Nuke ssl3_cbc_remove_padding().

ok "flensing knife"
author: jsing <> 2015-09-11 17:17:44 +0000
committer: jsing <> 2015-09-11 17:17:44 +0000
commit: 7c51270d5b1f64985d7d8a3ad926b21e95a80ca3 (patch)
tree: 5997e99e2fa42f71ea4482d0b0ad1617a01789a4 /src
parent: dbe530dff8a741d7830a1ec6f6410a841d6205ae (diff)
download: openbsd-7c51270d5b1f64985d7d8a3ad926b21e95a80ca3.tar.gz
openbsd-7c51270d5b1f64985d7d8a3ad926b21e95a80ca3.tar.bz2
openbsd-7c51270d5b1f64985d7d8a3ad926b21e95a80ca3.zip
4 files changed, 4 insertions, 68 deletions
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c
index 57485caacf..824ccf983b 100644
--- a/src/lib/libssl/s3_cbc.c
+++ b/src/lib/libssl/s3_cbc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_cbc.c,v 1.10 2015/07/17 07:04:40 doug Exp $ */
+/* $OpenBSD: s3_cbc.c,v 1.11 2015/09/11 17:17:44 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2012 The OpenSSL Project.  All rights reserved.
 *
@@ -101,36 +101,6 @@ constant_time_eq_8(unsigned a, unsigned b)
        return DUPLICATE_MSB_TO_ALL_8(c);
 }
-/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
- * record in |rec| by updating |rec->length| in constant time.
- *
- * block_size: the block size of the cipher used to encrypt the record.
- * returns:
- *   0: (in non-constant time) if the record is publicly invalid.
- *   1: if the padding was valid
- *  -1: otherwise. */
-int
-ssl3_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
-    unsigned mac_size)
-{
-        unsigned padding_length, good;
-        const unsigned overhead = 1 /* padding length byte */ + mac_size;
-        /* These lengths are all public so we can test them in non-constant
-         * time. */
-        if (overhead > rec->length)
-                return 0;
-        padding_length = rec->data[rec->length - 1];
-        good = constant_time_ge(rec->length, padding_length + overhead);
-        /* SSLv3 requires that the padding is minimal. */
-        good &= constant_time_ge(block_size, padding_length + 1);
-        padding_length = good & (padding_length + 1);
-        rec->length -= padding_length;
-        rec->type |= padding_length << 8; /* kludge: pass padding length */
-        return (int)((good & 1) | (~good & -1));
-}
 /* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
 * record in |rec| in constant time and returns 1 if the padding is valid and
 * -1 otherwise. It also removes any explicit IV from the start of the record
diff --git a/src/lib/libssl/src/ssl/s3_cbc.c b/src/lib/libssl/src/ssl/s3_cbc.c
index 57485caacf..824ccf983b 100644
--- a/src/lib/libssl/src/ssl/s3_cbc.c
+++ b/src/lib/libssl/src/ssl/s3_cbc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_cbc.c,v 1.10 2015/07/17 07:04:40 doug Exp $ */
+/* $OpenBSD: s3_cbc.c,v 1.11 2015/09/11 17:17:44 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2012 The OpenSSL Project.  All rights reserved.
 *
@@ -101,36 +101,6 @@ constant_time_eq_8(unsigned a, unsigned b)
        return DUPLICATE_MSB_TO_ALL_8(c);
 }
-/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
- * record in |rec| by updating |rec->length| in constant time.
- *
- * block_size: the block size of the cipher used to encrypt the record.
- * returns:
- *   0: (in non-constant time) if the record is publicly invalid.
- *   1: if the padding was valid
- *  -1: otherwise. */
-int
-ssl3_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
-    unsigned mac_size)
-{
-        unsigned padding_length, good;
-        const unsigned overhead = 1 /* padding length byte */ + mac_size;
-        /* These lengths are all public so we can test them in non-constant
-         * time. */
-        if (overhead > rec->length)
-                return 0;
-        padding_length = rec->data[rec->length - 1];
-        good = constant_time_ge(rec->length, padding_length + overhead);
-        /* SSLv3 requires that the padding is minimal. */
-        good &= constant_time_ge(block_size, padding_length + 1);
-        padding_length = good & (padding_length + 1);
-        rec->length -= padding_length;
-        rec->type |= padding_length << 8; /* kludge: pass padding length */
-        return (int)((good & 1) | (~good & -1));
-}
 /* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
 * record in |rec| in constant time and returns 1 if the padding is valid and
 * -1 otherwise. It also removes any explicit IV from the start of the record
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 88af440f21..a1302104e6 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.113 2015/09/11 17:11:53 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.114 2015/09/11 17:17:44 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -844,8 +844,6 @@ int ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d,
 /* s3_cbc.c */
 void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD *rec,
    unsigned md_size, unsigned orig_len);
-int ssl3_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
-    unsigned block_size, unsigned mac_size);
 int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
    unsigned block_size, unsigned mac_size);
 char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 88af440f21..a1302104e6 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.113 2015/09/11 17:11:53 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.114 2015/09/11 17:17:44 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -844,8 +844,6 @@ int ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d,
 /* s3_cbc.c */
 void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD *rec,
    unsigned md_size, unsigned orig_len);
-int ssl3_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
-    unsigned block_size, unsigned mac_size);
 int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
    unsigned block_size, unsigned mac_size);
 char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
author	jsing <>	2015-09-11 17:17:44 +0000
committer	jsing <>	2015-09-11 17:17:44 +0000
commit	7c51270d5b1f64985d7d8a3ad926b21e95a80ca3 (patch)
tree	5997e99e2fa42f71ea4482d0b0ad1617a01789a4 /src
parent	dbe530dff8a741d7830a1ec6f6410a841d6205ae (diff)
download	openbsd-7c51270d5b1f64985d7d8a3ad926b21e95a80ca3.tar.gz openbsd-7c51270d5b1f64985d7d8a3ad926b21e95a80ca3.tar.bz2 openbsd-7c51270d5b1f64985d7d8a3ad926b21e95a80ca3.zip

diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c index 57485caacf..824ccf983b 100644 --- a/src/lib/libssl/s3_cbc.c +++ b/src/lib/libssl/s3_cbc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_cbc.c,v 1.10 2015/07/17 07:04:40 doug Exp $ */	1	/* $OpenBSD: s3_cbc.c,v 1.11 2015/09/11 17:17:44 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 2012 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 2012 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -101,36 +101,6 @@ constant_time_eq_8(unsigned a, unsigned b)
101	return DUPLICATE_MSB_TO_ALL_8(c);	101	return DUPLICATE_MSB_TO_ALL_8(c);
102	}	102	}
103		103
104	/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
105	* record in \|rec\| by updating \|rec->length\| in constant time.
106	*
107	* block_size: the block size of the cipher used to encrypt the record.
108	* returns:
109	* 0: (in non-constant time) if the record is publicly invalid.
110	* 1: if the padding was valid
111	* -1: otherwise. */
112	int
113	ssl3_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
114	unsigned mac_size)
115	{
116	unsigned padding_length, good;
117	const unsigned overhead = 1 /* padding length byte */ + mac_size;
118
119	/* These lengths are all public so we can test them in non-constant
120	* time. */
121	if (overhead > rec->length)
122	return 0;
123
124	padding_length = rec->data[rec->length - 1];
125	good = constant_time_ge(rec->length, padding_length + overhead);
126	/* SSLv3 requires that the padding is minimal. */
127	good &= constant_time_ge(block_size, padding_length + 1);
128	padding_length = good & (padding_length + 1);
129	rec->length -= padding_length;
130	rec->type \|= padding_length << 8; /* kludge: pass padding length */
131	return (int)((good & 1) \| (~good & -1));
132	}
133
134	/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC	104	/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
135	* record in \|rec\| in constant time and returns 1 if the padding is valid and	105	* record in \|rec\| in constant time and returns 1 if the padding is valid and
136	* -1 otherwise. It also removes any explicit IV from the start of the record	106	* -1 otherwise. It also removes any explicit IV from the start of the record


diff --git a/src/lib/libssl/src/ssl/s3_cbc.c b/src/lib/libssl/src/ssl/s3_cbc.c index 57485caacf..824ccf983b 100644 --- a/src/lib/libssl/src/ssl/s3_cbc.c +++ b/src/lib/libssl/src/ssl/s3_cbc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_cbc.c,v 1.10 2015/07/17 07:04:40 doug Exp $ */	1	/* $OpenBSD: s3_cbc.c,v 1.11 2015/09/11 17:17:44 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 2012 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 2012 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -101,36 +101,6 @@ constant_time_eq_8(unsigned a, unsigned b)
101	return DUPLICATE_MSB_TO_ALL_8(c);	101	return DUPLICATE_MSB_TO_ALL_8(c);
102	}	102	}
103		103
104	/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
105	* record in \|rec\| by updating \|rec->length\| in constant time.
106	*
107	* block_size: the block size of the cipher used to encrypt the record.
108	* returns:
109	* 0: (in non-constant time) if the record is publicly invalid.
110	* 1: if the padding was valid
111	* -1: otherwise. */
112	int
113	ssl3_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
114	unsigned mac_size)
115	{
116	unsigned padding_length, good;
117	const unsigned overhead = 1 /* padding length byte */ + mac_size;
118
119	/* These lengths are all public so we can test them in non-constant
120	* time. */
121	if (overhead > rec->length)
122	return 0;
123
124	padding_length = rec->data[rec->length - 1];
125	good = constant_time_ge(rec->length, padding_length + overhead);
126	/* SSLv3 requires that the padding is minimal. */
127	good &= constant_time_ge(block_size, padding_length + 1);
128	padding_length = good & (padding_length + 1);
129	rec->length -= padding_length;
130	rec->type \|= padding_length << 8; /* kludge: pass padding length */
131	return (int)((good & 1) \| (~good & -1));
132	}
133
134	/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC	104	/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
135	* record in \|rec\| in constant time and returns 1 if the padding is valid and	105	* record in \|rec\| in constant time and returns 1 if the padding is valid and
136	* -1 otherwise. It also removes any explicit IV from the start of the record	106	* -1 otherwise. It also removes any explicit IV from the start of the record


diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index 88af440f21..a1302104e6 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.113 2015/09/11 17:11:53 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.114 2015/09/11 17:17:44 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -844,8 +844,6 @@ int ssl_parse_serverhello_use_srtp_ext(SSL s, const unsigned char d,
844	/* s3_cbc.c */	844	/* s3_cbc.c */
845	void ssl3_cbc_copy_mac(unsigned char out, const SSL3_RECORD rec,	845	void ssl3_cbc_copy_mac(unsigned char out, const SSL3_RECORD rec,
846	unsigned md_size, unsigned orig_len);	846	unsigned md_size, unsigned orig_len);
847	int ssl3_cbc_remove_padding(const SSL s, SSL3_RECORD rec,
848	unsigned block_size, unsigned mac_size);
849	int tls1_cbc_remove_padding(const SSL s, SSL3_RECORD rec,	847	int tls1_cbc_remove_padding(const SSL s, SSL3_RECORD rec,
850	unsigned block_size, unsigned mac_size);	848	unsigned block_size, unsigned mac_size);
851	char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);	849	char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 88af440f21..a1302104e6 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.113 2015/09/11 17:11:53 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.114 2015/09/11 17:17:44 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -844,8 +844,6 @@ int ssl_parse_serverhello_use_srtp_ext(SSL s, const unsigned char d,
844	/* s3_cbc.c */	844	/* s3_cbc.c */
845	void ssl3_cbc_copy_mac(unsigned char out, const SSL3_RECORD rec,	845	void ssl3_cbc_copy_mac(unsigned char out, const SSL3_RECORD rec,
846	unsigned md_size, unsigned orig_len);	846	unsigned md_size, unsigned orig_len);
847	int ssl3_cbc_remove_padding(const SSL s, SSL3_RECORD rec,
848	unsigned block_size, unsigned mac_size);
849	int tls1_cbc_remove_padding(const SSL s, SSL3_RECORD rec,	847	int tls1_cbc_remove_padding(const SSL s, SSL3_RECORD rec,
850	unsigned block_size, unsigned mac_size);	848	unsigned block_size, unsigned mac_size);
851	char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);	849	char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);