diff options
| author | Ted Unangst <tedu@cvs.openbsd.org> | 2014-05-30 14:30:51 +0000 |
|---|---|---|
| committer | Ted Unangst <tedu@cvs.openbsd.org> | 2014-05-30 14:30:51 +0000 |
| commit | 28e24c3349c41f3177c3bf295104a79089e3b9f8 (patch) | |
| tree | 07801d56965915102c9af1f0a2b1700f4d959d60 /lib | |
| parent | aa1cc81d3d6852fc247169c40d0183c505f71d8f (diff) | |
remove some #if 0 code. we don't need any more reminders that we're using
a not quite appropriate data structure. ok jsing
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/bio_ssl.c | 17 | ||||
| -rw-r--r-- | lib/libssl/d1_both.c | 49 | ||||
| -rw-r--r-- | lib/libssl/d1_clnt.c | 7 | ||||
| -rw-r--r-- | lib/libssl/d1_pkt.c | 146 | ||||
| -rw-r--r-- | lib/libssl/d1_srtp.c | 10 | ||||
| -rw-r--r-- | lib/libssl/d1_srvr.c | 5 | ||||
| -rw-r--r-- | lib/libssl/dtls1.h | 5 | ||||
| -rw-r--r-- | lib/libssl/s23_clnt.c | 7 | ||||
| -rw-r--r-- | lib/libssl/s23_srvr.c | 11 | ||||
| -rw-r--r-- | lib/libssl/s3_clnt.c | 6 | ||||
| -rw-r--r-- | lib/libssl/s3_lib.c | 9 | ||||
| -rw-r--r-- | lib/libssl/s3_pkt.c | 4 | ||||
| -rw-r--r-- | lib/libssl/ssl.h | 10 | ||||
| -rw-r--r-- | lib/libssl/ssl3.h | 16 | ||||
| -rw-r--r-- | lib/libssl/ssl_cert.c | 14 | ||||
| -rw-r--r-- | lib/libssl/ssl_lib.c | 39 | ||||
| -rw-r--r-- | lib/libssl/t1_enc.c | 4 | ||||
| -rw-r--r-- | lib/libssl/t1_lib.c | 36 | ||||
| -rw-r--r-- | lib/libssl/tls1.h | 7 |
19 files changed, 1 insertions, 401 deletions
diff --git a/lib/libssl/bio_ssl.c b/lib/libssl/bio_ssl.c index 8ffbe0a67aa..3cd462e06f2 100644 --- a/lib/libssl/bio_ssl.c +++ b/lib/libssl/bio_ssl.c @@ -152,18 +152,6 @@ ssl_read(BIO *b, char *out, int outl) BIO_clear_retry_flags(b); -#if 0 - if (!SSL_is_init_finished(ssl)) { -/* ret=SSL_do_handshake(ssl); */ - if (ret > 0) { - - outflags = (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); - ret = -1; - goto end; - } - } -#endif -/* if (ret > 0) */ ret = SSL_read(ssl, out, outl); switch (SSL_get_error(ssl, ret)) { @@ -448,12 +436,7 @@ ssl_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_CTRL_SET_CALLBACK: { -#if 0 /* FIXME: Should this be used? -- Richard Levitte */ - SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - ret = -1; -#else ret = 0; -#endif } break; case BIO_CTRL_GET_CALLBACK: diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c index 59987bc1d8a..d62362e69a1 100644 --- a/lib/libssl/d1_both.c +++ b/lib/libssl/d1_both.c @@ -146,14 +146,6 @@ if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \ if (bitmask[ii] != 0xff) { is_complete = 0; break; } } -#if 0 -#define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \ - long ii; \ - printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \ - printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \ - printf("\n"); } -#endif - static unsigned char bitmask_start_values[] = { 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 }; @@ -250,28 +242,6 @@ dtls1_do_write(SSL *s, int type) s->d1->mtu, NULL); } } -#if 0 - mtu = s->d1->mtu; - - fprintf(stderr, "using MTU = %d\n", mtu); - - mtu -= (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH); - - curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s)); - - if (curr_mtu > 0) - mtu = curr_mtu; - else if (( ret = BIO_flush(SSL_get_wbio(s))) <= 0) - return ret; - - if (BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu) { - ret = BIO_flush(SSL_get_wbio(s)); - if (ret <= 0) - return ret; - mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + - DTLS1_RT_HEADER_LENGTH); - } -#endif OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something reasonable now */ @@ -1064,19 +1034,6 @@ dtls1_read_failed(SSL *s, int code) return code; } -#if 0 /* for now, each alert contains only one record number */ - item = pqueue_peek(state->rcvd_records); - if (item ) { - /* send an alert immediately for all the missing records */ - } else -#endif - -#if 0 /* no more alert sending, just retransmit the last set of messages */ - if (state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT) - ssl3_send_alert(s, SSL3_AL_WARNING, - DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); -#endif - return dtls1_handle_timeout(s); } @@ -1172,12 +1129,6 @@ dtls1_buffer_message(SSL *s, int is_ccs) return 0; } -#if 0 - fprintf(stderr, "buffered messge: \ttype = %xx\n", msg_buf->type); - fprintf(stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len); - fprintf(stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num); -#endif - pqueue_insert(s->d1->sent_messages, item); return 1; } diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c index 4b8a11426f2..e8b43f3268f 100644 --- a/lib/libssl/d1_clnt.c +++ b/lib/libssl/d1_clnt.c @@ -703,13 +703,6 @@ dtls1_connect(SSL *s) /* clean a few things up */ ssl3_cleanup_key_block(s); -#if 0 - if (s->init_buf != NULL) { - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; - } -#endif - /* If we are not 'joining' the last two packets, * remove the buffering now */ if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index d2f63b890b7..87916eb7638 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -181,10 +181,6 @@ static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap); static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch); -#if 0 -static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, - unsigned short *priority, unsigned long *offset); -#endif static int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority); static int dtls1_process_record(SSL *s); @@ -323,50 +319,6 @@ dtls1_process_buffered_records(SSL *s) return (1); } - -#if 0 - -static int -dtls1_get_buffered_record(SSL *s) -{ - pitem *item; - PQ_64BIT priority = - (((PQ_64BIT)s->d1->handshake_read_seq) << 32) | - ((PQ_64BIT)s->d1->r_msg_hdr.frag_off); - - if (!SSL_in_init(s)) /* if we're not (re)negotiating, - nothing buffered */ - return 0; - - - item = pqueue_peek(s->d1->rcvd_records); - if (item && item->priority == priority) { - /* Check if we've received the record of interest. It must be - * a handshake record, since data records as passed up without - * buffering */ - DTLS1_RECORD_DATA *rdata; - item = pqueue_pop(s->d1->rcvd_records); - rdata = (DTLS1_RECORD_DATA *)item->data; - - free(s->s3->rbuf.buf); - - s->packet = rdata->packet; - s->packet_length = rdata->packet_length; - memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); - memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); - - free(item->data); - pitem_free(item); - - /* s->d1->next_expected_seq_num++; */ - return (1); - } - - return 0; -} - -#endif - static int dtls1_process_record(SSL *s) { @@ -1069,29 +1021,6 @@ start: s->shutdown |= SSL_RECEIVED_SHUTDOWN; return (0); } -#if 0 - /* XXX: this is a possible improvement in the future */ - /* now check if it's a missing record */ - if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) { - unsigned short seq; - unsigned int frag_off; - unsigned char *p = &(s->d1->alert_fragment[2]); - - n2s(p, seq); - n2l3(p, frag_off); - - dtls1_retransmit_message(s, - dtls1_get_queue_priority(frag->msg_header.seq, 0), - frag_off, &found); - if (!found && SSL_in_init(s)) { - /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */ - /* requested a message not yet sent, - send an alert ourselves */ - ssl3_send_alert(s, SSL3_AL_WARNING, - DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); - } - } -#endif } else if (alert_level == 2) /* fatal */ { s->rwstate = SSL_NOTHING; @@ -1506,13 +1435,6 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) wr->type=type; /* not needed but helps for debugging */ wr->length += DTLS1_RT_HEADER_LENGTH; -#if 0 /* this is now done at the message layer */ - /* buffer the record, making it easy to handle retransmits */ - if (type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC) - dtls1_buffer_record(s, wr->data, wr->length, - *((PQ_64BIT *)&(s->s3->write_sequence[0]))); -#endif - ssl3_record_sequence_update(&(s->s3->write_sequence[0])); /* now let's set up wb */ @@ -1596,16 +1518,6 @@ dtls1_dispatch_alert(SSL *s) #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) { s2n(s->d1->handshake_read_seq, ptr); -#if 0 - if ( s->d1->r_msg_hdr.frag_off == 0) /* waiting for a new msg */ - - else - s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */ -#endif - -#if 0 - fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n", s->d1->handshake_read_seq, s->d1->r_msg_hdr.seq); -#endif l2n3(s->d1->r_msg_hdr.frag_off, ptr); } #endif @@ -1660,64 +1572,6 @@ dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch) return NULL; } -#if 0 -static int -dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, unsigned short *priority, - unsigned long *offset) -{ - - /* alerts are passed up immediately */ - if (rr->type == SSL3_RT_APPLICATION_DATA || rr->type == SSL3_RT_ALERT) - return 0; - - /* Only need to buffer if a handshake is underway. - * (this implies that Hello Request and Client Hello are passed up - * immediately) */ - if (SSL_in_init(s)) { - unsigned char *data = rr->data; - /* need to extract the HM/CCS sequence number here */ - if (rr->type == SSL3_RT_HANDSHAKE || - rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { - unsigned short seq_num; - struct hm_header_st msg_hdr; - struct ccs_header_st ccs_hdr; - - if (rr->type == SSL3_RT_HANDSHAKE) { - dtls1_get_message_header(data, &msg_hdr); - seq_num = msg_hdr.seq; - *offset = msg_hdr.frag_off; - } else { - dtls1_get_ccs_header(data, &ccs_hdr); - seq_num = ccs_hdr.seq; - *offset = 0; - } - - /* this is either a record we're waiting for, or a - * retransmit of something we happened to previously - * receive (higher layers will drop the repeat silently */ - if (seq_num < s->d1->handshake_read_seq) - return 0; - if (rr->type == SSL3_RT_HANDSHAKE && - seq_num == s->d1->handshake_read_seq && - msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off) - return 0; - else if (seq_num == s->d1->handshake_read_seq && - (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC || - msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off)) - return 0; - else { - *priority = seq_num; - return 1; - } - } - else /* unknown record type */ - return 0; - } - - return 0; -} -#endif - void dtls1_reset_seq_numbers(SSL *s, int rw) { diff --git a/lib/libssl/d1_srtp.c b/lib/libssl/d1_srtp.c index 146ce321c8e..f069848b7e4 100644 --- a/lib/libssl/d1_srtp.c +++ b/lib/libssl/d1_srtp.c @@ -133,16 +133,6 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[]= { "SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32, }, -#if 0 - { - "SRTP_NULL_SHA1_80", - SRTP_NULL_SHA1_80, - }, - { - "SRTP_NULL_SHA1_32", - SRTP_NULL_SHA1_32, - }, -#endif {0} }; diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c index 3f872de48b1..368afda77a7 100644 --- a/lib/libssl/d1_srvr.c +++ b/lib/libssl/d1_srvr.c @@ -782,11 +782,6 @@ dtls1_accept(SSL *s) /* clean a few things up */ ssl3_cleanup_key_block(s); -#if 0 - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; -#endif - /* remove buffering on output */ ssl_free_wbio_buffer(s); diff --git a/lib/libssl/dtls1.h b/lib/libssl/dtls1.h index 2fbb815b6dc..b0cf839b788 100644 --- a/lib/libssl/dtls1.h +++ b/lib/libssl/dtls1.h @@ -73,11 +73,6 @@ extern "C" { #define DTLS1_VERSION 0xFEFF #define DTLS1_BAD_VER 0x0100 -#if 0 -/* this alert description is not specified anywhere... */ -#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 -#endif - /* lengths of messages */ #define DTLS1_COOKIE_LENGTH 256 diff --git a/lib/libssl/s23_clnt.c b/lib/libssl/s23_clnt.c index 897ac7efe3b..5361d5bea8f 100644 --- a/lib/libssl/s23_clnt.c +++ b/lib/libssl/s23_clnt.c @@ -351,13 +351,6 @@ ssl23_client_hello(SSL *s) buf = (unsigned char *)s->init_buf->data; if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { -#if 0 - /* don't reuse session-id's */ - if (!ssl_get_new_session(s, 0)) { - return (-1); - } -#endif - p = s->s3->client_random; if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) return -1; diff --git a/lib/libssl/s23_srvr.c b/lib/libssl/s23_srvr.c index 53e06706e35..a6c5d1b8a9c 100644 --- a/lib/libssl/s23_srvr.c +++ b/lib/libssl/s23_srvr.c @@ -490,14 +490,6 @@ ssl23_get_client_hello(SSL *s) *(d++) = 1; *(d++) = 0; -#if 0 - /* copy any remaining data with may be extensions */ - p = p + csl + sil + cl; - while (p < s->packet + s->packet_length) { - *(d++)=*(p++); - } -#endif - i = (d - (unsigned char *)s->init_buf->data) - 4; l2n3((long)i, d_len); @@ -550,9 +542,6 @@ ssl23_get_client_hello(SSL *s) s->method = TLSv1_server_method(); else s->method = SSLv3_server_method(); -#if 0 /* ssl3_get_client_hello does this */ - s->client_version = (v[0]<<8)|v[1]; -#endif s->handshake_func = s->method->ssl_accept; } diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index abe5c5a86b6..bda14069c1c 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -730,14 +730,8 @@ ssl3_client_hello(SSL *s) * client_version in client hello and not resetting it to * the negotiated version. */ -#if 0 - *(p++) = s->version >> 8; - *(p++) = s->version&0xff; - s->client_version = s->version; -#else *(p++) = s->client_version >> 8; *(p++) = s->client_version & 0xff; -#endif /* Random stuff */ memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index da69caa6dd9..477c53b15bc 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -2999,17 +2999,12 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, /* Let's see which ciphers we can support */ cert = s->cert; -#if 0 /* * Do not set the compare functions, because this may lead to a * reordering by "id". We want to keep the original ordering. * We may pay a price in performance during sk_SSL_CIPHER_find(), * but would have to pay with the price of sk_SSL_CIPHER_dup(). */ - sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp); - sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); -#endif - if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { prio = srvr; @@ -3267,9 +3262,7 @@ ssl3_shutdown(SSL *s) if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { s->shutdown|=SSL_SENT_SHUTDOWN; -#if 1 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); -#endif /* * Our shutdown alert has been sent now, and if it still needs * to be written, s->s3->alert_dispatch will be true @@ -3278,7 +3271,6 @@ ssl3_shutdown(SSL *s) return(-1); /* return WANT_WRITE */ } else if (s->s3->alert_dispatch) { /* resend it if not sent */ -#if 1 ret = s->method->ssl_dispatch_alert(s); if (ret == -1) { /* @@ -3289,7 +3281,6 @@ ssl3_shutdown(SSL *s) */ return (ret); } -#endif } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { /* If we are waiting for a close from our peer, we are closed */ s->method->ssl_read_bytes(s, 0, NULL, 0, 0); diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c index b8be8b52558..f8f31f2a4aa 100644 --- a/lib/libssl/s3_pkt.c +++ b/lib/libssl/s3_pkt.c @@ -645,11 +645,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, if ((sess == NULL) || (s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL)) { -#if 1 clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */ -#else - clear = 1; -#endif mac_size = 0; } else { mac_size = EVP_MD_CTX_size(s->write_hash); diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index ac2030a0a5e..45968ce16ab 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -827,11 +827,6 @@ struct ssl_ctx_st { X509_VERIFY_PARAM *param; -#if 0 - int purpose; /* Purpose setting */ - int trust; /* Trust setting */ -#endif - int quiet_shutdown; /* Maximum amount of data to send in one fragment. @@ -1109,11 +1104,6 @@ struct ssl_st { X509_VERIFY_PARAM *param; -#if 0 - int purpose; /* Purpose setting */ - int trust; /* Trust setting */ -#endif - /* crypto */ STACK_OF(SSL_CIPHER) *cipher_list; STACK_OF(SSL_CIPHER) *cipher_list_by_id; diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h index 2840b1320fa..8633dae5217 100644 --- a/lib/libssl/ssl3.h +++ b/lib/libssl/ssl3.h @@ -162,16 +162,6 @@ extern "C" { #define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A #define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B -#if 0 -#define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C -#define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D -#if 0 /* Because it clashes with KRB5, is never used any more, and is safe - to remove according to David Hopwood <david.hopwood@zetnet.co.uk> - of the ietf-tls list */ -#define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E -#endif -#endif - /* VRS Additional Kerberos5 entries */ #define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E @@ -221,12 +211,6 @@ extern "C" { #define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" #define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" -#if 0 -#define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" -#define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" -#define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" -#endif - #define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" #define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" #define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c index c4099ca24fa..3a16644cf40 100644 --- a/lib/libssl/ssl_cert.c +++ b/lib/libssl/ssl_cert.c @@ -340,10 +340,6 @@ ssl_cert_free(CERT *c) X509_free(c->pkeys[i].x509); if (c->pkeys[i].privatekey != NULL) EVP_PKEY_free(c->pkeys[i].privatekey); -#if 0 - if (c->pkeys[i].publickey != NULL) - EVP_PKEY_free(c->pkeys[i].publickey); -#endif } free(c); } @@ -409,12 +405,6 @@ ssl_sess_cert_free(SESS_CERT *sc) for (i = 0; i < SSL_PKEY_NUM; i++) { if (sc->peer_pkeys[i].x509 != NULL) X509_free(sc->peer_pkeys[i].x509); -#if 0 /* We don't have the peer's private key. These lines are just - * here as a reminder that we're still using a not-quite-appropriate - * data structure. */ - if (sc->peer_pkeys[i].privatekey != NULL) - EVP_PKEY_free(sc->peer_pkeys[i].privatekey); -#endif } if (sc->peer_rsa_tmp != NULL) @@ -449,10 +439,6 @@ ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB); return (0); } -#if 0 - if (SSL_get_verify_depth(s) >= 0) - X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); -#endif X509_STORE_CTX_set_ex_data(&ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s); /* We need to inherit the verify parameters. These can be determined by diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index e3b67817ccc..94792c6d515 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -215,9 +215,6 @@ SSL_clear(SSL *s) s->client_version = s->version; s->rwstate = SSL_NOTHING; s->rstate = SSL_ST_READ_HEADER; -#if 0 - s->read_ahead = s->ctx->read_ahead; -#endif if (s->init_buf != NULL) { BUF_MEM_free(s->init_buf); @@ -230,7 +227,6 @@ SSL_clear(SSL *s) s->first_packet = 0; -#if 1 /* * Check to see if we were changed into a different method, if * so, revert back if we are not doing session-id reuse. @@ -242,7 +238,6 @@ SSL_clear(SSL *s) if (!s->method->ssl_new(s)) return (0); } else -#endif s->method->ssl_clear(s); return (1); } @@ -312,9 +307,6 @@ SSL_new(SSL_CTX *ctx) s->msg_callback = ctx->msg_callback; s->msg_callback_arg = ctx->msg_callback_arg; s->verify_mode = ctx->verify_mode; -#if 0 - s->verify_depth = ctx->verify_depth; -#endif s->sid_ctx_length = ctx->sid_ctx_length; OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); @@ -325,10 +317,6 @@ SSL_new(SSL_CTX *ctx) if (!s->param) goto err; X509_VERIFY_PARAM_inherit(s->param, ctx->param); -#if 0 - s->purpose = ctx->purpose; - s->trust = ctx->trust; -#endif s->quiet_shutdown = ctx->quiet_shutdown; s->max_send_fragment = ctx->max_send_fragment; @@ -1766,9 +1754,6 @@ SSL_CTX_new(const SSL_METHOD *meth) ret->msg_callback = 0; ret->msg_callback_arg = NULL; ret->verify_mode = SSL_VERIFY_NONE; -#if 0 - ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ -#endif ret->sid_ctx_length = 0; ret->default_verify_callback = NULL; if ((ret->cert = ssl_cert_new()) == NULL) @@ -1881,14 +1866,6 @@ err2: return (NULL); } -#if 0 -static void -SSL_COMP_free(SSL_COMP *comp) -{ - free(comp); -} -#endif - void SSL_CTX_free(SSL_CTX *a) { @@ -1933,12 +1910,8 @@ SSL_CTX_free(SSL_CTX *a) sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); if (a->extra_certs != NULL) sk_X509_pop_free(a->extra_certs, X509_free); -#if 0 /* This should never be done, since it removes a global database */ - if (a->comp_methods != NULL) - sk_SSL_COMP_pop_free(a->comp_methods, SSL_COMP_free); -#else + /* Don't free, since it removes a global database */ a->comp_methods = NULL; -#endif #ifndef OPENSSL_NO_SRTP if (a->srtp_profiles) @@ -2056,16 +2029,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc))) emask_k|=SSL_kRSA; -#if 0 - /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ - if ((dh_tmp || dh_rsa || dh_dsa) && - (rsa_enc || rsa_sign || dsa_sign)) - mask_k|=SSL_kEDH; - if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && - (rsa_enc || rsa_sign || dsa_sign)) - emask_k|=SSL_kEDH; -#endif - if (dh_tmp_export) emask_k|=SSL_kEDH; diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index 9d47bde6c6b..96c28e14cfb 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -1108,10 +1108,6 @@ tls1_alert_code(int code) return (TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); case SSL_AD_UNKNOWN_PSK_IDENTITY: return (TLS1_AD_UNKNOWN_PSK_IDENTITY); -#if 0 /* not appropriate for TLS, not used for DTLS */ - case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE : return - (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); -#endif default: return (-1); } diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index fa70f21f95a..5ad69f5ce99 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -998,9 +998,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, if (data + size > (d + n)) goto ri_check; -#if 0 - fprintf(stderr, "Received extension type %d size %d\n", type, size); -#endif if (s->tlsext_debug_cb) s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_arg); @@ -1124,13 +1121,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); } -#if 0 - fprintf(stderr, "ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length); - sdata = s->session->tlsext_ecpointformatlist; - for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) - fprintf(stderr, "%i ", *(sdata++)); - fprintf(stderr, "\n"); -#endif } else if (type == TLSEXT_TYPE_elliptic_curves && s->version != DTLS1_VERSION) { unsigned char *sdata = data; @@ -1156,13 +1146,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length; memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); } -#if 0 - fprintf(stderr, "ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length); - sdata = s->session->tlsext_ellipticcurvelist; - for (i = 0; i < s->session->tlsext_ellipticcurvelist_length; i++) - fprintf(stderr, "%i ", *(sdata++)); - fprintf(stderr, "\n"); -#endif } #endif /* OPENSSL_NO_EC */ #ifdef TLSEXT_TYPE_opaque_prf_input @@ -1451,13 +1434,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, } s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); -#if 0 - fprintf(stderr, "ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist "); - sdata = s->session->tlsext_ecpointformatlist; - for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) - fprintf(stderr, "%i ", *(sdata++)); - fprintf(stderr, "\n"); -#endif } #endif /* OPENSSL_NO_EC */ else if (type == TLSEXT_TYPE_session_ticket) { @@ -2230,18 +2206,6 @@ tls12_find_id(int nid, tls12_lookup *table, size_t tlen) } return -1; } -#if 0 -static int -tls12_find_nid(int id, tls12_lookup *table, size_t tlen) -{ - size_t i; - for (i = 0; i < tlen; i++) { - if (table[i].id == id) - return table[i].nid; - } - return -1; -} -#endif int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md) diff --git a/lib/libssl/tls1.h b/lib/libssl/tls1.h index e05168cffe1..400deca6d4f 100644 --- a/lib/libssl/tls1.h +++ b/lib/libssl/tls1.h @@ -239,13 +239,6 @@ extern "C" { /* ExtensionType value from RFC4507 */ #define TLSEXT_TYPE_session_ticket 35 -/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */ -#if 0 /* will have to be provided externally for now , - * i.e. build with - DTLSEXT_TYPE_opaque_prf_input = 38183 - * using whatever extension number you'd like to try */ -# define TLSEXT_TYPE_opaque_prf_input ?? */ -#endif - /* Temporary extension type */ #define TLSEXT_TYPE_renegotiate 0xff01 |