diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2014-08-12 16:18:55 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2014-08-28 17:06:53 +0100 |
| commit | 707b026d7871eb12c23671c975e6a15a8c331785 (patch) | |
| tree | 61a3220fa679782f96c6c929b8b31bb57e5c4790 /ssl | |
| parent | 28ea0a0c6a5e4e217c405340fa22a8503c7a17db (diff) | |
Remove serverinfo checks.
Since sanity checks are performed for all custom extensions the
serverinfo checks are no longer needed.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/s3_lib.c | 10 | ||||
| -rw-r--r-- | ssl/ssl3.h | 6 | ||||
| -rw-r--r-- | ssl/ssl_rsa.c | 39 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 8 |
4 files changed, 0 insertions, 63 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 6504487c45..bb1074c67a 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3345,10 +3345,6 @@ void ssl3_free(SSL *s) #ifndef OPENSSL_NO_SRP SSL_SRP_CTX_free(s); #endif -#ifndef OPENSSL_NO_TLSEXT - if (s->s3->serverinfo_client_tlsext_custom_types != NULL) - OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); -#endif OPENSSL_cleanse(s->s3,sizeof *s->s3); OPENSSL_free(s->s3); s->s3=NULL; @@ -3393,12 +3389,6 @@ void ssl3_clear(SSL *s) } #endif #ifndef OPENSSL_NO_TLSEXT - if (s->s3->serverinfo_client_tlsext_custom_types != NULL) - { - OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); - s->s3->serverinfo_client_tlsext_custom_types = NULL; - } - s->s3->serverinfo_client_tlsext_custom_types_count = 0; #ifndef OPENSSL_NO_EC s->s3->is_probably_safari = 0; #endif /* !OPENSSL_NO_EC */ diff --git a/ssl/ssl3.h b/ssl/ssl3.h index d3167cf575..29cb184c68 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -584,12 +584,6 @@ typedef struct ssl3_state_st #endif #ifndef OPENSSL_NO_TLSEXT - /* serverinfo_client_tlsext_custom_types contains an array of TLS Extension types which - * were advertised by the client in its ClientHello and leveraged by ServerInfo TLS extension callbacks. - * The array does not contain any duplicates, and is in the same order - * as the types were received in the client hello. */ - unsigned short *serverinfo_client_tlsext_custom_types; - size_t serverinfo_client_tlsext_custom_types_count; /* how many serverinfo_client_tlsext_custom_types */ /* ALPN information * (we are in the process of transitioning from NPN to ALPN.) */ diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index c76a2a37cd..e599533509 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -863,7 +863,6 @@ static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type, unsigned short inlen, int *al, void *arg) { - size_t i = 0; if (inlen != 0) { @@ -871,28 +870,6 @@ static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type, return 0; } - /* if already in list, error out */ - for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++) - { - if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - } - s->s3->serverinfo_client_tlsext_custom_types_count++; - s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc( - s->s3->serverinfo_client_tlsext_custom_types, - s->s3->serverinfo_client_tlsext_custom_types_count * 2); - if (s->s3->serverinfo_client_tlsext_custom_types == NULL) - { - s->s3->serverinfo_client_tlsext_custom_types_count = 0; - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - s->s3->serverinfo_client_tlsext_custom_types[ - s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type; - return 1; } @@ -902,22 +879,6 @@ static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type, { const unsigned char *serverinfo = NULL; size_t serverinfo_length = 0; - size_t i = 0; - unsigned int match = 0; - /* Did the client send a TLS extension for this type? */ - for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++) - { - if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type) - { - match = 1; - break; - } - } - if (!match) - { - /* extension not sent by client...don't send extension */ - return -1; - } /* Is there serverinfo data for the chosen server cert? */ if ((ssl_get_server_cert_serverinfo(s, &serverinfo, diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 86fb69cb07..f94a4c0b8a 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1929,14 +1929,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char s->s3->alpn_selected = NULL; } - /* Clear observed custom extensions */ - s->s3->serverinfo_client_tlsext_custom_types_count = 0; - if (s->s3->serverinfo_client_tlsext_custom_types != NULL) - { - OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); - s->s3->serverinfo_client_tlsext_custom_types = NULL; - } - #ifndef OPENSSL_NO_HEARTBEATS s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED | SSL_TLSEXT_HB_DONT_SEND_REQUESTS); |