summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/libssl/man/SSL_CTX_set_alpn_select_cb.35
-rw-r--r--lib/libssl/s3_lib.c6
-rw-r--r--lib/libssl/ssl_clnt.c56
-rw-r--r--lib/libssl/ssl_lib.c78
-rw-r--r--lib/libssl/ssl_locl.h43
-rw-r--r--lib/libssl/ssl_srvr.c104
-rw-r--r--lib/libssl/t1_lib.c113
7 files changed, 28 insertions, 377 deletions
diff --git a/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 b/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
index ea7b1faf483..eb6c543478b 100644
--- a/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
+++ b/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: SSL_CTX_set_alpn_select_cb.3,v 1.2 2017/06/10 13:58:59 schwarze Exp $
+.\" $OpenBSD: SSL_CTX_set_alpn_select_cb.3,v 1.3 2017/08/12 21:03:08 jsing Exp $
.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Todd Short <tshort@akamai.com>.
@@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 10 2017 $
+.Dd $Mdocdate: August 12 2017 $
.Dt SSL_CTX_SET_ALPN_SELECT_CB 3
.Os
.Sh NAME
@@ -181,7 +181,6 @@ If no match is found, the first item in
is returned in
.Fa out ,
.Fa outlen .
-This function can also be used in the NPN callback.
.Pp
.Fn SSL_get0_alpn_selected
returns a pointer to the selected protocol in
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 3a11d628930..acbe30d8040 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.157 2017/08/12 02:55:22 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.158 2017/08/12 21:03:08 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1705,10 +1705,6 @@ ssl3_clear(SSL *s)
s->internal->packet_length = 0;
s->version = TLS1_VERSION;
-
- free(s->internal->next_proto_negotiated);
- s->internal->next_proto_negotiated = NULL;
- s->internal->next_proto_negotiated_len = 0;
}
static long
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 865c961db74..ec4a4104fcc 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.15 2017/08/12 02:55:22 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.16 2017/08/12 21:03:08 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -407,14 +407,11 @@ ssl3_connect(SSL *s)
case SSL3_ST_CW_CHANGE_A:
case SSL3_ST_CW_CHANGE_B:
ret = ssl3_send_change_cipher_spec(s,
- SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
+ SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
if (ret <= 0)
goto end;
- if (S3I(s)->next_proto_neg_seen)
- S3I(s)->hs.state = SSL3_ST_CW_NEXT_PROTO_A;
- else
- S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A;
+ S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A;
s->internal->init_num = 0;
s->session->cipher = S3I(s)->hs.new_cipher;
@@ -431,14 +428,6 @@ ssl3_connect(SSL *s)
break;
- case SSL3_ST_CW_NEXT_PROTO_A:
- case SSL3_ST_CW_NEXT_PROTO_B:
- ret = ssl3_send_next_proto(s);
- if (ret <= 0)
- goto end;
- S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A;
- break;
-
case SSL3_ST_CW_FINISHED_A:
case SSL3_ST_CW_FINISHED_B:
ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A,
@@ -2599,45 +2588,6 @@ err:
return (0);
}
-int
-ssl3_send_next_proto(SSL *s)
-{
- CBB cbb, nextproto, npn, padding;
- size_t pad_len;
- uint8_t *pad;
-
- memset(&cbb, 0, sizeof(cbb));
-
- if (S3I(s)->hs.state == SSL3_ST_CW_NEXT_PROTO_A) {
- pad_len = 32 - ((s->internal->next_proto_negotiated_len + 2) % 32);
-
- if (!ssl3_handshake_msg_start_cbb(s, &cbb, &nextproto,
- SSL3_MT_NEXT_PROTO))
- goto err;
- if (!CBB_add_u8_length_prefixed(&nextproto, &npn))
- goto err;
- if (!CBB_add_bytes(&npn, s->internal->next_proto_negotiated,
- s->internal->next_proto_negotiated_len))
- goto err;
- if (!CBB_add_u8_length_prefixed(&nextproto, &padding))
- goto err;
- if (!CBB_add_space(&padding, &pad, pad_len))
- goto err;
- memset(pad, 0, pad_len);
- if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
- goto err;
-
- S3I(s)->hs.state = SSL3_ST_CW_NEXT_PROTO_B;
- }
-
- return (ssl3_handshake_write(s));
-
- err:
- CBB_cleanup(&cbb);
-
- return (-1);
-}
-
/*
* Check to see if handshake is full or resumed. Usually this is just a
* case of checking to see if a cache hit has occurred. In the case of
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index de78ad2fcff..32a5680db77 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.166 2017/08/12 02:55:22 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.167 2017/08/12 21:03:08 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -339,8 +339,6 @@ SSL_new(SSL_CTX *ctx)
ctx->internal->tlsext_supportedgroups_length;
}
- s->internal->next_proto_negotiated = NULL;
-
if (s->ctx->internal->alpn_client_proto_list != NULL) {
s->internal->alpn_client_proto_list =
malloc(s->ctx->internal->alpn_client_proto_list_len);
@@ -548,7 +546,6 @@ SSL_free(SSL *s)
SSL_CTX_free(s->ctx);
- free(s->internal->next_proto_negotiated);
free(s->internal->alpn_client_proto_list);
#ifndef OPENSSL_NO_SRTP
@@ -1541,33 +1538,15 @@ SSL_get_servername_type(const SSL *s)
}
/*
- * SSL_select_next_proto implements the standard protocol selection. It is
+ * SSL_select_next_proto implements standard protocol selection. It is
* expected that this function is called from the callback set by
- * SSL_CTX_set_next_proto_select_cb.
+ * SSL_CTX_set_alpn_select_cb.
*
* The protocol data is assumed to be a vector of 8-bit, length prefixed byte
* strings. The length byte itself is not included in the length. A byte
* string of length 0 is invalid. No byte string may be truncated.
*
- * The current, but experimental algorithm for selecting the protocol is:
- *
- * 1) If the server doesn't support NPN then this is indicated to the
- * callback. In this case, the client application has to abort the connection
- * or have a default application level protocol.
- *
- * 2) If the server supports NPN, but advertises an empty list then the
- * client selects the first protcol in its list, but indicates via the
- * API that this fallback case was enacted.
- *
- * 3) Otherwise, the client finds the first protocol in the server's list
- * that it supports and selects this protocol. This is because it's
- * assumed that the server has better information about which protocol
- * a client should use.
- *
- * 4) If the client doesn't support any of the server's advertised
- * protocols, then this is treated the same as case 2.
- *
- * It returns either
+ * It returns either:
* OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
* OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
*/
@@ -1611,64 +1590,28 @@ found:
return (status);
}
-/*
- * SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
- * requested protocol for this connection and returns 0. If the client didn't
- * request any protocol, then *data is set to NULL.
- *
- * Note that the client can request any protocol it chooses. The value returned
- * from this function need not be a member of the list of supported protocols
- * provided by the callback.
- */
+/* SSL_get0_next_proto_negotiated is deprecated. */
void
SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
unsigned *len)
{
- *data = s->internal->next_proto_negotiated;
- if (!*data) {
- *len = 0;
- } else {
- *len = s->internal->next_proto_negotiated_len;
- }
+ *data = NULL;
+ *len = 0;
}
-/*
- * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a
- * TLS server needs a list of supported protocols for Next Protocol
- * Negotiation. The returned list must be in wire format. The list is returned
- * by setting |out| to point to it and |outlen| to its length. This memory will
- * not be modified, but one should assume that the SSL* keeps a reference to
- * it.
- *
- * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise.
- * Otherwise, no such extension will be included in the ServerHello.
- */
+/* SSL_CTX_set_next_protos_advertised_cb is deprecated. */
void
SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl,
const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
{
- ctx->internal->next_protos_advertised_cb = cb;
- ctx->internal->next_protos_advertised_cb_arg = arg;
}
-/*
- * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
- * client needs to select a protocol from the server's provided list. |out|
- * must be set to point to the selected protocol (which may be within |in|).
- * The length of the protocol name must be written into |outlen|. The server's
- * advertised protocols are provided in |in| and |inlen|. The callback can
- * assume that |in| is syntactically valid.
- *
- * The client must select a protocol. It is fatal to the connection if this
- * callback returns a value other than SSL_TLSEXT_ERR_OK.
- */
+/* SSL_CTX_set_next_proto_select_cb is deprecated. */
void
SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
unsigned char **out, unsigned char *outlen, const unsigned char *in,
unsigned int inlen, void *arg), void *arg)
{
- ctx->internal->next_proto_select_cb = cb;
- ctx->internal->next_proto_select_cb_arg = arg;
}
/*
@@ -1912,9 +1855,6 @@ SSL_CTX_new(const SSL_METHOD *meth)
ret->internal->tlsext_status_cb = 0;
ret->internal->tlsext_status_arg = NULL;
- ret->internal->next_protos_advertised_cb = 0;
- ret->internal->next_proto_select_cb = 0;
-
#ifndef OPENSSL_NO_ENGINE
ret->internal->client_cert_engine = NULL;
#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 6f9be12fa7c..914501213cc 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.188 2017/08/12 02:55:22 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.189 2017/08/12 21:03:08 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -575,24 +575,8 @@ typedef struct ssl_ctx_internal_st {
/* SRTP profiles we are willing to do from RFC 5764 */
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
- /* Next protocol negotiation information */
- /* (for experimental NPN extension). */
-
- /* For a server, this contains a callback function by which the set of
- * advertised protocols can be provided. */
- int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
- unsigned int *len, void *arg);
- void *next_protos_advertised_cb_arg;
- /* For a client, this contains a callback function that selects the
- * next protocol from the list provided by the server. */
- int (*next_proto_select_cb)(SSL *s, unsigned char **out,
- unsigned char *outlen, const unsigned char *in,
- unsigned int inlen, void *arg);
- void *next_proto_select_cb_arg;
-
/*
- * ALPN information
- * (we are in the process of transitioning from NPN to ALPN).
+ * ALPN information.
*/
/*
@@ -627,16 +611,6 @@ typedef struct ssl_internal_st {
unsigned long options; /* protocol behaviour */
unsigned long mode; /* API behaviour */
- /* Next protocol negotiation. For the client, this is the protocol that
- * we sent in NextProtocol and is set when handling ServerHello
- * extensions.
- *
- * For a server, this is the client's selected_protocol from
- * NextProtocol and is set when handling the NextProtocol message,
- * before the Finished message. */
- unsigned char *next_proto_negotiated;
- unsigned char next_proto_negotiated_len;
-
/* Client list of supported protocols in wire format. */
unsigned char *alpn_client_proto_list;
unsigned int alpn_client_proto_list_len;
@@ -881,16 +855,9 @@ typedef struct ssl3_state_internal_st {
/* Set if we saw a Renegotiation Indication extension from our peer. */
int renegotiate_seen;
- /* Set if we saw the Next Protocol Negotiation extension from our peer.
- */
- int next_proto_neg_seen;
-
- /*
- * ALPN information
- * (we are in the process of transitioning from NPN to ALPN).
- */
-
/*
+ * ALPN information.
+ *
* In a server these point to the selected ALPN protocol after the
* ClientHello has been processed. In a client these contain the
* protocol that the server selected once the ServerHello has been
@@ -1245,7 +1212,6 @@ int ssl3_get_server_key_exchange(SSL *s);
int ssl3_get_server_certificate(SSL *s);
int ssl3_check_cert_and_algorithm(SSL *s);
int ssl3_check_finished(SSL *s);
-int ssl3_send_next_proto(SSL *s);
/* some server-only functions */
int ssl3_get_client_hello(SSL *s);
@@ -1257,7 +1223,6 @@ int ssl3_send_server_done(SSL *s);
int ssl3_get_client_certificate(SSL *s);
int ssl3_get_client_key_exchange(SSL *s);
int ssl3_get_cert_verify(SSL *s);
-int ssl3_get_next_proto(SSL *s);
int ssl23_accept(SSL *s);
int ssl23_connect(SSL *s);
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index a21039e7278..50ce91ddd80 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.20 2017/08/12 02:55:22 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.21 2017/08/12 21:03:08 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -468,10 +468,7 @@ ssl3_accept(SSL *s)
* the client uses its key from the certificate
* for key exchange.
*/
- if (S3I(s)->next_proto_neg_seen)
- S3I(s)->hs.state = SSL3_ST_SR_NEXT_PROTO_A;
- else
- S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
+ S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
s->internal->init_num = 0;
} else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
@@ -525,20 +522,8 @@ ssl3_accept(SSL *s)
if (ret <= 0)
goto end;
- if (S3I(s)->next_proto_neg_seen)
- S3I(s)->hs.state = SSL3_ST_SR_NEXT_PROTO_A;
- else
- S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
- s->internal->init_num = 0;
- break;
-
- case SSL3_ST_SR_NEXT_PROTO_A:
- case SSL3_ST_SR_NEXT_PROTO_B:
- ret = ssl3_get_next_proto(s);
- if (ret <= 0)
- goto end;
- s->internal->init_num = 0;
S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
+ s->internal->init_num = 0;
break;
case SSL3_ST_SR_FINISHED_A:
@@ -610,15 +595,9 @@ ssl3_accept(SSL *s)
if (ret <= 0)
goto end;
S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
- if (s->internal->hit) {
- if (S3I(s)->next_proto_neg_seen) {
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
- S3I(s)->hs.next_state =
- SSL3_ST_SR_NEXT_PROTO_A;
- } else
- S3I(s)->hs.next_state =
- SSL3_ST_SR_FINISHED_A;
- } else
+ if (s->internal->hit)
+ S3I(s)->hs.next_state = SSL3_ST_SR_FINISHED_A;
+ else
S3I(s)->hs.next_state = SSL_ST_OK;
s->internal->init_num = 0;
break;
@@ -2708,74 +2687,3 @@ ssl3_send_cert_status(SSL *s)
return (-1);
}
-
-/*
- * ssl3_get_next_proto reads a Next Protocol Negotiation handshake message.
- * It sets the next_proto member in s if found
- */
-int
-ssl3_get_next_proto(SSL *s)
-{
- CBS cbs, proto, padding;
- int ok;
- long n;
- size_t len;
-
- /*
- * Clients cannot send a NextProtocol message if we didn't see the
- * extension in their ClientHello
- */
- if (!S3I(s)->next_proto_neg_seen) {
- SSLerror(s, SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
- return (-1);
- }
-
- /* 514 maxlen is enough for the payload format below */
- n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
- SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO, 514, &ok);
- if (!ok)
- return ((int)n);
-
- /*
- * S3I(s)->hs.state doesn't reflect whether ChangeCipherSpec has been received
- * in this handshake, but S3I(s)->change_cipher_spec does (will be reset
- * by ssl3_get_finished).
- */
- if (!S3I(s)->change_cipher_spec) {
- SSLerror(s, SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
- return (-1);
- }
-
- if (n < 2)
- return (0);
- /* The body must be > 1 bytes long */
-
- CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
-
- /*
- * The payload looks like:
- * uint8 proto_len;
- * uint8 proto[proto_len];
- * uint8 padding_len;
- * uint8 padding[padding_len];
- */
- if (!CBS_get_u8_length_prefixed(&cbs, &proto) ||
- !CBS_get_u8_length_prefixed(&cbs, &padding) ||
- CBS_len(&cbs) != 0)
- return 0;
-
- /*
- * XXX We should not NULL it, but this matches old behavior of not
- * freeing before malloc.
- */
- s->internal->next_proto_negotiated = NULL;
- s->internal->next_proto_negotiated_len = 0;
-
- if (!CBS_stow(&proto, &s->internal->next_proto_negotiated, &len)) {
- SSLerror(s, ERR_R_MALLOC_FAILURE);
- return (0);
- }
- s->internal->next_proto_negotiated_len = (uint8_t)len;
-
- return (1);
-}
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 3e5133ab54c..911e8d3f4e2 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.127 2017/08/12 02:55:22 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.128 2017/08/12 21:03:08 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -779,16 +779,6 @@ skip_ext:
i2d_X509_EXTENSIONS(s->internal->tlsext_ocsp_exts, &ret);
}
- if (s->ctx->internal->next_proto_select_cb &&
- !S3I(s)->tmp.finish_md_len) {
- /* The client advertises an emtpy extension to indicate its
- * support for Next Protocol Negotiation */
- if ((size_t)(limit - ret) < 4)
- return NULL;
- s2n(TLSEXT_TYPE_next_proto_neg, ret);
- s2n(0, ret);
- }
-
if (s->internal->alpn_client_proto_list != NULL &&
S3I(s)->tmp.finish_md_len == 0) {
if ((size_t)(limit - ret) <
@@ -868,7 +858,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
{
int extdatalen = 0;
unsigned char *ret = p;
- int next_proto_neg_seen;
size_t len;
CBB cbb;
@@ -949,26 +938,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
ret += sizeof(cryptopro_ext);
}
- next_proto_neg_seen = S3I(s)->next_proto_neg_seen;
- S3I(s)->next_proto_neg_seen = 0;
- if (next_proto_neg_seen && s->ctx->internal->next_protos_advertised_cb) {
- const unsigned char *npa;
- unsigned int npalen;
- int r;
-
- r = s->ctx->internal->next_protos_advertised_cb(s, &npa, &npalen,
- s->ctx->internal->next_protos_advertised_cb_arg);
- if (r == SSL_TLSEXT_ERR_OK) {
- if ((size_t)(limit - ret) < 4 + npalen)
- return NULL;
- s2n(TLSEXT_TYPE_next_proto_neg, ret);
- s2n(npalen, ret);
- memcpy(ret, npa, npalen);
- ret += npalen;
- S3I(s)->next_proto_neg_seen = 1;
- }
- }
-
if (S3I(s)->alpn_selected != NULL) {
const unsigned char *selected = S3I(s)->alpn_selected;
unsigned int len = S3I(s)->alpn_selected_len;
@@ -1070,7 +1039,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
s->internal->servername_done = 0;
s->tlsext_status_type = -1;
S3I(s)->renegotiate_seen = 0;
- S3I(s)->next_proto_neg_seen = 0;
free(S3I(s)->alpn_selected);
S3I(s)->alpn_selected = NULL;
s->internal->srtp_profile = NULL;
@@ -1227,36 +1195,13 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
*/
s->tlsext_status_type = -1;
}
- }
- else if (type == TLSEXT_TYPE_next_proto_neg &&
- S3I(s)->tmp.finish_md_len == 0 &&
- S3I(s)->alpn_selected == NULL) {
- /* We shouldn't accept this extension on a
- * renegotiation.
- *
- * s->internal->new_session will be set on renegotiation, but we
- * probably shouldn't rely that it couldn't be set on
- * the initial renegotation too in certain cases (when
- * there's some other reason to disallow resuming an
- * earlier session -- the current code won't be doing
- * anything like that, but this might change).
-
- * A valid sign that there's been a previous handshake
- * in this connection is if S3I(s)->tmp.finish_md_len >
- * 0. (We are talking about a check that will happen
- * in the Hello protocol round, well before a new
- * Finished message could have been computed.) */
- S3I(s)->next_proto_neg_seen = 1;
- }
- else if (type ==
+ } else if (type ==
TLSEXT_TYPE_application_layer_protocol_negotiation &&
s->ctx->internal->alpn_select_cb != NULL &&
S3I(s)->tmp.finish_md_len == 0) {
if (tls1_alpn_handle_client_hello(s, data,
size, al) != 1)
return (0);
- /* ALPN takes precedence over NPN. */
- S3I(s)->next_proto_neg_seen = 0;
}
/* session ticket processed earlier */
@@ -1293,25 +1238,6 @@ err:
return 0;
}
-/*
- * ssl_next_proto_validate validates a Next Protocol Negotiation block. No
- * elements of zero length are allowed and the set of elements must exactly fill
- * the length of the block.
- */
-static char
-ssl_next_proto_validate(const unsigned char *d, unsigned int len)
-{
- CBS npn, value;
-
- CBS_init(&npn, d, len);
- while (CBS_len(&npn) > 0) {
- if (!CBS_get_u8_length_prefixed(&npn, &value) ||
- CBS_len(&value) == 0)
- return 0;
- }
- return 1;
-}
-
int
ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
{
@@ -1323,7 +1249,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
CBS cbs;
S3I(s)->renegotiate_seen = 0;
- S3I(s)->next_proto_neg_seen = 0;
free(S3I(s)->alpn_selected);
S3I(s)->alpn_selected = NULL;
@@ -1375,39 +1300,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
}
/* Set flag to expect CertificateStatus message */
s->internal->tlsext_status_expected = 1;
- }
- else if (type == TLSEXT_TYPE_next_proto_neg &&
- S3I(s)->tmp.finish_md_len == 0) {
- unsigned char *selected;
- unsigned char selected_len;
-
- /* We must have requested it. */
- if (s->ctx->internal->next_proto_select_cb == NULL) {
- *al = TLS1_AD_UNSUPPORTED_EXTENSION;
- return 0;
- }
- /* The data must be valid */
- if (!ssl_next_proto_validate(data, size)) {
- *al = TLS1_AD_DECODE_ERROR;
- return 0;
- }
- if (s->ctx->internal->next_proto_select_cb(s, &selected,
- &selected_len, data, size,
- s->ctx->internal->next_proto_select_cb_arg) !=
- SSL_TLSEXT_ERR_OK) {
- *al = TLS1_AD_INTERNAL_ERROR;
- return 0;
- }
- s->internal->next_proto_negotiated = malloc(selected_len);
- if (!s->internal->next_proto_negotiated) {
- *al = TLS1_AD_INTERNAL_ERROR;
- return 0;
- }
- memcpy(s->internal->next_proto_negotiated, selected, selected_len);
- s->internal->next_proto_negotiated_len = selected_len;
- S3I(s)->next_proto_neg_seen = 1;
- }
- else if (type ==
+ } else if (type ==
TLSEXT_TYPE_application_layer_protocol_negotiation) {
unsigned int len;