Mop up various things that are now unused with the new record layer.

ok inoguchi@ tb@
author: jsing <> 2020-10-07 08:43:34 +0000
committer: jsing <> 2020-10-07 08:43:34 +0000
commit: eaae66413ad2b6a728338460fadaf9b311f4e851 (patch)
tree: a4dafa9c14aa253f898d3d6a2d8ad7c9d88b0ee1 /src
parent: db49c1b46248450826f76c7d1a09328b0768d673 (diff)
download: openbsd-eaae66413ad2b6a728338460fadaf9b311f4e851.tar.gz
openbsd-eaae66413ad2b6a728338460fadaf9b311f4e851.tar.bz2
openbsd-eaae66413ad2b6a728338460fadaf9b311f4e851.zip
3 files changed, 6 insertions, 32 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 41b3c02724..b207dc65e9 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.298 2020/10/03 18:01:55 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.299 2020/10/07 08:43:34 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -317,10 +317,6 @@ __BEGIN_HIDDEN_DECLS
 #define SSL_IS_DTLS(s) \
        (s->method->internal->version == DTLS1_VERSION)
-/* See if we need explicit IV. */
-#define SSL_USE_EXPLICIT_IV(s) \
-        (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
 /* See if we use signature algorithms extension. */
 #define SSL_USE_SIGALGS(s) \
        (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)
@@ -751,10 +747,6 @@ typedef struct ssl_internal_st {
        STACK_OF(SSL_CIPHER) *cipher_list_tls13;
-        /* These are the ones being used, the ones in SSL_SESSION are
-         * the ones to be 'copied' into these ones */
-        int mac_flags;
        SSL_AEAD_CTX *aead_read_ctx;    /* AEAD context. If non-NULL, then
                                           enc_read_ctx and read_hash are
                                           ignored. */
@@ -842,8 +834,6 @@ typedef struct ssl3_state_internal_st {
        int read_mac_secret_size;
        unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
        unsigned char write_sequence[SSL3_SEQUENCE_SIZE];
-        int write_mac_secret_size;
-        unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
        SSL3_BUFFER_INTERNAL rbuf;      /* read IO goes into here */
        SSL3_BUFFER_INTERNAL wbuf;      /* write IO goes into here */
@@ -1081,9 +1071,6 @@ typedef struct ssl3_enc_method {
 * Flag values for enc_flags.
 */
-/* Uses explicit IV. */
-#define SSL_ENC_FLAG_EXPLICIT_IV        (1 << 0)
 /* Uses signature algorithms extension. */
 #define SSL_ENC_FLAG_SIGALGS            (1 << 1)
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 7a71a08434..debbf286f6 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.124 2020/10/03 17:35:16 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.125 2020/10/07 08:43:34 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -423,11 +423,6 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read,
        stream_mac = S3I(s)->hs.new_cipher->algorithm2 & TLS1_STREAM_MAC;
        if (is_read) {
-                if (stream_mac)
-                        s->internal->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
-                else
-                        s->internal->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
                ssl_clear_cipher_read_state(s);
                if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
@@ -445,11 +440,6 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read,
                    S3I(s)->read_mac_secret, mac_secret_size))
                        goto err;
        } else {
-                if (stream_mac)
-                        s->internal->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
-                else
-                        s->internal->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
                /*
                 * DTLS fragments retain a pointer to the compression, cipher
                 * and hash contexts, so that it can restore state in order
@@ -581,9 +571,6 @@ tls1_change_cipher_state(SSL *s, int which)
        if (is_read) {
                memcpy(S3I(s)->read_mac_secret, mac_secret, mac_secret_size);
                S3I(s)->read_mac_secret_size = mac_secret_size;
-        } else {
-                memcpy(S3I(s)->write_mac_secret, mac_secret, mac_secret_size);
-                S3I(s)->write_mac_secret_size = mac_secret_size;
        }
        if (aead != NULL) {
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index f091dd001b..5635c8ff43 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.176 2020/09/12 17:25:11 tb Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.177 2020/10/07 08:43:34 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -130,12 +130,12 @@ SSL3_ENC_METHOD TLSv1_enc_data = {
 };
 SSL3_ENC_METHOD TLSv1_1_enc_data = {
-        .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV,
+        .enc_flags = 0,
 };
 SSL3_ENC_METHOD TLSv1_2_enc_data = {
-        .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS|
+        .enc_flags = SSL_ENC_FLAG_SIGALGS|SSL_ENC_FLAG_SHA256_PRF|
-            SSL_ENC_FLAG_SHA256_PRF|SSL_ENC_FLAG_TLS1_2_CIPHERS,
+            SSL_ENC_FLAG_TLS1_2_CIPHERS,
 };
 int
author	jsing <>	2020-10-07 08:43:34 +0000
committer	jsing <>	2020-10-07 08:43:34 +0000
commit	eaae66413ad2b6a728338460fadaf9b311f4e851 (patch)
tree	a4dafa9c14aa253f898d3d6a2d8ad7c9d88b0ee1 /src
parent	db49c1b46248450826f76c7d1a09328b0768d673 (diff)
download	openbsd-eaae66413ad2b6a728338460fadaf9b311f4e851.tar.gz openbsd-eaae66413ad2b6a728338460fadaf9b311f4e851.tar.bz2 openbsd-eaae66413ad2b6a728338460fadaf9b311f4e851.zip