From 8d56b7ead6f4a7517100afb5445c117611045bcb Mon Sep 17 00:00:00 2001 From: jsing <> Date: Fri, 11 Sep 2015 16:53:51 +0000 Subject: Nuke ssl3_enc(). ok "flensing knife" --- src/lib/libssl/src/ssl/s3_enc.c | 73 +-------------------------------------- src/lib/libssl/src/ssl/ssl_locl.h | 3 +- src/lib/libssl/ssl_locl.h | 3 +- 3 files changed, 3 insertions(+), 76 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c index 515072a99e..7e0544a8fa 100644 --- a/src/lib/libssl/src/ssl/s3_enc.c +++ b/src/lib/libssl/src/ssl/s3_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_enc.c,v 1.62 2015/09/10 15:56:26 jsing Exp $ */ +/* $OpenBSD: s3_enc.c,v 1.63 2015/09/11 16:53:51 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -400,77 +400,6 @@ ssl3_cleanup_key_block(SSL *s) s->s3->tmp.key_block_length = 0; } -/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. - * - * Returns: - * 0: (in non-constant time) if the record is publically invalid (i.e. too - * short etc). - * 1: if the record's padding is valid / the encryption was successful. - * -1: if the record's padding is invalid or, if sending, an internal error - * occured. - */ -int -ssl3_enc(SSL *s, int send) -{ - SSL3_RECORD *rec; - EVP_CIPHER_CTX *ds; - unsigned long l; - int bs, i, mac_size = 0; - const EVP_CIPHER *enc; - - if (send) { - ds = s->enc_write_ctx; - rec = &(s->s3->wrec); - if (s->enc_write_ctx == NULL) - enc = NULL; - else - enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx); - } else { - ds = s->enc_read_ctx; - rec = &(s->s3->rrec); - if (s->enc_read_ctx == NULL) - enc = NULL; - else - enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx); - } - - if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { - memmove(rec->data, rec->input, rec->length); - rec->input = rec->data; - } else { - l = rec->length; - bs = EVP_CIPHER_block_size(ds->cipher); - - /* COMPRESS */ - - if ((bs != 1) && send) { - i = bs - ((int)l % bs); - - /* we need to add 'i-1' padding bytes */ - l += i; - /* the last of these zero bytes will be overwritten - * with the padding length. */ - memset(&rec->input[rec->length], 0, i); - rec->length += i; - rec->input[l - 1] = (i - 1); - } - - if (!send) { - if (l == 0 || l % bs != 0) - return 0; - /* otherwise, rec->length >= bs */ - } - - EVP_Cipher(ds, rec->data, rec->input, l); - - if (EVP_MD_CTX_md(s->read_hash) != NULL) - mac_size = EVP_MD_CTX_size(s->read_hash); - if ((bs != 1) && !send) - return ssl3_cbc_remove_padding(s, rec, bs, mac_size); - } - return (1); -} - int ssl3_init_finished_mac(SSL *s) { diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index 8ad1535979..ab576c28f9 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.105 2015/09/11 16:50:46 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.106 2015/09/11 16:53:51 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -629,7 +629,6 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int slen, unsigned char *p); int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); -int ssl3_enc(SSL *s, int send_data); int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data); void ssl3_free_digest_list(SSL *s); unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 8ad1535979..ab576c28f9 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.105 2015/09/11 16:50:46 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.106 2015/09/11 16:53:51 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -629,7 +629,6 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int slen, unsigned char *p); int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); -int ssl3_enc(SSL *s, int send_data); int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data); void ssl3_free_digest_list(SSL *s); unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); -- cgit v1.2.3-55-g6feb