Remove the PSK code. We don't need to drag around this

baggage. ok miod@ jsing@
author: beck <> 2014-07-11 09:24:44 +0000
committer: beck <> 2014-07-11 09:24:44 +0000
commit: 0ca5011d0600da1f218404c4541317bad356f8f1 (patch)
tree: fc72650b10ed2f0609c79c34b5d36f8e132e4aa1 /src/lib/libssl/d1_clnt.c
parent: 4b550e7e97a6068d5f18fbfc47b22d8b4faa4ff6 (diff)
download: openbsd-0ca5011d0600da1f218404c4541317bad356f8f1.tar.gz
openbsd-0ca5011d0600da1f218404c4541317bad356f8f1.tar.bz2
openbsd-0ca5011d0600da1f218404c4541317bad356f8f1.zip
1 files changed, 1 insertions, 78 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 04ae11d7bc..3f47a3854b 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.27 2014/07/10 08:51:14 tedu Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.28 2014/07/11 09:24:44 beck Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -1196,83 +1196,6 @@ dtls1_send_client_key_exchange(SSL *s)
                        EVP_PKEY_free(srvr_pub_pkey);
                }
-#ifndef OPENSSL_NO_PSK
-                else if (alg_k & SSL_kPSK) {
-                        char identity[PSK_MAX_IDENTITY_LEN];
-                        unsigned char *t = NULL;
-                        unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2 + 4];
-                        unsigned int pre_ms_len = 0, psk_len = 0;
-                        int psk_err = 1;
-                        n = 0;
-                        if (s->psk_client_callback == NULL) {
-                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                                    SSL_R_PSK_NO_CLIENT_CB);
-                                goto err;
-                        }
-                        psk_len = s->psk_client_callback(s,
-                            s->ctx->psk_identity_hint, identity,
-                            PSK_MAX_IDENTITY_LEN, psk_or_pre_ms,
-                            sizeof(psk_or_pre_ms));
-                        if (psk_len > PSK_MAX_PSK_LEN) {
-                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                                    ERR_R_INTERNAL_ERROR);
-                                goto psk_err;
-                        } else if (psk_len == 0) {
-                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                                    SSL_R_PSK_IDENTITY_NOT_FOUND);
-                                goto psk_err;
-                        }
-                        /* create PSK pre_master_secret */
-                        pre_ms_len = 2 + psk_len + 2 + psk_len;
-                        t = psk_or_pre_ms;
-                        memmove(psk_or_pre_ms + psk_len + 4,
-                            psk_or_pre_ms, psk_len);
-                        s2n(psk_len, t);
-                        memset(t, 0, psk_len);
-                        t += psk_len;
-                        s2n(psk_len, t);
-                        free(s->session->psk_identity_hint);
-                        s->session->psk_identity_hint =
-                            BUF_strdup(s->ctx->psk_identity_hint);
-                        if (s->ctx->psk_identity_hint != NULL &&
-                            s->session->psk_identity_hint == NULL) {
-                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                                    ERR_R_MALLOC_FAILURE);
-                                goto psk_err;
-                        }
-                        free(s->session->psk_identity);
-                        s->session->psk_identity = BUF_strdup(identity);
-                        if (s->session->psk_identity == NULL) {
-                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                                    ERR_R_MALLOC_FAILURE);
-                                goto psk_err;
-                        }
-                        s->session->master_key_length =
-                            s->method->ssl3_enc->generate_master_secret(s,
-                            s->session->master_key,
-                            psk_or_pre_ms, pre_ms_len);
-                        n = strlen(identity);
-                        s2n(n, p);
-                        memcpy(p, identity, n);
-                        n += 2;
-                        psk_err = 0;
-psk_err:
-                        OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
-                        OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
-                        if (psk_err != 0) {
-                                ssl3_send_alert(s, SSL3_AL_FATAL,
-                                    SSL_AD_HANDSHAKE_FAILURE);
-                                goto err;
-                        }
-                }
-#endif
                else {
                        ssl3_send_alert(s, SSL3_AL_FATAL,
                            SSL_AD_HANDSHAKE_FAILURE);
author	beck <>	2014-07-11 09:24:44 +0000
committer	beck <>	2014-07-11 09:24:44 +0000
commit	0ca5011d0600da1f218404c4541317bad356f8f1 (patch)
tree	fc72650b10ed2f0609c79c34b5d36f8e132e4aa1 /src/lib/libssl/d1_clnt.c
parent	4b550e7e97a6068d5f18fbfc47b22d8b4faa4ff6 (diff)
download	openbsd-0ca5011d0600da1f218404c4541317bad356f8f1.tar.gz openbsd-0ca5011d0600da1f218404c4541317bad356f8f1.tar.bz2 openbsd-0ca5011d0600da1f218404c4541317bad356f8f1.zip

diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c index 04ae11d7bc..3f47a3854b 100644 --- a/src/lib/libssl/d1_clnt.c +++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_clnt.c,v 1.27 2014/07/10 08:51:14 tedu Exp $ */	1	/* $OpenBSD: d1_clnt.c,v 1.28 2014/07/11 09:24:44 beck Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -1196,83 +1196,6 @@ dtls1_send_client_key_exchange(SSL *s)
1196	EVP_PKEY_free(srvr_pub_pkey);	1196	EVP_PKEY_free(srvr_pub_pkey);
1197	}	1197	}
1198		1198
1199	#ifndef OPENSSL_NO_PSK
1200	else if (alg_k & SSL_kPSK) {
1201	char identity[PSK_MAX_IDENTITY_LEN];
1202	unsigned char *t = NULL;
1203	unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2 + 4];
1204	unsigned int pre_ms_len = 0, psk_len = 0;
1205	int psk_err = 1;
1206
1207	n = 0;
1208	if (s->psk_client_callback == NULL) {
1209	SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1210	SSL_R_PSK_NO_CLIENT_CB);
1211	goto err;
1212	}
1213
1214	psk_len = s->psk_client_callback(s,
1215	s->ctx->psk_identity_hint, identity,
1216	PSK_MAX_IDENTITY_LEN, psk_or_pre_ms,
1217	sizeof(psk_or_pre_ms));
1218	if (psk_len > PSK_MAX_PSK_LEN) {
1219	SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1220	ERR_R_INTERNAL_ERROR);
1221	goto psk_err;
1222	} else if (psk_len == 0) {
1223	SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1224	SSL_R_PSK_IDENTITY_NOT_FOUND);
1225	goto psk_err;
1226	}
1227
1228	/* create PSK pre_master_secret */
1229	pre_ms_len = 2 + psk_len + 2 + psk_len;
1230	t = psk_or_pre_ms;
1231	memmove(psk_or_pre_ms + psk_len + 4,
1232	psk_or_pre_ms, psk_len);
1233	s2n(psk_len, t);
1234	memset(t, 0, psk_len);
1235	t += psk_len;
1236	s2n(psk_len, t);
1237
1238	free(s->session->psk_identity_hint);
1239	s->session->psk_identity_hint =
1240	BUF_strdup(s->ctx->psk_identity_hint);
1241	if (s->ctx->psk_identity_hint != NULL &&
1242	s->session->psk_identity_hint == NULL) {
1243	SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1244	ERR_R_MALLOC_FAILURE);
1245	goto psk_err;
1246	}
1247
1248	free(s->session->psk_identity);
1249	s->session->psk_identity = BUF_strdup(identity);
1250	if (s->session->psk_identity == NULL) {
1251	SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1252	ERR_R_MALLOC_FAILURE);
1253	goto psk_err;
1254	}
1255
1256	s->session->master_key_length =
1257	s->method->ssl3_enc->generate_master_secret(s,
1258	s->session->master_key,
1259	psk_or_pre_ms, pre_ms_len);
1260
1261	n = strlen(identity);
1262	s2n(n, p);
1263	memcpy(p, identity, n);
1264	n += 2;
1265	psk_err = 0;
1266	psk_err:
1267	OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
1268	OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
1269	if (psk_err != 0) {
1270	ssl3_send_alert(s, SSL3_AL_FATAL,
1271	SSL_AD_HANDSHAKE_FAILURE);
1272	goto err;
1273	}
1274	}
1275	#endif
1276	else {	1199	else {
1277	ssl3_send_alert(s, SSL3_AL_FATAL,	1200	ssl3_send_alert(s, SSL3_AL_FATAL,
1278	SSL_AD_HANDSHAKE_FAILURE);	1201	SSL_AD_HANDSHAKE_FAILURE);