1 files changed, 5 insertions, 91 deletions

diff --git a/src/ssl/d1_srvr.c b/src/ssl/d1_srvr.c
index 5bce98e..e314910 100644
--- a/src/ssl/d1_srvr.c
+++ b/src/ssl/d1_srvr.c
@@ -118,21 +118,20 @@
 #include <openssl/bn.h>
 #include <openssl/buf.h>
 #include <openssl/dh.h>
+#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
 #include <openssl/obj.h>
 #include <openssl/rand.h>
 #include <openssl/x509.h>
 
-#include "ssl_locl.h"
+#include "internal.h"
 
 
-static int dtls1_send_hello_verify_request(SSL *s);
-
 int dtls1_accept(SSL *s) {
   BUF_MEM *buf = NULL;
   void (*cb)(const SSL *ssl, int type, int val) = NULL;
-  unsigned long alg_a;
+  uint32_t alg_a;
   int ret = -1;
   int new_state, state, skip = 0;
 
@@ -180,11 +179,6 @@ int dtls1_accept(SSL *s) {
           buf = NULL;
         }
 
-        if (!ssl3_setup_buffers(s)) {
-          ret = -1;
-          goto end;
-        }
-
         s->init_num = 0;
 
         if (s->state != SSL_ST_RENEGOTIATE) {
@@ -200,11 +194,9 @@ int dtls1_accept(SSL *s) {
           }
 
           s->state = SSL3_ST_SR_CLNT_HELLO_A;
-          s->ctx->stats.sess_accept++;
         } else {
           /* s->state == SSL_ST_RENEGOTIATE, * we will just send a
            * HelloRequest */
-          s->ctx->stats.sess_accept_renegotiate++;
           s->state = SSL3_ST_SW_HELLO_REQ_A;
         }
 
@@ -244,33 +236,10 @@ int dtls1_accept(SSL *s) {
           goto end;
         }
         dtls1_stop_timer(s);
-
-        if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) {
-          s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
-        } else {
-          s->state = SSL3_ST_SW_SRVR_HELLO_A;
-        }
-
+        s->state = SSL3_ST_SW_SRVR_HELLO_A;
         s->init_num = 0;
         break;
 
-      case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
-      case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
-        ret = dtls1_send_hello_verify_request(s);
-        if (ret <= 0) {
-          goto end;
-        }
-        s->state = SSL3_ST_SW_FLUSH;
-        s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
-
-        /* HelloVerifyRequest resets Finished MAC */
-        if (!ssl3_init_finished_mac(s)) {
-          OPENSSL_PUT_ERROR(SSL, dtls1_accept, ERR_R_INTERNAL_ERROR);
-          ret = -1;
-          goto end;
-        }
-        break;
-
       case SSL3_ST_SW_SRVR_HELLO_A:
       case SSL3_ST_SW_SRVR_HELLO_B:
         s->renegotiate = 2;
@@ -347,13 +316,6 @@ int dtls1_accept(SSL *s) {
              * don't request cert during re-negotiation: */
             ((s->session->peer != NULL) &&
              (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
-            /* never request cert in anonymous ciphersuites
-             * (see section "Certificate request" in SSL 3 drafts
-             * and in RFC 2246): */
-            ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
-             /* ... except when the application insists on verification
-              * (against the specs, but s3_clnt.c accepts this for SSL 3) */
-             !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
             /* With normal PSK Certificates and
              * Certificate Requests are omitted */
             (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
@@ -368,12 +330,7 @@ int dtls1_accept(SSL *s) {
           if (ret <= 0) {
             goto end;
           }
-#ifndef NETSCAPE_HANG_BUG
           s->state = SSL3_ST_SW_SRVR_DONE_A;
-#else
-          s->state = SSL3_ST_SW_FLUSH;
-          s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
-#endif
           s->init_num = 0;
         }
         break;
@@ -393,12 +350,6 @@ int dtls1_accept(SSL *s) {
       case SSL3_ST_SW_FLUSH:
         s->rwstate = SSL_WRITING;
         if (BIO_flush(s->wbio) <= 0) {
-          /* If the write error was fatal, stop trying */
-          if (!BIO_should_retry(s->wbio)) {
-            s->rwstate = SSL_NOTHING;
-            s->state = s->s3->tmp.next_state;
-          }
-
           ret = -1;
           goto end;
         }
@@ -527,8 +478,6 @@ int dtls1_accept(SSL *s) {
 
           ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
 
-          s->ctx->stats.sess_accept_good++;
-
           if (cb != NULL) {
             cb(s, SSL_CB_HANDSHAKE_DONE, 1);
           }
@@ -562,44 +511,9 @@ int dtls1_accept(SSL *s) {
 
 end:
   s->in_handshake--;
-  if (buf != NULL) {
-    BUF_MEM_free(buf);
-  }
+  BUF_MEM_free(buf);
   if (cb != NULL) {
     cb(s, SSL_CB_ACCEPT_EXIT, ret);
   }
   return ret;
 }
-
-int dtls1_send_hello_verify_request(SSL *s) {
-  uint8_t *msg, *p;
-
-  if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
-    msg = p = ssl_handshake_start(s);
-    /* Always use DTLS 1.0 version: see RFC 6347 */
-    *(p++) = DTLS1_VERSION >> 8;
-    *(p++) = DTLS1_VERSION & 0xFF;
-
-    /* Inform the callback how much space is in the
-     * cookie's buffer. */
-    s->d1->cookie_len = sizeof(s->d1->cookie);
-
-    if (s->ctx->app_gen_cookie_cb == NULL ||
-        s->ctx->app_gen_cookie_cb(s, s->d1->cookie, &(s->d1->cookie_len)) ==
-            0) {
-      OPENSSL_PUT_ERROR(SSL, dtls1_send_hello_verify_request,
-                        ERR_R_INTERNAL_ERROR);
-      return 0;
-    }
-
-    *(p++) = (uint8_t)s->d1->cookie_len;
-    memcpy(p, s->d1->cookie, s->d1->cookie_len);
-    p += s->d1->cookie_len;
-
-    ssl_set_handshake_header(s, DTLS1_MT_HELLO_VERIFY_REQUEST, p - msg);
-    s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
-  }
-
-  /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
-  return ssl_do_write(s);
-}