summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/d1_clnt.c19
-rw-r--r--src/lib/libssl/d1_srvr.c19
-rw-r--r--src/lib/libssl/s23_clnt.c2
-rw-r--r--src/lib/libssl/s3_clnt.c29
-rw-r--r--src/lib/libssl/s3_lib.c14
-rw-r--r--src/lib/libssl/s3_srvr.c27
-rw-r--r--src/lib/libssl/src/ssl/d1_clnt.c19
-rw-r--r--src/lib/libssl/src/ssl/d1_srvr.c19
-rw-r--r--src/lib/libssl/src/ssl/s23_clnt.c2
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c29
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c14
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c27
-rw-r--r--src/lib/libssl/src/ssl/ssl.h12
-rw-r--r--src/lib/libssl/src/ssl/ssl3.h2
-rw-r--r--src/lib/libssl/src/ssl/ssl_asn1.c16
-rw-r--r--src/lib/libssl/src/ssl/ssl_lib.c10
-rw-r--r--src/lib/libssl/src/ssl/ssl_locl.h4
-rw-r--r--src/lib/libssl/src/ssl/ssl_sess.c16
-rw-r--r--src/lib/libssl/src/ssl/ssl_txt.c2
-rw-r--r--src/lib/libssl/src/ssl/t1_lib.c6
-rw-r--r--src/lib/libssl/src/ssl/tls1.h2
-rw-r--r--src/lib/libssl/ssl.h12
-rw-r--r--src/lib/libssl/ssl3.h2
-rw-r--r--src/lib/libssl/ssl_asn1.c16
-rw-r--r--src/lib/libssl/ssl_lib.c10
-rw-r--r--src/lib/libssl/ssl_locl.h4
-rw-r--r--src/lib/libssl/ssl_sess.c16
-rw-r--r--src/lib/libssl/ssl_txt.c2
-rw-r--r--src/lib/libssl/t1_lib.c6
-rw-r--r--src/lib/libssl/tls1.h2
30 files changed, 0 insertions, 360 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index e8b43f3268..fe5f1aa200 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -382,7 +382,6 @@ dtls1_connect(SSL *s)
382 382
383 case SSL3_ST_CR_CERT_A: 383 case SSL3_ST_CR_CERT_A:
384 case SSL3_ST_CR_CERT_B: 384 case SSL3_ST_CR_CERT_B:
385#ifndef OPENSSL_NO_TLSEXT
386 ret = ssl3_check_finished(s); 385 ret = ssl3_check_finished(s);
387 if (ret <= 0) 386 if (ret <= 0)
388 goto end; 387 goto end;
@@ -395,14 +394,12 @@ dtls1_connect(SSL *s)
395 s->init_num = 0; 394 s->init_num = 0;
396 break; 395 break;
397 } 396 }
398#endif
399 /* Check if it is anon DH or PSK */ 397 /* Check if it is anon DH or PSK */
400 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && 398 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
401 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { 399 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
402 ret = ssl3_get_server_certificate(s); 400 ret = ssl3_get_server_certificate(s);
403 if (ret <= 0) 401 if (ret <= 0)
404 goto end; 402 goto end;
405#ifndef OPENSSL_NO_TLSEXT
406 if (s->tlsext_status_expected) 403 if (s->tlsext_status_expected)
407 s->state = SSL3_ST_CR_CERT_STATUS_A; 404 s->state = SSL3_ST_CR_CERT_STATUS_A;
408 else 405 else
@@ -411,12 +408,6 @@ dtls1_connect(SSL *s)
411 skip = 1; 408 skip = 1;
412 s->state = SSL3_ST_CR_KEY_EXCH_A; 409 s->state = SSL3_ST_CR_KEY_EXCH_A;
413 } 410 }
414#else
415 } else
416 skip = 1;
417
418 s->state = SSL3_ST_CR_KEY_EXCH_A;
419#endif
420 s->init_num = 0; 411 s->init_num = 0;
421 break; 412 break;
422 413
@@ -626,19 +617,16 @@ dtls1_connect(SSL *s)
626 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); 617 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
627#endif 618#endif
628 619
629#ifndef OPENSSL_NO_TLSEXT
630 /* Allow NewSessionTicket if ticket expected */ 620 /* Allow NewSessionTicket if ticket expected */
631 if (s->tlsext_ticket_expected) 621 if (s->tlsext_ticket_expected)
632 s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A; 622 s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
633 else 623 else
634#endif
635 624
636 s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A; 625 s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
637 } 626 }
638 s->init_num = 0; 627 s->init_num = 0;
639 break; 628 break;
640 629
641#ifndef OPENSSL_NO_TLSEXT
642 case SSL3_ST_CR_SESSION_TICKET_A: 630 case SSL3_ST_CR_SESSION_TICKET_A:
643 case SSL3_ST_CR_SESSION_TICKET_B: 631 case SSL3_ST_CR_SESSION_TICKET_B:
644 ret = ssl3_get_new_session_ticket(s); 632 ret = ssl3_get_new_session_ticket(s);
@@ -656,7 +644,6 @@ dtls1_connect(SSL *s)
656 s->state = SSL3_ST_CR_KEY_EXCH_A; 644 s->state = SSL3_ST_CR_KEY_EXCH_A;
657 s->init_num = 0; 645 s->init_num = 0;
658 break; 646 break;
659#endif
660 647
661 case SSL3_ST_CR_FINISHED_A: 648 case SSL3_ST_CR_FINISHED_A:
662 case SSL3_ST_CR_FINISHED_B: 649 case SSL3_ST_CR_FINISHED_B:
@@ -787,11 +774,7 @@ dtls1_client_hello(SSL *s)
787 SSL_SESSION *sess = s->session; 774 SSL_SESSION *sess = s->session;
788 if ((s->session == NULL) || 775 if ((s->session == NULL) ||
789 (s->session->ssl_version != s->version) || 776 (s->session->ssl_version != s->version) ||
790#ifdef OPENSSL_NO_TLSEXT
791 !sess->session_id_length ||
792#else
793 (!sess->session_id_length && !sess->tlsext_tick) || 777 (!sess->session_id_length && !sess->tlsext_tick) ||
794#endif
795 (s->session->not_resumable)) { 778 (s->session->not_resumable)) {
796 if (!ssl_get_new_session(s, 0)) 779 if (!ssl_get_new_session(s, 0))
797 goto err; 780 goto err;
@@ -864,12 +847,10 @@ dtls1_client_hello(SSL *s)
864 } 847 }
865 *(p++) = 0; /* Add the NULL method */ 848 *(p++) = 0; /* Add the NULL method */
866 849
867#ifndef OPENSSL_NO_TLSEXT
868 if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { 850 if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
869 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 851 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
870 goto err; 852 goto err;
871 } 853 }
872#endif
873 854
874 l = (p - d); 855 l = (p - d);
875 d = buf; 856 d = buf;
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 368afda77a..24f0a2e86e 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -415,14 +415,10 @@ dtls1_accept(SSL *s)
415 BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, 415 BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
416 sizeof(sctpauthkey), sctpauthkey); 416 sizeof(sctpauthkey), sctpauthkey);
417#endif 417#endif
418#ifndef OPENSSL_NO_TLSEXT
419 if (s->tlsext_ticket_expected) 418 if (s->tlsext_ticket_expected)
420 s->state = SSL3_ST_SW_SESSION_TICKET_A; 419 s->state = SSL3_ST_SW_SESSION_TICKET_A;
421 else 420 else
422 s->state = SSL3_ST_SW_CHANGE_A; 421 s->state = SSL3_ST_SW_CHANGE_A;
423#else
424 s->state = SSL3_ST_SW_CHANGE_A;
425#endif
426 } else 422 } else
427 s->state = SSL3_ST_SW_CERT_A; 423 s->state = SSL3_ST_SW_CERT_A;
428 s->init_num = 0; 424 s->init_num = 0;
@@ -437,7 +433,6 @@ dtls1_accept(SSL *s)
437 ret = dtls1_send_server_certificate(s); 433 ret = dtls1_send_server_certificate(s);
438 if (ret <= 0) 434 if (ret <= 0)
439 goto end; 435 goto end;
440#ifndef OPENSSL_NO_TLSEXT
441 if (s->tlsext_status_expected) 436 if (s->tlsext_status_expected)
442 s->state = SSL3_ST_SW_CERT_STATUS_A; 437 s->state = SSL3_ST_SW_CERT_STATUS_A;
443 else 438 else
@@ -446,12 +441,6 @@ dtls1_accept(SSL *s)
446 skip = 1; 441 skip = 1;
447 s->state = SSL3_ST_SW_KEY_EXCH_A; 442 s->state = SSL3_ST_SW_KEY_EXCH_A;
448 } 443 }
449#else
450 } else
451 skip = 1;
452
453 s->state = SSL3_ST_SW_KEY_EXCH_A;
454#endif
455 s->init_num = 0; 444 s->init_num = 0;
456 break; 445 break;
457 446
@@ -680,16 +669,13 @@ dtls1_accept(SSL *s)
680 dtls1_stop_timer(s); 669 dtls1_stop_timer(s);
681 if (s->hit) 670 if (s->hit)
682 s->state = SSL_ST_OK; 671 s->state = SSL_ST_OK;
683#ifndef OPENSSL_NO_TLSEXT
684 else if (s->tlsext_ticket_expected) 672 else if (s->tlsext_ticket_expected)
685 s->state = SSL3_ST_SW_SESSION_TICKET_A; 673 s->state = SSL3_ST_SW_SESSION_TICKET_A;
686#endif
687 else 674 else
688 s->state = SSL3_ST_SW_CHANGE_A; 675 s->state = SSL3_ST_SW_CHANGE_A;
689 s->init_num = 0; 676 s->init_num = 0;
690 break; 677 break;
691 678
692#ifndef OPENSSL_NO_TLSEXT
693 case SSL3_ST_SW_SESSION_TICKET_A: 679 case SSL3_ST_SW_SESSION_TICKET_A:
694 case SSL3_ST_SW_SESSION_TICKET_B: 680 case SSL3_ST_SW_SESSION_TICKET_B:
695 ret = dtls1_send_newsession_ticket(s); 681 ret = dtls1_send_newsession_ticket(s);
@@ -708,7 +694,6 @@ dtls1_accept(SSL *s)
708 s->init_num = 0; 694 s->init_num = 0;
709 break; 695 break;
710 696
711#endif
712 697
713 case SSL3_ST_SW_CHANGE_A: 698 case SSL3_ST_SW_CHANGE_A:
714 case SSL3_ST_SW_CHANGE_B: 699 case SSL3_ST_SW_CHANGE_B:
@@ -971,12 +956,10 @@ dtls1_send_server_hello(SSL *s)
971 *(p++) = s->s3->tmp.new_compression->id; 956 *(p++) = s->s3->tmp.new_compression->id;
972#endif 957#endif
973 958
974#ifndef OPENSSL_NO_TLSEXT
975 if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { 959 if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
976 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); 960 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
977 return -1; 961 return -1;
978 } 962 }
979#endif
980 963
981 /* do the header */ 964 /* do the header */
982 l = (p - d); 965 l = (p - d);
@@ -1532,7 +1515,6 @@ dtls1_send_server_certificate(SSL *s)
1532 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); 1515 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1533} 1516}
1534 1517
1535#ifndef OPENSSL_NO_TLSEXT
1536int 1518int
1537dtls1_send_newsession_ticket(SSL *s) 1519dtls1_send_newsession_ticket(SSL *s)
1538{ 1520{
@@ -1638,4 +1620,3 @@ dtls1_send_newsession_ticket(SSL *s)
1638 /* SSL3_ST_SW_SESSION_TICKET_B */ 1620 /* SSL3_ST_SW_SESSION_TICKET_B */
1639 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); 1621 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1640} 1622}
1641#endif
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index 5361d5bea8..16c30c083a 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -431,7 +431,6 @@ ssl23_client_hello(SSL *s)
431 /* Add the NULL method */ 431 /* Add the NULL method */
432 *(p++) = 0; 432 *(p++) = 0;
433 433
434#ifndef OPENSSL_NO_TLSEXT
435 /* TLS extensions*/ 434 /* TLS extensions*/
436 if (ssl_prepare_clienthello_tlsext(s) <= 0) { 435 if (ssl_prepare_clienthello_tlsext(s) <= 0) {
437 SSLerr(SSL_F_SSL23_CLIENT_HELLO, 436 SSLerr(SSL_F_SSL23_CLIENT_HELLO,
@@ -443,7 +442,6 @@ ssl23_client_hello(SSL *s)
443 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 442 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
444 return -1; 443 return -1;
445 } 444 }
446#endif
447 445
448 l = p - d; 446 l = p - d;
449 447
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index bda14069c1..66a7ec0d38 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -316,12 +316,10 @@ ssl3_connect(SSL *s)
316 316
317 if (s->hit) { 317 if (s->hit) {
318 s->state = SSL3_ST_CR_FINISHED_A; 318 s->state = SSL3_ST_CR_FINISHED_A;
319#ifndef OPENSSL_NO_TLSEXT
320 if (s->tlsext_ticket_expected) { 319 if (s->tlsext_ticket_expected) {
321 /* receive renewed session ticket */ 320 /* receive renewed session ticket */
322 s->state = SSL3_ST_CR_SESSION_TICKET_A; 321 s->state = SSL3_ST_CR_SESSION_TICKET_A;
323 } 322 }
324#endif
325 } else 323 } else
326 s->state = SSL3_ST_CR_CERT_A; 324 s->state = SSL3_ST_CR_CERT_A;
327 s->init_num = 0; 325 s->init_num = 0;
@@ -329,7 +327,6 @@ ssl3_connect(SSL *s)
329 327
330 case SSL3_ST_CR_CERT_A: 328 case SSL3_ST_CR_CERT_A:
331 case SSL3_ST_CR_CERT_B: 329 case SSL3_ST_CR_CERT_B:
332#ifndef OPENSSL_NO_TLSEXT
333 ret = ssl3_check_finished(s); 330 ret = ssl3_check_finished(s);
334 if (ret <= 0) 331 if (ret <= 0)
335 goto end; 332 goto end;
@@ -342,7 +339,6 @@ ssl3_connect(SSL *s)
342 s->init_num = 0; 339 s->init_num = 0;
343 break; 340 break;
344 } 341 }
345#endif
346 /* Check if it is anon DH/ECDH or PSK */ 342 /* Check if it is anon DH/ECDH or PSK */
347 if (!(s->s3->tmp.new_cipher->algorithm_auth & 343 if (!(s->s3->tmp.new_cipher->algorithm_auth &
348 SSL_aNULL) && 344 SSL_aNULL) &&
@@ -351,7 +347,6 @@ ssl3_connect(SSL *s)
351 ret = ssl3_get_server_certificate(s); 347 ret = ssl3_get_server_certificate(s);
352 if (ret <= 0) 348 if (ret <= 0)
353 goto end; 349 goto end;
354#ifndef OPENSSL_NO_TLSEXT
355 if (s->tlsext_status_expected) 350 if (s->tlsext_status_expected)
356 s->state = SSL3_ST_CR_CERT_STATUS_A; 351 s->state = SSL3_ST_CR_CERT_STATUS_A;
357 else 352 else
@@ -360,12 +355,6 @@ ssl3_connect(SSL *s)
360 skip = 1; 355 skip = 1;
361 s->state = SSL3_ST_CR_KEY_EXCH_A; 356 s->state = SSL3_ST_CR_KEY_EXCH_A;
362 } 357 }
363#else
364 } else
365 skip = 1;
366
367 s->state = SSL3_ST_CR_KEY_EXCH_A;
368#endif
369 s->init_num = 0; 358 s->init_num = 0;
370 break; 359 break;
371 360
@@ -536,20 +525,17 @@ ssl3_connect(SSL *s)
536 s->s3->delay_buf_pop_ret = 0; 525 s->s3->delay_buf_pop_ret = 0;
537 } 526 }
538 } else { 527 } else {
539#ifndef OPENSSL_NO_TLSEXT
540 /* Allow NewSessionTicket if ticket expected */ 528 /* Allow NewSessionTicket if ticket expected */
541 if (s->tlsext_ticket_expected) 529 if (s->tlsext_ticket_expected)
542 s->s3->tmp.next_state = 530 s->s3->tmp.next_state =
543 SSL3_ST_CR_SESSION_TICKET_A; 531 SSL3_ST_CR_SESSION_TICKET_A;
544 else 532 else
545#endif
546 533
547 s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A; 534 s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
548 } 535 }
549 s->init_num = 0; 536 s->init_num = 0;
550 break; 537 break;
551 538
552#ifndef OPENSSL_NO_TLSEXT
553 case SSL3_ST_CR_SESSION_TICKET_A: 539 case SSL3_ST_CR_SESSION_TICKET_A:
554 case SSL3_ST_CR_SESSION_TICKET_B: 540 case SSL3_ST_CR_SESSION_TICKET_B:
555 ret = ssl3_get_new_session_ticket(s); 541 ret = ssl3_get_new_session_ticket(s);
@@ -567,7 +553,6 @@ ssl3_connect(SSL *s)
567 s->state = SSL3_ST_CR_KEY_EXCH_A; 553 s->state = SSL3_ST_CR_KEY_EXCH_A;
568 s->init_num = 0; 554 s->init_num = 0;
569 break; 555 break;
570#endif
571 556
572 case SSL3_ST_CR_FINISHED_A: 557 case SSL3_ST_CR_FINISHED_A:
573 case SSL3_ST_CR_FINISHED_B: 558 case SSL3_ST_CR_FINISHED_B:
@@ -681,11 +666,7 @@ ssl3_client_hello(SSL *s)
681 SSL_SESSION *sess = s->session; 666 SSL_SESSION *sess = s->session;
682 if ((sess == NULL) || 667 if ((sess == NULL) ||
683 (sess->ssl_version != s->version) || 668 (sess->ssl_version != s->version) ||
684#ifdef OPENSSL_NO_TLSEXT
685 !sess->session_id_length ||
686#else
687 (!sess->session_id_length && !sess->tlsext_tick) || 669 (!sess->session_id_length && !sess->tlsext_tick) ||
688#endif
689 (sess->not_resumable)) { 670 (sess->not_resumable)) {
690 if (!ssl_get_new_session(s, 0)) 671 if (!ssl_get_new_session(s, 0))
691 goto err; 672 goto err;
@@ -791,7 +772,6 @@ ssl3_client_hello(SSL *s)
791#endif 772#endif
792 *(p++) = 0; /* Add the NULL method */ 773 *(p++) = 0; /* Add the NULL method */
793 774
794#ifndef OPENSSL_NO_TLSEXT
795 /* TLS extensions*/ 775 /* TLS extensions*/
796 if (ssl_prepare_clienthello_tlsext(s) <= 0) { 776 if (ssl_prepare_clienthello_tlsext(s) <= 0) {
797 SSLerr(SSL_F_SSL3_CLIENT_HELLO, 777 SSLerr(SSL_F_SSL3_CLIENT_HELLO,
@@ -804,7 +784,6 @@ ssl3_client_hello(SSL *s)
804 ERR_R_INTERNAL_ERROR); 784 ERR_R_INTERNAL_ERROR);
805 goto err; 785 goto err;
806 } 786 }
807#endif
808 787
809 l = (p - d); 788 l = (p - d);
810 d = buf; 789 d = buf;
@@ -892,7 +871,6 @@ ssl3_get_server_hello(SSL *s)
892 goto f_err; 871 goto f_err;
893 } 872 }
894 873
895#ifndef OPENSSL_NO_TLSEXT
896 /* 874 /*
897 * Check if we want to resume the session based on external 875 * Check if we want to resume the session based on external
898 * pre-shared secret 876 * pre-shared secret
@@ -907,7 +885,6 @@ ssl3_get_server_hello(SSL *s)
907 pref_cipher : ssl_get_cipher_by_char(s, p + j); 885 pref_cipher : ssl_get_cipher_by_char(s, p + j);
908 } 886 }
909 } 887 }
910#endif /* OPENSSL_NO_TLSEXT */
911 888
912 if (j != 0 && j == s->session->session_id_length && 889 if (j != 0 && j == s->session->session_id_length &&
913 memcmp(p, s->session->session_id, j) == 0) { 890 memcmp(p, s->session->session_id, j) == 0) {
@@ -1033,7 +1010,6 @@ ssl3_get_server_hello(SSL *s)
1033 } 1010 }
1034#endif 1011#endif
1035 1012
1036#ifndef OPENSSL_NO_TLSEXT
1037 /* TLS extensions*/ 1013 /* TLS extensions*/
1038 if (s->version >= SSL3_VERSION) { 1014 if (s->version >= SSL3_VERSION) {
1039 if (!ssl_parse_serverhello_tlsext(s, &p, d, n, &al)) { 1015 if (!ssl_parse_serverhello_tlsext(s, &p, d, n, &al)) {
@@ -1049,7 +1025,6 @@ ssl3_get_server_hello(SSL *s)
1049 goto err; 1025 goto err;
1050 } 1026 }
1051 } 1027 }
1052#endif
1053 1028
1054 if (p != (d + n)) { 1029 if (p != (d + n)) {
1055 /* wrong packet length */ 1030 /* wrong packet length */
@@ -1876,7 +1851,6 @@ ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
1876 return (X509_NAME_cmp(*a, *b)); 1851 return (X509_NAME_cmp(*a, *b));
1877} 1852}
1878 1853
1879#ifndef OPENSSL_NO_TLSEXT
1880int 1854int
1881ssl3_get_new_session_ticket(SSL *s) 1855ssl3_get_new_session_ticket(SSL *s)
1882{ 1856{
@@ -2018,7 +1992,6 @@ f_err:
2018 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1992 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2019 return (-1); 1993 return (-1);
2020} 1994}
2021#endif
2022 1995
2023int 1996int
2024ssl3_get_server_done(SSL *s) 1997ssl3_get_server_done(SSL *s)
@@ -2930,7 +2903,6 @@ ssl3_send_next_proto(SSL *s)
2930 * session tickets we have to check the next message to be sure. 2903 * session tickets we have to check the next message to be sure.
2931 */ 2904 */
2932 2905
2933#ifndef OPENSSL_NO_TLSEXT
2934int 2906int
2935ssl3_check_finished(SSL *s) 2907ssl3_check_finished(SSL *s)
2936{ 2908{
@@ -2953,7 +2925,6 @@ ssl3_check_finished(SSL *s)
2953 2925
2954 return (1); 2926 return (1);
2955} 2927}
2956#endif
2957 2928
2958int 2929int
2959ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) 2930ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 477c53b15b..72492a3332 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -151,11 +151,9 @@
151#include <stdio.h> 151#include <stdio.h>
152#include <openssl/objects.h> 152#include <openssl/objects.h>
153#include "ssl_locl.h" 153#include "ssl_locl.h"
154#ifndef OPENSSL_NO_TLSEXT
155#ifndef OPENSSL_NO_EC 154#ifndef OPENSSL_NO_EC
156#include "../crypto/ec/ec_lcl.h" 155#include "../crypto/ec/ec_lcl.h"
157#endif /* OPENSSL_NO_EC */ 156#endif /* OPENSSL_NO_EC */
158#endif /* OPENSSL_NO_TLSEXT */
159#include <openssl/md5.h> 157#include <openssl/md5.h>
160#include <openssl/dh.h> 158#include <openssl/dh.h>
161 159
@@ -2383,11 +2381,9 @@ ssl3_clear(SSL *s)
2383 EC_KEY_free(s->s3->tmp.ecdh); 2381 EC_KEY_free(s->s3->tmp.ecdh);
2384 s->s3->tmp.ecdh = NULL; 2382 s->s3->tmp.ecdh = NULL;
2385 } 2383 }
2386#ifndef OPENSSL_NO_TLSEXT
2387#ifndef OPENSSL_NO_EC 2384#ifndef OPENSSL_NO_EC
2388 s->s3->is_probably_safari = 0; 2385 s->s3->is_probably_safari = 0;
2389#endif /* !OPENSSL_NO_EC */ 2386#endif /* !OPENSSL_NO_EC */
2390#endif /* !OPENSSL_NO_TLSEXT */
2391 2387
2392 rp = s->s3->rbuf.buf; 2388 rp = s->s3->rbuf.buf;
2393 wp = s->s3->wbuf.buf; 2389 wp = s->s3->wbuf.buf;
@@ -2561,7 +2557,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2561 return (ret); 2557 return (ret);
2562 } 2558 }
2563 break; 2559 break;
2564#ifndef OPENSSL_NO_TLSEXT
2565 case SSL_CTRL_SET_TLSEXT_HOSTNAME: 2560 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2566 if (larg == TLSEXT_NAMETYPE_host_name) { 2561 if (larg == TLSEXT_NAMETYPE_host_name) {
2567 free(s->tlsext_hostname); 2562 free(s->tlsext_hostname);
@@ -2657,7 +2652,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2657 ret = 1; 2652 ret = 1;
2658 break; 2653 break;
2659 2654
2660#endif /* !OPENSSL_NO_TLSEXT */
2661 default: 2655 default:
2662 break; 2656 break;
2663 } 2657 }
@@ -2694,12 +2688,10 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
2694 (EC_KEY *(*)(SSL *, int, int))fp; 2688 (EC_KEY *(*)(SSL *, int, int))fp;
2695 } 2689 }
2696 break; 2690 break;
2697#ifndef OPENSSL_NO_TLSEXT
2698 case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 2691 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2699 s->tlsext_debug_cb = (void (*)(SSL *, int , int, 2692 s->tlsext_debug_cb = (void (*)(SSL *, int , int,
2700 unsigned char *, int, void *))fp; 2693 unsigned char *, int, void *))fp;
2701 break; 2694 break;
2702#endif
2703 default: 2695 default:
2704 break; 2696 break;
2705 } 2697 }
@@ -2824,7 +2816,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2824 return (0); 2816 return (0);
2825 } 2817 }
2826 break; 2818 break;
2827#ifndef OPENSSL_NO_TLSEXT
2828 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: 2819 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2829 ctx->tlsext_servername_arg = parg; 2820 ctx->tlsext_servername_arg = parg;
2830 break; 2821 break;
@@ -2865,7 +2856,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2865 return 1; 2856 return 1;
2866 break; 2857 break;
2867 2858
2868#endif /* !OPENSSL_NO_TLSEXT */
2869 2859
2870 /* A Thawte special :-) */ 2860 /* A Thawte special :-) */
2871 case SSL_CTRL_EXTRA_CHAIN_CERT: 2861 case SSL_CTRL_EXTRA_CHAIN_CERT:
@@ -2916,7 +2906,6 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2916 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 2906 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2917 } 2907 }
2918 break; 2908 break;
2919#ifndef OPENSSL_NO_TLSEXT
2920 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 2909 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2921 ctx->tlsext_servername_callback = 2910 ctx->tlsext_servername_callback =
2922 (int (*)(SSL *, int *, void *))fp; 2911 (int (*)(SSL *, int *, void *))fp;
@@ -2938,7 +2927,6 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2938 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; 2927 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
2939 break; 2928 break;
2940 2929
2941#endif
2942 default: 2930 default:
2943 return (0); 2931 return (0);
2944 } 2932 }
@@ -3043,7 +3031,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3043 ok = (alg_k & mask_k) && (alg_a & mask_a); 3031 ok = (alg_k & mask_k) && (alg_a & mask_a);
3044 } 3032 }
3045 3033
3046#ifndef OPENSSL_NO_TLSEXT
3047#ifndef OPENSSL_NO_EC 3034#ifndef OPENSSL_NO_EC
3048 if ( 3035 if (
3049 /* 3036 /*
@@ -3181,7 +3168,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3181 ok = ok && ec_ok; 3168 ok = ok && ec_ok;
3182 } 3169 }
3183#endif /* OPENSSL_NO_EC */ 3170#endif /* OPENSSL_NO_EC */
3184#endif /* OPENSSL_NO_TLSEXT */
3185 3171
3186 if (!ok) 3172 if (!ok)
3187 continue; 3173 continue;
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 120f92a9d3..4a6c3cb1e8 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -357,17 +357,12 @@ ssl3_accept(SSL *s)
357 ret = ssl3_send_server_hello(s); 357 ret = ssl3_send_server_hello(s);
358 if (ret <= 0) 358 if (ret <= 0)
359 goto end; 359 goto end;
360#ifndef OPENSSL_NO_TLSEXT
361 if (s->hit) { 360 if (s->hit) {
362 if (s->tlsext_ticket_expected) 361 if (s->tlsext_ticket_expected)
363 s->state = SSL3_ST_SW_SESSION_TICKET_A; 362 s->state = SSL3_ST_SW_SESSION_TICKET_A;
364 else 363 else
365 s->state = SSL3_ST_SW_CHANGE_A; 364 s->state = SSL3_ST_SW_CHANGE_A;
366 } 365 }
367#else
368 if (s->hit)
369 s->state = SSL3_ST_SW_CHANGE_A;
370#endif
371 else 366 else
372 s->state = SSL3_ST_SW_CERT_A; 367 s->state = SSL3_ST_SW_CERT_A;
373 s->init_num = 0; 368 s->init_num = 0;
@@ -385,7 +380,6 @@ ssl3_accept(SSL *s)
385 ret = ssl3_send_server_certificate(s); 380 ret = ssl3_send_server_certificate(s);
386 if (ret <= 0) 381 if (ret <= 0)
387 goto end; 382 goto end;
388#ifndef OPENSSL_NO_TLSEXT
389 if (s->tlsext_status_expected) 383 if (s->tlsext_status_expected)
390 s->state = SSL3_ST_SW_CERT_STATUS_A; 384 s->state = SSL3_ST_SW_CERT_STATUS_A;
391 else 385 else
@@ -394,12 +388,6 @@ ssl3_accept(SSL *s)
394 skip = 1; 388 skip = 1;
395 s->state = SSL3_ST_SW_KEY_EXCH_A; 389 s->state = SSL3_ST_SW_KEY_EXCH_A;
396 } 390 }
397#else
398 } else
399 skip = 1;
400
401 s->state = SSL3_ST_SW_KEY_EXCH_A;
402#endif
403 s->init_num = 0; 391 s->init_num = 0;
404 break; 392 break;
405 393
@@ -683,16 +671,13 @@ ssl3_accept(SSL *s)
683 goto end; 671 goto end;
684 if (s->hit) 672 if (s->hit)
685 s->state = SSL_ST_OK; 673 s->state = SSL_ST_OK;
686#ifndef OPENSSL_NO_TLSEXT
687 else if (s->tlsext_ticket_expected) 674 else if (s->tlsext_ticket_expected)
688 s->state = SSL3_ST_SW_SESSION_TICKET_A; 675 s->state = SSL3_ST_SW_SESSION_TICKET_A;
689#endif
690 else 676 else
691 s->state = SSL3_ST_SW_CHANGE_A; 677 s->state = SSL3_ST_SW_CHANGE_A;
692 s->init_num = 0; 678 s->init_num = 0;
693 break; 679 break;
694 680
695#ifndef OPENSSL_NO_TLSEXT
696 case SSL3_ST_SW_SESSION_TICKET_A: 681 case SSL3_ST_SW_SESSION_TICKET_A:
697 case SSL3_ST_SW_SESSION_TICKET_B: 682 case SSL3_ST_SW_SESSION_TICKET_B:
698 ret = ssl3_send_newsession_ticket(s); 683 ret = ssl3_send_newsession_ticket(s);
@@ -711,7 +696,6 @@ ssl3_accept(SSL *s)
711 s->init_num = 0; 696 s->init_num = 0;
712 break; 697 break;
713 698
714#endif
715 699
716 case SSL3_ST_SW_CHANGE_A: 700 case SSL3_ST_SW_CHANGE_A:
717 case SSL3_ST_SW_CHANGE_B: 701 case SSL3_ST_SW_CHANGE_B:
@@ -1123,7 +1107,6 @@ ssl3_get_client_hello(SSL *s)
1123 goto f_err; 1107 goto f_err;
1124 } 1108 }
1125 1109
1126#ifndef OPENSSL_NO_TLSEXT
1127 /* TLS extensions*/ 1110 /* TLS extensions*/
1128 if (s->version >= SSL3_VERSION) { 1111 if (s->version >= SSL3_VERSION) {
1129 if (!ssl_parse_clienthello_tlsext(s, &p, d, n, &al)) { 1112 if (!ssl_parse_clienthello_tlsext(s, &p, d, n, &al)) {
@@ -1191,7 +1174,6 @@ ssl3_get_client_hello(SSL *s)
1191 sk_SSL_CIPHER_dup(s->session->ciphers); 1174 sk_SSL_CIPHER_dup(s->session->ciphers);
1192 } 1175 }
1193 } 1176 }
1194#endif
1195 1177
1196 /* 1178 /*
1197 * Worst case, we will use the NULL compression, but if we have other 1179 * Worst case, we will use the NULL compression, but if we have other
@@ -1381,11 +1363,6 @@ ssl3_send_server_hello(SSL *s)
1381 1363
1382 if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { 1364 if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
1383 buf = (unsigned char *)s->init_buf->data; 1365 buf = (unsigned char *)s->init_buf->data;
1384#ifdef OPENSSL_NO_TLSEXT
1385 p = s->s3->server_random;
1386 if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0)
1387 return (-1);
1388#endif
1389 /* Do the message type and length last */ 1366 /* Do the message type and length last */
1390 d = p= &(buf[4]); 1367 d = p= &(buf[4]);
1391 1368
@@ -1441,7 +1418,6 @@ ssl3_send_server_hello(SSL *s)
1441 else 1418 else
1442 *(p++) = s->s3->tmp.new_compression->id; 1419 *(p++) = s->s3->tmp.new_compression->id;
1443#endif 1420#endif
1444#ifndef OPENSSL_NO_TLSEXT
1445 if (ssl_prepare_serverhello_tlsext(s) <= 0) { 1421 if (ssl_prepare_serverhello_tlsext(s) <= 0) {
1446 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, 1422 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
1447 SSL_R_SERVERHELLO_TLSEXT); 1423 SSL_R_SERVERHELLO_TLSEXT);
@@ -1453,7 +1429,6 @@ ssl3_send_server_hello(SSL *s)
1453 ERR_R_INTERNAL_ERROR); 1429 ERR_R_INTERNAL_ERROR);
1454 return (-1); 1430 return (-1);
1455 } 1431 }
1456#endif
1457 /* do the header */ 1432 /* do the header */
1458 l = (p - d); 1433 l = (p - d);
1459 d = buf; 1434 d = buf;
@@ -2928,7 +2903,6 @@ ssl3_send_server_certificate(SSL *s)
2928 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); 2903 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
2929} 2904}
2930 2905
2931#ifndef OPENSSL_NO_TLSEXT
2932/* send a new session ticket (not necessarily for a new session) */ 2906/* send a new session ticket (not necessarily for a new session) */
2933int 2907int
2934ssl3_send_newsession_ticket(SSL *s) 2908ssl3_send_newsession_ticket(SSL *s)
@@ -3180,4 +3154,3 @@ ssl3_get_next_proto(SSL *s)
3180 return (1); 3154 return (1);
3181} 3155}
3182# endif 3156# endif
3183#endif
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index e8b43f3268..fe5f1aa200 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -382,7 +382,6 @@ dtls1_connect(SSL *s)
382 382
383 case SSL3_ST_CR_CERT_A: 383 case SSL3_ST_CR_CERT_A:
384 case SSL3_ST_CR_CERT_B: 384 case SSL3_ST_CR_CERT_B:
385#ifndef OPENSSL_NO_TLSEXT
386 ret = ssl3_check_finished(s); 385 ret = ssl3_check_finished(s);
387 if (ret <= 0) 386 if (ret <= 0)
388 goto end; 387 goto end;
@@ -395,14 +394,12 @@ dtls1_connect(SSL *s)
395 s->init_num = 0; 394 s->init_num = 0;
396 break; 395 break;
397 } 396 }
398#endif
399 /* Check if it is anon DH or PSK */ 397 /* Check if it is anon DH or PSK */
400 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && 398 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
401 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { 399 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
402 ret = ssl3_get_server_certificate(s); 400 ret = ssl3_get_server_certificate(s);
403 if (ret <= 0) 401 if (ret <= 0)
404 goto end; 402 goto end;
405#ifndef OPENSSL_NO_TLSEXT
406 if (s->tlsext_status_expected) 403 if (s->tlsext_status_expected)
407 s->state = SSL3_ST_CR_CERT_STATUS_A; 404 s->state = SSL3_ST_CR_CERT_STATUS_A;
408 else 405 else
@@ -411,12 +408,6 @@ dtls1_connect(SSL *s)
411 skip = 1; 408 skip = 1;
412 s->state = SSL3_ST_CR_KEY_EXCH_A; 409 s->state = SSL3_ST_CR_KEY_EXCH_A;
413 } 410 }
414#else
415 } else
416 skip = 1;
417
418 s->state = SSL3_ST_CR_KEY_EXCH_A;
419#endif
420 s->init_num = 0; 411 s->init_num = 0;
421 break; 412 break;
422 413
@@ -626,19 +617,16 @@ dtls1_connect(SSL *s)
626 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); 617 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
627#endif 618#endif
628 619
629#ifndef OPENSSL_NO_TLSEXT
630 /* Allow NewSessionTicket if ticket expected */ 620 /* Allow NewSessionTicket if ticket expected */
631 if (s->tlsext_ticket_expected) 621 if (s->tlsext_ticket_expected)
632 s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A; 622 s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
633 else 623 else
634#endif
635 624
636 s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A; 625 s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
637 } 626 }
638 s->init_num = 0; 627 s->init_num = 0;
639 break; 628 break;
640 629
641#ifndef OPENSSL_NO_TLSEXT
642 case SSL3_ST_CR_SESSION_TICKET_A: 630 case SSL3_ST_CR_SESSION_TICKET_A:
643 case SSL3_ST_CR_SESSION_TICKET_B: 631 case SSL3_ST_CR_SESSION_TICKET_B:
644 ret = ssl3_get_new_session_ticket(s); 632 ret = ssl3_get_new_session_ticket(s);
@@ -656,7 +644,6 @@ dtls1_connect(SSL *s)
656 s->state = SSL3_ST_CR_KEY_EXCH_A; 644 s->state = SSL3_ST_CR_KEY_EXCH_A;
657 s->init_num = 0; 645 s->init_num = 0;
658 break; 646 break;
659#endif
660 647
661 case SSL3_ST_CR_FINISHED_A: 648 case SSL3_ST_CR_FINISHED_A:
662 case SSL3_ST_CR_FINISHED_B: 649 case SSL3_ST_CR_FINISHED_B:
@@ -787,11 +774,7 @@ dtls1_client_hello(SSL *s)
787 SSL_SESSION *sess = s->session; 774 SSL_SESSION *sess = s->session;
788 if ((s->session == NULL) || 775 if ((s->session == NULL) ||
789 (s->session->ssl_version != s->version) || 776 (s->session->ssl_version != s->version) ||
790#ifdef OPENSSL_NO_TLSEXT
791 !sess->session_id_length ||
792#else
793 (!sess->session_id_length && !sess->tlsext_tick) || 777 (!sess->session_id_length && !sess->tlsext_tick) ||
794#endif
795 (s->session->not_resumable)) { 778 (s->session->not_resumable)) {
796 if (!ssl_get_new_session(s, 0)) 779 if (!ssl_get_new_session(s, 0))
797 goto err; 780 goto err;
@@ -864,12 +847,10 @@ dtls1_client_hello(SSL *s)
864 } 847 }
865 *(p++) = 0; /* Add the NULL method */ 848 *(p++) = 0; /* Add the NULL method */
866 849
867#ifndef OPENSSL_NO_TLSEXT
868 if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { 850 if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
869 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 851 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
870 goto err; 852 goto err;
871 } 853 }
872#endif
873 854
874 l = (p - d); 855 l = (p - d);
875 d = buf; 856 d = buf;
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index 368afda77a..24f0a2e86e 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -415,14 +415,10 @@ dtls1_accept(SSL *s)
415 BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, 415 BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
416 sizeof(sctpauthkey), sctpauthkey); 416 sizeof(sctpauthkey), sctpauthkey);
417#endif 417#endif
418#ifndef OPENSSL_NO_TLSEXT
419 if (s->tlsext_ticket_expected) 418 if (s->tlsext_ticket_expected)
420 s->state = SSL3_ST_SW_SESSION_TICKET_A; 419 s->state = SSL3_ST_SW_SESSION_TICKET_A;
421 else 420 else
422 s->state = SSL3_ST_SW_CHANGE_A; 421 s->state = SSL3_ST_SW_CHANGE_A;
423#else
424 s->state = SSL3_ST_SW_CHANGE_A;
425#endif
426 } else 422 } else
427 s->state = SSL3_ST_SW_CERT_A; 423 s->state = SSL3_ST_SW_CERT_A;
428 s->init_num = 0; 424 s->init_num = 0;
@@ -437,7 +433,6 @@ dtls1_accept(SSL *s)
437 ret = dtls1_send_server_certificate(s); 433 ret = dtls1_send_server_certificate(s);
438 if (ret <= 0) 434 if (ret <= 0)
439 goto end; 435 goto end;
440#ifndef OPENSSL_NO_TLSEXT
441 if (s->tlsext_status_expected) 436 if (s->tlsext_status_expected)
442 s->state = SSL3_ST_SW_CERT_STATUS_A; 437 s->state = SSL3_ST_SW_CERT_STATUS_A;
443 else 438 else
@@ -446,12 +441,6 @@ dtls1_accept(SSL *s)
446 skip = 1; 441 skip = 1;
447 s->state = SSL3_ST_SW_KEY_EXCH_A; 442 s->state = SSL3_ST_SW_KEY_EXCH_A;
448 } 443 }
449#else
450 } else
451 skip = 1;
452
453 s->state = SSL3_ST_SW_KEY_EXCH_A;
454#endif
455 s->init_num = 0; 444 s->init_num = 0;
456 break; 445 break;
457 446
@@ -680,16 +669,13 @@ dtls1_accept(SSL *s)
680 dtls1_stop_timer(s); 669 dtls1_stop_timer(s);
681 if (s->hit) 670 if (s->hit)
682 s->state = SSL_ST_OK; 671 s->state = SSL_ST_OK;
683#ifndef OPENSSL_NO_TLSEXT
684 else if (s->tlsext_ticket_expected) 672 else if (s->tlsext_ticket_expected)
685 s->state = SSL3_ST_SW_SESSION_TICKET_A; 673 s->state = SSL3_ST_SW_SESSION_TICKET_A;
686#endif
687 else 674 else
688 s->state = SSL3_ST_SW_CHANGE_A; 675 s->state = SSL3_ST_SW_CHANGE_A;
689 s->init_num = 0; 676 s->init_num = 0;
690 break; 677 break;
691 678
692#ifndef OPENSSL_NO_TLSEXT
693 case SSL3_ST_SW_SESSION_TICKET_A: 679 case SSL3_ST_SW_SESSION_TICKET_A:
694 case SSL3_ST_SW_SESSION_TICKET_B: 680 case SSL3_ST_SW_SESSION_TICKET_B:
695 ret = dtls1_send_newsession_ticket(s); 681 ret = dtls1_send_newsession_ticket(s);
@@ -708,7 +694,6 @@ dtls1_accept(SSL *s)
708 s->init_num = 0; 694 s->init_num = 0;
709 break; 695 break;
710 696
711#endif
712 697
713 case SSL3_ST_SW_CHANGE_A: 698 case SSL3_ST_SW_CHANGE_A:
714 case SSL3_ST_SW_CHANGE_B: 699 case SSL3_ST_SW_CHANGE_B:
@@ -971,12 +956,10 @@ dtls1_send_server_hello(SSL *s)
971 *(p++) = s->s3->tmp.new_compression->id; 956 *(p++) = s->s3->tmp.new_compression->id;
972#endif 957#endif
973 958
974#ifndef OPENSSL_NO_TLSEXT
975 if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { 959 if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
976 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); 960 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
977 return -1; 961 return -1;
978 } 962 }
979#endif
980 963
981 /* do the header */ 964 /* do the header */
982 l = (p - d); 965 l = (p - d);
@@ -1532,7 +1515,6 @@ dtls1_send_server_certificate(SSL *s)
1532 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); 1515 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1533} 1516}
1534 1517
1535#ifndef OPENSSL_NO_TLSEXT
1536int 1518int
1537dtls1_send_newsession_ticket(SSL *s) 1519dtls1_send_newsession_ticket(SSL *s)
1538{ 1520{
@@ -1638,4 +1620,3 @@ dtls1_send_newsession_ticket(SSL *s)
1638 /* SSL3_ST_SW_SESSION_TICKET_B */ 1620 /* SSL3_ST_SW_SESSION_TICKET_B */
1639 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); 1621 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1640} 1622}
1641#endif
diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c
index 5361d5bea8..16c30c083a 100644
--- a/src/lib/libssl/src/ssl/s23_clnt.c
+++ b/src/lib/libssl/src/ssl/s23_clnt.c
@@ -431,7 +431,6 @@ ssl23_client_hello(SSL *s)
431 /* Add the NULL method */ 431 /* Add the NULL method */
432 *(p++) = 0; 432 *(p++) = 0;
433 433
434#ifndef OPENSSL_NO_TLSEXT
435 /* TLS extensions*/ 434 /* TLS extensions*/
436 if (ssl_prepare_clienthello_tlsext(s) <= 0) { 435 if (ssl_prepare_clienthello_tlsext(s) <= 0) {
437 SSLerr(SSL_F_SSL23_CLIENT_HELLO, 436 SSLerr(SSL_F_SSL23_CLIENT_HELLO,
@@ -443,7 +442,6 @@ ssl23_client_hello(SSL *s)
443 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 442 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
444 return -1; 443 return -1;
445 } 444 }
446#endif
447 445
448 l = p - d; 446 l = p - d;
449 447
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index bda14069c1..66a7ec0d38 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -316,12 +316,10 @@ ssl3_connect(SSL *s)
316 316
317 if (s->hit) { 317 if (s->hit) {
318 s->state = SSL3_ST_CR_FINISHED_A; 318 s->state = SSL3_ST_CR_FINISHED_A;
319#ifndef OPENSSL_NO_TLSEXT
320 if (s->tlsext_ticket_expected) { 319 if (s->tlsext_ticket_expected) {
321 /* receive renewed session ticket */ 320 /* receive renewed session ticket */
322 s->state = SSL3_ST_CR_SESSION_TICKET_A; 321 s->state = SSL3_ST_CR_SESSION_TICKET_A;
323 } 322 }
324#endif
325 } else 323 } else
326 s->state = SSL3_ST_CR_CERT_A; 324 s->state = SSL3_ST_CR_CERT_A;
327 s->init_num = 0; 325 s->init_num = 0;
@@ -329,7 +327,6 @@ ssl3_connect(SSL *s)
329 327
330 case SSL3_ST_CR_CERT_A: 328 case SSL3_ST_CR_CERT_A:
331 case SSL3_ST_CR_CERT_B: 329 case SSL3_ST_CR_CERT_B:
332#ifndef OPENSSL_NO_TLSEXT
333 ret = ssl3_check_finished(s); 330 ret = ssl3_check_finished(s);
334 if (ret <= 0) 331 if (ret <= 0)
335 goto end; 332 goto end;
@@ -342,7 +339,6 @@ ssl3_connect(SSL *s)
342 s->init_num = 0; 339 s->init_num = 0;
343 break; 340 break;
344 } 341 }
345#endif
346 /* Check if it is anon DH/ECDH or PSK */ 342 /* Check if it is anon DH/ECDH or PSK */
347 if (!(s->s3->tmp.new_cipher->algorithm_auth & 343 if (!(s->s3->tmp.new_cipher->algorithm_auth &
348 SSL_aNULL) && 344 SSL_aNULL) &&
@@ -351,7 +347,6 @@ ssl3_connect(SSL *s)
351 ret = ssl3_get_server_certificate(s); 347 ret = ssl3_get_server_certificate(s);
352 if (ret <= 0) 348 if (ret <= 0)
353 goto end; 349 goto end;
354#ifndef OPENSSL_NO_TLSEXT
355 if (s->tlsext_status_expected) 350 if (s->tlsext_status_expected)
356 s->state = SSL3_ST_CR_CERT_STATUS_A; 351 s->state = SSL3_ST_CR_CERT_STATUS_A;
357 else 352 else
@@ -360,12 +355,6 @@ ssl3_connect(SSL *s)
360 skip = 1; 355 skip = 1;
361 s->state = SSL3_ST_CR_KEY_EXCH_A; 356 s->state = SSL3_ST_CR_KEY_EXCH_A;
362 } 357 }
363#else
364 } else
365 skip = 1;
366
367 s->state = SSL3_ST_CR_KEY_EXCH_A;
368#endif
369 s->init_num = 0; 358 s->init_num = 0;
370 break; 359 break;
371 360
@@ -536,20 +525,17 @@ ssl3_connect(SSL *s)
536 s->s3->delay_buf_pop_ret = 0; 525 s->s3->delay_buf_pop_ret = 0;
537 } 526 }
538 } else { 527 } else {
539#ifndef OPENSSL_NO_TLSEXT
540 /* Allow NewSessionTicket if ticket expected */ 528 /* Allow NewSessionTicket if ticket expected */
541 if (s->tlsext_ticket_expected) 529 if (s->tlsext_ticket_expected)
542 s->s3->tmp.next_state = 530 s->s3->tmp.next_state =
543 SSL3_ST_CR_SESSION_TICKET_A; 531 SSL3_ST_CR_SESSION_TICKET_A;
544 else 532 else
545#endif
546 533
547 s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A; 534 s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
548 } 535 }
549 s->init_num = 0; 536 s->init_num = 0;
550 break; 537 break;
551 538
552#ifndef OPENSSL_NO_TLSEXT
553 case SSL3_ST_CR_SESSION_TICKET_A: 539 case SSL3_ST_CR_SESSION_TICKET_A:
554 case SSL3_ST_CR_SESSION_TICKET_B: 540 case SSL3_ST_CR_SESSION_TICKET_B:
555 ret = ssl3_get_new_session_ticket(s); 541 ret = ssl3_get_new_session_ticket(s);
@@ -567,7 +553,6 @@ ssl3_connect(SSL *s)
567 s->state = SSL3_ST_CR_KEY_EXCH_A; 553 s->state = SSL3_ST_CR_KEY_EXCH_A;
568 s->init_num = 0; 554 s->init_num = 0;
569 break; 555 break;
570#endif
571 556
572 case SSL3_ST_CR_FINISHED_A: 557 case SSL3_ST_CR_FINISHED_A:
573 case SSL3_ST_CR_FINISHED_B: 558 case SSL3_ST_CR_FINISHED_B:
@@ -681,11 +666,7 @@ ssl3_client_hello(SSL *s)
681 SSL_SESSION *sess = s->session; 666 SSL_SESSION *sess = s->session;
682 if ((sess == NULL) || 667 if ((sess == NULL) ||
683 (sess->ssl_version != s->version) || 668 (sess->ssl_version != s->version) ||
684#ifdef OPENSSL_NO_TLSEXT
685 !sess->session_id_length ||
686#else
687 (!sess->session_id_length && !sess->tlsext_tick) || 669 (!sess->session_id_length && !sess->tlsext_tick) ||
688#endif
689 (sess->not_resumable)) { 670 (sess->not_resumable)) {
690 if (!ssl_get_new_session(s, 0)) 671 if (!ssl_get_new_session(s, 0))
691 goto err; 672 goto err;
@@ -791,7 +772,6 @@ ssl3_client_hello(SSL *s)
791#endif 772#endif
792 *(p++) = 0; /* Add the NULL method */ 773 *(p++) = 0; /* Add the NULL method */
793 774
794#ifndef OPENSSL_NO_TLSEXT
795 /* TLS extensions*/ 775 /* TLS extensions*/
796 if (ssl_prepare_clienthello_tlsext(s) <= 0) { 776 if (ssl_prepare_clienthello_tlsext(s) <= 0) {
797 SSLerr(SSL_F_SSL3_CLIENT_HELLO, 777 SSLerr(SSL_F_SSL3_CLIENT_HELLO,
@@ -804,7 +784,6 @@ ssl3_client_hello(SSL *s)
804 ERR_R_INTERNAL_ERROR); 784 ERR_R_INTERNAL_ERROR);
805 goto err; 785 goto err;
806 } 786 }
807#endif
808 787
809 l = (p - d); 788 l = (p - d);
810 d = buf; 789 d = buf;
@@ -892,7 +871,6 @@ ssl3_get_server_hello(SSL *s)
892 goto f_err; 871 goto f_err;
893 } 872 }
894 873
895#ifndef OPENSSL_NO_TLSEXT
896 /* 874 /*
897 * Check if we want to resume the session based on external 875 * Check if we want to resume the session based on external
898 * pre-shared secret 876 * pre-shared secret
@@ -907,7 +885,6 @@ ssl3_get_server_hello(SSL *s)
907 pref_cipher : ssl_get_cipher_by_char(s, p + j); 885 pref_cipher : ssl_get_cipher_by_char(s, p + j);
908 } 886 }
909 } 887 }
910#endif /* OPENSSL_NO_TLSEXT */
911 888
912 if (j != 0 && j == s->session->session_id_length && 889 if (j != 0 && j == s->session->session_id_length &&
913 memcmp(p, s->session->session_id, j) == 0) { 890 memcmp(p, s->session->session_id, j) == 0) {
@@ -1033,7 +1010,6 @@ ssl3_get_server_hello(SSL *s)
1033 } 1010 }
1034#endif 1011#endif
1035 1012
1036#ifndef OPENSSL_NO_TLSEXT
1037 /* TLS extensions*/ 1013 /* TLS extensions*/
1038 if (s->version >= SSL3_VERSION) { 1014 if (s->version >= SSL3_VERSION) {
1039 if (!ssl_parse_serverhello_tlsext(s, &p, d, n, &al)) { 1015 if (!ssl_parse_serverhello_tlsext(s, &p, d, n, &al)) {
@@ -1049,7 +1025,6 @@ ssl3_get_server_hello(SSL *s)
1049 goto err; 1025 goto err;
1050 } 1026 }
1051 } 1027 }
1052#endif
1053 1028
1054 if (p != (d + n)) { 1029 if (p != (d + n)) {
1055 /* wrong packet length */ 1030 /* wrong packet length */
@@ -1876,7 +1851,6 @@ ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
1876 return (X509_NAME_cmp(*a, *b)); 1851 return (X509_NAME_cmp(*a, *b));
1877} 1852}
1878 1853
1879#ifndef OPENSSL_NO_TLSEXT
1880int 1854int
1881ssl3_get_new_session_ticket(SSL *s) 1855ssl3_get_new_session_ticket(SSL *s)
1882{ 1856{
@@ -2018,7 +1992,6 @@ f_err:
2018 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1992 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2019 return (-1); 1993 return (-1);
2020} 1994}
2021#endif
2022 1995
2023int 1996int
2024ssl3_get_server_done(SSL *s) 1997ssl3_get_server_done(SSL *s)
@@ -2930,7 +2903,6 @@ ssl3_send_next_proto(SSL *s)
2930 * session tickets we have to check the next message to be sure. 2903 * session tickets we have to check the next message to be sure.
2931 */ 2904 */
2932 2905
2933#ifndef OPENSSL_NO_TLSEXT
2934int 2906int
2935ssl3_check_finished(SSL *s) 2907ssl3_check_finished(SSL *s)
2936{ 2908{
@@ -2953,7 +2925,6 @@ ssl3_check_finished(SSL *s)
2953 2925
2954 return (1); 2926 return (1);
2955} 2927}
2956#endif
2957 2928
2958int 2929int
2959ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) 2930ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index 477c53b15b..72492a3332 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -151,11 +151,9 @@
151#include <stdio.h> 151#include <stdio.h>
152#include <openssl/objects.h> 152#include <openssl/objects.h>
153#include "ssl_locl.h" 153#include "ssl_locl.h"
154#ifndef OPENSSL_NO_TLSEXT
155#ifndef OPENSSL_NO_EC 154#ifndef OPENSSL_NO_EC
156#include "../crypto/ec/ec_lcl.h" 155#include "../crypto/ec/ec_lcl.h"
157#endif /* OPENSSL_NO_EC */ 156#endif /* OPENSSL_NO_EC */
158#endif /* OPENSSL_NO_TLSEXT */
159#include <openssl/md5.h> 157#include <openssl/md5.h>
160#include <openssl/dh.h> 158#include <openssl/dh.h>
161 159
@@ -2383,11 +2381,9 @@ ssl3_clear(SSL *s)
2383 EC_KEY_free(s->s3->tmp.ecdh); 2381 EC_KEY_free(s->s3->tmp.ecdh);
2384 s->s3->tmp.ecdh = NULL; 2382 s->s3->tmp.ecdh = NULL;
2385 } 2383 }
2386#ifndef OPENSSL_NO_TLSEXT
2387#ifndef OPENSSL_NO_EC 2384#ifndef OPENSSL_NO_EC
2388 s->s3->is_probably_safari = 0; 2385 s->s3->is_probably_safari = 0;
2389#endif /* !OPENSSL_NO_EC */ 2386#endif /* !OPENSSL_NO_EC */
2390#endif /* !OPENSSL_NO_TLSEXT */
2391 2387
2392 rp = s->s3->rbuf.buf; 2388 rp = s->s3->rbuf.buf;
2393 wp = s->s3->wbuf.buf; 2389 wp = s->s3->wbuf.buf;
@@ -2561,7 +2557,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2561 return (ret); 2557 return (ret);
2562 } 2558 }
2563 break; 2559 break;
2564#ifndef OPENSSL_NO_TLSEXT
2565 case SSL_CTRL_SET_TLSEXT_HOSTNAME: 2560 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2566 if (larg == TLSEXT_NAMETYPE_host_name) { 2561 if (larg == TLSEXT_NAMETYPE_host_name) {
2567 free(s->tlsext_hostname); 2562 free(s->tlsext_hostname);
@@ -2657,7 +2652,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2657 ret = 1; 2652 ret = 1;
2658 break; 2653 break;
2659 2654
2660#endif /* !OPENSSL_NO_TLSEXT */
2661 default: 2655 default:
2662 break; 2656 break;
2663 } 2657 }
@@ -2694,12 +2688,10 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
2694 (EC_KEY *(*)(SSL *, int, int))fp; 2688 (EC_KEY *(*)(SSL *, int, int))fp;
2695 } 2689 }
2696 break; 2690 break;
2697#ifndef OPENSSL_NO_TLSEXT
2698 case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 2691 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2699 s->tlsext_debug_cb = (void (*)(SSL *, int , int, 2692 s->tlsext_debug_cb = (void (*)(SSL *, int , int,
2700 unsigned char *, int, void *))fp; 2693 unsigned char *, int, void *))fp;
2701 break; 2694 break;
2702#endif
2703 default: 2695 default:
2704 break; 2696 break;
2705 } 2697 }
@@ -2824,7 +2816,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2824 return (0); 2816 return (0);
2825 } 2817 }
2826 break; 2818 break;
2827#ifndef OPENSSL_NO_TLSEXT
2828 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: 2819 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2829 ctx->tlsext_servername_arg = parg; 2820 ctx->tlsext_servername_arg = parg;
2830 break; 2821 break;
@@ -2865,7 +2856,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2865 return 1; 2856 return 1;
2866 break; 2857 break;
2867 2858
2868#endif /* !OPENSSL_NO_TLSEXT */
2869 2859
2870 /* A Thawte special :-) */ 2860 /* A Thawte special :-) */
2871 case SSL_CTRL_EXTRA_CHAIN_CERT: 2861 case SSL_CTRL_EXTRA_CHAIN_CERT:
@@ -2916,7 +2906,6 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2916 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 2906 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2917 } 2907 }
2918 break; 2908 break;
2919#ifndef OPENSSL_NO_TLSEXT
2920 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 2909 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2921 ctx->tlsext_servername_callback = 2910 ctx->tlsext_servername_callback =
2922 (int (*)(SSL *, int *, void *))fp; 2911 (int (*)(SSL *, int *, void *))fp;
@@ -2938,7 +2927,6 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2938 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; 2927 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
2939 break; 2928 break;
2940 2929
2941#endif
2942 default: 2930 default:
2943 return (0); 2931 return (0);
2944 } 2932 }
@@ -3043,7 +3031,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3043 ok = (alg_k & mask_k) && (alg_a & mask_a); 3031 ok = (alg_k & mask_k) && (alg_a & mask_a);
3044 } 3032 }
3045 3033
3046#ifndef OPENSSL_NO_TLSEXT
3047#ifndef OPENSSL_NO_EC 3034#ifndef OPENSSL_NO_EC
3048 if ( 3035 if (
3049 /* 3036 /*
@@ -3181,7 +3168,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3181 ok = ok && ec_ok; 3168 ok = ok && ec_ok;
3182 } 3169 }
3183#endif /* OPENSSL_NO_EC */ 3170#endif /* OPENSSL_NO_EC */
3184#endif /* OPENSSL_NO_TLSEXT */
3185 3171
3186 if (!ok) 3172 if (!ok)
3187 continue; 3173 continue;
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 120f92a9d3..4a6c3cb1e8 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -357,17 +357,12 @@ ssl3_accept(SSL *s)
357 ret = ssl3_send_server_hello(s); 357 ret = ssl3_send_server_hello(s);
358 if (ret <= 0) 358 if (ret <= 0)
359 goto end; 359 goto end;
360#ifndef OPENSSL_NO_TLSEXT
361 if (s->hit) { 360 if (s->hit) {
362 if (s->tlsext_ticket_expected) 361 if (s->tlsext_ticket_expected)
363 s->state = SSL3_ST_SW_SESSION_TICKET_A; 362 s->state = SSL3_ST_SW_SESSION_TICKET_A;
364 else 363 else
365 s->state = SSL3_ST_SW_CHANGE_A; 364 s->state = SSL3_ST_SW_CHANGE_A;
366 } 365 }
367#else
368 if (s->hit)
369 s->state = SSL3_ST_SW_CHANGE_A;
370#endif
371 else 366 else
372 s->state = SSL3_ST_SW_CERT_A; 367 s->state = SSL3_ST_SW_CERT_A;
373 s->init_num = 0; 368 s->init_num = 0;
@@ -385,7 +380,6 @@ ssl3_accept(SSL *s)
385 ret = ssl3_send_server_certificate(s); 380 ret = ssl3_send_server_certificate(s);
386 if (ret <= 0) 381 if (ret <= 0)
387 goto end; 382 goto end;
388#ifndef OPENSSL_NO_TLSEXT
389 if (s->tlsext_status_expected) 383 if (s->tlsext_status_expected)
390 s->state = SSL3_ST_SW_CERT_STATUS_A; 384 s->state = SSL3_ST_SW_CERT_STATUS_A;
391 else 385 else
@@ -394,12 +388,6 @@ ssl3_accept(SSL *s)
394 skip = 1; 388 skip = 1;
395 s->state = SSL3_ST_SW_KEY_EXCH_A; 389 s->state = SSL3_ST_SW_KEY_EXCH_A;
396 } 390 }
397#else
398 } else
399 skip = 1;
400
401 s->state = SSL3_ST_SW_KEY_EXCH_A;
402#endif
403 s->init_num = 0; 391 s->init_num = 0;
404 break; 392 break;
405 393
@@ -683,16 +671,13 @@ ssl3_accept(SSL *s)
683 goto end; 671 goto end;
684 if (s->hit) 672 if (s->hit)
685 s->state = SSL_ST_OK; 673 s->state = SSL_ST_OK;
686#ifndef OPENSSL_NO_TLSEXT
687 else if (s->tlsext_ticket_expected) 674 else if (s->tlsext_ticket_expected)
688 s->state = SSL3_ST_SW_SESSION_TICKET_A; 675 s->state = SSL3_ST_SW_SESSION_TICKET_A;
689#endif
690 else 676 else
691 s->state = SSL3_ST_SW_CHANGE_A; 677 s->state = SSL3_ST_SW_CHANGE_A;
692 s->init_num = 0; 678 s->init_num = 0;
693 break; 679 break;
694 680
695#ifndef OPENSSL_NO_TLSEXT
696 case SSL3_ST_SW_SESSION_TICKET_A: 681 case SSL3_ST_SW_SESSION_TICKET_A:
697 case SSL3_ST_SW_SESSION_TICKET_B: 682 case SSL3_ST_SW_SESSION_TICKET_B:
698 ret = ssl3_send_newsession_ticket(s); 683 ret = ssl3_send_newsession_ticket(s);
@@ -711,7 +696,6 @@ ssl3_accept(SSL *s)
711 s->init_num = 0; 696 s->init_num = 0;
712 break; 697 break;
713 698
714#endif
715 699
716 case SSL3_ST_SW_CHANGE_A: 700 case SSL3_ST_SW_CHANGE_A:
717 case SSL3_ST_SW_CHANGE_B: 701 case SSL3_ST_SW_CHANGE_B:
@@ -1123,7 +1107,6 @@ ssl3_get_client_hello(SSL *s)
1123 goto f_err; 1107 goto f_err;
1124 } 1108 }
1125 1109
1126#ifndef OPENSSL_NO_TLSEXT
1127 /* TLS extensions*/ 1110 /* TLS extensions*/
1128 if (s->version >= SSL3_VERSION) { 1111 if (s->version >= SSL3_VERSION) {
1129 if (!ssl_parse_clienthello_tlsext(s, &p, d, n, &al)) { 1112 if (!ssl_parse_clienthello_tlsext(s, &p, d, n, &al)) {
@@ -1191,7 +1174,6 @@ ssl3_get_client_hello(SSL *s)
1191 sk_SSL_CIPHER_dup(s->session->ciphers); 1174 sk_SSL_CIPHER_dup(s->session->ciphers);
1192 } 1175 }
1193 } 1176 }
1194#endif
1195 1177
1196 /* 1178 /*
1197 * Worst case, we will use the NULL compression, but if we have other 1179 * Worst case, we will use the NULL compression, but if we have other
@@ -1381,11 +1363,6 @@ ssl3_send_server_hello(SSL *s)
1381 1363
1382 if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { 1364 if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
1383 buf = (unsigned char *)s->init_buf->data; 1365 buf = (unsigned char *)s->init_buf->data;
1384#ifdef OPENSSL_NO_TLSEXT
1385 p = s->s3->server_random;
1386 if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0)
1387 return (-1);
1388#endif
1389 /* Do the message type and length last */ 1366 /* Do the message type and length last */
1390 d = p= &(buf[4]); 1367 d = p= &(buf[4]);
1391 1368
@@ -1441,7 +1418,6 @@ ssl3_send_server_hello(SSL *s)
1441 else 1418 else
1442 *(p++) = s->s3->tmp.new_compression->id; 1419 *(p++) = s->s3->tmp.new_compression->id;
1443#endif 1420#endif
1444#ifndef OPENSSL_NO_TLSEXT
1445 if (ssl_prepare_serverhello_tlsext(s) <= 0) { 1421 if (ssl_prepare_serverhello_tlsext(s) <= 0) {
1446 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, 1422 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
1447 SSL_R_SERVERHELLO_TLSEXT); 1423 SSL_R_SERVERHELLO_TLSEXT);
@@ -1453,7 +1429,6 @@ ssl3_send_server_hello(SSL *s)
1453 ERR_R_INTERNAL_ERROR); 1429 ERR_R_INTERNAL_ERROR);
1454 return (-1); 1430 return (-1);
1455 } 1431 }
1456#endif
1457 /* do the header */ 1432 /* do the header */
1458 l = (p - d); 1433 l = (p - d);
1459 d = buf; 1434 d = buf;
@@ -2928,7 +2903,6 @@ ssl3_send_server_certificate(SSL *s)
2928 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); 2903 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
2929} 2904}
2930 2905
2931#ifndef OPENSSL_NO_TLSEXT
2932/* send a new session ticket (not necessarily for a new session) */ 2906/* send a new session ticket (not necessarily for a new session) */
2933int 2907int
2934ssl3_send_newsession_ticket(SSL *s) 2908ssl3_send_newsession_ticket(SSL *s)
@@ -3180,4 +3154,3 @@ ssl3_get_next_proto(SSL *s)
3180 return (1); 3154 return (1);
3181} 3155}
3182# endif 3156# endif
3183#endif
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index 45968ce16a..d6f875a797 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -504,7 +504,6 @@ struct ssl_session_st {
504 /* These are used to make removal of session-ids more 504 /* These are used to make removal of session-ids more
505 * efficient and to implement a maximum cache size. */ 505 * efficient and to implement a maximum cache size. */
506 struct ssl_session_st *prev, *next; 506 struct ssl_session_st *prev, *next;
507#ifndef OPENSSL_NO_TLSEXT
508 char *tlsext_hostname; 507 char *tlsext_hostname;
509#ifndef OPENSSL_NO_EC 508#ifndef OPENSSL_NO_EC
510 size_t tlsext_ecpointformatlist_length; 509 size_t tlsext_ecpointformatlist_length;
@@ -516,7 +515,6 @@ struct ssl_session_st {
516 unsigned char *tlsext_tick; /* Session ticket */ 515 unsigned char *tlsext_tick; /* Session ticket */
517 size_t tlsext_ticklen; /* Session ticket length */ 516 size_t tlsext_ticklen; /* Session ticket length */
518 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ 517 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
519#endif
520}; 518};
521 519
522#endif 520#endif
@@ -841,7 +839,6 @@ struct ssl_ctx_st {
841 ENGINE *client_cert_engine; 839 ENGINE *client_cert_engine;
842#endif 840#endif
843 841
844#ifndef OPENSSL_NO_TLSEXT
845 /* TLS extensions servername callback */ 842 /* TLS extensions servername callback */
846 int (*tlsext_servername_callback)(SSL*, int *, void *); 843 int (*tlsext_servername_callback)(SSL*, int *, void *);
847 void *tlsext_servername_arg; 844 void *tlsext_servername_arg;
@@ -862,7 +859,6 @@ struct ssl_ctx_st {
862 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, 859 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput,
863 size_t len, void *arg); 860 size_t len, void *arg);
864 void *tlsext_opaque_prf_input_callback_arg; 861 void *tlsext_opaque_prf_input_callback_arg;
865#endif
866 862
867#ifndef OPENSSL_NO_PSK 863#ifndef OPENSSL_NO_PSK
868 char *psk_identity_hint; 864 char *psk_identity_hint;
@@ -874,7 +870,6 @@ struct ssl_ctx_st {
874#endif 870#endif
875 871
876 872
877#ifndef OPENSSL_NO_TLSEXT
878 873
879# ifndef OPENSSL_NO_NEXTPROTONEG 874# ifndef OPENSSL_NO_NEXTPROTONEG
880 /* Next protocol negotiation information */ 875 /* Next protocol negotiation information */
@@ -895,7 +890,6 @@ struct ssl_ctx_st {
895 /* SRTP profiles we are willing to do from RFC 5764 */ 890 /* SRTP profiles we are willing to do from RFC 5764 */
896 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; 891 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
897 892
898#endif
899}; 893};
900 894
901#endif 895#endif
@@ -1186,7 +1180,6 @@ struct ssl_st {
1186 int client_version; /* what was passed, used for 1180 int client_version; /* what was passed, used for
1187 * SSLv3/TLS rollback check */ 1181 * SSLv3/TLS rollback check */
1188 unsigned int max_send_fragment; 1182 unsigned int max_send_fragment;
1189#ifndef OPENSSL_NO_TLSEXT
1190 /* TLS extension debug callback */ 1183 /* TLS extension debug callback */
1191 void (*tlsext_debug_cb)(SSL *s, int client_server, int type, 1184 void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
1192 unsigned char *data, int len, void *arg); 1185 unsigned char *data, int len, void *arg);
@@ -1259,9 +1252,6 @@ struct ssl_st {
1259 */ 1252 */
1260 unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */ 1253 unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
1261 unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */ 1254 unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */
1262#else
1263#define session_ctx ctx
1264#endif /* OPENSSL_NO_TLSEXT */
1265 1255
1266 int renegotiate;/* 1 if we are renegotiating. 1256 int renegotiate;/* 1 if we are renegotiating.
1267 * 2 if we are a server and are inside a handshake 1257 * 2 if we are a server and are inside a handshake
@@ -1467,7 +1457,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1467#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 1457#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52
1468 1458
1469/* see tls1.h for macros based on these */ 1459/* see tls1.h for macros based on these */
1470#ifndef OPENSSL_NO_TLSEXT
1471#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 1460#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
1472#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 1461#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
1473#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 1462#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
@@ -1498,7 +1487,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1498#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 1487#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79
1499#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 1488#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80
1500#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 1489#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81
1501#endif
1502 1490
1503#define DTLS_CTRL_GET_TIMEOUT 73 1491#define DTLS_CTRL_GET_TIMEOUT 73
1504#define DTLS_CTRL_HANDLE_TIMEOUT 74 1492#define DTLS_CTRL_HANDLE_TIMEOUT 74
diff --git a/src/lib/libssl/src/ssl/ssl3.h b/src/lib/libssl/src/ssl/ssl3.h
index 8633dae521..c264422a36 100644
--- a/src/lib/libssl/src/ssl/ssl3.h
+++ b/src/lib/libssl/src/ssl/ssl3.h
@@ -519,14 +519,12 @@ typedef struct ssl3_state_st {
519 int next_proto_neg_seen; 519 int next_proto_neg_seen;
520#endif 520#endif
521 521
522#ifndef OPENSSL_NO_TLSEXT
523#ifndef OPENSSL_NO_EC 522#ifndef OPENSSL_NO_EC
524 /* This is set to true if we believe that this is a version of Safari 523 /* This is set to true if we believe that this is a version of Safari
525 * running on OS X 10.6 or newer. We wish to know this because Safari 524 * running on OS X 10.6 or newer. We wish to know this because Safari
526 * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ 525 * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
527 char is_probably_safari; 526 char is_probably_safari;
528#endif /* !OPENSSL_NO_EC */ 527#endif /* !OPENSSL_NO_EC */
529#endif /* !OPENSSL_NO_TLSEXT */
530} SSL3_STATE; 528} SSL3_STATE;
531 529
532#endif 530#endif
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c
index 566590f171..b0da6f4bdb 100644
--- a/src/lib/libssl/src/ssl/ssl_asn1.c
+++ b/src/lib/libssl/src/ssl/ssl_asn1.c
@@ -100,11 +100,9 @@ typedef struct ssl_session_asn1_st {
100 ASN1_INTEGER time; 100 ASN1_INTEGER time;
101 ASN1_INTEGER timeout; 101 ASN1_INTEGER timeout;
102 ASN1_INTEGER verify_result; 102 ASN1_INTEGER verify_result;
103#ifndef OPENSSL_NO_TLSEXT
104 ASN1_OCTET_STRING tlsext_hostname; 103 ASN1_OCTET_STRING tlsext_hostname;
105 ASN1_INTEGER tlsext_tick_lifetime; 104 ASN1_INTEGER tlsext_tick_lifetime;
106 ASN1_OCTET_STRING tlsext_tick; 105 ASN1_OCTET_STRING tlsext_tick;
107#endif /* OPENSSL_NO_TLSEXT */
108#ifndef OPENSSL_NO_PSK 106#ifndef OPENSSL_NO_PSK
109 ASN1_OCTET_STRING psk_identity_hint; 107 ASN1_OCTET_STRING psk_identity_hint;
110 ASN1_OCTET_STRING psk_identity; 108 ASN1_OCTET_STRING psk_identity;
@@ -118,10 +116,8 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
118 int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v7 = 0, v8 = 0; 116 int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v7 = 0, v8 = 0;
119 unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2]; 117 unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2];
120 unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2]; 118 unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
121#ifndef OPENSSL_NO_TLSEXT
122 int v6 = 0, v9 = 0, v10 = 0; 119 int v6 = 0, v9 = 0, v10 = 0;
123 unsigned char ibuf6[LSIZE2]; 120 unsigned char ibuf6[LSIZE2];
124#endif
125#ifndef OPENSSL_NO_COMP 121#ifndef OPENSSL_NO_COMP
126 unsigned char cbuf; 122 unsigned char cbuf;
127 int v11 = 0; 123 int v11 = 0;
@@ -202,7 +198,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
202 ASN1_INTEGER_set(&a.verify_result, in->verify_result); 198 ASN1_INTEGER_set(&a.verify_result, in->verify_result);
203 } 199 }
204 200
205#ifndef OPENSSL_NO_TLSEXT
206 if (in->tlsext_hostname) { 201 if (in->tlsext_hostname) {
207 a.tlsext_hostname.length = strlen(in->tlsext_hostname); 202 a.tlsext_hostname.length = strlen(in->tlsext_hostname);
208 a.tlsext_hostname.type = V_ASN1_OCTET_STRING; 203 a.tlsext_hostname.type = V_ASN1_OCTET_STRING;
@@ -219,7 +214,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
219 a.tlsext_tick_lifetime.data = ibuf6; 214 a.tlsext_tick_lifetime.data = ibuf6;
220 ASN1_INTEGER_set(&a.tlsext_tick_lifetime, in->tlsext_tick_lifetime_hint); 215 ASN1_INTEGER_set(&a.tlsext_tick_lifetime, in->tlsext_tick_lifetime_hint);
221 } 216 }
222#endif /* OPENSSL_NO_TLSEXT */
223#ifndef OPENSSL_NO_PSK 217#ifndef OPENSSL_NO_PSK
224 if (in->psk_identity_hint) { 218 if (in->psk_identity_hint) {
225 a.psk_identity_hint.length = strlen(in->psk_identity_hint); 219 a.psk_identity_hint.length = strlen(in->psk_identity_hint);
@@ -248,7 +242,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
248 if (in->verify_result != X509_V_OK) 242 if (in->verify_result != X509_V_OK)
249 M_ASN1_I2D_len_EXP_opt(&(a.verify_result), i2d_ASN1_INTEGER, 5, v5); 243 M_ASN1_I2D_len_EXP_opt(&(a.verify_result), i2d_ASN1_INTEGER, 5, v5);
250 244
251#ifndef OPENSSL_NO_TLSEXT
252 if (in->tlsext_tick_lifetime_hint > 0) 245 if (in->tlsext_tick_lifetime_hint > 0)
253 M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9); 246 M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9);
254 if (in->tlsext_tick) 247 if (in->tlsext_tick)
@@ -259,7 +252,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
259 if (in->compress_meth) 252 if (in->compress_meth)
260 M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11); 253 M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11);
261#endif 254#endif
262#endif /* OPENSSL_NO_TLSEXT */
263#ifndef OPENSSL_NO_PSK 255#ifndef OPENSSL_NO_PSK
264 if (in->psk_identity_hint) 256 if (in->psk_identity_hint)
265 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7); 257 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7);
@@ -284,22 +276,18 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
284 v4); 276 v4);
285 if (in->verify_result != X509_V_OK) 277 if (in->verify_result != X509_V_OK)
286 M_ASN1_I2D_put_EXP_opt(&a.verify_result, i2d_ASN1_INTEGER, 5, v5); 278 M_ASN1_I2D_put_EXP_opt(&a.verify_result, i2d_ASN1_INTEGER, 5, v5);
287#ifndef OPENSSL_NO_TLSEXT
288 if (in->tlsext_hostname) 279 if (in->tlsext_hostname)
289 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6); 280 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6);
290#endif /* OPENSSL_NO_TLSEXT */
291#ifndef OPENSSL_NO_PSK 281#ifndef OPENSSL_NO_PSK
292 if (in->psk_identity_hint) 282 if (in->psk_identity_hint)
293 M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7); 283 M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7);
294 if (in->psk_identity) 284 if (in->psk_identity)
295 M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8, v8); 285 M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8, v8);
296#endif /* OPENSSL_NO_PSK */ 286#endif /* OPENSSL_NO_PSK */
297#ifndef OPENSSL_NO_TLSEXT
298 if (in->tlsext_tick_lifetime_hint > 0) 287 if (in->tlsext_tick_lifetime_hint > 0)
299 M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9); 288 M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9);
300 if (in->tlsext_tick) 289 if (in->tlsext_tick)
301 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10); 290 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10);
302#endif /* OPENSSL_NO_TLSEXT */
303#ifndef OPENSSL_NO_COMP 291#ifndef OPENSSL_NO_COMP
304 if (in->compress_meth) 292 if (in->compress_meth)
305 M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11); 293 M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11);
@@ -436,7 +424,6 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
436 } else 424 } else
437 ret->verify_result = X509_V_OK; 425 ret->verify_result = X509_V_OK;
438 426
439#ifndef OPENSSL_NO_TLSEXT
440 os.length = 0; 427 os.length = 0;
441 os.data = NULL; 428 os.data = NULL;
442 M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 6); 429 M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 6);
@@ -447,7 +434,6 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
447 os.length = 0; 434 os.length = 0;
448 } else 435 } else
449 ret->tlsext_hostname = NULL; 436 ret->tlsext_hostname = NULL;
450#endif /* OPENSSL_NO_TLSEXT */
451 437
452#ifndef OPENSSL_NO_PSK 438#ifndef OPENSSL_NO_PSK
453 os.length = 0; 439 os.length = 0;
@@ -473,7 +459,6 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
473 ret->psk_identity = NULL; 459 ret->psk_identity = NULL;
474#endif /* OPENSSL_NO_PSK */ 460#endif /* OPENSSL_NO_PSK */
475 461
476#ifndef OPENSSL_NO_TLSEXT
477 ai.length = 0; 462 ai.length = 0;
478 M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 9); 463 M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 9);
479 if (ai.data != NULL) { 464 if (ai.data != NULL) {
@@ -495,7 +480,6 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
495 os.length = 0; 480 os.length = 0;
496 } else 481 } else
497 ret->tlsext_tick = NULL; 482 ret->tlsext_tick = NULL;
498#endif /* OPENSSL_NO_TLSEXT */
499#ifndef OPENSSL_NO_COMP 483#ifndef OPENSSL_NO_COMP
500 os.length = 0; 484 os.length = 0;
501 os.data = NULL; 485 os.data = NULL;
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index 94792c6d51..262b5a2130 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -322,7 +322,6 @@ SSL_new(SSL_CTX *ctx)
322 322
323 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 323 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
324 s->ctx = ctx; 324 s->ctx = ctx;
325#ifndef OPENSSL_NO_TLSEXT
326 s->tlsext_debug_cb = 0; 325 s->tlsext_debug_cb = 0;
327 s->tlsext_debug_arg = NULL; 326 s->tlsext_debug_arg = NULL;
328 s->tlsext_ticket_expected = 0; 327 s->tlsext_ticket_expected = 0;
@@ -337,7 +336,6 @@ SSL_new(SSL_CTX *ctx)
337# ifndef OPENSSL_NO_NEXTPROTONEG 336# ifndef OPENSSL_NO_NEXTPROTONEG
338 s->next_proto_negotiated = NULL; 337 s->next_proto_negotiated = NULL;
339# endif 338# endif
340#endif
341 339
342 s->verify_result = X509_V_OK; 340 s->verify_result = X509_V_OK;
343 341
@@ -535,7 +533,6 @@ SSL_free(SSL *s)
535 ssl_cert_free(s->cert); 533 ssl_cert_free(s->cert);
536 /* Free up if allocated */ 534 /* Free up if allocated */
537 535
538#ifndef OPENSSL_NO_TLSEXT
539 free(s->tlsext_hostname); 536 free(s->tlsext_hostname);
540 if (s->initial_ctx) 537 if (s->initial_ctx)
541 SSL_CTX_free(s->initial_ctx); 538 SSL_CTX_free(s->initial_ctx);
@@ -550,7 +547,6 @@ SSL_free(SSL *s)
550 if (s->tlsext_ocsp_ids) 547 if (s->tlsext_ocsp_ids)
551 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); 548 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
552 free(s->tlsext_ocsp_resp); 549 free(s->tlsext_ocsp_resp);
553#endif
554 550
555 if (s->client_CA != NULL) 551 if (s->client_CA != NULL)
556 sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); 552 sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
@@ -1490,7 +1486,6 @@ err:
1490} 1486}
1491 1487
1492 1488
1493#ifndef OPENSSL_NO_TLSEXT
1494/* 1489/*
1495 * Return a servername extension value if provided in Client Hello, or NULL. 1490 * Return a servername extension value if provided in Client Hello, or NULL.
1496 * So far, only host_name types are defined (RFC 3546). 1491 * So far, only host_name types are defined (RFC 3546).
@@ -1648,7 +1643,6 @@ SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
1648 ctx->next_proto_select_cb_arg = arg; 1643 ctx->next_proto_select_cb_arg = arg;
1649} 1644}
1650# endif 1645# endif
1651#endif
1652 1646
1653int 1647int
1654SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, 1648SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
@@ -1808,7 +1802,6 @@ SSL_CTX_new(const SSL_METHOD *meth)
1808 1802
1809 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 1803 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1810 1804
1811#ifndef OPENSSL_NO_TLSEXT
1812 ret->tlsext_servername_callback = 0; 1805 ret->tlsext_servername_callback = 0;
1813 ret->tlsext_servername_arg = NULL; 1806 ret->tlsext_servername_arg = NULL;
1814 /* Setup RFC4507 ticket keys */ 1807 /* Setup RFC4507 ticket keys */
@@ -1824,7 +1817,6 @@ SSL_CTX_new(const SSL_METHOD *meth)
1824 ret->next_protos_advertised_cb = 0; 1817 ret->next_protos_advertised_cb = 0;
1825 ret->next_proto_select_cb = 0; 1818 ret->next_proto_select_cb = 0;
1826# endif 1819# endif
1827#endif
1828#ifndef OPENSSL_NO_PSK 1820#ifndef OPENSSL_NO_PSK
1829 ret->psk_identity_hint = NULL; 1821 ret->psk_identity_hint = NULL;
1830 ret->psk_client_callback = NULL; 1822 ret->psk_client_callback = NULL;
@@ -2842,10 +2834,8 @@ SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
2842{ 2834{
2843 if (ssl->ctx == ctx) 2835 if (ssl->ctx == ctx)
2844 return (ssl->ctx); 2836 return (ssl->ctx);
2845#ifndef OPENSSL_NO_TLSEXT
2846 if (ctx == NULL) 2837 if (ctx == NULL)
2847 ctx = ssl->initial_ctx; 2838 ctx = ssl->initial_ctx;
2848#endif
2849 if (ssl->cert != NULL) 2839 if (ssl->cert != NULL)
2850 ssl_cert_free(ssl->cert); 2840 ssl_cert_free(ssl->cert);
2851 ssl->cert = ssl_cert_dup(ctx->cert); 2841 ssl->cert = ssl_cert_dup(ctx->cert);
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 208610dac1..ecf108d6a5 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -750,12 +750,10 @@ int ssl3_send_client_key_exchange(SSL *s);
750int ssl3_get_key_exchange(SSL *s); 750int ssl3_get_key_exchange(SSL *s);
751int ssl3_get_server_certificate(SSL *s); 751int ssl3_get_server_certificate(SSL *s);
752int ssl3_check_cert_and_algorithm(SSL *s); 752int ssl3_check_cert_and_algorithm(SSL *s);
753#ifndef OPENSSL_NO_TLSEXT
754int ssl3_check_finished(SSL *s); 753int ssl3_check_finished(SSL *s);
755# ifndef OPENSSL_NO_NEXTPROTONEG 754# ifndef OPENSSL_NO_NEXTPROTONEG
756int ssl3_send_next_proto(SSL *s); 755int ssl3_send_next_proto(SSL *s);
757# endif 756# endif
758#endif
759 757
760int dtls1_client_hello(SSL *s); 758int dtls1_client_hello(SSL *s);
761int dtls1_send_client_certificate(SSL *s); 759int dtls1_send_client_certificate(SSL *s);
@@ -837,7 +835,6 @@ int tls1_ec_curve_id2nid(int curve_id);
837int tls1_ec_nid2curve_id(int nid); 835int tls1_ec_nid2curve_id(int nid);
838#endif /* OPENSSL_NO_EC */ 836#endif /* OPENSSL_NO_EC */
839 837
840#ifndef OPENSSL_NO_TLSEXT
841unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, 838unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p,
842 unsigned char *limit); 839 unsigned char *limit);
843 840
@@ -863,7 +860,6 @@ int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
863int tls12_get_sigid(const EVP_PKEY *pk); 860int tls12_get_sigid(const EVP_PKEY *pk);
864const EVP_MD *tls12_get_hash(unsigned char hash_alg); 861const EVP_MD *tls12_get_hash(unsigned char hash_alg);
865 862
866#endif
867EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md); 863EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
868void ssl_clear_hash_ctx(EVP_MD_CTX **hash); 864void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
869int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, 865int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p,
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index 632d6a6860..de133a72ca 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -208,7 +208,6 @@ SSL_SESSION_new(void)
208 ss->prev = NULL; 208 ss->prev = NULL;
209 ss->next = NULL; 209 ss->next = NULL;
210 ss->compress_meth = 0; 210 ss->compress_meth = 0;
211#ifndef OPENSSL_NO_TLSEXT
212 ss->tlsext_hostname = NULL; 211 ss->tlsext_hostname = NULL;
213 212
214#ifndef OPENSSL_NO_EC 213#ifndef OPENSSL_NO_EC
@@ -217,7 +216,6 @@ SSL_SESSION_new(void)
217 ss->tlsext_ellipticcurvelist_length = 0; 216 ss->tlsext_ellipticcurvelist_length = 0;
218 ss->tlsext_ellipticcurvelist = NULL; 217 ss->tlsext_ellipticcurvelist = NULL;
219#endif 218#endif
220#endif
221 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); 219 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
222#ifndef OPENSSL_NO_PSK 220#ifndef OPENSSL_NO_PSK
223 ss->psk_identity_hint = NULL; 221 ss->psk_identity_hint = NULL;
@@ -313,13 +311,11 @@ ssl_get_new_session(SSL *s, int session)
313 SSL_SESSION_free(ss); 311 SSL_SESSION_free(ss);
314 return (0); 312 return (0);
315 } 313 }
316#ifndef OPENSSL_NO_TLSEXT
317 /* If RFC4507 ticket use empty session ID */ 314 /* If RFC4507 ticket use empty session ID */
318 if (s->tlsext_ticket_expected) { 315 if (s->tlsext_ticket_expected) {
319 ss->session_id_length = 0; 316 ss->session_id_length = 0;
320 goto sess_id_done; 317 goto sess_id_done;
321 } 318 }
322#endif
323 /* Choose which callback will set the session ID */ 319 /* Choose which callback will set the session ID */
324 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 320 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
325 if (s->generate_session_id) 321 if (s->generate_session_id)
@@ -354,7 +350,6 @@ ssl_get_new_session(SSL *s, int session)
354 SSL_SESSION_free(ss); 350 SSL_SESSION_free(ss);
355 return (0); 351 return (0);
356 } 352 }
357#ifndef OPENSSL_NO_TLSEXT
358 sess_id_done: 353 sess_id_done:
359 if (s->tlsext_hostname) { 354 if (s->tlsext_hostname) {
360 ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname); 355 ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
@@ -386,7 +381,6 @@ ssl_get_new_session(SSL *s, int session)
386 memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); 381 memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
387 } 382 }
388#endif 383#endif
389#endif
390 } else { 384 } else {
391 ss->session_id_length = 0; 385 ss->session_id_length = 0;
392 } 386 }
@@ -433,9 +427,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
433 SSL_SESSION *ret = NULL; 427 SSL_SESSION *ret = NULL;
434 int fatal = 0; 428 int fatal = 0;
435 int try_session_cache = 1; 429 int try_session_cache = 1;
436#ifndef OPENSSL_NO_TLSEXT
437 int r; 430 int r;
438#endif
439 431
440 if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) 432 if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
441 goto err; 433 goto err;
@@ -443,7 +435,6 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
443 if (len == 0) 435 if (len == 0)
444 try_session_cache = 0; 436 try_session_cache = 0;
445 437
446#ifndef OPENSSL_NO_TLSEXT
447 r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */ 438 r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */
448 switch (r) { 439 switch (r) {
449 case -1: /* Error during processing */ 440 case -1: /* Error during processing */
@@ -459,7 +450,6 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
459 default: 450 default:
460 abort(); 451 abort();
461 } 452 }
462#endif
463 453
464 if (try_session_cache && 454 if (try_session_cache &&
465 ret == NULL && 455 ret == NULL &&
@@ -570,13 +560,11 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
570 err: 560 err:
571 if (ret != NULL) { 561 if (ret != NULL) {
572 SSL_SESSION_free(ret); 562 SSL_SESSION_free(ret);
573#ifndef OPENSSL_NO_TLSEXT
574 if (!try_session_cache) { 563 if (!try_session_cache) {
575 /* The session was from a ticket, so we should 564 /* The session was from a ticket, so we should
576 * issue a ticket for the new session */ 565 * issue a ticket for the new session */
577 s->tlsext_ticket_expected = 1; 566 s->tlsext_ticket_expected = 1;
578 } 567 }
579#endif
580 } 568 }
581 if (fatal) 569 if (fatal)
582 return -1; 570 return -1;
@@ -701,7 +689,6 @@ SSL_SESSION_free(SSL_SESSION *ss)
701 X509_free(ss->peer); 689 X509_free(ss->peer);
702 if (ss->ciphers != NULL) 690 if (ss->ciphers != NULL)
703 sk_SSL_CIPHER_free(ss->ciphers); 691 sk_SSL_CIPHER_free(ss->ciphers);
704#ifndef OPENSSL_NO_TLSEXT
705 free(ss->tlsext_hostname); 692 free(ss->tlsext_hostname);
706 free(ss->tlsext_tick); 693 free(ss->tlsext_tick);
707#ifndef OPENSSL_NO_EC 694#ifndef OPENSSL_NO_EC
@@ -710,7 +697,6 @@ SSL_SESSION_free(SSL_SESSION *ss)
710 ss->tlsext_ellipticcurvelist_length = 0; 697 ss->tlsext_ellipticcurvelist_length = 0;
711 free(ss->tlsext_ellipticcurvelist); 698 free(ss->tlsext_ellipticcurvelist);
712#endif /* OPENSSL_NO_EC */ 699#endif /* OPENSSL_NO_EC */
713#endif
714#ifndef OPENSSL_NO_PSK 700#ifndef OPENSSL_NO_PSK
715 free(ss->psk_identity_hint); 701 free(ss->psk_identity_hint);
716 free(ss->psk_identity); 702 free(ss->psk_identity);
@@ -839,7 +825,6 @@ SSL_CTX_get_timeout(const SSL_CTX *s)
839 return (s->session_timeout); 825 return (s->session_timeout);
840} 826}
841 827
842#ifndef OPENSSL_NO_TLSEXT
843int 828int
844SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, 829SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len,
845 STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) 830 STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg)
@@ -887,7 +872,6 @@ SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
887 872
888 return 0; 873 return 0;
889} 874}
890#endif /* OPENSSL_NO_TLSEXT */
891 875
892typedef struct timeout_param_st { 876typedef struct timeout_param_st {
893 SSL_CTX *ctx; 877 SSL_CTX *ctx;
diff --git a/src/lib/libssl/src/ssl/ssl_txt.c b/src/lib/libssl/src/ssl/ssl_txt.c
index 43696db847..e58849deb5 100644
--- a/src/lib/libssl/src/ssl/ssl_txt.c
+++ b/src/lib/libssl/src/ssl/ssl_txt.c
@@ -169,7 +169,6 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
169 if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) 169 if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0)
170 goto err; 170 goto err;
171#endif 171#endif
172#ifndef OPENSSL_NO_TLSEXT
173 if (x->tlsext_tick_lifetime_hint) { 172 if (x->tlsext_tick_lifetime_hint) {
174 if (BIO_printf(bp, 173 if (BIO_printf(bp,
175 "\n TLS session ticket lifetime hint: %ld (seconds)", 174 "\n TLS session ticket lifetime hint: %ld (seconds)",
@@ -182,7 +181,6 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
182 if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) 181 if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0)
183 goto err; 182 goto err;
184 } 183 }
185#endif
186 184
187#ifndef OPENSSL_NO_COMP 185#ifndef OPENSSL_NO_COMP
188 if (x->compress_meth != 0) { 186 if (x->compress_meth != 0) {
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index 5ad69f5ce9..5d442558dd 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -119,11 +119,9 @@
119 119
120const char tls1_version_str[] = "TLSv1" OPENSSL_VERSION_PTEXT; 120const char tls1_version_str[] = "TLSv1" OPENSSL_VERSION_PTEXT;
121 121
122#ifndef OPENSSL_NO_TLSEXT
123static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, 122static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
124 const unsigned char *sess_id, int sesslen, 123 const unsigned char *sess_id, int sesslen,
125 SSL_SESSION **psess); 124 SSL_SESSION **psess);
126#endif
127 125
128SSL3_ENC_METHOD TLSv1_enc_data = { 126SSL3_ENC_METHOD TLSv1_enc_data = {
129 .enc = tls1_enc, 127 .enc = tls1_enc,
@@ -200,9 +198,7 @@ tls1_new(SSL *s)
200void 198void
201tls1_free(SSL *s) 199tls1_free(SSL *s)
202{ 200{
203#ifndef OPENSSL_NO_TLSEXT
204 free(s->tlsext_session_ticket); 201 free(s->tlsext_session_ticket);
205#endif /* OPENSSL_NO_TLSEXT */
206 ssl3_free(s); 202 ssl3_free(s);
207} 203}
208 204
@@ -354,7 +350,6 @@ tls1_ec_nid2curve_id(int nid)
354} 350}
355#endif /* OPENSSL_NO_EC */ 351#endif /* OPENSSL_NO_EC */
356 352
357#ifndef OPENSSL_NO_TLSEXT
358 353
359/* List of supported signature algorithms and hashes. Should make this 354/* List of supported signature algorithms and hashes. Should make this
360 * customisable at some point, for now include everything we support. 355 * customisable at some point, for now include everything we support.
@@ -2315,4 +2310,3 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
2315 return 1; 2310 return 1;
2316} 2311}
2317 2312
2318#endif
diff --git a/src/lib/libssl/src/ssl/tls1.h b/src/lib/libssl/src/ssl/tls1.h
index 400deca6d4..813bc97b31 100644
--- a/src/lib/libssl/src/ssl/tls1.h
+++ b/src/lib/libssl/src/ssl/tls1.h
@@ -274,7 +274,6 @@ extern "C" {
274#define TLSEXT_hash_sha384 5 274#define TLSEXT_hash_sha384 5
275#define TLSEXT_hash_sha512 6 275#define TLSEXT_hash_sha512 6
276 276
277#ifndef OPENSSL_NO_TLSEXT
278 277
279#define TLSEXT_MAXLEN_host_name 255 278#define TLSEXT_MAXLEN_host_name 255
280 279
@@ -353,7 +352,6 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
353#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ 352#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
354SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) 353SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
355 354
356#endif
357 355
358/* PSK ciphersuites from 4279 */ 356/* PSK ciphersuites from 4279 */
359#define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A 357#define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 45968ce16a..d6f875a797 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -504,7 +504,6 @@ struct ssl_session_st {
504 /* These are used to make removal of session-ids more 504 /* These are used to make removal of session-ids more
505 * efficient and to implement a maximum cache size. */ 505 * efficient and to implement a maximum cache size. */
506 struct ssl_session_st *prev, *next; 506 struct ssl_session_st *prev, *next;
507#ifndef OPENSSL_NO_TLSEXT
508 char *tlsext_hostname; 507 char *tlsext_hostname;
509#ifndef OPENSSL_NO_EC 508#ifndef OPENSSL_NO_EC
510 size_t tlsext_ecpointformatlist_length; 509 size_t tlsext_ecpointformatlist_length;
@@ -516,7 +515,6 @@ struct ssl_session_st {
516 unsigned char *tlsext_tick; /* Session ticket */ 515 unsigned char *tlsext_tick; /* Session ticket */
517 size_t tlsext_ticklen; /* Session ticket length */ 516 size_t tlsext_ticklen; /* Session ticket length */
518 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ 517 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
519#endif
520}; 518};
521 519
522#endif 520#endif
@@ -841,7 +839,6 @@ struct ssl_ctx_st {
841 ENGINE *client_cert_engine; 839 ENGINE *client_cert_engine;
842#endif 840#endif
843 841
844#ifndef OPENSSL_NO_TLSEXT
845 /* TLS extensions servername callback */ 842 /* TLS extensions servername callback */
846 int (*tlsext_servername_callback)(SSL*, int *, void *); 843 int (*tlsext_servername_callback)(SSL*, int *, void *);
847 void *tlsext_servername_arg; 844 void *tlsext_servername_arg;
@@ -862,7 +859,6 @@ struct ssl_ctx_st {
862 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, 859 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput,
863 size_t len, void *arg); 860 size_t len, void *arg);
864 void *tlsext_opaque_prf_input_callback_arg; 861 void *tlsext_opaque_prf_input_callback_arg;
865#endif
866 862
867#ifndef OPENSSL_NO_PSK 863#ifndef OPENSSL_NO_PSK
868 char *psk_identity_hint; 864 char *psk_identity_hint;
@@ -874,7 +870,6 @@ struct ssl_ctx_st {
874#endif 870#endif
875 871
876 872
877#ifndef OPENSSL_NO_TLSEXT
878 873
879# ifndef OPENSSL_NO_NEXTPROTONEG 874# ifndef OPENSSL_NO_NEXTPROTONEG
880 /* Next protocol negotiation information */ 875 /* Next protocol negotiation information */
@@ -895,7 +890,6 @@ struct ssl_ctx_st {
895 /* SRTP profiles we are willing to do from RFC 5764 */ 890 /* SRTP profiles we are willing to do from RFC 5764 */
896 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; 891 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
897 892
898#endif
899}; 893};
900 894
901#endif 895#endif
@@ -1186,7 +1180,6 @@ struct ssl_st {
1186 int client_version; /* what was passed, used for 1180 int client_version; /* what was passed, used for
1187 * SSLv3/TLS rollback check */ 1181 * SSLv3/TLS rollback check */
1188 unsigned int max_send_fragment; 1182 unsigned int max_send_fragment;
1189#ifndef OPENSSL_NO_TLSEXT
1190 /* TLS extension debug callback */ 1183 /* TLS extension debug callback */
1191 void (*tlsext_debug_cb)(SSL *s, int client_server, int type, 1184 void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
1192 unsigned char *data, int len, void *arg); 1185 unsigned char *data, int len, void *arg);
@@ -1259,9 +1252,6 @@ struct ssl_st {
1259 */ 1252 */
1260 unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */ 1253 unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
1261 unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */ 1254 unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */
1262#else
1263#define session_ctx ctx
1264#endif /* OPENSSL_NO_TLSEXT */
1265 1255
1266 int renegotiate;/* 1 if we are renegotiating. 1256 int renegotiate;/* 1 if we are renegotiating.
1267 * 2 if we are a server and are inside a handshake 1257 * 2 if we are a server and are inside a handshake
@@ -1467,7 +1457,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1467#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 1457#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52
1468 1458
1469/* see tls1.h for macros based on these */ 1459/* see tls1.h for macros based on these */
1470#ifndef OPENSSL_NO_TLSEXT
1471#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 1460#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
1472#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 1461#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
1473#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 1462#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
@@ -1498,7 +1487,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1498#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 1487#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79
1499#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 1488#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80
1500#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 1489#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81
1501#endif
1502 1490
1503#define DTLS_CTRL_GET_TIMEOUT 73 1491#define DTLS_CTRL_GET_TIMEOUT 73
1504#define DTLS_CTRL_HANDLE_TIMEOUT 74 1492#define DTLS_CTRL_HANDLE_TIMEOUT 74
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 8633dae521..c264422a36 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -519,14 +519,12 @@ typedef struct ssl3_state_st {
519 int next_proto_neg_seen; 519 int next_proto_neg_seen;
520#endif 520#endif
521 521
522#ifndef OPENSSL_NO_TLSEXT
523#ifndef OPENSSL_NO_EC 522#ifndef OPENSSL_NO_EC
524 /* This is set to true if we believe that this is a version of Safari 523 /* This is set to true if we believe that this is a version of Safari
525 * running on OS X 10.6 or newer. We wish to know this because Safari 524 * running on OS X 10.6 or newer. We wish to know this because Safari
526 * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ 525 * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
527 char is_probably_safari; 526 char is_probably_safari;
528#endif /* !OPENSSL_NO_EC */ 527#endif /* !OPENSSL_NO_EC */
529#endif /* !OPENSSL_NO_TLSEXT */
530} SSL3_STATE; 528} SSL3_STATE;
531 529
532#endif 530#endif
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index 566590f171..b0da6f4bdb 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -100,11 +100,9 @@ typedef struct ssl_session_asn1_st {
100 ASN1_INTEGER time; 100 ASN1_INTEGER time;
101 ASN1_INTEGER timeout; 101 ASN1_INTEGER timeout;
102 ASN1_INTEGER verify_result; 102 ASN1_INTEGER verify_result;
103#ifndef OPENSSL_NO_TLSEXT
104 ASN1_OCTET_STRING tlsext_hostname; 103 ASN1_OCTET_STRING tlsext_hostname;
105 ASN1_INTEGER tlsext_tick_lifetime; 104 ASN1_INTEGER tlsext_tick_lifetime;
106 ASN1_OCTET_STRING tlsext_tick; 105 ASN1_OCTET_STRING tlsext_tick;
107#endif /* OPENSSL_NO_TLSEXT */
108#ifndef OPENSSL_NO_PSK 106#ifndef OPENSSL_NO_PSK
109 ASN1_OCTET_STRING psk_identity_hint; 107 ASN1_OCTET_STRING psk_identity_hint;
110 ASN1_OCTET_STRING psk_identity; 108 ASN1_OCTET_STRING psk_identity;
@@ -118,10 +116,8 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
118 int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v7 = 0, v8 = 0; 116 int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v7 = 0, v8 = 0;
119 unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2]; 117 unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2];
120 unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2]; 118 unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
121#ifndef OPENSSL_NO_TLSEXT
122 int v6 = 0, v9 = 0, v10 = 0; 119 int v6 = 0, v9 = 0, v10 = 0;
123 unsigned char ibuf6[LSIZE2]; 120 unsigned char ibuf6[LSIZE2];
124#endif
125#ifndef OPENSSL_NO_COMP 121#ifndef OPENSSL_NO_COMP
126 unsigned char cbuf; 122 unsigned char cbuf;
127 int v11 = 0; 123 int v11 = 0;
@@ -202,7 +198,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
202 ASN1_INTEGER_set(&a.verify_result, in->verify_result); 198 ASN1_INTEGER_set(&a.verify_result, in->verify_result);
203 } 199 }
204 200
205#ifndef OPENSSL_NO_TLSEXT
206 if (in->tlsext_hostname) { 201 if (in->tlsext_hostname) {
207 a.tlsext_hostname.length = strlen(in->tlsext_hostname); 202 a.tlsext_hostname.length = strlen(in->tlsext_hostname);
208 a.tlsext_hostname.type = V_ASN1_OCTET_STRING; 203 a.tlsext_hostname.type = V_ASN1_OCTET_STRING;
@@ -219,7 +214,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
219 a.tlsext_tick_lifetime.data = ibuf6; 214 a.tlsext_tick_lifetime.data = ibuf6;
220 ASN1_INTEGER_set(&a.tlsext_tick_lifetime, in->tlsext_tick_lifetime_hint); 215 ASN1_INTEGER_set(&a.tlsext_tick_lifetime, in->tlsext_tick_lifetime_hint);
221 } 216 }
222#endif /* OPENSSL_NO_TLSEXT */
223#ifndef OPENSSL_NO_PSK 217#ifndef OPENSSL_NO_PSK
224 if (in->psk_identity_hint) { 218 if (in->psk_identity_hint) {
225 a.psk_identity_hint.length = strlen(in->psk_identity_hint); 219 a.psk_identity_hint.length = strlen(in->psk_identity_hint);
@@ -248,7 +242,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
248 if (in->verify_result != X509_V_OK) 242 if (in->verify_result != X509_V_OK)
249 M_ASN1_I2D_len_EXP_opt(&(a.verify_result), i2d_ASN1_INTEGER, 5, v5); 243 M_ASN1_I2D_len_EXP_opt(&(a.verify_result), i2d_ASN1_INTEGER, 5, v5);
250 244
251#ifndef OPENSSL_NO_TLSEXT
252 if (in->tlsext_tick_lifetime_hint > 0) 245 if (in->tlsext_tick_lifetime_hint > 0)
253 M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9); 246 M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9);
254 if (in->tlsext_tick) 247 if (in->tlsext_tick)
@@ -259,7 +252,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
259 if (in->compress_meth) 252 if (in->compress_meth)
260 M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11); 253 M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11);
261#endif 254#endif
262#endif /* OPENSSL_NO_TLSEXT */
263#ifndef OPENSSL_NO_PSK 255#ifndef OPENSSL_NO_PSK
264 if (in->psk_identity_hint) 256 if (in->psk_identity_hint)
265 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7); 257 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7);
@@ -284,22 +276,18 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
284 v4); 276 v4);
285 if (in->verify_result != X509_V_OK) 277 if (in->verify_result != X509_V_OK)
286 M_ASN1_I2D_put_EXP_opt(&a.verify_result, i2d_ASN1_INTEGER, 5, v5); 278 M_ASN1_I2D_put_EXP_opt(&a.verify_result, i2d_ASN1_INTEGER, 5, v5);
287#ifndef OPENSSL_NO_TLSEXT
288 if (in->tlsext_hostname) 279 if (in->tlsext_hostname)
289 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6); 280 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6);
290#endif /* OPENSSL_NO_TLSEXT */
291#ifndef OPENSSL_NO_PSK 281#ifndef OPENSSL_NO_PSK
292 if (in->psk_identity_hint) 282 if (in->psk_identity_hint)
293 M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7); 283 M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7);
294 if (in->psk_identity) 284 if (in->psk_identity)
295 M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8, v8); 285 M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8, v8);
296#endif /* OPENSSL_NO_PSK */ 286#endif /* OPENSSL_NO_PSK */
297#ifndef OPENSSL_NO_TLSEXT
298 if (in->tlsext_tick_lifetime_hint > 0) 287 if (in->tlsext_tick_lifetime_hint > 0)
299 M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9); 288 M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9);
300 if (in->tlsext_tick) 289 if (in->tlsext_tick)
301 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10); 290 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10);
302#endif /* OPENSSL_NO_TLSEXT */
303#ifndef OPENSSL_NO_COMP 291#ifndef OPENSSL_NO_COMP
304 if (in->compress_meth) 292 if (in->compress_meth)
305 M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11); 293 M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11);
@@ -436,7 +424,6 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
436 } else 424 } else
437 ret->verify_result = X509_V_OK; 425 ret->verify_result = X509_V_OK;
438 426
439#ifndef OPENSSL_NO_TLSEXT
440 os.length = 0; 427 os.length = 0;
441 os.data = NULL; 428 os.data = NULL;
442 M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 6); 429 M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 6);
@@ -447,7 +434,6 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
447 os.length = 0; 434 os.length = 0;
448 } else 435 } else
449 ret->tlsext_hostname = NULL; 436 ret->tlsext_hostname = NULL;
450#endif /* OPENSSL_NO_TLSEXT */
451 437
452#ifndef OPENSSL_NO_PSK 438#ifndef OPENSSL_NO_PSK
453 os.length = 0; 439 os.length = 0;
@@ -473,7 +459,6 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
473 ret->psk_identity = NULL; 459 ret->psk_identity = NULL;
474#endif /* OPENSSL_NO_PSK */ 460#endif /* OPENSSL_NO_PSK */
475 461
476#ifndef OPENSSL_NO_TLSEXT
477 ai.length = 0; 462 ai.length = 0;
478 M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 9); 463 M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 9);
479 if (ai.data != NULL) { 464 if (ai.data != NULL) {
@@ -495,7 +480,6 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
495 os.length = 0; 480 os.length = 0;
496 } else 481 } else
497 ret->tlsext_tick = NULL; 482 ret->tlsext_tick = NULL;
498#endif /* OPENSSL_NO_TLSEXT */
499#ifndef OPENSSL_NO_COMP 483#ifndef OPENSSL_NO_COMP
500 os.length = 0; 484 os.length = 0;
501 os.data = NULL; 485 os.data = NULL;
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 94792c6d51..262b5a2130 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -322,7 +322,6 @@ SSL_new(SSL_CTX *ctx)
322 322
323 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 323 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
324 s->ctx = ctx; 324 s->ctx = ctx;
325#ifndef OPENSSL_NO_TLSEXT
326 s->tlsext_debug_cb = 0; 325 s->tlsext_debug_cb = 0;
327 s->tlsext_debug_arg = NULL; 326 s->tlsext_debug_arg = NULL;
328 s->tlsext_ticket_expected = 0; 327 s->tlsext_ticket_expected = 0;
@@ -337,7 +336,6 @@ SSL_new(SSL_CTX *ctx)
337# ifndef OPENSSL_NO_NEXTPROTONEG 336# ifndef OPENSSL_NO_NEXTPROTONEG
338 s->next_proto_negotiated = NULL; 337 s->next_proto_negotiated = NULL;
339# endif 338# endif
340#endif
341 339
342 s->verify_result = X509_V_OK; 340 s->verify_result = X509_V_OK;
343 341
@@ -535,7 +533,6 @@ SSL_free(SSL *s)
535 ssl_cert_free(s->cert); 533 ssl_cert_free(s->cert);
536 /* Free up if allocated */ 534 /* Free up if allocated */
537 535
538#ifndef OPENSSL_NO_TLSEXT
539 free(s->tlsext_hostname); 536 free(s->tlsext_hostname);
540 if (s->initial_ctx) 537 if (s->initial_ctx)
541 SSL_CTX_free(s->initial_ctx); 538 SSL_CTX_free(s->initial_ctx);
@@ -550,7 +547,6 @@ SSL_free(SSL *s)
550 if (s->tlsext_ocsp_ids) 547 if (s->tlsext_ocsp_ids)
551 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); 548 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
552 free(s->tlsext_ocsp_resp); 549 free(s->tlsext_ocsp_resp);
553#endif
554 550
555 if (s->client_CA != NULL) 551 if (s->client_CA != NULL)
556 sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); 552 sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
@@ -1490,7 +1486,6 @@ err:
1490} 1486}
1491 1487
1492 1488
1493#ifndef OPENSSL_NO_TLSEXT
1494/* 1489/*
1495 * Return a servername extension value if provided in Client Hello, or NULL. 1490 * Return a servername extension value if provided in Client Hello, or NULL.
1496 * So far, only host_name types are defined (RFC 3546). 1491 * So far, only host_name types are defined (RFC 3546).
@@ -1648,7 +1643,6 @@ SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
1648 ctx->next_proto_select_cb_arg = arg; 1643 ctx->next_proto_select_cb_arg = arg;
1649} 1644}
1650# endif 1645# endif
1651#endif
1652 1646
1653int 1647int
1654SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, 1648SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
@@ -1808,7 +1802,6 @@ SSL_CTX_new(const SSL_METHOD *meth)
1808 1802
1809 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 1803 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1810 1804
1811#ifndef OPENSSL_NO_TLSEXT
1812 ret->tlsext_servername_callback = 0; 1805 ret->tlsext_servername_callback = 0;
1813 ret->tlsext_servername_arg = NULL; 1806 ret->tlsext_servername_arg = NULL;
1814 /* Setup RFC4507 ticket keys */ 1807 /* Setup RFC4507 ticket keys */
@@ -1824,7 +1817,6 @@ SSL_CTX_new(const SSL_METHOD *meth)
1824 ret->next_protos_advertised_cb = 0; 1817 ret->next_protos_advertised_cb = 0;
1825 ret->next_proto_select_cb = 0; 1818 ret->next_proto_select_cb = 0;
1826# endif 1819# endif
1827#endif
1828#ifndef OPENSSL_NO_PSK 1820#ifndef OPENSSL_NO_PSK
1829 ret->psk_identity_hint = NULL; 1821 ret->psk_identity_hint = NULL;
1830 ret->psk_client_callback = NULL; 1822 ret->psk_client_callback = NULL;
@@ -2842,10 +2834,8 @@ SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
2842{ 2834{
2843 if (ssl->ctx == ctx) 2835 if (ssl->ctx == ctx)
2844 return (ssl->ctx); 2836 return (ssl->ctx);
2845#ifndef OPENSSL_NO_TLSEXT
2846 if (ctx == NULL) 2837 if (ctx == NULL)
2847 ctx = ssl->initial_ctx; 2838 ctx = ssl->initial_ctx;
2848#endif
2849 if (ssl->cert != NULL) 2839 if (ssl->cert != NULL)
2850 ssl_cert_free(ssl->cert); 2840 ssl_cert_free(ssl->cert);
2851 ssl->cert = ssl_cert_dup(ctx->cert); 2841 ssl->cert = ssl_cert_dup(ctx->cert);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 208610dac1..ecf108d6a5 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -750,12 +750,10 @@ int ssl3_send_client_key_exchange(SSL *s);
750int ssl3_get_key_exchange(SSL *s); 750int ssl3_get_key_exchange(SSL *s);
751int ssl3_get_server_certificate(SSL *s); 751int ssl3_get_server_certificate(SSL *s);
752int ssl3_check_cert_and_algorithm(SSL *s); 752int ssl3_check_cert_and_algorithm(SSL *s);
753#ifndef OPENSSL_NO_TLSEXT
754int ssl3_check_finished(SSL *s); 753int ssl3_check_finished(SSL *s);
755# ifndef OPENSSL_NO_NEXTPROTONEG 754# ifndef OPENSSL_NO_NEXTPROTONEG
756int ssl3_send_next_proto(SSL *s); 755int ssl3_send_next_proto(SSL *s);
757# endif 756# endif
758#endif
759 757
760int dtls1_client_hello(SSL *s); 758int dtls1_client_hello(SSL *s);
761int dtls1_send_client_certificate(SSL *s); 759int dtls1_send_client_certificate(SSL *s);
@@ -837,7 +835,6 @@ int tls1_ec_curve_id2nid(int curve_id);
837int tls1_ec_nid2curve_id(int nid); 835int tls1_ec_nid2curve_id(int nid);
838#endif /* OPENSSL_NO_EC */ 836#endif /* OPENSSL_NO_EC */
839 837
840#ifndef OPENSSL_NO_TLSEXT
841unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, 838unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p,
842 unsigned char *limit); 839 unsigned char *limit);
843 840
@@ -863,7 +860,6 @@ int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
863int tls12_get_sigid(const EVP_PKEY *pk); 860int tls12_get_sigid(const EVP_PKEY *pk);
864const EVP_MD *tls12_get_hash(unsigned char hash_alg); 861const EVP_MD *tls12_get_hash(unsigned char hash_alg);
865 862
866#endif
867EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md); 863EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
868void ssl_clear_hash_ctx(EVP_MD_CTX **hash); 864void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
869int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, 865int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p,
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 632d6a6860..de133a72ca 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -208,7 +208,6 @@ SSL_SESSION_new(void)
208 ss->prev = NULL; 208 ss->prev = NULL;
209 ss->next = NULL; 209 ss->next = NULL;
210 ss->compress_meth = 0; 210 ss->compress_meth = 0;
211#ifndef OPENSSL_NO_TLSEXT
212 ss->tlsext_hostname = NULL; 211 ss->tlsext_hostname = NULL;
213 212
214#ifndef OPENSSL_NO_EC 213#ifndef OPENSSL_NO_EC
@@ -217,7 +216,6 @@ SSL_SESSION_new(void)
217 ss->tlsext_ellipticcurvelist_length = 0; 216 ss->tlsext_ellipticcurvelist_length = 0;
218 ss->tlsext_ellipticcurvelist = NULL; 217 ss->tlsext_ellipticcurvelist = NULL;
219#endif 218#endif
220#endif
221 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); 219 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
222#ifndef OPENSSL_NO_PSK 220#ifndef OPENSSL_NO_PSK
223 ss->psk_identity_hint = NULL; 221 ss->psk_identity_hint = NULL;
@@ -313,13 +311,11 @@ ssl_get_new_session(SSL *s, int session)
313 SSL_SESSION_free(ss); 311 SSL_SESSION_free(ss);
314 return (0); 312 return (0);
315 } 313 }
316#ifndef OPENSSL_NO_TLSEXT
317 /* If RFC4507 ticket use empty session ID */ 314 /* If RFC4507 ticket use empty session ID */
318 if (s->tlsext_ticket_expected) { 315 if (s->tlsext_ticket_expected) {
319 ss->session_id_length = 0; 316 ss->session_id_length = 0;
320 goto sess_id_done; 317 goto sess_id_done;
321 } 318 }
322#endif
323 /* Choose which callback will set the session ID */ 319 /* Choose which callback will set the session ID */
324 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 320 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
325 if (s->generate_session_id) 321 if (s->generate_session_id)
@@ -354,7 +350,6 @@ ssl_get_new_session(SSL *s, int session)
354 SSL_SESSION_free(ss); 350 SSL_SESSION_free(ss);
355 return (0); 351 return (0);
356 } 352 }
357#ifndef OPENSSL_NO_TLSEXT
358 sess_id_done: 353 sess_id_done:
359 if (s->tlsext_hostname) { 354 if (s->tlsext_hostname) {
360 ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname); 355 ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
@@ -386,7 +381,6 @@ ssl_get_new_session(SSL *s, int session)
386 memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); 381 memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
387 } 382 }
388#endif 383#endif
389#endif
390 } else { 384 } else {
391 ss->session_id_length = 0; 385 ss->session_id_length = 0;
392 } 386 }
@@ -433,9 +427,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
433 SSL_SESSION *ret = NULL; 427 SSL_SESSION *ret = NULL;
434 int fatal = 0; 428 int fatal = 0;
435 int try_session_cache = 1; 429 int try_session_cache = 1;
436#ifndef OPENSSL_NO_TLSEXT
437 int r; 430 int r;
438#endif
439 431
440 if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) 432 if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
441 goto err; 433 goto err;
@@ -443,7 +435,6 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
443 if (len == 0) 435 if (len == 0)
444 try_session_cache = 0; 436 try_session_cache = 0;
445 437
446#ifndef OPENSSL_NO_TLSEXT
447 r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */ 438 r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */
448 switch (r) { 439 switch (r) {
449 case -1: /* Error during processing */ 440 case -1: /* Error during processing */
@@ -459,7 +450,6 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
459 default: 450 default:
460 abort(); 451 abort();
461 } 452 }
462#endif
463 453
464 if (try_session_cache && 454 if (try_session_cache &&
465 ret == NULL && 455 ret == NULL &&
@@ -570,13 +560,11 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
570 err: 560 err:
571 if (ret != NULL) { 561 if (ret != NULL) {
572 SSL_SESSION_free(ret); 562 SSL_SESSION_free(ret);
573#ifndef OPENSSL_NO_TLSEXT
574 if (!try_session_cache) { 563 if (!try_session_cache) {
575 /* The session was from a ticket, so we should 564 /* The session was from a ticket, so we should
576 * issue a ticket for the new session */ 565 * issue a ticket for the new session */
577 s->tlsext_ticket_expected = 1; 566 s->tlsext_ticket_expected = 1;
578 } 567 }
579#endif
580 } 568 }
581 if (fatal) 569 if (fatal)
582 return -1; 570 return -1;
@@ -701,7 +689,6 @@ SSL_SESSION_free(SSL_SESSION *ss)
701 X509_free(ss->peer); 689 X509_free(ss->peer);
702 if (ss->ciphers != NULL) 690 if (ss->ciphers != NULL)
703 sk_SSL_CIPHER_free(ss->ciphers); 691 sk_SSL_CIPHER_free(ss->ciphers);
704#ifndef OPENSSL_NO_TLSEXT
705 free(ss->tlsext_hostname); 692 free(ss->tlsext_hostname);
706 free(ss->tlsext_tick); 693 free(ss->tlsext_tick);
707#ifndef OPENSSL_NO_EC 694#ifndef OPENSSL_NO_EC
@@ -710,7 +697,6 @@ SSL_SESSION_free(SSL_SESSION *ss)
710 ss->tlsext_ellipticcurvelist_length = 0; 697 ss->tlsext_ellipticcurvelist_length = 0;
711 free(ss->tlsext_ellipticcurvelist); 698 free(ss->tlsext_ellipticcurvelist);
712#endif /* OPENSSL_NO_EC */ 699#endif /* OPENSSL_NO_EC */
713#endif
714#ifndef OPENSSL_NO_PSK 700#ifndef OPENSSL_NO_PSK
715 free(ss->psk_identity_hint); 701 free(ss->psk_identity_hint);
716 free(ss->psk_identity); 702 free(ss->psk_identity);
@@ -839,7 +825,6 @@ SSL_CTX_get_timeout(const SSL_CTX *s)
839 return (s->session_timeout); 825 return (s->session_timeout);
840} 826}
841 827
842#ifndef OPENSSL_NO_TLSEXT
843int 828int
844SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, 829SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len,
845 STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) 830 STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg)
@@ -887,7 +872,6 @@ SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
887 872
888 return 0; 873 return 0;
889} 874}
890#endif /* OPENSSL_NO_TLSEXT */
891 875
892typedef struct timeout_param_st { 876typedef struct timeout_param_st {
893 SSL_CTX *ctx; 877 SSL_CTX *ctx;
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c
index 43696db847..e58849deb5 100644
--- a/src/lib/libssl/ssl_txt.c
+++ b/src/lib/libssl/ssl_txt.c
@@ -169,7 +169,6 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
169 if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) 169 if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0)
170 goto err; 170 goto err;
171#endif 171#endif
172#ifndef OPENSSL_NO_TLSEXT
173 if (x->tlsext_tick_lifetime_hint) { 172 if (x->tlsext_tick_lifetime_hint) {
174 if (BIO_printf(bp, 173 if (BIO_printf(bp,
175 "\n TLS session ticket lifetime hint: %ld (seconds)", 174 "\n TLS session ticket lifetime hint: %ld (seconds)",
@@ -182,7 +181,6 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
182 if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) 181 if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0)
183 goto err; 182 goto err;
184 } 183 }
185#endif
186 184
187#ifndef OPENSSL_NO_COMP 185#ifndef OPENSSL_NO_COMP
188 if (x->compress_meth != 0) { 186 if (x->compress_meth != 0) {
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 5ad69f5ce9..5d442558dd 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -119,11 +119,9 @@
119 119
120const char tls1_version_str[] = "TLSv1" OPENSSL_VERSION_PTEXT; 120const char tls1_version_str[] = "TLSv1" OPENSSL_VERSION_PTEXT;
121 121
122#ifndef OPENSSL_NO_TLSEXT
123static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, 122static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
124 const unsigned char *sess_id, int sesslen, 123 const unsigned char *sess_id, int sesslen,
125 SSL_SESSION **psess); 124 SSL_SESSION **psess);
126#endif
127 125
128SSL3_ENC_METHOD TLSv1_enc_data = { 126SSL3_ENC_METHOD TLSv1_enc_data = {
129 .enc = tls1_enc, 127 .enc = tls1_enc,
@@ -200,9 +198,7 @@ tls1_new(SSL *s)
200void 198void
201tls1_free(SSL *s) 199tls1_free(SSL *s)
202{ 200{
203#ifndef OPENSSL_NO_TLSEXT
204 free(s->tlsext_session_ticket); 201 free(s->tlsext_session_ticket);
205#endif /* OPENSSL_NO_TLSEXT */
206 ssl3_free(s); 202 ssl3_free(s);
207} 203}
208 204
@@ -354,7 +350,6 @@ tls1_ec_nid2curve_id(int nid)
354} 350}
355#endif /* OPENSSL_NO_EC */ 351#endif /* OPENSSL_NO_EC */
356 352
357#ifndef OPENSSL_NO_TLSEXT
358 353
359/* List of supported signature algorithms and hashes. Should make this 354/* List of supported signature algorithms and hashes. Should make this
360 * customisable at some point, for now include everything we support. 355 * customisable at some point, for now include everything we support.
@@ -2315,4 +2310,3 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
2315 return 1; 2310 return 1;
2316} 2311}
2317 2312
2318#endif
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 400deca6d4..813bc97b31 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -274,7 +274,6 @@ extern "C" {
274#define TLSEXT_hash_sha384 5 274#define TLSEXT_hash_sha384 5
275#define TLSEXT_hash_sha512 6 275#define TLSEXT_hash_sha512 6
276 276
277#ifndef OPENSSL_NO_TLSEXT
278 277
279#define TLSEXT_MAXLEN_host_name 255 278#define TLSEXT_MAXLEN_host_name 255
280 279
@@ -353,7 +352,6 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
353#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ 352#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
354SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) 353SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
355 354
356#endif
357 355
358/* PSK ciphersuites from 4279 */ 356/* PSK ciphersuites from 4279 */
359#define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A 357#define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-31 04:49:20 +0000