diff options
Diffstat (limited to 'src/lib/libssl/t1_lib.c')
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 18 |
1 files changed, 1 insertions, 17 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 3b87d958cb..60cef857b5 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.73 2014/12/10 15:36:47 jsing Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.74 2014/12/14 14:34:43 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -867,7 +867,6 @@ skip_ext: | |||
| 867 | i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); | 867 | i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); |
| 868 | } | 868 | } |
| 869 | 869 | ||
| 870 | #ifndef OPENSSL_NO_NEXTPROTONEG | ||
| 871 | if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) { | 870 | if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) { |
| 872 | /* The client advertises an emtpy extension to indicate its | 871 | /* The client advertises an emtpy extension to indicate its |
| 873 | * support for Next Protocol Negotiation */ | 872 | * support for Next Protocol Negotiation */ |
| @@ -876,7 +875,6 @@ skip_ext: | |||
| 876 | s2n(TLSEXT_TYPE_next_proto_neg, ret); | 875 | s2n(TLSEXT_TYPE_next_proto_neg, ret); |
| 877 | s2n(0, ret); | 876 | s2n(0, ret); |
| 878 | } | 877 | } |
| 879 | #endif | ||
| 880 | 878 | ||
| 881 | if (s->alpn_client_proto_list != NULL && | 879 | if (s->alpn_client_proto_list != NULL && |
| 882 | s->s3->tmp.finish_md_len == 0) { | 880 | s->s3->tmp.finish_md_len == 0) { |
| @@ -958,9 +956,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 958 | int using_ecc, extdatalen = 0; | 956 | int using_ecc, extdatalen = 0; |
| 959 | unsigned long alg_a, alg_k; | 957 | unsigned long alg_a, alg_k; |
| 960 | unsigned char *ret = p; | 958 | unsigned char *ret = p; |
| 961 | #ifndef OPENSSL_NO_NEXTPROTONEG | ||
| 962 | int next_proto_neg_seen; | 959 | int next_proto_neg_seen; |
| 963 | #endif | ||
| 964 | 960 | ||
| 965 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | 961 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; |
| 966 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 962 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; |
| @@ -1097,7 +1093,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 1097 | ret += sizeof(cryptopro_ext); | 1093 | ret += sizeof(cryptopro_ext); |
| 1098 | } | 1094 | } |
| 1099 | 1095 | ||
| 1100 | #ifndef OPENSSL_NO_NEXTPROTONEG | ||
| 1101 | next_proto_neg_seen = s->s3->next_proto_neg_seen; | 1096 | next_proto_neg_seen = s->s3->next_proto_neg_seen; |
| 1102 | s->s3->next_proto_neg_seen = 0; | 1097 | s->s3->next_proto_neg_seen = 0; |
| 1103 | if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) { | 1098 | if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) { |
| @@ -1117,7 +1112,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 1117 | s->s3->next_proto_neg_seen = 1; | 1112 | s->s3->next_proto_neg_seen = 1; |
| 1118 | } | 1113 | } |
| 1119 | } | 1114 | } |
| 1120 | #endif | ||
| 1121 | 1115 | ||
| 1122 | if (s->s3->alpn_selected != NULL) { | 1116 | if (s->s3->alpn_selected != NULL) { |
| 1123 | const unsigned char *selected = s->s3->alpn_selected; | 1117 | const unsigned char *selected = s->s3->alpn_selected; |
| @@ -1304,9 +1298,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1304 | 1298 | ||
| 1305 | s->servername_done = 0; | 1299 | s->servername_done = 0; |
| 1306 | s->tlsext_status_type = -1; | 1300 | s->tlsext_status_type = -1; |
| 1307 | #ifndef OPENSSL_NO_NEXTPROTONEG | ||
| 1308 | s->s3->next_proto_neg_seen = 0; | 1301 | s->s3->next_proto_neg_seen = 0; |
| 1309 | #endif | ||
| 1310 | free(s->s3->alpn_selected); | 1302 | free(s->s3->alpn_selected); |
| 1311 | s->s3->alpn_selected = NULL; | 1303 | s->s3->alpn_selected = NULL; |
| 1312 | 1304 | ||
| @@ -1616,7 +1608,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1616 | s->tlsext_status_type = -1; | 1608 | s->tlsext_status_type = -1; |
| 1617 | } | 1609 | } |
| 1618 | } | 1610 | } |
| 1619 | #ifndef OPENSSL_NO_NEXTPROTONEG | ||
| 1620 | else if (type == TLSEXT_TYPE_next_proto_neg && | 1611 | else if (type == TLSEXT_TYPE_next_proto_neg && |
| 1621 | s->s3->tmp.finish_md_len == 0 && | 1612 | s->s3->tmp.finish_md_len == 0 && |
| 1622 | s->s3->alpn_selected == NULL) { | 1613 | s->s3->alpn_selected == NULL) { |
| @@ -1637,7 +1628,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1637 | * Finished message could have been computed.) */ | 1628 | * Finished message could have been computed.) */ |
| 1638 | s->s3->next_proto_neg_seen = 1; | 1629 | s->s3->next_proto_neg_seen = 1; |
| 1639 | } | 1630 | } |
| 1640 | #endif | ||
| 1641 | else if (type == | 1631 | else if (type == |
| 1642 | TLSEXT_TYPE_application_layer_protocol_negotiation && | 1632 | TLSEXT_TYPE_application_layer_protocol_negotiation && |
| 1643 | s->ctx->alpn_select_cb != NULL && | 1633 | s->ctx->alpn_select_cb != NULL && |
| @@ -1676,7 +1666,6 @@ ri_check: | |||
| 1676 | return 1; | 1666 | return 1; |
| 1677 | } | 1667 | } |
| 1678 | 1668 | ||
| 1679 | #ifndef OPENSSL_NO_NEXTPROTONEG | ||
| 1680 | /* ssl_next_proto_validate validates a Next Protocol Negotiation block. No | 1669 | /* ssl_next_proto_validate validates a Next Protocol Negotiation block. No |
| 1681 | * elements of zero length are allowed and the set of elements must exactly fill | 1670 | * elements of zero length are allowed and the set of elements must exactly fill |
| 1682 | * the length of the block. */ | 1671 | * the length of the block. */ |
| @@ -1694,7 +1683,6 @@ ssl_next_proto_validate(unsigned char *d, unsigned len) | |||
| 1694 | 1683 | ||
| 1695 | return off == len; | 1684 | return off == len; |
| 1696 | } | 1685 | } |
| 1697 | #endif | ||
| 1698 | 1686 | ||
| 1699 | int | 1687 | int |
| 1700 | ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | 1688 | ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, |
| @@ -1707,9 +1695,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1707 | int tlsext_servername = 0; | 1695 | int tlsext_servername = 0; |
| 1708 | int renegotiate_seen = 0; | 1696 | int renegotiate_seen = 0; |
| 1709 | 1697 | ||
| 1710 | #ifndef OPENSSL_NO_NEXTPROTONEG | ||
| 1711 | s->s3->next_proto_neg_seen = 0; | 1698 | s->s3->next_proto_neg_seen = 0; |
| 1712 | #endif | ||
| 1713 | free(s->s3->alpn_selected); | 1699 | free(s->s3->alpn_selected); |
| 1714 | s->s3->alpn_selected = NULL; | 1700 | s->s3->alpn_selected = NULL; |
| 1715 | 1701 | ||
| @@ -1797,7 +1783,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1797 | /* Set flag to expect CertificateStatus message */ | 1783 | /* Set flag to expect CertificateStatus message */ |
| 1798 | s->tlsext_status_expected = 1; | 1784 | s->tlsext_status_expected = 1; |
| 1799 | } | 1785 | } |
| 1800 | #ifndef OPENSSL_NO_NEXTPROTONEG | ||
| 1801 | else if (type == TLSEXT_TYPE_next_proto_neg && | 1786 | else if (type == TLSEXT_TYPE_next_proto_neg && |
| 1802 | s->s3->tmp.finish_md_len == 0) { | 1787 | s->s3->tmp.finish_md_len == 0) { |
| 1803 | unsigned char *selected; | 1788 | unsigned char *selected; |
| @@ -1826,7 +1811,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1826 | s->next_proto_negotiated_len = selected_len; | 1811 | s->next_proto_negotiated_len = selected_len; |
| 1827 | s->s3->next_proto_neg_seen = 1; | 1812 | s->s3->next_proto_neg_seen = 1; |
| 1828 | } | 1813 | } |
| 1829 | #endif | ||
| 1830 | else if (type == | 1814 | else if (type == |
| 1831 | TLSEXT_TYPE_application_layer_protocol_negotiation) { | 1815 | TLSEXT_TYPE_application_layer_protocol_negotiation) { |
| 1832 | unsigned int len; | 1816 | unsigned int len; |