Remove support for the `opaque PRF input' extension, which draft has expired

7 years ago and never made it into an RFC. That code wasn't compiled in anyway unless one would define the actual on-the-wire extension id bytes; crank libssl major. With help and enlightenment from Brendan MacDonell.
author: miod <> 2014-06-13 04:29:13 +0000
committer: miod <> 2014-06-13 04:29:13 +0000
commit: 9ef9f06708ef4fe615f3485f5d82f3fb919fdf03 (patch)
tree: 4a096128d8787d1beedaa53fd558a98773de0840 /src/lib/libssl/s3_lib.c
parent: cc594d5ff9b7bb08404d34d62287ee1dfd6b8332 (diff)
download: openbsd-9ef9f06708ef4fe615f3485f5d82f3fb919fdf03.tar.gz
openbsd-9ef9f06708ef4fe615f3485f5d82f3fb919fdf03.tar.bz2
openbsd-9ef9f06708ef4fe615f3485f5d82f3fb919fdf03.zip
1 files changed, 1 insertions, 55 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 03d30125b9..576ce2e52b 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.58 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.59 2014/06/13 04:29:13 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2322,11 +2322,6 @@ ssl3_free(SSL *s)
        if (s == NULL)
                return;
-#ifdef TLSEXT_TYPE_opaque_prf_input
-        free(s->s3->client_opaque_prf_input);
-        free(s->s3->server_opaque_prf_input);
-#endif
        ssl3_cleanup_key_block(s);
        ssl3_release_read_buffer(s);
        ssl3_release_write_buffer(s);
@@ -2351,13 +2346,6 @@ ssl3_clear(SSL *s)
        size_t           rlen, wlen;
        int              init_extra;
-#ifdef TLSEXT_TYPE_opaque_prf_input
-        free(s->s3->client_opaque_prf_input);
-        s->s3->client_opaque_prf_input = NULL;
-        free(s->s3->server_opaque_prf_input);
-        s->s3->server_opaque_prf_input = NULL;
-#endif
        ssl3_cleanup_key_block(s);
        if (s->s3->tmp.ca_names != NULL)
                sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
@@ -2570,35 +2558,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                ret = 1;
                break;
-#ifdef TLSEXT_TYPE_opaque_prf_input
-        case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
-                if (larg > 12288) {
-                        /*
-                         * Actual internal limit is 2^16 for the complete
-                         * hello message (including the cert chain and
-                         * everything)
-                         */
-                        SSLerr(SSL_F_SSL3_CTRL,
-                            SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
-                        break;
-                }
-                free(s->tlsext_opaque_prf_input);
-                if ((size_t)larg == 0) {
-                        s->tlsext_opaque_prf_input = NULL;
-                        s->tlsext_opaque_prf_input_len = 0;
-                        ret = 1;
-                } else {
-                        s->tlsext_opaque_prf_input =
-                            BUF_memdup(parg, (size_t)larg);
-                        if (s->tlsext_opaque_prf_input != NULL) {
-                                s->tlsext_opaque_prf_input_len = (size_t)larg;
-                                ret = 1;
-                        } else
-                                s->tlsext_opaque_prf_input_len = 0;
-                }
-                break;
-#endif
        case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
                s->tlsext_status_type = larg;
                ret = 1;
@@ -2824,12 +2783,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                        return 1;
                }
-#ifdef TLSEXT_TYPE_opaque_prf_input
-        case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
-                ctx->tlsext_opaque_prf_input_callback_arg = parg;
-                return 1;
-#endif
        case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
                ctx->tlsext_status_arg = parg;
                return 1;
@@ -2890,13 +2843,6 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
                    (int (*)(SSL *, int *, void *))fp;
                break;
-#ifdef TLSEXT_TYPE_opaque_prf_input
-        case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
-                ctx->tlsext_opaque_prf_input_callback =
-                    (int (*)(SSL *, void *, size_t, void *))fp;
-                break;
-#endif
        case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
                ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
                break;
author	miod <>	2014-06-13 04:29:13 +0000
committer	miod <>	2014-06-13 04:29:13 +0000
commit	9ef9f06708ef4fe615f3485f5d82f3fb919fdf03 (patch)
tree	4a096128d8787d1beedaa53fd558a98773de0840 /src/lib/libssl/s3_lib.c
parent	cc594d5ff9b7bb08404d34d62287ee1dfd6b8332 (diff)
download	openbsd-9ef9f06708ef4fe615f3485f5d82f3fb919fdf03.tar.gz openbsd-9ef9f06708ef4fe615f3485f5d82f3fb919fdf03.tar.bz2 openbsd-9ef9f06708ef4fe615f3485f5d82f3fb919fdf03.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 03d30125b9..576ce2e52b 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.58 2014/06/12 15:49:31 deraadt Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.59 2014/06/13 04:29:13 miod Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2322,11 +2322,6 @@ ssl3_free(SSL *s)
2322	if (s == NULL)	2322	if (s == NULL)
2323	return;	2323	return;
2324		2324
2325	#ifdef TLSEXT_TYPE_opaque_prf_input
2326	free(s->s3->client_opaque_prf_input);
2327	free(s->s3->server_opaque_prf_input);
2328	#endif
2329
2330	ssl3_cleanup_key_block(s);	2325	ssl3_cleanup_key_block(s);
2331	ssl3_release_read_buffer(s);	2326	ssl3_release_read_buffer(s);
2332	ssl3_release_write_buffer(s);	2327	ssl3_release_write_buffer(s);
@@ -2351,13 +2346,6 @@ ssl3_clear(SSL *s)
2351	size_t rlen, wlen;	2346	size_t rlen, wlen;
2352	int init_extra;	2347	int init_extra;
2353		2348
2354	#ifdef TLSEXT_TYPE_opaque_prf_input
2355	free(s->s3->client_opaque_prf_input);
2356	s->s3->client_opaque_prf_input = NULL;
2357	free(s->s3->server_opaque_prf_input);
2358	s->s3->server_opaque_prf_input = NULL;
2359	#endif
2360
2361	ssl3_cleanup_key_block(s);	2349	ssl3_cleanup_key_block(s);
2362	if (s->s3->tmp.ca_names != NULL)	2350	if (s->s3->tmp.ca_names != NULL)
2363	sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);	2351	sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
@@ -2570,35 +2558,6 @@ ssl3_ctrl(SSL s, int cmd, long larg, void parg)
2570	ret = 1;	2558	ret = 1;
2571	break;	2559	break;
2572		2560
2573	#ifdef TLSEXT_TYPE_opaque_prf_input
2574	case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
2575	if (larg > 12288) {
2576	/*
2577	* Actual internal limit is 2^16 for the complete
2578	* hello message (including the cert chain and
2579	* everything)
2580	*/
2581	SSLerr(SSL_F_SSL3_CTRL,
2582	SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
2583	break;
2584	}
2585	free(s->tlsext_opaque_prf_input);
2586	if ((size_t)larg == 0) {
2587	s->tlsext_opaque_prf_input = NULL;
2588	s->tlsext_opaque_prf_input_len = 0;
2589	ret = 1;
2590	} else {
2591	s->tlsext_opaque_prf_input =
2592	BUF_memdup(parg, (size_t)larg);
2593	if (s->tlsext_opaque_prf_input != NULL) {
2594	s->tlsext_opaque_prf_input_len = (size_t)larg;
2595	ret = 1;
2596	} else
2597	s->tlsext_opaque_prf_input_len = 0;
2598	}
2599	break;
2600	#endif
2601
2602	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:	2561	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2603	s->tlsext_status_type = larg;	2562	s->tlsext_status_type = larg;
2604	ret = 1;	2563	ret = 1;
@@ -2824,12 +2783,6 @@ ssl3_ctx_ctrl(SSL_CTX ctx, int cmd, long larg, void parg)
2824	return 1;	2783	return 1;
2825	}	2784	}
2826		2785
2827	#ifdef TLSEXT_TYPE_opaque_prf_input
2828	case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
2829	ctx->tlsext_opaque_prf_input_callback_arg = parg;
2830	return 1;
2831	#endif
2832
2833	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:	2786	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2834	ctx->tlsext_status_arg = parg;	2787	ctx->tlsext_status_arg = parg;
2835	return 1;	2788	return 1;
@@ -2890,13 +2843,6 @@ ssl3_ctx_callback_ctrl(SSL_CTX ctx, int cmd, void (fp)(void))
2890	(int ()(SSL , int , void ))fp;	2843	(int ()(SSL , int , void ))fp;
2891	break;	2844	break;
2892		2845
2893	#ifdef TLSEXT_TYPE_opaque_prf_input
2894	case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
2895	ctx->tlsext_opaque_prf_input_callback =
2896	(int ()(SSL , void , size_t, void ))fp;
2897	break;
2898	#endif
2899
2900	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:	2846	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2901	ctx->tlsext_status_cb = (int ()(SSL , void *))fp;	2847	ctx->tlsext_status_cb = (int ()(SSL , void *))fp;
2902	break;	2848	break;