Nuke ssl3_enc().

ok "flensing knife"
author: jsing <> 2015-09-11 16:53:51 +0000
committer: jsing <> 2015-09-11 16:53:51 +0000
commit: 8d56b7ead6f4a7517100afb5445c117611045bcb (patch)
tree: a45b6641a2a75d65c12183d7d2bec77747f77fc4
parent: 06f8a369c720ffc48a9ab4491579b845a3578923 (diff)
download: openbsd-8d56b7ead6f4a7517100afb5445c117611045bcb.tar.gz
openbsd-8d56b7ead6f4a7517100afb5445c117611045bcb.tar.bz2
openbsd-8d56b7ead6f4a7517100afb5445c117611045bcb.zip
3 files changed, 3 insertions, 76 deletions
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index 515072a99e..7e0544a8fa 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_enc.c,v 1.62 2015/09/10 15:56:26 jsing Exp $ */
+/* $OpenBSD: s3_enc.c,v 1.63 2015/09/11 16:53:51 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -400,77 +400,6 @@ ssl3_cleanup_key_block(SSL *s)
        s->s3->tmp.key_block_length = 0;
 }
-/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
- *
- * Returns:
- *   0: (in non-constant time) if the record is publically invalid (i.e. too
- *       short etc).
- *   1: if the record's padding is valid / the encryption was successful.
- *   -1: if the record's padding is invalid or, if sending, an internal error
- *       occured.
- */
-int
-ssl3_enc(SSL *s, int send)
-{
-        SSL3_RECORD *rec;
-        EVP_CIPHER_CTX *ds;
-        unsigned long l;
-        int bs, i, mac_size = 0;
-        const EVP_CIPHER *enc;
-        if (send) {
-                ds = s->enc_write_ctx;
-                rec = &(s->s3->wrec);
-                if (s->enc_write_ctx == NULL)
-                        enc = NULL;
-                else
-                        enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
-        } else {
-                ds = s->enc_read_ctx;
-                rec = &(s->s3->rrec);
-                if (s->enc_read_ctx == NULL)
-                        enc = NULL;
-                else
-                        enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
-        }
-        if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
-                memmove(rec->data, rec->input, rec->length);
-                rec->input = rec->data;
-        } else {
-                l = rec->length;
-                bs = EVP_CIPHER_block_size(ds->cipher);
-                /* COMPRESS */
-                if ((bs != 1) && send) {
-                        i = bs - ((int)l % bs);
-                        /* we need to add 'i-1' padding bytes */
-                        l += i;
-                        /* the last of these zero bytes will be overwritten
-                         * with the padding length. */
-                        memset(&rec->input[rec->length], 0, i);
-                        rec->length += i;
-                        rec->input[l - 1] = (i - 1);
-                }
-                if (!send) {
-                        if (l == 0 || l % bs != 0)
-                                return 0;
-                        /* otherwise, rec->length >= bs */
-                }
-                EVP_Cipher(ds, rec->data, rec->input, l);
-                if (EVP_MD_CTX_md(s->read_hash) != NULL)
-                        mac_size = EVP_MD_CTX_size(s->read_hash);
-                if ((bs != 1) && !send)
-                        return ssl3_cbc_remove_padding(s, rec, bs, mac_size);
-        }
-        return (1);
-}
 int
 ssl3_init_finished_mac(SSL *s)
 {
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 8ad1535979..ab576c28f9 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.105 2015/09/11 16:50:46 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.106 2015/09/11 16:53:51 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -629,7 +629,6 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
    unsigned char *p);
 int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
-int ssl3_enc(SSL *s, int send_data);
 int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
 void ssl3_free_digest_list(SSL *s);
 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 8ad1535979..ab576c28f9 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.105 2015/09/11 16:50:46 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.106 2015/09/11 16:53:51 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -629,7 +629,6 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
    unsigned char *p);
 int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
-int ssl3_enc(SSL *s, int send_data);
 int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
 void ssl3_free_digest_list(SSL *s);
 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
author	jsing <>	2015-09-11 16:53:51 +0000
committer	jsing <>	2015-09-11 16:53:51 +0000
commit	8d56b7ead6f4a7517100afb5445c117611045bcb (patch)
tree	a45b6641a2a75d65c12183d7d2bec77747f77fc4
parent	06f8a369c720ffc48a9ab4491579b845a3578923 (diff)
download	openbsd-8d56b7ead6f4a7517100afb5445c117611045bcb.tar.gz openbsd-8d56b7ead6f4a7517100afb5445c117611045bcb.tar.bz2 openbsd-8d56b7ead6f4a7517100afb5445c117611045bcb.zip

diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c index 515072a99e..7e0544a8fa 100644 --- a/src/lib/libssl/src/ssl/s3_enc.c +++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_enc.c,v 1.62 2015/09/10 15:56:26 jsing Exp $ */	1	/* $OpenBSD: s3_enc.c,v 1.63 2015/09/11 16:53:51 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -400,77 +400,6 @@ ssl3_cleanup_key_block(SSL *s)
400	s->s3->tmp.key_block_length = 0;	400	s->s3->tmp.key_block_length = 0;
401	}	401	}
402		402
403	/* ssl3_enc encrypts/decrypts the record in \|s->wrec\| / \|s->rrec\|, respectively.
404	*
405	* Returns:
406	* 0: (in non-constant time) if the record is publically invalid (i.e. too
407	* short etc).
408	* 1: if the record's padding is valid / the encryption was successful.
409	* -1: if the record's padding is invalid or, if sending, an internal error
410	* occured.
411	*/
412	int
413	ssl3_enc(SSL *s, int send)
414	{
415	SSL3_RECORD *rec;
416	EVP_CIPHER_CTX *ds;
417	unsigned long l;
418	int bs, i, mac_size = 0;
419	const EVP_CIPHER *enc;
420
421	if (send) {
422	ds = s->enc_write_ctx;
423	rec = &(s->s3->wrec);
424	if (s->enc_write_ctx == NULL)
425	enc = NULL;
426	else
427	enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
428	} else {
429	ds = s->enc_read_ctx;
430	rec = &(s->s3->rrec);
431	if (s->enc_read_ctx == NULL)
432	enc = NULL;
433	else
434	enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
435	}
436
437	if ((s->session == NULL) \|\| (ds == NULL) \|\| (enc == NULL)) {
438	memmove(rec->data, rec->input, rec->length);
439	rec->input = rec->data;
440	} else {
441	l = rec->length;
442	bs = EVP_CIPHER_block_size(ds->cipher);
443
444	/* COMPRESS */
445
446	if ((bs != 1) && send) {
447	i = bs - ((int)l % bs);
448
449	/* we need to add 'i-1' padding bytes */
450	l += i;
451	/* the last of these zero bytes will be overwritten
452	* with the padding length. */
453	memset(&rec->input[rec->length], 0, i);
454	rec->length += i;
455	rec->input[l - 1] = (i - 1);
456	}
457
458	if (!send) {
459	if (l == 0 \|\| l % bs != 0)
460	return 0;
461	/* otherwise, rec->length >= bs */
462	}
463
464	EVP_Cipher(ds, rec->data, rec->input, l);
465
466	if (EVP_MD_CTX_md(s->read_hash) != NULL)
467	mac_size = EVP_MD_CTX_size(s->read_hash);
468	if ((bs != 1) && !send)
469	return ssl3_cbc_remove_padding(s, rec, bs, mac_size);
470	}
471	return (1);
472	}
473
474	int	403	int
475	ssl3_init_finished_mac(SSL *s)	404	ssl3_init_finished_mac(SSL *s)
476	{	405	{


diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index 8ad1535979..ab576c28f9 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.105 2015/09/11 16:50:46 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.106 2015/09/11 16:53:51 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -629,7 +629,6 @@ int ssl3_final_finish_mac(SSL s, const char sender, int slen,
629	unsigned char *p);	629	unsigned char *p);
630	int ssl3_cert_verify_mac(SSL s, int md_nid, unsigned char p);	630	int ssl3_cert_verify_mac(SSL s, int md_nid, unsigned char p);
631	void ssl3_finish_mac(SSL s, const unsigned char buf, int len);	631	void ssl3_finish_mac(SSL s, const unsigned char buf, int len);
632	int ssl3_enc(SSL *s, int send_data);
633	int n_ssl3_mac(SSL ssl, unsigned char md, int send_data);	632	int n_ssl3_mac(SSL ssl, unsigned char md, int send_data);
634	void ssl3_free_digest_list(SSL *s);	633	void ssl3_free_digest_list(SSL *s);
635	unsigned long ssl3_output_cert_chain(SSL s, X509 x);	634	unsigned long ssl3_output_cert_chain(SSL s, X509 x);


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 8ad1535979..ab576c28f9 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.105 2015/09/11 16:50:46 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.106 2015/09/11 16:53:51 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -629,7 +629,6 @@ int ssl3_final_finish_mac(SSL s, const char sender, int slen,
629	unsigned char *p);	629	unsigned char *p);
630	int ssl3_cert_verify_mac(SSL s, int md_nid, unsigned char p);	630	int ssl3_cert_verify_mac(SSL s, int md_nid, unsigned char p);
631	void ssl3_finish_mac(SSL s, const unsigned char buf, int len);	631	void ssl3_finish_mac(SSL s, const unsigned char buf, int len);
632	int ssl3_enc(SSL *s, int send_data);
633	int n_ssl3_mac(SSL ssl, unsigned char md, int send_data);	632	int n_ssl3_mac(SSL ssl, unsigned char md, int send_data);
634	void ssl3_free_digest_list(SSL *s);	633	void ssl3_free_digest_list(SSL *s);
635	unsigned long ssl3_output_cert_chain(SSL s, X509 x);	634	unsigned long ssl3_output_cert_chain(SSL s, X509 x);