Hello, I just noticed r1.44 to t1_lib.c. I'm not sure that auditing opaque_prf_input is a good use of anyone's time -- I think it might be better to just run "unifdef -U TLSEXT_TYPE_opaque_prf_input" and be done with it.
Here's the history of opaque_prf_input as I understand it: - In 2006, the Department of Defense wanted a TLS extension that could provide extra random inputs for generating the master secret. A draft was produced for an extension that would let the client and server each contribute up to 64 KB of extra "random" material to the PRF. [1] - The draft was abandoned and expired in June of 2007. No extension type was ever assigned. - In September 2007, OpenSSL added support for the expired draft. [2] Of course, since there's no assigned extension type, users need to define one and recompile the library to use the extension. Given that the extension was dead on arrival and implemented post-mortem, I wouldn't be surprised to discover that opaque_prf_input has as many users as big-endian amd64 support. Brendan MacDonell [1] http://tools.ietf.org/html/draft-rescorla-tls-opaque-prf-input-00 [2] https://github.com/openssl/openssl/commit/761772d7e19145fa9afb2a0c830ead69a33f3fa5