diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2014-12-14 14:34:44 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2014-12-14 14:34:44 +0000 |
commit | bd57012aa57efb4bc44ef74439f7b90151c6ac18 (patch) | |
tree | efc5167ff1b85c907905a713ad5319409b1b9d19 | |
parent | 50f3d37d5ed57a0e5d160b730b5e50e74e32c959 (diff) |
unifdef OPENSSL_NO_NEXTPROTONEG, which is one of the last standing #ifndef
mazes in libssl. NPN is being replaced by ALPN, however it is still going
to be around for a while yet.
ok miod@
-rw-r--r-- | lib/libssl/src/ssl/s3_both.c | 11 | ||||
-rw-r--r-- | lib/libssl/src/ssl/s3_clnt.c | 10 | ||||
-rw-r--r-- | lib/libssl/src/ssl/s3_lib.c | 4 | ||||
-rw-r--r-- | lib/libssl/src/ssl/s3_srvr.c | 18 | ||||
-rw-r--r-- | lib/libssl/src/ssl/ssl_lib.c | 10 | ||||
-rw-r--r-- | lib/libssl/src/ssl/t1_lib.c | 18 |
6 files changed, 6 insertions, 65 deletions
diff --git a/lib/libssl/src/ssl/s3_both.c b/lib/libssl/src/ssl/s3_both.c index ffc10774d83..297665430a0 100644 --- a/lib/libssl/src/ssl/s3_both.c +++ b/lib/libssl/src/ssl/s3_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_both.c,v 1.34 2014/12/10 15:43:31 jsing Exp $ */ +/* $OpenBSD: s3_both.c,v 1.35 2014/12/14 14:34:43 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -194,7 +194,6 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); } -#ifndef OPENSSL_NO_NEXTPROTONEG /* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */ static void ssl3_take_mac(SSL *s) @@ -217,7 +216,6 @@ ssl3_take_mac(SSL *s) s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, sender, slen, s->s3->tmp.peer_finish_md); } -#endif int ssl3_get_finished(SSL *s, int a, int b) @@ -226,11 +224,6 @@ ssl3_get_finished(SSL *s, int a, int b) long n; unsigned char *p; -#ifdef OPENSSL_NO_NEXTPROTONEG - /* the mac has already been generated when we received the - * change cipher spec message and is in s->s3->tmp.peer_finish_md. - */ -#endif n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, 64, /* should actually be 36+4 :-) */ &ok); @@ -505,12 +498,10 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) n -= i; } -#ifndef OPENSSL_NO_NEXTPROTONEG /* If receiving Finished, record MAC of prior handshake messages for * Finished verification. */ if (*s->init_buf->data == SSL3_MT_FINISHED) ssl3_take_mac(s); -#endif /* Feed this message into MAC computation. */ ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index e7741826ae2..260154a0973 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.99 2014/12/10 15:43:31 jsing Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.100 2014/12/14 14:34:43 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -465,14 +465,10 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; -#ifdef OPENSSL_NO_NEXTPROTONEG - s->state = SSL3_ST_CW_FINISHED_A; -#else if (s->s3->next_proto_neg_seen) s->state = SSL3_ST_CW_NEXT_PROTO_A; else s->state = SSL3_ST_CW_FINISHED_A; -#endif s->init_num = 0; s->session->cipher = s->s3->tmp.new_cipher; @@ -489,7 +485,6 @@ ssl3_connect(SSL *s) break; -#ifndef OPENSSL_NO_NEXTPROTONEG case SSL3_ST_CW_NEXT_PROTO_A: case SSL3_ST_CW_NEXT_PROTO_B: ret = ssl3_send_next_proto(s); @@ -497,7 +492,6 @@ ssl3_connect(SSL *s) goto end; s->state = SSL3_ST_CW_FINISHED_A; break; -#endif case SSL3_ST_CW_FINISHED_A: case SSL3_ST_CW_FINISHED_B: @@ -2634,7 +2628,6 @@ err: return (0); } -#ifndef OPENSSL_NO_NEXTPROTONEG int ssl3_send_next_proto(SSL *s) { @@ -2658,7 +2651,6 @@ ssl3_send_next_proto(SSL *s) return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); } -#endif /* !OPENSSL_NO_NEXTPROTONEG */ /* * Check to see if handshake is full or resumed. Usually this is just a diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c index 4beee2d53c4..21e339525cb 100644 --- a/lib/libssl/src/ssl/s3_lib.c +++ b/lib/libssl/src/ssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.87 2014/12/10 15:36:47 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.88 2014/12/14 14:34:43 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1927,11 +1927,9 @@ ssl3_clear(SSL *s) s->s3->in_read_app_data = 0; s->version = SSL3_VERSION; -#ifndef OPENSSL_NO_NEXTPROTONEG free(s->next_proto_negotiated); s->next_proto_negotiated = NULL; s->next_proto_negotiated_len = 0; -#endif } diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c index 645caf4bc95..783b1df782b 100644 --- a/lib/libssl/src/ssl/s3_srvr.c +++ b/lib/libssl/src/ssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.93 2014/12/10 15:43:31 jsing Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.94 2014/12/14 14:34:43 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -537,14 +537,10 @@ ssl3_accept(SSL *s) * the client uses its key from the certificate * for key exchange. */ -#ifdef OPENSSL_NO_NEXTPROTONEG - s->state = SSL3_ST_SR_FINISHED_A; -#else if (s->s3->next_proto_neg_seen) s->state = SSL3_ST_SR_NEXT_PROTO_A; else s->state = SSL3_ST_SR_FINISHED_A; -#endif s->init_num = 0; } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { s->state = SSL3_ST_SR_CERT_VRFY_A; @@ -609,18 +605,13 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; -#ifdef OPENSSL_NO_NEXTPROTONEG - s->state = SSL3_ST_SR_FINISHED_A; -#else if (s->s3->next_proto_neg_seen) s->state = SSL3_ST_SR_NEXT_PROTO_A; else s->state = SSL3_ST_SR_FINISHED_A; -#endif s->init_num = 0; break; -#ifndef OPENSSL_NO_NEXTPROTONEG case SSL3_ST_SR_NEXT_PROTO_A: case SSL3_ST_SR_NEXT_PROTO_B: ret = ssl3_get_next_proto(s); @@ -629,7 +620,6 @@ ssl3_accept(SSL *s) s->init_num = 0; s->state = SSL3_ST_SR_FINISHED_A; break; -#endif case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: @@ -701,9 +691,6 @@ ssl3_accept(SSL *s) goto end; s->state = SSL3_ST_SW_FLUSH; if (s->hit) { -#ifdef OPENSSL_NO_NEXTPROTONEG - s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A; -#else if (s->s3->next_proto_neg_seen) { s->s3->flags |= SSL3_FLAGS_CCS_OK; s->s3->tmp.next_state = @@ -711,7 +698,6 @@ ssl3_accept(SSL *s) } else s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A; -#endif } else s->s3->tmp.next_state = SSL_ST_OK; s->init_num = 0; @@ -2850,7 +2836,6 @@ ssl3_send_cert_status(SSL *s) return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); } -# ifndef OPENSSL_NO_NEXTPROTONEG /* * ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. * It sets the next_proto member in s if found @@ -2921,4 +2906,3 @@ ssl3_get_next_proto(SSL *s) return (1); } -# endif diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c index 4369ba587a3..e809ff0bc00 100644 --- a/lib/libssl/src/ssl/ssl_lib.c +++ b/lib/libssl/src/ssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.92 2014/12/10 15:36:47 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.93 2014/12/14 14:34:43 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -333,9 +333,7 @@ SSL_new(SSL_CTX *ctx) s->tlsext_ocsp_resplen = -1; CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); s->initial_ctx = ctx; -# ifndef OPENSSL_NO_NEXTPROTONEG s->next_proto_negotiated = NULL; -# endif if (s->ctx->alpn_client_proto_list != NULL) { s->alpn_client_proto_list = @@ -560,9 +558,7 @@ SSL_free(SSL *s) SSL_CTX_free(s->ctx); -#ifndef OPENSSL_NO_NEXTPROTONEG free(s->next_proto_negotiated); -#endif free(s->alpn_client_proto_list); #ifndef OPENSSL_NO_SRTP @@ -1509,7 +1505,6 @@ SSL_get_servername_type(const SSL *s) return (-1); } -# ifndef OPENSSL_NO_NEXTPROTONEG /* * SSL_select_next_proto implements the standard protocol selection. It is * expected that this function is called from the callback set by @@ -1640,7 +1635,6 @@ SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, ctx->next_proto_select_cb = cb; ctx->next_proto_select_cb_arg = arg; } -# endif /* * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified @@ -1879,10 +1873,8 @@ SSL_CTX_new(const SSL_METHOD *meth) ret->tlsext_status_cb = 0; ret->tlsext_status_arg = NULL; -# ifndef OPENSSL_NO_NEXTPROTONEG ret->next_protos_advertised_cb = 0; ret->next_proto_select_cb = 0; -# endif #ifndef OPENSSL_NO_ENGINE ret->client_cert_engine = NULL; #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO diff --git a/lib/libssl/src/ssl/t1_lib.c b/lib/libssl/src/ssl/t1_lib.c index 3b87d958cb7..60cef857b5a 100644 --- a/lib/libssl/src/ssl/t1_lib.c +++ b/lib/libssl/src/ssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.73 2014/12/10 15:36:47 jsing Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.74 2014/12/14 14:34:43 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -867,7 +867,6 @@ skip_ext: i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); } -#ifndef OPENSSL_NO_NEXTPROTONEG if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) { /* The client advertises an emtpy extension to indicate its * support for Next Protocol Negotiation */ @@ -876,7 +875,6 @@ skip_ext: s2n(TLSEXT_TYPE_next_proto_neg, ret); s2n(0, ret); } -#endif if (s->alpn_client_proto_list != NULL && s->s3->tmp.finish_md_len == 0) { @@ -958,9 +956,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) int using_ecc, extdatalen = 0; unsigned long alg_a, alg_k; unsigned char *ret = p; -#ifndef OPENSSL_NO_NEXTPROTONEG int next_proto_neg_seen; -#endif alg_a = s->s3->tmp.new_cipher->algorithm_auth; alg_k = s->s3->tmp.new_cipher->algorithm_mkey; @@ -1097,7 +1093,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) ret += sizeof(cryptopro_ext); } -#ifndef OPENSSL_NO_NEXTPROTONEG next_proto_neg_seen = s->s3->next_proto_neg_seen; s->s3->next_proto_neg_seen = 0; if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) { @@ -1117,7 +1112,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) s->s3->next_proto_neg_seen = 1; } } -#endif if (s->s3->alpn_selected != NULL) { const unsigned char *selected = s->s3->alpn_selected; @@ -1304,9 +1298,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, s->servername_done = 0; s->tlsext_status_type = -1; -#ifndef OPENSSL_NO_NEXTPROTONEG s->s3->next_proto_neg_seen = 0; -#endif free(s->s3->alpn_selected); s->s3->alpn_selected = NULL; @@ -1616,7 +1608,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, s->tlsext_status_type = -1; } } -#ifndef OPENSSL_NO_NEXTPROTONEG else if (type == TLSEXT_TYPE_next_proto_neg && s->s3->tmp.finish_md_len == 0 && s->s3->alpn_selected == NULL) { @@ -1637,7 +1628,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, * Finished message could have been computed.) */ s->s3->next_proto_neg_seen = 1; } -#endif else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation && s->ctx->alpn_select_cb != NULL && @@ -1676,7 +1666,6 @@ ri_check: return 1; } -#ifndef OPENSSL_NO_NEXTPROTONEG /* ssl_next_proto_validate validates a Next Protocol Negotiation block. No * elements of zero length are allowed and the set of elements must exactly fill * the length of the block. */ @@ -1694,7 +1683,6 @@ ssl_next_proto_validate(unsigned char *d, unsigned len) return off == len; } -#endif int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, @@ -1707,9 +1695,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int tlsext_servername = 0; int renegotiate_seen = 0; -#ifndef OPENSSL_NO_NEXTPROTONEG s->s3->next_proto_neg_seen = 0; -#endif free(s->s3->alpn_selected); s->s3->alpn_selected = NULL; @@ -1797,7 +1783,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, /* Set flag to expect CertificateStatus message */ s->tlsext_status_expected = 1; } -#ifndef OPENSSL_NO_NEXTPROTONEG else if (type == TLSEXT_TYPE_next_proto_neg && s->s3->tmp.finish_md_len == 0) { unsigned char *selected; @@ -1826,7 +1811,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, s->next_proto_negotiated_len = selected_len; s->s3->next_proto_neg_seen = 1; } -#endif else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation) { unsigned int len; |