diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2017-08-28 17:36:59 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2017-08-28 17:36:59 +0000 |
| commit | c96c2afdc5ae43206d9b336c9ab7a949e0eb2393 (patch) | |
| tree | fd23099504836440cd0764d6d5fc8383cad70e6b | |
| parent | cc46e4d0077494fd3c6f7675ebe8e61808e46d22 (diff) | |
Completely remove NPN remnants.
Based on a diff from doug@, similar diff from inoguchi@
| -rw-r--r-- | lib/libssl/Symbols.list | 3 | ||||
| -rw-r--r-- | lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 | 50 | ||||
| -rw-r--r-- | lib/libssl/ssl.h | 10 | ||||
| -rw-r--r-- | lib/libssl/ssl3.h | 8 | ||||
| -rw-r--r-- | lib/libssl/ssl_err.c | 14 | ||||
| -rw-r--r-- | lib/libssl/ssl_lib.c | 26 | ||||
| -rw-r--r-- | lib/libssl/tls1.h | 5 |
7 files changed, 9 insertions, 107 deletions
diff --git a/lib/libssl/Symbols.list b/lib/libssl/Symbols.list index e147ff873de..7b54776d55e 100644 --- a/lib/libssl/Symbols.list +++ b/lib/libssl/Symbols.list @@ -100,8 +100,6 @@ SSL_CTX_set_info_callback SSL_CTX_set_min_proto_version SSL_CTX_set_max_proto_version SSL_CTX_set_msg_callback -SSL_CTX_set_next_proto_select_cb -SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_purpose SSL_CTX_set_quiet_shutdown SSL_CTX_set_session_id_context @@ -161,7 +159,6 @@ SSL_dup_CA_list SSL_export_keying_material SSL_free SSL_get0_alpn_selected -SSL_get0_next_proto_negotiated SSL_get1_session SSL_get_SSL_CTX SSL_get_certificate diff --git a/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 b/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 index 175689d79bd..2c0905123bf 100644 --- a/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 +++ b/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_CTX_set_alpn_select_cb.3,v 1.4 2017/08/21 08:31:19 schwarze Exp $ +.\" $OpenBSD: SSL_CTX_set_alpn_select_cb.3,v 1.5 2017/08/28 17:36:58 jsing Exp $ .\" OpenSSL 87b81496 Apr 19 12:38:27 2017 -0400 .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" @@ -49,18 +49,15 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 21 2017 $ +.Dd $Mdocdate: August 28 2017 $ .Dt SSL_CTX_SET_ALPN_SELECT_CB 3 .Os .Sh NAME .Nm SSL_CTX_set_alpn_protos , .Nm SSL_set_alpn_protos , .Nm SSL_CTX_set_alpn_select_cb , -.Nm SSL_CTX_set_next_proto_select_cb , -.Nm SSL_CTX_set_next_protos_advertised_cb , .Nm SSL_select_next_proto , -.Nm SSL_get0_alpn_selected , -.Nm SSL_get0_next_proto_negotiated +.Nm SSL_get0_alpn_selected .Nd handle application layer protocol negotiation (ALPN) .Sh SYNOPSIS .In openssl/ssl.h @@ -84,21 +81,6 @@ unsigned int inlen, void *arg)" .Fa "void *arg" .Fc -.Ft void -.Fo SSL_CTX_set_next_proto_select_cb -.Fa "SSL_CTX *ctx" -.Fa "int (*cb)(SSL *ssl, unsigned char **out,\ - unsigned char *outlen, const unsigned char *in,\ - unsigned int inlen, void *arg)" -.Fa "void *arg" -.Fc -.Ft void -.Fo SSL_CTX_set_next_protos_advertised_cb -.Fa "SSL_CTX *ctx" -.Fa "int (*cb)(SSL *ssl, const unsigned char **out,\ - unsigned char *outlen, void *arg)" -.Fa "void *arg" -.Fc .Ft int .Fo SSL_select_next_proto .Fa "unsigned char **out" @@ -114,12 +96,6 @@ .Fa "const unsigned char **data" .Fa "unsigned int *len" .Fc -.Ft void -.Fo SSL_get0_next_proto_negotiated -.Fa "const SSL *ssl" -.Fa "const unsigned char **data" -.Fa "unsigned int *len" -.Fc .Sh DESCRIPTION .Fn SSL_CTX_set_alpn_protos and @@ -207,16 +183,6 @@ is returned in .Fa out , .Fa outlen . .Pp -.Fn SSL_CTX_set_next_proto_select_cb -is deprecated and has no effect. -It used to set a callback that was called when a client needed to -select a protocol from the server's provided list. -.Pp -.Fn SSL_CTX_set_next_protos_advertised_cb -is deprecated and has no effect. -It used to set a callback that was called when a TLS server needed -a list of supported protocols for Next Protocol Negotiation. -.Pp .Fn SSL_get0_alpn_selected returns a pointer to the selected protocol in .Fa data @@ -232,16 +198,6 @@ is set to 0 if no protocol has been selected. .Fa data must not be freed. .Pp -.Fn SSL_get0_next_proto_negotiated -is deprecated and has no effect except that it always sets -.Pf * Fa data -to -.Dv NULL -and -.Pf * Fa len -to 0. -It used to return the client's requested protocol for this connection. -.Pp The protocol-lists must be in wire-format, which is defined as a vector of non-empty, 8-bit length-prefixed byte strings. The length-prefix byte is not included in the length. diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index a72af19711c..2f0b9df402c 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.132 2017/08/13 16:28:45 jsing Exp $ */ +/* $OpenBSD: ssl.h,v 1.133 2017/08/28 17:36:58 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -752,17 +752,11 @@ void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); -void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl, - const unsigned char **out, unsigned int *outlen, void *arg), void *arg); -void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, int (*cb)(SSL *ssl, - unsigned char **out, unsigned char *outlen, const unsigned char *in, - unsigned int inlen, void *arg), void *arg); +/* NPN support function used by ALPN */ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, const unsigned char *client, unsigned int client_len); -void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, - unsigned *len); #define OPENSSL_NPN_UNSUPPORTED 0 #define OPENSSL_NPN_NEGOTIATED 1 diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h index 91cbaf29e34..12ef56b5221 100644 --- a/lib/libssl/ssl3.h +++ b/lib/libssl/ssl3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl3.h,v 1.45 2017/01/22 09:02:07 jsing Exp $ */ +/* $OpenBSD: ssl3.h,v 1.46 2017/08/28 17:36:58 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -415,8 +415,6 @@ typedef struct ssl3_state_st { #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) -#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) -#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) /* read from server */ @@ -462,8 +460,6 @@ typedef struct ssl3_state_st { #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) -#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) -#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) /* write to client */ @@ -489,8 +485,6 @@ typedef struct ssl3_state_st { #define SSL3_MT_FINISHED 20 #define SSL3_MT_CERTIFICATE_STATUS 22 -#define SSL3_MT_NEXT_PROTO 67 - #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 #define SSL3_MT_CCS 1 diff --git a/lib/libssl/ssl_err.c b/lib/libssl/ssl_err.c index d61660c934d..db3c1a0d2db 100644 --- a/lib/libssl/ssl_err.c +++ b/lib/libssl/ssl_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_err.c,v 1.34 2017/05/07 04:22:24 beck Exp $ */ +/* $OpenBSD: ssl_err.c,v 1.35 2017/08/28 17:36:58 jsing Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -96,8 +96,6 @@ static ERR_STRING_DATA SSL_str_functs[]= { {ERR_FUNC(21), "CONNECT_CW_CERT_VRFY"}, {ERR_FUNC(22), "CONNECT_CW_CHANGE"}, {ERR_FUNC(23), "CONNECT_CW_CHANGE"}, - {ERR_FUNC(24), "CONNECT_CW_NEXT_PROTO"}, - {ERR_FUNC(25), "CONNECT_CW_NEXT_PROTO"}, {ERR_FUNC(26), "CONNECT_CW_FINISHED"}, {ERR_FUNC(27), "CONNECT_CW_FINISHED"}, {ERR_FUNC(28), "CONNECT_CR_CHANGE"}, @@ -133,8 +131,6 @@ static ERR_STRING_DATA SSL_str_functs[]= { {ERR_FUNC(58), "ACCEPT_SR_CERT_VRFY"}, {ERR_FUNC(59), "ACCEPT_SR_CHANGE"}, {ERR_FUNC(60), "ACCEPT_SR_CHANGE"}, - {ERR_FUNC(61), "ACCEPT_SR_NEXT_PROTO"}, - {ERR_FUNC(62), "ACCEPT_SR_NEXT_PROTO"}, {ERR_FUNC(63), "ACCEPT_SR_FINISHED"}, {ERR_FUNC(64), "ACCEPT_SR_FINISHED"}, {ERR_FUNC(65), "ACCEPT_SW_CHANGE"}, @@ -540,10 +536,6 @@ SSL_state_func_code(int state) { return 22; case SSL3_ST_CW_CHANGE_B: return 23; - case SSL3_ST_CW_NEXT_PROTO_A: - return 24; - case SSL3_ST_CW_NEXT_PROTO_B: - return 25; case SSL3_ST_CW_FINISHED_A: return 26; case SSL3_ST_CW_FINISHED_B: @@ -614,10 +606,6 @@ SSL_state_func_code(int state) { return 59; case SSL3_ST_SR_CHANGE_B: return 60; - case SSL3_ST_SR_NEXT_PROTO_A: - return 61; - case SSL3_ST_SR_NEXT_PROTO_B: - return 62; case SSL3_ST_SR_FINISHED_A: return 63; case SSL3_ST_SR_FINISHED_B: diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 46d905ad56d..b365ebd4966 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.168 2017/08/13 17:04:36 doug Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.169 2017/08/28 17:36:58 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1590,30 +1590,6 @@ found: return (status); } -/* SSL_get0_next_proto_negotiated is deprecated. */ -void -SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, - unsigned *len) -{ - *data = NULL; - *len = 0; -} - -/* SSL_CTX_set_next_protos_advertised_cb is deprecated. */ -void -SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, - const unsigned char **out, unsigned int *outlen, void *arg), void *arg) -{ -} - -/* SSL_CTX_set_next_proto_select_cb is deprecated. */ -void -SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, - unsigned char **out, unsigned char *outlen, const unsigned char *in, - unsigned int inlen, void *arg), void *arg) -{ -} - /* * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified * protocols, which must be in wire-format (i.e. a series of non-empty, diff --git a/lib/libssl/tls1.h b/lib/libssl/tls1.h index 3cf778020be..8e369c7bd11 100644 --- a/lib/libssl/tls1.h +++ b/lib/libssl/tls1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls1.h,v 1.30 2017/08/28 16:37:04 jsing Exp $ */ +/* $OpenBSD: tls1.h,v 1.31 2017/08/28 17:36:58 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -258,9 +258,6 @@ extern "C" { /* Temporary extension type */ #define TLSEXT_TYPE_renegotiate 0xff01 -/* This is not an IANA defined extension number */ -#define TLSEXT_TYPE_next_proto_neg 13172 - /* NameType value from RFC 3546. */ #define TLSEXT_NAMETYPE_host_name 0 /* status request value from RFC 3546 */ |