From 9ef9f06708ef4fe615f3485f5d82f3fb919fdf03 Mon Sep 17 00:00:00 2001
From: miod <>
Date: Fri, 13 Jun 2014 04:29:13 +0000
Subject: Remove support for the `opaque PRF input' extension, which draft has
 expired 7 years ago and never made it into an RFC. That code wasn't compiled
 in anyway unless one would define the actual on-the-wire extension id bytes;
 crank libssl major.

With help and enlightenment from Brendan MacDonell.
---
 src/lib/libssl/t1_enc.c | 19 +------------------
 1 file changed, 1 insertion(+), 18 deletions(-)

(limited to 'src/lib/libssl/t1_enc.c')

diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 304898aeb8..6d2e21c412 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.54 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.55 2014/06/13 04:29:13 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -998,23 +998,6 @@ tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
 	const void *co = NULL, *so = NULL;
 	int col = 0, sol = 0;
 
-#ifdef TLSEXT_TYPE_opaque_prf_input
-	if (s->s3->client_opaque_prf_input != NULL &&
-	    s->s3->server_opaque_prf_input != NULL &&
-	    s->s3->client_opaque_prf_input_len > 0 &&
-	    s->s3->client_opaque_prf_input_len ==
-	    s->s3->server_opaque_prf_input_len) {
-		/*
-		 * sol must be same as col - see section 3.1 of
-		 * draft-rescorla-tls-opaque-prf-input-00.txt.
-		 */
-		co = s->s3->client_opaque_prf_input;
-		col = s->s3->server_opaque_prf_input_len;
-		so = s->s3->server_opaque_prf_input;
-		sol = s->s3->client_opaque_prf_input_len;
-	}
-#endif
-
 	tls1_PRF(ssl_get_algorithm2(s),
 	    TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
 	    s->s3->client_random, SSL3_RANDOM_SIZE, co, col,
-- 
cgit v1.2.3-55-g6feb