diff options
author | Rich Salz <rsalz@openssl.org> | 2015-01-28 14:53:04 -0500 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2015-01-28 15:37:16 -0500 |
commit | 68fd6dce73e07cb9a5944e8667455f2f9a80d52e (patch) | |
tree | 7abb0e387c58611dc379ae8976292fec86d05db8 /ssl/s3_lib.c | |
parent | 31b446e212e2209d62e66a608e540716716430e4 (diff) |
Remove support for opaque-prf
An expired IETF Internet-Draft (seven years old) that nobody
implements, and probably just as good as NSA DRBG work.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r-- | ssl/s3_lib.c | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 3a1377ac7b..b85d9bf8e3 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3244,13 +3244,6 @@ void ssl3_free(SSL *s) if (s == NULL) return; -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->client_opaque_prf_input != NULL) - OPENSSL_free(s->s3->client_opaque_prf_input); - if (s->s3->server_opaque_prf_input != NULL) - OPENSSL_free(s->s3->server_opaque_prf_input); -#endif - ssl3_cleanup_key_block(s); if (s->s3->rbuf.buf != NULL) ssl3_release_read_buffer(s); @@ -3293,15 +3286,6 @@ void ssl3_clear(SSL *s) size_t rlen, wlen; int init_extra; -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->client_opaque_prf_input != NULL) - OPENSSL_free(s->s3->client_opaque_prf_input); - s->s3->client_opaque_prf_input = NULL; - if (s->s3->server_opaque_prf_input != NULL) - OPENSSL_free(s->s3->server_opaque_prf_input); - s->s3->server_opaque_prf_input = NULL; -#endif - ssl3_cleanup_key_block(s); if (s->s3->tmp.ca_names != NULL) sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); @@ -3554,30 +3538,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ret = 1; break; -# ifdef TLSEXT_TYPE_opaque_prf_input - case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT: - if (larg > 12288) { /* actual internal limit is 2^16 for the - * complete hello message * (including the - * cert chain and everything) */ - SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); - break; - } - if (s->tlsext_opaque_prf_input != NULL) - OPENSSL_free(s->tlsext_opaque_prf_input); - if ((size_t)larg == 0) - s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte - * just to get - * non-NULL */ - else - s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg); - if (s->tlsext_opaque_prf_input != NULL) { - s->tlsext_opaque_prf_input_len = (size_t)larg; - ret = 1; - } else - s->tlsext_opaque_prf_input_len = 0; - break; -# endif - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: s->tlsext_status_type = larg; ret = 1; @@ -4071,12 +4031,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return 1; } -# ifdef TLSEXT_TYPE_opaque_prf_input - case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG: - ctx->tlsext_opaque_prf_input_callback_arg = parg; - return 1; -# endif - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: ctx->tlsext_status_arg = parg; return 1; @@ -4241,13 +4195,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp; break; -# ifdef TLSEXT_TYPE_opaque_prf_input - case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB: - ctx->tlsext_opaque_prf_input_callback = - (int (*)(SSL *, void *, size_t, void *))fp; - break; -# endif - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; break; |