Remove key_arg and key_arg_length from SSL_SESSION.

Remnants of SSLv2 support. Change-Id: If45035f1727f235e122121418770f75257b18026 Reviewed-on: https://boringssl-review.googlesource.com/1991 Reviewed-by: Adam Langley <agl@google.com>
10 anos atrás · d7a76e72c6
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -392,9 +392,6 @@ struct ssl_session_st
 	int ssl_version;	/* what ssl version session info is
 				 * being kept in here? */

 	/* only really used in SSLv2 */
 	unsigned int key_arg_length;
 	unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
 	int master_key_length;
 	unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
 	/* session_id - valid? */
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -292,8 +292,6 @@ int ssl3_change_cipher_state(SSL *s, int which)

 	memcpy(mac_secret,ms,i);

 	s->session->key_arg_length=0;

 	EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));

 #ifdef OPENSSL_SSL_TRACE_CRYPTO
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -108,7 +108,6 @@ typedef struct ssl_session_asn1_st
 	ASN1_OCTET_STRING master_key;
 	ASN1_OCTET_STRING session_id;
 	ASN1_OCTET_STRING session_id_context;
 	ASN1_OCTET_STRING key_arg;
 	ASN1_INTEGER time;
 	ASN1_INTEGER timeout;
 	ASN1_INTEGER verify_result;
@@ -187,10 +186,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 	a.session_id_context.type=V_ASN1_OCTET_STRING;
 	a.session_id_context.data=in->sid_ctx;

 	a.key_arg.length=in->key_arg_length;
 	a.key_arg.type=V_ASN1_OCTET_STRING;
 	a.key_arg.data=in->key_arg;

 	if (in->time != 0L)
 		{
 		a.time.length=LSIZE2;
@@ -282,8 +277,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 	M_ASN1_I2D_len(&(a.cipher),		i2d_ASN1_OCTET_STRING);
 	M_ASN1_I2D_len(&(a.session_id),		i2d_ASN1_OCTET_STRING);
 	M_ASN1_I2D_len(&(a.master_key),		i2d_ASN1_OCTET_STRING);
 	if (in->key_arg_length > 0)
 		M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
 	if (in->time != 0L)
 		M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
 	if (in->timeout != 0L)
@@ -321,8 +314,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 	M_ASN1_I2D_put(&(a.cipher),		i2d_ASN1_OCTET_STRING);
 	M_ASN1_I2D_put(&(a.session_id),		i2d_ASN1_OCTET_STRING);
 	M_ASN1_I2D_put(&(a.master_key),		i2d_ASN1_OCTET_STRING);
 	if (in->key_arg_length > 0)
 		M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
 	if (in->time != 0L)
 		M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
 	if (in->timeout != 0L)
@@ -448,12 +439,9 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,

 	os.length=0;

 	/* [0] is the tag for key_arg, a no longer used remnant of
 	 * SSLv2. */
 	M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
 	if (os.length > SSL_MAX_KEY_ARG_LENGTH)
 		ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
 	else
 		ret->key_arg_length=os.length;
 	memcpy(ret->key_arg,os.data,ret->key_arg_length);
 	if (os.data != NULL) OPENSSL_free(os.data);

 	ai.length=0;
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -702,7 +702,6 @@ void SSL_SESSION_free(SSL_SESSION *ss)

 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);

 	OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg);
 	OPENSSL_cleanse(ss->master_key,sizeof ss->master_key);
 	OPENSSL_cleanse(ss->session_id,sizeof ss->session_id);
 	if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@@ -156,16 +156,6 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
 		{
 		if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err;
 		}
 	if (BIO_puts(bp,"\n    Key-Arg   : ") <= 0) goto err;
 	if (x->key_arg_length == 0)
 		{
 		if (BIO_puts(bp,"None") <= 0) goto err;
 		}
 	else
 		for (i=0; i<x->key_arg_length; i++)
 			{
 			if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
 			}
 	if (BIO_puts(bp,"\n    PSK identity: ") <= 0) goto err;
 	if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err;
 	if (BIO_puts(bp,"\n    PSK identity hint: ") <= 0) goto err;
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -546,9 +546,6 @@ int tls1_change_cipher_state(SSL *s, int which)
 	if (!SSL_IS_DTLS(s))
 		memset(is_read ? s->s3->read_sequence : s->s3->write_sequence, 0, 8);

 	/* key_arg is used for SSLv2. We don't need it for TLS. */
 	s->session->key_arg_length = 0;

 	mac_secret_len = s->s3->tmp.new_mac_secret_size;

 	if (aead != NULL)