Browse Source
Remove key_arg and key_arg_length from SSL_SESSION.
Remnants of SSLv2 support. Change-Id: If45035f1727f235e122121418770f75257b18026 Reviewed-on: https://boringssl-review.googlesource.com/1991 Reviewed-by: Adam Langley <agl@google.com>kris/onging/CECPQ3_patch15
David Benjamin
10 years ago
committed by
Adam Langley
Adam Langley
6 changed files with 2 additions and 33 deletions
Unified View
Diff Options
-
+0 -3include/openssl/ssl.h
-
+0 -2ssl/s3_enc.c
-
+2 -14ssl/ssl_asn1.c
-
+0 -1ssl/ssl_sess.c
-
+0 -10ssl/ssl_txt.c
-
+0 -3ssl/t1_enc.c
+ 0
- 3
include/openssl/ssl.h
View File
| @@ -392,9 +392,6 @@ struct ssl_session_st | |||||
| int ssl_version; /* what ssl version session info is | int ssl_version; /* what ssl version session info is | ||||
| * being kept in here? */ | * being kept in here? */ | ||||
| /* only really used in SSLv2 */ | |||||
| unsigned int key_arg_length; | |||||
| unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; | |||||
| int master_key_length; | int master_key_length; | ||||
| unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; | unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; | ||||
| /* session_id - valid? */ | /* session_id - valid? */ | ||||
+ 0
- 2
ssl/s3_enc.c
View File
| @@ -292,8 +292,6 @@ int ssl3_change_cipher_state(SSL *s, int which) | |||||
| memcpy(mac_secret,ms,i); | memcpy(mac_secret,ms,i); | ||||
| s->session->key_arg_length=0; | |||||
| EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)); | EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)); | ||||
| #ifdef OPENSSL_SSL_TRACE_CRYPTO | #ifdef OPENSSL_SSL_TRACE_CRYPTO | ||||
+ 2
- 14
ssl/ssl_asn1.c
View File
| @@ -108,7 +108,6 @@ typedef struct ssl_session_asn1_st | |||||
| ASN1_OCTET_STRING master_key; | ASN1_OCTET_STRING master_key; | ||||
| ASN1_OCTET_STRING session_id; | ASN1_OCTET_STRING session_id; | ||||
| ASN1_OCTET_STRING session_id_context; | ASN1_OCTET_STRING session_id_context; | ||||
| ASN1_OCTET_STRING key_arg; | |||||
| ASN1_INTEGER time; | ASN1_INTEGER time; | ||||
| ASN1_INTEGER timeout; | ASN1_INTEGER timeout; | ||||
| ASN1_INTEGER verify_result; | ASN1_INTEGER verify_result; | ||||
| @@ -187,10 +186,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||||
| a.session_id_context.type=V_ASN1_OCTET_STRING; | a.session_id_context.type=V_ASN1_OCTET_STRING; | ||||
| a.session_id_context.data=in->sid_ctx; | a.session_id_context.data=in->sid_ctx; | ||||
| a.key_arg.length=in->key_arg_length; | |||||
| a.key_arg.type=V_ASN1_OCTET_STRING; | |||||
| a.key_arg.data=in->key_arg; | |||||
| if (in->time != 0L) | if (in->time != 0L) | ||||
| { | { | ||||
| a.time.length=LSIZE2; | a.time.length=LSIZE2; | ||||
| @@ -282,8 +277,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||||
| M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING); | M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING); | ||||
| M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING); | M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING); | ||||
| M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); | M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); | ||||
| if (in->key_arg_length > 0) | |||||
| M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING); | |||||
| if (in->time != 0L) | if (in->time != 0L) | ||||
| M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); | M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); | ||||
| if (in->timeout != 0L) | if (in->timeout != 0L) | ||||
| @@ -321,8 +314,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||||
| M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING); | M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING); | ||||
| M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING); | M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING); | ||||
| M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); | M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); | ||||
| if (in->key_arg_length > 0) | |||||
| M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0); | |||||
| if (in->time != 0L) | if (in->time != 0L) | ||||
| M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); | M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); | ||||
| if (in->timeout != 0L) | if (in->timeout != 0L) | ||||
| @@ -448,12 +439,9 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, | |||||
| os.length=0; | os.length=0; | ||||
| /* [0] is the tag for key_arg, a no longer used remnant of | |||||
| * SSLv2. */ | |||||
| M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING); | M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING); | ||||
| if (os.length > SSL_MAX_KEY_ARG_LENGTH) | |||||
| ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH; | |||||
| else | |||||
| ret->key_arg_length=os.length; | |||||
| memcpy(ret->key_arg,os.data,ret->key_arg_length); | |||||
| if (os.data != NULL) OPENSSL_free(os.data); | if (os.data != NULL) OPENSSL_free(os.data); | ||||
| ai.length=0; | ai.length=0; | ||||
+ 0
- 1
ssl/ssl_sess.c
View File
| @@ -702,7 +702,6 @@ void SSL_SESSION_free(SSL_SESSION *ss) | |||||
| CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | ||||
| OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg); | |||||
| OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); | OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); | ||||
| OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); | OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); | ||||
| if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); | if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); | ||||
+ 0
- 10
ssl/ssl_txt.c
View File
| @@ -156,16 +156,6 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | |||||
| { | { | ||||
| if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err; | if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err; | ||||
| } | } | ||||
| if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err; | |||||
| if (x->key_arg_length == 0) | |||||
| { | |||||
| if (BIO_puts(bp,"None") <= 0) goto err; | |||||
| } | |||||
| else | |||||
| for (i=0; i<x->key_arg_length; i++) | |||||
| { | |||||
| if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err; | |||||
| } | |||||
| if (BIO_puts(bp,"\n PSK identity: ") <= 0) goto err; | if (BIO_puts(bp,"\n PSK identity: ") <= 0) goto err; | ||||
| if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err; | if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err; | ||||
| if (BIO_puts(bp,"\n PSK identity hint: ") <= 0) goto err; | if (BIO_puts(bp,"\n PSK identity hint: ") <= 0) goto err; | ||||
+ 0
- 3
ssl/t1_enc.c
View File
| @@ -546,9 +546,6 @@ int tls1_change_cipher_state(SSL *s, int which) | |||||
| if (!SSL_IS_DTLS(s)) | if (!SSL_IS_DTLS(s)) | ||||
| memset(is_read ? s->s3->read_sequence : s->s3->write_sequence, 0, 8); | memset(is_read ? s->s3->read_sequence : s->s3->write_sequence, 0, 8); | ||||
| /* key_arg is used for SSLv2. We don't need it for TLS. */ | |||||
| s->session->key_arg_length = 0; | |||||
| mac_secret_len = s->s3->tmp.new_mac_secret_size; | mac_secret_len = s->s3->tmp.new_mac_secret_size; | ||||
| if (aead != NULL) | if (aead != NULL) | ||||