diff options
| author | David Benjamin <davidben@chromium.org> | 2014-07-03 23:59:49 +0400 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-07-08 00:31:37 +0400 |
| commit | 6dbd73db5d58ec44304266012d23ff8d297eca55 (patch) | |
| tree | 3efae2919223544d7cf1f92834d2edc8a4e90a86 | |
| parent | 31955f91dcdb1a30bc7fd560ee9054321fc514e9 (diff) | |
Remove OPENSSL_NO_TLSEXT compilation option.
Mostly done with unifdef.
Change-Id: I876f79f9e96d77628d696b09694363d07aee6b74
Reviewed-on: https://boringssl-review.googlesource.com/1096
Reviewed-by: Adam Langley <agl@google.com>
| -rw-r--r-- | ssl/d1_clnt.c | 14 | ||||
| -rw-r--r-- | ssl/d1_srvr.c | 16 | ||||
| -rw-r--r-- | ssl/s23_clnt.c | 4 | ||||
| -rw-r--r-- | ssl/s3_clnt.c | 40 | ||||
| -rw-r--r-- | ssl/s3_lib.c | 22 | ||||
| -rw-r--r-- | ssl/s3_srvr.c | 34 | ||||
| -rw-r--r-- | ssl/ssl.h | 14 | ||||
| -rw-r--r-- | ssl/ssl3.h | 2 | ||||
| -rw-r--r-- | ssl/ssl_asn1.c | 16 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 16 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 4 | ||||
| -rw-r--r-- | ssl/ssl_sess.c | 16 | ||||
| -rw-r--r-- | ssl/ssl_txt.c | 2 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 8 | ||||
| -rw-r--r-- | ssl/tls1.h | 2 |
15 files changed, 4 insertions, 206 deletions
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 1fbd70bf..2e025722 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -298,7 +298,6 @@ int dtls1_connect(SSL *s) case SSL3_ST_CR_CERT_A: case SSL3_ST_CR_CERT_B: -#ifndef OPENSSL_NO_TLSEXT ret=ssl3_check_finished(s); if (ret <= 0) goto end; if (ret == 2) @@ -311,14 +310,12 @@ int dtls1_connect(SSL *s) s->init_num=0; break; } -#endif /* Check if it is anon DH or PSK */ if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { ret=ssl3_get_server_certificate(s); if (ret <= 0) goto end; -#ifndef OPENSSL_NO_TLSEXT if (s->tlsext_status_expected) s->state=SSL3_ST_CR_CERT_STATUS_A; else @@ -329,13 +326,6 @@ int dtls1_connect(SSL *s) skip = 1; s->state=SSL3_ST_CR_KEY_EXCH_A; } -#else - } - else - skip=1; - - s->state=SSL3_ST_CR_KEY_EXCH_A; -#endif s->init_num=0; break; @@ -474,19 +464,16 @@ int dtls1_connect(SSL *s) else { -#ifndef OPENSSL_NO_TLSEXT /* Allow NewSessionTicket if ticket expected */ if (s->tlsext_ticket_expected) s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; else -#endif s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; } s->init_num=0; break; -#ifndef OPENSSL_NO_TLSEXT case SSL3_ST_CR_SESSION_TICKET_A: case SSL3_ST_CR_SESSION_TICKET_B: ret=ssl3_get_new_session_ticket(s); @@ -502,7 +489,6 @@ int dtls1_connect(SSL *s) s->state=SSL3_ST_CR_KEY_EXCH_A; s->init_num=0; break; -#endif case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 2eba38dd..148b8c8a 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -340,14 +340,10 @@ int dtls1_accept(SSL *s) if (s->hit) { -#ifndef OPENSSL_NO_TLSEXT if (s->tlsext_ticket_expected) s->state=SSL3_ST_SW_SESSION_TICKET_A; else s->state=SSL3_ST_SW_CHANGE_A; -#else - s->state=SSL3_ST_SW_CHANGE_A; -#endif } else s->state=SSL3_ST_SW_CERT_A; @@ -363,7 +359,6 @@ int dtls1_accept(SSL *s) dtls1_start_timer(s); ret=ssl3_send_server_certificate(s); if (ret <= 0) goto end; -#ifndef OPENSSL_NO_TLSEXT if (s->tlsext_status_expected) s->state=SSL3_ST_SW_CERT_STATUS_A; else @@ -374,13 +369,6 @@ int dtls1_accept(SSL *s) skip = 1; s->state=SSL3_ST_SW_KEY_EXCH_A; } -#else - } - else - skip=1; - - s->state=SSL3_ST_SW_KEY_EXCH_A; -#endif s->init_num=0; break; @@ -593,16 +581,13 @@ int dtls1_accept(SSL *s) dtls1_stop_timer(s); if (s->hit) s->state=SSL_ST_OK; -#ifndef OPENSSL_NO_TLSEXT else if (s->tlsext_ticket_expected) s->state=SSL3_ST_SW_SESSION_TICKET_A; -#endif else s->state=SSL3_ST_SW_CHANGE_A; s->init_num=0; break; -#ifndef OPENSSL_NO_TLSEXT case SSL3_ST_SW_SESSION_TICKET_A: case SSL3_ST_SW_SESSION_TICKET_B: ret=ssl3_send_newsession_ticket(s); @@ -619,7 +604,6 @@ int dtls1_accept(SSL *s) s->init_num=0; break; -#endif case SSL3_ST_SW_CHANGE_A: case SSL3_ST_SW_CHANGE_B: diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 092b5f48..3336d770 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -332,7 +332,6 @@ static int ssl23_client_hello(SSL *s) mask &= ~SSL_OP_NO_SSLv3; #endif -#ifndef OPENSSL_NO_TLSEXT if (version != SSL2_VERSION) { /* have to disable SSL 2.0 compatibility if we need TLS extensions */ @@ -342,7 +341,6 @@ static int ssl23_client_hello(SSL *s) if (s->tlsext_status_type != -1) ssl2_compat = 0; } -#endif buf=(unsigned char *)s->init_buf->data; if (s->state == SSL23_ST_CW_CLNT_HELLO_A) @@ -508,7 +506,6 @@ static int ssl23_client_hello(SSL *s) *(p++)=1; *(p++)=0; /* Add the NULL method */ -#ifndef OPENSSL_NO_TLSEXT /* TLS extensions*/ if (ssl_prepare_clienthello_tlsext(s) <= 0) { @@ -524,7 +521,6 @@ static int ssl23_client_hello(SSL *s) OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, ERR_R_INTERNAL_ERROR); return -1; } -#endif l = p-d; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 7b140470..33626358 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -286,13 +286,11 @@ int ssl3_connect(SSL *s) if (s->hit) { s->state=SSL3_ST_CR_FINISHED_A; -#ifndef OPENSSL_NO_TLSEXT if (s->tlsext_ticket_expected) { /* receive renewed session ticket */ s->state=SSL3_ST_CR_SESSION_TICKET_A; } -#endif } else { @@ -303,7 +301,6 @@ int ssl3_connect(SSL *s) case SSL3_ST_CR_CERT_A: case SSL3_ST_CR_CERT_B: -#ifndef OPENSSL_NO_TLSEXT ret=ssl3_check_finished(s); if (ret <= 0) goto end; if (ret == 2) @@ -316,7 +313,6 @@ int ssl3_connect(SSL *s) s->init_num=0; break; } -#endif /* Check if it is anon DH/ECDH */ /* or non-RSA PSK */ if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && @@ -325,7 +321,6 @@ int ssl3_connect(SSL *s) { ret=ssl3_get_server_certificate(s); if (ret <= 0) goto end; -#ifndef OPENSSL_NO_TLSEXT if (s->tlsext_status_expected) s->state=SSL3_ST_CR_CERT_STATUS_A; else @@ -336,13 +331,6 @@ int ssl3_connect(SSL *s) skip = 1; s->state=SSL3_ST_CR_KEY_EXCH_A; } -#else - } - else - skip=1; - - s->state=SSL3_ST_CR_KEY_EXCH_A; -#endif s->init_num=0; break; @@ -441,14 +429,12 @@ int ssl3_connect(SSL *s) if (ret <= 0) goto end; s->state=SSL3_ST_CW_FINISHED_A; -#if !defined(OPENSSL_NO_TLSEXT) if (s->s3->tlsext_channel_id_valid) s->state=SSL3_ST_CW_CHANNEL_ID_A; # if !defined(OPENSSL_NO_NEXTPROTONEG) if (s->s3->next_proto_neg_seen) s->state=SSL3_ST_CW_NEXT_PROTO_A; # endif -#endif s->init_num=0; s->session->cipher=s->s3->tmp.new_cipher; @@ -467,7 +453,7 @@ int ssl3_connect(SSL *s) break; -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) +#if !defined(OPENSSL_NO_NEXTPROTONEG) case SSL3_ST_CW_NEXT_PROTO_A: case SSL3_ST_CW_NEXT_PROTO_B: ret=ssl3_send_next_proto(s); @@ -479,14 +465,12 @@ int ssl3_connect(SSL *s) break; #endif -#if !defined(OPENSSL_NO_TLSEXT) case SSL3_ST_CW_CHANNEL_ID_A: case SSL3_ST_CW_CHANNEL_ID_B: ret=ssl3_send_channel_id(s); if (ret <= 0) goto end; s->state=SSL3_ST_CW_FINISHED_A; break; -#endif case SSL3_ST_CW_FINISHED_A: case SSL3_ST_CW_FINISHED_B: @@ -542,19 +526,16 @@ int ssl3_connect(SSL *s) } else { -#ifndef OPENSSL_NO_TLSEXT /* Allow NewSessionTicket if ticket expected */ if (s->tlsext_ticket_expected) s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; else -#endif s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; } } s->init_num=0; break; -#ifndef OPENSSL_NO_TLSEXT case SSL3_ST_CR_SESSION_TICKET_A: case SSL3_ST_CR_SESSION_TICKET_B: ret=ssl3_get_new_session_ticket(s); @@ -570,7 +551,6 @@ int ssl3_connect(SSL *s) s->state=SSL3_ST_CR_KEY_EXCH_A; s->init_num=0; break; -#endif case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: @@ -599,12 +579,10 @@ int ssl3_connect(SSL *s) break; case SSL3_ST_CUTTHROUGH_COMPLETE: -#ifndef OPENSSL_NO_TLSEXT /* Allow NewSessionTicket if ticket expected */ if (s->tlsext_ticket_expected) s->state=SSL3_ST_CR_SESSION_TICKET_A; else -#endif s->state=SSL3_ST_CR_FINISHED_A; /* SSL_write() will take care of flushing buffered data if @@ -698,11 +676,7 @@ int ssl3_client_hello(SSL *s) SSL_SESSION *sess = s->session; if ((sess == NULL) || (sess->ssl_version != s->version) || -#ifdef OPENSSL_NO_TLSEXT - !sess->session_id_length || -#else (!sess->session_id_length && !sess->tlsext_tick) || -#endif (sess->not_resumable)) { if (!ssl_get_new_session(s,0)) @@ -869,7 +843,6 @@ int ssl3_client_hello(SSL *s) *(p++)=1; *(p++)=0; /* Add the NULL method */ -#ifndef OPENSSL_NO_TLSEXT /* TLS extensions*/ if (ssl_prepare_clienthello_tlsext(s) <= 0) { @@ -881,7 +854,6 @@ int ssl3_client_hello(SSL *s) OPENSSL_PUT_ERROR(SSL, ssl3_client_hello, ERR_R_INTERNAL_ERROR); goto err; } -#endif l= p-d; ssl_set_handshake_header(s, SSL3_MT_CLIENT_HELLO, l); @@ -998,7 +970,6 @@ int ssl3_get_server_hello(SSL *s) goto f_err; } -#ifndef OPENSSL_NO_TLSEXT /* check if we want to resume the session based on external pre-shared secret */ if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) { @@ -1014,7 +985,6 @@ int ssl3_get_server_hello(SSL *s) s->s3->flags |= SSL3_FLAGS_CCS_OK; } } -#endif /* OPENSSL_NO_TLSEXT */ if (j != 0 && j == s->session->session_id_length && memcmp(p,s->session->session_id,j) == 0) @@ -1111,14 +1081,12 @@ int ssl3_get_server_hello(SSL *s) /* TODO(fork): Port the rest of this function to CBS. */ CBS_init(&cbs, p, d + n - p); -#ifndef OPENSSL_NO_TLSEXT /* TLS extensions*/ if (!ssl_parse_serverhello_tlsext(s, &cbs)) { OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, SSL_R_PARSE_TLSEXT); goto err; } -#endif /* There should be nothing left over in the record. */ if (CBS_len(&cbs) != 0) @@ -1991,7 +1959,6 @@ err: return(ret); } -#ifndef OPENSSL_NO_TLSEXT int ssl3_get_new_session_ticket(SSL *s) { int ok,al,ret=0, ticklen; @@ -2148,7 +2115,6 @@ f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); return(-1); } -#endif int ssl3_get_server_done(SSL *s) { @@ -3095,7 +3061,6 @@ err: return(0); } -#if !defined(OPENSSL_NO_TLSEXT) # if !defined(OPENSSL_NO_NEXTPROTONEG) int ssl3_send_next_proto(SSL *s) { @@ -3249,14 +3214,12 @@ err: return ret; } -#endif /* !OPENSSL_NO_TLSEXT */ /* Check to see if handshake is full or resumed. Usually this is just a * case of checking to see if a cache hit has occurred. In the case of * session tickets we have to check the next message to be sure. */ -#ifndef OPENSSL_NO_TLSEXT int ssl3_check_finished(SSL *s) { int ok; @@ -3280,7 +3243,6 @@ int ssl3_check_finished(SSL *s) return 1; } -#endif int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) { diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 8908a6a2..534b2999 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2681,11 +2681,9 @@ int ssl3_new(SSL *s) s->s3=s3; -#if !defined(OPENSSL_NO_TLSEXT) s->tlsext_channel_id_enabled = s->ctx->tlsext_channel_id_enabled; if (s->ctx->tlsext_channel_id_private) s->tlsext_channel_id_private = EVP_PKEY_dup(s->ctx->tlsext_channel_id_private); -#endif s->method->ssl_clear(s); return(1); err: @@ -2717,10 +2715,8 @@ void ssl3_free(SSL *s) BIO_free(s->s3->handshake_buffer); } if (s->s3->handshake_dgst) ssl3_free_digest_list(s); -#ifndef OPENSSL_NO_TLSEXT if (s->s3->alpn_selected) OPENSSL_free(s->s3->alpn_selected); -#endif OPENSSL_cleanse(s->s3,sizeof *s->s3); OPENSSL_free(s->s3); @@ -2751,11 +2747,9 @@ void ssl3_clear(SSL *s) s->s3->tmp.ecdh = NULL; } #endif -#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_EC s->s3->is_probably_safari = 0; #endif /* !OPENSSL_NO_EC */ -#endif /* !OPENSSL_NO_TLSEXT */ rp = s->s3->rbuf.buf; wp = s->s3->wbuf.buf; @@ -2770,13 +2764,11 @@ void ssl3_clear(SSL *s) ssl3_free_digest_list(s); } -#if !defined(OPENSSL_NO_TLSEXT) if (s->s3->alpn_selected) { free(s->s3->alpn_selected); s->s3->alpn_selected = NULL; } -#endif memset(s->s3,0,sizeof *s->s3); s->s3->rbuf.buf = rp; s->s3->wbuf.buf = wp; @@ -2793,7 +2785,7 @@ void ssl3_clear(SSL *s) s->s3->in_read_app_data=0; s->version=SSL3_VERSION; -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) +#if !defined(OPENSSL_NO_NEXTPROTONEG) if (s->next_proto_negotiated) { OPENSSL_free(s->next_proto_negotiated); @@ -2802,9 +2794,7 @@ void ssl3_clear(SSL *s) } #endif -#if !defined(OPENSSL_NO_TLSEXT) s->s3->tlsext_channel_id_valid = 0; -#endif } static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len); @@ -2954,7 +2944,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } break; #endif /* !OPENSSL_NO_ECDH */ -#ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_HOSTNAME: if (larg == TLSEXT_NAMETYPE_host_name) { @@ -3024,7 +3013,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ret = 1; break; -#endif /* !OPENSSL_NO_TLSEXT */ case SSL_CTRL_CHAIN: if (larg) @@ -3263,12 +3251,10 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) } break; #endif -#ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_DEBUG_CB: s->tlsext_debug_cb=(void (*)(SSL *,int ,int, unsigned char *, int, void *))fp; break; -#endif default: break; } @@ -3400,7 +3386,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) } break; #endif /* !OPENSSL_NO_ECDH */ -#ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: ctx->tlsext_servername_arg=parg; break; @@ -3463,7 +3448,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_SET_CHAIN_CERT_STORE: return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg); -#endif /* !OPENSSL_NO_TLSEXT */ /* A Thawte special :-) */ case SSL_CTRL_EXTRA_CHAIN_CERT: @@ -3563,7 +3547,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) } break; #endif -#ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; break; @@ -3579,7 +3562,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) HMAC_CTX *, int))fp; break; -#endif default: return(0); } @@ -3742,14 +3724,12 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, #endif } -#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_EC /* if we are considering an ECC cipher suite that uses * an ephemeral EC key check it */ if (alg_k & SSL_kEECDH) ok = ok && tls1_check_ec_tmp_key(s, c->id); #endif /* OPENSSL_NO_EC */ -#endif /* OPENSSL_NO_TLSEXT */ if (ok && sk_SSL_CIPHER_find(allow, &cipher_index, c)) { diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 06088ec3..f1da1588 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -337,7 +337,6 @@ int ssl3_accept(SSL *s) case SSL3_ST_SW_SRVR_HELLO_B: ret=ssl3_send_server_hello(s); if (ret <= 0) goto end; -#ifndef OPENSSL_NO_TLSEXT if (s->hit) { if (s->tlsext_ticket_expected) @@ -345,10 +344,6 @@ int ssl3_accept(SSL *s) else s->state=SSL3_ST_SW_CHANGE_A; } -#else - if (s->hit) - s->state=SSL3_ST_SW_CHANGE_A; -#endif else s->state = SSL3_ST_SW_CERT_A; s->init_num = 0; @@ -366,7 +361,6 @@ int ssl3_accept(SSL *s) { ret=ssl3_send_server_certificate(s); if (ret <= 0) goto end; -#ifndef OPENSSL_NO_TLSEXT if (s->tlsext_status_expected) s->state=SSL3_ST_SW_CERT_STATUS_A; else @@ -377,13 +371,6 @@ int ssl3_accept(SSL *s) skip = 1; s->state=SSL3_ST_SW_KEY_EXCH_A; } -#else - } - else - skip=1; - - s->state=SSL3_ST_SW_KEY_EXCH_A; -#endif s->init_num=0; break; @@ -623,12 +610,10 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_POST_CLIENT_CERT: { char next_proto_neg = 0; char channel_id = 0; -#if !defined(OPENSSL_NO_TLSEXT) # if !defined(OPENSSL_NO_NEXTPROTONEG) next_proto_neg = s->s3->next_proto_neg_seen; # endif channel_id = s->s3->tlsext_channel_id_valid; -#endif s->s3->flags |= SSL3_FLAGS_CCS_OK; if (next_proto_neg) @@ -640,7 +625,7 @@ int ssl3_accept(SSL *s) break; } -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) +#if !defined(OPENSSL_NO_NEXTPROTONEG) case SSL3_ST_SR_NEXT_PROTO_A: case SSL3_ST_SR_NEXT_PROTO_B: ret=ssl3_get_next_proto(s); @@ -653,7 +638,6 @@ int ssl3_accept(SSL *s) break; #endif -#if !defined(OPENSSL_NO_TLSEXT) case SSL3_ST_SR_CHANNEL_ID_A: case SSL3_ST_SR_CHANNEL_ID_B: ret=ssl3_get_channel_id(s); @@ -661,7 +645,6 @@ int ssl3_accept(SSL *s) s->init_num = 0; s->state=SSL3_ST_SR_FINISHED_A; break; -#endif case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: @@ -671,10 +654,8 @@ int ssl3_accept(SSL *s) if (ret <= 0) goto end; if (s->hit) s->state=SSL_ST_OK; -#ifndef OPENSSL_NO_TLSEXT else if (s->tlsext_ticket_expected) s->state=SSL3_ST_SW_SESSION_TICKET_A; -#endif else s->state=SSL3_ST_SW_CHANGE_A; /* If this is a full handshake with ChannelID then @@ -689,7 +670,6 @@ int ssl3_accept(SSL *s) s->init_num=0; break; -#ifndef OPENSSL_NO_TLSEXT case SSL3_ST_SW_SESSION_TICKET_A: case SSL3_ST_SW_SESSION_TICKET_B: ret=ssl3_send_newsession_ticket(s); @@ -705,7 +685,6 @@ int ssl3_accept(SSL *s) s->state=SSL3_ST_SW_KEY_EXCH_A; s->init_num=0; break; -#endif case SSL3_ST_SW_CHANGE_A: case SSL3_ST_SW_CHANGE_B: @@ -1220,7 +1199,6 @@ int ssl3_get_client_hello(SSL *s) } CBS_init(&cbs, p, d + n - p); -#ifndef OPENSSL_NO_TLSEXT /* TLS extensions*/ if (s->version >= SSL3_VERSION) { @@ -1288,7 +1266,6 @@ int ssl3_get_client_hello(SSL *s) s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers); } } -#endif /* !OPENSSL_NO_TLSEXT */ /* Given s->session->ciphers and SSL_get_ciphers, we must * pick a cipher */ @@ -1440,11 +1417,6 @@ int ssl3_send_server_hello(SSL *s) } buf=(unsigned char *)s->init_buf->data; -#ifdef OPENSSL_NO_TLSEXT - p=s->s3->server_random; - if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) - return -1; -#endif /* Do the message type and length last */ d=p= ssl_handshake_start(s); @@ -1490,7 +1462,6 @@ int ssl3_send_server_hello(SSL *s) /* put the compression method */ *(p++)=0; -#ifndef OPENSSL_NO_TLSEXT if (ssl_prepare_serverhello_tlsext(s) <= 0) { OPENSSL_PUT_ERROR(SSL, ssl3_send_server_hello, SSL_R_SERVERHELLO_TLSEXT); @@ -1501,7 +1472,6 @@ int ssl3_send_server_hello(SSL *s) OPENSSL_PUT_ERROR(SSL, ssl3_send_server_hello, ERR_R_INTERNAL_ERROR); return -1; } -#endif /* do the header */ l=(p-d); ssl_set_handshake_header(s, SSL3_MT_SERVER_HELLO, l); @@ -3058,7 +3028,6 @@ int ssl3_send_server_certificate(SSL *s) return ssl_do_write(s); } -#ifndef OPENSSL_NO_TLSEXT /* send a new session ticket (not necessarily for a new session) */ int ssl3_send_newsession_ticket(SSL *s) { @@ -3431,4 +3400,3 @@ err: return ret; } -#endif @@ -513,7 +513,6 @@ struct ssl_session_st /* These are used to make removal of session-ids more * efficient and to implement a maximum cache size. */ struct ssl_session_st *prev,*next; -#ifndef OPENSSL_NO_TLSEXT char *tlsext_hostname; #ifndef OPENSSL_NO_EC size_t tlsext_ecpointformatlist_length; @@ -525,7 +524,6 @@ struct ssl_session_st unsigned char *tlsext_tick; /* Session ticket */ size_t tlsext_ticklen; /* Session ticket length */ long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ -#endif char peer_sha256_valid; /* Non-zero if peer_sha256 is valid */ unsigned char peer_sha256[SHA256_DIGEST_LENGTH]; /* SHA256 of peer certificate */ @@ -1034,7 +1032,6 @@ struct ssl_ctx_st ENGINE *client_cert_engine; #endif -#ifndef OPENSSL_NO_TLSEXT /* TLS extensions servername callback */ int (*tlsext_servername_callback)(SSL*, int *, void *); void *tlsext_servername_arg; @@ -1052,7 +1049,6 @@ struct ssl_ctx_st /* Callback for status request */ int (*tlsext_status_cb)(SSL *ssl, void *arg); void *tlsext_status_arg; -#endif #ifndef OPENSSL_NO_PSK char *psk_identity_hint; @@ -1074,7 +1070,6 @@ struct ssl_ctx_st char retain_only_sha256_of_client_certs; #endif -#ifndef OPENSSL_NO_TLSEXT # ifndef OPENSSL_NO_NEXTPROTONEG /* Next protocol negotiation information */ @@ -1128,7 +1123,6 @@ struct ssl_ctx_st size_t tlsext_ellipticcurvelist_length; unsigned char *tlsext_ellipticcurvelist; # endif /* OPENSSL_NO_EC */ -#endif /* OPENSSL_NO_TLSEXT */ /* If true, a client will advertise the Channel ID extension and a * server will echo it. */ @@ -1223,11 +1217,9 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len); #endif -#ifndef OPENSSL_NO_TLSEXT int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, const unsigned char *client, unsigned int client_len); -#endif #define OPENSSL_NPN_UNSUPPORTED 0 #define OPENSSL_NPN_NEGOTIATED 1 @@ -1456,7 +1448,6 @@ struct ssl_st int client_version; /* what was passed, used for * SSLv3/TLS rollback check */ unsigned int max_send_fragment; -#ifndef OPENSSL_NO_TLSEXT /* TLS extension debug callback */ void (*tlsext_debug_cb)(SSL *s, int client_server, int type, unsigned char *data, int len, @@ -1530,9 +1521,6 @@ struct ssl_st * format. */ unsigned char* alpn_client_proto_list; unsigned alpn_client_proto_list_len; -#else -#define session_ctx ctx -#endif /* OPENSSL_NO_TLSEXT */ int renegotiate;/* 1 if we are renegotiating. * 2 if we are a server and are inside a handshake @@ -1761,7 +1749,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 /* see tls1.h for macros based on these */ -#ifndef OPENSSL_NO_TLSEXT #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 @@ -1789,7 +1776,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 #define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 #define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 -#endif /* OPENSSL_NO_TLSEXT */ #define DTLS_CTRL_GET_TIMEOUT 73 #define DTLS_CTRL_HANDLE_TIMEOUT 74 @@ -533,7 +533,6 @@ typedef struct ssl3_state_st int next_proto_neg_seen; #endif -#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_EC /* This is set to true if we believe that this is a version of Safari * running on OS X 10.6 or newer. We wish to know this because Safari @@ -550,7 +549,6 @@ typedef struct ssl3_state_st * processed. */ uint8_t *alpn_selected; size_t alpn_selected_len; -#endif /* OPENSSL_NO_TLSEXT */ /* In a client, this means that the server supported Channel ID and that * a Channel ID was sent. In a server it means that we echoed support diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index d95ed0f1..6b0568e1 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -112,11 +112,9 @@ typedef struct ssl_session_asn1_st ASN1_INTEGER time; ASN1_INTEGER timeout; ASN1_INTEGER verify_result; -#ifndef OPENSSL_NO_TLSEXT ASN1_OCTET_STRING tlsext_hostname; ASN1_INTEGER tlsext_tick_lifetime; ASN1_OCTET_STRING tlsext_tick; -#endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_PSK ASN1_OCTET_STRING psk_identity_hint; ASN1_OCTET_STRING psk_identity; @@ -131,10 +129,8 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0,v13=0,v14=0; unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2]; -#ifndef OPENSSL_NO_TLSEXT int v6=0,v9=0,v10=0; unsigned char ibuf6[LSIZE2]; -#endif long l; SSL_SESSION_ASN1 a; M_ASN1_I2D_vars(in); @@ -219,7 +215,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) ASN1_INTEGER_set(&a.verify_result,in->verify_result); } -#ifndef OPENSSL_NO_TLSEXT if (in->tlsext_hostname) { a.tlsext_hostname.length=strlen(in->tlsext_hostname); @@ -239,7 +234,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) a.tlsext_tick_lifetime.data=ibuf6; ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint); } -#endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_PSK if (in->psk_identity_hint) { @@ -286,14 +280,12 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) if (in->verify_result != X509_V_OK) M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); -#ifndef OPENSSL_NO_TLSEXT if (in->tlsext_tick_lifetime_hint > 0) M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); if (in->tlsext_tick) M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); if (in->tlsext_hostname) M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); -#endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_PSK if (in->psk_identity_hint) M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); @@ -324,22 +316,18 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) v4); if (in->verify_result != X509_V_OK) M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5); -#ifndef OPENSSL_NO_TLSEXT if (in->tlsext_hostname) M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); -#endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_PSK if (in->psk_identity_hint) M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); if (in->psk_identity) M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); #endif /* OPENSSL_NO_PSK */ -#ifndef OPENSSL_NO_TLSEXT if (in->tlsext_tick_lifetime_hint > 0) M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); if (in->tlsext_tick) M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); -#endif /* OPENSSL_NO_TLSEXT */ if (in->peer_sha256_valid) M_ASN1_I2D_put_EXP_opt(&(a.peer_sha256),i2d_ASN1_OCTET_STRING,13,v13); if (in->original_handshake_hash_len > 0) @@ -501,7 +489,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, else ret->verify_result=X509_V_OK; -#ifndef OPENSSL_NO_TLSEXT os.length=0; os.data=NULL; M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6); @@ -514,7 +501,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, } else ret->tlsext_hostname=NULL; -#endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_PSK os.length=0; @@ -544,7 +530,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ret->psk_identity=NULL; #endif /* OPENSSL_NO_PSK */ -#ifndef OPENSSL_NO_TLSEXT ai.length=0; M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9); if (ai.data != NULL) @@ -568,7 +553,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, } else ret->tlsext_tick=NULL; -#endif /* OPENSSL_NO_TLSEXT */ os.length=0; os.data=NULL; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 3cec5318..f0f81006 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -333,7 +333,6 @@ SSL *SSL_new(SSL_CTX *ctx) CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); s->ctx=ctx; -#ifndef OPENSSL_NO_TLSEXT s->tlsext_debug_cb = 0; s->tlsext_debug_arg = NULL; s->tlsext_ticket_expected = 0; @@ -381,7 +380,6 @@ SSL *SSL_new(SSL_CTX *ctx) s->ctx->alpn_client_proto_list_len); s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len; } -#endif s->verify_result=X509_V_OK; @@ -672,7 +670,6 @@ void SSL_free(SSL *s) if (s->cert != NULL) ssl_cert_free(s->cert); /* Free up if allocated */ -#ifndef OPENSSL_NO_TLSEXT if (s->tlsext_hostname) OPENSSL_free(s->tlsext_hostname); if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); @@ -694,7 +691,6 @@ void SSL_free(SSL *s) OPENSSL_free(s->alpn_client_proto_list); if (s->tlsext_channel_id_private) EVP_PKEY_free(s->tlsext_channel_id_private); -#endif #ifndef OPENSSL_NO_PSK if (s->psk_identity_hint) @@ -708,7 +704,7 @@ void SSL_free(SSL *s) if (s->ctx) SSL_CTX_free(s->ctx); -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) +#if !defined(OPENSSL_NO_NEXTPROTONEG) if (s->next_proto_negotiated) OPENSSL_free(s->next_proto_negotiated); #endif @@ -1699,7 +1695,6 @@ err: } -#ifndef OPENSSL_NO_TLSEXT /** return a servername extension value if provided in Client Hello, or NULL. * So far, only host_name types are defined (RFC 3546). */ @@ -1909,7 +1904,6 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, else *len = ssl->s3->alpn_selected_len; } -#endif /* !OPENSSL_NO_TLSEXT */ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *p, size_t plen, @@ -2059,7 +2053,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; -#ifndef OPENSSL_NO_TLSEXT ret->tlsext_servername_callback = 0; ret->tlsext_servername_arg = NULL; /* Setup RFC4507 ticket keys */ @@ -2075,7 +2068,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->next_protos_advertised_cb = 0; ret->next_proto_select_cb = 0; # endif -#endif #ifndef OPENSSL_NO_PSK ret->psk_identity_hint=NULL; ret->psk_client_callback=NULL; @@ -2222,7 +2214,6 @@ void SSL_CTX_free(SSL_CTX *a) if (a->rbuf_freelist) ssl_buf_freelist_free(a->rbuf_freelist); #endif -#ifndef OPENSSL_NO_TLSEXT # ifndef OPENSSL_NO_EC if (a->tlsext_ecpointformatlist) OPENSSL_free(a->tlsext_ecpointformatlist); @@ -2231,12 +2222,9 @@ void SSL_CTX_free(SSL_CTX *a) # endif /* OPENSSL_NO_EC */ if (a->alpn_client_proto_list != NULL) OPENSSL_free(a->alpn_client_proto_list); -#endif -#ifndef OPENSSL_NO_TLSEXT if (a->tlsext_channel_id_private) EVP_PKEY_free(a->tlsext_channel_id_private); -#endif OPENSSL_free(a); } @@ -3062,10 +3050,8 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) { if (ssl->ctx == ctx) return ssl->ctx; -#ifndef OPENSSL_NO_TLSEXT if (ctx == NULL) ctx = ssl->initial_ctx; -#endif if (ssl->cert != NULL) ssl_cert_free(ssl->cert); ssl->cert = ssl_cert_dup(ctx->cert); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 714e3200..a2ca802d 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1172,13 +1172,11 @@ int ssl3_send_client_key_exchange(SSL *s); int ssl3_get_key_exchange(SSL *s); int ssl3_get_server_certificate(SSL *s); int ssl3_check_cert_and_algorithm(SSL *s); -#ifndef OPENSSL_NO_TLSEXT int ssl3_check_finished(SSL *s); # ifndef OPENSSL_NO_NEXTPROTONEG int ssl3_send_next_proto(SSL *s); int ssl3_send_channel_id(SSL *s); # endif -#endif int dtls1_client_hello(SSL *s); @@ -1259,7 +1257,6 @@ int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, int tls1_check_ec_tmp_key(SSL *s, unsigned long id); #endif /* OPENSSL_NO_EC */ -#ifndef OPENSSL_NO_TLSEXT int tls1_shared_list(SSL *s, const unsigned char *l1, size_t l1len, const unsigned char *l2, size_t l2len, @@ -1294,7 +1291,6 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, int idx); void tls1_set_cert_validity(SSL *s); -#endif int ssl3_can_cutthrough(const SSL *s); int ssl_get_max_version(const SSL *s); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 0153ba77..35f9eb6e 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -213,7 +213,6 @@ SSL_SESSION *SSL_SESSION_new(void) ss->time=(unsigned long)time(NULL); ss->prev=NULL; ss->next=NULL; -#ifndef OPENSSL_NO_TLSEXT ss->tlsext_hostname = NULL; #ifndef OPENSSL_NO_EC ss->tlsext_ecpointformatlist_length = 0; @@ -221,7 +220,6 @@ SSL_SESSION *SSL_SESSION_new(void) ss->tlsext_ellipticcurvelist_length = 0; ss->tlsext_ellipticcurvelist = NULL; #endif -#endif CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); #ifndef OPENSSL_NO_PSK ss->psk_identity_hint=NULL; @@ -340,14 +338,12 @@ int ssl_get_new_session(SSL *s, int session) SSL_SESSION_free(ss); return(0); } -#ifndef OPENSSL_NO_TLSEXT /* If RFC4507 ticket use empty session ID */ if (s->tlsext_ticket_expected) { ss->session_id_length = 0; goto sess_id_done; } -#endif /* Choose which callback will set the session ID */ CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); if(s->generate_session_id) @@ -386,7 +382,6 @@ int ssl_get_new_session(SSL *s, int session) SSL_SESSION_free(ss); return(0); } -#ifndef OPENSSL_NO_TLSEXT sess_id_done: if (s->tlsext_hostname) { ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname); @@ -396,7 +391,6 @@ int ssl_get_new_session(SSL *s, int session) return 0; } } -#endif #ifndef OPENSSL_NO_PSK if (s->psk_identity_hint) { @@ -453,9 +447,7 @@ int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx) SSL_SESSION *ret=NULL; int fatal = 0; int try_session_cache = 1; -#ifndef OPENSSL_NO_TLSEXT int r; -#endif if (ctx->session_id_len > SSL_MAX_SSL_SESSION_ID_LENGTH) goto err; @@ -463,7 +455,6 @@ int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx) if (ctx->session_id_len == 0) try_session_cache = 0; -#ifndef OPENSSL_NO_TLSEXT r = tls1_process_ticket(s, ctx, &ret); /* sets s->tlsext_ticket_expected */ switch (r) { @@ -480,7 +471,6 @@ int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx) default: abort(); } -#endif if (try_session_cache && ret == NULL && @@ -607,14 +597,12 @@ int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx) if (ret != NULL) { SSL_SESSION_free(ret); -#ifndef OPENSSL_NO_TLSEXT if (!try_session_cache) { /* The session was from a ticket, so we should * issue a ticket for the new session */ s->tlsext_ticket_expected = 1; } -#endif } if (fatal) return -1; @@ -752,7 +740,6 @@ void SSL_SESSION_free(SSL_SESSION *ss) if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); if (ss->peer != NULL) X509_free(ss->peer); if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); -#ifndef OPENSSL_NO_TLSEXT if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname); if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick); #ifndef OPENSSL_NO_EC @@ -761,7 +748,6 @@ void SSL_SESSION_free(SSL_SESSION *ss) ss->tlsext_ellipticcurvelist_length = 0; if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); #endif /* OPENSSL_NO_EC */ -#endif #ifndef OPENSSL_NO_PSK if (ss->psk_identity_hint != NULL) OPENSSL_free(ss->psk_identity_hint); @@ -882,7 +868,6 @@ long SSL_CTX_get_timeout(const SSL_CTX *s) return(s->session_timeout); } -#ifndef OPENSSL_NO_TLSEXT int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) { @@ -935,7 +920,6 @@ int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) return 0; } -#endif /* OPENSSL_NO_TLSEXT */ typedef struct timeout_param_st { diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 08c07524..4ea3eb57 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -173,7 +173,6 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) if (BIO_puts(bp,"\n PSK identity hint: ") <= 0) goto err; if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err; #endif -#ifndef OPENSSL_NO_TLSEXT if (x->tlsext_tick_lifetime_hint) { if (BIO_printf(bp, @@ -187,7 +186,6 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) if (BIO_hexdump(bp, x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) goto err; } -#endif if (x->time != 0L) { diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 7bcdf90d..0f37072b 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -117,13 +117,11 @@ #include <openssl/rand.h> #include "ssl_locl.h" -#ifndef OPENSSL_NO_TLSEXT static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, const unsigned char *sess_id, int sesslen, SSL_SESSION **psess); static int ssl_check_clienthello_tlsext_early(SSL *s); int ssl_check_serverhello_tlsext(SSL *s); -#endif SSL3_ENC_METHOD TLSv1_enc_data={ tls1_enc, @@ -199,12 +197,10 @@ int tls1_new(SSL *s) void tls1_free(SSL *s) { -#ifndef OPENSSL_NO_TLSEXT if (s->tlsext_session_ticket) { OPENSSL_free(s->tlsext_session_ticket); } -#endif /* OPENSSL_NO_TLSEXT */ ssl3_free(s); } @@ -984,7 +980,6 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) #endif /* OPENSSL_NO_EC */ -#ifndef OPENSSL_NO_TLSEXT /* List of supported signature algorithms and hashes. Should make this * customisable at some point, for now include everything we support. @@ -3483,7 +3478,6 @@ int SSL_get_shared_sigalgs(SSL *s, int idx, return s->cert->shared_sigalgslen; } -#if !defined(OPENSSL_NO_TLSEXT) /* tls1_channel_id_hash calculates the signed data for a Channel ID on the given * SSL connection and writes it to |md|. */ int @@ -3525,7 +3519,6 @@ tls1_channel_id_hash(EVP_MD_CTX *md, SSL *s) return 1; } -#endif /* tls1_record_handshake_hashes_for_channel_id records the current handshake * hashes in |s->session| so that Channel ID resumptions can sign that data. */ @@ -4011,4 +4004,3 @@ int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) return tls1_check_chain(s, x, pk, chain, -1); } -#endif @@ -297,7 +297,6 @@ extern "C" { #define TLSEXT_curve_P_256 23 #define TLSEXT_curve_P_384 24 -#ifndef OPENSSL_NO_TLSEXT #define TLSEXT_MAXLEN_host_name 255 @@ -379,7 +378,6 @@ SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) -#endif /* OPENSSL_NO_TLSEXT */ /* PSK ciphersuites from 4279 */ #define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A |