From 58137d6816f0d777d205ec5e0b82a0561c74c50b Mon Sep 17 00:00:00 2001 From: jsing <> Date: Fri, 11 Sep 2015 16:56:17 +0000 Subject: Nuke n_ssl3_mac(). ok "flensing knife" --- src/lib/libssl/src/ssl/s3_enc.c | 100 +------------------------------------- src/lib/libssl/src/ssl/ssl_locl.h | 3 +- src/lib/libssl/ssl_locl.h | 3 +- 3 files changed, 3 insertions(+), 103 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c index 7e0544a8fa..6a7026e158 100644 --- a/src/lib/libssl/src/ssl/s3_enc.c +++ b/src/lib/libssl/src/ssl/s3_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_enc.c,v 1.63 2015/09/11 16:53:51 jsing Exp $ */ +/* $OpenBSD: s3_enc.c,v 1.64 2015/09/11 16:56:17 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -574,104 +574,6 @@ ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len, return ((int)ret); } -int -n_ssl3_mac(SSL *ssl, unsigned char *md, int send) -{ - SSL3_RECORD *rec; - unsigned char *mac_sec, *seq; - EVP_MD_CTX md_ctx; - const EVP_MD_CTX *hash; - unsigned char *p, rec_char; - size_t md_size, orig_len; - int npad; - int t; - - if (send) { - rec = &(ssl->s3->wrec); - mac_sec = &(ssl->s3->write_mac_secret[0]); - seq = &(ssl->s3->write_sequence[0]); - hash = ssl->write_hash; - } else { - rec = &(ssl->s3->rrec); - mac_sec = &(ssl->s3->read_mac_secret[0]); - seq = &(ssl->s3->read_sequence[0]); - hash = ssl->read_hash; - } - - t = EVP_MD_CTX_size(hash); - if (t < 0) - return -1; - md_size = t; - npad = (48 / md_size) * md_size; - - /* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */ - orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8); - rec->type &= 0xff; - - if (!send && - EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && - ssl3_cbc_record_digest_supported(hash)) { - /* This is a CBC-encrypted record. We must avoid leaking any - * timing-side channel information about how many blocks of - * data we are hashing because that gives an attacker a - * timing-oracle. */ - - /* npad is, at most, 48 bytes and that's with MD5: - * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75. - * - * With SHA-1 (the largest hash speced for SSLv3) the hash size - * goes up 4, but npad goes down by 8, resulting in a smaller - * total size. */ - unsigned char header[75]; - unsigned j = 0; - memcpy(header + j, mac_sec, md_size); - j += md_size; - memcpy(header + j, ssl3_pad_1, npad); - j += npad; - memcpy(header + j, seq, 8); - j += 8; - header[j++] = rec->type; - header[j++] = rec->length >> 8; - header[j++] = rec->length & 0xff; - - if (!ssl3_cbc_digest_record(hash, md, &md_size, header, - rec->input, rec->length + md_size, orig_len, mac_sec, - md_size, 1 /* is SSLv3 */)) - return (-1); - } else { - unsigned int md_size_u; - /* Chop the digest off the end :-) */ - EVP_MD_CTX_init(&md_ctx); - - if (!EVP_MD_CTX_copy_ex(&md_ctx, hash)) - return (-1); - EVP_DigestUpdate(&md_ctx, mac_sec, md_size); - EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad); - EVP_DigestUpdate(&md_ctx, seq, 8); - rec_char = rec->type; - EVP_DigestUpdate(&md_ctx, &rec_char, 1); - p = md; - s2n(rec->length, p); - EVP_DigestUpdate(&md_ctx, md, 2); - EVP_DigestUpdate(&md_ctx, rec->input, rec->length); - EVP_DigestFinal_ex(&md_ctx, md, NULL); - - if (!EVP_MD_CTX_copy_ex(&md_ctx, hash)) - return (-1); - EVP_DigestUpdate(&md_ctx, mac_sec, md_size); - EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad); - EVP_DigestUpdate(&md_ctx, md, md_size); - EVP_DigestFinal_ex(&md_ctx, md, &md_size_u); - md_size = md_size_u; - - EVP_MD_CTX_cleanup(&md_ctx); - } - - ssl3_record_sequence_increment(seq); - - return (md_size); -} - void ssl3_record_sequence_increment(unsigned char *seq) { diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index ab576c28f9..1b46e990de 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.106 2015/09/11 16:53:51 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.107 2015/09/11 16:56:17 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -629,7 +629,6 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int slen, unsigned char *p); int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); -int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data); void ssl3_free_digest_list(SSL *s); unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index ab576c28f9..1b46e990de 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.106 2015/09/11 16:53:51 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.107 2015/09/11 16:56:17 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -629,7 +629,6 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int slen, unsigned char *p); int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); -int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data); void ssl3_free_digest_list(SSL *s); unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, -- cgit v1.2.3-55-g6feb