diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h index a9e3ada9..2069aedb 100644 --- a/include/openssl/dtls1.h +++ b/include/openssl/dtls1.h @@ -209,9 +209,6 @@ typedef struct dtls1_state_st */ record_pqueue buffered_app_data; - /* Is set when listening for new connections with dtls1_listen() */ - unsigned int listen; - unsigned int mtu; /* max DTLS packet size */ struct hm_header_st w_msg_hdr; diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 31ff5db4..a08b4129 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1645,7 +1645,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define DTLS_CTRL_GET_TIMEOUT 73 #define DTLS_CTRL_HANDLE_TIMEOUT 74 -#define DTLS_CTRL_LISTEN 75 #define SSL_CTRL_GET_RI_SUPPORT 76 #define SSL_CTRL_CLEAR_OPTIONS 77 @@ -1690,8 +1689,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) #define DTLSv1_handle_timeout(ssl) \ SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) -#define DTLSv1_listen(ssl, peer) \ - SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) #define SSL_session_reused(ssl) \ SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 82d4a865..327a1acb 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -483,9 +483,7 @@ again: memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); - /* Don't change sequence numbers while listening */ - if (!s->d1->listen) - s->d1->handshake_read_seq++; + s->d1->handshake_read_seq++; return s->init_num; @@ -850,10 +848,8 @@ dtls1_get_message_fragment(SSL *s, int stn, long max, int *ok) /* * if this is a future (or stale) message it gets buffered * (or dropped)--no further processing at this time - * While listening, we accept seq 1 (ClientHello with cookie) - * although we're still expecting seq 0 (ClientHello) */ - if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1)) + if (msg_hdr.seq != s->d1->handshake_read_seq) return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); len = msg_hdr.msg_len; @@ -1206,8 +1202,7 @@ unsigned char * dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, unsigned long len, unsigned long frag_off, unsigned long frag_len) { - /* Don't change sequence numbers while listening */ - if (frag_off == 0 && !s->d1->listen) + if (frag_off == 0) { s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; s->d1->next_handshake_write_seq++; diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 650d8e78..cc7980f7 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -75,7 +75,6 @@ static void get_current_time(OPENSSL_timeval *t); static OPENSSL_timeval* dtls1_get_timeout(SSL *s, OPENSSL_timeval* timeleft); static void dtls1_set_handshake_header(SSL *s, int type, unsigned long len); static int dtls1_handshake_write(SSL *s, enum should_add_to_finished_hash should_add_to_finished_hash); -int dtls1_listen(SSL *s, struct sockaddr *client); static void dtls1_add_to_finished_hash(SSL *s); SSL3_ENC_METHOD DTLSv1_enc_data={ @@ -295,9 +294,6 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) case DTLS_CTRL_HANDLE_TIMEOUT: ret = dtls1_handle_timeout(s); break; - case DTLS_CTRL_LISTEN: - ret = dtls1_listen(s, parg); - break; default: ret = ssl3_ctrl(s, cmd, larg, parg); @@ -481,20 +477,6 @@ static void get_current_time(OPENSSL_timeval *t) #endif } -int dtls1_listen(SSL *s, struct sockaddr *client) - { - int ret; - - SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); - s->d1->listen = 1; - - ret = SSL_accept(s); - if (ret <= 0) return ret; - - BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_GET_PEER, 0, &client); - return 1; - } - static void dtls1_set_handshake_header(SSL *s, int htype, unsigned long len) { unsigned char *p = (unsigned char *)s->init_buf->data; diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 0ecbb2ee..a5a27f19 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -644,32 +644,24 @@ again: goto again; /* get another record */ } - /* Check whether this is a repeat, or aged record. - * Don't check if we're listening and this message is - * a ClientHello. They can look as if they're replayed, - * since they arrive from different connections and - * would be dropped unnecessarily. - */ - if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && - *p == SSL3_MT_CLIENT_HELLO) && - !dtls1_record_replay_check(s, bitmap)) - { - rr->length = 0; - s->packet_length=0; /* dump this record */ - goto again; /* get another record */ - } + /* Check whether this is a repeat, or aged record. */ + if (!dtls1_record_replay_check(s, bitmap)) + { + rr->length = 0; + s->packet_length=0; /* dump this record */ + goto again; /* get another record */ + } /* just read a 0 length packet */ if (rr->length == 0) goto again; /* If this record is from the next epoch (either HM or ALERT), * and a handshake is currently in progress, buffer it since it - * cannot be processed at this time. However, do not buffer - * anything while listening. + * cannot be processed at this time. */ if (is_next_epoch) { - if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) + if (SSL_in_init(s) || s->in_handshake) { dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); } @@ -799,12 +791,6 @@ start: } } - if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) - { - rr->length = 0; - goto start; - } - /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index e1c56167..28c75fcc 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -166,7 +166,6 @@ int dtls1_accept(SSL *s) unsigned long alg_a; int ret= -1; int new_state,state,skip=0; - int listen; ERR_clear_error(); ERR_clear_system_error(); @@ -175,15 +174,11 @@ int dtls1_accept(SSL *s) cb=s->info_callback; else if (s->ctx->info_callback != NULL) cb=s->ctx->info_callback; - - listen = s->d1->listen; /* init things to blank */ s->in_handshake++; if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); - s->d1->listen = listen; - if (s->cert == NULL) { OPENSSL_PUT_ERROR(SSL, dtls1_accept, SSL_R_NO_CERTIFICATE_SET); @@ -295,27 +290,6 @@ int dtls1_accept(SSL *s) s->state = SSL3_ST_SW_SRVR_HELLO_A; s->init_num=0; - - /* Reflect ClientHello sequence to remain stateless while listening */ - if (listen) - { - memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence)); - } - - /* If we're just listening, stop here */ - if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) - { - ret = 2; - s->d1->listen = 0; - /* Set expected sequence numbers - * to continue the handshake. - */ - s->d1->handshake_read_seq = 2; - s->d1->handshake_write_seq = 1; - s->d1->next_handshake_write_seq = 1; - goto end; - } - break; case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: