diff options
author | Ben Laurie <ben@openssl.org> | 2010-09-05 17:14:01 +0000 |
---|---|---|
committer | Ben Laurie <ben@openssl.org> | 2010-09-05 17:14:01 +0000 |
commit | bf48836c7c0f43fd4cabde2721537f0914cfb0f4 (patch) | |
tree | 9d873391a1525a1695c0798dcccb0ec728e1822d /ssl | |
parent | d9a268b9f903588e4d89e18bea76107ce78109c0 (diff) |
Fixes to NPN from Adam Langley.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_both.c | 6 | ||||
-rw-r--r-- | ssl/s3_clnt.c | 6 | ||||
-rw-r--r-- | ssl/s3_lib.c | 2 | ||||
-rw-r--r-- | ssl/s3_pkt.c | 4 | ||||
-rw-r--r-- | ssl/s3_srvr.c | 10 | ||||
-rw-r--r-- | ssl/ssl.h | 6 | ||||
-rw-r--r-- | ssl/ssl3.h | 8 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 8 | ||||
-rw-r--r-- | ssl/ssl_locl.h | 4 | ||||
-rw-r--r-- | ssl/t1_lib.c | 16 | ||||
-rw-r--r-- | ssl/tls1.h | 2 |
11 files changed, 36 insertions, 36 deletions
diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 89f7c42f03..be766aac6a 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -202,7 +202,7 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); } -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG /* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */ static void ssl3_take_mac(SSL *s) { @@ -231,7 +231,7 @@ int ssl3_get_finished(SSL *s, int a, int b) long n; unsigned char *p; -#ifdef OPENSSL_NO_NPN +#ifdef OPENSSL_NO_NEXTPROTONEG /* the mac has already been generated when we received the * change cipher spec message and is in s->s3->tmp.peer_finish_md */ @@ -540,7 +540,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) n -= i; } -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG /* If receiving Finished, record MAC of prior handshake messages for * Finished verification. */ if (*s->init_buf->data == SSL3_MT_FINISHED) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 601c2b121f..ac21f19254 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -424,7 +424,7 @@ int ssl3_connect(SSL *s) SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); if (ret <= 0) goto end; -#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NPN) +#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) s->state=SSL3_ST_CW_FINISHED_A; #else if (s->next_proto_negotiated) @@ -459,7 +459,7 @@ int ssl3_connect(SSL *s) break; -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NPN) +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) case SSL3_ST_CW_NEXT_PROTO_A: case SSL3_ST_CW_NEXT_PROTO_B: ret=ssl3_send_next_proto(s); @@ -3018,7 +3018,7 @@ err: */ #ifndef OPENSSL_NO_TLSEXT -# ifndef OPENSSL_NO_NPN +# ifndef OPENSSL_NO_NEXTPROTONEG int ssl3_send_next_proto(SSL *s) { unsigned int len, padding_len; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index da2ed9ee75..53bf4c23aa 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2231,7 +2231,7 @@ void ssl3_clear(SSL *s) s->s3->in_read_app_data=0; s->version=SSL3_VERSION; -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NPN) +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) if (s->next_proto_negotiated) { OPENSSL_free(s->next_proto_negotiated); diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 94ccfa0e29..8f08c16510 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1375,7 +1375,7 @@ err: int ssl3_do_change_cipher_spec(SSL *s) { int i; -#ifdef OPENSSL_NO_NPN +#ifdef OPENSSL_NO_NEXTPROTONEG const char *sender; int slen; #endif @@ -1401,7 +1401,7 @@ int ssl3_do_change_cipher_spec(SSL *s) if (!s->method->ssl3_enc->change_cipher_state(s,i)) return(0); -#ifdef OPENSSL_NO_NPN +#ifdef OPENSSL_NO_NEXTPROTONEG /* we have to record the message digest at * this point so we can get it before we read * the finished message */ diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 56611996b3..de3f9d27a7 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -538,7 +538,7 @@ int ssl3_accept(SSL *s) * the client uses its key from the certificate * for key exchange. */ -#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NPN) +#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) s->state=SSL3_ST_SR_FINISHED_A; #else if (s->s3->next_proto_neg_seen) @@ -588,7 +588,7 @@ int ssl3_accept(SSL *s) ret=ssl3_get_cert_verify(s); if (ret <= 0) goto end; -#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NPN) +#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) s->state=SSL3_ST_SR_FINISHED_A; #else if (s->s3->next_proto_neg_seen) @@ -599,7 +599,7 @@ int ssl3_accept(SSL *s) s->init_num=0; break; -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NPN) +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) case SSL3_ST_SR_NEXT_PROTO_A: case SSL3_ST_SR_NEXT_PROTO_B: ret=ssl3_get_next_proto(s); @@ -680,7 +680,7 @@ int ssl3_accept(SSL *s) s->state=SSL3_ST_SW_FLUSH; if (s->hit) { -#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NPN) +#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; #else if (s->s3->next_proto_neg_seen) @@ -3242,7 +3242,7 @@ int ssl3_get_next_proto(SSL *s) SSL3_ST_SR_NEXT_PROTO_A, SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO, - 129, + 514, /* See the payload format below */ &ok); if (!ok) @@ -860,7 +860,7 @@ struct ssl_ctx_st int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg); void *tlsext_opaque_prf_input_callback_arg; -# ifndef OPENSSL_NO_NPN +# ifndef OPENSSL_NO_NEXTPROTONEG /* Next protocol negotiation information */ /* (for experimental NPN extension). */ @@ -949,7 +949,7 @@ int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); #endif void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb) (SSL *ssl, const unsigned char **out, @@ -1236,7 +1236,7 @@ struct ssl_st SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG /* Next protocol negotiation. For the client, this is the protocol that * we sent in NextProtocol and is set when handling ServerHello * extensions. diff --git a/ssl/ssl3.h b/ssl/ssl3.h index e98aac5aa8..7c0a59510d 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -455,7 +455,7 @@ typedef struct ssl3_state_st void *server_opaque_prf_input; size_t server_opaque_prf_input_len; -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG /* Set if we saw the Next Protocol Negotiation extension from our peer. */ int next_proto_neg_seen; @@ -552,7 +552,7 @@ typedef struct ssl3_state_st #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG #define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) #define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) #endif @@ -601,7 +601,7 @@ typedef struct ssl3_state_st #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG #define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) #define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) #endif @@ -629,7 +629,7 @@ typedef struct ssl3_state_st #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 #define SSL3_MT_FINISHED 20 #define SSL3_MT_CERTIFICATE_STATUS 22 -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG #define SSL3_MT_NEXT_PROTO 67 #endif #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index bc102ae20b..9990246fcb 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -354,7 +354,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->tlsext_ocsp_resplen = -1; CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); s->initial_ctx=ctx; -# ifndef OPENSSL_NO_NPN +# ifndef OPENSSL_NO_NEXTPROTONEG s->next_proto_negotiated = NULL; # endif #endif @@ -590,7 +590,7 @@ void SSL_free(SSL *s) kssl_ctx_free(s->kssl_ctx); #endif /* OPENSSL_NO_KRB5 */ -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NPN) +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) if (s->next_proto_negotiated) OPENSSL_free(s->next_proto_negotiated); #endif @@ -1497,7 +1497,7 @@ int SSL_get_servername_type(const SSL *s) return -1; } -# ifndef OPENSSL_NO_NPN +# ifndef OPENSSL_NO_NEXTPROTONEG /* SSL_select_next_proto implements the standard protocol selection. It is * expected that this function is called from the callback set by * SSL_CTX_set_next_proto_select_cb. @@ -1778,7 +1778,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->tlsext_status_cb = 0; ret->tlsext_status_arg = NULL; -# ifndef OPENSSL_NO_NPN +# ifndef OPENSSL_NO_NEXTPROTONEG ret->next_protos_advertised_cb = 0; ret->next_proto_select_cb = 0; # endif diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 95ec8a6bdb..45a567ddd3 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -968,7 +968,7 @@ int ssl3_get_server_certificate(SSL *s); int ssl3_check_cert_and_algorithm(SSL *s); #ifndef OPENSSL_NO_TLSEXT int ssl3_check_finished(SSL *s); -# ifndef OPENSSL_NO_NPN +# ifndef OPENSSL_NO_NEXTPROTONEG int ssl3_send_next_proto(SSL *s); # endif #endif @@ -989,7 +989,7 @@ int ssl3_check_client_hello(SSL *s); int ssl3_get_client_certificate(SSL *s); int ssl3_get_client_key_exchange(SSL *s); int ssl3_get_cert_verify(SSL *s); -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG int ssl3_get_next_proto(SSL *s); #endif diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 849dad7dda..74638cc9b1 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -494,7 +494,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); } -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) { /* The client advertises an emtpy extension to indicate its @@ -517,8 +517,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha { int extdatalen=0; unsigned char *ret = p; -#ifndef OPENSSL_NO_NPN - char next_proto_neg_seen; +#ifndef OPENSSL_NO_NEXTPROTONEG + int next_proto_neg_seen; #endif /* don't add extensions for SSLv3, unless doing secure renegotiation */ @@ -633,7 +633,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha } -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG next_proto_neg_seen = s->s3->next_proto_neg_seen; s->s3->next_proto_neg_seen = 0; if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) @@ -995,7 +995,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in else s->tlsext_status_type = -1; } -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG else if (type == TLSEXT_TYPE_next_proto_neg && s->s3->tmp.finish_md_len == 0) { @@ -1040,11 +1040,11 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in return 1; } -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG /* ssl_next_proto_validate validates a Next Protocol Negotiation block. No * elements of zero length are allowed and the set of elements must exactly fill * the length of the block. */ -static char ssl_next_proto_validate(unsigned char *d, unsigned len) +static int ssl_next_proto_validate(unsigned char *d, unsigned len) { unsigned int off = 0; @@ -1194,7 +1194,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in /* Set flag to expect CertificateStatus message */ s->tlsext_status_expected = 1; } -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG else if (type == TLSEXT_TYPE_next_proto_neg) { unsigned char *selected; diff --git a/ssl/tls1.h b/ssl/tls1.h index c1b6546941..0a8d4f75ff 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -208,7 +208,7 @@ extern "C" { /* Temporary extension type */ #define TLSEXT_TYPE_renegotiate 0xff01 -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG /* This is not an IANA defined extension number */ #define TLSEXT_TYPE_next_proto_neg 13172 #endif |