-/* $OpenBSD: s3_both.c,v 1.34 2014/12/10 15:43:31 jsing Exp $ */
+/* $OpenBSD: s3_both.c,v 1.35 2014/12/14 14:34:43 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
static void
ssl3_take_mac(SSL *s)
s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
sender, slen, s->s3->tmp.peer_finish_md);
}
-#endif
int
ssl3_get_finished(SSL *s, int a, int b)
long n;
unsigned char *p;
-#ifdef OPENSSL_NO_NEXTPROTONEG
- /* the mac has already been generated when we received the
- * change cipher spec message and is in s->s3->tmp.peer_finish_md.
- */
-#endif
n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED,
64, /* should actually be 36+4 :-) */ &ok);
n -= i;
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
/* If receiving Finished, record MAC of prior handshake messages for
* Finished verification. */
if (*s->init_buf->data == SSL3_MT_FINISHED)
ssl3_take_mac(s);
-#endif
/* Feed this message into MAC computation. */
ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
-/* $OpenBSD: s3_clnt.c,v 1.99 2014/12/10 15:43:31 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.100 2014/12/14 14:34:43 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
if (ret <= 0)
goto end;
-#ifdef OPENSSL_NO_NEXTPROTONEG
- s->state = SSL3_ST_CW_FINISHED_A;
-#else
if (s->s3->next_proto_neg_seen)
s->state = SSL3_ST_CW_NEXT_PROTO_A;
else
s->state = SSL3_ST_CW_FINISHED_A;
-#endif
s->init_num = 0;
s->session->cipher = s->s3->tmp.new_cipher;
break;
-#ifndef OPENSSL_NO_NEXTPROTONEG
case SSL3_ST_CW_NEXT_PROTO_A:
case SSL3_ST_CW_NEXT_PROTO_B:
ret = ssl3_send_next_proto(s);
goto end;
s->state = SSL3_ST_CW_FINISHED_A;
break;
-#endif
case SSL3_ST_CW_FINISHED_A:
case SSL3_ST_CW_FINISHED_B:
return (0);
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
int
ssl3_send_next_proto(SSL *s)
{
return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
}
-#endif /* !OPENSSL_NO_NEXTPROTONEG */
/*
* Check to see if handshake is full or resumed. Usually this is just a
-/* $OpenBSD: s3_lib.c,v 1.87 2014/12/10 15:36:47 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.88 2014/12/14 14:34:43 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
s->s3->in_read_app_data = 0;
s->version = SSL3_VERSION;
-#ifndef OPENSSL_NO_NEXTPROTONEG
free(s->next_proto_negotiated);
s->next_proto_negotiated = NULL;
s->next_proto_negotiated_len = 0;
-#endif
}
-/* $OpenBSD: s3_srvr.c,v 1.93 2014/12/10 15:43:31 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.94 2014/12/14 14:34:43 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* the client uses its key from the certificate
* for key exchange.
*/
-#ifdef OPENSSL_NO_NEXTPROTONEG
- s->state = SSL3_ST_SR_FINISHED_A;
-#else
if (s->s3->next_proto_neg_seen)
s->state = SSL3_ST_SR_NEXT_PROTO_A;
else
s->state = SSL3_ST_SR_FINISHED_A;
-#endif
s->init_num = 0;
} else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
s->state = SSL3_ST_SR_CERT_VRFY_A;
if (ret <= 0)
goto end;
-#ifdef OPENSSL_NO_NEXTPROTONEG
- s->state = SSL3_ST_SR_FINISHED_A;
-#else
if (s->s3->next_proto_neg_seen)
s->state = SSL3_ST_SR_NEXT_PROTO_A;
else
s->state = SSL3_ST_SR_FINISHED_A;
-#endif
s->init_num = 0;
break;
-#ifndef OPENSSL_NO_NEXTPROTONEG
case SSL3_ST_SR_NEXT_PROTO_A:
case SSL3_ST_SR_NEXT_PROTO_B:
ret = ssl3_get_next_proto(s);
s->init_num = 0;
s->state = SSL3_ST_SR_FINISHED_A;
break;
-#endif
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
goto end;
s->state = SSL3_ST_SW_FLUSH;
if (s->hit) {
-#ifdef OPENSSL_NO_NEXTPROTONEG
- s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
-#else
if (s->s3->next_proto_neg_seen) {
s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->s3->tmp.next_state =
} else
s->s3->tmp.next_state =
SSL3_ST_SR_FINISHED_A;
-#endif
} else
s->s3->tmp.next_state = SSL_ST_OK;
s->init_num = 0;
return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
}
-# ifndef OPENSSL_NO_NEXTPROTONEG
/*
* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message.
* It sets the next_proto member in s if found
return (1);
}
-# endif
-/* $OpenBSD: s3_both.c,v 1.34 2014/12/10 15:43:31 jsing Exp $ */
+/* $OpenBSD: s3_both.c,v 1.35 2014/12/14 14:34:43 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
static void
ssl3_take_mac(SSL *s)
s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
sender, slen, s->s3->tmp.peer_finish_md);
}
-#endif
int
ssl3_get_finished(SSL *s, int a, int b)
long n;
unsigned char *p;
-#ifdef OPENSSL_NO_NEXTPROTONEG
- /* the mac has already been generated when we received the
- * change cipher spec message and is in s->s3->tmp.peer_finish_md.
- */
-#endif
n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED,
64, /* should actually be 36+4 :-) */ &ok);
n -= i;
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
/* If receiving Finished, record MAC of prior handshake messages for
* Finished verification. */
if (*s->init_buf->data == SSL3_MT_FINISHED)
ssl3_take_mac(s);
-#endif
/* Feed this message into MAC computation. */
ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
-/* $OpenBSD: s3_clnt.c,v 1.99 2014/12/10 15:43:31 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.100 2014/12/14 14:34:43 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
if (ret <= 0)
goto end;
-#ifdef OPENSSL_NO_NEXTPROTONEG
- s->state = SSL3_ST_CW_FINISHED_A;
-#else
if (s->s3->next_proto_neg_seen)
s->state = SSL3_ST_CW_NEXT_PROTO_A;
else
s->state = SSL3_ST_CW_FINISHED_A;
-#endif
s->init_num = 0;
s->session->cipher = s->s3->tmp.new_cipher;
break;
-#ifndef OPENSSL_NO_NEXTPROTONEG
case SSL3_ST_CW_NEXT_PROTO_A:
case SSL3_ST_CW_NEXT_PROTO_B:
ret = ssl3_send_next_proto(s);
goto end;
s->state = SSL3_ST_CW_FINISHED_A;
break;
-#endif
case SSL3_ST_CW_FINISHED_A:
case SSL3_ST_CW_FINISHED_B:
return (0);
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
int
ssl3_send_next_proto(SSL *s)
{
return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
}
-#endif /* !OPENSSL_NO_NEXTPROTONEG */
/*
* Check to see if handshake is full or resumed. Usually this is just a
-/* $OpenBSD: s3_lib.c,v 1.87 2014/12/10 15:36:47 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.88 2014/12/14 14:34:43 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
s->s3->in_read_app_data = 0;
s->version = SSL3_VERSION;
-#ifndef OPENSSL_NO_NEXTPROTONEG
free(s->next_proto_negotiated);
s->next_proto_negotiated = NULL;
s->next_proto_negotiated_len = 0;
-#endif
}
-/* $OpenBSD: s3_srvr.c,v 1.93 2014/12/10 15:43:31 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.94 2014/12/14 14:34:43 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* the client uses its key from the certificate
* for key exchange.
*/
-#ifdef OPENSSL_NO_NEXTPROTONEG
- s->state = SSL3_ST_SR_FINISHED_A;
-#else
if (s->s3->next_proto_neg_seen)
s->state = SSL3_ST_SR_NEXT_PROTO_A;
else
s->state = SSL3_ST_SR_FINISHED_A;
-#endif
s->init_num = 0;
} else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
s->state = SSL3_ST_SR_CERT_VRFY_A;
if (ret <= 0)
goto end;
-#ifdef OPENSSL_NO_NEXTPROTONEG
- s->state = SSL3_ST_SR_FINISHED_A;
-#else
if (s->s3->next_proto_neg_seen)
s->state = SSL3_ST_SR_NEXT_PROTO_A;
else
s->state = SSL3_ST_SR_FINISHED_A;
-#endif
s->init_num = 0;
break;
-#ifndef OPENSSL_NO_NEXTPROTONEG
case SSL3_ST_SR_NEXT_PROTO_A:
case SSL3_ST_SR_NEXT_PROTO_B:
ret = ssl3_get_next_proto(s);
s->init_num = 0;
s->state = SSL3_ST_SR_FINISHED_A;
break;
-#endif
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
goto end;
s->state = SSL3_ST_SW_FLUSH;
if (s->hit) {
-#ifdef OPENSSL_NO_NEXTPROTONEG
- s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
-#else
if (s->s3->next_proto_neg_seen) {
s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->s3->tmp.next_state =
} else
s->s3->tmp.next_state =
SSL3_ST_SR_FINISHED_A;
-#endif
} else
s->s3->tmp.next_state = SSL_ST_OK;
s->init_num = 0;
return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
}
-# ifndef OPENSSL_NO_NEXTPROTONEG
/*
* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message.
* It sets the next_proto member in s if found
return (1);
}
-# endif
-/* $OpenBSD: ssl_lib.c,v 1.92 2014/12/10 15:36:47 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.93 2014/12/14 14:34:43 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
s->tlsext_ocsp_resplen = -1;
CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
s->initial_ctx = ctx;
-# ifndef OPENSSL_NO_NEXTPROTONEG
s->next_proto_negotiated = NULL;
-# endif
if (s->ctx->alpn_client_proto_list != NULL) {
s->alpn_client_proto_list =
SSL_CTX_free(s->ctx);
-#ifndef OPENSSL_NO_NEXTPROTONEG
free(s->next_proto_negotiated);
-#endif
free(s->alpn_client_proto_list);
#ifndef OPENSSL_NO_SRTP
return (-1);
}
-# ifndef OPENSSL_NO_NEXTPROTONEG
/*
* SSL_select_next_proto implements the standard protocol selection. It is
* expected that this function is called from the callback set by
ctx->next_proto_select_cb = cb;
ctx->next_proto_select_cb_arg = arg;
}
-# endif
/*
* SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified
ret->tlsext_status_cb = 0;
ret->tlsext_status_arg = NULL;
-# ifndef OPENSSL_NO_NEXTPROTONEG
ret->next_protos_advertised_cb = 0;
ret->next_proto_select_cb = 0;
-# endif
#ifndef OPENSSL_NO_ENGINE
ret->client_cert_engine = NULL;
#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
-/* $OpenBSD: t1_lib.c,v 1.73 2014/12/10 15:36:47 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.74 2014/12/14 14:34:43 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) {
/* The client advertises an emtpy extension to indicate its
* support for Next Protocol Negotiation */
s2n(TLSEXT_TYPE_next_proto_neg, ret);
s2n(0, ret);
}
-#endif
if (s->alpn_client_proto_list != NULL &&
s->s3->tmp.finish_md_len == 0) {
int using_ecc, extdatalen = 0;
unsigned long alg_a, alg_k;
unsigned char *ret = p;
-#ifndef OPENSSL_NO_NEXTPROTONEG
int next_proto_neg_seen;
-#endif
alg_a = s->s3->tmp.new_cipher->algorithm_auth;
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
ret += sizeof(cryptopro_ext);
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
next_proto_neg_seen = s->s3->next_proto_neg_seen;
s->s3->next_proto_neg_seen = 0;
if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) {
s->s3->next_proto_neg_seen = 1;
}
}
-#endif
if (s->s3->alpn_selected != NULL) {
const unsigned char *selected = s->s3->alpn_selected;
s->servername_done = 0;
s->tlsext_status_type = -1;
-#ifndef OPENSSL_NO_NEXTPROTONEG
s->s3->next_proto_neg_seen = 0;
-#endif
free(s->s3->alpn_selected);
s->s3->alpn_selected = NULL;
s->tlsext_status_type = -1;
}
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
else if (type == TLSEXT_TYPE_next_proto_neg &&
s->s3->tmp.finish_md_len == 0 &&
s->s3->alpn_selected == NULL) {
* Finished message could have been computed.) */
s->s3->next_proto_neg_seen = 1;
}
-#endif
else if (type ==
TLSEXT_TYPE_application_layer_protocol_negotiation &&
s->ctx->alpn_select_cb != NULL &&
return 1;
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No
* elements of zero length are allowed and the set of elements must exactly fill
* the length of the block. */
return off == len;
}
-#endif
int
ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
int tlsext_servername = 0;
int renegotiate_seen = 0;
-#ifndef OPENSSL_NO_NEXTPROTONEG
s->s3->next_proto_neg_seen = 0;
-#endif
free(s->s3->alpn_selected);
s->s3->alpn_selected = NULL;
/* Set flag to expect CertificateStatus message */
s->tlsext_status_expected = 1;
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
else if (type == TLSEXT_TYPE_next_proto_neg &&
s->s3->tmp.finish_md_len == 0) {
unsigned char *selected;
s->next_proto_negotiated_len = selected_len;
s->s3->next_proto_neg_seen = 1;
}
-#endif
else if (type ==
TLSEXT_TYPE_application_layer_protocol_negotiation) {
unsigned int len;
-/* $OpenBSD: ssl_lib.c,v 1.92 2014/12/10 15:36:47 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.93 2014/12/14 14:34:43 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
s->tlsext_ocsp_resplen = -1;
CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
s->initial_ctx = ctx;
-# ifndef OPENSSL_NO_NEXTPROTONEG
s->next_proto_negotiated = NULL;
-# endif
if (s->ctx->alpn_client_proto_list != NULL) {
s->alpn_client_proto_list =
SSL_CTX_free(s->ctx);
-#ifndef OPENSSL_NO_NEXTPROTONEG
free(s->next_proto_negotiated);
-#endif
free(s->alpn_client_proto_list);
#ifndef OPENSSL_NO_SRTP
return (-1);
}
-# ifndef OPENSSL_NO_NEXTPROTONEG
/*
* SSL_select_next_proto implements the standard protocol selection. It is
* expected that this function is called from the callback set by
ctx->next_proto_select_cb = cb;
ctx->next_proto_select_cb_arg = arg;
}
-# endif
/*
* SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified
ret->tlsext_status_cb = 0;
ret->tlsext_status_arg = NULL;
-# ifndef OPENSSL_NO_NEXTPROTONEG
ret->next_protos_advertised_cb = 0;
ret->next_proto_select_cb = 0;
-# endif
#ifndef OPENSSL_NO_ENGINE
ret->client_cert_engine = NULL;
#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
-/* $OpenBSD: t1_lib.c,v 1.73 2014/12/10 15:36:47 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.74 2014/12/14 14:34:43 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) {
/* The client advertises an emtpy extension to indicate its
* support for Next Protocol Negotiation */
s2n(TLSEXT_TYPE_next_proto_neg, ret);
s2n(0, ret);
}
-#endif
if (s->alpn_client_proto_list != NULL &&
s->s3->tmp.finish_md_len == 0) {
int using_ecc, extdatalen = 0;
unsigned long alg_a, alg_k;
unsigned char *ret = p;
-#ifndef OPENSSL_NO_NEXTPROTONEG
int next_proto_neg_seen;
-#endif
alg_a = s->s3->tmp.new_cipher->algorithm_auth;
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
ret += sizeof(cryptopro_ext);
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
next_proto_neg_seen = s->s3->next_proto_neg_seen;
s->s3->next_proto_neg_seen = 0;
if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) {
s->s3->next_proto_neg_seen = 1;
}
}
-#endif
if (s->s3->alpn_selected != NULL) {
const unsigned char *selected = s->s3->alpn_selected;
s->servername_done = 0;
s->tlsext_status_type = -1;
-#ifndef OPENSSL_NO_NEXTPROTONEG
s->s3->next_proto_neg_seen = 0;
-#endif
free(s->s3->alpn_selected);
s->s3->alpn_selected = NULL;
s->tlsext_status_type = -1;
}
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
else if (type == TLSEXT_TYPE_next_proto_neg &&
s->s3->tmp.finish_md_len == 0 &&
s->s3->alpn_selected == NULL) {
* Finished message could have been computed.) */
s->s3->next_proto_neg_seen = 1;
}
-#endif
else if (type ==
TLSEXT_TYPE_application_layer_protocol_negotiation &&
s->ctx->alpn_select_cb != NULL &&
return 1;
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No
* elements of zero length are allowed and the set of elements must exactly fill
* the length of the block. */
return off == len;
}
-#endif
int
ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
int tlsext_servername = 0;
int renegotiate_seen = 0;
-#ifndef OPENSSL_NO_NEXTPROTONEG
s->s3->next_proto_neg_seen = 0;
-#endif
free(s->s3->alpn_selected);
s->s3->alpn_selected = NULL;
/* Set flag to expect CertificateStatus message */
s->tlsext_status_expected = 1;
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
else if (type == TLSEXT_TYPE_next_proto_neg &&
s->s3->tmp.finish_md_len == 0) {
unsigned char *selected;
s->next_proto_negotiated_len = selected_len;
s->s3->next_proto_neg_seen = 1;
}
-#endif
else if (type ==
TLSEXT_TYPE_application_layer_protocol_negotiation) {
unsigned int len;
projects / openbsd / commitdiff