Nuke ssl3_change_cipher_state().

ok "flensing knife"

3 files changed, 3 insertions, 113 deletions

diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index ced1083497..14c29e4edd 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_enc.c,v 1.66 2015/09/11 17:01:19 jsing Exp $ */
+/* $OpenBSD: s3_enc.c,v 1.67 2015/09/11 17:03:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -163,114 +163,6 @@ static unsigned char ssl3_pad_2[48] = {
 static int ssl3_handshake_mac(SSL *s, int md_nid, const char *sender,
     int len, unsigned char *p);
 
-int
-ssl3_change_cipher_state(SSL *s, int which)
-{
-        const unsigned char *client_write_mac_secret, *server_write_mac_secret;
-        const unsigned char *client_write_key, *server_write_key;
-        const unsigned char *client_write_iv, *server_write_iv;
-        const unsigned char *mac_secret, *key, *iv;
-        unsigned char *key_block;
-        int mac_len, key_len, iv_len;
-        char is_read, use_client_keys;
-        EVP_CIPHER_CTX *cipher_ctx;
-        const EVP_CIPHER *cipher;
-        const EVP_MD *mac;
-
-
-        cipher = s->s3->tmp.new_sym_enc;
-        mac = s->s3->tmp.new_hash;
-
-        /* mac == NULL will lead to a crash later */
-        OPENSSL_assert(mac);
-
-        /*
-         * is_read is true if we have just read a ChangeCipherSpec message,
-         * that is we need to update the read cipherspec. Otherwise we have
-         * just written one.
-         */
-        is_read = (which & SSL3_CC_READ) != 0;
-
-        /*
-         * use_client_keys is true if we wish to use the keys for the "client
-         * write" direction. This is the case if we're a client sending a
-         * ChangeCipherSpec, or a server reading a client's ChangeCipherSpec.
-         */
-        use_client_keys = ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
-            (which == SSL3_CHANGE_CIPHER_SERVER_READ));
-
-
-        if (is_read) {
-                EVP_CIPHER_CTX_free(s->enc_read_ctx);
-                s->enc_read_ctx = NULL;
-                if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
-                        goto err;
-                s->enc_read_ctx = cipher_ctx;
-
-                if (ssl_replace_hash(&s->read_hash, mac) == NULL)
-                        goto err;
-        } else {
-                EVP_CIPHER_CTX_free(s->enc_write_ctx);
-                s->enc_write_ctx = NULL;
-                if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
-                        goto err;
-                s->enc_write_ctx = cipher_ctx;
-
-                if (ssl_replace_hash(&s->write_hash, mac) == NULL)
-                        goto err;
-        }
-
-        memset(is_read ? s->s3->read_sequence : s->s3->write_sequence,
-            0, SSL3_SEQUENCE_SIZE);
-
-        mac_len = EVP_MD_size(mac);
-        key_len = EVP_CIPHER_key_length(cipher);
-        iv_len = EVP_CIPHER_iv_length(cipher);
-
-        if (mac_len < 0)
-                goto err2;
-
-        key_block = s->s3->tmp.key_block;
-        client_write_mac_secret = key_block;
-        key_block += mac_len;
-        server_write_mac_secret = key_block;
-        key_block += mac_len;
-        client_write_key = key_block;
-        key_block += key_len;
-        server_write_key = key_block;
-        key_block += key_len;
-        client_write_iv = key_block;
-        key_block += iv_len;
-        server_write_iv = key_block;
-        key_block += iv_len;
-
-        if (use_client_keys) {
-                mac_secret = client_write_mac_secret;
-                key = client_write_key;
-                iv = client_write_iv;
-        } else {
-                mac_secret = server_write_mac_secret;
-                key = server_write_key;
-                iv = server_write_iv;
-        }
-
-        if (key_block - s->s3->tmp.key_block != s->s3->tmp.key_block_length) {
-                SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-                goto err2;
-        }
-
-        memcpy(is_read ? s->s3->read_mac_secret : s->s3->write_mac_secret,
-            mac_secret, mac_len);
-
-        EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, iv, !is_read);
-
-        return (1);
-err:
-        SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
-err2:
-        return (0);
-}
-
 void
 ssl3_cleanup_key_block(SSL *s)
 {
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index ec30c9cb6a..e4c6c45196 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.109 2015/09/11 17:01:19 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.110 2015/09/11 17:03:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -603,7 +603,6 @@ int ssl3_send_newsession_ticket(SSL *s);
 int ssl3_send_cert_status(SSL *s);
 int ssl3_get_finished(SSL *s, int state_a, int state_b);
 int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b);
-int ssl3_change_cipher_state(SSL *s, int which);
 void ssl3_cleanup_key_block(SSL *s);
 int ssl3_do_write(SSL *s, int type);
 int ssl3_send_alert(SSL *s, int level, int desc);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index ec30c9cb6a..e4c6c45196 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.109 2015/09/11 17:01:19 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.110 2015/09/11 17:03:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -603,7 +603,6 @@ int ssl3_send_newsession_ticket(SSL *s);
 int ssl3_send_cert_status(SSL *s);
 int ssl3_get_finished(SSL *s, int state_a, int state_b);
 int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b);
-int ssl3_change_cipher_state(SSL *s, int which);
 void ssl3_cleanup_key_block(SSL *s);
 int ssl3_do_write(SSL *s, int type);
 int ssl3_send_alert(SSL *s, int level, int desc);