Get those out of the way. Change-Id: I4cc8c34cf637379ad734c43623f76ae72f22014e Reviewed-on: https://boringssl-review.googlesource.com/1282 Reviewed-by: Adam Langley <agl@google.com>kris/onging/CECPQ3_patch15
@@ -438,10 +438,8 @@ struct ssl_session_st | |||
unsigned int sid_ctx_length; | |||
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; | |||
#ifndef OPENSSL_NO_PSK | |||
char *psk_identity_hint; | |||
char *psk_identity; | |||
#endif | |||
/* Used to indicate that session resumption is not allowed. | |||
* Applications can also set this bit for a new session via | |||
* not_resumable_session_cb to disable session caching and tickets. */ | |||
@@ -1011,14 +1009,12 @@ struct ssl_ctx_st | |||
int (*tlsext_status_cb)(SSL *ssl, void *arg); | |||
void *tlsext_status_arg; | |||
#ifndef OPENSSL_NO_PSK | |||
char *psk_identity_hint; | |||
unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, | |||
unsigned int max_identity_len, unsigned char *psk, | |||
unsigned int max_psk_len); | |||
unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, | |||
unsigned char *psk, unsigned int max_psk_len); | |||
#endif | |||
#ifndef OPENSSL_NO_BUF_FREELISTS | |||
#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 | |||
@@ -1201,7 +1197,6 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx, | |||
void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, | |||
unsigned *len); | |||
#ifndef OPENSSL_NO_PSK | |||
/* the maximum length of the buffer given to callbacks containing the | |||
* resulting identity/psk */ | |||
#define PSK_MAX_IDENTITY_LEN 128 | |||
@@ -1224,7 +1219,6 @@ int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); | |||
int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); | |||
const char *SSL_get_psk_identity_hint(const SSL *s); | |||
const char *SSL_get_psk_identity(const SSL *s); | |||
#endif | |||
#define SSL_NOTHING 1 | |||
#define SSL_WRITING 2 | |||
@@ -1372,7 +1366,6 @@ struct ssl_st | |||
int error; /* error bytes to be written */ | |||
int error_code; /* actual code */ | |||
#ifndef OPENSSL_NO_PSK | |||
/* PSK identity hint is stored here only to enable setting a hint on an SSL object before an | |||
* SSL_SESSION is associated with it. Once an SSL_SESSION is associated with this SSL object, | |||
* the psk_identity_hint from the session takes precedence over this one. */ | |||
@@ -1382,7 +1375,6 @@ struct ssl_st | |||
unsigned int max_psk_len); | |||
unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, | |||
unsigned char *psk, unsigned int max_psk_len); | |||
#endif | |||
SSL_CTX *ctx; | |||
/* set this flag to 1 and a sleep(1) is put into all SSL_read() | |||
@@ -393,9 +393,7 @@ int dtls1_accept(SSL *s) | |||
if (s->s3->tmp.use_rsa_tmp | |||
/* PSK: send ServerKeyExchange if PSK identity | |||
* hint if provided */ | |||
#ifndef OPENSSL_NO_PSK | |||
|| ((alg_k & SSL_kPSK) && s->session->psk_identity_hint) | |||
#endif | |||
|| (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) | |||
|| (alg_k & SSL_kEECDH) | |||
|| ((alg_k & SSL_kRSA) | |||
@@ -1249,7 +1249,6 @@ int ssl3_get_server_key_exchange(SSL *s) | |||
return -1; | |||
} | |||
#ifndef OPENSSL_NO_PSK | |||
/* In plain PSK ciphersuite, ServerKeyExchange can be | |||
omitted if no identity hint is sent. Set | |||
session->sess_cert anyway to avoid problems | |||
@@ -1267,7 +1266,6 @@ int ssl3_get_server_key_exchange(SSL *s) | |||
s->session->psk_identity_hint = NULL; | |||
} | |||
} | |||
#endif | |||
s->s3->tmp.reuse_message=1; | |||
return(1); | |||
} | |||
@@ -1308,7 +1306,6 @@ int ssl3_get_server_key_exchange(SSL *s) | |||
alg_a=s->s3->tmp.new_cipher->algorithm_auth; | |||
EVP_MD_CTX_init(&md_ctx); | |||
#ifndef OPENSSL_NO_PSK | |||
if (alg_a & SSL_aPSK) | |||
{ | |||
CBS psk_identity_hint; | |||
@@ -1346,7 +1343,6 @@ int ssl3_get_server_key_exchange(SSL *s) | |||
goto f_err; | |||
} | |||
} | |||
#endif /* !OPENSSL_NO_PSK */ | |||
if (0) {} | |||
else if (alg_k & SSL_kRSA) | |||
@@ -2010,10 +2006,8 @@ int ssl3_send_client_key_exchange(SSL *s) | |||
unsigned char *encodedPoint = NULL; | |||
int encoded_pt_len = 0; | |||
BN_CTX * bn_ctx = NULL; | |||
#ifndef OPENSSL_NO_PSK | |||
unsigned int psk_len = 0; | |||
unsigned char psk[PSK_MAX_PSK_LEN]; | |||
#endif /* OPENSSL_NO_PSK */ | |||
#endif /* OPENSSL_NO_ECDH */ | |||
if (s->state == SSL3_ST_CW_KEY_EXCH_A) | |||
@@ -2023,7 +2017,6 @@ int ssl3_send_client_key_exchange(SSL *s) | |||
alg_k=s->s3->tmp.new_cipher->algorithm_mkey; | |||
alg_a=s->s3->tmp.new_cipher->algorithm_auth; | |||
#ifndef OPENSSL_NO_PSK | |||
if (alg_a & SSL_aPSK) | |||
{ | |||
char identity[PSK_MAX_IDENTITY_LEN + 1]; | |||
@@ -2100,7 +2093,6 @@ int ssl3_send_client_key_exchange(SSL *s) | |||
goto err; | |||
} | |||
} | |||
#endif | |||
/* Fool emacs indentation */ | |||
if (0) {} | |||
@@ -2270,12 +2262,10 @@ int ssl3_send_client_key_exchange(SSL *s) | |||
EC_KEY *tkey; | |||
int ecdh_clnt_cert = 0; | |||
int field_size = 0; | |||
#ifndef OPENSSL_NO_PSK | |||
unsigned char *pre_ms; | |||
unsigned char *t; | |||
unsigned int pre_ms_len; | |||
unsigned int i; | |||
#endif | |||
if (s->session->sess_cert == NULL) | |||
{ | |||
@@ -2399,7 +2389,6 @@ int ssl3_send_client_key_exchange(SSL *s) | |||
goto err; | |||
} | |||
#ifndef OPENSSL_NO_PSK | |||
/* ECDHE PSK ciphersuites from RFC 5489 */ | |||
if ((alg_a & SSL_aPSK) && psk_len != 0) | |||
{ | |||
@@ -2423,7 +2412,6 @@ int ssl3_send_client_key_exchange(SSL *s) | |||
OPENSSL_cleanse(pre_ms, pre_ms_len); | |||
OPENSSL_free(pre_ms); | |||
} | |||
#endif /* OPENSSL_NO_PSK */ | |||
if (!(alg_a & SSL_aPSK)) | |||
{ | |||
/* generate master key from the result */ | |||
@@ -2467,7 +2455,6 @@ int ssl3_send_client_key_exchange(SSL *s) | |||
encodedPoint, encoded_pt_len, bn_ctx); | |||
n = 0; | |||
#ifndef OPENSSL_NO_PSK | |||
if ((alg_a & SSL_aPSK) && psk_len != 0) | |||
{ | |||
i = strlen(s->session->psk_identity); | |||
@@ -2476,7 +2463,6 @@ int ssl3_send_client_key_exchange(SSL *s) | |||
p += i; | |||
n = i + 2; | |||
} | |||
#endif | |||
*p = encoded_pt_len; /* length of encoded point */ | |||
/* Encoded point will be copied here */ | |||
@@ -1368,7 +1368,6 @@ SSL_CIPHER ssl3_ciphers[]={ | |||
}, | |||
#endif /* OPENSSL_NO_CAMELLIA */ | |||
#ifndef OPENSSL_NO_PSK | |||
/* Cipher 8A */ | |||
{ | |||
1, | |||
@@ -1432,7 +1431,6 @@ SSL_CIPHER ssl3_ciphers[]={ | |||
256, | |||
256, | |||
}, | |||
#endif /* OPENSSL_NO_PSK */ | |||
#ifndef OPENSSL_NO_SEED | |||
/* SEED ciphersuites from RFC4162 */ | |||
@@ -2419,7 +2417,6 @@ SSL_CIPHER ssl3_ciphers[]={ | |||
256, | |||
}, | |||
#ifndef OPENSSL_NO_PSK | |||
/* ECDH PSK ciphersuites */ | |||
/* Cipher CAFE */ | |||
{ | |||
@@ -2437,7 +2434,6 @@ SSL_CIPHER ssl3_ciphers[]={ | |||
128, | |||
128, | |||
}, | |||
#endif /* OPENSSL_NO_PSK */ | |||
#endif /* OPENSSL_NO_ECDH */ | |||
@@ -3571,11 +3567,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, | |||
alg_k=c->algorithm_mkey; | |||
alg_a=c->algorithm_auth; | |||
#ifndef OPENSSL_NO_PSK | |||
/* with PSK there must be server callback set */ | |||
if ((alg_a & SSL_aPSK) && s->psk_server_callback == NULL) | |||
ok = 0; | |||
#endif /* OPENSSL_NO_PSK */ | |||
if (SSL_C_IS_EXPORT(c)) | |||
{ | |||
@@ -402,9 +402,7 @@ int ssl3_accept(SSL *s) | |||
/* PSK: send ServerKeyExchange if either: | |||
* - PSK identity hint is provided, or | |||
* - the key exchange is kEECDH. */ | |||
#ifndef OPENSSL_NO_PSK | |||
|| ((alg_a & SSL_aPSK) && ((alg_k & SSL_kEECDH) || s->session->psk_identity_hint)) | |||
#endif | |||
|| (alg_k & SSL_kEDH) | |||
|| (alg_k & SSL_kEECDH) | |||
|| ((alg_k & SSL_kRSA) | |||
@@ -1469,10 +1467,8 @@ int ssl3_send_server_key_exchange(SSL *s) | |||
int curve_id = 0; | |||
BN_CTX *bn_ctx = NULL; | |||
#endif | |||
#ifndef OPENSSL_NO_PSK | |||
const char* psk_identity_hint; | |||
size_t psk_identity_hint_len; | |||
#endif | |||
EVP_PKEY *pkey; | |||
const EVP_MD *md = NULL; | |||
unsigned char *p,*d; | |||
@@ -1497,7 +1493,6 @@ int ssl3_send_server_key_exchange(SSL *s) | |||
r[0]=r[1]=r[2]=r[3]=NULL; | |||
n=0; | |||
#ifndef OPENSSL_NO_PSK | |||
if (alg_a & SSL_aPSK) | |||
{ | |||
/* size for PSK identity hint */ | |||
@@ -1508,7 +1503,6 @@ int ssl3_send_server_key_exchange(SSL *s) | |||
psk_identity_hint_len = 0; | |||
n+=2+psk_identity_hint_len; | |||
} | |||
#endif /* !OPENSSL_NO_PSK */ | |||
if (alg_k & SSL_kRSA) | |||
{ | |||
rsa=cert->rsa_tmp; | |||
@@ -1769,7 +1763,6 @@ int ssl3_send_server_key_exchange(SSL *s) | |||
/* Note: ECDHE PSK ciphersuites use SSL_kEECDH and SSL_aPSK. | |||
* When one of them is used, the server key exchange record needs to have both | |||
* the psk_identity_hint and the ServerECDHParams. */ | |||
#ifndef OPENSSL_NO_PSK | |||
if (alg_a & SSL_aPSK) | |||
{ | |||
/* copy PSK identity hint (if provided) */ | |||
@@ -1780,7 +1773,6 @@ int ssl3_send_server_key_exchange(SSL *s) | |||
p+=psk_identity_hint_len; | |||
} | |||
} | |||
#endif /* OPENSSL_NO_PSK */ | |||
#ifndef OPENSSL_NO_ECDH | |||
if (alg_k & SSL_kEECDH) | |||
@@ -2008,10 +2000,8 @@ int ssl3_get_client_key_exchange(SSL *s) | |||
EVP_PKEY *clnt_pub_pkey = NULL; | |||
EC_POINT *clnt_ecpoint = NULL; | |||
BN_CTX *bn_ctx = NULL; | |||
#ifndef OPENSSL_NO_PSK | |||
unsigned int psk_len = 0; | |||
unsigned char psk[PSK_MAX_PSK_LEN]; | |||
#endif /* OPENSSL_NO_PSK */ | |||
#endif | |||
n=s->method->ssl_get_message(s, | |||
@@ -2027,7 +2017,6 @@ int ssl3_get_client_key_exchange(SSL *s) | |||
alg_k=s->s3->tmp.new_cipher->algorithm_mkey; | |||
alg_a=s->s3->tmp.new_cipher->algorithm_auth; | |||
#ifndef OPENSSL_NO_PSK | |||
/* If using a PSK key exchange, prepare the pre-shared key. */ | |||
if (alg_a & SSL_aPSK) | |||
{ | |||
@@ -2082,7 +2071,6 @@ int ssl3_get_client_key_exchange(SSL *s) | |||
goto f_err; | |||
} | |||
} | |||
#endif /* OPENSSL_NO_PSK */ | |||
/* Depending on the key exchange method, compute |premaster_secret| and | |||
* |premaster_secret_len|. Also, for DH and ECDH, set | |||
@@ -2520,7 +2508,6 @@ int ssl3_get_client_key_exchange(SSL *s) | |||
premaster_secret_len = ecdh_len; | |||
} | |||
#endif | |||
#ifndef OPENSSL_NO_PSK | |||
else if (alg_k & SSL_kPSK) | |||
{ | |||
/* For plain PSK, other_secret is a block of 0s with the same | |||
@@ -2534,7 +2521,6 @@ int ssl3_get_client_key_exchange(SSL *s) | |||
} | |||
memset(premaster_secret, 0, premaster_secret_len); | |||
} | |||
#endif /* !OPENSSL_NO_PSK */ | |||
else | |||
{ | |||
al=SSL_AD_HANDSHAKE_FAILURE; | |||
@@ -2542,7 +2528,6 @@ int ssl3_get_client_key_exchange(SSL *s) | |||
goto f_err; | |||
} | |||
#ifndef OPENSSL_NO_PSK | |||
/* For a PSK cipher suite, the actual pre-master secret is combined with | |||
* the pre-shared key. */ | |||
if (alg_a & SSL_aPSK) | |||
@@ -2572,7 +2557,6 @@ int ssl3_get_client_key_exchange(SSL *s) | |||
premaster_secret = new_data; | |||
premaster_secret_len = new_len; | |||
} | |||
#endif /* !OPENSSL_NO_PSK */ | |||
/* Compute the master secret */ | |||
s->session->master_key_length = s->method->ssl3_enc | |||
@@ -115,10 +115,8 @@ typedef struct ssl_session_asn1_st | |||
ASN1_OCTET_STRING tlsext_hostname; | |||
ASN1_INTEGER tlsext_tick_lifetime; | |||
ASN1_OCTET_STRING tlsext_tick; | |||
#ifndef OPENSSL_NO_PSK | |||
ASN1_OCTET_STRING psk_identity_hint; | |||
ASN1_OCTET_STRING psk_identity; | |||
#endif /* OPENSSL_NO_PSK */ | |||
ASN1_OCTET_STRING peer_sha256; | |||
ASN1_OCTET_STRING original_handshake_hash; | |||
} SSL_SESSION_ASN1; | |||
@@ -234,7 +232,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
a.tlsext_tick_lifetime.data=ibuf6; | |||
ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint); | |||
} | |||
#ifndef OPENSSL_NO_PSK | |||
if (in->psk_identity_hint) | |||
{ | |||
a.psk_identity_hint.length=strlen(in->psk_identity_hint); | |||
@@ -261,7 +258,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
a.original_handshake_hash.type = V_ASN1_OCTET_STRING; | |||
a.original_handshake_hash.data = in->original_handshake_hash; | |||
} | |||
#endif /* OPENSSL_NO_PSK */ | |||
M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); | |||
M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER); | |||
@@ -286,12 +282,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); | |||
if (in->tlsext_hostname) | |||
M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); | |||
#ifndef OPENSSL_NO_PSK | |||
if (in->psk_identity_hint) | |||
M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); | |||
if (in->psk_identity) | |||
M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); | |||
#endif /* OPENSSL_NO_PSK */ | |||
if (in->peer_sha256_valid) | |||
M_ASN1_I2D_len_EXP_opt(&(a.peer_sha256),i2d_ASN1_OCTET_STRING,13,v13); | |||
if (in->original_handshake_hash_len > 0) | |||
@@ -318,12 +312,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5); | |||
if (in->tlsext_hostname) | |||
M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); | |||
#ifndef OPENSSL_NO_PSK | |||
if (in->psk_identity_hint) | |||
M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); | |||
if (in->psk_identity) | |||
M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); | |||
#endif /* OPENSSL_NO_PSK */ | |||
if (in->tlsext_tick_lifetime_hint > 0) | |||
M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); | |||
if (in->tlsext_tick) | |||
@@ -502,7 +494,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, | |||
else | |||
ret->tlsext_hostname=NULL; | |||
#ifndef OPENSSL_NO_PSK | |||
os.length=0; | |||
os.data=NULL; | |||
M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7); | |||
@@ -528,7 +519,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, | |||
} | |||
else | |||
ret->psk_identity=NULL; | |||
#endif /* OPENSSL_NO_PSK */ | |||
ai.length=0; | |||
M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9); | |||
@@ -580,10 +580,6 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un | |||
*mkey |= SSL_kECDHe|SSL_kECDHr; | |||
*auth |= SSL_aECDH; | |||
#endif | |||
#ifdef OPENSSL_NO_PSK | |||
*mkey |= SSL_kPSK; | |||
*auth |= SSL_aPSK; | |||
#endif | |||
#ifdef SSL_FORBID_ENULL | |||
*enc |= SSL_eNULL; | |||
#endif | |||
@@ -396,7 +396,6 @@ SSL *SSL_new(SSL_CTX *ctx) | |||
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); | |||
#ifndef OPENSSL_NO_PSK | |||
s->psk_identity_hint = NULL; | |||
if (ctx->psk_identity_hint) | |||
{ | |||
@@ -406,7 +405,6 @@ SSL *SSL_new(SSL_CTX *ctx) | |||
} | |||
s->psk_client_callback=ctx->psk_client_callback; | |||
s->psk_server_callback=ctx->psk_server_callback; | |||
#endif | |||
return(s); | |||
err: | |||
@@ -693,10 +691,8 @@ void SSL_free(SSL *s) | |||
if (s->tlsext_channel_id_private) | |||
EVP_PKEY_free(s->tlsext_channel_id_private); | |||
#ifndef OPENSSL_NO_PSK | |||
if (s->psk_identity_hint) | |||
OPENSSL_free(s->psk_identity_hint); | |||
#endif | |||
if (s->client_CA != NULL) | |||
sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); | |||
@@ -2016,11 +2012,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
ret->next_protos_advertised_cb = 0; | |||
ret->next_proto_select_cb = 0; | |||
# endif | |||
#ifndef OPENSSL_NO_PSK | |||
ret->psk_identity_hint=NULL; | |||
ret->psk_client_callback=NULL; | |||
ret->psk_server_callback=NULL; | |||
#endif | |||
#ifndef OPENSSL_NO_BUF_FREELISTS | |||
ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT; | |||
ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); | |||
@@ -2143,10 +2137,8 @@ void SSL_CTX_free(SSL_CTX *a) | |||
if (a->srtp_profiles) | |||
sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); | |||
#ifndef OPENSSL_NO_PSK | |||
if (a->psk_identity_hint) | |||
OPENSSL_free(a->psk_identity_hint); | |||
#endif | |||
/* TODO(fork): remove. */ | |||
#if 0 | |||
@@ -2396,12 +2388,10 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
} | |||
#endif | |||
#ifndef OPENSSL_NO_PSK | |||
mask_k |= SSL_kPSK; | |||
mask_a |= SSL_aPSK; | |||
emask_k |= SSL_kPSK; | |||
emask_a |= SSL_aPSK; | |||
#endif | |||
c->mask_k=mask_k; | |||
c->mask_a=mask_a; | |||
@@ -3175,7 +3165,6 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export, | |||
} | |||
#endif | |||
#ifndef OPENSSL_NO_PSK | |||
int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) | |||
{ | |||
if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) | |||
@@ -3287,7 +3276,6 @@ void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, | |||
{ | |||
ctx->psk_server_callback = cb; | |||
} | |||
#endif | |||
void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | |||
{ | |||
@@ -221,10 +221,8 @@ SSL_SESSION *SSL_SESSION_new(void) | |||
ss->tlsext_ellipticcurvelist = NULL; | |||
#endif | |||
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | |||
#ifndef OPENSSL_NO_PSK | |||
ss->psk_identity_hint=NULL; | |||
ss->psk_identity=NULL; | |||
#endif | |||
return(ss); | |||
} | |||
@@ -391,7 +389,6 @@ int ssl_get_new_session(SSL *s, int session) | |||
return 0; | |||
} | |||
} | |||
#ifndef OPENSSL_NO_PSK | |||
if (s->psk_identity_hint) | |||
{ | |||
ss->psk_identity_hint = BUF_strdup(s->psk_identity_hint); | |||
@@ -402,7 +399,6 @@ int ssl_get_new_session(SSL *s, int session) | |||
return 0; | |||
} | |||
} | |||
#endif | |||
} | |||
else | |||
{ | |||
@@ -741,12 +737,10 @@ void SSL_SESSION_free(SSL_SESSION *ss) | |||
ss->tlsext_ellipticcurvelist_length = 0; | |||
if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); | |||
#endif /* OPENSSL_NO_EC */ | |||
#ifndef OPENSSL_NO_PSK | |||
if (ss->psk_identity_hint != NULL) | |||
OPENSSL_free(ss->psk_identity_hint); | |||
if (ss->psk_identity != NULL) | |||
OPENSSL_free(ss->psk_identity); | |||
#endif | |||
OPENSSL_cleanse(ss,sizeof(*ss)); | |||
OPENSSL_free(ss); | |||
} | |||
@@ -168,12 +168,10 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | |||
{ | |||
if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err; | |||
} | |||
#ifndef OPENSSL_NO_PSK | |||
if (BIO_puts(bp,"\n PSK identity: ") <= 0) goto err; | |||
if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err; | |||
if (BIO_puts(bp,"\n PSK identity hint: ") <= 0) goto err; | |||
if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err; | |||
#endif | |||
if (x->tlsext_tick_lifetime_hint) | |||
{ | |||
if (BIO_printf(bp, | |||
@@ -1117,14 +1117,12 @@ void ssl_set_client_disabled(SSL *s) | |||
c->mask_a |= SSL_aECDSA; | |||
c->mask_k |= SSL_kECDHe; | |||
} | |||
#ifndef OPENSSL_NO_PSK | |||
/* with PSK there must be client callback set */ | |||
if (!s->psk_client_callback) | |||
{ | |||
c->mask_a |= SSL_aPSK; | |||
c->mask_k |= SSL_kPSK; | |||
} | |||
#endif /* OPENSSL_NO_PSK */ | |||
c->valid = 1; | |||
} | |||