summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authormiod <>2014-06-13 04:29:13 +0000
committermiod <>2014-06-13 04:29:13 +0000
commit9ef9f06708ef4fe615f3485f5d82f3fb919fdf03 (patch)
tree4a096128d8787d1beedaa53fd558a98773de0840 /src
parentcc594d5ff9b7bb08404d34d62287ee1dfd6b8332 (diff)
downloadopenbsd-9ef9f06708ef4fe615f3485f5d82f3fb919fdf03.tar.gz
openbsd-9ef9f06708ef4fe615f3485f5d82f3fb919fdf03.tar.bz2
openbsd-9ef9f06708ef4fe615f3485f5d82f3fb919fdf03.zip
Remove support for the `opaque PRF input' extension, which draft has expired
7 years ago and never made it into an RFC. That code wasn't compiled in anyway unless one would define the actual on-the-wire extension id bytes; crank libssl major. With help and enlightenment from Brendan MacDonell.
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/d1_lib.c4
-rw-r--r--src/lib/libssl/s3_lib.c56
-rw-r--r--src/lib/libssl/shlib_version4
-rw-r--r--src/lib/libssl/src/apps/s_cb.c7
-rw-r--r--src/lib/libssl/src/apps/s_client.c7
-rw-r--r--src/lib/libssl/src/apps/s_server.c7
-rw-r--r--src/lib/libssl/src/ssl/d1_lib.c4
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c56
-rw-r--r--src/lib/libssl/src/ssl/ssl.h15
-rw-r--r--src/lib/libssl/src/ssl/ssl3.h11
-rw-r--r--src/lib/libssl/src/ssl/ssl_err.c3
-rw-r--r--src/lib/libssl/src/ssl/ssl_lib.c3
-rw-r--r--src/lib/libssl/src/ssl/t1_enc.c19
-rw-r--r--src/lib/libssl/src/ssl/t1_lib.c214
-rw-r--r--src/lib/libssl/src/ssl/tls1.h9
-rw-r--r--src/lib/libssl/ssl.h15
-rw-r--r--src/lib/libssl/ssl/shlib_version4
-rw-r--r--src/lib/libssl/ssl3.h11
-rw-r--r--src/lib/libssl/ssl_err.c3
-rw-r--r--src/lib/libssl/ssl_lib.c3
-rw-r--r--src/lib/libssl/t1_enc.c19
-rw-r--r--src/lib/libssl/t1_lib.c214
-rw-r--r--src/lib/libssl/tls1.h9
-rw-r--r--src/regress/lib/libssl/ssl/ssltest.c32
24 files changed, 29 insertions, 700 deletions
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index 0b7c6404c5..13c93a77cf 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_lib.c,v 1.19 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: d1_lib.c,v 1.20 2014/06/13 04:29:13 miod Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -135,6 +135,7 @@ dtls1_new(SSL *s)
135 if (d1->buffered_app_data.q) 135 if (d1->buffered_app_data.q)
136 pqueue_free(d1->buffered_app_data.q); 136 pqueue_free(d1->buffered_app_data.q);
137 free(d1); 137 free(d1);
138 ssl3_free(s);
138 return (0); 139 return (0);
139 } 140 }
140 141
@@ -199,6 +200,7 @@ dtls1_free(SSL *s)
199 pqueue_free(s->d1->sent_messages); 200 pqueue_free(s->d1->sent_messages);
200 pqueue_free(s->d1->buffered_app_data.q); 201 pqueue_free(s->d1->buffered_app_data.q);
201 202
203 OPENSSL_cleanse(s->d1, sizeof *s->d1);
202 free(s->d1); 204 free(s->d1);
203 s->d1 = NULL; 205 s->d1 = NULL;
204} 206}
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 03d30125b9..576ce2e52b 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.58 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.59 2014/06/13 04:29:13 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2322,11 +2322,6 @@ ssl3_free(SSL *s)
2322 if (s == NULL) 2322 if (s == NULL)
2323 return; 2323 return;
2324 2324
2325#ifdef TLSEXT_TYPE_opaque_prf_input
2326 free(s->s3->client_opaque_prf_input);
2327 free(s->s3->server_opaque_prf_input);
2328#endif
2329
2330 ssl3_cleanup_key_block(s); 2325 ssl3_cleanup_key_block(s);
2331 ssl3_release_read_buffer(s); 2326 ssl3_release_read_buffer(s);
2332 ssl3_release_write_buffer(s); 2327 ssl3_release_write_buffer(s);
@@ -2351,13 +2346,6 @@ ssl3_clear(SSL *s)
2351 size_t rlen, wlen; 2346 size_t rlen, wlen;
2352 int init_extra; 2347 int init_extra;
2353 2348
2354#ifdef TLSEXT_TYPE_opaque_prf_input
2355 free(s->s3->client_opaque_prf_input);
2356 s->s3->client_opaque_prf_input = NULL;
2357 free(s->s3->server_opaque_prf_input);
2358 s->s3->server_opaque_prf_input = NULL;
2359#endif
2360
2361 ssl3_cleanup_key_block(s); 2349 ssl3_cleanup_key_block(s);
2362 if (s->s3->tmp.ca_names != NULL) 2350 if (s->s3->tmp.ca_names != NULL)
2363 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 2351 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
@@ -2570,35 +2558,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2570 ret = 1; 2558 ret = 1;
2571 break; 2559 break;
2572 2560
2573#ifdef TLSEXT_TYPE_opaque_prf_input
2574 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
2575 if (larg > 12288) {
2576 /*
2577 * Actual internal limit is 2^16 for the complete
2578 * hello message (including the cert chain and
2579 * everything)
2580 */
2581 SSLerr(SSL_F_SSL3_CTRL,
2582 SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
2583 break;
2584 }
2585 free(s->tlsext_opaque_prf_input);
2586 if ((size_t)larg == 0) {
2587 s->tlsext_opaque_prf_input = NULL;
2588 s->tlsext_opaque_prf_input_len = 0;
2589 ret = 1;
2590 } else {
2591 s->tlsext_opaque_prf_input =
2592 BUF_memdup(parg, (size_t)larg);
2593 if (s->tlsext_opaque_prf_input != NULL) {
2594 s->tlsext_opaque_prf_input_len = (size_t)larg;
2595 ret = 1;
2596 } else
2597 s->tlsext_opaque_prf_input_len = 0;
2598 }
2599 break;
2600#endif
2601
2602 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 2561 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2603 s->tlsext_status_type = larg; 2562 s->tlsext_status_type = larg;
2604 ret = 1; 2563 ret = 1;
@@ -2824,12 +2783,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2824 return 1; 2783 return 1;
2825 } 2784 }
2826 2785
2827#ifdef TLSEXT_TYPE_opaque_prf_input
2828 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
2829 ctx->tlsext_opaque_prf_input_callback_arg = parg;
2830 return 1;
2831#endif
2832
2833 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 2786 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2834 ctx->tlsext_status_arg = parg; 2787 ctx->tlsext_status_arg = parg;
2835 return 1; 2788 return 1;
@@ -2890,13 +2843,6 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2890 (int (*)(SSL *, int *, void *))fp; 2843 (int (*)(SSL *, int *, void *))fp;
2891 break; 2844 break;
2892 2845
2893#ifdef TLSEXT_TYPE_opaque_prf_input
2894 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
2895 ctx->tlsext_opaque_prf_input_callback =
2896 (int (*)(SSL *, void *, size_t, void *))fp;
2897 break;
2898#endif
2899
2900 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 2846 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2901 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; 2847 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
2902 break; 2848 break;
diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version
index aa54cbb404..361604a5eb 100644
--- a/src/lib/libssl/shlib_version
+++ b/src/lib/libssl/shlib_version
@@ -1,2 +1,2 @@
1major=24 1major=25
2minor=1 2minor=0
diff --git a/src/lib/libssl/src/apps/s_cb.c b/src/lib/libssl/src/apps/s_cb.c
index 51df99b2e8..29dd80e87d 100644
--- a/src/lib/libssl/src/apps/s_cb.c
+++ b/src/lib/libssl/src/apps/s_cb.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_cb.c,v 1.21 2014/06/12 15:49:27 deraadt Exp $ */ 1/* $OpenBSD: s_cb.c,v 1.22 2014/06/13 04:29:13 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -696,11 +696,6 @@ tlsext_cb(SSL * s, int client_server, int type, unsigned char *data, int len,
696 extname = "renegotiation info"; 696 extname = "renegotiation info";
697 break; 697 break;
698 698
699#ifdef TLSEXT_TYPE_opaque_prf_input
700 case TLSEXT_TYPE_opaque_prf_input:
701 extname = "opaque PRF input";
702 break;
703#endif
704#ifdef TLSEXT_TYPE_next_proto_neg 699#ifdef TLSEXT_TYPE_next_proto_neg
705 case TLSEXT_TYPE_next_proto_neg: 700 case TLSEXT_TYPE_next_proto_neg:
706 extname = "next protocol"; 701 extname = "next protocol";
diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c
index 1e12eca895..c453875c07 100644
--- a/src/lib/libssl/src/apps/s_client.c
+++ b/src/lib/libssl/src/apps/s_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_client.c,v 1.60 2014/06/12 15:49:27 deraadt Exp $ */ 1/* $OpenBSD: s_client.c,v 1.61 2014/06/13 04:29:13 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -910,11 +910,6 @@ bad:
910 } 910 }
911#endif 911#endif
912/* SSL_set_cipher_list(con,"RC4-MD5"); */ 912/* SSL_set_cipher_list(con,"RC4-MD5"); */
913#if 0
914#ifdef TLSEXT_TYPE_opaque_prf_input
915 SSL_set_tlsext_opaque_prf_input(con, "Test client", 11);
916#endif
917#endif
918 913
919re_start: 914re_start:
920 915
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index 25be6121b5..e73b249ca3 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_server.c,v 1.52 2014/06/12 15:49:27 deraadt Exp $ */ 1/* $OpenBSD: s_server.c,v 1.53 2014/06/13 04:29:13 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1541,11 +1541,6 @@ sv_body(char *hostname, int s, unsigned char *context)
1541 strlen((char *) context)); 1541 strlen((char *) context));
1542 } 1542 }
1543 SSL_clear(con); 1543 SSL_clear(con);
1544#if 0
1545#ifdef TLSEXT_TYPE_opaque_prf_input
1546 SSL_set_tlsext_opaque_prf_input(con, "Test server", 11);
1547#endif
1548#endif
1549 1544
1550 if (SSL_version(con) == DTLS1_VERSION) { 1545 if (SSL_version(con) == DTLS1_VERSION) {
1551 1546
diff --git a/src/lib/libssl/src/ssl/d1_lib.c b/src/lib/libssl/src/ssl/d1_lib.c
index 0b7c6404c5..13c93a77cf 100644
--- a/src/lib/libssl/src/ssl/d1_lib.c
+++ b/src/lib/libssl/src/ssl/d1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_lib.c,v 1.19 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: d1_lib.c,v 1.20 2014/06/13 04:29:13 miod Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -135,6 +135,7 @@ dtls1_new(SSL *s)
135 if (d1->buffered_app_data.q) 135 if (d1->buffered_app_data.q)
136 pqueue_free(d1->buffered_app_data.q); 136 pqueue_free(d1->buffered_app_data.q);
137 free(d1); 137 free(d1);
138 ssl3_free(s);
138 return (0); 139 return (0);
139 } 140 }
140 141
@@ -199,6 +200,7 @@ dtls1_free(SSL *s)
199 pqueue_free(s->d1->sent_messages); 200 pqueue_free(s->d1->sent_messages);
200 pqueue_free(s->d1->buffered_app_data.q); 201 pqueue_free(s->d1->buffered_app_data.q);
201 202
203 OPENSSL_cleanse(s->d1, sizeof *s->d1);
202 free(s->d1); 204 free(s->d1);
203 s->d1 = NULL; 205 s->d1 = NULL;
204} 206}
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index 03d30125b9..576ce2e52b 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.58 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.59 2014/06/13 04:29:13 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2322,11 +2322,6 @@ ssl3_free(SSL *s)
2322 if (s == NULL) 2322 if (s == NULL)
2323 return; 2323 return;
2324 2324
2325#ifdef TLSEXT_TYPE_opaque_prf_input
2326 free(s->s3->client_opaque_prf_input);
2327 free(s->s3->server_opaque_prf_input);
2328#endif
2329
2330 ssl3_cleanup_key_block(s); 2325 ssl3_cleanup_key_block(s);
2331 ssl3_release_read_buffer(s); 2326 ssl3_release_read_buffer(s);
2332 ssl3_release_write_buffer(s); 2327 ssl3_release_write_buffer(s);
@@ -2351,13 +2346,6 @@ ssl3_clear(SSL *s)
2351 size_t rlen, wlen; 2346 size_t rlen, wlen;
2352 int init_extra; 2347 int init_extra;
2353 2348
2354#ifdef TLSEXT_TYPE_opaque_prf_input
2355 free(s->s3->client_opaque_prf_input);
2356 s->s3->client_opaque_prf_input = NULL;
2357 free(s->s3->server_opaque_prf_input);
2358 s->s3->server_opaque_prf_input = NULL;
2359#endif
2360
2361 ssl3_cleanup_key_block(s); 2349 ssl3_cleanup_key_block(s);
2362 if (s->s3->tmp.ca_names != NULL) 2350 if (s->s3->tmp.ca_names != NULL)
2363 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 2351 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
@@ -2570,35 +2558,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2570 ret = 1; 2558 ret = 1;
2571 break; 2559 break;
2572 2560
2573#ifdef TLSEXT_TYPE_opaque_prf_input
2574 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
2575 if (larg > 12288) {
2576 /*
2577 * Actual internal limit is 2^16 for the complete
2578 * hello message (including the cert chain and
2579 * everything)
2580 */
2581 SSLerr(SSL_F_SSL3_CTRL,
2582 SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
2583 break;
2584 }
2585 free(s->tlsext_opaque_prf_input);
2586 if ((size_t)larg == 0) {
2587 s->tlsext_opaque_prf_input = NULL;
2588 s->tlsext_opaque_prf_input_len = 0;
2589 ret = 1;
2590 } else {
2591 s->tlsext_opaque_prf_input =
2592 BUF_memdup(parg, (size_t)larg);
2593 if (s->tlsext_opaque_prf_input != NULL) {
2594 s->tlsext_opaque_prf_input_len = (size_t)larg;
2595 ret = 1;
2596 } else
2597 s->tlsext_opaque_prf_input_len = 0;
2598 }
2599 break;
2600#endif
2601
2602 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 2561 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2603 s->tlsext_status_type = larg; 2562 s->tlsext_status_type = larg;
2604 ret = 1; 2563 ret = 1;
@@ -2824,12 +2783,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2824 return 1; 2783 return 1;
2825 } 2784 }
2826 2785
2827#ifdef TLSEXT_TYPE_opaque_prf_input
2828 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
2829 ctx->tlsext_opaque_prf_input_callback_arg = parg;
2830 return 1;
2831#endif
2832
2833 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 2786 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2834 ctx->tlsext_status_arg = parg; 2787 ctx->tlsext_status_arg = parg;
2835 return 1; 2788 return 1;
@@ -2890,13 +2843,6 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2890 (int (*)(SSL *, int *, void *))fp; 2843 (int (*)(SSL *, int *, void *))fp;
2891 break; 2844 break;
2892 2845
2893#ifdef TLSEXT_TYPE_opaque_prf_input
2894 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
2895 ctx->tlsext_opaque_prf_input_callback =
2896 (int (*)(SSL *, void *, size_t, void *))fp;
2897 break;
2898#endif
2899
2900 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 2846 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2901 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; 2847 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
2902 break; 2848 break;
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index a550a442a0..cd71f7bcfe 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.52 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: ssl.h,v 1.53 2014/06/13 04:29:13 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -847,11 +847,6 @@ struct ssl_ctx_st {
847 int (*tlsext_status_cb)(SSL *ssl, void *arg); 847 int (*tlsext_status_cb)(SSL *ssl, void *arg);
848 void *tlsext_status_arg; 848 void *tlsext_status_arg;
849 849
850 /* draft-rescorla-tls-opaque-prf-input-00.txt information */
851 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput,
852 size_t len, void *arg);
853 void *tlsext_opaque_prf_input_callback_arg;
854
855#ifndef OPENSSL_NO_PSK 850#ifndef OPENSSL_NO_PSK
856 char *psk_identity_hint; 851 char *psk_identity_hint;
857 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 852 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
@@ -1201,10 +1196,6 @@ struct ssl_st {
1201 size_t tlsext_ellipticcurvelist_length; 1196 size_t tlsext_ellipticcurvelist_length;
1202 unsigned char *tlsext_ellipticcurvelist; /* our list */ 1197 unsigned char *tlsext_ellipticcurvelist; /* our list */
1203 1198
1204 /* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */
1205 void *tlsext_opaque_prf_input;
1206 size_t tlsext_opaque_prf_input_len;
1207
1208 /* TLS Session Ticket extension override */ 1199 /* TLS Session Ticket extension override */
1209 TLS_SESSION_TICKET_EXT *tlsext_session_ticket; 1200 TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
1210 1201
@@ -1454,9 +1445,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1454#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 1445#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
1455#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 1446#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
1456#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 1447#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
1457#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60
1458#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61
1459#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62
1460#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 1448#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
1461#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 1449#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
1462#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 1450#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
@@ -2259,7 +2247,6 @@ void ERR_load_SSL_strings(void);
2259#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 2247#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
2260#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 2248#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
2261#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 2249#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
2262#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327
2263#define SSL_R_PACKET_LENGTH_TOO_LONG 198 2250#define SSL_R_PACKET_LENGTH_TOO_LONG 198
2264#define SSL_R_PARSE_TLSEXT 227 2251#define SSL_R_PARSE_TLSEXT 227
2265#define SSL_R_PATH_TOO_LONG 270 2252#define SSL_R_PATH_TOO_LONG 270
diff --git a/src/lib/libssl/src/ssl/ssl3.h b/src/lib/libssl/src/ssl/ssl3.h
index 7378136646..7fd00be2d3 100644
--- a/src/lib/libssl/src/ssl/ssl3.h
+++ b/src/lib/libssl/src/ssl/ssl3.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl3.h,v 1.21 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: ssl3.h,v 1.22 2014/06/13 04:29:13 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -452,15 +452,6 @@ typedef struct ssl3_state_st {
452 452
453 int in_read_app_data; 453 int in_read_app_data;
454 454
455 /* Opaque PRF input as used for the current handshake.
456 * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined
457 * (otherwise, they are merely present to improve binary compatibility)
458 */
459 void *client_opaque_prf_input;
460 size_t client_opaque_prf_input_len;
461 void *server_opaque_prf_input;
462 size_t server_opaque_prf_input_len;
463
464 struct { 455 struct {
465 /* actually only needs to be 16+20 */ 456 /* actually only needs to be 16+20 */
466 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; 457 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
diff --git a/src/lib/libssl/src/ssl/ssl_err.c b/src/lib/libssl/src/ssl/ssl_err.c
index 2bb6dcb4a8..0f18b1bc5f 100644
--- a/src/lib/libssl/src/ssl/ssl_err.c
+++ b/src/lib/libssl/src/ssl/ssl_err.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_err.c,v 1.23 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: ssl_err.c,v 1.24 2014/06/13 04:29:13 miod Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -454,7 +454,6 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
454 {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), "old session cipher not returned"}, 454 {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), "old session cipher not returned"},
455 {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), "old session compression algorithm not returned"}, 455 {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), "old session compression algorithm not returned"},
456 {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE), "only tls allowed in fips mode"}, 456 {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE), "only tls allowed in fips mode"},
457 {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG), "opaque PRF input too long"},
458 {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"}, 457 {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"},
459 {ERR_REASON(SSL_R_PARSE_TLSEXT) , "parse tlsext"}, 458 {ERR_REASON(SSL_R_PARSE_TLSEXT) , "parse tlsext"},
460 {ERR_REASON(SSL_R_PATH_TOO_LONG) , "path too long"}, 459 {ERR_REASON(SSL_R_PATH_TOO_LONG) , "path too long"},
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index 54b737d482..05abdb3944 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.65 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.66 2014/06/13 04:29:13 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -536,7 +536,6 @@ SSL_free(SSL *s)
536 SSL_CTX_free(s->initial_ctx); 536 SSL_CTX_free(s->initial_ctx);
537 free(s->tlsext_ecpointformatlist); 537 free(s->tlsext_ecpointformatlist);
538 free(s->tlsext_ellipticcurvelist); 538 free(s->tlsext_ellipticcurvelist);
539 free(s->tlsext_opaque_prf_input);
540 if (s->tlsext_ocsp_exts) 539 if (s->tlsext_ocsp_exts)
541 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, 540 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
542 X509_EXTENSION_free); 541 X509_EXTENSION_free);
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index 304898aeb8..6d2e21c412 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.54 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.55 2014/06/13 04:29:13 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -998,23 +998,6 @@ tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
998 const void *co = NULL, *so = NULL; 998 const void *co = NULL, *so = NULL;
999 int col = 0, sol = 0; 999 int col = 0, sol = 0;
1000 1000
1001#ifdef TLSEXT_TYPE_opaque_prf_input
1002 if (s->s3->client_opaque_prf_input != NULL &&
1003 s->s3->server_opaque_prf_input != NULL &&
1004 s->s3->client_opaque_prf_input_len > 0 &&
1005 s->s3->client_opaque_prf_input_len ==
1006 s->s3->server_opaque_prf_input_len) {
1007 /*
1008 * sol must be same as col - see section 3.1 of
1009 * draft-rescorla-tls-opaque-prf-input-00.txt.
1010 */
1011 co = s->s3->client_opaque_prf_input;
1012 col = s->s3->server_opaque_prf_input_len;
1013 so = s->s3->server_opaque_prf_input;
1014 sol = s->s3->client_opaque_prf_input_len;
1015 }
1016#endif
1017
1018 tls1_PRF(ssl_get_algorithm2(s), 1001 tls1_PRF(ssl_get_algorithm2(s),
1019 TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE, 1002 TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
1020 s->s3->client_random, SSL3_RANDOM_SIZE, co, col, 1003 s->s3->client_random, SSL3_RANDOM_SIZE, co, col,
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index 6e4a29c4c8..b780faf603 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.45 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.46 2014/06/13 04:29:13 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -557,25 +557,6 @@ skip_ext:
557 ret += sizeof(tls12_sigalgs); 557 ret += sizeof(tls12_sigalgs);
558 } 558 }
559 559
560#ifdef TLSEXT_TYPE_opaque_prf_input
561 if (s->s3->client_opaque_prf_input != NULL &&
562 s->version != DTLS1_VERSION) {
563 size_t col = s->s3->client_opaque_prf_input_len;
564
565 if ((size_t)(limit - ret) < 6 + col)
566 return NULL;
567 if (col > 0xFFFD) /* can't happen */
568 return NULL;
569
570 s2n(TLSEXT_TYPE_opaque_prf_input, ret);
571
572 s2n(col + 2, ret);
573 s2n(col, ret);
574 memcpy(ret, s->s3->client_opaque_prf_input, col);
575 ret += col;
576 }
577#endif
578
579 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && 560 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
580 s->version != DTLS1_VERSION) { 561 s->version != DTLS1_VERSION) {
581 int i; 562 int i;
@@ -783,25 +764,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
783 s2n(0, ret); 764 s2n(0, ret);
784 } 765 }
785 766
786#ifdef TLSEXT_TYPE_opaque_prf_input
787 if (s->s3->server_opaque_prf_input != NULL &&
788 s->version != DTLS1_VERSION) {
789 size_t sol = s->s3->server_opaque_prf_input_len;
790
791 if ((size_t)(limit - ret) < 6 + sol)
792 return NULL;
793 if (sol > 0xFFFD) /* can't happen */
794 return NULL;
795
796 s2n(TLSEXT_TYPE_opaque_prf_input, ret);
797
798 s2n(sol + 2, ret);
799 s2n(sol, ret);
800 memcpy(ret, s->s3->server_opaque_prf_input, sol);
801 ret += sol;
802 }
803#endif
804
805#ifndef OPENSSL_NO_SRTP 767#ifndef OPENSSL_NO_SRTP
806 if (s->srtp_profile) { 768 if (s->srtp_profile) {
807 int el; 769 int el;
@@ -1131,35 +1093,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1131 memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); 1093 memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
1132 } 1094 }
1133 } 1095 }
1134#ifdef TLSEXT_TYPE_opaque_prf_input
1135 else if (type == TLSEXT_TYPE_opaque_prf_input &&
1136 s->version != DTLS1_VERSION) {
1137 unsigned char *sdata = data;
1138
1139 if (size < 2) {
1140 *al = SSL_AD_DECODE_ERROR;
1141 return 0;
1142 }
1143 n2s(sdata, s->s3->client_opaque_prf_input_len);
1144 if (s->s3->client_opaque_prf_input_len != size - 2) {
1145 *al = SSL_AD_DECODE_ERROR;
1146 return 0;
1147 }
1148
1149 free(s->s3->client_opaque_prf_input);
1150 s->s3->client_opaque_prf_input = NULL;
1151
1152 if (s->s3->client_opaque_prf_input_len != 0) {
1153 s->s3->client_opaque_prf_input =
1154 BUF_memdup(sdata,
1155 s->s3->client_opaque_prf_input_len);
1156 if (s->s3->client_opaque_prf_input == NULL) {
1157 *al = TLS1_AD_INTERNAL_ERROR;
1158 return 0;
1159 }
1160 }
1161 }
1162#endif
1163 else if (type == TLSEXT_TYPE_session_ticket) { 1096 else if (type == TLSEXT_TYPE_session_ticket) {
1164 if (s->tls_session_ticket_ext_cb && 1097 if (s->tls_session_ticket_ext_cb &&
1165 !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) { 1098 !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) {
@@ -1428,35 +1361,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1428 } 1361 }
1429 s->tlsext_ticket_expected = 1; 1362 s->tlsext_ticket_expected = 1;
1430 } 1363 }
1431#ifdef TLSEXT_TYPE_opaque_prf_input
1432 else if (type == TLSEXT_TYPE_opaque_prf_input &&
1433 s->version != DTLS1_VERSION) {
1434 unsigned char *sdata = data;
1435
1436 if (size < 2) {
1437 *al = SSL_AD_DECODE_ERROR;
1438 return 0;
1439 }
1440 n2s(sdata, s->s3->server_opaque_prf_input_len);
1441 if (s->s3->server_opaque_prf_input_len != size - 2) {
1442 *al = SSL_AD_DECODE_ERROR;
1443 return 0;
1444 }
1445
1446 free(s->s3->server_opaque_prf_input);
1447 s->s3->server_opaque_prf_input = NULL;
1448
1449 if (s->s3->server_opaque_prf_input_len != 0)
1450 s->s3->server_opaque_prf_input =
1451 BUF_memdup(sdata,
1452 s->s3->server_opaque_prf_input_len);
1453 if (s->s3->server_opaque_prf_input == NULL) {
1454 *al = TLS1_AD_INTERNAL_ERROR;
1455 return 0;
1456 }
1457 }
1458 }
1459#endif
1460 else if (type == TLSEXT_TYPE_status_request && 1364 else if (type == TLSEXT_TYPE_status_request &&
1461 s->version != DTLS1_VERSION) { 1365 s->version != DTLS1_VERSION) {
1462 /* MUST be empty and only sent if we've requested 1366 /* MUST be empty and only sent if we've requested
@@ -1609,42 +1513,6 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1609 } 1513 }
1610 } 1514 }
1611 1515
1612#ifdef TLSEXT_TYPE_opaque_prf_input
1613 {
1614 int r = 1;
1615
1616 if (s->ctx->tlsext_opaque_prf_input_callback != 0) {
1617 r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0,
1618 s->ctx->tlsext_opaque_prf_input_callback_arg);
1619 if (!r)
1620 return -1;
1621 }
1622
1623 if (s->tlsext_opaque_prf_input != NULL) {
1624 free(s->s3->client_opaque_prf_input);
1625 s->s3->client_opaque_prf_input = NULL;
1626 if (s->tlsext_opaque_prf_input_len != 0) {
1627 s->s3->client_opaque_prf_input =
1628 BUF_memdup(s->tlsext_opaque_prf_input,
1629 s->tlsext_opaque_prf_input_len);
1630 if (s->s3->client_opaque_prf_input == NULL) {
1631 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
1632 ERR_R_MALLOC_FAILURE);
1633 return -1;
1634 }
1635 }
1636 s->s3->client_opaque_prf_input_len =
1637 s->tlsext_opaque_prf_input_len;
1638 }
1639
1640 if (r == 2) {
1641 /* at callback's request, insist on receiving an appropriate server opaque PRF input */
1642 s->s3->server_opaque_prf_input_len =
1643 s->tlsext_opaque_prf_input_len;
1644 }
1645 }
1646#endif
1647
1648 return 1; 1516 return 1;
1649} 1517}
1650 1518
@@ -1694,65 +1562,6 @@ ssl_check_clienthello_tlsext_early(SSL *s)
1694 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 1562 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
1695 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); 1563 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
1696 1564
1697#ifdef TLSEXT_TYPE_opaque_prf_input
1698 {
1699 /* This sort of belongs into ssl_prepare_serverhello_tlsext(),
1700 * but we might be sending an alert in response to the client hello,
1701 * so this has to happen here in
1702 * ssl_check_clienthello_tlsext_early(). */
1703
1704 int r = 1;
1705
1706 if (s->ctx->tlsext_opaque_prf_input_callback != 0) {
1707 r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0,
1708 s->ctx->tlsext_opaque_prf_input_callback_arg);
1709 if (!r) {
1710 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1711 al = SSL_AD_INTERNAL_ERROR;
1712 goto err;
1713 }
1714 }
1715
1716 free(s->s3->server_opaque_prf_input);
1717 s->s3->server_opaque_prf_input = NULL;
1718
1719 if (s->tlsext_opaque_prf_input != NULL) {
1720 if (s->s3->client_opaque_prf_input != NULL &&
1721 s->s3->client_opaque_prf_input_len ==
1722 s->tlsext_opaque_prf_input_len) {
1723 /*
1724 * Can only use this extension if we have a
1725 * server opaque PRF input of the same length
1726 * as the client opaque PRF input!
1727 */
1728 if (s->tlsext_opaque_prf_input_len != 0) {
1729 s->s3->server_opaque_prf_input =
1730 BUF_memdup(s->tlsext_opaque_prf_input,
1731 s->tlsext_opaque_prf_input_len);
1732 if (s->s3->server_opaque_prf_input ==
1733 NULL) {
1734 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1735 al = SSL_AD_INTERNAL_ERROR;
1736 goto err;
1737 }
1738 }
1739 s->s3->server_opaque_prf_input_len =
1740 s->tlsext_opaque_prf_input_len;
1741 }
1742 }
1743
1744 if (r == 2 && s->s3->server_opaque_prf_input == NULL) {
1745 /* The callback wants to enforce use of the extension,
1746 * but we can't do that with the client opaque PRF input;
1747 * abort the handshake.
1748 */
1749 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1750 al = SSL_AD_HANDSHAKE_FAILURE;
1751 }
1752 }
1753
1754err:
1755#endif
1756 switch (ret) { 1565 switch (ret) {
1757 case SSL_TLSEXT_ERR_ALERT_FATAL: 1566 case SSL_TLSEXT_ERR_ALERT_FATAL:
1758 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1567 ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -1867,27 +1676,6 @@ ssl_check_serverhello_tlsext(SSL *s)
1867 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 1676 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
1868 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); 1677 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
1869 1678
1870#ifdef TLSEXT_TYPE_opaque_prf_input
1871 if (s->s3->server_opaque_prf_input_len > 0) {
1872 /* This case may indicate that we, as a client, want to insist on using opaque PRF inputs.
1873 * So first verify that we really have a value from the server too. */
1874
1875 if (s->s3->server_opaque_prf_input == NULL) {
1876 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1877 al = SSL_AD_HANDSHAKE_FAILURE;
1878 }
1879
1880 /* Anytime the server *has* sent an opaque PRF input, we need to check
1881 * that we have a client opaque PRF input of the same size. */
1882 if (s->s3->client_opaque_prf_input == NULL ||
1883 s->s3->client_opaque_prf_input_len !=
1884 s->s3->server_opaque_prf_input_len) {
1885 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1886 al = SSL_AD_ILLEGAL_PARAMETER;
1887 }
1888 }
1889#endif
1890
1891 /* If we've requested certificate status and we wont get one 1679 /* If we've requested certificate status and we wont get one
1892 * tell the callback 1680 * tell the callback
1893 */ 1681 */
diff --git a/src/lib/libssl/src/ssl/tls1.h b/src/lib/libssl/src/ssl/tls1.h
index f3341017a7..dbe8979a88 100644
--- a/src/lib/libssl/src/ssl/tls1.h
+++ b/src/lib/libssl/src/ssl/tls1.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls1.h,v 1.17 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: tls1.h,v 1.18 2014/06/13 04:29:13 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -342,13 +342,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
342#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ 342#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
343SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) 343SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
344 344
345#define SSL_set_tlsext_opaque_prf_input(s, src, len) \
346SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src)
347#define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \
348SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb)
349#define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \
350SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
351
352#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ 345#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
353SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) 346SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
354 347
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index a550a442a0..cd71f7bcfe 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.52 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: ssl.h,v 1.53 2014/06/13 04:29:13 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -847,11 +847,6 @@ struct ssl_ctx_st {
847 int (*tlsext_status_cb)(SSL *ssl, void *arg); 847 int (*tlsext_status_cb)(SSL *ssl, void *arg);
848 void *tlsext_status_arg; 848 void *tlsext_status_arg;
849 849
850 /* draft-rescorla-tls-opaque-prf-input-00.txt information */
851 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput,
852 size_t len, void *arg);
853 void *tlsext_opaque_prf_input_callback_arg;
854
855#ifndef OPENSSL_NO_PSK 850#ifndef OPENSSL_NO_PSK
856 char *psk_identity_hint; 851 char *psk_identity_hint;
857 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 852 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
@@ -1201,10 +1196,6 @@ struct ssl_st {
1201 size_t tlsext_ellipticcurvelist_length; 1196 size_t tlsext_ellipticcurvelist_length;
1202 unsigned char *tlsext_ellipticcurvelist; /* our list */ 1197 unsigned char *tlsext_ellipticcurvelist; /* our list */
1203 1198
1204 /* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */
1205 void *tlsext_opaque_prf_input;
1206 size_t tlsext_opaque_prf_input_len;
1207
1208 /* TLS Session Ticket extension override */ 1199 /* TLS Session Ticket extension override */
1209 TLS_SESSION_TICKET_EXT *tlsext_session_ticket; 1200 TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
1210 1201
@@ -1454,9 +1445,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1454#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 1445#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
1455#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 1446#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
1456#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 1447#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
1457#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60
1458#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61
1459#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62
1460#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 1448#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
1461#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 1449#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
1462#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 1450#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
@@ -2259,7 +2247,6 @@ void ERR_load_SSL_strings(void);
2259#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 2247#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
2260#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 2248#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
2261#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 2249#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
2262#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327
2263#define SSL_R_PACKET_LENGTH_TOO_LONG 198 2250#define SSL_R_PACKET_LENGTH_TOO_LONG 198
2264#define SSL_R_PARSE_TLSEXT 227 2251#define SSL_R_PARSE_TLSEXT 227
2265#define SSL_R_PATH_TOO_LONG 270 2252#define SSL_R_PATH_TOO_LONG 270
diff --git a/src/lib/libssl/ssl/shlib_version b/src/lib/libssl/ssl/shlib_version
index aa54cbb404..361604a5eb 100644
--- a/src/lib/libssl/ssl/shlib_version
+++ b/src/lib/libssl/ssl/shlib_version
@@ -1,2 +1,2 @@
1major=24 1major=25
2minor=1 2minor=0
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 7378136646..7fd00be2d3 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl3.h,v 1.21 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: ssl3.h,v 1.22 2014/06/13 04:29:13 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -452,15 +452,6 @@ typedef struct ssl3_state_st {
452 452
453 int in_read_app_data; 453 int in_read_app_data;
454 454
455 /* Opaque PRF input as used for the current handshake.
456 * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined
457 * (otherwise, they are merely present to improve binary compatibility)
458 */
459 void *client_opaque_prf_input;
460 size_t client_opaque_prf_input_len;
461 void *server_opaque_prf_input;
462 size_t server_opaque_prf_input_len;
463
464 struct { 455 struct {
465 /* actually only needs to be 16+20 */ 456 /* actually only needs to be 16+20 */
466 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; 457 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index 2bb6dcb4a8..0f18b1bc5f 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_err.c,v 1.23 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: ssl_err.c,v 1.24 2014/06/13 04:29:13 miod Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -454,7 +454,6 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
454 {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), "old session cipher not returned"}, 454 {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), "old session cipher not returned"},
455 {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), "old session compression algorithm not returned"}, 455 {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), "old session compression algorithm not returned"},
456 {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE), "only tls allowed in fips mode"}, 456 {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE), "only tls allowed in fips mode"},
457 {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG), "opaque PRF input too long"},
458 {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"}, 457 {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"},
459 {ERR_REASON(SSL_R_PARSE_TLSEXT) , "parse tlsext"}, 458 {ERR_REASON(SSL_R_PARSE_TLSEXT) , "parse tlsext"},
460 {ERR_REASON(SSL_R_PATH_TOO_LONG) , "path too long"}, 459 {ERR_REASON(SSL_R_PATH_TOO_LONG) , "path too long"},
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 54b737d482..05abdb3944 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.65 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.66 2014/06/13 04:29:13 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -536,7 +536,6 @@ SSL_free(SSL *s)
536 SSL_CTX_free(s->initial_ctx); 536 SSL_CTX_free(s->initial_ctx);
537 free(s->tlsext_ecpointformatlist); 537 free(s->tlsext_ecpointformatlist);
538 free(s->tlsext_ellipticcurvelist); 538 free(s->tlsext_ellipticcurvelist);
539 free(s->tlsext_opaque_prf_input);
540 if (s->tlsext_ocsp_exts) 539 if (s->tlsext_ocsp_exts)
541 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, 540 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
542 X509_EXTENSION_free); 541 X509_EXTENSION_free);
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 304898aeb8..6d2e21c412 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.54 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.55 2014/06/13 04:29:13 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -998,23 +998,6 @@ tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
998 const void *co = NULL, *so = NULL; 998 const void *co = NULL, *so = NULL;
999 int col = 0, sol = 0; 999 int col = 0, sol = 0;
1000 1000
1001#ifdef TLSEXT_TYPE_opaque_prf_input
1002 if (s->s3->client_opaque_prf_input != NULL &&
1003 s->s3->server_opaque_prf_input != NULL &&
1004 s->s3->client_opaque_prf_input_len > 0 &&
1005 s->s3->client_opaque_prf_input_len ==
1006 s->s3->server_opaque_prf_input_len) {
1007 /*
1008 * sol must be same as col - see section 3.1 of
1009 * draft-rescorla-tls-opaque-prf-input-00.txt.
1010 */
1011 co = s->s3->client_opaque_prf_input;
1012 col = s->s3->server_opaque_prf_input_len;
1013 so = s->s3->server_opaque_prf_input;
1014 sol = s->s3->client_opaque_prf_input_len;
1015 }
1016#endif
1017
1018 tls1_PRF(ssl_get_algorithm2(s), 1001 tls1_PRF(ssl_get_algorithm2(s),
1019 TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE, 1002 TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
1020 s->s3->client_random, SSL3_RANDOM_SIZE, co, col, 1003 s->s3->client_random, SSL3_RANDOM_SIZE, co, col,
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 6e4a29c4c8..b780faf603 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.45 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.46 2014/06/13 04:29:13 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -557,25 +557,6 @@ skip_ext:
557 ret += sizeof(tls12_sigalgs); 557 ret += sizeof(tls12_sigalgs);
558 } 558 }
559 559
560#ifdef TLSEXT_TYPE_opaque_prf_input
561 if (s->s3->client_opaque_prf_input != NULL &&
562 s->version != DTLS1_VERSION) {
563 size_t col = s->s3->client_opaque_prf_input_len;
564
565 if ((size_t)(limit - ret) < 6 + col)
566 return NULL;
567 if (col > 0xFFFD) /* can't happen */
568 return NULL;
569
570 s2n(TLSEXT_TYPE_opaque_prf_input, ret);
571
572 s2n(col + 2, ret);
573 s2n(col, ret);
574 memcpy(ret, s->s3->client_opaque_prf_input, col);
575 ret += col;
576 }
577#endif
578
579 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && 560 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
580 s->version != DTLS1_VERSION) { 561 s->version != DTLS1_VERSION) {
581 int i; 562 int i;
@@ -783,25 +764,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
783 s2n(0, ret); 764 s2n(0, ret);
784 } 765 }
785 766
786#ifdef TLSEXT_TYPE_opaque_prf_input
787 if (s->s3->server_opaque_prf_input != NULL &&
788 s->version != DTLS1_VERSION) {
789 size_t sol = s->s3->server_opaque_prf_input_len;
790
791 if ((size_t)(limit - ret) < 6 + sol)
792 return NULL;
793 if (sol > 0xFFFD) /* can't happen */
794 return NULL;
795
796 s2n(TLSEXT_TYPE_opaque_prf_input, ret);
797
798 s2n(sol + 2, ret);
799 s2n(sol, ret);
800 memcpy(ret, s->s3->server_opaque_prf_input, sol);
801 ret += sol;
802 }
803#endif
804
805#ifndef OPENSSL_NO_SRTP 767#ifndef OPENSSL_NO_SRTP
806 if (s->srtp_profile) { 768 if (s->srtp_profile) {
807 int el; 769 int el;
@@ -1131,35 +1093,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1131 memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); 1093 memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
1132 } 1094 }
1133 } 1095 }
1134#ifdef TLSEXT_TYPE_opaque_prf_input
1135 else if (type == TLSEXT_TYPE_opaque_prf_input &&
1136 s->version != DTLS1_VERSION) {
1137 unsigned char *sdata = data;
1138
1139 if (size < 2) {
1140 *al = SSL_AD_DECODE_ERROR;
1141 return 0;
1142 }
1143 n2s(sdata, s->s3->client_opaque_prf_input_len);
1144 if (s->s3->client_opaque_prf_input_len != size - 2) {
1145 *al = SSL_AD_DECODE_ERROR;
1146 return 0;
1147 }
1148
1149 free(s->s3->client_opaque_prf_input);
1150 s->s3->client_opaque_prf_input = NULL;
1151
1152 if (s->s3->client_opaque_prf_input_len != 0) {
1153 s->s3->client_opaque_prf_input =
1154 BUF_memdup(sdata,
1155 s->s3->client_opaque_prf_input_len);
1156 if (s->s3->client_opaque_prf_input == NULL) {
1157 *al = TLS1_AD_INTERNAL_ERROR;
1158 return 0;
1159 }
1160 }
1161 }
1162#endif
1163 else if (type == TLSEXT_TYPE_session_ticket) { 1096 else if (type == TLSEXT_TYPE_session_ticket) {
1164 if (s->tls_session_ticket_ext_cb && 1097 if (s->tls_session_ticket_ext_cb &&
1165 !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) { 1098 !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) {
@@ -1428,35 +1361,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1428 } 1361 }
1429 s->tlsext_ticket_expected = 1; 1362 s->tlsext_ticket_expected = 1;
1430 } 1363 }
1431#ifdef TLSEXT_TYPE_opaque_prf_input
1432 else if (type == TLSEXT_TYPE_opaque_prf_input &&
1433 s->version != DTLS1_VERSION) {
1434 unsigned char *sdata = data;
1435
1436 if (size < 2) {
1437 *al = SSL_AD_DECODE_ERROR;
1438 return 0;
1439 }
1440 n2s(sdata, s->s3->server_opaque_prf_input_len);
1441 if (s->s3->server_opaque_prf_input_len != size - 2) {
1442 *al = SSL_AD_DECODE_ERROR;
1443 return 0;
1444 }
1445
1446 free(s->s3->server_opaque_prf_input);
1447 s->s3->server_opaque_prf_input = NULL;
1448
1449 if (s->s3->server_opaque_prf_input_len != 0)
1450 s->s3->server_opaque_prf_input =
1451 BUF_memdup(sdata,
1452 s->s3->server_opaque_prf_input_len);
1453 if (s->s3->server_opaque_prf_input == NULL) {
1454 *al = TLS1_AD_INTERNAL_ERROR;
1455 return 0;
1456 }
1457 }
1458 }
1459#endif
1460 else if (type == TLSEXT_TYPE_status_request && 1364 else if (type == TLSEXT_TYPE_status_request &&
1461 s->version != DTLS1_VERSION) { 1365 s->version != DTLS1_VERSION) {
1462 /* MUST be empty and only sent if we've requested 1366 /* MUST be empty and only sent if we've requested
@@ -1609,42 +1513,6 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1609 } 1513 }
1610 } 1514 }
1611 1515
1612#ifdef TLSEXT_TYPE_opaque_prf_input
1613 {
1614 int r = 1;
1615
1616 if (s->ctx->tlsext_opaque_prf_input_callback != 0) {
1617 r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0,
1618 s->ctx->tlsext_opaque_prf_input_callback_arg);
1619 if (!r)
1620 return -1;
1621 }
1622
1623 if (s->tlsext_opaque_prf_input != NULL) {
1624 free(s->s3->client_opaque_prf_input);
1625 s->s3->client_opaque_prf_input = NULL;
1626 if (s->tlsext_opaque_prf_input_len != 0) {
1627 s->s3->client_opaque_prf_input =
1628 BUF_memdup(s->tlsext_opaque_prf_input,
1629 s->tlsext_opaque_prf_input_len);
1630 if (s->s3->client_opaque_prf_input == NULL) {
1631 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
1632 ERR_R_MALLOC_FAILURE);
1633 return -1;
1634 }
1635 }
1636 s->s3->client_opaque_prf_input_len =
1637 s->tlsext_opaque_prf_input_len;
1638 }
1639
1640 if (r == 2) {
1641 /* at callback's request, insist on receiving an appropriate server opaque PRF input */
1642 s->s3->server_opaque_prf_input_len =
1643 s->tlsext_opaque_prf_input_len;
1644 }
1645 }
1646#endif
1647
1648 return 1; 1516 return 1;
1649} 1517}
1650 1518
@@ -1694,65 +1562,6 @@ ssl_check_clienthello_tlsext_early(SSL *s)
1694 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 1562 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
1695 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); 1563 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
1696 1564
1697#ifdef TLSEXT_TYPE_opaque_prf_input
1698 {
1699 /* This sort of belongs into ssl_prepare_serverhello_tlsext(),
1700 * but we might be sending an alert in response to the client hello,
1701 * so this has to happen here in
1702 * ssl_check_clienthello_tlsext_early(). */
1703
1704 int r = 1;
1705
1706 if (s->ctx->tlsext_opaque_prf_input_callback != 0) {
1707 r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0,
1708 s->ctx->tlsext_opaque_prf_input_callback_arg);
1709 if (!r) {
1710 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1711 al = SSL_AD_INTERNAL_ERROR;
1712 goto err;
1713 }
1714 }
1715
1716 free(s->s3->server_opaque_prf_input);
1717 s->s3->server_opaque_prf_input = NULL;
1718
1719 if (s->tlsext_opaque_prf_input != NULL) {
1720 if (s->s3->client_opaque_prf_input != NULL &&
1721 s->s3->client_opaque_prf_input_len ==
1722 s->tlsext_opaque_prf_input_len) {
1723 /*
1724 * Can only use this extension if we have a
1725 * server opaque PRF input of the same length
1726 * as the client opaque PRF input!
1727 */
1728 if (s->tlsext_opaque_prf_input_len != 0) {
1729 s->s3->server_opaque_prf_input =
1730 BUF_memdup(s->tlsext_opaque_prf_input,
1731 s->tlsext_opaque_prf_input_len);
1732 if (s->s3->server_opaque_prf_input ==
1733 NULL) {
1734 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1735 al = SSL_AD_INTERNAL_ERROR;
1736 goto err;
1737 }
1738 }
1739 s->s3->server_opaque_prf_input_len =
1740 s->tlsext_opaque_prf_input_len;
1741 }
1742 }
1743
1744 if (r == 2 && s->s3->server_opaque_prf_input == NULL) {
1745 /* The callback wants to enforce use of the extension,
1746 * but we can't do that with the client opaque PRF input;
1747 * abort the handshake.
1748 */
1749 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1750 al = SSL_AD_HANDSHAKE_FAILURE;
1751 }
1752 }
1753
1754err:
1755#endif
1756 switch (ret) { 1565 switch (ret) {
1757 case SSL_TLSEXT_ERR_ALERT_FATAL: 1566 case SSL_TLSEXT_ERR_ALERT_FATAL:
1758 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1567 ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -1867,27 +1676,6 @@ ssl_check_serverhello_tlsext(SSL *s)
1867 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 1676 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
1868 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); 1677 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
1869 1678
1870#ifdef TLSEXT_TYPE_opaque_prf_input
1871 if (s->s3->server_opaque_prf_input_len > 0) {
1872 /* This case may indicate that we, as a client, want to insist on using opaque PRF inputs.
1873 * So first verify that we really have a value from the server too. */
1874
1875 if (s->s3->server_opaque_prf_input == NULL) {
1876 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1877 al = SSL_AD_HANDSHAKE_FAILURE;
1878 }
1879
1880 /* Anytime the server *has* sent an opaque PRF input, we need to check
1881 * that we have a client opaque PRF input of the same size. */
1882 if (s->s3->client_opaque_prf_input == NULL ||
1883 s->s3->client_opaque_prf_input_len !=
1884 s->s3->server_opaque_prf_input_len) {
1885 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1886 al = SSL_AD_ILLEGAL_PARAMETER;
1887 }
1888 }
1889#endif
1890
1891 /* If we've requested certificate status and we wont get one 1679 /* If we've requested certificate status and we wont get one
1892 * tell the callback 1680 * tell the callback
1893 */ 1681 */
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index f3341017a7..dbe8979a88 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls1.h,v 1.17 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: tls1.h,v 1.18 2014/06/13 04:29:13 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -342,13 +342,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
342#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ 342#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
343SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) 343SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
344 344
345#define SSL_set_tlsext_opaque_prf_input(s, src, len) \
346SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src)
347#define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \
348SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb)
349#define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \
350SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
351
352#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ 345#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
353SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) 346SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
354 347
diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c
index 38c70906bb..ad24b1f713 100644
--- a/src/regress/lib/libssl/ssl/ssltest.c
+++ b/src/regress/lib/libssl/ssl/ssltest.c
@@ -380,31 +380,6 @@ err:
380 } 380 }
381} 381}
382 382
383#ifdef TLSEXT_TYPE_opaque_prf_input
384 struct cb_info_st { void *input;
385 size_t len;
386 int ret;
387};
388
389struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */
390struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */
391struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */
392struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */
393
394int
395opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_)
396{
397 struct cb_info_st *arg = arg_;
398
399 if (arg == NULL)
400 return 1;
401
402 if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len))
403 return 0;
404 return arg->ret;
405}
406#endif
407
408int 383int
409main(int argc, char *argv[]) 384main(int argc, char *argv[])
410{ 385{
@@ -747,13 +722,6 @@ bad:
747 722
748 SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb); 723 SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
749 724
750#ifdef TLSEXT_TYPE_opaque_prf_input
751 SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb);
752 SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb);
753 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); /* or &co2 or NULL */
754 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so2 or NULL */
755#endif
756
757 if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, SSL_FILETYPE_PEM)) { 725 if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, SSL_FILETYPE_PEM)) {
758 ERR_print_errors(bio_err); 726 ERR_print_errors(bio_err);
759 } else if (!SSL_CTX_use_PrivateKey_file(s_ctx, 727 } else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 23:02:33 +0000