Nuke ssl3_cert_verify_mac() and ssl3_handshake_mac().

We also no longer need the ssl3_pad_1 and ssl3_pad_2 arrays... ok "flensing knife"
author: jsing <> 2015-09-11 17:08:50 +0000
committer: jsing <> 2015-09-11 17:08:50 +0000
commit: 1a8356d54310fcdf18b940e0960525894e696cd9 (patch)
tree: 8dd30c5388999f2c0b087cac2747bfa060c06f68 /src/lib
parent: 092f44aa56f8d509a14a8c833848ff7292966c2e (diff)
download: openbsd-1a8356d54310fcdf18b940e0960525894e696cd9.tar.gz
openbsd-1a8356d54310fcdf18b940e0960525894e696cd9.tar.bz2
openbsd-1a8356d54310fcdf18b940e0960525894e696cd9.zip
3 files changed, 3 insertions, 86 deletions
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index 2b0b923d30..324b90ba2f 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_enc.c,v 1.68 2015/09/11 17:04:39 jsing Exp $ */
+/* $OpenBSD: s3_enc.c,v 1.69 2015/09/11 17:08:50 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -142,27 +142,6 @@
 #include <openssl/evp.h>
 #include <openssl/md5.h>
-static unsigned char ssl3_pad_1[48] = {
-        0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-        0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-        0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-        0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-        0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-        0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
-};
-static unsigned char ssl3_pad_2[48] = {
-        0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-        0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-        0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-        0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-        0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-        0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
-};
-static int ssl3_handshake_mac(SSL *s, int md_nid, const char *sender,
-    int len, unsigned char *p);
 void
 ssl3_cleanup_key_block(SSL *s)
 {
@@ -274,66 +253,6 @@ ssl3_digest_cached_records(SSL *s)
        return 1;
 }
-int
-ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
-{
-        return (ssl3_handshake_mac(s, md_nid, NULL, 0, p));
-}
-static int
-ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len,
-    unsigned char *p)
-{
-        unsigned int ret;
-        int npad, n;
-        unsigned int i;
-        unsigned char md_buf[EVP_MAX_MD_SIZE];
-        EVP_MD_CTX ctx, *d = NULL;
-        if (s->s3->handshake_buffer)
-                if (!ssl3_digest_cached_records(s))
-                        return 0;
-        /* Search for digest of specified type in the handshake_dgst array. */
-        for (i = 0; i < SSL_MAX_DIGEST; i++) {
-                if (s->s3->handshake_dgst[i] &&
-                    EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
-                        d = s->s3->handshake_dgst[i];
-                        break;
-                }
-        }
-        if (!d) {
-                SSLerr(SSL_F_SSL3_HANDSHAKE_MAC, SSL_R_NO_REQUIRED_DIGEST);
-                return 0;
-        }
-        EVP_MD_CTX_init(&ctx);
-        if (!EVP_MD_CTX_copy_ex(&ctx, d))
-                return 0;
-        n = EVP_MD_CTX_size(&ctx);
-        if (n < 0)
-                return 0;
-        npad = (48 / n) * n;
-        if (sender != NULL)
-                EVP_DigestUpdate(&ctx, sender, len);
-        EVP_DigestUpdate(&ctx, s->session->master_key,
-            s->session->master_key_length);
-        EVP_DigestUpdate(&ctx, ssl3_pad_1, npad);
-        EVP_DigestFinal_ex(&ctx, md_buf, &i);
-        if (!EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL))
-                return 0;
-        EVP_DigestUpdate(&ctx, s->session->master_key,
-            s->session->master_key_length);
-        EVP_DigestUpdate(&ctx, ssl3_pad_2, npad);
-        EVP_DigestUpdate(&ctx, md_buf, i);
-        EVP_DigestFinal_ex(&ctx, p, &ret);
-        EVP_MD_CTX_cleanup(&ctx);
-        return ((int)ret);
-}
 void
 ssl3_record_sequence_increment(unsigned char *seq)
 {
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index d4924cdab8..d699fd41d8 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.111 2015/09/11 17:04:39 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.112 2015/09/11 17:08:50 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -621,7 +621,6 @@ int ssl3_renegotiate_check(SSL *ssl);
 int ssl3_dispatch_alert(SSL *s);
 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
 int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
 void ssl3_free_digest_list(SSL *s);
 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index d4924cdab8..d699fd41d8 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.111 2015/09/11 17:04:39 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.112 2015/09/11 17:08:50 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -621,7 +621,6 @@ int ssl3_renegotiate_check(SSL *ssl);
 int ssl3_dispatch_alert(SSL *s);
 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
 int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
 void ssl3_free_digest_list(SSL *s);
 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
author	jsing <>	2015-09-11 17:08:50 +0000
committer	jsing <>	2015-09-11 17:08:50 +0000
commit	1a8356d54310fcdf18b940e0960525894e696cd9 (patch)
tree	8dd30c5388999f2c0b087cac2747bfa060c06f68 /src/lib
parent	092f44aa56f8d509a14a8c833848ff7292966c2e (diff)
download	openbsd-1a8356d54310fcdf18b940e0960525894e696cd9.tar.gz openbsd-1a8356d54310fcdf18b940e0960525894e696cd9.tar.bz2 openbsd-1a8356d54310fcdf18b940e0960525894e696cd9.zip

diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c index 2b0b923d30..324b90ba2f 100644 --- a/src/lib/libssl/src/ssl/s3_enc.c +++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_enc.c,v 1.68 2015/09/11 17:04:39 jsing Exp $ */	1	/* $OpenBSD: s3_enc.c,v 1.69 2015/09/11 17:08:50 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -142,27 +142,6 @@
142	#include <openssl/evp.h>	142	#include <openssl/evp.h>
143	#include <openssl/md5.h>	143	#include <openssl/md5.h>
144		144
145	static unsigned char ssl3_pad_1[48] = {
146	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
147	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
148	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
149	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
150	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
151	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
152	};
153
154	static unsigned char ssl3_pad_2[48] = {
155	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
156	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
157	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
158	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
159	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
160	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
161	};
162
163	static int ssl3_handshake_mac(SSL s, int md_nid, const char sender,
164	int len, unsigned char *p);
165
166	void	145	void
167	ssl3_cleanup_key_block(SSL *s)	146	ssl3_cleanup_key_block(SSL *s)
168	{	147	{
@@ -274,66 +253,6 @@ ssl3_digest_cached_records(SSL *s)
274	return 1;	253	return 1;
275	}	254	}
276		255
277	int
278	ssl3_cert_verify_mac(SSL s, int md_nid, unsigned char p)
279	{
280	return (ssl3_handshake_mac(s, md_nid, NULL, 0, p));
281	}
282
283	static int
284	ssl3_handshake_mac(SSL s, int md_nid, const char sender, int len,
285	unsigned char *p)
286	{
287	unsigned int ret;
288	int npad, n;
289	unsigned int i;
290	unsigned char md_buf[EVP_MAX_MD_SIZE];
291	EVP_MD_CTX ctx, *d = NULL;
292
293	if (s->s3->handshake_buffer)
294	if (!ssl3_digest_cached_records(s))
295	return 0;
296
297	/* Search for digest of specified type in the handshake_dgst array. */
298	for (i = 0; i < SSL_MAX_DIGEST; i++) {
299	if (s->s3->handshake_dgst[i] &&
300	EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
301	d = s->s3->handshake_dgst[i];
302	break;
303	}
304	}
305	if (!d) {
306	SSLerr(SSL_F_SSL3_HANDSHAKE_MAC, SSL_R_NO_REQUIRED_DIGEST);
307	return 0;
308	}
309	EVP_MD_CTX_init(&ctx);
310	if (!EVP_MD_CTX_copy_ex(&ctx, d))
311	return 0;
312	n = EVP_MD_CTX_size(&ctx);
313	if (n < 0)
314	return 0;
315
316	npad = (48 / n) * n;
317	if (sender != NULL)
318	EVP_DigestUpdate(&ctx, sender, len);
319	EVP_DigestUpdate(&ctx, s->session->master_key,
320	s->session->master_key_length);
321	EVP_DigestUpdate(&ctx, ssl3_pad_1, npad);
322	EVP_DigestFinal_ex(&ctx, md_buf, &i);
323
324	if (!EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL))
325	return 0;
326	EVP_DigestUpdate(&ctx, s->session->master_key,
327	s->session->master_key_length);
328	EVP_DigestUpdate(&ctx, ssl3_pad_2, npad);
329	EVP_DigestUpdate(&ctx, md_buf, i);
330	EVP_DigestFinal_ex(&ctx, p, &ret);
331
332	EVP_MD_CTX_cleanup(&ctx);
333
334	return ((int)ret);
335	}
336
337	void	256	void
338	ssl3_record_sequence_increment(unsigned char *seq)	257	ssl3_record_sequence_increment(unsigned char *seq)
339	{	258	{


diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index d4924cdab8..d699fd41d8 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.111 2015/09/11 17:04:39 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.112 2015/09/11 17:08:50 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -621,7 +621,6 @@ int ssl3_renegotiate_check(SSL *ssl);
621	int ssl3_dispatch_alert(SSL *s);	621	int ssl3_dispatch_alert(SSL *s);
622	int ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek);	622	int ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek);
623	int ssl3_write_bytes(SSL s, int type, const void buf, int len);	623	int ssl3_write_bytes(SSL s, int type, const void buf, int len);
624	int ssl3_cert_verify_mac(SSL s, int md_nid, unsigned char p);
625	void ssl3_finish_mac(SSL s, const unsigned char buf, int len);	624	void ssl3_finish_mac(SSL s, const unsigned char buf, int len);
626	void ssl3_free_digest_list(SSL *s);	625	void ssl3_free_digest_list(SSL *s);
627	unsigned long ssl3_output_cert_chain(SSL s, X509 x);	626	unsigned long ssl3_output_cert_chain(SSL s, X509 x);


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index d4924cdab8..d699fd41d8 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.111 2015/09/11 17:04:39 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.112 2015/09/11 17:08:50 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -621,7 +621,6 @@ int ssl3_renegotiate_check(SSL *ssl);
621	int ssl3_dispatch_alert(SSL *s);	621	int ssl3_dispatch_alert(SSL *s);
622	int ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek);	622	int ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek);
623	int ssl3_write_bytes(SSL s, int type, const void buf, int len);	623	int ssl3_write_bytes(SSL s, int type, const void buf, int len);
624	int ssl3_cert_verify_mac(SSL s, int md_nid, unsigned char p);
625	void ssl3_finish_mac(SSL s, const unsigned char buf, int len);	624	void ssl3_finish_mac(SSL s, const unsigned char buf, int len);
626	void ssl3_free_digest_list(SSL *s);	625	void ssl3_free_digest_list(SSL *s);
627	unsigned long ssl3_output_cert_chain(SSL s, X509 x);	626	unsigned long ssl3_output_cert_chain(SSL s, X509 x);