From: Matt Caswell Date: Thu, 9 Apr 2015 22:31:35 +0000 (+0100) Subject: Remove remaining old listen code X-Git-Tag: OpenSSL_1_1_0-pre1~530 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=912c89c529de78de807f58072ae77456b4a251b5;p=oweals%2Fopenssl.git Remove remaining old listen code The old implementation of DTLSv1_listen which has now been replaced still had a few vestiges scattered throughout the code. This commit removes them. Reviewed-by: Andy Polyakov --- diff --git a/ssl/d1_both.c b/ssl/d1_both.c index a69622aea5..02a464e4f0 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -530,9 +530,8 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) memset(msg_hdr, 0, sizeof(*msg_hdr)); - /* Don't change sequence numbers while listening */ - if (!s->d1->listen) - s->d1->handshake_read_seq++; + s->d1->handshake_read_seq++; + s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; return s->init_num; @@ -946,8 +945,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, int mt, long max, int *ok) * While listening, we accept seq 1 (ClientHello with cookie) * although we're still expecting seq 0 (ClientHello) */ - if (msg_hdr.seq != s->d1->handshake_read_seq - && !(s->d1->listen && msg_hdr.seq == 1)) + if (msg_hdr.seq != s->d1->handshake_read_seq) return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); if (frag_len && frag_len < len) @@ -1300,8 +1298,7 @@ void dtls1_set_message_header(SSL *s, unsigned char *p, unsigned long frag_off, unsigned long frag_len) { - /* Don't change sequence numbers while listening */ - if (frag_off == 0 && !s->d1->listen) { + if (frag_off == 0) { s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; s->d1->next_handshake_write_seq++; } diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 3d3d3f751f..8aa1ebaa4b 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -165,7 +165,6 @@ int dtls1_accept(SSL *s) unsigned long alg_k; int ret = -1; int new_state, state, skip = 0; - int listen; #ifndef OPENSSL_NO_SCTP unsigned char sctpauthkey[64]; char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; @@ -180,8 +179,6 @@ int dtls1_accept(SSL *s) else if (s->ctx->info_callback != NULL) cb = s->ctx->info_callback; - listen = s->d1->listen; - /* init things to blank */ s->in_handshake++; if (!SSL_in_init(s) || SSL_in_before(s)) { @@ -189,7 +186,6 @@ int dtls1_accept(SSL *s) return -1; } - s->d1->listen = listen; #ifndef OPENSSL_NO_SCTP /* * Notify SCTP BIO socket to enter handshake mode and prevent stream @@ -327,28 +323,6 @@ int dtls1_accept(SSL *s) s->state = SSL3_ST_SW_SRVR_HELLO_A; s->init_num = 0; - - /* - * Reflect ClientHello sequence to remain stateless while - * listening - */ - if (listen) { - DTLS_RECORD_LAYER_resync_write(&s->rlayer); - } - - /* If we're just listening, stop here */ - if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) { - ret = 2; - s->d1->listen = 0; - /* - * Set expected sequence numbers to continue the handshake. - */ - s->d1->handshake_read_seq = 2; - s->d1->handshake_write_seq = 1; - s->d1->next_handshake_write_seq = 1; - goto end; - } - break; case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index b5548e626a..d7d0093aec 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -511,11 +511,6 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } } - if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) { - SSL3_RECORD_set_length(rr, 0); - goto start; - } - /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 1fa1710326..7383f137b7 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1508,18 +1508,8 @@ int dtls1_get_record(SSL *s) /* Only do replay check if no SCTP bio */ if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) { #endif - /* - * Check whether this is a repeat, or aged record. Don't check if - * we're listening and this message is a ClientHello. They can look - * as if they're replayed, since they arrive from different - * connections and would be dropped unnecessarily. - */ - if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && - RECORD_LAYER_get_packet_length(&s->rlayer) - > DTLS1_RT_HEADER_LENGTH && - RECORD_LAYER_get_packet(&s->rlayer)[DTLS1_RT_HEADER_LENGTH] - == SSL3_MT_CLIENT_HELLO) && - !dtls1_record_replay_check(s, bitmap)) { + /* Check whether this is a repeat, or aged record. */ + if (!dtls1_record_replay_check(s, bitmap)) { rr->length = 0; RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ goto again; /* get another record */ @@ -1535,11 +1525,10 @@ int dtls1_get_record(SSL *s) /* * If this record is from the next epoch (either HM or ALERT), and a * handshake is currently in progress, buffer it since it cannot be - * processed at this time. However, do not buffer anything while - * listening. + * processed at this time. */ if (is_next_epoch) { - if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) { + if ((SSL_in_init(s) || s->in_handshake)) { if (dtls1_buffer_record (s, &(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)), rr->seq_num) < 0) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 84b7458a56..b7c4fe75d1 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1431,8 +1431,6 @@ typedef struct dtls1_state_st { /* Buffered (sent) handshake records */ pqueue sent_messages; - /* Is set when listening for new connections with dtls1_listen() */ - unsigned int listen; unsigned int link_mtu; /* max on-the-wire DTLS packet size */ unsigned int mtu; /* max DTLS packet size */ struct hm_header_st w_msg_hdr;