1 files changed, 2 insertions, 95 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 0179ac3061..e9a9713134 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.101 2017/03/10 15:08:49 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.102 2017/03/10 16:03:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -165,7 +165,6 @@ int
 tls1_init_finished_mac(SSL *s)
 {
        BIO_free(S3I(s)->handshake_buffer);
-        tls1_free_digest_list(s);
        S3I(s)->handshake_buffer = BIO_new(BIO_s_mem());
        if (S3I(s)->handshake_buffer == NULL)
@@ -176,29 +175,9 @@ tls1_init_finished_mac(SSL *s)
        return (1);
 }
-void
-tls1_free_digest_list(SSL *s)
-{
-        int i;
-        if (s == NULL)
-                return;
-        if (S3I(s)->handshake_dgst == NULL)
-                return;
-        for (i = 0; i < SSL_MAX_DIGEST; i++) {
-                if (S3I(s)->handshake_dgst[i])
-                        EVP_MD_CTX_destroy(S3I(s)->handshake_dgst[i]);
-        }
-        free(S3I(s)->handshake_dgst);
-        S3I(s)->handshake_dgst = NULL;
-}
 int
 tls1_finish_mac(SSL *s, const unsigned char *buf, int len)
 {
-        int i;
        if (len < 0)
                return 0;
@@ -211,60 +190,21 @@ tls1_finish_mac(SSL *s, const unsigned char *buf, int len)
                return 1;
        }
-        for (i = 0; i < SSL_MAX_DIGEST; i++) {
-                if (S3I(s)->handshake_dgst[i] == NULL)
-                        continue;
-                if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], buf, len)) {
-                        SSLerror(s, ERR_R_EVP_LIB);
-                        return 0;
-                }
-        }
        return 1;
 }
 int
 tls1_digest_cached_records(SSL *s)
 {
-        const EVP_MD *md;
+        long hdatalen;
-        long hdatalen, mask;
        void *hdata;
-        int i;
-        tls1_free_digest_list(s);
-        S3I(s)->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *));
-        if (S3I(s)->handshake_dgst == NULL) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
        hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
        if (hdatalen <= 0) {
                SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH);
                goto err;
        }
-        /* Loop through bits of the algorithm2 field and create MD contexts. */
-        for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) {
-                if ((mask & ssl_get_algorithm2(s)) == 0 || md == NULL)
-                        continue;
-                S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create();
-                if (S3I(s)->handshake_dgst[i] == NULL) {
-                        SSLerror(s, ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) {
-                        SSLerror(s, ERR_R_EVP_LIB);
-                        goto err;
-                }
-                if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], hdata,
-                    hdatalen)) {
-                        SSLerror(s, ERR_R_EVP_LIB);
-                        goto err;
-                }
-        }
        if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
                BIO_free(S3I(s)->handshake_buffer);
                S3I(s)->handshake_buffer = NULL;
@@ -273,7 +213,6 @@ tls1_digest_cached_records(SSL *s)
        return 1;
 err:
-        tls1_free_digest_list(s);
        return 0;
 }
@@ -1091,38 +1030,6 @@ tls1_enc(SSL *s, int send)
 }
 int
-tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
-{
-        EVP_MD_CTX ctx, *d = NULL;
-        unsigned int ret;
-        int i;
-        if (S3I(s)->handshake_buffer)
-                if (!tls1_digest_cached_records(s))
-                        return 0;
-        for (i = 0; i < SSL_MAX_DIGEST; i++) {
-                if (S3I(s)->handshake_dgst[i] &&
-                    EVP_MD_CTX_type(S3I(s)->handshake_dgst[i]) == md_nid) {
-                        d = S3I(s)->handshake_dgst[i];
-                        break;
-                }
-        }
-        if (d == NULL) {
-                SSLerror(s, SSL_R_NO_REQUIRED_DIGEST);
-                return 0;
-        }
-        EVP_MD_CTX_init(&ctx);
-        if (!EVP_MD_CTX_copy_ex(&ctx, d))
-                return 0;
-        EVP_DigestFinal_ex(&ctx, out, &ret);
-        EVP_MD_CTX_cleanup(&ctx);
-        return ((int)ret);
-}
-int
 tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
 {
        unsigned char buf1[EVP_MAX_MD_SIZE];

diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 0179ac3061..e9a9713134 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_enc.c,v 1.101 2017/03/10 15:08:49 jsing Exp $ */	1	/* $OpenBSD: t1_enc.c,v 1.102 2017/03/10 16:03:27 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -165,7 +165,6 @@ int
165	tls1_init_finished_mac(SSL *s)	165	tls1_init_finished_mac(SSL *s)
166	{	166	{
167	BIO_free(S3I(s)->handshake_buffer);	167	BIO_free(S3I(s)->handshake_buffer);
168	tls1_free_digest_list(s);
169		168
170	S3I(s)->handshake_buffer = BIO_new(BIO_s_mem());	169	S3I(s)->handshake_buffer = BIO_new(BIO_s_mem());
171	if (S3I(s)->handshake_buffer == NULL)	170	if (S3I(s)->handshake_buffer == NULL)
@@ -176,29 +175,9 @@ tls1_init_finished_mac(SSL *s)
176	return (1);	175	return (1);
177	}	176	}
178		177
179	void
180	tls1_free_digest_list(SSL *s)
181	{
182	int i;
183
184	if (s == NULL)
185	return;
186	if (S3I(s)->handshake_dgst == NULL)
187	return;
188
189	for (i = 0; i < SSL_MAX_DIGEST; i++) {
190	if (S3I(s)->handshake_dgst[i])
191	EVP_MD_CTX_destroy(S3I(s)->handshake_dgst[i]);
192	}
193	free(S3I(s)->handshake_dgst);
194	S3I(s)->handshake_dgst = NULL;
195	}
196
197	int	178	int
198	tls1_finish_mac(SSL s, const unsigned char buf, int len)	179	tls1_finish_mac(SSL s, const unsigned char buf, int len)
199	{	180	{
200	int i;
201
202	if (len < 0)	181	if (len < 0)
203	return 0;	182	return 0;
204		183
@@ -211,60 +190,21 @@ tls1_finish_mac(SSL s, const unsigned char buf, int len)
211	return 1;	190	return 1;
212	}	191	}
213		192
214	for (i = 0; i < SSL_MAX_DIGEST; i++) {
215	if (S3I(s)->handshake_dgst[i] == NULL)
216	continue;
217	if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], buf, len)) {
218	SSLerror(s, ERR_R_EVP_LIB);
219	return 0;
220	}
221	}
222
223	return 1;	193	return 1;
224	}	194	}
225		195
226	int	196	int
227	tls1_digest_cached_records(SSL *s)	197	tls1_digest_cached_records(SSL *s)
228	{	198	{
229	const EVP_MD *md;	199	long hdatalen;
230	long hdatalen, mask;
231	void *hdata;	200	void *hdata;
232	int i;
233
234	tls1_free_digest_list(s);
235		201
236	S3I(s)->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *));
237	if (S3I(s)->handshake_dgst == NULL) {
238	SSLerror(s, ERR_R_MALLOC_FAILURE);
239	goto err;
240	}
241	hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);	202	hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
242	if (hdatalen <= 0) {	203	if (hdatalen <= 0) {
243	SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH);	204	SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH);
244	goto err;	205	goto err;
245	}	206	}
246		207
247	/* Loop through bits of the algorithm2 field and create MD contexts. */
248	for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) {
249	if ((mask & ssl_get_algorithm2(s)) == 0 \|\| md == NULL)
250	continue;
251
252	S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create();
253	if (S3I(s)->handshake_dgst[i] == NULL) {
254	SSLerror(s, ERR_R_MALLOC_FAILURE);
255	goto err;
256	}
257	if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) {
258	SSLerror(s, ERR_R_EVP_LIB);
259	goto err;
260	}
261	if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], hdata,
262	hdatalen)) {
263	SSLerror(s, ERR_R_EVP_LIB);
264	goto err;
265	}
266	}
267
268	if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {	208	if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
269	BIO_free(S3I(s)->handshake_buffer);	209	BIO_free(S3I(s)->handshake_buffer);
270	S3I(s)->handshake_buffer = NULL;	210	S3I(s)->handshake_buffer = NULL;
@@ -273,7 +213,6 @@ tls1_digest_cached_records(SSL *s)
273	return 1;	213	return 1;
274		214
275	err:	215	err:
276	tls1_free_digest_list(s);
277	return 0;	216	return 0;
278	}	217	}
279		218
@@ -1091,38 +1030,6 @@ tls1_enc(SSL *s, int send)
1091	}	1030	}
1092		1031
1093	int	1032	int
1094	tls1_cert_verify_mac(SSL s, int md_nid, unsigned char out)
1095	{
1096	EVP_MD_CTX ctx, *d = NULL;
1097	unsigned int ret;
1098	int i;
1099
1100	if (S3I(s)->handshake_buffer)
1101	if (!tls1_digest_cached_records(s))
1102	return 0;
1103
1104	for (i = 0; i < SSL_MAX_DIGEST; i++) {
1105	if (S3I(s)->handshake_dgst[i] &&
1106	EVP_MD_CTX_type(S3I(s)->handshake_dgst[i]) == md_nid) {
1107	d = S3I(s)->handshake_dgst[i];
1108	break;
1109	}
1110	}
1111	if (d == NULL) {
1112	SSLerror(s, SSL_R_NO_REQUIRED_DIGEST);
1113	return 0;
1114	}
1115
1116	EVP_MD_CTX_init(&ctx);
1117	if (!EVP_MD_CTX_copy_ex(&ctx, d))
1118	return 0;
1119	EVP_DigestFinal_ex(&ctx, out, &ret);
1120	EVP_MD_CTX_cleanup(&ctx);
1121
1122	return ((int)ret);
1123	}
1124
1125	int
1126	tls1_final_finish_mac(SSL s, const char str, int slen, unsigned char *out)	1033	tls1_final_finish_mac(SSL s, const char str, int slen, unsigned char *out)
1127	{	1034	{
1128	unsigned char buf1[EVP_MAX_MD_SIZE];	1035	unsigned char buf1[EVP_MAX_MD_SIZE];