1 files changed, 6 insertions, 98 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index a21039e727..50ce91ddd8 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.20 2017/08/12 02:55:22 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.21 2017/08/12 21:03:08 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -468,10 +468,7 @@ ssl3_accept(SSL *s)
                                 * the client uses its key from the certificate
                                 * for key exchange.
                                 */
-                                if (S3I(s)->next_proto_neg_seen)
+                                S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
-                                        S3I(s)->hs.state = SSL3_ST_SR_NEXT_PROTO_A;
-                                else
-                                        S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
                                s->internal->init_num = 0;
                        } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
                                S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
@@ -525,20 +522,8 @@ ssl3_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
-                        if (S3I(s)->next_proto_neg_seen)
-                                S3I(s)->hs.state = SSL3_ST_SR_NEXT_PROTO_A;
-                        else
-                                S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
-                        s->internal->init_num = 0;
-                        break;
-                case SSL3_ST_SR_NEXT_PROTO_A:
-                case SSL3_ST_SR_NEXT_PROTO_B:
-                        ret = ssl3_get_next_proto(s);
-                        if (ret <= 0)
-                                goto end;
-                        s->internal->init_num = 0;
                        S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
+                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_SR_FINISHED_A:
@@ -610,15 +595,9 @@ ssl3_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
                        S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
-                        if (s->internal->hit) {
+                        if (s->internal->hit)
-                                if (S3I(s)->next_proto_neg_seen) {
+                                S3I(s)->hs.next_state = SSL3_ST_SR_FINISHED_A;
-                                        s->s3->flags |= SSL3_FLAGS_CCS_OK;
+                        else
-                                        S3I(s)->hs.next_state =
-                                            SSL3_ST_SR_NEXT_PROTO_A;
-                                } else
-                                        S3I(s)->hs.next_state =
-                                            SSL3_ST_SR_FINISHED_A;
-                        } else
                                S3I(s)->hs.next_state = SSL_ST_OK;
                        s->internal->init_num = 0;
                        break;
@@ -2708,74 +2687,3 @@ ssl3_send_cert_status(SSL *s)
        return (-1);
 }
-/*
- * ssl3_get_next_proto reads a Next Protocol Negotiation handshake message.
- * It sets the next_proto member in s if found
- */
-int
-ssl3_get_next_proto(SSL *s)
-{
-        CBS cbs, proto, padding;
-        int ok;
-        long n;
-        size_t len;
-        /*
-         * Clients cannot send a NextProtocol message if we didn't see the
-         * extension in their ClientHello
-         */
-        if (!S3I(s)->next_proto_neg_seen) {
-                SSLerror(s, SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
-                return (-1);
-        }
-        /* 514 maxlen is enough for the payload format below */
-        n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
-            SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO, 514, &ok);
-        if (!ok)
-                return ((int)n);
-        /*
-         * S3I(s)->hs.state doesn't reflect whether ChangeCipherSpec has been received
-         * in this handshake, but S3I(s)->change_cipher_spec does (will be reset
-         * by ssl3_get_finished).
-         */
-        if (!S3I(s)->change_cipher_spec) {
-                SSLerror(s, SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
-                return (-1);
-        }
-        if (n < 2)
-                return (0);
-        /* The body must be > 1 bytes long */
-        CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
-        /*
-         * The payload looks like:
-         *   uint8 proto_len;
-         *   uint8 proto[proto_len];
-         *   uint8 padding_len;
-         *   uint8 padding[padding_len];
-         */
-        if (!CBS_get_u8_length_prefixed(&cbs, &proto) ||
-            !CBS_get_u8_length_prefixed(&cbs, &padding) ||
-            CBS_len(&cbs) != 0)
-                return 0;
-        /*
-         * XXX We should not NULL it, but this matches old behavior of not
-         * freeing before malloc.
-         */
-        s->internal->next_proto_negotiated = NULL;
-        s->internal->next_proto_negotiated_len = 0;
-        if (!CBS_stow(&proto, &s->internal->next_proto_negotiated, &len)) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                return (0);
-        }
-        s->internal->next_proto_negotiated_len = (uint8_t)len;
-        return (1);
-}

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index a21039e727..50ce91ddd8 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.20 2017/08/12 02:55:22 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.21 2017/08/12 21:03:08 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -468,10 +468,7 @@ ssl3_accept(SSL *s)
468	* the client uses its key from the certificate	468	* the client uses its key from the certificate
469	* for key exchange.	469	* for key exchange.
470	*/	470	*/
471	if (S3I(s)->next_proto_neg_seen)	471	S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
472	S3I(s)->hs.state = SSL3_ST_SR_NEXT_PROTO_A;
473	else
474	S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
475	s->internal->init_num = 0;	472	s->internal->init_num = 0;
476	} else if (SSL_USE_SIGALGS(s) \|\| (alg_k & SSL_kGOST)) {	473	} else if (SSL_USE_SIGALGS(s) \|\| (alg_k & SSL_kGOST)) {
477	S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;	474	S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
@@ -525,20 +522,8 @@ ssl3_accept(SSL *s)
525	if (ret <= 0)	522	if (ret <= 0)
526	goto end;	523	goto end;
527		524
528	if (S3I(s)->next_proto_neg_seen)
529	S3I(s)->hs.state = SSL3_ST_SR_NEXT_PROTO_A;
530	else
531	S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
532	s->internal->init_num = 0;
533	break;
534
535	case SSL3_ST_SR_NEXT_PROTO_A:
536	case SSL3_ST_SR_NEXT_PROTO_B:
537	ret = ssl3_get_next_proto(s);
538	if (ret <= 0)
539	goto end;
540	s->internal->init_num = 0;
541	S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;	525	S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
		526	s->internal->init_num = 0;
542	break;	527	break;
543		528
544	case SSL3_ST_SR_FINISHED_A:	529	case SSL3_ST_SR_FINISHED_A:
@@ -610,15 +595,9 @@ ssl3_accept(SSL *s)
610	if (ret <= 0)	595	if (ret <= 0)
611	goto end;	596	goto end;
612	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;	597	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
613	if (s->internal->hit) {	598	if (s->internal->hit)
614	if (S3I(s)->next_proto_neg_seen) {	599	S3I(s)->hs.next_state = SSL3_ST_SR_FINISHED_A;
615	s->s3->flags \|= SSL3_FLAGS_CCS_OK;	600	else
616	S3I(s)->hs.next_state =
617	SSL3_ST_SR_NEXT_PROTO_A;
618	} else
619	S3I(s)->hs.next_state =
620	SSL3_ST_SR_FINISHED_A;
621	} else
622	S3I(s)->hs.next_state = SSL_ST_OK;	601	S3I(s)->hs.next_state = SSL_ST_OK;
623	s->internal->init_num = 0;	602	s->internal->init_num = 0;
624	break;	603	break;
@@ -2708,74 +2687,3 @@ ssl3_send_cert_status(SSL *s)
2708		2687
2709	return (-1);	2688	return (-1);
2710	}	2689	}
2711
2712	/*
2713	* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message.
2714	* It sets the next_proto member in s if found
2715	*/
2716	int
2717	ssl3_get_next_proto(SSL *s)
2718	{
2719	CBS cbs, proto, padding;
2720	int ok;
2721	long n;
2722	size_t len;
2723
2724	/*
2725	* Clients cannot send a NextProtocol message if we didn't see the
2726	* extension in their ClientHello
2727	*/
2728	if (!S3I(s)->next_proto_neg_seen) {
2729	SSLerror(s, SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
2730	return (-1);
2731	}
2732
2733	/* 514 maxlen is enough for the payload format below */
2734	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
2735	SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO, 514, &ok);
2736	if (!ok)
2737	return ((int)n);
2738
2739	/*
2740	* S3I(s)->hs.state doesn't reflect whether ChangeCipherSpec has been received
2741	* in this handshake, but S3I(s)->change_cipher_spec does (will be reset
2742	* by ssl3_get_finished).
2743	*/
2744	if (!S3I(s)->change_cipher_spec) {
2745	SSLerror(s, SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
2746	return (-1);
2747	}
2748
2749	if (n < 2)
2750	return (0);
2751	/* The body must be > 1 bytes long */
2752
2753	CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
2754
2755	/*
2756	* The payload looks like:
2757	* uint8 proto_len;
2758	* uint8 proto[proto_len];
2759	* uint8 padding_len;
2760	* uint8 padding[padding_len];
2761	*/
2762	if (!CBS_get_u8_length_prefixed(&cbs, &proto) \|\|
2763	!CBS_get_u8_length_prefixed(&cbs, &padding) \|\|
2764	CBS_len(&cbs) != 0)
2765	return 0;
2766
2767	/*
2768	* XXX We should not NULL it, but this matches old behavior of not
2769	* freeing before malloc.
2770	*/
2771	s->internal->next_proto_negotiated = NULL;
2772	s->internal->next_proto_negotiated_len = 0;
2773
2774	if (!CBS_stow(&proto, &s->internal->next_proto_negotiated, &len)) {
2775	SSLerror(s, ERR_R_MALLOC_FAILURE);
2776	return (0);
2777	}
2778	s->internal->next_proto_negotiated_len = (uint8_t)len;
2779
2780	return (1);
2781	}