Remove support for the `opaque PRF input' extension, which draft has expired

7 years ago and never made it into an RFC. That code wasn't compiled in
anyway unless one would define the actual on-the-wire extension id bytes;
crank libssl major.

With help and enlightenment from Brendan MacDonell.

1 files changed, 1 insertions, 18 deletions

diff --git a/lib/libssl/src/ssl/t1_enc.c b/lib/libssl/src/ssl/t1_enc.c
index 304898aeb8b..6d2e21c4125 100644
--- a/lib/libssl/src/ssl/t1_enc.c
+++ b/lib/libssl/src/ssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.54 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.55 2014/06/13 04:29:13 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -998,23 +998,6 @@ tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
 	const void *co = NULL, *so = NULL;
 	int col = 0, sol = 0;
 
-#ifdef TLSEXT_TYPE_opaque_prf_input
-	if (s->s3->client_opaque_prf_input != NULL &&
-	    s->s3->server_opaque_prf_input != NULL &&
-	    s->s3->client_opaque_prf_input_len > 0 &&
-	    s->s3->client_opaque_prf_input_len ==
-	    s->s3->server_opaque_prf_input_len) {
-		/*
-		 * sol must be same as col - see section 3.1 of
-		 * draft-rescorla-tls-opaque-prf-input-00.txt.
-		 */
-		co = s->s3->client_opaque_prf_input;
-		col = s->s3->server_opaque_prf_input_len;
-		so = s->s3->server_opaque_prf_input;
-		sol = s->s3->client_opaque_prf_input_len;
-	}
-#endif
-
 	tls1_PRF(ssl_get_algorithm2(s),
 	    TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
 	    s->s3->client_random, SSL3_RANDOM_SIZE, co, col,