1 files changed, 1 insertions, 115 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 5473690e09..c3169204f6 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.73 2014/07/10 11:58:08 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.74 2014/07/11 09:24:44 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -349,10 +349,6 @@ SSL_new(SSL_CTX *ctx)
        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
-#ifndef OPENSSL_NO_PSK
-        s->psk_client_callback = ctx->psk_client_callback;
-        s->psk_server_callback = ctx->psk_server_callback;
-#endif
        return (s);
 err:
@@ -1391,13 +1387,6 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
                if ((c->algorithm_ssl & SSL_TLSV1_2) &&
                    (TLS1_get_client_version(s) < TLS1_2_VERSION))
                        continue;
-#ifndef OPENSSL_NO_PSK
-                /* with PSK there must be client callback set */
-                if (((c->algorithm_mkey & SSL_kPSK) ||
-                    (c->algorithm_auth & SSL_aPSK)) &&
-                    s->psk_client_callback == NULL)
-                        continue;
-#endif /* OPENSSL_NO_PSK */
                j = put_cb ? put_cb(c, p) : ssl_put_cipher_by_char(s, c, p);
                p += j;
        }
@@ -1811,11 +1800,6 @@ SSL_CTX_new(const SSL_METHOD *meth)
        ret->next_protos_advertised_cb = 0;
        ret->next_proto_select_cb = 0;
 # endif
-#ifndef OPENSSL_NO_PSK
-        ret->psk_identity_hint = NULL;
-        ret->psk_client_callback = NULL;
-        ret->psk_server_callback = NULL;
-#endif
 #ifndef OPENSSL_NO_ENGINE
        ret->client_cert_engine = NULL;
 #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
@@ -1902,9 +1886,6 @@ SSL_CTX_free(SSL_CTX *a)
                sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
 #endif
-#ifndef OPENSSL_NO_PSK
-        free(a->psk_identity_hint);
-#endif
 #ifndef OPENSSL_NO_ENGINE
        if (a->client_cert_engine)
                ENGINE_finish(a->client_cert_engine);
@@ -2048,10 +2029,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
                mask_k|=SSL_kEECDH;
        }
-#ifndef OPENSSL_NO_PSK
-        mask_k |= SSL_kPSK;
-        mask_a |= SSL_aPSK;
-#endif
        c->mask_k = mask_k;
        c->mask_a = mask_a;
@@ -2914,97 +2891,6 @@ SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export,
        SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
 }
-#ifndef OPENSSL_NO_PSK
-int
-SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
-{
-        if (identity_hint != NULL && strlen(identity_hint) >
-            PSK_MAX_IDENTITY_LEN) {
-                SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT,
-                    SSL_R_DATA_LENGTH_TOO_LONG);
-                return (0);
-        }
-        free(ctx->psk_identity_hint);
-        if (identity_hint != NULL) {
-                ctx->psk_identity_hint = BUF_strdup(identity_hint);
-                if (ctx->psk_identity_hint == NULL)
-                        return (0);
-        } else
-                ctx->psk_identity_hint = NULL;
-        return (1);
-}
-int
-SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
-{
-        if (s == NULL)
-                return (0);
-        if (s->session == NULL)
-                return (1); /* session not created yet, ignored */
-        if (identity_hint != NULL &&
-            strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
-                SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT,
-                    SSL_R_DATA_LENGTH_TOO_LONG);
-                return (0);
-        }
-        free(s->session->psk_identity_hint);
-        if (identity_hint != NULL) {
-                s->session->psk_identity_hint = BUF_strdup(identity_hint);
-                if (s->session->psk_identity_hint == NULL)
-                        return (0);
-        } else
-                s->session->psk_identity_hint = NULL;
-        return (1);
-}
-const char *
-SSL_get_psk_identity_hint(const SSL *s)
-{
-        if (s == NULL || s->session == NULL)
-                return (NULL);
-        return (s->session->psk_identity_hint);
-}
-const char *
-SSL_get_psk_identity(const SSL *s)
-{
-        if (s == NULL || s->session == NULL)
-                return (NULL);
-        return (s->session->psk_identity);
-}
-void
-SSL_set_psk_client_callback(SSL *s, unsigned int (*cb)(SSL *ssl,
-    const char *hint, char *identity, unsigned int max_identity_len,
-    unsigned char *psk, unsigned int max_psk_len))
-{
-        s->psk_client_callback = cb;
-}
-void
-SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, unsigned int (*cb)(SSL *ssl,
-    const char *hint, char *identity, unsigned int max_identity_len,
-    unsigned char *psk, unsigned int max_psk_len))
-{
-        ctx->psk_client_callback = cb;
-}
-void
-SSL_set_psk_server_callback(SSL *s, unsigned int (*cb)(SSL *ssl,
-    const char *identity, unsigned char *psk, unsigned int max_psk_len))
-{
-        s->psk_server_callback = cb;
-}
-void
-SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, unsigned int (*cb)(SSL *ssl,
-    const char *identity, unsigned char *psk, unsigned int max_psk_len))
-{
-        ctx->psk_server_callback = cb;
-}
-#endif
 void
 SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version,

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 5473690e09..c3169204f6 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_lib.c,v 1.73 2014/07/10 11:58:08 jsing Exp $ */	1	/* $OpenBSD: ssl_lib.c,v 1.74 2014/07/11 09:24:44 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -349,10 +349,6 @@ SSL_new(SSL_CTX *ctx)
349		349
350	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);	350	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
351		351
352	#ifndef OPENSSL_NO_PSK
353	s->psk_client_callback = ctx->psk_client_callback;
354	s->psk_server_callback = ctx->psk_server_callback;
355	#endif
356		352
357	return (s);	353	return (s);
358	err:	354	err:
@@ -1391,13 +1387,6 @@ ssl_cipher_list_to_bytes(SSL s, STACK_OF(SSL_CIPHER) sk, unsigned char *p,
1391	if ((c->algorithm_ssl & SSL_TLSV1_2) &&	1387	if ((c->algorithm_ssl & SSL_TLSV1_2) &&
1392	(TLS1_get_client_version(s) < TLS1_2_VERSION))	1388	(TLS1_get_client_version(s) < TLS1_2_VERSION))
1393	continue;	1389	continue;
1394	#ifndef OPENSSL_NO_PSK
1395	/* with PSK there must be client callback set */
1396	if (((c->algorithm_mkey & SSL_kPSK) \|\|
1397	(c->algorithm_auth & SSL_aPSK)) &&
1398	s->psk_client_callback == NULL)
1399	continue;
1400	#endif /* OPENSSL_NO_PSK */
1401	j = put_cb ? put_cb(c, p) : ssl_put_cipher_by_char(s, c, p);	1390	j = put_cb ? put_cb(c, p) : ssl_put_cipher_by_char(s, c, p);
1402	p += j;	1391	p += j;
1403	}	1392	}
@@ -1811,11 +1800,6 @@ SSL_CTX_new(const SSL_METHOD *meth)
1811	ret->next_protos_advertised_cb = 0;	1800	ret->next_protos_advertised_cb = 0;
1812	ret->next_proto_select_cb = 0;	1801	ret->next_proto_select_cb = 0;
1813	# endif	1802	# endif
1814	#ifndef OPENSSL_NO_PSK
1815	ret->psk_identity_hint = NULL;
1816	ret->psk_client_callback = NULL;
1817	ret->psk_server_callback = NULL;
1818	#endif
1819	#ifndef OPENSSL_NO_ENGINE	1803	#ifndef OPENSSL_NO_ENGINE
1820	ret->client_cert_engine = NULL;	1804	ret->client_cert_engine = NULL;
1821	#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO	1805	#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
@@ -1902,9 +1886,6 @@ SSL_CTX_free(SSL_CTX *a)
1902	sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);	1886	sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
1903	#endif	1887	#endif
1904		1888
1905	#ifndef OPENSSL_NO_PSK
1906	free(a->psk_identity_hint);
1907	#endif
1908	#ifndef OPENSSL_NO_ENGINE	1889	#ifndef OPENSSL_NO_ENGINE
1909	if (a->client_cert_engine)	1890	if (a->client_cert_engine)
1910	ENGINE_finish(a->client_cert_engine);	1891	ENGINE_finish(a->client_cert_engine);
@@ -2048,10 +2029,6 @@ ssl_set_cert_masks(CERT c, const SSL_CIPHER cipher)
2048	mask_k\|=SSL_kEECDH;	2029	mask_k\|=SSL_kEECDH;
2049	}	2030	}
2050		2031
2051	#ifndef OPENSSL_NO_PSK
2052	mask_k \|= SSL_kPSK;
2053	mask_a \|= SSL_aPSK;
2054	#endif
2055		2032
2056	c->mask_k = mask_k;	2033	c->mask_k = mask_k;
2057	c->mask_a = mask_a;	2034	c->mask_a = mask_a;
@@ -2914,97 +2891,6 @@ SSL_set_tmp_ecdh_callback(SSL ssl, EC_KEY (ecdh)(SSL ssl, int is_export,
2914	SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);	2891	SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
2915	}	2892	}
2916		2893
2917	#ifndef OPENSSL_NO_PSK
2918	int
2919	SSL_CTX_use_psk_identity_hint(SSL_CTX ctx, const char identity_hint)
2920	{
2921	if (identity_hint != NULL && strlen(identity_hint) >
2922	PSK_MAX_IDENTITY_LEN) {
2923	SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT,
2924	SSL_R_DATA_LENGTH_TOO_LONG);
2925	return (0);
2926	}
2927	free(ctx->psk_identity_hint);
2928	if (identity_hint != NULL) {
2929	ctx->psk_identity_hint = BUF_strdup(identity_hint);
2930	if (ctx->psk_identity_hint == NULL)
2931	return (0);
2932	} else
2933	ctx->psk_identity_hint = NULL;
2934	return (1);
2935	}
2936
2937	int
2938	SSL_use_psk_identity_hint(SSL s, const char identity_hint)
2939	{
2940	if (s == NULL)
2941	return (0);
2942
2943	if (s->session == NULL)
2944	return (1); /* session not created yet, ignored */
2945
2946	if (identity_hint != NULL &&
2947	strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
2948	SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT,
2949	SSL_R_DATA_LENGTH_TOO_LONG);
2950	return (0);
2951	}
2952	free(s->session->psk_identity_hint);
2953	if (identity_hint != NULL) {
2954	s->session->psk_identity_hint = BUF_strdup(identity_hint);
2955	if (s->session->psk_identity_hint == NULL)
2956	return (0);
2957	} else
2958	s->session->psk_identity_hint = NULL;
2959	return (1);
2960	}
2961
2962	const char *
2963	SSL_get_psk_identity_hint(const SSL *s)
2964	{
2965	if (s == NULL \|\| s->session == NULL)
2966	return (NULL);
2967	return (s->session->psk_identity_hint);
2968	}
2969
2970	const char *
2971	SSL_get_psk_identity(const SSL *s)
2972	{
2973	if (s == NULL \|\| s->session == NULL)
2974	return (NULL);
2975	return (s->session->psk_identity);
2976	}
2977
2978	void
2979	SSL_set_psk_client_callback(SSL s, unsigned int (cb)(SSL *ssl,
2980	const char hint, char identity, unsigned int max_identity_len,
2981	unsigned char *psk, unsigned int max_psk_len))
2982	{
2983	s->psk_client_callback = cb;
2984	}
2985
2986	void
2987	SSL_CTX_set_psk_client_callback(SSL_CTX ctx, unsigned int (cb)(SSL *ssl,
2988	const char hint, char identity, unsigned int max_identity_len,
2989	unsigned char *psk, unsigned int max_psk_len))
2990	{
2991	ctx->psk_client_callback = cb;
2992	}
2993
2994	void
2995	SSL_set_psk_server_callback(SSL s, unsigned int (cb)(SSL *ssl,
2996	const char identity, unsigned char psk, unsigned int max_psk_len))
2997	{
2998	s->psk_server_callback = cb;
2999	}
3000
3001	void
3002	SSL_CTX_set_psk_server_callback(SSL_CTX ctx, unsigned int (cb)(SSL *ssl,
3003	const char identity, unsigned char psk, unsigned int max_psk_len))
3004	{
3005	ctx->psk_server_callback = cb;
3006	}
3007	#endif
3008		2894
3009	void	2895	void
3010	SSL_CTX_set_msg_callback(SSL_CTX ctx, void (cb)(int write_p, int version,	2896	SSL_CTX_set_msg_callback(SSL_CTX ctx, void (cb)(int write_p, int version,