Remove opaque_prf_input extension. This code doesn't even get built unless you go out of your way to pass an extension value at build time. Change-Id: I92ffcdfb18505c96e5ef390c8954a54cee19967f Reviewed-on: https://boringssl-review.googlesource.com/1063 Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 6d3f18e..6e5b1a5 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c
@@ -341,10 +341,6 @@ ssl2_compat = 0; if (s->tlsext_status_type != -1) ssl2_compat = 0; -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL) - ssl2_compat = 0; -#endif if (s->ctx->tlsext_authz_server_audit_proof_cb != NULL) ssl2_compat = 0; }
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index a39b64c..a674e72 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c
@@ -2697,13 +2697,6 @@ if(s == NULL) return; -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->client_opaque_prf_input != NULL) - OPENSSL_free(s->s3->client_opaque_prf_input); - if (s->s3->server_opaque_prf_input != NULL) - OPENSSL_free(s->s3->server_opaque_prf_input); -#endif - ssl3_cleanup_key_block(s); if (s->s3->rbuf.buf != NULL) ssl3_release_read_buffer(s); @@ -2744,15 +2737,6 @@ size_t rlen, wlen; int init_extra; -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->client_opaque_prf_input != NULL) - OPENSSL_free(s->s3->client_opaque_prf_input); - s->s3->client_opaque_prf_input = NULL; - if (s->s3->server_opaque_prf_input != NULL) - OPENSSL_free(s->s3->server_opaque_prf_input); - s->s3->server_opaque_prf_input = NULL; -#endif - ssl3_cleanup_key_block(s); if (s->s3->tmp.ca_names != NULL) sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); @@ -3018,30 +3002,6 @@ ret = 1; break; -#ifdef TLSEXT_TYPE_opaque_prf_input - case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT: - if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message - * (including the cert chain and everything) */ - { - OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); - break; - } - if (s->tlsext_opaque_prf_input != NULL) - OPENSSL_free(s->tlsext_opaque_prf_input); - if ((size_t)larg == 0) - s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ - else - s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg); - if (s->tlsext_opaque_prf_input != NULL) - { - s->tlsext_opaque_prf_input_len = (size_t)larg; - ret = 1; - } - else - s->tlsext_opaque_prf_input_len = 0; - break; -#endif - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: s->tlsext_status_type=larg; ret = 1; @@ -3501,12 +3461,6 @@ return 1; } -#ifdef TLSEXT_TYPE_opaque_prf_input - case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG: - ctx->tlsext_opaque_prf_input_callback_arg = parg; - return 1; -#endif - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: ctx->tlsext_status_arg=parg; return 1; @@ -3651,12 +3605,6 @@ ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; break; -#ifdef TLSEXT_TYPE_opaque_prf_input - case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB: - ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp; - break; -#endif - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp; break;
diff --git a/ssl/ssl.h b/ssl/ssl.h index 5b8b526..2afa462 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h
@@ -1060,10 +1060,6 @@ /* Callback for status request */ int (*tlsext_status_cb)(SSL *ssl, void *arg); void *tlsext_status_arg; - - /* draft-rescorla-tls-opaque-prf-input-00.txt information */ - int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg); - void *tlsext_opaque_prf_input_callback_arg; #endif #ifndef OPENSSL_NO_PSK @@ -1503,10 +1499,6 @@ unsigned char *tlsext_ellipticcurvelist; /* our list */ #endif /* OPENSSL_NO_EC */ - /* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */ - void *tlsext_opaque_prf_input; - size_t tlsext_opaque_prf_input_len; - /* TLS Session Ticket extension override */ TLS_SESSION_TICKET_EXT *tlsext_session_ticket; @@ -1787,9 +1779,6 @@ #define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 #define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 #define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 -#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 -#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 -#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 4b7834b..9fc8b18 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h
@@ -481,14 +481,6 @@ int in_read_app_data; - /* Opaque PRF input as used for the current handshake. - * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined - * (otherwise, they are merely present to improve binary compatibility) */ - void *client_opaque_prf_input; - size_t client_opaque_prf_input_len; - void *server_opaque_prf_input; - size_t server_opaque_prf_input_len; - struct { /* actually only needs to be 16+20 */ unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index f5e49d0..09efe85 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c
@@ -680,7 +680,6 @@ if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist); if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist); #endif /* OPENSSL_NO_EC */ - if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input); if (s->tlsext_ocsp_exts) sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free);
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 9b5c9f0..a995a49 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c
@@ -1304,18 +1304,6 @@ printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len); #endif /* KSSL_DEBUG */ -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->client_opaque_prf_input != NULL && s->s3->server_opaque_prf_input != NULL && - s->s3->client_opaque_prf_input_len > 0 && - s->s3->client_opaque_prf_input_len == s->s3->server_opaque_prf_input_len) - { - co = s->s3->client_opaque_prf_input; - col = s->s3->server_opaque_prf_input_len; - so = s->s3->server_opaque_prf_input; - sol = s->s3->client_opaque_prf_input_len; /* must be same as col (see draft-rescorla-tls-opaque-prf-input-00.txt, section 3.1) */ - } -#endif - tls1_PRF(ssl_get_algorithm2(s), TLS_MD_MASTER_SECRET_CONST,TLS_MD_MASTER_SECRET_CONST_SIZE, s->s3->client_random,SSL3_RANDOM_SIZE,
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index fe0c177..fabb97b 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c
@@ -1391,24 +1391,6 @@ ret += salglen; } -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->client_opaque_prf_input != NULL) - { - size_t col = s->s3->client_opaque_prf_input_len; - - if ((long)(limit - ret - 6 - col < 0)) - return NULL; - if (col > 0xFFFD) /* can't happen */ - return NULL; - - s2n(TLSEXT_TYPE_opaque_prf_input, ret); - s2n(col + 2, ret); - s2n(col, ret); - memcpy(ret, s->s3->client_opaque_prf_input, col); - ret += col; - } -#endif - /* TODO(fork): we probably want OCSP stapling, but it currently pulls in a lot of code. */ #if 0 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) @@ -1720,24 +1702,6 @@ s2n(0,ret); } -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->server_opaque_prf_input != NULL) - { - size_t sol = s->s3->server_opaque_prf_input_len; - - if ((long)(limit - ret - 6 - sol) < 0) - return NULL; - if (sol > 0xFFFD) /* can't happen */ - return NULL; - - s2n(TLSEXT_TYPE_opaque_prf_input, ret); - s2n(sol + 2, ret); - s2n(sol, ret); - memcpy(ret, s->s3->server_opaque_prf_input, sol); - ret += sol; - } -#endif - if(s->srtp_profile) { int el; @@ -2285,36 +2249,6 @@ #endif } #endif /* OPENSSL_NO_EC */ -#ifdef TLSEXT_TYPE_opaque_prf_input - else if (type == TLSEXT_TYPE_opaque_prf_input) - { - unsigned char *sdata = data; - - if (size < 2) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - n2s(sdata, s->s3->client_opaque_prf_input_len); - if (s->s3->client_opaque_prf_input_len != size - 2) - { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - - if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ - OPENSSL_free(s->s3->client_opaque_prf_input); - if (s->s3->client_opaque_prf_input_len == 0) - s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ - else - s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len); - if (s->s3->client_opaque_prf_input == NULL) - { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - } -#endif else if (type == TLSEXT_TYPE_session_ticket) { if (s->tls_session_ticket_ext_cb && @@ -2754,27 +2688,6 @@ s->tlsext_ticket_expected = 1; } -#ifdef TLSEXT_TYPE_opaque_prf_input - else if (type == TLSEXT_TYPE_opaque_prf_input) - { - CBS opaque_prf_input_value; - - if (!CBS_get_u16_length_prefixed(&extension, &opaque_prf_input_value) || - CBS_len(&extension) != 0) - { - *out_alert = SSL_AD_DECODE_ERROR; - return 0; - } - - if (!CBS_stow(&opaque_prf_input_value, - &s->s3->server_opaque_prf_input, - &s->s3->server_opaque_prf_input_len)) - { - *out_alert = SSL_AD_INTERNAL_ERROR; - return 0; - } - } -#endif else if (type == TLSEXT_TYPE_status_request) { /* The extension MUST be empty and may only sent if @@ -2973,41 +2886,6 @@ int ssl_prepare_clienthello_tlsext(SSL *s) { - -#ifdef TLSEXT_TYPE_opaque_prf_input - { - int r = 1; - - if (s->ctx->tlsext_opaque_prf_input_callback != 0) - { - r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg); - if (!r) - return -1; - } - - if (s->tlsext_opaque_prf_input != NULL) - { - if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ - OPENSSL_free(s->s3->client_opaque_prf_input); - - if (s->tlsext_opaque_prf_input_len == 0) - s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ - else - s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len); - if (s->s3->client_opaque_prf_input == NULL) - { - OPENSSL_PUT_ERROR(SSL, ssl_add_serverhello_tlsext, ERR_R_MALLOC_FAILURE); - return -1; - } - s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; - } - - if (r == 2) - /* at callback's request, insist on receiving an appropriate server opaque PRF input */ - s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; - } -#endif - return 1; } @@ -3035,65 +2913,6 @@ else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); -#ifdef TLSEXT_TYPE_opaque_prf_input - { - /* This sort of belongs into ssl_prepare_serverhello_tlsext(), - * but we might be sending an alert in response to the client hello, - * so this has to happen here in - * ssl_check_clienthello_tlsext_early(). */ - - int r = 1; - - if (s->ctx->tlsext_opaque_prf_input_callback != 0) - { - r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg); - if (!r) - { - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_INTERNAL_ERROR; - goto err; - } - } - - if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ - OPENSSL_free(s->s3->server_opaque_prf_input); - s->s3->server_opaque_prf_input = NULL; - - if (s->tlsext_opaque_prf_input != NULL) - { - if (s->s3->client_opaque_prf_input != NULL && - s->s3->client_opaque_prf_input_len == s->tlsext_opaque_prf_input_len) - { - /* can only use this extension if we have a server opaque PRF input - * of the same length as the client opaque PRF input! */ - - if (s->tlsext_opaque_prf_input_len == 0) - s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ - else - s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len); - if (s->s3->server_opaque_prf_input == NULL) - { - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_INTERNAL_ERROR; - goto err; - } - s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; - } - } - - if (r == 2 && s->s3->server_opaque_prf_input == NULL) - { - /* The callback wants to enforce use of the extension, - * but we can't do that with the client opaque PRF input; - * abort the handshake. - */ - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_HANDSHAKE_FAILURE; - } - } - - err: -#endif switch (ret) { case SSL_TLSEXT_ERR_ALERT_FATAL: @@ -3219,29 +3038,6 @@ else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->server_opaque_prf_input_len > 0) - { - /* This case may indicate that we, as a client, want to insist on using opaque PRF inputs. - * So first verify that we really have a value from the server too. */ - - if (s->s3->server_opaque_prf_input == NULL) - { - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_HANDSHAKE_FAILURE; - } - - /* Anytime the server *has* sent an opaque PRF input, we need to check - * that we have a client opaque PRF input of the same size. */ - if (s->s3->client_opaque_prf_input == NULL || - s->s3->client_opaque_prf_input_len != s->s3->server_opaque_prf_input_len) - { - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_ILLEGAL_PARAMETER; - } - } -#endif - /* If we've requested certificate status and we wont get one * tell the callback */
diff --git a/ssl/tls1.h b/ssl/tls1.h index 3afe454..c415cd2 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h
@@ -243,13 +243,6 @@ /* ExtensionType value from RFC4507 */ #define TLSEXT_TYPE_session_ticket 35 -/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */ -#if 0 /* will have to be provided externally for now , - * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183 - * using whatever extension number you'd like to try */ -# define TLSEXT_TYPE_opaque_prf_input ?? */ -#endif - /* Temporary extension type */ #define TLSEXT_TYPE_renegotiate 0xff01 @@ -391,13 +384,6 @@ #define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) -#define SSL_set_tlsext_opaque_prf_input(s, src, len) \ -SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src) -#define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \ -SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb) -#define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \ -SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg) - #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)