summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorjsing <>2017-08-28 17:36:58 +0000
committerjsing <>2017-08-28 17:36:58 +0000
commit6946bfa953382f8050208e6198d3d6713b681d82 (patch)
treefd1e6e86b01342a6a9ff433e37ed36471fd5b785 /src/lib
parente790d179f0c122ea11b978a15855d1fc9ccc5033 (diff)
downloadopenbsd-6946bfa953382f8050208e6198d3d6713b681d82.tar.gz
openbsd-6946bfa953382f8050208e6198d3d6713b681d82.tar.bz2
openbsd-6946bfa953382f8050208e6198d3d6713b681d82.zip
Completely remove NPN remnants.
Based on a diff from doug@, similar diff from inoguchi@
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libssl/Symbols.list3
-rw-r--r--src/lib/libssl/man/SSL_CTX_set_alpn_select_cb.350
-rw-r--r--src/lib/libssl/ssl.h10
-rw-r--r--src/lib/libssl/ssl3.h8
-rw-r--r--src/lib/libssl/ssl_err.c14
-rw-r--r--src/lib/libssl/ssl_lib.c26
-rw-r--r--src/lib/libssl/tls1.h5
7 files changed, 9 insertions, 107 deletions
diff --git a/src/lib/libssl/Symbols.list b/src/lib/libssl/Symbols.list
index e147ff873d..7b54776d55 100644
--- a/src/lib/libssl/Symbols.list
+++ b/src/lib/libssl/Symbols.list
@@ -100,8 +100,6 @@ SSL_CTX_set_info_callback
100SSL_CTX_set_min_proto_version 100SSL_CTX_set_min_proto_version
101SSL_CTX_set_max_proto_version 101SSL_CTX_set_max_proto_version
102SSL_CTX_set_msg_callback 102SSL_CTX_set_msg_callback
103SSL_CTX_set_next_proto_select_cb
104SSL_CTX_set_next_protos_advertised_cb
105SSL_CTX_set_purpose 103SSL_CTX_set_purpose
106SSL_CTX_set_quiet_shutdown 104SSL_CTX_set_quiet_shutdown
107SSL_CTX_set_session_id_context 105SSL_CTX_set_session_id_context
@@ -161,7 +159,6 @@ SSL_dup_CA_list
161SSL_export_keying_material 159SSL_export_keying_material
162SSL_free 160SSL_free
163SSL_get0_alpn_selected 161SSL_get0_alpn_selected
164SSL_get0_next_proto_negotiated
165SSL_get1_session 162SSL_get1_session
166SSL_get_SSL_CTX 163SSL_get_SSL_CTX
167SSL_get_certificate 164SSL_get_certificate
diff --git a/src/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 b/src/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
index 175689d79b..2c0905123b 100644
--- a/src/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
+++ b/src/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
@@ -1,4 +1,4 @@
1.\" $OpenBSD: SSL_CTX_set_alpn_select_cb.3,v 1.4 2017/08/21 08:31:19 schwarze Exp $ 1.\" $OpenBSD: SSL_CTX_set_alpn_select_cb.3,v 1.5 2017/08/28 17:36:58 jsing Exp $
2.\" OpenSSL 87b81496 Apr 19 12:38:27 2017 -0400 2.\" OpenSSL 87b81496 Apr 19 12:38:27 2017 -0400
3.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 3.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
4.\" 4.\"
@@ -49,18 +49,15 @@
49.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 49.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50.\" OF THE POSSIBILITY OF SUCH DAMAGE. 50.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51.\" 51.\"
52.Dd $Mdocdate: August 21 2017 $ 52.Dd $Mdocdate: August 28 2017 $
53.Dt SSL_CTX_SET_ALPN_SELECT_CB 3 53.Dt SSL_CTX_SET_ALPN_SELECT_CB 3
54.Os 54.Os
55.Sh NAME 55.Sh NAME
56.Nm SSL_CTX_set_alpn_protos , 56.Nm SSL_CTX_set_alpn_protos ,
57.Nm SSL_set_alpn_protos , 57.Nm SSL_set_alpn_protos ,
58.Nm SSL_CTX_set_alpn_select_cb , 58.Nm SSL_CTX_set_alpn_select_cb ,
59.Nm SSL_CTX_set_next_proto_select_cb ,
60.Nm SSL_CTX_set_next_protos_advertised_cb ,
61.Nm SSL_select_next_proto , 59.Nm SSL_select_next_proto ,
62.Nm SSL_get0_alpn_selected , 60.Nm SSL_get0_alpn_selected
63.Nm SSL_get0_next_proto_negotiated
64.Nd handle application layer protocol negotiation (ALPN) 61.Nd handle application layer protocol negotiation (ALPN)
65.Sh SYNOPSIS 62.Sh SYNOPSIS
66.In openssl/ssl.h 63.In openssl/ssl.h
@@ -84,21 +81,6 @@
84 unsigned int inlen, void *arg)" 81 unsigned int inlen, void *arg)"
85.Fa "void *arg" 82.Fa "void *arg"
86.Fc 83.Fc
87.Ft void
88.Fo SSL_CTX_set_next_proto_select_cb
89.Fa "SSL_CTX *ctx"
90.Fa "int (*cb)(SSL *ssl, unsigned char **out,\
91 unsigned char *outlen, const unsigned char *in,\
92 unsigned int inlen, void *arg)"
93.Fa "void *arg"
94.Fc
95.Ft void
96.Fo SSL_CTX_set_next_protos_advertised_cb
97.Fa "SSL_CTX *ctx"
98.Fa "int (*cb)(SSL *ssl, const unsigned char **out,\
99 unsigned char *outlen, void *arg)"
100.Fa "void *arg"
101.Fc
102.Ft int 84.Ft int
103.Fo SSL_select_next_proto 85.Fo SSL_select_next_proto
104.Fa "unsigned char **out" 86.Fa "unsigned char **out"
@@ -114,12 +96,6 @@
114.Fa "const unsigned char **data" 96.Fa "const unsigned char **data"
115.Fa "unsigned int *len" 97.Fa "unsigned int *len"
116.Fc 98.Fc
117.Ft void
118.Fo SSL_get0_next_proto_negotiated
119.Fa "const SSL *ssl"
120.Fa "const unsigned char **data"
121.Fa "unsigned int *len"
122.Fc
123.Sh DESCRIPTION 99.Sh DESCRIPTION
124.Fn SSL_CTX_set_alpn_protos 100.Fn SSL_CTX_set_alpn_protos
125and 101and
@@ -207,16 +183,6 @@ is returned in
207.Fa out , 183.Fa out ,
208.Fa outlen . 184.Fa outlen .
209.Pp 185.Pp
210.Fn SSL_CTX_set_next_proto_select_cb
211is deprecated and has no effect.
212It used to set a callback that was called when a client needed to
213select a protocol from the server's provided list.
214.Pp
215.Fn SSL_CTX_set_next_protos_advertised_cb
216is deprecated and has no effect.
217It used to set a callback that was called when a TLS server needed
218a list of supported protocols for Next Protocol Negotiation.
219.Pp
220.Fn SSL_get0_alpn_selected 186.Fn SSL_get0_alpn_selected
221returns a pointer to the selected protocol in 187returns a pointer to the selected protocol in
222.Fa data 188.Fa data
@@ -232,16 +198,6 @@ is set to 0 if no protocol has been selected.
232.Fa data 198.Fa data
233must not be freed. 199must not be freed.
234.Pp 200.Pp
235.Fn SSL_get0_next_proto_negotiated
236is deprecated and has no effect except that it always sets
237.Pf * Fa data
238to
239.Dv NULL
240and
241.Pf * Fa len
242to 0.
243It used to return the client's requested protocol for this connection.
244.Pp
245The protocol-lists must be in wire-format, which is defined as a vector 201The protocol-lists must be in wire-format, which is defined as a vector
246of non-empty, 8-bit length-prefixed byte strings. 202of non-empty, 8-bit length-prefixed byte strings.
247The length-prefix byte is not included in the length. 203The length-prefix byte is not included in the length.
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index a72af19711..2f0b9df402 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.132 2017/08/13 16:28:45 jsing Exp $ */ 1/* $OpenBSD: ssl.h,v 1.133 2017/08/28 17:36:58 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -752,17 +752,11 @@ void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
752void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, 752void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
753 int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, 753 int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
754 unsigned int cookie_len)); 754 unsigned int cookie_len));
755void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
756 const unsigned char **out, unsigned int *outlen, void *arg), void *arg);
757void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
758 unsigned char **out, unsigned char *outlen, const unsigned char *in,
759 unsigned int inlen, void *arg), void *arg);
760 755
756/* NPN support function used by ALPN */
761int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, 757int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
762 const unsigned char *in, unsigned int inlen, const unsigned char *client, 758 const unsigned char *in, unsigned int inlen, const unsigned char *client,
763 unsigned int client_len); 759 unsigned int client_len);
764void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
765 unsigned *len);
766 760
767#define OPENSSL_NPN_UNSUPPORTED 0 761#define OPENSSL_NPN_UNSUPPORTED 0
768#define OPENSSL_NPN_NEGOTIATED 1 762#define OPENSSL_NPN_NEGOTIATED 1
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 91cbaf29e3..12ef56b522 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl3.h,v 1.45 2017/01/22 09:02:07 jsing Exp $ */ 1/* $OpenBSD: ssl3.h,v 1.46 2017/08/28 17:36:58 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -415,8 +415,6 @@ typedef struct ssl3_state_st {
415#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) 415#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
416#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) 416#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
417#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) 417#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
418#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
419#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
420#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) 418#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
421#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) 419#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
422/* read from server */ 420/* read from server */
@@ -462,8 +460,6 @@ typedef struct ssl3_state_st {
462#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) 460#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
463#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) 461#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
464#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) 462#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
465#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
466#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
467#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) 463#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
468#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) 464#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
469/* write to client */ 465/* write to client */
@@ -489,8 +485,6 @@ typedef struct ssl3_state_st {
489#define SSL3_MT_FINISHED 20 485#define SSL3_MT_FINISHED 20
490#define SSL3_MT_CERTIFICATE_STATUS 22 486#define SSL3_MT_CERTIFICATE_STATUS 22
491 487
492#define SSL3_MT_NEXT_PROTO 67
493
494#define DTLS1_MT_HELLO_VERIFY_REQUEST 3 488#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
495 489
496#define SSL3_MT_CCS 1 490#define SSL3_MT_CCS 1
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index d61660c934..db3c1a0d2d 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_err.c,v 1.34 2017/05/07 04:22:24 beck Exp $ */ 1/* $OpenBSD: ssl_err.c,v 1.35 2017/08/28 17:36:58 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -96,8 +96,6 @@ static ERR_STRING_DATA SSL_str_functs[]= {
96 {ERR_FUNC(21), "CONNECT_CW_CERT_VRFY"}, 96 {ERR_FUNC(21), "CONNECT_CW_CERT_VRFY"},
97 {ERR_FUNC(22), "CONNECT_CW_CHANGE"}, 97 {ERR_FUNC(22), "CONNECT_CW_CHANGE"},
98 {ERR_FUNC(23), "CONNECT_CW_CHANGE"}, 98 {ERR_FUNC(23), "CONNECT_CW_CHANGE"},
99 {ERR_FUNC(24), "CONNECT_CW_NEXT_PROTO"},
100 {ERR_FUNC(25), "CONNECT_CW_NEXT_PROTO"},
101 {ERR_FUNC(26), "CONNECT_CW_FINISHED"}, 99 {ERR_FUNC(26), "CONNECT_CW_FINISHED"},
102 {ERR_FUNC(27), "CONNECT_CW_FINISHED"}, 100 {ERR_FUNC(27), "CONNECT_CW_FINISHED"},
103 {ERR_FUNC(28), "CONNECT_CR_CHANGE"}, 101 {ERR_FUNC(28), "CONNECT_CR_CHANGE"},
@@ -133,8 +131,6 @@ static ERR_STRING_DATA SSL_str_functs[]= {
133 {ERR_FUNC(58), "ACCEPT_SR_CERT_VRFY"}, 131 {ERR_FUNC(58), "ACCEPT_SR_CERT_VRFY"},
134 {ERR_FUNC(59), "ACCEPT_SR_CHANGE"}, 132 {ERR_FUNC(59), "ACCEPT_SR_CHANGE"},
135 {ERR_FUNC(60), "ACCEPT_SR_CHANGE"}, 133 {ERR_FUNC(60), "ACCEPT_SR_CHANGE"},
136 {ERR_FUNC(61), "ACCEPT_SR_NEXT_PROTO"},
137 {ERR_FUNC(62), "ACCEPT_SR_NEXT_PROTO"},
138 {ERR_FUNC(63), "ACCEPT_SR_FINISHED"}, 134 {ERR_FUNC(63), "ACCEPT_SR_FINISHED"},
139 {ERR_FUNC(64), "ACCEPT_SR_FINISHED"}, 135 {ERR_FUNC(64), "ACCEPT_SR_FINISHED"},
140 {ERR_FUNC(65), "ACCEPT_SW_CHANGE"}, 136 {ERR_FUNC(65), "ACCEPT_SW_CHANGE"},
@@ -540,10 +536,6 @@ SSL_state_func_code(int state) {
540 return 22; 536 return 22;
541 case SSL3_ST_CW_CHANGE_B: 537 case SSL3_ST_CW_CHANGE_B:
542 return 23; 538 return 23;
543 case SSL3_ST_CW_NEXT_PROTO_A:
544 return 24;
545 case SSL3_ST_CW_NEXT_PROTO_B:
546 return 25;
547 case SSL3_ST_CW_FINISHED_A: 539 case SSL3_ST_CW_FINISHED_A:
548 return 26; 540 return 26;
549 case SSL3_ST_CW_FINISHED_B: 541 case SSL3_ST_CW_FINISHED_B:
@@ -614,10 +606,6 @@ SSL_state_func_code(int state) {
614 return 59; 606 return 59;
615 case SSL3_ST_SR_CHANGE_B: 607 case SSL3_ST_SR_CHANGE_B:
616 return 60; 608 return 60;
617 case SSL3_ST_SR_NEXT_PROTO_A:
618 return 61;
619 case SSL3_ST_SR_NEXT_PROTO_B:
620 return 62;
621 case SSL3_ST_SR_FINISHED_A: 609 case SSL3_ST_SR_FINISHED_A:
622 return 63; 610 return 63;
623 case SSL3_ST_SR_FINISHED_B: 611 case SSL3_ST_SR_FINISHED_B:
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 46d905ad56..b365ebd496 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.168 2017/08/13 17:04:36 doug Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.169 2017/08/28 17:36:58 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1590,30 +1590,6 @@ found:
1590 return (status); 1590 return (status);
1591} 1591}
1592 1592
1593/* SSL_get0_next_proto_negotiated is deprecated. */
1594void
1595SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
1596 unsigned *len)
1597{
1598 *data = NULL;
1599 *len = 0;
1600}
1601
1602/* SSL_CTX_set_next_protos_advertised_cb is deprecated. */
1603void
1604SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl,
1605 const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
1606{
1607}
1608
1609/* SSL_CTX_set_next_proto_select_cb is deprecated. */
1610void
1611SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
1612 unsigned char **out, unsigned char *outlen, const unsigned char *in,
1613 unsigned int inlen, void *arg), void *arg)
1614{
1615}
1616
1617/* 1593/*
1618 * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified 1594 * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified
1619 * protocols, which must be in wire-format (i.e. a series of non-empty, 1595 * protocols, which must be in wire-format (i.e. a series of non-empty,
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 3cf778020b..8e369c7bd1 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls1.h,v 1.30 2017/08/28 16:37:04 jsing Exp $ */ 1/* $OpenBSD: tls1.h,v 1.31 2017/08/28 17:36:58 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -258,9 +258,6 @@ extern "C" {
258/* Temporary extension type */ 258/* Temporary extension type */
259#define TLSEXT_TYPE_renegotiate 0xff01 259#define TLSEXT_TYPE_renegotiate 0xff01
260 260
261/* This is not an IANA defined extension number */
262#define TLSEXT_TYPE_next_proto_neg 13172
263
264/* NameType value from RFC 3546. */ 261/* NameType value from RFC 3546. */
265#define TLSEXT_NAMETYPE_host_name 0 262#define TLSEXT_NAMETYPE_host_name 0
266/* status request value from RFC 3546 */ 263/* status request value from RFC 3546 */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-31 15:24:58 +0000