From 62e367de7c05b1b5897bba9ce20772814a28c86b Mon Sep 17 00:00:00 2001 From: jsing Date: Sun, 14 Dec 2014 14:42:06 +0000 Subject: [PATCH] unifdef OPENSSL_NO_NEXTPROTONEG --- usr.bin/openssl/apps.c | 5 +---- usr.bin/openssl/apps.h | 4 +--- usr.bin/openssl/s_client.c | 18 +----------------- usr.bin/openssl/s_server.c | 18 +----------------- 4 files changed, 4 insertions(+), 41 deletions(-) diff --git a/usr.bin/openssl/apps.c b/usr.bin/openssl/apps.c index a042f074f90..009f48652ae 100644 --- a/usr.bin/openssl/apps.c +++ b/usr.bin/openssl/apps.c @@ -1,4 +1,4 @@ -/* $OpenBSD: apps.c,v 1.13 2014/12/03 22:16:02 bcook Exp $ */ +/* $OpenBSD: apps.c,v 1.14 2014/12/14 14:42:06 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -2163,7 +2163,6 @@ policies_print(BIO *out, X509_STORE_CTX *ctx) BIO_free(out); } -#if !defined(OPENSSL_NO_NEXTPROTONEG) /* next_protos_parse parses a comma separated list of strings into a string * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. * outlen: (output) set to the length of the resulting buffer on success. @@ -2202,8 +2201,6 @@ next_protos_parse(unsigned short *outlen, const char *in) *outlen = len + 1; return out; } -#endif -/* !OPENSSL_NO_NEXTPROTONEG */ int app_isdir(const char *name) diff --git a/usr.bin/openssl/apps.h b/usr.bin/openssl/apps.h index d6b18e2a359..b2b7e851076 100644 --- a/usr.bin/openssl/apps.h +++ b/usr.bin/openssl/apps.h @@ -1,4 +1,4 @@ -/* $OpenBSD: apps.h,v 1.8 2014/11/07 14:16:48 jsing Exp $ */ +/* $OpenBSD: apps.h,v 1.9 2014/12/14 14:42:06 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -245,9 +245,7 @@ int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts); -#if !defined(OPENSSL_NO_NEXTPROTONEG) unsigned char *next_protos_parse(unsigned short *outlen, const char *in); -#endif /* !OPENSSL_NO_NEXTPROTONEG */ #define FORMAT_UNDEF 0 #define FORMAT_ASN1 1 diff --git a/usr.bin/openssl/s_client.c b/usr.bin/openssl/s_client.c index 4476852cdb4..a079c39b9e6 100644 --- a/usr.bin/openssl/s_client.c +++ b/usr.bin/openssl/s_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_client.c,v 1.10 2014/12/10 15:24:01 jsing Exp $ */ +/* $OpenBSD: s_client.c,v 1.11 2014/12/14 14:42:06 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -250,9 +250,7 @@ sc_usage(void) BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); BIO_printf(bio_err, " -status - request certificate status from server\n"); BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); -#ifndef OPENSSL_NO_NEXTPROTONEG BIO_printf(bio_err, " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); -#endif BIO_printf(bio_err, " -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n"); #ifndef OPENSSL_NO_SRTP BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); @@ -286,7 +284,6 @@ ssl_servername_cb(SSL * s, int *ad, void *arg) char *srtp_profiles = NULL; #endif -#ifndef OPENSSL_NO_NEXTPROTONEG /* This the context that we pass to next_proto_cb */ typedef struct tlsextnextprotoctx_st { unsigned char *data; @@ -316,7 +313,6 @@ next_proto_cb(SSL * s, unsigned char **out, unsigned char *outlen, const unsigne ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); return SSL_TLSEXT_ERR_OK; } -#endif /* ndef OPENSSL_NO_NEXTPROTONEG */ enum { PROTO_OFF = 0, @@ -372,9 +368,7 @@ s_client_main(int argc, char **argv) char *servername = NULL; tlsextctx tlsextcbp = {NULL, 0}; -#ifndef OPENSSL_NO_NEXTPROTONEG const char *next_proto_neg_in = NULL; -#endif const char *alpn_in = NULL; char *sess_in = NULL; char *sess_out = NULL; @@ -539,13 +533,11 @@ s_client_main(int argc, char **argv) else if (strcmp(*argv, "-no_ticket") == 0) { off |= SSL_OP_NO_TICKET; } -#ifndef OPENSSL_NO_NEXTPROTONEG else if (strcmp(*argv, "-nextprotoneg") == 0) { if (--argc < 1) goto bad; next_proto_neg_in = *(++argv); } -#endif else if (strcmp(*argv, "-alpn") == 0) { if (--argc < 1) goto bad; @@ -642,7 +634,6 @@ bad: goto end; } -#if !defined(OPENSSL_NO_NEXTPROTONEG) next_proto.status = -1; if (next_proto_neg_in) { next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in); @@ -652,7 +643,6 @@ bad: } } else next_proto.data = NULL; -#endif #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine_id, 1); @@ -738,10 +728,8 @@ bad: if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); -#if !defined(OPENSSL_NO_NEXTPROTONEG) if (next_proto.data) SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto); -#endif if (alpn_in) { unsigned short alpn_len; unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in); @@ -1274,9 +1262,7 @@ end: print_stuff(bio_c_out, con, 1); SSL_free(con); } -#if !defined(OPENSSL_NO_NEXTPROTONEG) free(next_proto.data); -#endif if (ctx != NULL) SSL_CTX_free(ctx); if (cert) @@ -1430,7 +1416,6 @@ print_stuff(BIO * bio, SSL * s, int full) } #endif -#if !defined(OPENSSL_NO_NEXTPROTONEG) if (next_proto.status != -1) { const unsigned char *proto; unsigned int proto_len; @@ -1439,7 +1424,6 @@ print_stuff(BIO * bio, SSL * s, int full) BIO_write(bio, proto, proto_len); BIO_write(bio, "\n", 1); } -#endif { const unsigned char *proto; unsigned int proto_len; diff --git a/usr.bin/openssl/s_server.c b/usr.bin/openssl/s_server.c index 35ed6d169c0..fdd93977e80 100644 --- a/usr.bin/openssl/s_server.c +++ b/usr.bin/openssl/s_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_server.c,v 1.8 2014/12/10 15:24:01 jsing Exp $ */ +/* $OpenBSD: s_server.c,v 1.9 2014/12/14 14:42:06 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -348,9 +348,7 @@ sv_usage(void) BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT2); BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); -#ifndef OPENSSL_NO_NEXTPROTONEG BIO_printf(bio_err, " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); -#endif BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); #ifndef OPENSSL_NO_SRTP BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); @@ -526,7 +524,6 @@ err: goto done; } -#ifndef OPENSSL_NO_NEXTPROTONEG /* This is the context that we pass to next_proto_cb */ typedef struct tlsextnextprotoctx_st { unsigned char *data; @@ -543,7 +540,6 @@ next_proto_cb(SSL * s, const unsigned char **data, unsigned int *len, void *arg) return SSL_TLSEXT_ERR_OK; } -#endif /* ndef OPENSSL_NO_NEXTPROTONEG */ /* This the context that we pass to alpn_cb */ @@ -621,10 +617,8 @@ s_server_main(int argc, char *argv[]) EVP_PKEY *s_key2 = NULL; X509 *s_cert2 = NULL; tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; -#ifndef OPENSSL_NO_NEXTPROTONEG const char *next_proto_neg_in = NULL; tlsextnextprotoctx next_proto = { NULL, 0 }; -#endif const char *alpn_in = NULL; tlsextalpnctx alpn_ctx = { NULL, 0 }; meth = SSLv23_server_method(); @@ -873,13 +867,11 @@ s_server_main(int argc, char *argv[]) goto bad; s_key_file2 = *(++argv); } -#ifndef OPENSSL_NO_NEXTPROTONEG else if (strcmp(*argv, "-nextprotoneg") == 0) { if (--argc < 1) goto bad; next_proto_neg_in = *(++argv); } -#endif else if (strcmp(*argv,"-alpn") == 0) { if (--argc < 1) goto bad; @@ -963,7 +955,6 @@ bad: } } } -#if !defined(OPENSSL_NO_NEXTPROTONEG) if (next_proto_neg_in) { unsigned short len; next_proto.data = next_protos_parse(&len, next_proto_neg_in); @@ -973,7 +964,6 @@ bad: } else { next_proto.data = NULL; } -#endif alpn_ctx.data = NULL; if (alpn_in) { unsigned short len; @@ -1125,10 +1115,8 @@ bad: if (vpm) SSL_CTX_set1_param(ctx2, vpm); } -#ifndef OPENSSL_NO_NEXTPROTONEG if (next_proto.data) SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto); -#endif if (alpn_ctx.data) SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); @@ -1660,10 +1648,8 @@ init_ssl_connection(SSL * con) X509 *peer; long verify_error; char buf[BUFSIZ]; -#if !defined(OPENSSL_NO_NEXTPROTONEG) const unsigned char *next_proto_neg; unsigned next_proto_neg_len; -#endif unsigned char *exportedkeymat; i = SSL_accept(con); @@ -1698,14 +1684,12 @@ init_ssl_connection(SSL * con) str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)"); -#if !defined(OPENSSL_NO_NEXTPROTONEG) SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); if (next_proto_neg) { BIO_printf(bio_s_out, "NEXTPROTO is "); BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); BIO_printf(bio_s_out, "\n"); } -#endif #ifndef OPENSSL_NO_SRTP { SRTP_PROTECTION_PROFILE *srtp_profile -- 2.20.1