Remove serverinfo checks.

Since sanity checks are performed for all custom extensions the
serverinfo checks are no longer needed.
Reviewed-by: Emilia Käsper <emilia@openssl.org>

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 6504487c45ea428c832b05f047e04adb299a1d0e..bb1074c67af01e6407c01d487ff30400c9731aea 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3344,10 +3344,6 @@ void ssl3_free(SSL *s)
 
 #ifndef OPENSSL_NO_SRP
        SSL_SRP_CTX_free(s);
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-       if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
-               OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
 #endif
        OPENSSL_cleanse(s->s3,sizeof *s->s3);
        OPENSSL_free(s->s3);
@@ -3393,12 +3389,6 @@ void ssl3_clear(SSL *s)
                }
 #endif
 #ifndef OPENSSL_NO_TLSEXT
-       if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
-               {
-               OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
-               s->s3->serverinfo_client_tlsext_custom_types = NULL;
-               }
-       s->s3->serverinfo_client_tlsext_custom_types_count = 0;
 #ifndef OPENSSL_NO_EC
        s->s3->is_probably_safari = 0;
 #endif /* !OPENSSL_NO_EC */

diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index d3167cf575650fe0dc62154d2074ce974bba250a..29cb184c68a2b0dbb7131a0d876ecae98ea08675 100644 (file)
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -584,12 +584,6 @@ typedef struct ssl3_state_st
 #endif
 
 #ifndef OPENSSL_NO_TLSEXT
-        /* serverinfo_client_tlsext_custom_types contains an array of TLS Extension types which
-         * were advertised by the client in its ClientHello and leveraged by ServerInfo TLS extension callbacks.
-        * The array does not contain any duplicates, and is in the same order
-        * as the types were received in the client hello. */
-        unsigned short *serverinfo_client_tlsext_custom_types;
-        size_t serverinfo_client_tlsext_custom_types_count; /* how many serverinfo_client_tlsext_custom_types */
 
        /* ALPN information
         * (we are in the process of transitioning from NPN to ALPN.) */

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index c76a2a37cd36a246bc8407268da14aa978021479..e5995335099b0cc4cca5c61ba71d9c10176b6682 100644 (file)
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -863,7 +863,6 @@ static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type,
                                   unsigned short inlen, int *al,
                                   void *arg)
        {
-       size_t i = 0;
 
        if (inlen != 0)
                {
@@ -871,28 +870,6 @@ static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type,
                return 0;
                }
 
-       /* if already in list, error out */
-       for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
-               {
-               if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
-                       {
-                       *al = SSL_AD_DECODE_ERROR;
-                       return 0;
-                       }
-               }
-       s->s3->serverinfo_client_tlsext_custom_types_count++;
-       s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc(
-       s->s3->serverinfo_client_tlsext_custom_types,
-       s->s3->serverinfo_client_tlsext_custom_types_count * 2);
-       if (s->s3->serverinfo_client_tlsext_custom_types == NULL)
-               {
-               s->s3->serverinfo_client_tlsext_custom_types_count = 0;
-               *al = TLS1_AD_INTERNAL_ERROR;
-               return 0;
-               }
-       s->s3->serverinfo_client_tlsext_custom_types[
-       s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type;
-
        return 1;
        }
 
@@ -902,22 +879,6 @@ static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type,
        {
        const unsigned char *serverinfo = NULL;
        size_t serverinfo_length = 0;
-       size_t i = 0;
-       unsigned int match = 0;
-       /* Did the client send a TLS extension for this type? */
-       for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
-               {
-               if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
-                       {
-                       match = 1;
-                       break;
-                       }
-               }
-       if (!match)
-               {
-               /* extension not sent by client...don't send extension */
-               return -1;
-               }
 
        /* Is there serverinfo data for the chosen server cert? */
        if ((ssl_get_server_cert_serverinfo(s, &serverinfo,

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 86fb69cb07d5393eb0e156707a7a711a94227eb4..f94a4c0b8a35d44c459a16148c1e5c1f2c0a2ead 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1929,14 +1929,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
                s->s3->alpn_selected = NULL;
                }
 
-       /* Clear observed custom extensions */
-       s->s3->serverinfo_client_tlsext_custom_types_count = 0;
-       if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
-               {
-               OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
-               s->s3->serverinfo_client_tlsext_custom_types = NULL;
-               }
-
 #ifndef OPENSSL_NO_HEARTBEATS
        s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
                               SSL_TLSEXT_HB_DONT_SEND_REQUESTS);