4 files changed, 6 insertions, 148 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 7dd6126c97..4b02fcf3c4 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.53 2015/09/12 12:26:56 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.54 2015/09/12 12:58:15 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -415,7 +415,7 @@ dtls1_connect(SSL *s)
                case SSL3_ST_CW_CERT_VRFY_A:
                case SSL3_ST_CW_CERT_VRFY_B:
                        dtls1_start_timer(s);
-                        ret = dtls1_send_client_verify(s);
+                        ret = ssl3_send_client_verify(s);
                        if (ret <= 0)
                                goto end;
                        s->state = SSL3_ST_CW_CHANGE_A;
@@ -659,76 +659,6 @@ f_err:
 }
 int
-dtls1_send_client_verify(SSL *s)
-{
-        unsigned char *p;
-        unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
-        EVP_PKEY *pkey;
-        unsigned u = 0;
-        unsigned long n;
-        int j;
-        if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
-                p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
-                pkey = s->cert->key->privatekey;
-                s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
-                    &(data[MD5_DIGEST_LENGTH]));
-                if (pkey->type == EVP_PKEY_RSA) {
-                        s->method->ssl3_enc->cert_verify_mac(s,
-                            NID_md5, &(data[0]));
-                        if (RSA_sign(NID_md5_sha1, data,
-                            MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
-                            &(p[2]), &u, pkey->pkey.rsa) <= 0 ) {
-                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
-                                    ERR_R_RSA_LIB);
-                                goto err;
-                        }
-                        s2n(u, p);
-                        n = u + 2;
-                } else if (pkey->type == EVP_PKEY_DSA) {
-                        if (!DSA_sign(pkey->save_type,
-                            &(data[MD5_DIGEST_LENGTH]),
-                            SHA_DIGEST_LENGTH, &(p[2]),
-                            (unsigned int *)&j, pkey->pkey.dsa)) {
-                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
-                                    ERR_R_DSA_LIB);
-                                goto err;
-                        }
-                        s2n(j, p);
-                        n = j + 2;
-                } else if (pkey->type == EVP_PKEY_EC) {
-                        if (!ECDSA_sign(pkey->save_type,
-                            &(data[MD5_DIGEST_LENGTH]),
-                            SHA_DIGEST_LENGTH, &(p[2]),
-                            (unsigned int *)&j, pkey->pkey.ec)) {
-                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
-                                    ERR_R_ECDSA_LIB);
-                                goto err;
-                        }
-                        s2n(j, p);
-                        n = j + 2;
-                } else {
-                        SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
-                            ERR_R_INTERNAL_ERROR);
-                        goto err;
-                }
-                ssl3_handshake_msg_finish(s, n);
-                s->state = SSL3_ST_CW_CERT_VRFY_B;
-        }
-        /* s->state = SSL3_ST_CW_CERT_VRFY_B */
-        return (ssl3_handshake_write(s));
-err:
-        return (-1);
-}
-int
 dtls1_send_client_certificate(SSL *s)
 {
        X509 *x509 = NULL;
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index 7dd6126c97..4b02fcf3c4 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.53 2015/09/12 12:26:56 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.54 2015/09/12 12:58:15 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -415,7 +415,7 @@ dtls1_connect(SSL *s)
                case SSL3_ST_CW_CERT_VRFY_A:
                case SSL3_ST_CW_CERT_VRFY_B:
                        dtls1_start_timer(s);
-                        ret = dtls1_send_client_verify(s);
+                        ret = ssl3_send_client_verify(s);
                        if (ret <= 0)
                                goto end;
                        s->state = SSL3_ST_CW_CHANGE_A;
@@ -659,76 +659,6 @@ f_err:
 }
 int
-dtls1_send_client_verify(SSL *s)
-{
-        unsigned char *p;
-        unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
-        EVP_PKEY *pkey;
-        unsigned u = 0;
-        unsigned long n;
-        int j;
-        if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
-                p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
-                pkey = s->cert->key->privatekey;
-                s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
-                    &(data[MD5_DIGEST_LENGTH]));
-                if (pkey->type == EVP_PKEY_RSA) {
-                        s->method->ssl3_enc->cert_verify_mac(s,
-                            NID_md5, &(data[0]));
-                        if (RSA_sign(NID_md5_sha1, data,
-                            MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
-                            &(p[2]), &u, pkey->pkey.rsa) <= 0 ) {
-                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
-                                    ERR_R_RSA_LIB);
-                                goto err;
-                        }
-                        s2n(u, p);
-                        n = u + 2;
-                } else if (pkey->type == EVP_PKEY_DSA) {
-                        if (!DSA_sign(pkey->save_type,
-                            &(data[MD5_DIGEST_LENGTH]),
-                            SHA_DIGEST_LENGTH, &(p[2]),
-                            (unsigned int *)&j, pkey->pkey.dsa)) {
-                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
-                                    ERR_R_DSA_LIB);
-                                goto err;
-                        }
-                        s2n(j, p);
-                        n = j + 2;
-                } else if (pkey->type == EVP_PKEY_EC) {
-                        if (!ECDSA_sign(pkey->save_type,
-                            &(data[MD5_DIGEST_LENGTH]),
-                            SHA_DIGEST_LENGTH, &(p[2]),
-                            (unsigned int *)&j, pkey->pkey.ec)) {
-                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
-                                    ERR_R_ECDSA_LIB);
-                                goto err;
-                        }
-                        s2n(j, p);
-                        n = j + 2;
-                } else {
-                        SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
-                            ERR_R_INTERNAL_ERROR);
-                        goto err;
-                }
-                ssl3_handshake_msg_finish(s, n);
-                s->state = SSL3_ST_CW_CERT_VRFY_B;
-        }
-        /* s->state = SSL3_ST_CW_CERT_VRFY_B */
-        return (ssl3_handshake_write(s));
-err:
-        return (-1);
-}
-int
 dtls1_send_client_certificate(SSL *s)
 {
        X509 *x509 = NULL;
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 92842346a2..48ac8c8b2d 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.120 2015/09/12 12:26:56 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.121 2015/09/12 12:58:15 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -711,7 +711,6 @@ int ssl3_check_finished(SSL *s);
 int ssl3_send_next_proto(SSL *s);
 int dtls1_send_client_certificate(SSL *s);
-int dtls1_send_client_verify(SSL *s);
 /* some server-only functions */
 int ssl3_get_client_hello(SSL *s);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 92842346a2..48ac8c8b2d 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.120 2015/09/12 12:26:56 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.121 2015/09/12 12:58:15 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -711,7 +711,6 @@ int ssl3_check_finished(SSL *s);
 int ssl3_send_next_proto(SSL *s);
 int dtls1_send_client_certificate(SSL *s);
-int dtls1_send_client_verify(SSL *s);
 /* some server-only functions */
 int ssl3_get_client_hello(SSL *s);

diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c index 7dd6126c97..4b02fcf3c4 100644 --- a/src/lib/libssl/d1_clnt.c +++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_clnt.c,v 1.53 2015/09/12 12:26:56 jsing Exp $ */	1	/* $OpenBSD: d1_clnt.c,v 1.54 2015/09/12 12:58:15 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -415,7 +415,7 @@ dtls1_connect(SSL *s)
415	case SSL3_ST_CW_CERT_VRFY_A:	415	case SSL3_ST_CW_CERT_VRFY_A:
416	case SSL3_ST_CW_CERT_VRFY_B:	416	case SSL3_ST_CW_CERT_VRFY_B:
417	dtls1_start_timer(s);	417	dtls1_start_timer(s);
418	ret = dtls1_send_client_verify(s);	418	ret = ssl3_send_client_verify(s);
419	if (ret <= 0)	419	if (ret <= 0)
420	goto end;	420	goto end;
421	s->state = SSL3_ST_CW_CHANGE_A;	421	s->state = SSL3_ST_CW_CHANGE_A;
@@ -659,76 +659,6 @@ f_err:
659	}	659	}
660		660
661	int	661	int
662	dtls1_send_client_verify(SSL *s)
663	{
664	unsigned char *p;
665	unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
666	EVP_PKEY *pkey;
667	unsigned u = 0;
668	unsigned long n;
669	int j;
670
671	if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
672	p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
673
674	pkey = s->cert->key->privatekey;
675
676	s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
677	&(data[MD5_DIGEST_LENGTH]));
678
679	if (pkey->type == EVP_PKEY_RSA) {
680	s->method->ssl3_enc->cert_verify_mac(s,
681	NID_md5, &(data[0]));
682	if (RSA_sign(NID_md5_sha1, data,
683	MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
684	&(p[2]), &u, pkey->pkey.rsa) <= 0 ) {
685	SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
686	ERR_R_RSA_LIB);
687	goto err;
688	}
689	s2n(u, p);
690	n = u + 2;
691	} else if (pkey->type == EVP_PKEY_DSA) {
692	if (!DSA_sign(pkey->save_type,
693	&(data[MD5_DIGEST_LENGTH]),
694	SHA_DIGEST_LENGTH, &(p[2]),
695	(unsigned int *)&j, pkey->pkey.dsa)) {
696	SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
697	ERR_R_DSA_LIB);
698	goto err;
699	}
700	s2n(j, p);
701	n = j + 2;
702	} else if (pkey->type == EVP_PKEY_EC) {
703	if (!ECDSA_sign(pkey->save_type,
704	&(data[MD5_DIGEST_LENGTH]),
705	SHA_DIGEST_LENGTH, &(p[2]),
706	(unsigned int *)&j, pkey->pkey.ec)) {
707	SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
708	ERR_R_ECDSA_LIB);
709	goto err;
710	}
711	s2n(j, p);
712	n = j + 2;
713	} else {
714	SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
715	ERR_R_INTERNAL_ERROR);
716	goto err;
717	}
718
719	ssl3_handshake_msg_finish(s, n);
720
721	s->state = SSL3_ST_CW_CERT_VRFY_B;
722	}
723
724	/* s->state = SSL3_ST_CW_CERT_VRFY_B */
725	return (ssl3_handshake_write(s));
726
727	err:
728	return (-1);
729	}
730
731	int
732	dtls1_send_client_certificate(SSL *s)	662	dtls1_send_client_certificate(SSL *s)
733	{	663	{
734	X509 *x509 = NULL;	664	X509 *x509 = NULL;


diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c index 7dd6126c97..4b02fcf3c4 100644 --- a/src/lib/libssl/src/ssl/d1_clnt.c +++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_clnt.c,v 1.53 2015/09/12 12:26:56 jsing Exp $ */	1	/* $OpenBSD: d1_clnt.c,v 1.54 2015/09/12 12:58:15 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -415,7 +415,7 @@ dtls1_connect(SSL *s)
415	case SSL3_ST_CW_CERT_VRFY_A:	415	case SSL3_ST_CW_CERT_VRFY_A:
416	case SSL3_ST_CW_CERT_VRFY_B:	416	case SSL3_ST_CW_CERT_VRFY_B:
417	dtls1_start_timer(s);	417	dtls1_start_timer(s);
418	ret = dtls1_send_client_verify(s);	418	ret = ssl3_send_client_verify(s);
419	if (ret <= 0)	419	if (ret <= 0)
420	goto end;	420	goto end;
421	s->state = SSL3_ST_CW_CHANGE_A;	421	s->state = SSL3_ST_CW_CHANGE_A;
@@ -659,76 +659,6 @@ f_err:
659	}	659	}
660		660
661	int	661	int
662	dtls1_send_client_verify(SSL *s)
663	{
664	unsigned char *p;
665	unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
666	EVP_PKEY *pkey;
667	unsigned u = 0;
668	unsigned long n;
669	int j;
670
671	if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
672	p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
673
674	pkey = s->cert->key->privatekey;
675
676	s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
677	&(data[MD5_DIGEST_LENGTH]));
678
679	if (pkey->type == EVP_PKEY_RSA) {
680	s->method->ssl3_enc->cert_verify_mac(s,
681	NID_md5, &(data[0]));
682	if (RSA_sign(NID_md5_sha1, data,
683	MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
684	&(p[2]), &u, pkey->pkey.rsa) <= 0 ) {
685	SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
686	ERR_R_RSA_LIB);
687	goto err;
688	}
689	s2n(u, p);
690	n = u + 2;
691	} else if (pkey->type == EVP_PKEY_DSA) {
692	if (!DSA_sign(pkey->save_type,
693	&(data[MD5_DIGEST_LENGTH]),
694	SHA_DIGEST_LENGTH, &(p[2]),
695	(unsigned int *)&j, pkey->pkey.dsa)) {
696	SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
697	ERR_R_DSA_LIB);
698	goto err;
699	}
700	s2n(j, p);
701	n = j + 2;
702	} else if (pkey->type == EVP_PKEY_EC) {
703	if (!ECDSA_sign(pkey->save_type,
704	&(data[MD5_DIGEST_LENGTH]),
705	SHA_DIGEST_LENGTH, &(p[2]),
706	(unsigned int *)&j, pkey->pkey.ec)) {
707	SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
708	ERR_R_ECDSA_LIB);
709	goto err;
710	}
711	s2n(j, p);
712	n = j + 2;
713	} else {
714	SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
715	ERR_R_INTERNAL_ERROR);
716	goto err;
717	}
718
719	ssl3_handshake_msg_finish(s, n);
720
721	s->state = SSL3_ST_CW_CERT_VRFY_B;
722	}
723
724	/* s->state = SSL3_ST_CW_CERT_VRFY_B */
725	return (ssl3_handshake_write(s));
726
727	err:
728	return (-1);
729	}
730
731	int
732	dtls1_send_client_certificate(SSL *s)	662	dtls1_send_client_certificate(SSL *s)
733	{	663	{
734	X509 *x509 = NULL;	664	X509 *x509 = NULL;


diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index 92842346a2..48ac8c8b2d 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.120 2015/09/12 12:26:56 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.121 2015/09/12 12:58:15 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -711,7 +711,6 @@ int ssl3_check_finished(SSL *s);
711	int ssl3_send_next_proto(SSL *s);	711	int ssl3_send_next_proto(SSL *s);
712		712
713	int dtls1_send_client_certificate(SSL *s);	713	int dtls1_send_client_certificate(SSL *s);
714	int dtls1_send_client_verify(SSL *s);
715		714
716	/* some server-only functions */	715	/* some server-only functions */
717	int ssl3_get_client_hello(SSL *s);	716	int ssl3_get_client_hello(SSL *s);


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 92842346a2..48ac8c8b2d 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.120 2015/09/12 12:26:56 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.121 2015/09/12 12:58:15 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -711,7 +711,6 @@ int ssl3_check_finished(SSL *s);
711	int ssl3_send_next_proto(SSL *s);	711	int ssl3_send_next_proto(SSL *s);
712		712
713	int dtls1_send_client_certificate(SSL *s);	713	int dtls1_send_client_certificate(SSL *s);
714	int dtls1_send_client_verify(SSL *s);
715		714
716	/* some server-only functions */	715	/* some server-only functions */
717	int ssl3_get_client_hello(SSL *s);	716	int ssl3_get_client_hello(SSL *s);