1 files changed, 0 insertions, 134 deletions

diff --git a/lib/libssl/src/ssl/d1_clnt.c b/lib/libssl/src/ssl/d1_clnt.c
index 38118b13852..8967879f70b 100644
--- a/lib/libssl/src/ssl/d1_clnt.c
+++ b/lib/libssl/src/ssl/d1_clnt.c
@@ -115,9 +115,6 @@
 
 #include <stdio.h>
 #include "ssl_locl.h"
-#ifndef OPENSSL_NO_KRB5
-#include "kssl_lcl.h"
-#endif
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
@@ -926,9 +923,6 @@ dtls1_send_client_key_exchange(SSL *s)
 	unsigned long alg_k;
 	unsigned char *q;
 	EVP_PKEY *pkey = NULL;
-#ifndef OPENSSL_NO_KRB5
-	KSSL_ERR kssl_err;
-#endif /* OPENSSL_NO_KRB5 */
 #ifndef OPENSSL_NO_ECDH
 	EC_KEY *clnt_ecdh = NULL;
 	const EC_POINT *srvr_ecpoint = NULL;
@@ -992,134 +986,6 @@ dtls1_send_client_key_exchange(SSL *s)
 			tmp_buf, sizeof tmp_buf);
 			OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
 		}
-#ifndef OPENSSL_NO_KRB5
-		else if (alg_k & SSL_kKRB5) {
-			krb5_error_code	krb5rc;
-			KSSL_CTX	*kssl_ctx = s->kssl_ctx;
-			/*  krb5_data	krb5_ap_req;  */
-			krb5_data	*enc_ticket;
-			krb5_data	authenticator, *authp = NULL;
-			EVP_CIPHER_CTX	ciph_ctx;
-			const EVP_CIPHER *enc = NULL;
-			unsigned char	iv[EVP_MAX_IV_LENGTH];
-			unsigned char	tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-			unsigned char	epms[SSL_MAX_MASTER_KEY_LENGTH
-			+ EVP_MAX_IV_LENGTH];
-			int 		padl, outl = sizeof(epms);
-
-			EVP_CIPHER_CTX_init(&ciph_ctx);
-
-#ifdef KSSL_DEBUG
-			printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
-			alg_k, SSL_kKRB5);
-#endif	/* KSSL_DEBUG */
-
-			authp = NULL;
-#ifdef KRB5SENDAUTH
-			if (KRB5SENDAUTH)
-				authp = &authenticator;
-#endif	/* KRB5SENDAUTH */
-
-			krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
-			&kssl_err);
-			enc = kssl_map_enc(kssl_ctx->enctype);
-			if (enc == NULL)
-				goto err;
-#ifdef KSSL_DEBUG
-			{
-				printf("kssl_cget_tkt rtn %d\n", krb5rc);
-				if (krb5rc && kssl_err.text)
-					printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
-			}
-#endif	/* KSSL_DEBUG */
-
-			if (krb5rc) {
-				ssl3_send_alert(s, SSL3_AL_FATAL,
-				SSL_AD_HANDSHAKE_FAILURE);
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-				kssl_err.reason);
-				goto err;
-			}
-
-			/*  20010406 VRS - Earlier versions used KRB5 AP_REQ
-			**  in place of RFC 2712 KerberosWrapper, as in:
-			**
-                        **  Send ticket (copy to *p, set n = length)
-                        **  n = krb5_ap_req.length;
-                        **  memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
-                        **  if (krb5_ap_req.data)  
-                        **    kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
-                        **
-			**  Now using real RFC 2712 KerberosWrapper
-			**  (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
-			**  Note: 2712 "opaque" types are here replaced
-			**  with a 2-byte length followed by the value.
-			**  Example:
-			**  KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
-			**  Where "xx xx" = length bytes.  Shown here with
-			**  optional authenticator omitted.
-			*/
-
-			/*  KerberosWrapper.Ticket		*/
-			s2n(enc_ticket->length, p);
-			memcpy(p, enc_ticket->data, enc_ticket->length);
-			p += enc_ticket->length;
-			n = enc_ticket->length + 2;
-
-			/*  KerberosWrapper.Authenticator	*/
-			if (authp && authp->length) {
-				s2n(authp->length, p);
-				memcpy(p, authp->data, authp->length);
-				p += authp->length;
-				n += authp->length + 2;
-
-				free(authp->data);
-				authp->data = NULL;
-				authp->length = 0;
-			} else {
-				s2n(0, p);/*  null authenticator length	*/
-				n += 2;
-			}
-
-			if (RAND_bytes(tmp_buf, sizeof tmp_buf) <= 0)
-				goto err;
-
-			/*  20010420 VRS.  Tried it this way; failed.
-			**	EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
-			**	EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
-			**				kssl_ctx->length);
-			**	EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
-			*/
-
-			memset(iv, 0, sizeof iv);
-			/* per RFC 1510 */
-			EVP_EncryptInit_ex(&ciph_ctx, enc, NULL,
-			    kssl_ctx->key, iv);
-			EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf,
-			    sizeof tmp_buf);
-			EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl);
-			outl += padl;
-			if (outl > (int)sizeof epms) {
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-				goto err;
-			}
-			EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-			/*  KerberosWrapper.EncryptedPreMasterSecret	*/
-			s2n(outl, p);
-			memcpy(p, epms, outl);
-			p += outl;
-			n += outl + 2;
-
-			s->session->master_key_length =
-			    s->method->ssl3_enc->generate_master_secret(s,
-			        s->session->master_key,
-			        tmp_buf, sizeof tmp_buf);
-
-			OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
-			OPENSSL_cleanse(epms, outl);
-		}
-#endif
 #ifndef OPENSSL_NO_DH
 		else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
 			DH *dh_srvr, *dh_clnt;