summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2014-12-14 14:34:44 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2014-12-14 14:34:44 +0000
commitbd57012aa57efb4bc44ef74439f7b90151c6ac18 (patch)
treeefc5167ff1b85c907905a713ad5319409b1b9d19
parent50f3d37d5ed57a0e5d160b730b5e50e74e32c959 (diff)
unifdef OPENSSL_NO_NEXTPROTONEG, which is one of the last standing #ifndef
mazes in libssl. NPN is being replaced by ALPN, however it is still going to be around for a while yet. ok miod@
-rw-r--r--lib/libssl/src/ssl/s3_both.c11
-rw-r--r--lib/libssl/src/ssl/s3_clnt.c10
-rw-r--r--lib/libssl/src/ssl/s3_lib.c4
-rw-r--r--lib/libssl/src/ssl/s3_srvr.c18
-rw-r--r--lib/libssl/src/ssl/ssl_lib.c10
-rw-r--r--lib/libssl/src/ssl/t1_lib.c18
6 files changed, 6 insertions, 65 deletions
diff --git a/lib/libssl/src/ssl/s3_both.c b/lib/libssl/src/ssl/s3_both.c
index ffc10774d83..297665430a0 100644
--- a/lib/libssl/src/ssl/s3_both.c
+++ b/lib/libssl/src/ssl/s3_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_both.c,v 1.34 2014/12/10 15:43:31 jsing Exp $ */
+/* $OpenBSD: s3_both.c,v 1.35 2014/12/14 14:34:43 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -194,7 +194,6 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
static void
ssl3_take_mac(SSL *s)
@@ -217,7 +216,6 @@ ssl3_take_mac(SSL *s)
s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
sender, slen, s->s3->tmp.peer_finish_md);
}
-#endif
int
ssl3_get_finished(SSL *s, int a, int b)
@@ -226,11 +224,6 @@ ssl3_get_finished(SSL *s, int a, int b)
long n;
unsigned char *p;
-#ifdef OPENSSL_NO_NEXTPROTONEG
- /* the mac has already been generated when we received the
- * change cipher spec message and is in s->s3->tmp.peer_finish_md.
- */
-#endif
n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED,
64, /* should actually be 36+4 :-) */ &ok);
@@ -505,12 +498,10 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
n -= i;
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
/* If receiving Finished, record MAC of prior handshake messages for
* Finished verification. */
if (*s->init_buf->data == SSL3_MT_FINISHED)
ssl3_take_mac(s);
-#endif
/* Feed this message into MAC computation. */
ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c
index e7741826ae2..260154a0973 100644
--- a/lib/libssl/src/ssl/s3_clnt.c
+++ b/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.99 2014/12/10 15:43:31 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.100 2014/12/14 14:34:43 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -465,14 +465,10 @@ ssl3_connect(SSL *s)
if (ret <= 0)
goto end;
-#ifdef OPENSSL_NO_NEXTPROTONEG
- s->state = SSL3_ST_CW_FINISHED_A;
-#else
if (s->s3->next_proto_neg_seen)
s->state = SSL3_ST_CW_NEXT_PROTO_A;
else
s->state = SSL3_ST_CW_FINISHED_A;
-#endif
s->init_num = 0;
s->session->cipher = s->s3->tmp.new_cipher;
@@ -489,7 +485,6 @@ ssl3_connect(SSL *s)
break;
-#ifndef OPENSSL_NO_NEXTPROTONEG
case SSL3_ST_CW_NEXT_PROTO_A:
case SSL3_ST_CW_NEXT_PROTO_B:
ret = ssl3_send_next_proto(s);
@@ -497,7 +492,6 @@ ssl3_connect(SSL *s)
goto end;
s->state = SSL3_ST_CW_FINISHED_A;
break;
-#endif
case SSL3_ST_CW_FINISHED_A:
case SSL3_ST_CW_FINISHED_B:
@@ -2634,7 +2628,6 @@ err:
return (0);
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
int
ssl3_send_next_proto(SSL *s)
{
@@ -2658,7 +2651,6 @@ ssl3_send_next_proto(SSL *s)
return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
}
-#endif /* !OPENSSL_NO_NEXTPROTONEG */
/*
* Check to see if handshake is full or resumed. Usually this is just a
diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c
index 4beee2d53c4..21e339525cb 100644
--- a/lib/libssl/src/ssl/s3_lib.c
+++ b/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.87 2014/12/10 15:36:47 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.88 2014/12/14 14:34:43 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1927,11 +1927,9 @@ ssl3_clear(SSL *s)
s->s3->in_read_app_data = 0;
s->version = SSL3_VERSION;
-#ifndef OPENSSL_NO_NEXTPROTONEG
free(s->next_proto_negotiated);
s->next_proto_negotiated = NULL;
s->next_proto_negotiated_len = 0;
-#endif
}
diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index 645caf4bc95..783b1df782b 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.93 2014/12/10 15:43:31 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.94 2014/12/14 14:34:43 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -537,14 +537,10 @@ ssl3_accept(SSL *s)
* the client uses its key from the certificate
* for key exchange.
*/
-#ifdef OPENSSL_NO_NEXTPROTONEG
- s->state = SSL3_ST_SR_FINISHED_A;
-#else
if (s->s3->next_proto_neg_seen)
s->state = SSL3_ST_SR_NEXT_PROTO_A;
else
s->state = SSL3_ST_SR_FINISHED_A;
-#endif
s->init_num = 0;
} else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
s->state = SSL3_ST_SR_CERT_VRFY_A;
@@ -609,18 +605,13 @@ ssl3_accept(SSL *s)
if (ret <= 0)
goto end;
-#ifdef OPENSSL_NO_NEXTPROTONEG
- s->state = SSL3_ST_SR_FINISHED_A;
-#else
if (s->s3->next_proto_neg_seen)
s->state = SSL3_ST_SR_NEXT_PROTO_A;
else
s->state = SSL3_ST_SR_FINISHED_A;
-#endif
s->init_num = 0;
break;
-#ifndef OPENSSL_NO_NEXTPROTONEG
case SSL3_ST_SR_NEXT_PROTO_A:
case SSL3_ST_SR_NEXT_PROTO_B:
ret = ssl3_get_next_proto(s);
@@ -629,7 +620,6 @@ ssl3_accept(SSL *s)
s->init_num = 0;
s->state = SSL3_ST_SR_FINISHED_A;
break;
-#endif
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
@@ -701,9 +691,6 @@ ssl3_accept(SSL *s)
goto end;
s->state = SSL3_ST_SW_FLUSH;
if (s->hit) {
-#ifdef OPENSSL_NO_NEXTPROTONEG
- s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
-#else
if (s->s3->next_proto_neg_seen) {
s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->s3->tmp.next_state =
@@ -711,7 +698,6 @@ ssl3_accept(SSL *s)
} else
s->s3->tmp.next_state =
SSL3_ST_SR_FINISHED_A;
-#endif
} else
s->s3->tmp.next_state = SSL_ST_OK;
s->init_num = 0;
@@ -2850,7 +2836,6 @@ ssl3_send_cert_status(SSL *s)
return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
}
-# ifndef OPENSSL_NO_NEXTPROTONEG
/*
* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message.
* It sets the next_proto member in s if found
@@ -2921,4 +2906,3 @@ ssl3_get_next_proto(SSL *s)
return (1);
}
-# endif
diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c
index 4369ba587a3..e809ff0bc00 100644
--- a/lib/libssl/src/ssl/ssl_lib.c
+++ b/lib/libssl/src/ssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.92 2014/12/10 15:36:47 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.93 2014/12/14 14:34:43 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -333,9 +333,7 @@ SSL_new(SSL_CTX *ctx)
s->tlsext_ocsp_resplen = -1;
CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
s->initial_ctx = ctx;
-# ifndef OPENSSL_NO_NEXTPROTONEG
s->next_proto_negotiated = NULL;
-# endif
if (s->ctx->alpn_client_proto_list != NULL) {
s->alpn_client_proto_list =
@@ -560,9 +558,7 @@ SSL_free(SSL *s)
SSL_CTX_free(s->ctx);
-#ifndef OPENSSL_NO_NEXTPROTONEG
free(s->next_proto_negotiated);
-#endif
free(s->alpn_client_proto_list);
#ifndef OPENSSL_NO_SRTP
@@ -1509,7 +1505,6 @@ SSL_get_servername_type(const SSL *s)
return (-1);
}
-# ifndef OPENSSL_NO_NEXTPROTONEG
/*
* SSL_select_next_proto implements the standard protocol selection. It is
* expected that this function is called from the callback set by
@@ -1640,7 +1635,6 @@ SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
ctx->next_proto_select_cb = cb;
ctx->next_proto_select_cb_arg = arg;
}
-# endif
/*
* SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified
@@ -1879,10 +1873,8 @@ SSL_CTX_new(const SSL_METHOD *meth)
ret->tlsext_status_cb = 0;
ret->tlsext_status_arg = NULL;
-# ifndef OPENSSL_NO_NEXTPROTONEG
ret->next_protos_advertised_cb = 0;
ret->next_proto_select_cb = 0;
-# endif
#ifndef OPENSSL_NO_ENGINE
ret->client_cert_engine = NULL;
#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
diff --git a/lib/libssl/src/ssl/t1_lib.c b/lib/libssl/src/ssl/t1_lib.c
index 3b87d958cb7..60cef857b5a 100644
--- a/lib/libssl/src/ssl/t1_lib.c
+++ b/lib/libssl/src/ssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.73 2014/12/10 15:36:47 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.74 2014/12/14 14:34:43 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -867,7 +867,6 @@ skip_ext:
i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) {
/* The client advertises an emtpy extension to indicate its
* support for Next Protocol Negotiation */
@@ -876,7 +875,6 @@ skip_ext:
s2n(TLSEXT_TYPE_next_proto_neg, ret);
s2n(0, ret);
}
-#endif
if (s->alpn_client_proto_list != NULL &&
s->s3->tmp.finish_md_len == 0) {
@@ -958,9 +956,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
int using_ecc, extdatalen = 0;
unsigned long alg_a, alg_k;
unsigned char *ret = p;
-#ifndef OPENSSL_NO_NEXTPROTONEG
int next_proto_neg_seen;
-#endif
alg_a = s->s3->tmp.new_cipher->algorithm_auth;
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
@@ -1097,7 +1093,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
ret += sizeof(cryptopro_ext);
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
next_proto_neg_seen = s->s3->next_proto_neg_seen;
s->s3->next_proto_neg_seen = 0;
if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) {
@@ -1117,7 +1112,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
s->s3->next_proto_neg_seen = 1;
}
}
-#endif
if (s->s3->alpn_selected != NULL) {
const unsigned char *selected = s->s3->alpn_selected;
@@ -1304,9 +1298,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
s->servername_done = 0;
s->tlsext_status_type = -1;
-#ifndef OPENSSL_NO_NEXTPROTONEG
s->s3->next_proto_neg_seen = 0;
-#endif
free(s->s3->alpn_selected);
s->s3->alpn_selected = NULL;
@@ -1616,7 +1608,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
s->tlsext_status_type = -1;
}
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
else if (type == TLSEXT_TYPE_next_proto_neg &&
s->s3->tmp.finish_md_len == 0 &&
s->s3->alpn_selected == NULL) {
@@ -1637,7 +1628,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
* Finished message could have been computed.) */
s->s3->next_proto_neg_seen = 1;
}
-#endif
else if (type ==
TLSEXT_TYPE_application_layer_protocol_negotiation &&
s->ctx->alpn_select_cb != NULL &&
@@ -1676,7 +1666,6 @@ ri_check:
return 1;
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No
* elements of zero length are allowed and the set of elements must exactly fill
* the length of the block. */
@@ -1694,7 +1683,6 @@ ssl_next_proto_validate(unsigned char *d, unsigned len)
return off == len;
}
-#endif
int
ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
@@ -1707,9 +1695,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
int tlsext_servername = 0;
int renegotiate_seen = 0;
-#ifndef OPENSSL_NO_NEXTPROTONEG
s->s3->next_proto_neg_seen = 0;
-#endif
free(s->s3->alpn_selected);
s->s3->alpn_selected = NULL;
@@ -1797,7 +1783,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
/* Set flag to expect CertificateStatus message */
s->tlsext_status_expected = 1;
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
else if (type == TLSEXT_TYPE_next_proto_neg &&
s->s3->tmp.finish_md_len == 0) {
unsigned char *selected;
@@ -1826,7 +1811,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
s->next_proto_negotiated_len = selected_len;
s->s3->next_proto_neg_seen = 1;
}
-#endif
else if (type ==
TLSEXT_TYPE_application_layer_protocol_negotiation) {
unsigned int len;