From 707b026d7871eb12c23671c975e6a15a8c331785 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 12 Aug 2014 16:18:55 +0100 Subject: [PATCH] Remove serverinfo checks. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Since sanity checks are performed for all custom extensions the serverinfo checks are no longer needed. Reviewed-by: Emilia Käsper --- ssl/s3_lib.c | 10 ---------- ssl/ssl3.h | 6 ------ ssl/ssl_rsa.c | 39 --------------------------------------- ssl/t1_lib.c | 8 -------- 4 files changed, 63 deletions(-) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 6504487c45..bb1074c67a 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3344,10 +3344,6 @@ void ssl3_free(SSL *s) #ifndef OPENSSL_NO_SRP SSL_SRP_CTX_free(s); -#endif -#ifndef OPENSSL_NO_TLSEXT - if (s->s3->serverinfo_client_tlsext_custom_types != NULL) - OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); #endif OPENSSL_cleanse(s->s3,sizeof *s->s3); OPENSSL_free(s->s3); @@ -3393,12 +3389,6 @@ void ssl3_clear(SSL *s) } #endif #ifndef OPENSSL_NO_TLSEXT - if (s->s3->serverinfo_client_tlsext_custom_types != NULL) - { - OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); - s->s3->serverinfo_client_tlsext_custom_types = NULL; - } - s->s3->serverinfo_client_tlsext_custom_types_count = 0; #ifndef OPENSSL_NO_EC s->s3->is_probably_safari = 0; #endif /* !OPENSSL_NO_EC */ diff --git a/ssl/ssl3.h b/ssl/ssl3.h index d3167cf575..29cb184c68 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -584,12 +584,6 @@ typedef struct ssl3_state_st #endif #ifndef OPENSSL_NO_TLSEXT - /* serverinfo_client_tlsext_custom_types contains an array of TLS Extension types which - * were advertised by the client in its ClientHello and leveraged by ServerInfo TLS extension callbacks. - * The array does not contain any duplicates, and is in the same order - * as the types were received in the client hello. */ - unsigned short *serverinfo_client_tlsext_custom_types; - size_t serverinfo_client_tlsext_custom_types_count; /* how many serverinfo_client_tlsext_custom_types */ /* ALPN information * (we are in the process of transitioning from NPN to ALPN.) */ diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index c76a2a37cd..e599533509 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -863,7 +863,6 @@ static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type, unsigned short inlen, int *al, void *arg) { - size_t i = 0; if (inlen != 0) { @@ -871,28 +870,6 @@ static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type, return 0; } - /* if already in list, error out */ - for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++) - { - if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - } - s->s3->serverinfo_client_tlsext_custom_types_count++; - s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc( - s->s3->serverinfo_client_tlsext_custom_types, - s->s3->serverinfo_client_tlsext_custom_types_count * 2); - if (s->s3->serverinfo_client_tlsext_custom_types == NULL) - { - s->s3->serverinfo_client_tlsext_custom_types_count = 0; - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - s->s3->serverinfo_client_tlsext_custom_types[ - s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type; - return 1; } @@ -902,22 +879,6 @@ static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type, { const unsigned char *serverinfo = NULL; size_t serverinfo_length = 0; - size_t i = 0; - unsigned int match = 0; - /* Did the client send a TLS extension for this type? */ - for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++) - { - if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type) - { - match = 1; - break; - } - } - if (!match) - { - /* extension not sent by client...don't send extension */ - return -1; - } /* Is there serverinfo data for the chosen server cert? */ if ((ssl_get_server_cert_serverinfo(s, &serverinfo, diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 86fb69cb07..f94a4c0b8a 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1929,14 +1929,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char s->s3->alpn_selected = NULL; } - /* Clear observed custom extensions */ - s->s3->serverinfo_client_tlsext_custom_types_count = 0; - if (s->s3->serverinfo_client_tlsext_custom_types != NULL) - { - OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); - s->s3->serverinfo_client_tlsext_custom_types = NULL; - } - #ifndef OPENSSL_NO_HEARTBEATS s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED | SSL_TLSEXT_HB_DONT_SEND_REQUESTS); -- 2.25.1