Remove the PSK code. We don't need to drag around this

baggage. ok miod@ jsing@
author: beck <> 2014-07-11 09:24:44 +0000
committer: beck <> 2014-07-11 09:24:44 +0000
commit: c1019dc8eea3a088ca93f060f86acc7cf2a0091f (patch)
tree: fc72650b10ed2f0609c79c34b5d36f8e132e4aa1 /src/lib/libssl/s3_lib.c
parent: a647baf0c3708181c57ffd72cce852a6fda41a41 (diff)
download: openbsd-c1019dc8eea3a088ca93f060f86acc7cf2a0091f.tar.gz
openbsd-c1019dc8eea3a088ca93f060f86acc7cf2a0091f.tar.bz2
openbsd-c1019dc8eea3a088ca93f060f86acc7cf2a0091f.zip
1 files changed, 1 insertions, 71 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 400c1b87e0..f94e207fc4 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.68 2014/07/10 08:51:14 tedu Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.69 2014/07/11 09:24:44 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1262,71 +1262,6 @@ SSL_CIPHER ssl3_ciphers[] = {
        },
 #endif /* OPENSSL_NO_CAMELLIA */
-#ifndef OPENSSL_NO_PSK
-        /* Cipher 8A */
-        {
-                .valid = 1,
-                .name = TLS1_TXT_PSK_WITH_RC4_128_SHA,
-                .id = TLS1_CK_PSK_WITH_RC4_128_SHA,
-                .algorithm_mkey = SSL_kPSK,
-                .algorithm_auth = SSL_aPSK,
-                .algorithm_enc = SSL_RC4,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_MEDIUM,
-                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        /* Cipher 8B */
-        {
-                .valid = 1,
-                .name = TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
-                .id = TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
-                .algorithm_mkey = SSL_kPSK,
-                .algorithm_auth = SSL_aPSK,
-                .algorithm_enc = SSL_3DES,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                .strength_bits = 112,
-                .alg_bits = 168,
-        },
-        /* Cipher 8C */
-        {
-                .valid = 1,
-                .name = TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
-                .id = TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
-                .algorithm_mkey = SSL_kPSK,
-                .algorithm_auth = SSL_aPSK,
-                .algorithm_enc = SSL_AES128,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        /* Cipher 8D */
-        {
-                .valid = 1,
-                .name = TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
-                .id = TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
-                .algorithm_mkey = SSL_kPSK,
-                .algorithm_auth = SSL_aPSK,
-                .algorithm_enc = SSL_AES256,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-#endif  /* OPENSSL_NO_PSK */
        /* GCM ciphersuites from RFC5288 */
@@ -3030,11 +2965,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                alg_k = c->algorithm_mkey;
                alg_a = c->algorithm_auth;
-#ifndef OPENSSL_NO_PSK
-                /* with PSK there must be server callback set */
-                if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
-                        continue;
-#endif /* OPENSSL_NO_PSK */
                ok = (alg_k & mask_k) && (alg_a & mask_a);
author	beck <>	2014-07-11 09:24:44 +0000
committer	beck <>	2014-07-11 09:24:44 +0000
commit	c1019dc8eea3a088ca93f060f86acc7cf2a0091f (patch)
tree	fc72650b10ed2f0609c79c34b5d36f8e132e4aa1 /src/lib/libssl/s3_lib.c
parent	a647baf0c3708181c57ffd72cce852a6fda41a41 (diff)
download	openbsd-c1019dc8eea3a088ca93f060f86acc7cf2a0091f.tar.gz openbsd-c1019dc8eea3a088ca93f060f86acc7cf2a0091f.tar.bz2 openbsd-c1019dc8eea3a088ca93f060f86acc7cf2a0091f.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 400c1b87e0..f94e207fc4 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.68 2014/07/10 08:51:14 tedu Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.69 2014/07/11 09:24:44 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1262,71 +1262,6 @@ SSL_CIPHER ssl3_ciphers[] = {
1262	},	1262	},
1263	#endif /* OPENSSL_NO_CAMELLIA */	1263	#endif /* OPENSSL_NO_CAMELLIA */
1264		1264
1265	#ifndef OPENSSL_NO_PSK
1266	/* Cipher 8A */
1267	{
1268	.valid = 1,
1269	.name = TLS1_TXT_PSK_WITH_RC4_128_SHA,
1270	.id = TLS1_CK_PSK_WITH_RC4_128_SHA,
1271	.algorithm_mkey = SSL_kPSK,
1272	.algorithm_auth = SSL_aPSK,
1273	.algorithm_enc = SSL_RC4,
1274	.algorithm_mac = SSL_SHA1,
1275	.algorithm_ssl = SSL_TLSV1,
1276	.algo_strength = SSL_MEDIUM,
1277	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
1278	.strength_bits = 128,
1279	.alg_bits = 128,
1280	},
1281
1282	/* Cipher 8B */
1283	{
1284	.valid = 1,
1285	.name = TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1286	.id = TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1287	.algorithm_mkey = SSL_kPSK,
1288	.algorithm_auth = SSL_aPSK,
1289	.algorithm_enc = SSL_3DES,
1290	.algorithm_mac = SSL_SHA1,
1291	.algorithm_ssl = SSL_TLSV1,
1292	.algo_strength = SSL_HIGH,
1293	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
1294	.strength_bits = 112,
1295	.alg_bits = 168,
1296	},
1297
1298	/* Cipher 8C */
1299	{
1300	.valid = 1,
1301	.name = TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1302	.id = TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1303	.algorithm_mkey = SSL_kPSK,
1304	.algorithm_auth = SSL_aPSK,
1305	.algorithm_enc = SSL_AES128,
1306	.algorithm_mac = SSL_SHA1,
1307	.algorithm_ssl = SSL_TLSV1,
1308	.algo_strength = SSL_HIGH,
1309	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
1310	.strength_bits = 128,
1311	.alg_bits = 128,
1312	},
1313
1314	/* Cipher 8D */
1315	{
1316	.valid = 1,
1317	.name = TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1318	.id = TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1319	.algorithm_mkey = SSL_kPSK,
1320	.algorithm_auth = SSL_aPSK,
1321	.algorithm_enc = SSL_AES256,
1322	.algorithm_mac = SSL_SHA1,
1323	.algorithm_ssl = SSL_TLSV1,
1324	.algo_strength = SSL_HIGH,
1325	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
1326	.strength_bits = 256,
1327	.alg_bits = 256,
1328	},
1329	#endif /* OPENSSL_NO_PSK */
1330		1265
1331	/* GCM ciphersuites from RFC5288 */	1266	/* GCM ciphersuites from RFC5288 */
1332		1267
@@ -3030,11 +2965,6 @@ SSL_CIPHER ssl3_choose_cipher(SSL s, STACK_OF(SSL_CIPHER) *clnt,
3030	alg_k = c->algorithm_mkey;	2965	alg_k = c->algorithm_mkey;
3031	alg_a = c->algorithm_auth;	2966	alg_a = c->algorithm_auth;
3032		2967
3033	#ifndef OPENSSL_NO_PSK
3034	/* with PSK there must be server callback set */
3035	if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
3036	continue;
3037	#endif /* OPENSSL_NO_PSK */
3038		2968
3039	ok = (alg_k & mask_k) && (alg_a & mask_a);	2969	ok = (alg_k & mask_k) && (alg_a & mask_a);
3040		2970