			if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-				s->d1->next_state = SSL3_ST_CW_CHANGE_A;
-				s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
-			} else
-#endif
 				s->state = SSL3_ST_CW_CHANGE_A;
 			s->init_num = 0;
 			s->s3->change_cipher_spec = 0;
@@ -559,15 +458,6 @@ dtls1_connect(SSL *s)
 				goto end;
 			}
 
-#ifndef OPENSSL_NO_SCTP
-			if (s->hit) {
-				/* Change to new shared key of SCTP-Auth,
-				 * will be ignored if no SCTP used.
-				 */
-				BIO_ctrl(SSL_get_wbio(s),
-				    BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
-			}
-#endif
 
 			dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
 			break;
@@ -588,31 +478,12 @@ dtls1_connect(SSL *s)
 			s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
 			if (s->hit) {
 				s->s3->tmp.next_state = SSL_ST_OK;
-#ifndef OPENSSL_NO_SCTP
-				if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-					s->d1->next_state = s->s3->tmp.next_state;
-					s->s3->tmp.next_state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
-				}
-#endif
 				if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
 					s->state = SSL_ST_OK;
-#ifndef OPENSSL_NO_SCTP
-					if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-						s->d1->next_state = SSL_ST_OK;
-						s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
-					}
-#endif
 					s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
 					s->s3->delay_buf_pop_ret = 0;
 				}
 			} else {
-#ifndef OPENSSL_NO_SCTP
-				/* Change to new shared key of SCTP-Auth,
-				 * will be ignored if no SCTP used.
-				 */
-				BIO_ctrl(SSL_get_wbio(s),
-				    BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
-#endif
 
 				/* Allow NewSessionTicket if ticket expected */
 				if (s->tlsext_ticket_expected)
@@ -657,13 +528,6 @@ dtls1_connect(SSL *s)
 			else
 				s->state = SSL_ST_OK;
 
-#ifndef OPENSSL_NO_SCTP
-			if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
-			    state == SSL_ST_RENEGOTIATE) {
-				s->d1->next_state = s->state;
-				s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
-			}
-#endif
 
 			s->init_num = 0;
 			break;
@@ -742,14 +606,6 @@ dtls1_connect(SSL *s)
 end:
 	s->in_handshake--;
 
-#ifndef OPENSSL_NO_SCTP
-	/* Notify SCTP BIO socket to leave handshake
-	 * mode and allow stream identifier other
-	 * than 0. Will be ignored if no SCTP is used.
-	 */
-	BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
-	    s->in_handshake, NULL);
-#endif
 
 	if (buf != NULL)
 		BUF_MEM_free(buf);
-- 
cgit v1.2.3-55-g6feb