Remove serverinfo checks. Since sanity checks are performed for all custom extensions the serverinfo checks are no longer needed. Reviewed-by: Emilia Käsper <emilia@openssl.org>
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 6504487..bb1074c 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c
@@ -3345,10 +3345,6 @@ #ifndef OPENSSL_NO_SRP SSL_SRP_CTX_free(s); #endif -#ifndef OPENSSL_NO_TLSEXT - if (s->s3->serverinfo_client_tlsext_custom_types != NULL) - OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); -#endif OPENSSL_cleanse(s->s3,sizeof *s->s3); OPENSSL_free(s->s3); s->s3=NULL; @@ -3393,12 +3389,6 @@ } #endif #ifndef OPENSSL_NO_TLSEXT - if (s->s3->serverinfo_client_tlsext_custom_types != NULL) - { - OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); - s->s3->serverinfo_client_tlsext_custom_types = NULL; - } - s->s3->serverinfo_client_tlsext_custom_types_count = 0; #ifndef OPENSSL_NO_EC s->s3->is_probably_safari = 0; #endif /* !OPENSSL_NO_EC */
diff --git a/ssl/ssl3.h b/ssl/ssl3.h index d3167cf..29cb184 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h
@@ -584,12 +584,6 @@ #endif #ifndef OPENSSL_NO_TLSEXT - /* serverinfo_client_tlsext_custom_types contains an array of TLS Extension types which - * were advertised by the client in its ClientHello and leveraged by ServerInfo TLS extension callbacks. - * The array does not contain any duplicates, and is in the same order - * as the types were received in the client hello. */ - unsigned short *serverinfo_client_tlsext_custom_types; - size_t serverinfo_client_tlsext_custom_types_count; /* how many serverinfo_client_tlsext_custom_types */ /* ALPN information * (we are in the process of transitioning from NPN to ALPN.) */
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index c76a2a3..e599533 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c
@@ -863,7 +863,6 @@ unsigned short inlen, int *al, void *arg) { - size_t i = 0; if (inlen != 0) { @@ -871,28 +870,6 @@ return 0; } - /* if already in list, error out */ - for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++) - { - if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - } - s->s3->serverinfo_client_tlsext_custom_types_count++; - s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc( - s->s3->serverinfo_client_tlsext_custom_types, - s->s3->serverinfo_client_tlsext_custom_types_count * 2); - if (s->s3->serverinfo_client_tlsext_custom_types == NULL) - { - s->s3->serverinfo_client_tlsext_custom_types_count = 0; - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - s->s3->serverinfo_client_tlsext_custom_types[ - s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type; - return 1; } @@ -902,22 +879,6 @@ { const unsigned char *serverinfo = NULL; size_t serverinfo_length = 0; - size_t i = 0; - unsigned int match = 0; - /* Did the client send a TLS extension for this type? */ - for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++) - { - if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type) - { - match = 1; - break; - } - } - if (!match) - { - /* extension not sent by client...don't send extension */ - return -1; - } /* Is there serverinfo data for the chosen server cert? */ if ((ssl_get_server_cert_serverinfo(s, &serverinfo,
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 86fb69c..f94a4c0 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c
@@ -1929,14 +1929,6 @@ s->s3->alpn_selected = NULL; } - /* Clear observed custom extensions */ - s->s3->serverinfo_client_tlsext_custom_types_count = 0; - if (s->s3->serverinfo_client_tlsext_custom_types != NULL) - { - OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types); - s->s3->serverinfo_client_tlsext_custom_types = NULL; - } - #ifndef OPENSSL_NO_HEARTBEATS s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED | SSL_TLSEXT_HB_DONT_SEND_REQUESTS);