diff options
-rw-r--r-- | lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 | 5 | ||||
-rw-r--r-- | lib/libssl/s3_lib.c | 6 | ||||
-rw-r--r-- | lib/libssl/ssl_clnt.c | 56 | ||||
-rw-r--r-- | lib/libssl/ssl_lib.c | 78 | ||||
-rw-r--r-- | lib/libssl/ssl_locl.h | 43 | ||||
-rw-r--r-- | lib/libssl/ssl_srvr.c | 104 | ||||
-rw-r--r-- | lib/libssl/t1_lib.c | 113 |
7 files changed, 28 insertions, 377 deletions
diff --git a/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 b/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 index ea7b1faf483..eb6c543478b 100644 --- a/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 +++ b/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_CTX_set_alpn_select_cb.3,v 1.2 2017/06/10 13:58:59 schwarze Exp $ +.\" $OpenBSD: SSL_CTX_set_alpn_select_cb.3,v 1.3 2017/08/12 21:03:08 jsing Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Todd Short <tshort@akamai.com>. @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 10 2017 $ +.Dd $Mdocdate: August 12 2017 $ .Dt SSL_CTX_SET_ALPN_SELECT_CB 3 .Os .Sh NAME @@ -181,7 +181,6 @@ If no match is found, the first item in is returned in .Fa out , .Fa outlen . -This function can also be used in the NPN callback. .Pp .Fn SSL_get0_alpn_selected returns a pointer to the selected protocol in diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 3a11d628930..acbe30d8040 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.157 2017/08/12 02:55:22 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.158 2017/08/12 21:03:08 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1705,10 +1705,6 @@ ssl3_clear(SSL *s) s->internal->packet_length = 0; s->version = TLS1_VERSION; - - free(s->internal->next_proto_negotiated); - s->internal->next_proto_negotiated = NULL; - s->internal->next_proto_negotiated_len = 0; } static long diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index 865c961db74..ec4a4104fcc 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.15 2017/08/12 02:55:22 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.16 2017/08/12 21:03:08 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -407,14 +407,11 @@ ssl3_connect(SSL *s) case SSL3_ST_CW_CHANGE_A: case SSL3_ST_CW_CHANGE_B: ret = ssl3_send_change_cipher_spec(s, - SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B); + SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B); if (ret <= 0) goto end; - if (S3I(s)->next_proto_neg_seen) - S3I(s)->hs.state = SSL3_ST_CW_NEXT_PROTO_A; - else - S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A; s->internal->init_num = 0; s->session->cipher = S3I(s)->hs.new_cipher; @@ -431,14 +428,6 @@ ssl3_connect(SSL *s) break; - case SSL3_ST_CW_NEXT_PROTO_A: - case SSL3_ST_CW_NEXT_PROTO_B: - ret = ssl3_send_next_proto(s); - if (ret <= 0) - goto end; - S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A; - break; - case SSL3_ST_CW_FINISHED_A: case SSL3_ST_CW_FINISHED_B: ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A, @@ -2599,45 +2588,6 @@ err: return (0); } -int -ssl3_send_next_proto(SSL *s) -{ - CBB cbb, nextproto, npn, padding; - size_t pad_len; - uint8_t *pad; - - memset(&cbb, 0, sizeof(cbb)); - - if (S3I(s)->hs.state == SSL3_ST_CW_NEXT_PROTO_A) { - pad_len = 32 - ((s->internal->next_proto_negotiated_len + 2) % 32); - - if (!ssl3_handshake_msg_start_cbb(s, &cbb, &nextproto, - SSL3_MT_NEXT_PROTO)) - goto err; - if (!CBB_add_u8_length_prefixed(&nextproto, &npn)) - goto err; - if (!CBB_add_bytes(&npn, s->internal->next_proto_negotiated, - s->internal->next_proto_negotiated_len)) - goto err; - if (!CBB_add_u8_length_prefixed(&nextproto, &padding)) - goto err; - if (!CBB_add_space(&padding, &pad, pad_len)) - goto err; - memset(pad, 0, pad_len); - if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) - goto err; - - S3I(s)->hs.state = SSL3_ST_CW_NEXT_PROTO_B; - } - - return (ssl3_handshake_write(s)); - - err: - CBB_cleanup(&cbb); - - return (-1); -} - /* * Check to see if handshake is full or resumed. Usually this is just a * case of checking to see if a cache hit has occurred. In the case of diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index de78ad2fcff..32a5680db77 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.166 2017/08/12 02:55:22 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.167 2017/08/12 21:03:08 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -339,8 +339,6 @@ SSL_new(SSL_CTX *ctx) ctx->internal->tlsext_supportedgroups_length; } - s->internal->next_proto_negotiated = NULL; - if (s->ctx->internal->alpn_client_proto_list != NULL) { s->internal->alpn_client_proto_list = malloc(s->ctx->internal->alpn_client_proto_list_len); @@ -548,7 +546,6 @@ SSL_free(SSL *s) SSL_CTX_free(s->ctx); - free(s->internal->next_proto_negotiated); free(s->internal->alpn_client_proto_list); #ifndef OPENSSL_NO_SRTP @@ -1541,33 +1538,15 @@ SSL_get_servername_type(const SSL *s) } /* - * SSL_select_next_proto implements the standard protocol selection. It is + * SSL_select_next_proto implements standard protocol selection. It is * expected that this function is called from the callback set by - * SSL_CTX_set_next_proto_select_cb. + * SSL_CTX_set_alpn_select_cb. * * The protocol data is assumed to be a vector of 8-bit, length prefixed byte * strings. The length byte itself is not included in the length. A byte * string of length 0 is invalid. No byte string may be truncated. * - * The current, but experimental algorithm for selecting the protocol is: - * - * 1) If the server doesn't support NPN then this is indicated to the - * callback. In this case, the client application has to abort the connection - * or have a default application level protocol. - * - * 2) If the server supports NPN, but advertises an empty list then the - * client selects the first protcol in its list, but indicates via the - * API that this fallback case was enacted. - * - * 3) Otherwise, the client finds the first protocol in the server's list - * that it supports and selects this protocol. This is because it's - * assumed that the server has better information about which protocol - * a client should use. - * - * 4) If the client doesn't support any of the server's advertised - * protocols, then this is treated the same as case 2. - * - * It returns either + * It returns either: * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. */ @@ -1611,64 +1590,28 @@ found: return (status); } -/* - * SSL_get0_next_proto_negotiated sets *data and *len to point to the client's - * requested protocol for this connection and returns 0. If the client didn't - * request any protocol, then *data is set to NULL. - * - * Note that the client can request any protocol it chooses. The value returned - * from this function need not be a member of the list of supported protocols - * provided by the callback. - */ +/* SSL_get0_next_proto_negotiated is deprecated. */ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) { - *data = s->internal->next_proto_negotiated; - if (!*data) { - *len = 0; - } else { - *len = s->internal->next_proto_negotiated_len; - } + *data = NULL; + *len = 0; } -/* - * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a - * TLS server needs a list of supported protocols for Next Protocol - * Negotiation. The returned list must be in wire format. The list is returned - * by setting |out| to point to it and |outlen| to its length. This memory will - * not be modified, but one should assume that the SSL* keeps a reference to - * it. - * - * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. - * Otherwise, no such extension will be included in the ServerHello. - */ +/* SSL_CTX_set_next_protos_advertised_cb is deprecated. */ void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) { - ctx->internal->next_protos_advertised_cb = cb; - ctx->internal->next_protos_advertised_cb_arg = arg; } -/* - * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a - * client needs to select a protocol from the server's provided list. |out| - * must be set to point to the selected protocol (which may be within |in|). - * The length of the protocol name must be written into |outlen|. The server's - * advertised protocols are provided in |in| and |inlen|. The callback can - * assume that |in| is syntactically valid. - * - * The client must select a protocol. It is fatal to the connection if this - * callback returns a value other than SSL_TLSEXT_ERR_OK. - */ +/* SSL_CTX_set_next_proto_select_cb is deprecated. */ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) { - ctx->internal->next_proto_select_cb = cb; - ctx->internal->next_proto_select_cb_arg = arg; } /* @@ -1912,9 +1855,6 @@ SSL_CTX_new(const SSL_METHOD *meth) ret->internal->tlsext_status_cb = 0; ret->internal->tlsext_status_arg = NULL; - ret->internal->next_protos_advertised_cb = 0; - ret->internal->next_proto_select_cb = 0; - #ifndef OPENSSL_NO_ENGINE ret->internal->client_cert_engine = NULL; #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 6f9be12fa7c..914501213cc 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.188 2017/08/12 02:55:22 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.189 2017/08/12 21:03:08 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -575,24 +575,8 @@ typedef struct ssl_ctx_internal_st { /* SRTP profiles we are willing to do from RFC 5764 */ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; - /* Next protocol negotiation information */ - /* (for experimental NPN extension). */ - - /* For a server, this contains a callback function by which the set of - * advertised protocols can be provided. */ - int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf, - unsigned int *len, void *arg); - void *next_protos_advertised_cb_arg; - /* For a client, this contains a callback function that selects the - * next protocol from the list provided by the server. */ - int (*next_proto_select_cb)(SSL *s, unsigned char **out, - unsigned char *outlen, const unsigned char *in, - unsigned int inlen, void *arg); - void *next_proto_select_cb_arg; - /* - * ALPN information - * (we are in the process of transitioning from NPN to ALPN). + * ALPN information. */ /* @@ -627,16 +611,6 @@ typedef struct ssl_internal_st { unsigned long options; /* protocol behaviour */ unsigned long mode; /* API behaviour */ - /* Next protocol negotiation. For the client, this is the protocol that - * we sent in NextProtocol and is set when handling ServerHello - * extensions. - * - * For a server, this is the client's selected_protocol from - * NextProtocol and is set when handling the NextProtocol message, - * before the Finished message. */ - unsigned char *next_proto_negotiated; - unsigned char next_proto_negotiated_len; - /* Client list of supported protocols in wire format. */ unsigned char *alpn_client_proto_list; unsigned int alpn_client_proto_list_len; @@ -881,16 +855,9 @@ typedef struct ssl3_state_internal_st { /* Set if we saw a Renegotiation Indication extension from our peer. */ int renegotiate_seen; - /* Set if we saw the Next Protocol Negotiation extension from our peer. - */ - int next_proto_neg_seen; - - /* - * ALPN information - * (we are in the process of transitioning from NPN to ALPN). - */ - /* + * ALPN information. + * * In a server these point to the selected ALPN protocol after the * ClientHello has been processed. In a client these contain the * protocol that the server selected once the ServerHello has been @@ -1245,7 +1212,6 @@ int ssl3_get_server_key_exchange(SSL *s); int ssl3_get_server_certificate(SSL *s); int ssl3_check_cert_and_algorithm(SSL *s); int ssl3_check_finished(SSL *s); -int ssl3_send_next_proto(SSL *s); /* some server-only functions */ int ssl3_get_client_hello(SSL *s); @@ -1257,7 +1223,6 @@ int ssl3_send_server_done(SSL *s); int ssl3_get_client_certificate(SSL *s); int ssl3_get_client_key_exchange(SSL *s); int ssl3_get_cert_verify(SSL *s); -int ssl3_get_next_proto(SSL *s); int ssl23_accept(SSL *s); int ssl23_connect(SSL *s); diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index a21039e7278..50ce91ddd80 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.20 2017/08/12 02:55:22 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.21 2017/08/12 21:03:08 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -468,10 +468,7 @@ ssl3_accept(SSL *s) * the client uses its key from the certificate * for key exchange. */ - if (S3I(s)->next_proto_neg_seen) - S3I(s)->hs.state = SSL3_ST_SR_NEXT_PROTO_A; - else - S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A; s->internal->init_num = 0; } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; @@ -525,20 +522,8 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; - if (S3I(s)->next_proto_neg_seen) - S3I(s)->hs.state = SSL3_ST_SR_NEXT_PROTO_A; - else - S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A; - s->internal->init_num = 0; - break; - - case SSL3_ST_SR_NEXT_PROTO_A: - case SSL3_ST_SR_NEXT_PROTO_B: - ret = ssl3_get_next_proto(s); - if (ret <= 0) - goto end; - s->internal->init_num = 0; S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A; + s->internal->init_num = 0; break; case SSL3_ST_SR_FINISHED_A: @@ -610,15 +595,9 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; S3I(s)->hs.state = SSL3_ST_SW_FLUSH; - if (s->internal->hit) { - if (S3I(s)->next_proto_neg_seen) { - s->s3->flags |= SSL3_FLAGS_CCS_OK; - S3I(s)->hs.next_state = - SSL3_ST_SR_NEXT_PROTO_A; - } else - S3I(s)->hs.next_state = - SSL3_ST_SR_FINISHED_A; - } else + if (s->internal->hit) + S3I(s)->hs.next_state = SSL3_ST_SR_FINISHED_A; + else S3I(s)->hs.next_state = SSL_ST_OK; s->internal->init_num = 0; break; @@ -2708,74 +2687,3 @@ ssl3_send_cert_status(SSL *s) return (-1); } - -/* - * ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. - * It sets the next_proto member in s if found - */ -int -ssl3_get_next_proto(SSL *s) -{ - CBS cbs, proto, padding; - int ok; - long n; - size_t len; - - /* - * Clients cannot send a NextProtocol message if we didn't see the - * extension in their ClientHello - */ - if (!S3I(s)->next_proto_neg_seen) { - SSLerror(s, SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION); - return (-1); - } - - /* 514 maxlen is enough for the payload format below */ - n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A, - SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO, 514, &ok); - if (!ok) - return ((int)n); - - /* - * S3I(s)->hs.state doesn't reflect whether ChangeCipherSpec has been received - * in this handshake, but S3I(s)->change_cipher_spec does (will be reset - * by ssl3_get_finished). - */ - if (!S3I(s)->change_cipher_spec) { - SSLerror(s, SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS); - return (-1); - } - - if (n < 2) - return (0); - /* The body must be > 1 bytes long */ - - CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); - - /* - * The payload looks like: - * uint8 proto_len; - * uint8 proto[proto_len]; - * uint8 padding_len; - * uint8 padding[padding_len]; - */ - if (!CBS_get_u8_length_prefixed(&cbs, &proto) || - !CBS_get_u8_length_prefixed(&cbs, &padding) || - CBS_len(&cbs) != 0) - return 0; - - /* - * XXX We should not NULL it, but this matches old behavior of not - * freeing before malloc. - */ - s->internal->next_proto_negotiated = NULL; - s->internal->next_proto_negotiated_len = 0; - - if (!CBS_stow(&proto, &s->internal->next_proto_negotiated, &len)) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - return (0); - } - s->internal->next_proto_negotiated_len = (uint8_t)len; - - return (1); -} diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 3e5133ab54c..911e8d3f4e2 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.127 2017/08/12 02:55:22 jsing Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.128 2017/08/12 21:03:08 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -779,16 +779,6 @@ skip_ext: i2d_X509_EXTENSIONS(s->internal->tlsext_ocsp_exts, &ret); } - if (s->ctx->internal->next_proto_select_cb && - !S3I(s)->tmp.finish_md_len) { - /* The client advertises an emtpy extension to indicate its - * support for Next Protocol Negotiation */ - if ((size_t)(limit - ret) < 4) - return NULL; - s2n(TLSEXT_TYPE_next_proto_neg, ret); - s2n(0, ret); - } - if (s->internal->alpn_client_proto_list != NULL && S3I(s)->tmp.finish_md_len == 0) { if ((size_t)(limit - ret) < @@ -868,7 +858,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) { int extdatalen = 0; unsigned char *ret = p; - int next_proto_neg_seen; size_t len; CBB cbb; @@ -949,26 +938,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) ret += sizeof(cryptopro_ext); } - next_proto_neg_seen = S3I(s)->next_proto_neg_seen; - S3I(s)->next_proto_neg_seen = 0; - if (next_proto_neg_seen && s->ctx->internal->next_protos_advertised_cb) { - const unsigned char *npa; - unsigned int npalen; - int r; - - r = s->ctx->internal->next_protos_advertised_cb(s, &npa, &npalen, - s->ctx->internal->next_protos_advertised_cb_arg); - if (r == SSL_TLSEXT_ERR_OK) { - if ((size_t)(limit - ret) < 4 + npalen) - return NULL; - s2n(TLSEXT_TYPE_next_proto_neg, ret); - s2n(npalen, ret); - memcpy(ret, npa, npalen); - ret += npalen; - S3I(s)->next_proto_neg_seen = 1; - } - } - if (S3I(s)->alpn_selected != NULL) { const unsigned char *selected = S3I(s)->alpn_selected; unsigned int len = S3I(s)->alpn_selected_len; @@ -1070,7 +1039,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, s->internal->servername_done = 0; s->tlsext_status_type = -1; S3I(s)->renegotiate_seen = 0; - S3I(s)->next_proto_neg_seen = 0; free(S3I(s)->alpn_selected); S3I(s)->alpn_selected = NULL; s->internal->srtp_profile = NULL; @@ -1227,36 +1195,13 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, */ s->tlsext_status_type = -1; } - } - else if (type == TLSEXT_TYPE_next_proto_neg && - S3I(s)->tmp.finish_md_len == 0 && - S3I(s)->alpn_selected == NULL) { - /* We shouldn't accept this extension on a - * renegotiation. - * - * s->internal->new_session will be set on renegotiation, but we - * probably shouldn't rely that it couldn't be set on - * the initial renegotation too in certain cases (when - * there's some other reason to disallow resuming an - * earlier session -- the current code won't be doing - * anything like that, but this might change). - - * A valid sign that there's been a previous handshake - * in this connection is if S3I(s)->tmp.finish_md_len > - * 0. (We are talking about a check that will happen - * in the Hello protocol round, well before a new - * Finished message could have been computed.) */ - S3I(s)->next_proto_neg_seen = 1; - } - else if (type == + } else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation && s->ctx->internal->alpn_select_cb != NULL && S3I(s)->tmp.finish_md_len == 0) { if (tls1_alpn_handle_client_hello(s, data, size, al) != 1) return (0); - /* ALPN takes precedence over NPN. */ - S3I(s)->next_proto_neg_seen = 0; } /* session ticket processed earlier */ @@ -1293,25 +1238,6 @@ err: return 0; } -/* - * ssl_next_proto_validate validates a Next Protocol Negotiation block. No - * elements of zero length are allowed and the set of elements must exactly fill - * the length of the block. - */ -static char -ssl_next_proto_validate(const unsigned char *d, unsigned int len) -{ - CBS npn, value; - - CBS_init(&npn, d, len); - while (CBS_len(&npn) > 0) { - if (!CBS_get_u8_length_prefixed(&npn, &value) || - CBS_len(&value) == 0) - return 0; - } - return 1; -} - int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al) { @@ -1323,7 +1249,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al) CBS cbs; S3I(s)->renegotiate_seen = 0; - S3I(s)->next_proto_neg_seen = 0; free(S3I(s)->alpn_selected); S3I(s)->alpn_selected = NULL; @@ -1375,39 +1300,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al) } /* Set flag to expect CertificateStatus message */ s->internal->tlsext_status_expected = 1; - } - else if (type == TLSEXT_TYPE_next_proto_neg && - S3I(s)->tmp.finish_md_len == 0) { - unsigned char *selected; - unsigned char selected_len; - - /* We must have requested it. */ - if (s->ctx->internal->next_proto_select_cb == NULL) { - *al = TLS1_AD_UNSUPPORTED_EXTENSION; - return 0; - } - /* The data must be valid */ - if (!ssl_next_proto_validate(data, size)) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } - if (s->ctx->internal->next_proto_select_cb(s, &selected, - &selected_len, data, size, - s->ctx->internal->next_proto_select_cb_arg) != - SSL_TLSEXT_ERR_OK) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - s->internal->next_proto_negotiated = malloc(selected_len); - if (!s->internal->next_proto_negotiated) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - memcpy(s->internal->next_proto_negotiated, selected, selected_len); - s->internal->next_proto_negotiated_len = selected_len; - S3I(s)->next_proto_neg_seen = 1; - } - else if (type == + } else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation) { unsigned int len; |