Remove all RFC5878 code.

Remove RFC5878 code. It is no longer needed for CT and has numerous bugs.
author: Dr. Stephen Henson <steve@openssl.org> 2014-07-04 13:42:05 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2014-07-04 13:42:05 +0100
commit: 22db480dafe9e10b8206c7f3cce95fecf9c72773 (patch)
tree: 47403caf52d3350c6dc7fcfc19bf2790f6437b3b /ssl/s3_clnt.c
parent: d107382214fb658309f199f7d47d4779b7ebf6a3 (diff)
1 files changed, 5 insertions, 192 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 29f24f142b..4e3cc2ef7a 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -311,26 +311,11 @@ int ssl3_connect(SSL *s)
 				}
 			s->init_num=0;
 			break;
-#ifndef OPENSSL_NO_TLSEXT
-		case SSL3_ST_CR_SUPPLEMENTAL_DATA_A:
-		case SSL3_ST_CR_SUPPLEMENTAL_DATA_B:
-			ret = tls1_get_server_supplemental_data(s);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_CR_CERT_A;
-			s->init_num = 0;
-			break;
-#endif
 		case SSL3_ST_CR_CERT_A:
 		case SSL3_ST_CR_CERT_B:
 #ifndef OPENSSL_NO_TLSEXT
 			ret=ssl3_check_finished(s);
 			if (ret <= 0) goto end;
-			if (ret == 3)
-				{
-				s->state=SSL3_ST_CR_SUPPLEMENTAL_DATA_A;
-				s->init_num=0;
-				break;
-				}
 			if (ret == 2)
 				{
 				s->hit = 1;
@@ -409,14 +394,10 @@ int ssl3_connect(SSL *s)
 					}
 				}
 #endif
-#ifndef OPENSSL_NO_TLSEXT
-			s->state=SSL3_ST_CW_SUPPLEMENTAL_DATA_A;
-#else
 			if (s->s3->tmp.cert_req)
 				s->state=SSL3_ST_CW_CERT_A;
 			else
 				s->state=SSL3_ST_CW_KEY_EXCH_A;
-#endif
 			s->init_num=0;
 
 			break;
@@ -523,19 +504,6 @@ int ssl3_connect(SSL *s)
 			break;
 #endif
 
-#ifndef OPENSSL_NO_TLSEXT
-		case SSL3_ST_CW_SUPPLEMENTAL_DATA_A:
-		case SSL3_ST_CW_SUPPLEMENTAL_DATA_B:
-			ret = tls1_send_client_supplemental_data(s, &skip);
-			if (ret <= 0) goto end;
-			if (s->s3->tmp.cert_req)
-				s->state=SSL3_ST_CW_CERT_A;
-			else
-				s->state=SSL3_ST_CW_KEY_EXCH_A;
-			s->init_num=0;
-			break;
-#endif
-
 		case SSL3_ST_CW_FINISHED_A:
 		case SSL3_ST_CW_FINISHED_B:
 			ret=ssl3_send_finished(s,
@@ -3583,10 +3551,11 @@ int ssl3_check_finished(SSL *s)
 	int ok;
 	long n;
 
-	/* Read the message to see if it is supplemental data,
-	 * regardless if there is a session ticket this function is
-	 * called when we really expect a Certificate message, so
-	 * permit appropriate message length */
+	/* If we have no ticket it cannot be a resumed session. */
+	if (!s->session->tlsext_tick)
+		return 1;
+	/* this function is called when we really expect a Certificate
+	 * message, so permit appropriate message length */
 	n=s->method->ssl_get_message(s,
 		SSL3_ST_CR_CERT_A,
 		SSL3_ST_CR_CERT_B,
@@ -3596,11 +3565,6 @@ int ssl3_check_finished(SSL *s)
 	if (!ok) return((int)n);
 	s->s3->tmp.reuse_message = 1;
 
-	if (s->s3->tmp.message_type == SSL3_MT_SUPPLEMENTAL_DATA)
-		return 3;
-	/* If we have no ticket it cannot be a resumed session. */
-	if (!s->session->tlsext_tick)
-		return 1;
 	if ((s->s3->tmp.message_type == SSL3_MT_FINISHED)
 		|| (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
 		return 2;
@@ -3627,154 +3591,3 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
 	return i;
 	}
 
-#ifndef OPENSSL_NO_TLSEXT
-int tls1_send_client_supplemental_data(SSL *s, int *skip)
-	{
-	int al = 0;
-	if (s->ctx->cli_supp_data_records_count)
-		{
-		unsigned char *p = NULL;
-		unsigned char *size_loc = NULL;
-		cli_supp_data_record *record = NULL;
-		size_t length = 0;
-		size_t i = 0;
-
-		for (i = 0; i < s->ctx->cli_supp_data_records_count; i++)
-			{
-			const unsigned char *out = NULL;
-			unsigned short outlen = 0;
-			int cb_retval = 0;
-			record = &s->ctx->cli_supp_data_records[i];
-
-			/* NULL callback or -1 omits supp data entry*/
-			if (!record->fn2)
-				continue;
-			cb_retval = record->fn2(s, record->supp_data_type,
-						&out, &outlen, &al,
-						record->arg);
-			if (cb_retval == -1)
-				continue; /* skip this supp data entry */
-			if (cb_retval == 0)
-				{
-				SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
-				goto f_err;
-				}
-			if (outlen == 0 || TLSEXT_MAXLEN_supplemental_data < outlen + 4 + length)
-				{
-				SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
-				return 0;
-			    	}
-			/* if first entry, write handshake message type */
-			if (length == 0)
-				{
-				if (!BUF_MEM_grow_clean(s->init_buf, 4))
-					{
-					SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
-					return 0;
-					}
-				p = (unsigned char *)s->init_buf->data;
-				*(p++) = SSL3_MT_SUPPLEMENTAL_DATA;
-				/* update message length when all
-				 * callbacks complete */
-				size_loc = p;
-				/* skip over handshake length field (3
-				 * bytes) and supp_data length field
-				 * (3 bytes) */
-				p += 3 + 3;
-				length += 1 +3 +3;
-				}
-			if (!BUF_MEM_grow(s->init_buf, outlen + 4))
-				{
-				SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
-				return 0;
-				}
-			s2n(record->supp_data_type, p);
-			s2n(outlen, p);
-			memcpy(p, out, outlen);
-			length += (outlen + 4);
-			p += outlen;
-			}
-		if (length > 0)
-			{
-			/* write handshake length */
-			l2n3(length - 4, size_loc);
-			/* supp_data length */
-			l2n3(length - 7, size_loc);
-			s->state = SSL3_ST_CW_SUPPLEMENTAL_DATA_B;
-			s->init_num = length;
-			s->init_off = 0;
-			return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
-			}
-		}
-
-	/* no supp data message sent */
-	*skip = 1;
-	s->init_num = 0;
-	s->init_off = 0;
-	return 1;
-
-	f_err:
-	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-	return 0;
-	}
-
-int tls1_get_server_supplemental_data(SSL *s)
-	{
-	int al = 0;
-	int ok;
-	long n;
-	const unsigned char *p, *d;
-	unsigned short supp_data_entry_type = 0;
-	unsigned short supp_data_entry_len = 0;
-	unsigned long supp_data_len = 0;
-	size_t i;
-	int cb_retval = 0;
-
-	n=s->method->ssl_get_message(s,
-				     SSL3_ST_CR_SUPPLEMENTAL_DATA_A,
-				     SSL3_ST_CR_SUPPLEMENTAL_DATA_B,
-				     SSL3_MT_SUPPLEMENTAL_DATA,
-				     /* use default limit */
-				     TLSEXT_MAXLEN_supplemental_data,
-				     &ok);
-
-	if (!ok) return((int)n);
-
-	p = (unsigned char *)s->init_msg;
-	d = p;
-	/* The message cannot be empty */
-	if (n < 3)
-		{
-		al = SSL_AD_DECODE_ERROR;
-		SSLerr(SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA,SSL_R_LENGTH_MISMATCH);
-		goto f_err;
-		}
-	n2l3(p, supp_data_len);
-	while (p < d+supp_data_len)
-		{
-		n2s(p, supp_data_entry_type);
-		n2s(p, supp_data_entry_len);
-		/* if there is a callback for this supp data type, send it */
-		for (i=0; i < s->ctx->cli_supp_data_records_count; i++)
-			{
-			if (s->ctx->cli_supp_data_records[i].supp_data_type == supp_data_entry_type &&
-			    s->ctx->cli_supp_data_records[i].fn1)
-				{
-				cb_retval = s->ctx->cli_supp_data_records[i].fn1(s, supp_data_entry_type, p,
-										 supp_data_entry_len, &al,
-										 s->ctx->cli_supp_data_records[i].arg);
-				if (cb_retval == 0)
-					{
-					SSLerr(SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA, ERR_R_SSL_LIB);
-					goto f_err;
-					}
-				}
-			}
-		p += supp_data_entry_len;
-		}
-	return 1;
-f_err:
-	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-	return -1;
-	}
-#endif
author	Dr. Stephen Henson <steve@openssl.org>	2014-07-04 13:42:05 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2014-07-04 13:42:05 +0100
commit	22db480dafe9e10b8206c7f3cce95fecf9c72773 (patch)
tree	47403caf52d3350c6dc7fcfc19bf2790f6437b3b /ssl/s3_clnt.c
parent	d107382214fb658309f199f7d47d4779b7ebf6a3 (diff)