From: Dr. Stephen Henson Date: Tue, 12 Aug 2014 15:18:55 +0000 (+0100) Subject: Remove serverinfo checks. X-Git-Tag: OpenSSL_1_0_2-beta3~81 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=cd2e17020e6ce6ba1d29d643bfaf1758302c8ca7;p=oweals%2Fopenssl.git Remove serverinfo checks. Since sanity checks are performed for all custom extensions the serverinfo checks are no longer needed. Reviewed-by: Emilia Käsper (cherry picked from commit 707b026d7871eb12c23671c975e6a15a8c331785) Conflicts: ssl/ssl3.h ssl/t1_lib.c --- diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 1a1e3faac2..a15625b911 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3027,10 +3027,6 @@ void ssl3_free(SSL *s) #ifndef OPENSSL_NO_SRP SSL_SRP_CTX_free(s); -#endif -#ifndef OPENSSL_NO_TLSEXT - if (s->s3->serverinfo_client_tlsext_custom_types != NULL) - OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); #endif OPENSSL_cleanse(s->s3,sizeof *s->s3); OPENSSL_free(s->s3); @@ -3076,12 +3072,6 @@ void ssl3_clear(SSL *s) } #endif #ifndef OPENSSL_NO_TLSEXT - if (s->s3->serverinfo_client_tlsext_custom_types != NULL) - { - OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); - s->s3->serverinfo_client_tlsext_custom_types = NULL; - } - s->s3->serverinfo_client_tlsext_custom_types_count = 0; #ifndef OPENSSL_NO_EC s->s3->is_probably_safari = 0; #endif /* !OPENSSL_NO_EC */ diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 504ad49d3b..7ba8f4c130 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -568,13 +568,6 @@ typedef struct ssl3_state_st char is_probably_safari; #endif /* !OPENSSL_NO_EC */ - /* serverinfo_client_tlsext_custom_types contains an array of TLS Extension types which - * were advertised by the client in its ClientHello and leveraged by ServerInfo TLS extension callbacks. - * The array does not contain any duplicates, and is in the same order - * as the types were received in the client hello. */ - unsigned short *serverinfo_client_tlsext_custom_types; - size_t serverinfo_client_tlsext_custom_types_count; /* how many serverinfo_client_tlsext_custom_types */ - /* ALPN information * (we are in the process of transitioning from NPN to ALPN.) */ diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 49bd03596a..76e9194a01 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -848,7 +848,6 @@ static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type, unsigned short inlen, int *al, void *arg) { - size_t i = 0; if (inlen != 0) { @@ -856,28 +855,6 @@ static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type, return 0; } - /* if already in list, error out */ - for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++) - { - if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - } - s->s3->serverinfo_client_tlsext_custom_types_count++; - s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc( - s->s3->serverinfo_client_tlsext_custom_types, - s->s3->serverinfo_client_tlsext_custom_types_count * 2); - if (s->s3->serverinfo_client_tlsext_custom_types == NULL) - { - s->s3->serverinfo_client_tlsext_custom_types_count = 0; - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - s->s3->serverinfo_client_tlsext_custom_types[ - s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type; - return 1; } @@ -887,22 +864,6 @@ static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type, { const unsigned char *serverinfo = NULL; size_t serverinfo_length = 0; - size_t i = 0; - unsigned int match = 0; - /* Did the client send a TLS extension for this type? */ - for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++) - { - if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type) - { - match = 1; - break; - } - } - if (!match) - { - /* extension not sent by client...don't send extension */ - return -1; - } /* Is there serverinfo data for the chosen server cert? */ if ((ssl_get_server_cert_serverinfo(s, &serverinfo, diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f13b3762c9..bbb478d05a 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1868,14 +1868,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char s->s3->next_proto_neg_seen = 0; #endif - /* Clear observed custom extensions */ - s->s3->serverinfo_client_tlsext_custom_types_count = 0; - if (s->s3->serverinfo_client_tlsext_custom_types != NULL) - { - OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); - s->s3->serverinfo_client_tlsext_custom_types = NULL; - } - if (s->s3->alpn_selected) { OPENSSL_free(s->s3->alpn_selected);