Nuke n_ssl3_mac().

ok "flensing knife"
author: jsing <> 2015-09-11 16:56:17 +0000
committer: jsing <> 2015-09-11 16:56:17 +0000
commit: 58137d6816f0d777d205ec5e0b82a0561c74c50b (patch)
tree: d3d753a8346648f6e56647dddaafe82074cc0d6a /src/lib
parent: 8d56b7ead6f4a7517100afb5445c117611045bcb (diff)
download: openbsd-58137d6816f0d777d205ec5e0b82a0561c74c50b.tar.gz
openbsd-58137d6816f0d777d205ec5e0b82a0561c74c50b.tar.bz2
openbsd-58137d6816f0d777d205ec5e0b82a0561c74c50b.zip
3 files changed, 3 insertions, 103 deletions
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index 7e0544a8fa..6a7026e158 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_enc.c,v 1.63 2015/09/11 16:53:51 jsing Exp $ */
+/* $OpenBSD: s3_enc.c,v 1.64 2015/09/11 16:56:17 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -574,104 +574,6 @@ ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len,
        return ((int)ret);
 }
-int
-n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
-{
-        SSL3_RECORD *rec;
-        unsigned char *mac_sec, *seq;
-        EVP_MD_CTX md_ctx;
-        const EVP_MD_CTX *hash;
-        unsigned char *p, rec_char;
-        size_t md_size, orig_len;
-        int npad;
-        int t;
-        if (send) {
-                rec = &(ssl->s3->wrec);
-                mac_sec = &(ssl->s3->write_mac_secret[0]);
-                seq = &(ssl->s3->write_sequence[0]);
-                hash = ssl->write_hash;
-        } else {
-                rec = &(ssl->s3->rrec);
-                mac_sec = &(ssl->s3->read_mac_secret[0]);
-                seq = &(ssl->s3->read_sequence[0]);
-                hash = ssl->read_hash;
-        }
-        t = EVP_MD_CTX_size(hash);
-        if (t < 0)
-                return -1;
-        md_size = t;
-        npad = (48 / md_size) * md_size;
-        /* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */
-        orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);
-        rec->type &= 0xff;
-        if (!send &&
-            EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
-            ssl3_cbc_record_digest_supported(hash)) {
-                /* This is a CBC-encrypted record. We must avoid leaking any
-                 * timing-side channel information about how many blocks of
-                 * data we are hashing because that gives an attacker a
-                 * timing-oracle. */
-                /* npad is, at most, 48 bytes and that's with MD5:
-                 *   16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
-                 *
-                 * With SHA-1 (the largest hash speced for SSLv3) the hash size
-                 * goes up 4, but npad goes down by 8, resulting in a smaller
-                 * total size. */
-                unsigned char header[75];
-                unsigned j = 0;
-                memcpy(header + j, mac_sec, md_size);
-                j += md_size;
-                memcpy(header + j, ssl3_pad_1, npad);
-                j += npad;
-                memcpy(header + j, seq, 8);
-                j += 8;
-                header[j++] = rec->type;
-                header[j++] = rec->length >> 8;
-                header[j++] = rec->length & 0xff;
-                if (!ssl3_cbc_digest_record(hash, md, &md_size, header,
-                    rec->input, rec->length + md_size, orig_len, mac_sec,
-                    md_size, 1 /* is SSLv3 */))
-                        return (-1);
-        } else {
-                unsigned int md_size_u;
-                /* Chop the digest off the end :-) */
-                EVP_MD_CTX_init(&md_ctx);
-                if (!EVP_MD_CTX_copy_ex(&md_ctx, hash))
-                        return (-1);
-                EVP_DigestUpdate(&md_ctx, mac_sec, md_size);
-                EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad);
-                EVP_DigestUpdate(&md_ctx, seq, 8);
-                rec_char = rec->type;
-                EVP_DigestUpdate(&md_ctx, &rec_char, 1);
-                p = md;
-                s2n(rec->length, p);
-                EVP_DigestUpdate(&md_ctx, md, 2);
-                EVP_DigestUpdate(&md_ctx, rec->input, rec->length);
-                EVP_DigestFinal_ex(&md_ctx, md, NULL);
-                if (!EVP_MD_CTX_copy_ex(&md_ctx, hash))
-                        return (-1);
-                EVP_DigestUpdate(&md_ctx, mac_sec, md_size);
-                EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad);
-                EVP_DigestUpdate(&md_ctx, md, md_size);
-                EVP_DigestFinal_ex(&md_ctx, md, &md_size_u);
-                md_size = md_size_u;
-                EVP_MD_CTX_cleanup(&md_ctx);
-        }
-        ssl3_record_sequence_increment(seq);
-        return (md_size);
-}
 void
 ssl3_record_sequence_increment(unsigned char *seq)
 {
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index ab576c28f9..1b46e990de 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.106 2015/09/11 16:53:51 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.107 2015/09/11 16:56:17 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -629,7 +629,6 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
    unsigned char *p);
 int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
-int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
 void ssl3_free_digest_list(SSL *s);
 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
 SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index ab576c28f9..1b46e990de 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.106 2015/09/11 16:53:51 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.107 2015/09/11 16:56:17 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -629,7 +629,6 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
    unsigned char *p);
 int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
-int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
 void ssl3_free_digest_list(SSL *s);
 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
 SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
author	jsing <>	2015-09-11 16:56:17 +0000
committer	jsing <>	2015-09-11 16:56:17 +0000
commit	58137d6816f0d777d205ec5e0b82a0561c74c50b (patch)
tree	d3d753a8346648f6e56647dddaafe82074cc0d6a /src/lib
parent	8d56b7ead6f4a7517100afb5445c117611045bcb (diff)
download	openbsd-58137d6816f0d777d205ec5e0b82a0561c74c50b.tar.gz openbsd-58137d6816f0d777d205ec5e0b82a0561c74c50b.tar.bz2 openbsd-58137d6816f0d777d205ec5e0b82a0561c74c50b.zip

diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c index 7e0544a8fa..6a7026e158 100644 --- a/src/lib/libssl/src/ssl/s3_enc.c +++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_enc.c,v 1.63 2015/09/11 16:53:51 jsing Exp $ */	1	/* $OpenBSD: s3_enc.c,v 1.64 2015/09/11 16:56:17 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -574,104 +574,6 @@ ssl3_handshake_mac(SSL s, int md_nid, const char sender, int len,
574	return ((int)ret);	574	return ((int)ret);
575	}	575	}
576		576
577	int
578	n_ssl3_mac(SSL ssl, unsigned char md, int send)
579	{
580	SSL3_RECORD *rec;
581	unsigned char mac_sec, seq;
582	EVP_MD_CTX md_ctx;
583	const EVP_MD_CTX *hash;
584	unsigned char *p, rec_char;
585	size_t md_size, orig_len;
586	int npad;
587	int t;
588
589	if (send) {
590	rec = &(ssl->s3->wrec);
591	mac_sec = &(ssl->s3->write_mac_secret[0]);
592	seq = &(ssl->s3->write_sequence[0]);
593	hash = ssl->write_hash;
594	} else {
595	rec = &(ssl->s3->rrec);
596	mac_sec = &(ssl->s3->read_mac_secret[0]);
597	seq = &(ssl->s3->read_sequence[0]);
598	hash = ssl->read_hash;
599	}
600
601	t = EVP_MD_CTX_size(hash);
602	if (t < 0)
603	return -1;
604	md_size = t;
605	npad = (48 / md_size) * md_size;
606
607	/* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */
608	orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);
609	rec->type &= 0xff;
610
611	if (!send &&
612	EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
613	ssl3_cbc_record_digest_supported(hash)) {
614	/* This is a CBC-encrypted record. We must avoid leaking any
615	* timing-side channel information about how many blocks of
616	* data we are hashing because that gives an attacker a
617	* timing-oracle. */
618
619	/* npad is, at most, 48 bytes and that's with MD5:
620	* 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
621	*
622	* With SHA-1 (the largest hash speced for SSLv3) the hash size
623	* goes up 4, but npad goes down by 8, resulting in a smaller
624	* total size. */
625	unsigned char header[75];
626	unsigned j = 0;
627	memcpy(header + j, mac_sec, md_size);
628	j += md_size;
629	memcpy(header + j, ssl3_pad_1, npad);
630	j += npad;
631	memcpy(header + j, seq, 8);
632	j += 8;
633	header[j++] = rec->type;
634	header[j++] = rec->length >> 8;
635	header[j++] = rec->length & 0xff;
636
637	if (!ssl3_cbc_digest_record(hash, md, &md_size, header,
638	rec->input, rec->length + md_size, orig_len, mac_sec,
639	md_size, 1 /* is SSLv3 */))
640	return (-1);
641	} else {
642	unsigned int md_size_u;
643	/* Chop the digest off the end :-) */
644	EVP_MD_CTX_init(&md_ctx);
645
646	if (!EVP_MD_CTX_copy_ex(&md_ctx, hash))
647	return (-1);
648	EVP_DigestUpdate(&md_ctx, mac_sec, md_size);
649	EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad);
650	EVP_DigestUpdate(&md_ctx, seq, 8);
651	rec_char = rec->type;
652	EVP_DigestUpdate(&md_ctx, &rec_char, 1);
653	p = md;
654	s2n(rec->length, p);
655	EVP_DigestUpdate(&md_ctx, md, 2);
656	EVP_DigestUpdate(&md_ctx, rec->input, rec->length);
657	EVP_DigestFinal_ex(&md_ctx, md, NULL);
658
659	if (!EVP_MD_CTX_copy_ex(&md_ctx, hash))
660	return (-1);
661	EVP_DigestUpdate(&md_ctx, mac_sec, md_size);
662	EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad);
663	EVP_DigestUpdate(&md_ctx, md, md_size);
664	EVP_DigestFinal_ex(&md_ctx, md, &md_size_u);
665	md_size = md_size_u;
666
667	EVP_MD_CTX_cleanup(&md_ctx);
668	}
669
670	ssl3_record_sequence_increment(seq);
671
672	return (md_size);
673	}
674
675	void	577	void
676	ssl3_record_sequence_increment(unsigned char *seq)	578	ssl3_record_sequence_increment(unsigned char *seq)
677	{	579	{


diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index ab576c28f9..1b46e990de 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.106 2015/09/11 16:53:51 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.107 2015/09/11 16:56:17 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -629,7 +629,6 @@ int ssl3_final_finish_mac(SSL s, const char sender, int slen,
629	unsigned char *p);	629	unsigned char *p);
630	int ssl3_cert_verify_mac(SSL s, int md_nid, unsigned char p);	630	int ssl3_cert_verify_mac(SSL s, int md_nid, unsigned char p);
631	void ssl3_finish_mac(SSL s, const unsigned char buf, int len);	631	void ssl3_finish_mac(SSL s, const unsigned char buf, int len);
632	int n_ssl3_mac(SSL ssl, unsigned char md, int send_data);
633	void ssl3_free_digest_list(SSL *s);	632	void ssl3_free_digest_list(SSL *s);
634	unsigned long ssl3_output_cert_chain(SSL s, X509 x);	633	unsigned long ssl3_output_cert_chain(SSL s, X509 x);
635	SSL_CIPHER ssl3_choose_cipher(SSL ssl, STACK_OF(SSL_CIPHER) *clnt,	634	SSL_CIPHER ssl3_choose_cipher(SSL ssl, STACK_OF(SSL_CIPHER) *clnt,


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index ab576c28f9..1b46e990de 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.106 2015/09/11 16:53:51 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.107 2015/09/11 16:56:17 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -629,7 +629,6 @@ int ssl3_final_finish_mac(SSL s, const char sender, int slen,
629	unsigned char *p);	629	unsigned char *p);
630	int ssl3_cert_verify_mac(SSL s, int md_nid, unsigned char p);	630	int ssl3_cert_verify_mac(SSL s, int md_nid, unsigned char p);
631	void ssl3_finish_mac(SSL s, const unsigned char buf, int len);	631	void ssl3_finish_mac(SSL s, const unsigned char buf, int len);
632	int n_ssl3_mac(SSL ssl, unsigned char md, int send_data);
633	void ssl3_free_digest_list(SSL *s);	632	void ssl3_free_digest_list(SSL *s);
634	unsigned long ssl3_output_cert_chain(SSL s, X509 x);	633	unsigned long ssl3_output_cert_chain(SSL s, X509 x);
635	SSL_CIPHER ssl3_choose_cipher(SSL ssl, STACK_OF(SSL_CIPHER) *clnt,	634	SSL_CIPHER ssl3_choose_cipher(SSL ssl, STACK_OF(SSL_CIPHER) *clnt,