projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Remove all RFC5878 code.
[openssl.git] / ssl / s3_clnt.c
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index d0094008918116806a2237b725e5f4e3ea232b50..9a94de00d8492a292995a90b3f0c45b1fe85e087 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -318,26 +318,11 @@ int ssl3_connect(SSL *s)
                                }
                        s->init_num=0;
                        break;
                                }
                        s->init_num=0;
                        break;
-#ifndef OPENSSL_NO_TLSEXT
-               case SSL3_ST_CR_SUPPLEMENTAL_DATA_A:
-               case SSL3_ST_CR_SUPPLEMENTAL_DATA_B:
-                       ret = tls1_get_server_supplemental_data(s);
-                       if (ret <= 0) goto end;
-                       s->state=SSL3_ST_CR_CERT_A;
-                       s->init_num = 0;
-                       break;
-#endif
                case SSL3_ST_CR_CERT_A:
                case SSL3_ST_CR_CERT_B:
 #ifndef OPENSSL_NO_TLSEXT
                        ret=ssl3_check_finished(s);
                        if (ret <= 0) goto end;
                case SSL3_ST_CR_CERT_A:
                case SSL3_ST_CR_CERT_B:
 #ifndef OPENSSL_NO_TLSEXT
                        ret=ssl3_check_finished(s);
                        if (ret <= 0) goto end;
-                       if (ret == 3)
-                               {
-                               s->state=SSL3_ST_CR_SUPPLEMENTAL_DATA_A;
-                               s->init_num=0;
-                               break;
-                               }
                        if (ret == 2)
                                {
                                s->hit = 1;
                        if (ret == 2)
                                {
                                s->hit = 1;
@@ -416,14 +401,10 @@ int ssl3_connect(SSL *s)
                                        }
                                }
 #endif
                                        }
                                }
 #endif
-#ifndef OPENSSL_NO_TLSEXT
-                       s->state=SSL3_ST_CW_SUPPLEMENTAL_DATA_A;
-#else
                        if (s->s3->tmp.cert_req)
                                s->state=SSL3_ST_CW_CERT_A;
                        else
                                s->state=SSL3_ST_CW_KEY_EXCH_A;
                        if (s->s3->tmp.cert_req)
                                s->state=SSL3_ST_CW_CERT_A;
                        else
                                s->state=SSL3_ST_CW_KEY_EXCH_A;
-#endif
                        s->init_num=0;
 
                        break;
                        s->init_num=0;
 
                        break;
@@ -530,19 +511,6 @@ int ssl3_connect(SSL *s)
                        break;
 #endif
 
                        break;
 #endif
 
-#ifndef OPENSSL_NO_TLSEXT
-               case SSL3_ST_CW_SUPPLEMENTAL_DATA_A:
-               case SSL3_ST_CW_SUPPLEMENTAL_DATA_B:
-                       ret = tls1_send_client_supplemental_data(s, &skip);
-                       if (ret <= 0) goto end;
-                       if (s->s3->tmp.cert_req)
-                               s->state=SSL3_ST_CW_CERT_A;
-                       else
-                               s->state=SSL3_ST_CW_KEY_EXCH_A;
-                       s->init_num=0;
-                       break;
-#endif
-
                case SSL3_ST_CW_FINISHED_A:
                case SSL3_ST_CW_FINISHED_B:
                        ret=ssl3_send_finished(s,
                case SSL3_ST_CW_FINISHED_A:
                case SSL3_ST_CW_FINISHED_B:
                        ret=ssl3_send_finished(s,
@@ -3611,10 +3579,11 @@ int ssl3_check_finished(SSL *s)
        int ok;
        long n;
 
        int ok;
        long n;
 
-       /* Read the message to see if it is supplemental data,
-        * regardless if there is a session ticket this function is
-        * called when we really expect a Certificate message, so
-        * permit appropriate message length */
+       /* If we have no ticket it cannot be a resumed session. */
+       if (!s->session->tlsext_tick)
+               return 1;
+       /* this function is called when we really expect a Certificate
+        * message, so permit appropriate message length */
        n=s->method->ssl_get_message(s,
                SSL3_ST_CR_CERT_A,
                SSL3_ST_CR_CERT_B,
        n=s->method->ssl_get_message(s,
                SSL3_ST_CR_CERT_A,
                SSL3_ST_CR_CERT_B,
@@ -3624,11 +3593,6 @@ int ssl3_check_finished(SSL *s)
        if (!ok) return((int)n);
        s->s3->tmp.reuse_message = 1;
 
        if (!ok) return((int)n);
        s->s3->tmp.reuse_message = 1;
 
-       if (s->s3->tmp.message_type == SSL3_MT_SUPPLEMENTAL_DATA)
-               return 3;
-       /* If we have no ticket it cannot be a resumed session. */
-       if (!s->session->tlsext_tick)
-               return 1;
        if ((s->s3->tmp.message_type == SSL3_MT_FINISHED)
                || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
                return 2;
        if ((s->s3->tmp.message_type == SSL3_MT_FINISHED)
                || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
                return 2;
@@ -3654,155 +3618,3 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
                i = s->ctx->client_cert_cb(s,px509,ppkey);
        return i;
        }
                i = s->ctx->client_cert_cb(s,px509,ppkey);
        return i;
        }
-
-#ifndef OPENSSL_NO_TLSEXT
-int tls1_send_client_supplemental_data(SSL *s, int *skip)
-       {
-       int al = 0;
-       if (s->ctx->cli_supp_data_records_count)
-               {
-               unsigned char *p = NULL;
-               unsigned char *size_loc = NULL;
-               cli_supp_data_record *record = NULL;
-               size_t length = 0;
-               size_t i = 0;
-
-               for (i = 0; i < s->ctx->cli_supp_data_records_count; i++)
-                       {
-                       const unsigned char *out = NULL;
-                       unsigned short outlen = 0;
-                       int cb_retval = 0;
-                       record = &s->ctx->cli_supp_data_records[i];
-
-                       /* NULL callback or -1 omits supp data entry*/
-                       if (!record->fn2)
-                               continue;
-                       cb_retval = record->fn2(s, record->supp_data_type,
-                                               &out, &outlen, &al,
-                                               record->arg);
-                       if (cb_retval == -1)
-                               continue; /* skip this supp data entry */
-                       if (cb_retval == 0)
-                               {
-                               SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
-                               goto f_err;
-                               }
-                       if (outlen == 0 || TLSEXT_MAXLEN_supplemental_data < outlen + 4 + length)
-                               {
-                               SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
-                               return 0;
-                               }
-                       /* if first entry, write handshake message type */
-                       if (length == 0)
-                               {
-                               if (!BUF_MEM_grow_clean(s->init_buf, 4))
-                                       {
-                                       SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
-                                       return 0;
-                                       }
-                               p = (unsigned char *)s->init_buf->data;
-                               *(p++) = SSL3_MT_SUPPLEMENTAL_DATA;
-                               /* update message length when all
-                                * callbacks complete */
-                               size_loc = p;
-                               /* skip over handshake length field (3
-                                * bytes) and supp_data length field
-                                * (3 bytes) */
-                               p += 3 + 3;
-                               length += 1 +3 +3;
-                               }
-                       if (!BUF_MEM_grow(s->init_buf, outlen + 4))
-                               {
-                               SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
-                               return 0;
-                               }
-                       s2n(record->supp_data_type, p);
-                       s2n(outlen, p);
-                       memcpy(p, out, outlen);
-                       length += (outlen + 4);
-                       p += outlen;
-                       }
-               if (length > 0)
-                       {
-                       /* write handshake length */
-                       l2n3(length - 4, size_loc);
-                       /* supp_data length */
-                       l2n3(length - 7, size_loc);
-                       s->state = SSL3_ST_CW_SUPPLEMENTAL_DATA_B;
-                       s->init_num = length;
-                       s->init_off = 0;
-                       return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
-                       }
-               }
-
-       /* no supp data message sent */
-       *skip = 1;
-       s->init_num = 0;
-       s->init_off = 0;
-       return 1;
-
-       f_err:
-       ssl3_send_alert(s,SSL3_AL_FATAL,al);
-       return 0;
-       }
-
-int tls1_get_server_supplemental_data(SSL *s)
-       {
-       int al = 0;
-       int ok;
-       long n;
-       const unsigned char *p, *d;
-       unsigned short supp_data_entry_type = 0;
-       unsigned short supp_data_entry_len = 0;
-       unsigned long supp_data_len = 0;
-       size_t i;
-       int cb_retval = 0;
-
-       n=s->method->ssl_get_message(s,
-                                    SSL3_ST_CR_SUPPLEMENTAL_DATA_A,
-                                    SSL3_ST_CR_SUPPLEMENTAL_DATA_B,
-                                    SSL3_MT_SUPPLEMENTAL_DATA,
-                                    /* use default limit */
-                                    TLSEXT_MAXLEN_supplemental_data,
-                                    &ok);
-
-       if (!ok) return((int)n);
-
-       p = (unsigned char *)s->init_msg;
-       d = p;
-       /* The message cannot be empty */
-       if (n < 3)
-               {
-               al = SSL_AD_DECODE_ERROR;
-               SSLerr(SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA,SSL_R_LENGTH_MISMATCH);
-               goto f_err;
-               }
-       n2l3(p, supp_data_len);
-       while (p < d+supp_data_len)
-               {
-               n2s(p, supp_data_entry_type);
-               n2s(p, supp_data_entry_len);
-               /* if there is a callback for this supp data type, send it */
-               for (i=0; i < s->ctx->cli_supp_data_records_count; i++)
-                       {
-                       if (s->ctx->cli_supp_data_records[i].supp_data_type == supp_data_entry_type &&
-                           s->ctx->cli_supp_data_records[i].fn1)
-                               {
-                               cb_retval = s->ctx->cli_supp_data_records[i].fn1(s, supp_data_entry_type, p,
-                                                                                supp_data_entry_len, &al,
-                                                                                s->ctx->cli_supp_data_records[i].arg);
-                               if (cb_retval == 0)
-                                       {
-                                       SSLerr(SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA, ERR_R_SSL_LIB);
-                                       goto f_err;
-                                       }
-                               }
-                       }
-               p += supp_data_entry_len;
-               }
-       return 1;
-f_err:
-       ssl3_send_alert(s,SSL3_AL_FATAL,al);
-       return -1;
-       }
-#endif
Unnamed repository; edit this file 'description' to name the repository.