Remove support for opaque-prf (68fd6dce) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

apps/s_cb.c

+0 −5

Original line number	Diff line number	Diff line
		@@ -907,11 +907,6 @@ void tlsext_cb(SSL *s, int client_server, int type,
		extname = "renegotiation info";
		break;

		#ifdef TLSEXT_TYPE_opaque_prf_input
		case TLSEXT_TYPE_opaque_prf_input:
		extname = "opaque PRF input";
		break;
		#endif
		#ifdef TLSEXT_TYPE_next_proto_neg
		case TLSEXT_TYPE_next_proto_neg:
		extname = "next protocol";

apps/s_client.c

+0 −6

Original line number	Diff line number	Diff line
		@@ -1409,12 +1409,6 @@ int MAIN(int argc, char **argv)
		kssl_ctx_setstring(kctx, KSSL_SERVER, host);
		}
		#endif /* OPENSSL_NO_KRB5 */
		/* SSL_set_cipher_list(con,"RC4-MD5"); */
		#if 0
		# ifdef TLSEXT_TYPE_opaque_prf_input
		SSL_set_tlsext_opaque_prf_input(con, "Test client", 11);
		# endif
		#endif

		re_start:
		#ifdef NO_SYS_UN_H

apps/s_server.c

+0 −5

Original line number	Diff line number	Diff line
		@@ -2183,11 +2183,6 @@ static int sv_body(char hostname, int s, int stype, unsigned char context)
		SSL_set_session_id_context(con, context, strlen((char *)context));
		}
		SSL_clear(con);
		#if 0
		# ifdef TLSEXT_TYPE_opaque_prf_input
		SSL_set_tlsext_opaque_prf_input(con, "Test server", 11);
		# endif
		#endif

		if (stype == SOCK_DGRAM) {

ssl/s3_lib.c

+0 −53

Original line number	Diff line number	Diff line
		@@ -3244,13 +3244,6 @@ void ssl3_free(SSL *s)
		if (s == NULL)
		return;

		#ifdef TLSEXT_TYPE_opaque_prf_input
		if (s->s3->client_opaque_prf_input != NULL)
		OPENSSL_free(s->s3->client_opaque_prf_input);
		if (s->s3->server_opaque_prf_input != NULL)
		OPENSSL_free(s->s3->server_opaque_prf_input);
		#endif

		ssl3_cleanup_key_block(s);
		if (s->s3->rbuf.buf != NULL)
		ssl3_release_read_buffer(s);
		@@ -3293,15 +3286,6 @@ void ssl3_clear(SSL *s)
		size_t rlen, wlen;
		int init_extra;

		#ifdef TLSEXT_TYPE_opaque_prf_input
		if (s->s3->client_opaque_prf_input != NULL)
		OPENSSL_free(s->s3->client_opaque_prf_input);
		s->s3->client_opaque_prf_input = NULL;
		if (s->s3->server_opaque_prf_input != NULL)
		OPENSSL_free(s->s3->server_opaque_prf_input);
		s->s3->server_opaque_prf_input = NULL;
		#endif

		ssl3_cleanup_key_block(s);
		if (s->s3->tmp.ca_names != NULL)
		sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
		@@ -3554,30 +3538,6 @@ long ssl3_ctrl(SSL s, int cmd, long larg, void parg)
		ret = 1;
		break;

		# ifdef TLSEXT_TYPE_opaque_prf_input
		case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
		if (larg > 12288) { /* actual internal limit is 2^16 for the
		* complete hello message * (including the
		* cert chain and everything) */
		SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
		break;
		}
		if (s->tlsext_opaque_prf_input != NULL)
		OPENSSL_free(s->tlsext_opaque_prf_input);
		if ((size_t)larg == 0)
		s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte
		* just to get
		* non-NULL */
		else
		s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
		if (s->tlsext_opaque_prf_input != NULL) {
		s->tlsext_opaque_prf_input_len = (size_t)larg;
		ret = 1;
		} else
		s->tlsext_opaque_prf_input_len = 0;
		break;
		# endif

		case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
		s->tlsext_status_type = larg;
		ret = 1;
		@@ -4071,12 +4031,6 @@ long ssl3_ctx_ctrl(SSL_CTX ctx, int cmd, long larg, void parg)
		return 1;
		}

		# ifdef TLSEXT_TYPE_opaque_prf_input
		case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
		ctx->tlsext_opaque_prf_input_callback_arg = parg;
		return 1;
		# endif

		case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
		ctx->tlsext_status_arg = parg;
		return 1;
		@@ -4241,13 +4195,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX ctx, int cmd, void (fp) (void))
		ctx->tlsext_servername_callback = (int ()(SSL , int , void ))fp;
		break;

		# ifdef TLSEXT_TYPE_opaque_prf_input
		case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
		ctx->tlsext_opaque_prf_input_callback =
		(int ()(SSL , void , size_t, void ))fp;
		break;
		# endif

		case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
		ctx->tlsext_status_cb = (int ()(SSL , void *))fp;
		break;

ssl/ssl.h

+3 −14

Original line number	Diff line number	Diff line
		@@ -1054,11 +1054,6 @@ struct ssl_ctx_st {
		/* Callback for status request */
		int (tlsext_status_cb) (SSL ssl, void *arg);
		void *tlsext_status_arg;

		/* draft-rescorla-tls-opaque-prf-input-00.txt information */
		int (tlsext_opaque_prf_input_callback) (SSL , void *peerinput,
		size_t len, void *arg);
		void *tlsext_opaque_prf_input_callback_arg;
		# endif

		# ifndef OPENSSL_NO_PSK
		@@ -1573,12 +1568,6 @@ struct ssl_st {
		/* our list */
		unsigned char *tlsext_ellipticcurvelist;
		# endif /* OPENSSL_NO_EC */
		/*
		* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for
		* handshakes
		*/
		void *tlsext_opaque_prf_input;
		size_t tlsext_opaque_prf_input_len;
		/* TLS Session Ticket extension override */
		TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
		/* TLS Session Ticket extension callback */
		@@ -1861,9 +1850,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
		# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
		# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
		# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
		# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60
		# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61
		# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62
		/# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 /
		/# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 /
		/# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 /
		# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
		# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
		# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65