diff options
| author | jsing <> | 2017-03-10 16:03:27 +0000 |
|---|---|---|
| committer | jsing <> | 2017-03-10 16:03:27 +0000 |
| commit | efcbc859d153bd2908ab9c32fb042c03eb84d265 (patch) | |
| tree | 87f5d914b19030ee7a5a08676faeef2fa8269f08 /src/lib/libssl/t1_enc.c | |
| parent | 1cc414278817073fb56449c3b1ad7386acb12601 (diff) | |
| download | openbsd-efcbc859d153bd2908ab9c32fb042c03eb84d265.tar.gz openbsd-efcbc859d153bd2908ab9c32fb042c03eb84d265.tar.bz2 openbsd-efcbc859d153bd2908ab9c32fb042c03eb84d265.zip | |
Remove the handshake digests and related code, replacing remaining uses
with the handshake hash. For now tls1_digest_cached_records() is retained
to release the handshake buffer.
ok beck@ inoguchi@
Diffstat (limited to 'src/lib/libssl/t1_enc.c')
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 97 |
1 files changed, 2 insertions, 95 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 0179ac3061..e9a9713134 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_enc.c,v 1.101 2017/03/10 15:08:49 jsing Exp $ */ | 1 | /* $OpenBSD: t1_enc.c,v 1.102 2017/03/10 16:03:27 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -165,7 +165,6 @@ int | |||
| 165 | tls1_init_finished_mac(SSL *s) | 165 | tls1_init_finished_mac(SSL *s) |
| 166 | { | 166 | { |
| 167 | BIO_free(S3I(s)->handshake_buffer); | 167 | BIO_free(S3I(s)->handshake_buffer); |
| 168 | tls1_free_digest_list(s); | ||
| 169 | 168 | ||
| 170 | S3I(s)->handshake_buffer = BIO_new(BIO_s_mem()); | 169 | S3I(s)->handshake_buffer = BIO_new(BIO_s_mem()); |
| 171 | if (S3I(s)->handshake_buffer == NULL) | 170 | if (S3I(s)->handshake_buffer == NULL) |
| @@ -176,29 +175,9 @@ tls1_init_finished_mac(SSL *s) | |||
| 176 | return (1); | 175 | return (1); |
| 177 | } | 176 | } |
| 178 | 177 | ||
| 179 | void | ||
| 180 | tls1_free_digest_list(SSL *s) | ||
| 181 | { | ||
| 182 | int i; | ||
| 183 | |||
| 184 | if (s == NULL) | ||
| 185 | return; | ||
| 186 | if (S3I(s)->handshake_dgst == NULL) | ||
| 187 | return; | ||
| 188 | |||
| 189 | for (i = 0; i < SSL_MAX_DIGEST; i++) { | ||
| 190 | if (S3I(s)->handshake_dgst[i]) | ||
| 191 | EVP_MD_CTX_destroy(S3I(s)->handshake_dgst[i]); | ||
| 192 | } | ||
| 193 | free(S3I(s)->handshake_dgst); | ||
| 194 | S3I(s)->handshake_dgst = NULL; | ||
| 195 | } | ||
| 196 | |||
| 197 | int | 178 | int |
| 198 | tls1_finish_mac(SSL *s, const unsigned char *buf, int len) | 179 | tls1_finish_mac(SSL *s, const unsigned char *buf, int len) |
| 199 | { | 180 | { |
| 200 | int i; | ||
| 201 | |||
| 202 | if (len < 0) | 181 | if (len < 0) |
| 203 | return 0; | 182 | return 0; |
| 204 | 183 | ||
| @@ -211,60 +190,21 @@ tls1_finish_mac(SSL *s, const unsigned char *buf, int len) | |||
| 211 | return 1; | 190 | return 1; |
| 212 | } | 191 | } |
| 213 | 192 | ||
| 214 | for (i = 0; i < SSL_MAX_DIGEST; i++) { | ||
| 215 | if (S3I(s)->handshake_dgst[i] == NULL) | ||
| 216 | continue; | ||
| 217 | if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], buf, len)) { | ||
| 218 | SSLerror(s, ERR_R_EVP_LIB); | ||
| 219 | return 0; | ||
| 220 | } | ||
| 221 | } | ||
| 222 | |||
| 223 | return 1; | 193 | return 1; |
| 224 | } | 194 | } |
| 225 | 195 | ||
| 226 | int | 196 | int |
| 227 | tls1_digest_cached_records(SSL *s) | 197 | tls1_digest_cached_records(SSL *s) |
| 228 | { | 198 | { |
| 229 | const EVP_MD *md; | 199 | long hdatalen; |
| 230 | long hdatalen, mask; | ||
| 231 | void *hdata; | 200 | void *hdata; |
| 232 | int i; | ||
| 233 | |||
| 234 | tls1_free_digest_list(s); | ||
| 235 | 201 | ||
| 236 | S3I(s)->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *)); | ||
| 237 | if (S3I(s)->handshake_dgst == NULL) { | ||
| 238 | SSLerror(s, ERR_R_MALLOC_FAILURE); | ||
| 239 | goto err; | ||
| 240 | } | ||
| 241 | hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); | 202 | hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); |
| 242 | if (hdatalen <= 0) { | 203 | if (hdatalen <= 0) { |
| 243 | SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH); | 204 | SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH); |
| 244 | goto err; | 205 | goto err; |
| 245 | } | 206 | } |
| 246 | 207 | ||
| 247 | /* Loop through bits of the algorithm2 field and create MD contexts. */ | ||
| 248 | for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) { | ||
| 249 | if ((mask & ssl_get_algorithm2(s)) == 0 || md == NULL) | ||
| 250 | continue; | ||
| 251 | |||
| 252 | S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create(); | ||
| 253 | if (S3I(s)->handshake_dgst[i] == NULL) { | ||
| 254 | SSLerror(s, ERR_R_MALLOC_FAILURE); | ||
| 255 | goto err; | ||
| 256 | } | ||
| 257 | if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) { | ||
| 258 | SSLerror(s, ERR_R_EVP_LIB); | ||
| 259 | goto err; | ||
| 260 | } | ||
| 261 | if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], hdata, | ||
| 262 | hdatalen)) { | ||
| 263 | SSLerror(s, ERR_R_EVP_LIB); | ||
| 264 | goto err; | ||
| 265 | } | ||
| 266 | } | ||
| 267 | |||
| 268 | if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) { | 208 | if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) { |
| 269 | BIO_free(S3I(s)->handshake_buffer); | 209 | BIO_free(S3I(s)->handshake_buffer); |
| 270 | S3I(s)->handshake_buffer = NULL; | 210 | S3I(s)->handshake_buffer = NULL; |
| @@ -273,7 +213,6 @@ tls1_digest_cached_records(SSL *s) | |||
| 273 | return 1; | 213 | return 1; |
| 274 | 214 | ||
| 275 | err: | 215 | err: |
| 276 | tls1_free_digest_list(s); | ||
| 277 | return 0; | 216 | return 0; |
| 278 | } | 217 | } |
| 279 | 218 | ||
| @@ -1091,38 +1030,6 @@ tls1_enc(SSL *s, int send) | |||
| 1091 | } | 1030 | } |
| 1092 | 1031 | ||
| 1093 | int | 1032 | int |
| 1094 | tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) | ||
| 1095 | { | ||
| 1096 | EVP_MD_CTX ctx, *d = NULL; | ||
| 1097 | unsigned int ret; | ||
| 1098 | int i; | ||
| 1099 | |||
| 1100 | if (S3I(s)->handshake_buffer) | ||
| 1101 | if (!tls1_digest_cached_records(s)) | ||
| 1102 | return 0; | ||
| 1103 | |||
| 1104 | for (i = 0; i < SSL_MAX_DIGEST; i++) { | ||
| 1105 | if (S3I(s)->handshake_dgst[i] && | ||
| 1106 | EVP_MD_CTX_type(S3I(s)->handshake_dgst[i]) == md_nid) { | ||
| 1107 | d = S3I(s)->handshake_dgst[i]; | ||
| 1108 | break; | ||
| 1109 | } | ||
| 1110 | } | ||
| 1111 | if (d == NULL) { | ||
| 1112 | SSLerror(s, SSL_R_NO_REQUIRED_DIGEST); | ||
| 1113 | return 0; | ||
| 1114 | } | ||
| 1115 | |||
| 1116 | EVP_MD_CTX_init(&ctx); | ||
| 1117 | if (!EVP_MD_CTX_copy_ex(&ctx, d)) | ||
| 1118 | return 0; | ||
| 1119 | EVP_DigestFinal_ex(&ctx, out, &ret); | ||
| 1120 | EVP_MD_CTX_cleanup(&ctx); | ||
| 1121 | |||
| 1122 | return ((int)ret); | ||
| 1123 | } | ||
| 1124 | |||
| 1125 | int | ||
| 1126 | tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out) | 1033 | tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out) |
| 1127 | { | 1034 | { |
| 1128 | unsigned char buf1[EVP_MAX_MD_SIZE]; | 1035 | unsigned char buf1[EVP_MAX_MD_SIZE]; |