Remnants of SSLv2 support. Change-Id: If45035f1727f235e122121418770f75257b18026 Reviewed-on: https://boringssl-review.googlesource.com/1991 Reviewed-by: Adam Langley <agl@google.com>kris/onging/CECPQ3_patch15
@@ -392,9 +392,6 @@ struct ssl_session_st | |||||
int ssl_version; /* what ssl version session info is | int ssl_version; /* what ssl version session info is | ||||
* being kept in here? */ | * being kept in here? */ | ||||
/* only really used in SSLv2 */ | |||||
unsigned int key_arg_length; | |||||
unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; | |||||
int master_key_length; | int master_key_length; | ||||
unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; | unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; | ||||
/* session_id - valid? */ | /* session_id - valid? */ | ||||
@@ -292,8 +292,6 @@ int ssl3_change_cipher_state(SSL *s, int which) | |||||
memcpy(mac_secret,ms,i); | memcpy(mac_secret,ms,i); | ||||
s->session->key_arg_length=0; | |||||
EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)); | EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)); | ||||
#ifdef OPENSSL_SSL_TRACE_CRYPTO | #ifdef OPENSSL_SSL_TRACE_CRYPTO | ||||
@@ -108,7 +108,6 @@ typedef struct ssl_session_asn1_st | |||||
ASN1_OCTET_STRING master_key; | ASN1_OCTET_STRING master_key; | ||||
ASN1_OCTET_STRING session_id; | ASN1_OCTET_STRING session_id; | ||||
ASN1_OCTET_STRING session_id_context; | ASN1_OCTET_STRING session_id_context; | ||||
ASN1_OCTET_STRING key_arg; | |||||
ASN1_INTEGER time; | ASN1_INTEGER time; | ||||
ASN1_INTEGER timeout; | ASN1_INTEGER timeout; | ||||
ASN1_INTEGER verify_result; | ASN1_INTEGER verify_result; | ||||
@@ -187,10 +186,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||||
a.session_id_context.type=V_ASN1_OCTET_STRING; | a.session_id_context.type=V_ASN1_OCTET_STRING; | ||||
a.session_id_context.data=in->sid_ctx; | a.session_id_context.data=in->sid_ctx; | ||||
a.key_arg.length=in->key_arg_length; | |||||
a.key_arg.type=V_ASN1_OCTET_STRING; | |||||
a.key_arg.data=in->key_arg; | |||||
if (in->time != 0L) | if (in->time != 0L) | ||||
{ | { | ||||
a.time.length=LSIZE2; | a.time.length=LSIZE2; | ||||
@@ -282,8 +277,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||||
M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING); | M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING); | ||||
M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING); | M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING); | ||||
M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); | M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); | ||||
if (in->key_arg_length > 0) | |||||
M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING); | |||||
if (in->time != 0L) | if (in->time != 0L) | ||||
M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); | M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); | ||||
if (in->timeout != 0L) | if (in->timeout != 0L) | ||||
@@ -321,8 +314,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||||
M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING); | M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING); | ||||
M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING); | M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING); | ||||
M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); | M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); | ||||
if (in->key_arg_length > 0) | |||||
M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0); | |||||
if (in->time != 0L) | if (in->time != 0L) | ||||
M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); | M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); | ||||
if (in->timeout != 0L) | if (in->timeout != 0L) | ||||
@@ -448,12 +439,9 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, | |||||
os.length=0; | os.length=0; | ||||
/* [0] is the tag for key_arg, a no longer used remnant of | |||||
* SSLv2. */ | |||||
M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING); | M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING); | ||||
if (os.length > SSL_MAX_KEY_ARG_LENGTH) | |||||
ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH; | |||||
else | |||||
ret->key_arg_length=os.length; | |||||
memcpy(ret->key_arg,os.data,ret->key_arg_length); | |||||
if (os.data != NULL) OPENSSL_free(os.data); | if (os.data != NULL) OPENSSL_free(os.data); | ||||
ai.length=0; | ai.length=0; | ||||
@@ -702,7 +702,6 @@ void SSL_SESSION_free(SSL_SESSION *ss) | |||||
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | ||||
OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg); | |||||
OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); | OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); | ||||
OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); | OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); | ||||
if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); | if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); | ||||
@@ -156,16 +156,6 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | |||||
{ | { | ||||
if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err; | if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err; | ||||
} | } | ||||
if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err; | |||||
if (x->key_arg_length == 0) | |||||
{ | |||||
if (BIO_puts(bp,"None") <= 0) goto err; | |||||
} | |||||
else | |||||
for (i=0; i<x->key_arg_length; i++) | |||||
{ | |||||
if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err; | |||||
} | |||||
if (BIO_puts(bp,"\n PSK identity: ") <= 0) goto err; | if (BIO_puts(bp,"\n PSK identity: ") <= 0) goto err; | ||||
if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err; | if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err; | ||||
if (BIO_puts(bp,"\n PSK identity hint: ") <= 0) goto err; | if (BIO_puts(bp,"\n PSK identity hint: ") <= 0) goto err; | ||||
@@ -546,9 +546,6 @@ int tls1_change_cipher_state(SSL *s, int which) | |||||
if (!SSL_IS_DTLS(s)) | if (!SSL_IS_DTLS(s)) | ||||
memset(is_read ? s->s3->read_sequence : s->s3->write_sequence, 0, 8); | memset(is_read ? s->s3->read_sequence : s->s3->write_sequence, 0, 8); | ||||
/* key_arg is used for SSLv2. We don't need it for TLS. */ | |||||
s->session->key_arg_length = 0; | |||||
mac_secret_len = s->s3->tmp.new_mac_secret_size; | mac_secret_len = s->s3->tmp.new_mac_secret_size; | ||||
if (aead != NULL) | if (aead != NULL) | ||||