summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/usr.bin/openssl/apps.c5
-rw-r--r--src/usr.bin/openssl/apps.h4
-rw-r--r--src/usr.bin/openssl/s_client.c18
-rw-r--r--src/usr.bin/openssl/s_server.c18
4 files changed, 4 insertions, 41 deletions
diff --git a/src/usr.bin/openssl/apps.c b/src/usr.bin/openssl/apps.c
index a042f074f9..009f48652a 100644
--- a/src/usr.bin/openssl/apps.c
+++ b/src/usr.bin/openssl/apps.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: apps.c,v 1.13 2014/12/03 22:16:02 bcook Exp $ */ 1/* $OpenBSD: apps.c,v 1.14 2014/12/14 14:42:06 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -2163,7 +2163,6 @@ policies_print(BIO *out, X509_STORE_CTX *ctx)
2163 BIO_free(out); 2163 BIO_free(out);
2164} 2164}
2165 2165
2166#if !defined(OPENSSL_NO_NEXTPROTONEG)
2167/* next_protos_parse parses a comma separated list of strings into a string 2166/* next_protos_parse parses a comma separated list of strings into a string
2168 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. 2167 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
2169 * outlen: (output) set to the length of the resulting buffer on success. 2168 * outlen: (output) set to the length of the resulting buffer on success.
@@ -2202,8 +2201,6 @@ next_protos_parse(unsigned short *outlen, const char *in)
2202 *outlen = len + 1; 2201 *outlen = len + 1;
2203 return out; 2202 return out;
2204} 2203}
2205#endif
2206/* !OPENSSL_NO_NEXTPROTONEG */
2207 2204
2208int 2205int
2209app_isdir(const char *name) 2206app_isdir(const char *name)
diff --git a/src/usr.bin/openssl/apps.h b/src/usr.bin/openssl/apps.h
index d6b18e2a35..b2b7e85107 100644
--- a/src/usr.bin/openssl/apps.h
+++ b/src/usr.bin/openssl/apps.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: apps.h,v 1.8 2014/11/07 14:16:48 jsing Exp $ */ 1/* $OpenBSD: apps.h,v 1.9 2014/12/14 14:42:06 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -245,9 +245,7 @@ int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
245int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, 245int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
246 STACK_OF(OPENSSL_STRING) *sigopts); 246 STACK_OF(OPENSSL_STRING) *sigopts);
247 247
248#if !defined(OPENSSL_NO_NEXTPROTONEG)
249unsigned char *next_protos_parse(unsigned short *outlen, const char *in); 248unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
250#endif /* !OPENSSL_NO_NEXTPROTONEG */
251 249
252#define FORMAT_UNDEF 0 250#define FORMAT_UNDEF 0
253#define FORMAT_ASN1 1 251#define FORMAT_ASN1 1
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c
index 4476852cdb..a079c39b9e 100644
--- a/src/usr.bin/openssl/s_client.c
+++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_client.c,v 1.10 2014/12/10 15:24:01 jsing Exp $ */ 1/* $OpenBSD: s_client.c,v 1.11 2014/12/14 14:42:06 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -250,9 +250,7 @@ sc_usage(void)
250 BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); 250 BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n");
251 BIO_printf(bio_err, " -status - request certificate status from server\n"); 251 BIO_printf(bio_err, " -status - request certificate status from server\n");
252 BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); 252 BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n");
253#ifndef OPENSSL_NO_NEXTPROTONEG
254 BIO_printf(bio_err, " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); 253 BIO_printf(bio_err, " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
255#endif
256 BIO_printf(bio_err, " -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n"); 254 BIO_printf(bio_err, " -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
257#ifndef OPENSSL_NO_SRTP 255#ifndef OPENSSL_NO_SRTP
258 BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); 256 BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
@@ -286,7 +284,6 @@ ssl_servername_cb(SSL * s, int *ad, void *arg)
286char *srtp_profiles = NULL; 284char *srtp_profiles = NULL;
287#endif 285#endif
288 286
289#ifndef OPENSSL_NO_NEXTPROTONEG
290/* This the context that we pass to next_proto_cb */ 287/* This the context that we pass to next_proto_cb */
291typedef struct tlsextnextprotoctx_st { 288typedef struct tlsextnextprotoctx_st {
292 unsigned char *data; 289 unsigned char *data;
@@ -316,7 +313,6 @@ next_proto_cb(SSL * s, unsigned char **out, unsigned char *outlen, const unsigne
316 ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); 313 ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
317 return SSL_TLSEXT_ERR_OK; 314 return SSL_TLSEXT_ERR_OK;
318} 315}
319#endif /* ndef OPENSSL_NO_NEXTPROTONEG */
320 316
321enum { 317enum {
322 PROTO_OFF = 0, 318 PROTO_OFF = 0,
@@ -372,9 +368,7 @@ s_client_main(int argc, char **argv)
372 char *servername = NULL; 368 char *servername = NULL;
373 tlsextctx tlsextcbp = 369 tlsextctx tlsextcbp =
374 {NULL, 0}; 370 {NULL, 0};
375#ifndef OPENSSL_NO_NEXTPROTONEG
376 const char *next_proto_neg_in = NULL; 371 const char *next_proto_neg_in = NULL;
377#endif
378 const char *alpn_in = NULL; 372 const char *alpn_in = NULL;
379 char *sess_in = NULL; 373 char *sess_in = NULL;
380 char *sess_out = NULL; 374 char *sess_out = NULL;
@@ -539,13 +533,11 @@ s_client_main(int argc, char **argv)
539 else if (strcmp(*argv, "-no_ticket") == 0) { 533 else if (strcmp(*argv, "-no_ticket") == 0) {
540 off |= SSL_OP_NO_TICKET; 534 off |= SSL_OP_NO_TICKET;
541 } 535 }
542#ifndef OPENSSL_NO_NEXTPROTONEG
543 else if (strcmp(*argv, "-nextprotoneg") == 0) { 536 else if (strcmp(*argv, "-nextprotoneg") == 0) {
544 if (--argc < 1) 537 if (--argc < 1)
545 goto bad; 538 goto bad;
546 next_proto_neg_in = *(++argv); 539 next_proto_neg_in = *(++argv);
547 } 540 }
548#endif
549 else if (strcmp(*argv, "-alpn") == 0) { 541 else if (strcmp(*argv, "-alpn") == 0) {
550 if (--argc < 1) 542 if (--argc < 1)
551 goto bad; 543 goto bad;
@@ -642,7 +634,6 @@ bad:
642 goto end; 634 goto end;
643 } 635 }
644 636
645#if !defined(OPENSSL_NO_NEXTPROTONEG)
646 next_proto.status = -1; 637 next_proto.status = -1;
647 if (next_proto_neg_in) { 638 if (next_proto_neg_in) {
648 next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in); 639 next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in);
@@ -652,7 +643,6 @@ bad:
652 } 643 }
653 } else 644 } else
654 next_proto.data = NULL; 645 next_proto.data = NULL;
655#endif
656 646
657#ifndef OPENSSL_NO_ENGINE 647#ifndef OPENSSL_NO_ENGINE
658 e = setup_engine(bio_err, engine_id, 1); 648 e = setup_engine(bio_err, engine_id, 1);
@@ -738,10 +728,8 @@ bad:
738 if (socket_type == SOCK_DGRAM) 728 if (socket_type == SOCK_DGRAM)
739 SSL_CTX_set_read_ahead(ctx, 1); 729 SSL_CTX_set_read_ahead(ctx, 1);
740 730
741#if !defined(OPENSSL_NO_NEXTPROTONEG)
742 if (next_proto.data) 731 if (next_proto.data)
743 SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto); 732 SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
744#endif
745 if (alpn_in) { 733 if (alpn_in) {
746 unsigned short alpn_len; 734 unsigned short alpn_len;
747 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in); 735 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in);
@@ -1274,9 +1262,7 @@ end:
1274 print_stuff(bio_c_out, con, 1); 1262 print_stuff(bio_c_out, con, 1);
1275 SSL_free(con); 1263 SSL_free(con);
1276 } 1264 }
1277#if !defined(OPENSSL_NO_NEXTPROTONEG)
1278 free(next_proto.data); 1265 free(next_proto.data);
1279#endif
1280 if (ctx != NULL) 1266 if (ctx != NULL)
1281 SSL_CTX_free(ctx); 1267 SSL_CTX_free(ctx);
1282 if (cert) 1268 if (cert)
@@ -1430,7 +1416,6 @@ print_stuff(BIO * bio, SSL * s, int full)
1430 } 1416 }
1431#endif 1417#endif
1432 1418
1433#if !defined(OPENSSL_NO_NEXTPROTONEG)
1434 if (next_proto.status != -1) { 1419 if (next_proto.status != -1) {
1435 const unsigned char *proto; 1420 const unsigned char *proto;
1436 unsigned int proto_len; 1421 unsigned int proto_len;
@@ -1439,7 +1424,6 @@ print_stuff(BIO * bio, SSL * s, int full)
1439 BIO_write(bio, proto, proto_len); 1424 BIO_write(bio, proto, proto_len);
1440 BIO_write(bio, "\n", 1); 1425 BIO_write(bio, "\n", 1);
1441 } 1426 }
1442#endif
1443 { 1427 {
1444 const unsigned char *proto; 1428 const unsigned char *proto;
1445 unsigned int proto_len; 1429 unsigned int proto_len;
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c
index 35ed6d169c..fdd93977e8 100644
--- a/src/usr.bin/openssl/s_server.c
+++ b/src/usr.bin/openssl/s_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_server.c,v 1.8 2014/12/10 15:24:01 jsing Exp $ */ 1/* $OpenBSD: s_server.c,v 1.9 2014/12/14 14:42:06 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -348,9 +348,7 @@ sv_usage(void)
348 BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT2); 348 BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT2);
349 BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); 349 BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n");
350 BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); 350 BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n");
351#ifndef OPENSSL_NO_NEXTPROTONEG
352 BIO_printf(bio_err, " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); 351 BIO_printf(bio_err, " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
353#endif
354 BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); 352 BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n");
355#ifndef OPENSSL_NO_SRTP 353#ifndef OPENSSL_NO_SRTP
356 BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); 354 BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
@@ -526,7 +524,6 @@ err:
526 goto done; 524 goto done;
527} 525}
528 526
529#ifndef OPENSSL_NO_NEXTPROTONEG
530/* This is the context that we pass to next_proto_cb */ 527/* This is the context that we pass to next_proto_cb */
531typedef struct tlsextnextprotoctx_st { 528typedef struct tlsextnextprotoctx_st {
532 unsigned char *data; 529 unsigned char *data;
@@ -543,7 +540,6 @@ next_proto_cb(SSL * s, const unsigned char **data, unsigned int *len, void *arg)
543 540
544 return SSL_TLSEXT_ERR_OK; 541 return SSL_TLSEXT_ERR_OK;
545} 542}
546#endif /* ndef OPENSSL_NO_NEXTPROTONEG */
547 543
548 544
549/* This the context that we pass to alpn_cb */ 545/* This the context that we pass to alpn_cb */
@@ -621,10 +617,8 @@ s_server_main(int argc, char *argv[])
621 EVP_PKEY *s_key2 = NULL; 617 EVP_PKEY *s_key2 = NULL;
622 X509 *s_cert2 = NULL; 618 X509 *s_cert2 = NULL;
623 tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; 619 tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
624#ifndef OPENSSL_NO_NEXTPROTONEG
625 const char *next_proto_neg_in = NULL; 620 const char *next_proto_neg_in = NULL;
626 tlsextnextprotoctx next_proto = { NULL, 0 }; 621 tlsextnextprotoctx next_proto = { NULL, 0 };
627#endif
628 const char *alpn_in = NULL; 622 const char *alpn_in = NULL;
629 tlsextalpnctx alpn_ctx = { NULL, 0 }; 623 tlsextalpnctx alpn_ctx = { NULL, 0 };
630 meth = SSLv23_server_method(); 624 meth = SSLv23_server_method();
@@ -873,13 +867,11 @@ s_server_main(int argc, char *argv[])
873 goto bad; 867 goto bad;
874 s_key_file2 = *(++argv); 868 s_key_file2 = *(++argv);
875 } 869 }
876#ifndef OPENSSL_NO_NEXTPROTONEG
877 else if (strcmp(*argv, "-nextprotoneg") == 0) { 870 else if (strcmp(*argv, "-nextprotoneg") == 0) {
878 if (--argc < 1) 871 if (--argc < 1)
879 goto bad; 872 goto bad;
880 next_proto_neg_in = *(++argv); 873 next_proto_neg_in = *(++argv);
881 } 874 }
882#endif
883 else if (strcmp(*argv,"-alpn") == 0) { 875 else if (strcmp(*argv,"-alpn") == 0) {
884 if (--argc < 1) 876 if (--argc < 1)
885 goto bad; 877 goto bad;
@@ -963,7 +955,6 @@ bad:
963 } 955 }
964 } 956 }
965 } 957 }
966#if !defined(OPENSSL_NO_NEXTPROTONEG)
967 if (next_proto_neg_in) { 958 if (next_proto_neg_in) {
968 unsigned short len; 959 unsigned short len;
969 next_proto.data = next_protos_parse(&len, next_proto_neg_in); 960 next_proto.data = next_protos_parse(&len, next_proto_neg_in);
@@ -973,7 +964,6 @@ bad:
973 } else { 964 } else {
974 next_proto.data = NULL; 965 next_proto.data = NULL;
975 } 966 }
976#endif
977 alpn_ctx.data = NULL; 967 alpn_ctx.data = NULL;
978 if (alpn_in) { 968 if (alpn_in) {
979 unsigned short len; 969 unsigned short len;
@@ -1125,10 +1115,8 @@ bad:
1125 if (vpm) 1115 if (vpm)
1126 SSL_CTX_set1_param(ctx2, vpm); 1116 SSL_CTX_set1_param(ctx2, vpm);
1127 } 1117 }
1128#ifndef OPENSSL_NO_NEXTPROTONEG
1129 if (next_proto.data) 1118 if (next_proto.data)
1130 SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto); 1119 SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto);
1131#endif
1132 if (alpn_ctx.data) 1120 if (alpn_ctx.data)
1133 SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); 1121 SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx);
1134 1122
@@ -1660,10 +1648,8 @@ init_ssl_connection(SSL * con)
1660 X509 *peer; 1648 X509 *peer;
1661 long verify_error; 1649 long verify_error;
1662 char buf[BUFSIZ]; 1650 char buf[BUFSIZ];
1663#if !defined(OPENSSL_NO_NEXTPROTONEG)
1664 const unsigned char *next_proto_neg; 1651 const unsigned char *next_proto_neg;
1665 unsigned next_proto_neg_len; 1652 unsigned next_proto_neg_len;
1666#endif
1667 unsigned char *exportedkeymat; 1653 unsigned char *exportedkeymat;
1668 1654
1669 i = SSL_accept(con); 1655 i = SSL_accept(con);
@@ -1698,14 +1684,12 @@ init_ssl_connection(SSL * con)
1698 str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); 1684 str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
1699 BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)"); 1685 BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");
1700 1686
1701#if !defined(OPENSSL_NO_NEXTPROTONEG)
1702 SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); 1687 SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
1703 if (next_proto_neg) { 1688 if (next_proto_neg) {
1704 BIO_printf(bio_s_out, "NEXTPROTO is "); 1689 BIO_printf(bio_s_out, "NEXTPROTO is ");
1705 BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); 1690 BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);
1706 BIO_printf(bio_s_out, "\n"); 1691 BIO_printf(bio_s_out, "\n");
1707 } 1692 }
1708#endif
1709#ifndef OPENSSL_NO_SRTP 1693#ifndef OPENSSL_NO_SRTP
1710 { 1694 {
1711 SRTP_PROTECTION_PROFILE *srtp_profile 1695 SRTP_PROTECTION_PROFILE *srtp_profile
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-30 21:04:18 +0000