summaryrefslogtreecommitdiffstats
path: root/lib/libssl/src/ssl/s3_enc.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libssl/src/ssl/s3_enc.c')
-rw-r--r--lib/libssl/src/ssl/s3_enc.c100
1 files changed, 1 insertions, 99 deletions
diff --git a/lib/libssl/src/ssl/s3_enc.c b/lib/libssl/src/ssl/s3_enc.c
index 7e0544a8fac..6a7026e1580 100644
--- a/lib/libssl/src/ssl/s3_enc.c
+++ b/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_enc.c,v 1.63 2015/09/11 16:53:51 jsing Exp $ */
+/* $OpenBSD: s3_enc.c,v 1.64 2015/09/11 16:56:17 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -574,104 +574,6 @@ ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len,
return ((int)ret);
}
-int
-n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
-{
- SSL3_RECORD *rec;
- unsigned char *mac_sec, *seq;
- EVP_MD_CTX md_ctx;
- const EVP_MD_CTX *hash;
- unsigned char *p, rec_char;
- size_t md_size, orig_len;
- int npad;
- int t;
-
- if (send) {
- rec = &(ssl->s3->wrec);
- mac_sec = &(ssl->s3->write_mac_secret[0]);
- seq = &(ssl->s3->write_sequence[0]);
- hash = ssl->write_hash;
- } else {
- rec = &(ssl->s3->rrec);
- mac_sec = &(ssl->s3->read_mac_secret[0]);
- seq = &(ssl->s3->read_sequence[0]);
- hash = ssl->read_hash;
- }
-
- t = EVP_MD_CTX_size(hash);
- if (t < 0)
- return -1;
- md_size = t;
- npad = (48 / md_size) * md_size;
-
- /* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */
- orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);
- rec->type &= 0xff;
-
- if (!send &&
- EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
- ssl3_cbc_record_digest_supported(hash)) {
- /* This is a CBC-encrypted record. We must avoid leaking any
- * timing-side channel information about how many blocks of
- * data we are hashing because that gives an attacker a
- * timing-oracle. */
-
- /* npad is, at most, 48 bytes and that's with MD5:
- * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
- *
- * With SHA-1 (the largest hash speced for SSLv3) the hash size
- * goes up 4, but npad goes down by 8, resulting in a smaller
- * total size. */
- unsigned char header[75];
- unsigned j = 0;
- memcpy(header + j, mac_sec, md_size);
- j += md_size;
- memcpy(header + j, ssl3_pad_1, npad);
- j += npad;
- memcpy(header + j, seq, 8);
- j += 8;
- header[j++] = rec->type;
- header[j++] = rec->length >> 8;
- header[j++] = rec->length & 0xff;
-
- if (!ssl3_cbc_digest_record(hash, md, &md_size, header,
- rec->input, rec->length + md_size, orig_len, mac_sec,
- md_size, 1 /* is SSLv3 */))
- return (-1);
- } else {
- unsigned int md_size_u;
- /* Chop the digest off the end :-) */
- EVP_MD_CTX_init(&md_ctx);
-
- if (!EVP_MD_CTX_copy_ex(&md_ctx, hash))
- return (-1);
- EVP_DigestUpdate(&md_ctx, mac_sec, md_size);
- EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad);
- EVP_DigestUpdate(&md_ctx, seq, 8);
- rec_char = rec->type;
- EVP_DigestUpdate(&md_ctx, &rec_char, 1);
- p = md;
- s2n(rec->length, p);
- EVP_DigestUpdate(&md_ctx, md, 2);
- EVP_DigestUpdate(&md_ctx, rec->input, rec->length);
- EVP_DigestFinal_ex(&md_ctx, md, NULL);
-
- if (!EVP_MD_CTX_copy_ex(&md_ctx, hash))
- return (-1);
- EVP_DigestUpdate(&md_ctx, mac_sec, md_size);
- EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad);
- EVP_DigestUpdate(&md_ctx, md, md_size);
- EVP_DigestFinal_ex(&md_ctx, md, &md_size_u);
- md_size = md_size_u;
-
- EVP_MD_CTX_cleanup(&md_ctx);
- }
-
- ssl3_record_sequence_increment(seq);
-
- return (md_size);
-}
-
void
ssl3_record_sequence_increment(unsigned char *seq)
{
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.