Clean up and simplify the tls1_PRF() implementation now that we have a

single EVP MD for the PRF hash. ok beck@ inoguchi@
author: jsing <> 2017-03-06 15:08:57 +0000
committer: jsing <> 2017-03-06 15:08:57 +0000
commit: 25f2f941d93428b13aded2bfda76810e86bf8597 (patch)
tree: c1c01de6ef5f35eebd6d5f3a02cf8ee690341ff2 /src/lib/libssl/t1_enc.c
parent: 87117ac52c1642f68394967df52a4cac4effcfd4 (diff)
download: openbsd-25f2f941d93428b13aded2bfda76810e86bf8597.tar.gz
openbsd-25f2f941d93428b13aded2bfda76810e86bf8597.tar.bz2
openbsd-25f2f941d93428b13aded2bfda76810e86bf8597.zip
1 files changed, 19 insertions, 48 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 62578beeea..84f2e182d9 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.97 2017/03/05 14:39:53 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.98 2017/03/06 15:08:57 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -372,67 +372,39 @@ err:
 /* seed1 through seed5 are virtually concatenated */
 static int
-tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2,
+tls1_PRF(SSL *s, const void *seed1, int seed1_len, const void *seed2,
    int seed2_len, const void *seed3, int seed3_len, const void *seed4,
    int seed4_len, const void *seed5, int seed5_len, const unsigned char *sec,
    int slen, unsigned char *out1, unsigned char *out2, int olen)
 {
-        int len, i, idx, count;
-        const unsigned char *S1;
-        long m;
        const EVP_MD *md;
-        int ret = 0;
+        int i;
-        /* Count number of digests and partition sec evenly */
-        count = 0;
-        for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
-                if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask)
-                        count++;
-        }
-        if (count == 0) {
-                SSLerrorx(SSL_R_SSL_HANDSHAKE_FAILURE);
-                goto err;
-        }
-        len = slen / count;
-        if (count == 1)
-                slen = 0;
-        S1 = sec;
        memset(out1, 0, olen);
-        for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
-                if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) {
-                        if (!md) {
-                                SSLerrorx(SSL_R_UNSUPPORTED_DIGEST_TYPE);
-                                goto err;
-                        }
-                        if (!tls1_P_hash(md , S1, len + (slen&1), seed1,
-                            seed1_len, seed2, seed2_len, seed3, seed3_len,
-                            seed4, seed4_len, seed5, seed5_len, out2, olen))
-                                goto err;
-                        S1 += len;
-                        for (i = 0; i < olen; i++) {
-                                out1[i] ^= out2[i];
-                        }
-                }
-        }
-        ret = 1;
-err:
+        if (!ssl_get_handshake_evp_md(s, &md))
-        return ret;
+                return (0);
+        if (!tls1_P_hash(md, sec, slen, seed1, seed1_len, seed2, seed2_len,
+            seed3, seed3_len, seed4, seed4_len, seed5, seed5_len, out2, olen))
+                return (0);
+        for (i = 0; i < olen; i++)
+                out1[i] ^= out2[i];
+        return (1);
 }
 static int
 tls1_generate_key_block(SSL *s, unsigned char *km, unsigned char *tmp, int num)
 {
-        int ret;
+        return tls1_PRF(s,
-        ret = tls1_PRF(ssl_get_algorithm2(s),
            TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE,
            s->s3->server_random, SSL3_RANDOM_SIZE,
            s->s3->client_random, SSL3_RANDOM_SIZE,
            NULL, 0, NULL, 0,
            s->session->master_key, s->session->master_key_length,
            km, tmp, num);
-        return ret;
 }
 /*
@@ -1138,8 +1110,7 @@ tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
        if (hlen > INT_MAX)
                return 0;
-        if (!tls1_PRF(ssl_get_algorithm2(s), str, slen, buf1, hlen,
+        if (!tls1_PRF(s, str, slen, buf1, hlen, NULL, 0, NULL, 0, NULL, 0,
-            NULL, 0, NULL, 0, NULL, 0,
            s->session->master_key, s->session->master_key_length,
            out, buf2, sizeof(buf2)))
                return 0;
@@ -1235,7 +1206,8 @@ tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
 {
        unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
-        tls1_PRF(ssl_get_algorithm2(s),
+        /* XXX - check return value. */
+        tls1_PRF(s,
            TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
            s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0,
            s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0,
@@ -1307,8 +1279,7 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
            TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
                goto err1;
-        rv = tls1_PRF(ssl_get_algorithm2(s),
+        rv = tls1_PRF(s, val, vallen, NULL, 0, NULL, 0, NULL, 0, NULL, 0,
-            val, vallen, NULL, 0, NULL, 0, NULL, 0, NULL, 0,
            s->session->master_key, s->session->master_key_length,
            out, buff, olen);
author	jsing <>	2017-03-06 15:08:57 +0000
committer	jsing <>	2017-03-06 15:08:57 +0000
commit	25f2f941d93428b13aded2bfda76810e86bf8597 (patch)
tree	c1c01de6ef5f35eebd6d5f3a02cf8ee690341ff2 /src/lib/libssl/t1_enc.c
parent	87117ac52c1642f68394967df52a4cac4effcfd4 (diff)
download	openbsd-25f2f941d93428b13aded2bfda76810e86bf8597.tar.gz openbsd-25f2f941d93428b13aded2bfda76810e86bf8597.tar.bz2 openbsd-25f2f941d93428b13aded2bfda76810e86bf8597.zip