Completely remove NPN remnants.

Based on a diff from doug@, similar diff from inoguchi@
author: jsing <> 2017-08-28 17:36:58 +0000
committer: jsing <> 2017-08-28 17:36:58 +0000
commit: d9ef76a783487023b993c59e29c97b1fafa98a80 (patch)
tree: fd1e6e86b01342a6a9ff433e37ed36471fd5b785 /src
parent: b9aa4d02ec840df7a05958dda48b953f7b4d3634 (diff)
download: openbsd-d9ef76a783487023b993c59e29c97b1fafa98a80.tar.gz
openbsd-d9ef76a783487023b993c59e29c97b1fafa98a80.tar.bz2
openbsd-d9ef76a783487023b993c59e29c97b1fafa98a80.zip
7 files changed, 9 insertions, 107 deletions
diff --git a/src/lib/libssl/Symbols.list b/src/lib/libssl/Symbols.list
index e147ff873d..7b54776d55 100644
--- a/src/lib/libssl/Symbols.list
+++ b/src/lib/libssl/Symbols.list
@@ -100,8 +100,6 @@ SSL_CTX_set_info_callback
 SSL_CTX_set_min_proto_version
 SSL_CTX_set_max_proto_version
 SSL_CTX_set_msg_callback
-SSL_CTX_set_next_proto_select_cb
-SSL_CTX_set_next_protos_advertised_cb
 SSL_CTX_set_purpose
 SSL_CTX_set_quiet_shutdown
 SSL_CTX_set_session_id_context
@@ -161,7 +159,6 @@ SSL_dup_CA_list
 SSL_export_keying_material
 SSL_free
 SSL_get0_alpn_selected
-SSL_get0_next_proto_negotiated
 SSL_get1_session
 SSL_get_SSL_CTX
 SSL_get_certificate
diff --git a/src/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 b/src/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
index 175689d79b..2c0905123b 100644
--- a/src/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
+++ b/src/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: SSL_CTX_set_alpn_select_cb.3,v 1.4 2017/08/21 08:31:19 schwarze Exp $
+.\"     $OpenBSD: SSL_CTX_set_alpn_select_cb.3,v 1.5 2017/08/28 17:36:58 jsing Exp $
 .\"     OpenSSL 87b81496 Apr 19 12:38:27 2017 -0400
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
@@ -49,18 +49,15 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 21 2017 $
+.Dd $Mdocdate: August 28 2017 $
 .Dt SSL_CTX_SET_ALPN_SELECT_CB 3
 .Os
 .Sh NAME
 .Nm SSL_CTX_set_alpn_protos ,
 .Nm SSL_set_alpn_protos ,
 .Nm SSL_CTX_set_alpn_select_cb ,
-.Nm SSL_CTX_set_next_proto_select_cb ,
-.Nm SSL_CTX_set_next_protos_advertised_cb ,
 .Nm SSL_select_next_proto ,
-.Nm SSL_get0_alpn_selected ,
+.Nm SSL_get0_alpn_selected
-.Nm SSL_get0_next_proto_negotiated
 .Nd handle application layer protocol negotiation (ALPN)
 .Sh SYNOPSIS
 .In openssl/ssl.h
@@ -84,21 +81,6 @@
 unsigned int inlen, void *arg)"
 .Fa "void *arg"
 .Fc
-.Ft void
-.Fo SSL_CTX_set_next_proto_select_cb
-.Fa "SSL_CTX *ctx"
-.Fa "int (*cb)(SSL *ssl, unsigned char **out,\
- unsigned char *outlen, const unsigned char *in,\
- unsigned int inlen, void *arg)"
-.Fa "void *arg"
-.Fc
-.Ft void
-.Fo SSL_CTX_set_next_protos_advertised_cb
-.Fa "SSL_CTX *ctx"
-.Fa "int (*cb)(SSL *ssl, const unsigned char **out,\
- unsigned char *outlen, void *arg)"
-.Fa "void *arg"
-.Fc
 .Ft int
 .Fo SSL_select_next_proto
 .Fa "unsigned char **out"
@@ -114,12 +96,6 @@
 .Fa "const unsigned char **data"
 .Fa "unsigned int *len"
 .Fc
-.Ft void
-.Fo SSL_get0_next_proto_negotiated
-.Fa "const SSL *ssl"
-.Fa "const unsigned char **data"
-.Fa "unsigned int *len"
-.Fc
 .Sh DESCRIPTION
 .Fn SSL_CTX_set_alpn_protos
 and
@@ -207,16 +183,6 @@ is returned in
 .Fa out ,
 .Fa outlen .
 .Pp
-.Fn SSL_CTX_set_next_proto_select_cb
-is deprecated and has no effect.
-It used to set a callback that was called when a client needed to
-select a protocol from the server's provided list.
-.Pp
-.Fn SSL_CTX_set_next_protos_advertised_cb
-is deprecated and has no effect.
-It used to set a callback that was called when a TLS server needed
-a list of supported protocols for Next Protocol Negotiation.
-.Pp
 .Fn SSL_get0_alpn_selected
 returns a pointer to the selected protocol in
 .Fa data
@@ -232,16 +198,6 @@ is set to 0 if no protocol has been selected.
 .Fa data
 must not be freed.
 .Pp
-.Fn SSL_get0_next_proto_negotiated
-is deprecated and has no effect except that it always sets
-.Pf * Fa data
-to
-.Dv NULL
-and
-.Pf * Fa len
-to 0.
-It used to return the client's requested protocol for this connection.
-.Pp
 The protocol-lists must be in wire-format, which is defined as a vector
 of non-empty, 8-bit length-prefixed byte strings.
 The length-prefix byte is not included in the length.
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index a72af19711..2f0b9df402 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.132 2017/08/13 16:28:45 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.133 2017/08/28 17:36:58 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -752,17 +752,11 @@ void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
    unsigned int cookie_len));
-void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
-    const unsigned char **out, unsigned int *outlen, void *arg), void *arg);
-void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
-    unsigned char **out, unsigned char *outlen, const unsigned char *in,
-    unsigned int inlen, void *arg), void *arg);
+/* NPN support function used by ALPN */
 int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
    const unsigned char *in, unsigned int inlen, const unsigned char *client,
    unsigned int client_len);
-void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
-    unsigned *len);
 #define OPENSSL_NPN_UNSUPPORTED 0
 #define OPENSSL_NPN_NEGOTIATED  1
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 91cbaf29e3..12ef56b522 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.45 2017/01/22 09:02:07 jsing Exp $ */
+/* $OpenBSD: ssl3.h,v 1.46 2017/08/28 17:36:58 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -415,8 +415,6 @@ typedef struct ssl3_state_st {
 #define SSL3_ST_CW_CERT_VRFY_B                  (0x191|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CHANGE_A                     (0x1A0|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CHANGE_B                     (0x1A1|SSL_ST_CONNECT)
-#define SSL3_ST_CW_NEXT_PROTO_A                 (0x200|SSL_ST_CONNECT)
-#define SSL3_ST_CW_NEXT_PROTO_B                 (0x201|SSL_ST_CONNECT)
 #define SSL3_ST_CW_FINISHED_A                   (0x1B0|SSL_ST_CONNECT)
 #define SSL3_ST_CW_FINISHED_B                   (0x1B1|SSL_ST_CONNECT)
 /* read from server */
@@ -462,8 +460,6 @@ typedef struct ssl3_state_st {
 #define SSL3_ST_SR_CERT_VRFY_B                  (0x1A1|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CHANGE_A                     (0x1B0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CHANGE_B                     (0x1B1|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_NEXT_PROTO_A                 (0x210|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_NEXT_PROTO_B                 (0x211|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_FINISHED_A                   (0x1C0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_FINISHED_B                   (0x1C1|SSL_ST_ACCEPT)
 /* write to client */
@@ -489,8 +485,6 @@ typedef struct ssl3_state_st {
 #define SSL3_MT_FINISHED                        20
 #define SSL3_MT_CERTIFICATE_STATUS              22
-#define SSL3_MT_NEXT_PROTO                      67
 #define DTLS1_MT_HELLO_VERIFY_REQUEST           3
 #define SSL3_MT_CCS                             1
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index d61660c934..db3c1a0d2d 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_err.c,v 1.34 2017/05/07 04:22:24 beck Exp $ */
+/* $OpenBSD: ssl_err.c,v 1.35 2017/08/28 17:36:58 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -96,8 +96,6 @@ static ERR_STRING_DATA SSL_str_functs[]= {
        {ERR_FUNC(21),  "CONNECT_CW_CERT_VRFY"},
        {ERR_FUNC(22),  "CONNECT_CW_CHANGE"},
        {ERR_FUNC(23),  "CONNECT_CW_CHANGE"},
-        {ERR_FUNC(24),  "CONNECT_CW_NEXT_PROTO"},
-        {ERR_FUNC(25),  "CONNECT_CW_NEXT_PROTO"},
        {ERR_FUNC(26),  "CONNECT_CW_FINISHED"},
        {ERR_FUNC(27),  "CONNECT_CW_FINISHED"},
        {ERR_FUNC(28),  "CONNECT_CR_CHANGE"},
@@ -133,8 +131,6 @@ static ERR_STRING_DATA SSL_str_functs[]= {
        {ERR_FUNC(58),  "ACCEPT_SR_CERT_VRFY"},
        {ERR_FUNC(59),  "ACCEPT_SR_CHANGE"},
        {ERR_FUNC(60),  "ACCEPT_SR_CHANGE"},
-        {ERR_FUNC(61),  "ACCEPT_SR_NEXT_PROTO"},
-        {ERR_FUNC(62),  "ACCEPT_SR_NEXT_PROTO"},
        {ERR_FUNC(63),  "ACCEPT_SR_FINISHED"},
        {ERR_FUNC(64),  "ACCEPT_SR_FINISHED"},
        {ERR_FUNC(65),  "ACCEPT_SW_CHANGE"},
@@ -540,10 +536,6 @@ SSL_state_func_code(int state) {
                return 22;
        case SSL3_ST_CW_CHANGE_B:
                return 23;
-        case SSL3_ST_CW_NEXT_PROTO_A:
-                return 24;
-        case SSL3_ST_CW_NEXT_PROTO_B:
-                return 25;
        case SSL3_ST_CW_FINISHED_A:
                return 26;
        case SSL3_ST_CW_FINISHED_B:
@@ -614,10 +606,6 @@ SSL_state_func_code(int state) {
                return 59;
        case SSL3_ST_SR_CHANGE_B:
                return 60;
-        case SSL3_ST_SR_NEXT_PROTO_A:
-                return 61;
-        case SSL3_ST_SR_NEXT_PROTO_B:
-                return 62;
        case SSL3_ST_SR_FINISHED_A:
                return 63;
        case SSL3_ST_SR_FINISHED_B:
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 46d905ad56..b365ebd496 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.168 2017/08/13 17:04:36 doug Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.169 2017/08/28 17:36:58 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1590,30 +1590,6 @@ found:
        return (status);
 }
-/* SSL_get0_next_proto_negotiated is deprecated. */
-void
-SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
-    unsigned *len)
-{
-        *data = NULL;
-        *len = 0;
-}
-/* SSL_CTX_set_next_protos_advertised_cb is deprecated. */
-void
-SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl,
-    const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
-{
-}
-/* SSL_CTX_set_next_proto_select_cb is deprecated. */
-void
-SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
-    unsigned char **out, unsigned char *outlen, const unsigned char *in,
-    unsigned int inlen, void *arg), void *arg)
-{
-}
 /*
 * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified
 * protocols, which must be in wire-format (i.e. a series of non-empty,
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 3cf778020b..8e369c7bd1 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.30 2017/08/28 16:37:04 jsing Exp $ */
+/* $OpenBSD: tls1.h,v 1.31 2017/08/28 17:36:58 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -258,9 +258,6 @@ extern "C" {
 /* Temporary extension type */
 #define TLSEXT_TYPE_renegotiate                 0xff01
-/* This is not an IANA defined extension number */
-#define TLSEXT_TYPE_next_proto_neg              13172
 /* NameType value from RFC 3546. */
 #define TLSEXT_NAMETYPE_host_name 0
 /* status request value from RFC 3546 */
author	jsing <>	2017-08-28 17:36:58 +0000
committer	jsing <>	2017-08-28 17:36:58 +0000
commit	d9ef76a783487023b993c59e29c97b1fafa98a80 (patch)
tree	fd1e6e86b01342a6a9ff433e37ed36471fd5b785 /src
parent	b9aa4d02ec840df7a05958dda48b953f7b4d3634 (diff)
download	openbsd-d9ef76a783487023b993c59e29c97b1fafa98a80.tar.gz openbsd-d9ef76a783487023b993c59e29c97b1fafa98a80.tar.bz2 openbsd-d9ef76a783487023b993c59e29c97b1fafa98a80.zip