unifdef OPENSSL_NO_PSK.

Get those out of the way.

Change-Id: I4cc8c34cf637379ad734c43623f76ae72f22014e
Reviewed-on: https://boringssl-review.googlesource.com/1282
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2014-07-14 23:43:37 -04:00 committed by Adam Langley
parent 019c3cc64a
commit ff175b4a46
11 changed files with 0 additions and 82 deletions

View File

@ -438,10 +438,8 @@ struct ssl_session_st
unsigned int sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
#ifndef OPENSSL_NO_PSK
char *psk_identity_hint;
char *psk_identity;
#endif
/* Used to indicate that session resumption is not allowed.
* Applications can also set this bit for a new session via
* not_resumable_session_cb to disable session caching and tickets. */
@ -1011,14 +1009,12 @@ struct ssl_ctx_st
int (*tlsext_status_cb)(SSL *ssl, void *arg);
void *tlsext_status_arg;
#ifndef OPENSSL_NO_PSK
char *psk_identity_hint;
unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
unsigned int max_identity_len, unsigned char *psk,
unsigned int max_psk_len);
unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
unsigned char *psk, unsigned int max_psk_len);
#endif
#ifndef OPENSSL_NO_BUF_FREELISTS
#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
@ -1201,7 +1197,6 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
unsigned *len);
#ifndef OPENSSL_NO_PSK
/* the maximum length of the buffer given to callbacks containing the
* resulting identity/psk */
#define PSK_MAX_IDENTITY_LEN 128
@ -1224,7 +1219,6 @@ int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
const char *SSL_get_psk_identity_hint(const SSL *s);
const char *SSL_get_psk_identity(const SSL *s);
#endif
#define SSL_NOTHING 1
#define SSL_WRITING 2
@ -1372,7 +1366,6 @@ struct ssl_st
int error; /* error bytes to be written */
int error_code; /* actual code */
#ifndef OPENSSL_NO_PSK
/* PSK identity hint is stored here only to enable setting a hint on an SSL object before an
* SSL_SESSION is associated with it. Once an SSL_SESSION is associated with this SSL object,
* the psk_identity_hint from the session takes precedence over this one. */
@ -1382,7 +1375,6 @@ struct ssl_st
unsigned int max_psk_len);
unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
unsigned char *psk, unsigned int max_psk_len);
#endif
SSL_CTX *ctx;
/* set this flag to 1 and a sleep(1) is put into all SSL_read()

View File

@ -393,9 +393,7 @@ int dtls1_accept(SSL *s)
if (s->s3->tmp.use_rsa_tmp
/* PSK: send ServerKeyExchange if PSK identity
* hint if provided */
#ifndef OPENSSL_NO_PSK
|| ((alg_k & SSL_kPSK) && s->session->psk_identity_hint)
#endif
|| (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
|| (alg_k & SSL_kEECDH)
|| ((alg_k & SSL_kRSA)

View File

@ -1249,7 +1249,6 @@ int ssl3_get_server_key_exchange(SSL *s)
return -1;
}
#ifndef OPENSSL_NO_PSK
/* In plain PSK ciphersuite, ServerKeyExchange can be
omitted if no identity hint is sent. Set
session->sess_cert anyway to avoid problems
@ -1267,7 +1266,6 @@ int ssl3_get_server_key_exchange(SSL *s)
s->session->psk_identity_hint = NULL;
}
}
#endif
s->s3->tmp.reuse_message=1;
return(1);
}
@ -1308,7 +1306,6 @@ int ssl3_get_server_key_exchange(SSL *s)
alg_a=s->s3->tmp.new_cipher->algorithm_auth;
EVP_MD_CTX_init(&md_ctx);
#ifndef OPENSSL_NO_PSK
if (alg_a & SSL_aPSK)
{
CBS psk_identity_hint;
@ -1346,7 +1343,6 @@ int ssl3_get_server_key_exchange(SSL *s)
goto f_err;
}
}
#endif /* !OPENSSL_NO_PSK */
if (0) {}
else if (alg_k & SSL_kRSA)
@ -2010,10 +2006,8 @@ int ssl3_send_client_key_exchange(SSL *s)
unsigned char *encodedPoint = NULL;
int encoded_pt_len = 0;
BN_CTX * bn_ctx = NULL;
#ifndef OPENSSL_NO_PSK
unsigned int psk_len = 0;
unsigned char psk[PSK_MAX_PSK_LEN];
#endif /* OPENSSL_NO_PSK */
#endif /* OPENSSL_NO_ECDH */
if (s->state == SSL3_ST_CW_KEY_EXCH_A)
@ -2023,7 +2017,6 @@ int ssl3_send_client_key_exchange(SSL *s)
alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
alg_a=s->s3->tmp.new_cipher->algorithm_auth;
#ifndef OPENSSL_NO_PSK
if (alg_a & SSL_aPSK)
{
char identity[PSK_MAX_IDENTITY_LEN + 1];
@ -2100,7 +2093,6 @@ int ssl3_send_client_key_exchange(SSL *s)
goto err;
}
}
#endif
/* Fool emacs indentation */
if (0) {}
@ -2270,12 +2262,10 @@ int ssl3_send_client_key_exchange(SSL *s)
EC_KEY *tkey;
int ecdh_clnt_cert = 0;
int field_size = 0;
#ifndef OPENSSL_NO_PSK
unsigned char *pre_ms;
unsigned char *t;
unsigned int pre_ms_len;
unsigned int i;
#endif
if (s->session->sess_cert == NULL)
{
@ -2399,7 +2389,6 @@ int ssl3_send_client_key_exchange(SSL *s)
goto err;
}
#ifndef OPENSSL_NO_PSK
/* ECDHE PSK ciphersuites from RFC 5489 */
if ((alg_a & SSL_aPSK) && psk_len != 0)
{
@ -2423,7 +2412,6 @@ int ssl3_send_client_key_exchange(SSL *s)
OPENSSL_cleanse(pre_ms, pre_ms_len);
OPENSSL_free(pre_ms);
}
#endif /* OPENSSL_NO_PSK */
if (!(alg_a & SSL_aPSK))
{
/* generate master key from the result */
@ -2467,7 +2455,6 @@ int ssl3_send_client_key_exchange(SSL *s)
encodedPoint, encoded_pt_len, bn_ctx);
n = 0;
#ifndef OPENSSL_NO_PSK
if ((alg_a & SSL_aPSK) && psk_len != 0)
{
i = strlen(s->session->psk_identity);
@ -2476,7 +2463,6 @@ int ssl3_send_client_key_exchange(SSL *s)
p += i;
n = i + 2;
}
#endif
*p = encoded_pt_len; /* length of encoded point */
/* Encoded point will be copied here */

View File

@ -1368,7 +1368,6 @@ SSL_CIPHER ssl3_ciphers[]={
},
#endif /* OPENSSL_NO_CAMELLIA */
#ifndef OPENSSL_NO_PSK
/* Cipher 8A */
{
1,
@ -1432,7 +1431,6 @@ SSL_CIPHER ssl3_ciphers[]={
256,
256,
},
#endif /* OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_SEED
/* SEED ciphersuites from RFC4162 */
@ -2419,7 +2417,6 @@ SSL_CIPHER ssl3_ciphers[]={
256,
},
#ifndef OPENSSL_NO_PSK
/* ECDH PSK ciphersuites */
/* Cipher CAFE */
{
@ -2437,7 +2434,6 @@ SSL_CIPHER ssl3_ciphers[]={
128,
128,
},
#endif /* OPENSSL_NO_PSK */
#endif /* OPENSSL_NO_ECDH */
@ -3571,11 +3567,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
alg_k=c->algorithm_mkey;
alg_a=c->algorithm_auth;
#ifndef OPENSSL_NO_PSK
/* with PSK there must be server callback set */
if ((alg_a & SSL_aPSK) && s->psk_server_callback == NULL)
ok = 0;
#endif /* OPENSSL_NO_PSK */
if (SSL_C_IS_EXPORT(c))
{

View File

@ -402,9 +402,7 @@ int ssl3_accept(SSL *s)
/* PSK: send ServerKeyExchange if either:
* - PSK identity hint is provided, or
* - the key exchange is kEECDH. */
#ifndef OPENSSL_NO_PSK
|| ((alg_a & SSL_aPSK) && ((alg_k & SSL_kEECDH) || s->session->psk_identity_hint))
#endif
|| (alg_k & SSL_kEDH)
|| (alg_k & SSL_kEECDH)
|| ((alg_k & SSL_kRSA)
@ -1469,10 +1467,8 @@ int ssl3_send_server_key_exchange(SSL *s)
int curve_id = 0;
BN_CTX *bn_ctx = NULL;
#endif
#ifndef OPENSSL_NO_PSK
const char* psk_identity_hint;
size_t psk_identity_hint_len;
#endif
EVP_PKEY *pkey;
const EVP_MD *md = NULL;
unsigned char *p,*d;
@ -1497,7 +1493,6 @@ int ssl3_send_server_key_exchange(SSL *s)
r[0]=r[1]=r[2]=r[3]=NULL;
n=0;
#ifndef OPENSSL_NO_PSK
if (alg_a & SSL_aPSK)
{
/* size for PSK identity hint */
@ -1508,7 +1503,6 @@ int ssl3_send_server_key_exchange(SSL *s)
psk_identity_hint_len = 0;
n+=2+psk_identity_hint_len;
}
#endif /* !OPENSSL_NO_PSK */
if (alg_k & SSL_kRSA)
{
rsa=cert->rsa_tmp;
@ -1769,7 +1763,6 @@ int ssl3_send_server_key_exchange(SSL *s)
/* Note: ECDHE PSK ciphersuites use SSL_kEECDH and SSL_aPSK.
* When one of them is used, the server key exchange record needs to have both
* the psk_identity_hint and the ServerECDHParams. */
#ifndef OPENSSL_NO_PSK
if (alg_a & SSL_aPSK)
{
/* copy PSK identity hint (if provided) */
@ -1780,7 +1773,6 @@ int ssl3_send_server_key_exchange(SSL *s)
p+=psk_identity_hint_len;
}
}
#endif /* OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_ECDH
if (alg_k & SSL_kEECDH)
@ -2008,10 +2000,8 @@ int ssl3_get_client_key_exchange(SSL *s)
EVP_PKEY *clnt_pub_pkey = NULL;
EC_POINT *clnt_ecpoint = NULL;
BN_CTX *bn_ctx = NULL;
#ifndef OPENSSL_NO_PSK
unsigned int psk_len = 0;
unsigned char psk[PSK_MAX_PSK_LEN];
#endif /* OPENSSL_NO_PSK */
#endif
n=s->method->ssl_get_message(s,
@ -2027,7 +2017,6 @@ int ssl3_get_client_key_exchange(SSL *s)
alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
alg_a=s->s3->tmp.new_cipher->algorithm_auth;
#ifndef OPENSSL_NO_PSK
/* If using a PSK key exchange, prepare the pre-shared key. */
if (alg_a & SSL_aPSK)
{
@ -2082,7 +2071,6 @@ int ssl3_get_client_key_exchange(SSL *s)
goto f_err;
}
}
#endif /* OPENSSL_NO_PSK */
/* Depending on the key exchange method, compute |premaster_secret| and
* |premaster_secret_len|. Also, for DH and ECDH, set
@ -2520,7 +2508,6 @@ int ssl3_get_client_key_exchange(SSL *s)
premaster_secret_len = ecdh_len;
}
#endif
#ifndef OPENSSL_NO_PSK
else if (alg_k & SSL_kPSK)
{
/* For plain PSK, other_secret is a block of 0s with the same
@ -2534,7 +2521,6 @@ int ssl3_get_client_key_exchange(SSL *s)
}
memset(premaster_secret, 0, premaster_secret_len);
}
#endif /* !OPENSSL_NO_PSK */
else
{
al=SSL_AD_HANDSHAKE_FAILURE;
@ -2542,7 +2528,6 @@ int ssl3_get_client_key_exchange(SSL *s)
goto f_err;
}
#ifndef OPENSSL_NO_PSK
/* For a PSK cipher suite, the actual pre-master secret is combined with
* the pre-shared key. */
if (alg_a & SSL_aPSK)
@ -2572,7 +2557,6 @@ int ssl3_get_client_key_exchange(SSL *s)
premaster_secret = new_data;
premaster_secret_len = new_len;
}
#endif /* !OPENSSL_NO_PSK */
/* Compute the master secret */
s->session->master_key_length = s->method->ssl3_enc

View File

@ -115,10 +115,8 @@ typedef struct ssl_session_asn1_st
ASN1_OCTET_STRING tlsext_hostname;
ASN1_INTEGER tlsext_tick_lifetime;
ASN1_OCTET_STRING tlsext_tick;
#ifndef OPENSSL_NO_PSK
ASN1_OCTET_STRING psk_identity_hint;
ASN1_OCTET_STRING psk_identity;
#endif /* OPENSSL_NO_PSK */
ASN1_OCTET_STRING peer_sha256;
ASN1_OCTET_STRING original_handshake_hash;
} SSL_SESSION_ASN1;
@ -234,7 +232,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
a.tlsext_tick_lifetime.data=ibuf6;
ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint);
}
#ifndef OPENSSL_NO_PSK
if (in->psk_identity_hint)
{
a.psk_identity_hint.length=strlen(in->psk_identity_hint);
@ -261,7 +258,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
a.original_handshake_hash.type = V_ASN1_OCTET_STRING;
a.original_handshake_hash.data = in->original_handshake_hash;
}
#endif /* OPENSSL_NO_PSK */
M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
@ -286,12 +282,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
if (in->tlsext_hostname)
M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
#ifndef OPENSSL_NO_PSK
if (in->psk_identity_hint)
M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7);
if (in->psk_identity)
M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
#endif /* OPENSSL_NO_PSK */
if (in->peer_sha256_valid)
M_ASN1_I2D_len_EXP_opt(&(a.peer_sha256),i2d_ASN1_OCTET_STRING,13,v13);
if (in->original_handshake_hash_len > 0)
@ -318,12 +312,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
if (in->tlsext_hostname)
M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
#ifndef OPENSSL_NO_PSK
if (in->psk_identity_hint)
M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7);
if (in->psk_identity)
M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
#endif /* OPENSSL_NO_PSK */
if (in->tlsext_tick_lifetime_hint > 0)
M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
if (in->tlsext_tick)
@ -502,7 +494,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
else
ret->tlsext_hostname=NULL;
#ifndef OPENSSL_NO_PSK
os.length=0;
os.data=NULL;
M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7);
@ -528,7 +519,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
}
else
ret->psk_identity=NULL;
#endif /* OPENSSL_NO_PSK */
ai.length=0;
M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9);

View File

@ -580,10 +580,6 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
*mkey |= SSL_kECDHe|SSL_kECDHr;
*auth |= SSL_aECDH;
#endif
#ifdef OPENSSL_NO_PSK
*mkey |= SSL_kPSK;
*auth |= SSL_aPSK;
#endif
#ifdef SSL_FORBID_ENULL
*enc |= SSL_eNULL;
#endif

View File

@ -396,7 +396,6 @@ SSL *SSL_new(SSL_CTX *ctx)
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
#ifndef OPENSSL_NO_PSK
s->psk_identity_hint = NULL;
if (ctx->psk_identity_hint)
{
@ -406,7 +405,6 @@ SSL *SSL_new(SSL_CTX *ctx)
}
s->psk_client_callback=ctx->psk_client_callback;
s->psk_server_callback=ctx->psk_server_callback;
#endif
return(s);
err:
@ -693,10 +691,8 @@ void SSL_free(SSL *s)
if (s->tlsext_channel_id_private)
EVP_PKEY_free(s->tlsext_channel_id_private);
#ifndef OPENSSL_NO_PSK
if (s->psk_identity_hint)
OPENSSL_free(s->psk_identity_hint);
#endif
if (s->client_CA != NULL)
sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
@ -2016,11 +2012,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret->next_protos_advertised_cb = 0;
ret->next_proto_select_cb = 0;
# endif
#ifndef OPENSSL_NO_PSK
ret->psk_identity_hint=NULL;
ret->psk_client_callback=NULL;
ret->psk_server_callback=NULL;
#endif
#ifndef OPENSSL_NO_BUF_FREELISTS
ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
@ -2143,10 +2137,8 @@ void SSL_CTX_free(SSL_CTX *a)
if (a->srtp_profiles)
sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
#ifndef OPENSSL_NO_PSK
if (a->psk_identity_hint)
OPENSSL_free(a->psk_identity_hint);
#endif
/* TODO(fork): remove. */
#if 0
@ -2396,12 +2388,10 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
}
#endif
#ifndef OPENSSL_NO_PSK
mask_k |= SSL_kPSK;
mask_a |= SSL_aPSK;
emask_k |= SSL_kPSK;
emask_a |= SSL_aPSK;
#endif
c->mask_k=mask_k;
c->mask_a=mask_a;
@ -3175,7 +3165,6 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
}
#endif
#ifndef OPENSSL_NO_PSK
int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
{
if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
@ -3287,7 +3276,6 @@ void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
{
ctx->psk_server_callback = cb;
}
#endif
void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
{

View File

@ -221,10 +221,8 @@ SSL_SESSION *SSL_SESSION_new(void)
ss->tlsext_ellipticcurvelist = NULL;
#endif
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
#ifndef OPENSSL_NO_PSK
ss->psk_identity_hint=NULL;
ss->psk_identity=NULL;
#endif
return(ss);
}
@ -391,7 +389,6 @@ int ssl_get_new_session(SSL *s, int session)
return 0;
}
}
#ifndef OPENSSL_NO_PSK
if (s->psk_identity_hint)
{
ss->psk_identity_hint = BUF_strdup(s->psk_identity_hint);
@ -402,7 +399,6 @@ int ssl_get_new_session(SSL *s, int session)
return 0;
}
}
#endif
}
else
{
@ -741,12 +737,10 @@ void SSL_SESSION_free(SSL_SESSION *ss)
ss->tlsext_ellipticcurvelist_length = 0;
if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist);
#endif /* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_PSK
if (ss->psk_identity_hint != NULL)
OPENSSL_free(ss->psk_identity_hint);
if (ss->psk_identity != NULL)
OPENSSL_free(ss->psk_identity);
#endif
OPENSSL_cleanse(ss,sizeof(*ss));
OPENSSL_free(ss);
}

View File

@ -168,12 +168,10 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
{
if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
}
#ifndef OPENSSL_NO_PSK
if (BIO_puts(bp,"\n PSK identity: ") <= 0) goto err;
if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err;
if (BIO_puts(bp,"\n PSK identity hint: ") <= 0) goto err;
if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err;
#endif
if (x->tlsext_tick_lifetime_hint)
{
if (BIO_printf(bp,

View File

@ -1117,14 +1117,12 @@ void ssl_set_client_disabled(SSL *s)
c->mask_a |= SSL_aECDSA;
c->mask_k |= SSL_kECDHe;
}
#ifndef OPENSSL_NO_PSK
/* with PSK there must be client callback set */
if (!s->psk_client_callback)
{
c->mask_a |= SSL_aPSK;
c->mask_k |= SSL_kPSK;
}
#endif /* OPENSSL_NO_PSK */
c->valid = 1;
}