From 1a8356d54310fcdf18b940e0960525894e696cd9 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Fri, 11 Sep 2015 17:08:50 +0000 Subject: Nuke ssl3_cert_verify_mac() and ssl3_handshake_mac(). We also no longer need the ssl3_pad_1 and ssl3_pad_2 arrays... ok "flensing knife" --- src/lib/libssl/src/ssl/s3_enc.c | 83 +-------------------------------------- src/lib/libssl/src/ssl/ssl_locl.h | 3 +- src/lib/libssl/ssl_locl.h | 3 +- 3 files changed, 3 insertions(+), 86 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c index 2b0b923d30..324b90ba2f 100644 --- a/src/lib/libssl/src/ssl/s3_enc.c +++ b/src/lib/libssl/src/ssl/s3_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_enc.c,v 1.68 2015/09/11 17:04:39 jsing Exp $ */ +/* $OpenBSD: s3_enc.c,v 1.69 2015/09/11 17:08:50 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -142,27 +142,6 @@ #include #include -static unsigned char ssl3_pad_1[48] = { - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 -}; - -static unsigned char ssl3_pad_2[48] = { - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c -}; - -static int ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, - int len, unsigned char *p); - void ssl3_cleanup_key_block(SSL *s) { @@ -274,66 +253,6 @@ ssl3_digest_cached_records(SSL *s) return 1; } -int -ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p) -{ - return (ssl3_handshake_mac(s, md_nid, NULL, 0, p)); -} - -static int -ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len, - unsigned char *p) -{ - unsigned int ret; - int npad, n; - unsigned int i; - unsigned char md_buf[EVP_MAX_MD_SIZE]; - EVP_MD_CTX ctx, *d = NULL; - - if (s->s3->handshake_buffer) - if (!ssl3_digest_cached_records(s)) - return 0; - - /* Search for digest of specified type in the handshake_dgst array. */ - for (i = 0; i < SSL_MAX_DIGEST; i++) { - if (s->s3->handshake_dgst[i] && - EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) { - d = s->s3->handshake_dgst[i]; - break; - } - } - if (!d) { - SSLerr(SSL_F_SSL3_HANDSHAKE_MAC, SSL_R_NO_REQUIRED_DIGEST); - return 0; - } - EVP_MD_CTX_init(&ctx); - if (!EVP_MD_CTX_copy_ex(&ctx, d)) - return 0; - n = EVP_MD_CTX_size(&ctx); - if (n < 0) - return 0; - - npad = (48 / n) * n; - if (sender != NULL) - EVP_DigestUpdate(&ctx, sender, len); - EVP_DigestUpdate(&ctx, s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(&ctx, ssl3_pad_1, npad); - EVP_DigestFinal_ex(&ctx, md_buf, &i); - - if (!EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL)) - return 0; - EVP_DigestUpdate(&ctx, s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(&ctx, ssl3_pad_2, npad); - EVP_DigestUpdate(&ctx, md_buf, i); - EVP_DigestFinal_ex(&ctx, p, &ret); - - EVP_MD_CTX_cleanup(&ctx); - - return ((int)ret); -} - void ssl3_record_sequence_increment(unsigned char *seq) { diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index d4924cdab8..d699fd41d8 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.111 2015/09/11 17:04:39 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.112 2015/09/11 17:08:50 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -621,7 +621,6 @@ int ssl3_renegotiate_check(SSL *ssl); int ssl3_dispatch_alert(SSL *s); int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); -int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); void ssl3_free_digest_list(SSL *s); unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index d4924cdab8..d699fd41d8 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.111 2015/09/11 17:04:39 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.112 2015/09/11 17:08:50 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -621,7 +621,6 @@ int ssl3_renegotiate_check(SSL *ssl); int ssl3_dispatch_alert(SSL *s); int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); -int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); void ssl3_free_digest_list(SSL *s); unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); -- cgit v1.2.3-55-g6feb