Remove SRP and Kerberos support from libssl. These are complex protocols

all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
author: tedu <> 2014-05-05 15:03:22 +0000
committer: tedu <> 2014-05-05 15:03:22 +0000
commit: 5b4326f23352be2e7084f2020795d8aa042c746f (patch)
tree: c342d9903092a19dfda173837629fd04c429eda9 /src/lib/libssl/ssl.h
parent: 77dd1ca11ad22b323b27beea447edd1e35c3b24e (diff)
download: openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.tar.gz
openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.tar.bz2
openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.zip
1 files changed, 0 insertions, 70 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 0e117dbca4..dc56abaa99 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -466,10 +466,6 @@ struct ssl_session_st {
        unsigned int sid_ctx_length;
        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-#ifndef OPENSSL_NO_KRB5
-        unsigned int krb5_client_princ_len;
-        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
-#endif /* OPENSSL_NO_KRB5 */
 #ifndef OPENSSL_NO_PSK
        char *psk_identity_hint;
        char *psk_identity;
@@ -522,9 +518,6 @@ struct ssl_session_st {
        size_t tlsext_ticklen;          /* Session ticket length */
        long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
 #endif
-#ifndef OPENSSL_NO_SRP
-        char *srp_username;
-#endif
 };
 #endif
@@ -672,42 +665,6 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
 #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
 #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
-#ifndef OPENSSL_NO_SRP
-#ifndef OPENSSL_NO_SSL_INTERN
-typedef struct srp_ctx_st {
-        /* param for all the callbacks */
-        void *SRP_cb_arg;
-        /* set client Hello login callback */
-        int (*TLS_ext_srp_username_callback)(SSL *, int *, void *);
-        /* set SRP N/g param callback for verification */
-        int (*SRP_verify_param_callback)(SSL *, void *);
-        /* set SRP client passwd callback */
-        char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *);
-        char *login;
-        BIGNUM *N, *g, *s, *B, *A;
-        BIGNUM *a, *b, *v;
-        char *info;
-        int strength;
-        unsigned long srp_Mask;
-} SRP_CTX;
-#endif
-/* see tls_srp.c */
-int SSL_SRP_CTX_init(SSL *s);
-int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
-int SSL_SRP_CTX_free(SSL *ctx);
-int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
-int SSL_srp_server_param_with_username(SSL *s, int *ad);
-int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key);
-int SRP_Calc_A_param(SSL *s);
-int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key);
-#endif
 #define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
@@ -922,9 +879,6 @@ struct ssl_ctx_st {
            unsigned char *psk, unsigned int max_psk_len);
 #endif
-#ifndef OPENSSL_NO_SRP
-        SRP_CTX srp_ctx; /* ctx for SRP authentication */
-#endif
 #ifndef OPENSSL_NO_TLSEXT
@@ -1213,9 +1167,6 @@ struct ssl_st {
        int error;              /* error bytes to be written */
        int error_code;         /* actual code */
-#ifndef OPENSSL_NO_KRB5
-        KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
-#endif  /* OPENSSL_NO_KRB5 */
 #ifndef OPENSSL_NO_PSK
        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
@@ -1327,9 +1278,6 @@ struct ssl_st {
                         * 2 if we are a server and are inside a handshake
                         * (i.e. not just sending a HelloRequest) */
-#ifndef OPENSSL_NO_SRP
-        SRP_CTX srp_ctx; /* ctx for SRP authentication */
-#endif
 };
 #endif
@@ -1771,24 +1719,6 @@ int SSL_set_trust(SSL *s, int trust);
 int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
 int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
-#ifndef OPENSSL_NO_SRP
-int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
-int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
-int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
-int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, char *(*cb)(SSL *, void *));
-int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, int (*cb)(SSL *, void *));
-int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, int (*cb)(SSL *, int *, void *));
-int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
-int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, BIGNUM *sa, BIGNUM *v, char *info);
-int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp);
-BIGNUM *SSL_get_srp_g(SSL *s);
-BIGNUM *SSL_get_srp_N(SSL *s);
-char *SSL_get_srp_username(SSL *s);
-char *SSL_get_srp_userinfo(SSL *s);
-#endif
 void    SSL_free(SSL *ssl);
 int     SSL_accept(SSL *ssl);
author	tedu <>	2014-05-05 15:03:22 +0000
committer	tedu <>	2014-05-05 15:03:22 +0000
commit	5b4326f23352be2e7084f2020795d8aa042c746f (patch)
tree	c342d9903092a19dfda173837629fd04c429eda9 /src/lib/libssl/ssl.h
parent	77dd1ca11ad22b323b27beea447edd1e35c3b24e (diff)
download	openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.tar.gz openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.tar.bz2 openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.zip

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 0e117dbca4..dc56abaa99 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -466,10 +466,6 @@ struct ssl_session_st {
466	unsigned int sid_ctx_length;	466	unsigned int sid_ctx_length;
467	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];	467	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
468		468
469	#ifndef OPENSSL_NO_KRB5
470	unsigned int krb5_client_princ_len;
471	unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
472	#endif /* OPENSSL_NO_KRB5 */
473	#ifndef OPENSSL_NO_PSK	469	#ifndef OPENSSL_NO_PSK
474	char *psk_identity_hint;	470	char *psk_identity_hint;
475	char *psk_identity;	471	char *psk_identity;
@@ -522,9 +518,6 @@ struct ssl_session_st {
522	size_t tlsext_ticklen; /* Session ticket length */	518	size_t tlsext_ticklen; /* Session ticket length */
523	long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */	519	long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
524	#endif	520	#endif
525	#ifndef OPENSSL_NO_SRP
526	char *srp_username;
527	#endif
528	};	521	};
529		522
530	#endif	523	#endif
@@ -672,42 +665,6 @@ void SSL_set_msg_callback(SSL ssl, void (cb)(int write_p, int version,
672	#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))	665	#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
673	#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))	666	#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
674		667
675	#ifndef OPENSSL_NO_SRP
676
677	#ifndef OPENSSL_NO_SSL_INTERN
678
679	typedef struct srp_ctx_st {
680	/* param for all the callbacks */
681	void *SRP_cb_arg;
682	/* set client Hello login callback */
683	int (TLS_ext_srp_username_callback)(SSL , int , void );
684	/* set SRP N/g param callback for verification */
685	int (SRP_verify_param_callback)(SSL , void *);
686	/* set SRP client passwd callback */
687	char (SRP_give_srp_client_pwd_callback)(SSL , void );
688
689	char *login;
690	BIGNUM N, g, s, B, *A;
691	BIGNUM a, b, *v;
692	char *info;
693	int strength;
694
695	unsigned long srp_Mask;
696	} SRP_CTX;
697
698	#endif
699
700	/* see tls_srp.c */
701	int SSL_SRP_CTX_init(SSL *s);
702	int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
703	int SSL_SRP_CTX_free(SSL *ctx);
704	int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
705	int SSL_srp_server_param_with_username(SSL s, int ad);
706	int SRP_generate_server_master_secret(SSL s, unsigned char master_key);
707	int SRP_Calc_A_param(SSL *s);
708	int SRP_generate_client_master_secret(SSL s, unsigned char master_key);
709
710	#endif
711		668
712	#define SSL_MAX_CERT_LIST_DEFAULT 1024100 / 100k max cert list :-) */	669	#define SSL_MAX_CERT_LIST_DEFAULT 1024100 / 100k max cert list :-) */
713		670
@@ -922,9 +879,6 @@ struct ssl_ctx_st {
922	unsigned char *psk, unsigned int max_psk_len);	879	unsigned char *psk, unsigned int max_psk_len);
923	#endif	880	#endif
924		881
925	#ifndef OPENSSL_NO_SRP
926	SRP_CTX srp_ctx; /* ctx for SRP authentication */
927	#endif
928		882
929	#ifndef OPENSSL_NO_TLSEXT	883	#ifndef OPENSSL_NO_TLSEXT
930		884
@@ -1213,9 +1167,6 @@ struct ssl_st {
1213	int error; /* error bytes to be written */	1167	int error; /* error bytes to be written */
1214	int error_code; /* actual code */	1168	int error_code; /* actual code */
1215		1169
1216	#ifndef OPENSSL_NO_KRB5
1217	KSSL_CTX kssl_ctx; / Kerberos 5 context */
1218	#endif /* OPENSSL_NO_KRB5 */
1219		1170
1220	#ifndef OPENSSL_NO_PSK	1171	#ifndef OPENSSL_NO_PSK
1221	unsigned int (psk_client_callback)(SSL ssl, const char *hint,	1172	unsigned int (psk_client_callback)(SSL ssl, const char *hint,
@@ -1327,9 +1278,6 @@ struct ssl_st {
1327	* 2 if we are a server and are inside a handshake	1278	* 2 if we are a server and are inside a handshake
1328	* (i.e. not just sending a HelloRequest) */	1279	* (i.e. not just sending a HelloRequest) */
1329		1280
1330	#ifndef OPENSSL_NO_SRP
1331	SRP_CTX srp_ctx; /* ctx for SRP authentication */
1332	#endif
1333	};	1281	};
1334		1282
1335	#endif	1283	#endif
@@ -1771,24 +1719,6 @@ int SSL_set_trust(SSL *s, int trust);
1771	int SSL_CTX_set1_param(SSL_CTX ctx, X509_VERIFY_PARAM vpm);	1719	int SSL_CTX_set1_param(SSL_CTX ctx, X509_VERIFY_PARAM vpm);
1772	int SSL_set1_param(SSL ssl, X509_VERIFY_PARAM vpm);	1720	int SSL_set1_param(SSL ssl, X509_VERIFY_PARAM vpm);
1773		1721
1774	#ifndef OPENSSL_NO_SRP
1775	int SSL_CTX_set_srp_username(SSL_CTX ctx, char name);
1776	int SSL_CTX_set_srp_password(SSL_CTX ctx, char password);
1777	int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
1778	int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX ctx, char (cb)(SSL , void *));
1779	int SSL_CTX_set_srp_verify_param_callback(SSL_CTX ctx, int (cb)(SSL , void ));
1780	int SSL_CTX_set_srp_username_callback(SSL_CTX ctx, int (cb)(SSL , int , void *));
1781	int SSL_CTX_set_srp_cb_arg(SSL_CTX ctx, void arg);
1782
1783	int SSL_set_srp_server_param(SSL s, const BIGNUM N, const BIGNUM g, BIGNUM sa, BIGNUM v, char info);
1784	int SSL_set_srp_server_param_pw(SSL s, const char user, const char pass, const char grp);
1785
1786	BIGNUM SSL_get_srp_g(SSL s);
1787	BIGNUM SSL_get_srp_N(SSL s);
1788
1789	char SSL_get_srp_username(SSL s);
1790	char SSL_get_srp_userinfo(SSL s);
1791	#endif
1792		1722
1793	void SSL_free(SSL *ssl);	1723	void SSL_free(SSL *ssl);
1794	int SSL_accept(SSL *ssl);	1724	int SSL_accept(SSL *ssl);