diff options
| author | Rich Salz <rsalz@openssl.org> | 2015-01-28 14:53:04 -0500 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2015-01-28 15:37:16 -0500 |
| commit | 68fd6dce73e07cb9a5944e8667455f2f9a80d52e (patch) | |
| tree | 7abb0e387c58611dc379ae8976292fec86d05db8 /ssl | |
| parent | 31b446e212e2209d62e66a608e540716716430e4 (diff) | |
Remove support for opaque-prf
An expired IETF Internet-Draft (seven years old) that nobody
implements, and probably just as good as NSA DRBG work.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/s3_lib.c | 53 | ||||
| -rw-r--r-- | ssl/ssl.h | 17 | ||||
| -rw-r--r-- | ssl/ssl3.h | 9 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 2 | ||||
| -rw-r--r-- | ssl/ssltest.c | 33 | ||||
| -rw-r--r-- | ssl/t1_enc.c | 16 | ||||
| -rw-r--r-- | ssl/t1_ext.c | 3 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 233 | ||||
| -rw-r--r-- | ssl/t1_trce.c | 3 | ||||
| -rw-r--r-- | ssl/tls1.h | 17 |
10 files changed, 3 insertions, 383 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 3a1377ac7b..b85d9bf8e3 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3244,13 +3244,6 @@ void ssl3_free(SSL *s) if (s == NULL) return; -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->client_opaque_prf_input != NULL) - OPENSSL_free(s->s3->client_opaque_prf_input); - if (s->s3->server_opaque_prf_input != NULL) - OPENSSL_free(s->s3->server_opaque_prf_input); -#endif - ssl3_cleanup_key_block(s); if (s->s3->rbuf.buf != NULL) ssl3_release_read_buffer(s); @@ -3293,15 +3286,6 @@ void ssl3_clear(SSL *s) size_t rlen, wlen; int init_extra; -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->client_opaque_prf_input != NULL) - OPENSSL_free(s->s3->client_opaque_prf_input); - s->s3->client_opaque_prf_input = NULL; - if (s->s3->server_opaque_prf_input != NULL) - OPENSSL_free(s->s3->server_opaque_prf_input); - s->s3->server_opaque_prf_input = NULL; -#endif - ssl3_cleanup_key_block(s); if (s->s3->tmp.ca_names != NULL) sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); @@ -3554,30 +3538,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ret = 1; break; -# ifdef TLSEXT_TYPE_opaque_prf_input - case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT: - if (larg > 12288) { /* actual internal limit is 2^16 for the - * complete hello message * (including the - * cert chain and everything) */ - SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); - break; - } - if (s->tlsext_opaque_prf_input != NULL) - OPENSSL_free(s->tlsext_opaque_prf_input); - if ((size_t)larg == 0) - s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte - * just to get - * non-NULL */ - else - s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg); - if (s->tlsext_opaque_prf_input != NULL) { - s->tlsext_opaque_prf_input_len = (size_t)larg; - ret = 1; - } else - s->tlsext_opaque_prf_input_len = 0; - break; -# endif - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: s->tlsext_status_type = larg; ret = 1; @@ -4071,12 +4031,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return 1; } -# ifdef TLSEXT_TYPE_opaque_prf_input - case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG: - ctx->tlsext_opaque_prf_input_callback_arg = parg; - return 1; -# endif - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: ctx->tlsext_status_arg = parg; return 1; @@ -4241,13 +4195,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp; break; -# ifdef TLSEXT_TYPE_opaque_prf_input - case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB: - ctx->tlsext_opaque_prf_input_callback = - (int (*)(SSL *, void *, size_t, void *))fp; - break; -# endif - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; break; @@ -1054,11 +1054,6 @@ struct ssl_ctx_st { /* Callback for status request */ int (*tlsext_status_cb) (SSL *ssl, void *arg); void *tlsext_status_arg; - - /* draft-rescorla-tls-opaque-prf-input-00.txt information */ - int (*tlsext_opaque_prf_input_callback) (SSL *, void *peerinput, - size_t len, void *arg); - void *tlsext_opaque_prf_input_callback_arg; # endif # ifndef OPENSSL_NO_PSK @@ -1573,12 +1568,6 @@ struct ssl_st { /* our list */ unsigned char *tlsext_ellipticcurvelist; # endif /* OPENSSL_NO_EC */ - /* - * draft-rescorla-tls-opaque-prf-input-00.txt information to be used for - * handshakes - */ - void *tlsext_opaque_prf_input; - size_t tlsext_opaque_prf_input_len; /* TLS Session Ticket extension override */ TLS_SESSION_TICKET_EXT *tlsext_session_ticket; /* TLS Session Ticket extension callback */ @@ -1861,9 +1850,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 # define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 # define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 -# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 -# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 -# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */ # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 6c7c439682..23eb156c04 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -530,15 +530,6 @@ typedef struct ssl3_state_st { int total_renegotiations; int num_renegotiations; int in_read_app_data; - /* - * Opaque PRF input as used for the current handshake. These fields are - * used only if TLSEXT_TYPE_opaque_prf_input is defined (otherwise, they - * are merely present to improve binary compatibility) - */ - void *client_opaque_prf_input; - size_t client_opaque_prf_input_len; - void *server_opaque_prf_input; - size_t server_opaque_prf_input_len; struct { /* actually only needs to be 16+20 */ unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2]; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 59a871cc36..2a84ff248f 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -610,8 +610,6 @@ void SSL_free(SSL *s) if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist); # endif /* OPENSSL_NO_EC */ - if (s->tlsext_opaque_prf_input) - OPENSSL_free(s->tlsext_opaque_prf_input); if (s->tlsext_ocsp_exts) sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); if (s->tlsext_ocsp_ids) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 0b4df3ea15..b90f6fb280 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -956,30 +956,6 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line) } } -#ifdef TLSEXT_TYPE_opaque_prf_input -struct cb_info_st { - void *input; - size_t len; - int ret; -}; -struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */ -struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */ -struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */ -struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */ - -int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_) -{ - struct cb_info_st *arg = arg_; - - if (arg == NULL) - return 1; - - if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len)) - return 0; - return arg->ret; -} -#endif - int main(int argc, char *argv[]) { char *CApath = NULL, *CAfile = NULL; @@ -1534,15 +1510,6 @@ int main(int argc, char *argv[]) SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb); #endif -#ifdef TLSEXT_TYPE_opaque_prf_input - SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb); - SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb); - /* or &co2 or NULL */ - SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); - /* or &so2 or NULL */ - SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); -#endif - if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, SSL_FILETYPE_PEM)) { ERR_print_errors(bio_err); } else if (!SSL_CTX_use_PrivateKey_file(s_ctx, diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 693a1b0fef..3f4973e9ac 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -1099,22 +1099,6 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, len); #endif /* KSSL_DEBUG */ -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->client_opaque_prf_input != NULL - && s->s3->server_opaque_prf_input != NULL - && s->s3->client_opaque_prf_input_len > 0 - && s->s3->client_opaque_prf_input_len == - s->s3->server_opaque_prf_input_len) { - co = s->s3->client_opaque_prf_input; - col = s->s3->server_opaque_prf_input_len; - so = s->s3->server_opaque_prf_input; - /* - * must be same as col (see - * draft-resc-00.txts-opaque-prf-input-00.txt, section 3.1) - */ - sol = s->s3->client_opaque_prf_input_len; - } -#endif tls1_PRF(ssl_get_algorithm2(s), TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE, diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c index 724ddf76ac..ce54f4fa15 100644 --- a/ssl/t1_ext.c +++ b/ssl/t1_ext.c @@ -284,9 +284,6 @@ int SSL_extension_supported(unsigned int ext_type) case TLSEXT_TYPE_srp: case TLSEXT_TYPE_status_request: case TLSEXT_TYPE_use_srtp: -# ifdef TLSEXT_TYPE_opaque_prf_input - case TLSEXT_TYPE_opaque_prf_input: -# endif # ifdef TLSEXT_TYPE_encrypt_then_mac case TLSEXT_TYPE_encrypt_then_mac: # endif diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 6a1ed6a742..9be7347b56 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1335,22 +1335,6 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, s2n(salglen, etmp); ret += salglen; } -# ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->client_opaque_prf_input != NULL) { - size_t col = s->s3->client_opaque_prf_input_len; - - if ((long)(limit - ret - 6 - col) < 0) - return NULL; - if (col > 0xFFFD) /* can't happen */ - return NULL; - - s2n(TLSEXT_TYPE_opaque_prf_input, ret); - s2n(col + 2, ret); - s2n(col, ret); - memcpy(ret, s->s3->client_opaque_prf_input, col); - ret += col; - } -# endif if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) { int i; @@ -1601,22 +1585,6 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, s2n(TLSEXT_TYPE_status_request, ret); s2n(0, ret); } -# ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->server_opaque_prf_input != NULL) { - size_t sol = s->s3->server_opaque_prf_input_len; - - if ((long)(limit - ret - 6 - sol) < 0) - return NULL; - if (sol > 0xFFFD) /* can't happen */ - return NULL; - - s2n(TLSEXT_TYPE_opaque_prf_input, ret); - s2n(sol + 2, ret); - s2n(sol, ret); - memcpy(ret, s->s3->server_opaque_prf_input, sol); - ret += sol; - } -# endif # ifndef OPENSSL_NO_SRTP if (SSL_IS_DTLS(s) && s->srtp_profile) { @@ -2154,37 +2122,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, # endif } # endif /* OPENSSL_NO_EC */ -# ifdef TLSEXT_TYPE_opaque_prf_input - else if (type == TLSEXT_TYPE_opaque_prf_input) { - unsigned char *sdata = data; - - if (size < 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - n2s(sdata, s->s3->client_opaque_prf_input_len); - if (s->s3->client_opaque_prf_input_len != size - 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - - if (s->s3->client_opaque_prf_input != NULL) { - /* shouldn't really happen */ - OPENSSL_free(s->s3->client_opaque_prf_input); - } - - /* dummy byte just to get non-NULL */ - if (s->s3->client_opaque_prf_input_len == 0) - s->s3->client_opaque_prf_input = OPENSSL_malloc(1); - else - s->s3->client_opaque_prf_input = - BUF_memdup(sdata, s->s3->client_opaque_prf_input_len); - if (s->s3->client_opaque_prf_input == NULL) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - } -# endif else if (type == TLSEXT_TYPE_session_ticket) { if (s->tls_session_ticket_ext_cb && !s->tls_session_ticket_ext_cb(s, data, size, @@ -2540,38 +2477,6 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, } s->tlsext_ticket_expected = 1; } -# ifdef TLSEXT_TYPE_opaque_prf_input - else if (type == TLSEXT_TYPE_opaque_prf_input) { - unsigned char *sdata = data; - - if (size < 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - n2s(sdata, s->s3->server_opaque_prf_input_len); - if (s->s3->server_opaque_prf_input_len != size - 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - - if (s->s3->server_opaque_prf_input != NULL) { - /* shouldn't really happen */ - OPENSSL_free(s->s3->server_opaque_prf_input); - } - if (s->s3->server_opaque_prf_input_len == 0) { - /* dummy byte just to get non-NULL */ - s->s3->server_opaque_prf_input = OPENSSL_malloc(1); - } else { - s->s3->server_opaque_prf_input = - BUF_memdup(sdata, s->s3->server_opaque_prf_input_len); - } - - if (s->s3->server_opaque_prf_input == NULL) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - } -# endif else if (type == TLSEXT_TYPE_status_request) { /* * MUST be empty and only sent if we've requested a status @@ -2745,51 +2650,6 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, int ssl_prepare_clienthello_tlsext(SSL *s) { -# ifdef TLSEXT_TYPE_opaque_prf_input - { - int r = 1; - - if (s->ctx->tlsext_opaque_prf_input_callback != 0) { - r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, - s-> - ctx->tlsext_opaque_prf_input_callback_arg); - if (!r) - return -1; - } - - if (s->tlsext_opaque_prf_input != NULL) { - if (s->s3->client_opaque_prf_input != NULL) { - /* shouldn't really happen */ - OPENSSL_free(s->s3->client_opaque_prf_input); - } - - if (s->tlsext_opaque_prf_input_len == 0) { - /* dummy byte just to get non-NULL */ - s->s3->client_opaque_prf_input = OPENSSL_malloc(1); - } else { - s->s3->client_opaque_prf_input = - BUF_memdup(s->tlsext_opaque_prf_input, - s->tlsext_opaque_prf_input_len); - } - if (s->s3->client_opaque_prf_input == NULL) { - SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, - ERR_R_MALLOC_FAILURE); - return -1; - } - s->s3->client_opaque_prf_input_len = - s->tlsext_opaque_prf_input_len; - } - - if (r == 2) - /* - * at callback's request, insist on receiving an appropriate - * server opaque PRF input - */ - s->s3->server_opaque_prf_input_len = - s->tlsext_opaque_prf_input_len; - } -# endif - return 1; } @@ -2825,73 +2685,6 @@ static int ssl_check_clienthello_tlsext_early(SSL *s) s-> initial_ctx->tlsext_servername_arg); -# ifdef TLSEXT_TYPE_opaque_prf_input - { - /* - * This sort of belongs into ssl_prepare_serverhello_tlsext(), but we - * might be sending an alert in response to the client hello, so this - * has to happen here in ssl_check_clienthello_tlsext_early(). - */ - - int r = 1; - - if (s->ctx->tlsext_opaque_prf_input_callback != 0) { - r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, - s-> - ctx->tlsext_opaque_prf_input_callback_arg); - if (!r) { - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_INTERNAL_ERROR; - goto err; - } - } - - if (s->s3->server_opaque_prf_input != NULL) { - /* shouldn't really happen */ - OPENSSL_free(s->s3->server_opaque_prf_input); - } - s->s3->server_opaque_prf_input = NULL; - - if (s->tlsext_opaque_prf_input != NULL) { - if (s->s3->client_opaque_prf_input != NULL && - s->s3->client_opaque_prf_input_len == - s->tlsext_opaque_prf_input_len) { - /* - * can only use this extension if we have a server opaque PRF - * input of the same length as the client opaque PRF input! - */ - - if (s->tlsext_opaque_prf_input_len == 0) { - /* dummy byte just to get non-NULL */ - s->s3->server_opaque_prf_input = OPENSSL_malloc(1); - } else { - s->s3->server_opaque_prf_input = - BUF_memdup(s->tlsext_opaque_prf_input, - s->tlsext_opaque_prf_input_len); - } - if (s->s3->server_opaque_prf_input == NULL) { - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_INTERNAL_ERROR; - goto err; - } - s->s3->server_opaque_prf_input_len = - s->tlsext_opaque_prf_input_len; - } - } - - if (r == 2 && s->s3->server_opaque_prf_input == NULL) { - /* - * The callback wants to enforce use of the extension, but we - * can't do that with the client opaque PRF input; abort the - * handshake. - */ - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_HANDSHAKE_FAILURE; - } - } - - err: -# endif switch (ret) { case SSL_TLSEXT_ERR_ALERT_FATAL: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -3057,32 +2850,6 @@ int ssl_check_serverhello_tlsext(SSL *s) s-> initial_ctx->tlsext_servername_arg); -# ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->server_opaque_prf_input_len > 0) { - /* - * This case may indicate that we, as a client, want to insist on - * using opaque PRF inputs. So first verify that we really have a - * value from the server too. - */ - - if (s->s3->server_opaque_prf_input == NULL) { - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_HANDSHAKE_FAILURE; - } - - /* - * Anytime the server *has* sent an opaque PRF input, we need to - * check that we have a client opaque PRF input of the same size. - */ - if (s->s3->client_opaque_prf_input == NULL || - s->s3->client_opaque_prf_input_len != - s->s3->server_opaque_prf_input_len) { - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_ILLEGAL_PARAMETER; - } - } -# endif - /* * If we've requested certificate status and we wont get one tell the * callback diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 49b767fd9b..26160ed09b 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -361,9 +361,6 @@ static ssl_trace_tbl ssl_exts_tbl[] = { {TLSEXT_TYPE_use_srtp, "use_srtp"}, {TLSEXT_TYPE_heartbeat, "heartbeat"}, {TLSEXT_TYPE_session_ticket, "session_ticket"}, -# ifdef TLSEXT_TYPE_opaque_prf_input - {TLSEXT_TYPE_opaque_prf_input, "opaque_prf_input"}, -# endif {TLSEXT_TYPE_renegotiate, "renegotiate"}, {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"}, {TLSEXT_TYPE_padding, "padding"} diff --git a/ssl/tls1.h b/ssl/tls1.h index 91c2cce7a2..1f756a4513 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -254,16 +254,6 @@ extern "C" { /* ExtensionType value from RFC4507 */ # define TLSEXT_TYPE_session_ticket 35 -/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */ -# if 0 -/* - * will have to be provided externally for now , - * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183 - * using whatever extension number you'd like to try - */ -# define TLSEXT_TYPE_opaque_prf_input ?? -# endif - /* Temporary extension type */ # define TLSEXT_TYPE_renegotiate 0xff01 @@ -394,13 +384,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) # define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) -# define SSL_set_tlsext_opaque_prf_input(s, src, len) \ -SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src) -# define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \ -SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb) -# define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \ -SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg) - # define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) |