From 6938c954b072c1ddddeb0ec9f6a151df0d2cd925 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 25 Nov 2015 13:08:08 +0000 Subject: Remove unused cert_verify_mac code Reviewed-by: Andy Polyakov --- ssl/d1_lib.c | 2 -- ssl/s3_enc.c | 5 ----- ssl/s3_lib.c | 1 - ssl/ssl_lib.c | 1 - ssl/ssl_locl.h | 5 ----- ssl/t1_enc.c | 30 ------------------------------ ssl/t1_lib.c | 3 --- 7 files changed, 47 deletions(-) diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 6e70c56ce7..0fdfd51091 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -90,7 +90,6 @@ const SSL3_ENC_METHOD DTLSv1_enc_data = { tls1_change_cipher_state, tls1_final_finish_mac, TLS1_FINISH_MAC_LENGTH, - tls1_cert_verify_mac, TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, @@ -109,7 +108,6 @@ const SSL3_ENC_METHOD DTLSv1_2_enc_data = { tls1_change_cipher_state, tls1_final_finish_mac, TLS1_FINISH_MAC_LENGTH, - tls1_cert_verify_mac, TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 1a5aaeceaa..b801d0541b 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -560,11 +560,6 @@ int ssl3_digest_cached_records(SSL *s, int keep) return 1; } -int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p) -{ - return (ssl3_handshake_mac(s, md_nid, NULL, 0, p)); -} - int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p) { diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 5ad9863121..8c1b4aa18f 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3809,7 +3809,6 @@ const SSL3_ENC_METHOD SSLv3_enc_data = { ssl3_change_cipher_state, ssl3_final_finish_mac, MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, - ssl3_cert_verify_mac, SSL3_MD_CLIENT_FINISHED_CONST, 4, SSL3_MD_SERVER_FINISHED_CONST, 4, ssl3_alert_code, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 5068c15964..e02b04906e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -176,7 +176,6 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = { (int (*)(SSL *, const char *, int, unsigned char *)) ssl_undefined_function, 0, /* finish_mac_length */ - (int (*)(SSL *, int, unsigned char *))ssl_undefined_function, NULL, /* client_finished_label */ 0, /* client_finished_label_len */ NULL, /* server_finished_label */ diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 3cec5c3eda..70689bc324 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1266,8 +1266,6 @@ typedef struct ssl3_state_st { int num_renegotiations; int in_read_app_data; struct { - /* actually needs to be 32+32+64 for GOST */ - unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2]; /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ unsigned char finish_md[EVP_MAX_MD_SIZE * 2]; int finish_md_len; @@ -1685,7 +1683,6 @@ typedef struct ssl3_enc_method { int (*change_cipher_state) (SSL *, int); int (*final_finish_mac) (SSL *, const char *, int, unsigned char *); int finish_mac_length; - int (*cert_verify_mac) (SSL *, int, unsigned char *); const char *client_finished_label; int client_finished_label_len; const char *server_finished_label; @@ -1948,7 +1945,6 @@ int ssl3_renegotiate_check(SSL *ssl); __owur int ssl3_dispatch_alert(SSL *s); __owur int ssl3_final_finish_mac(SSL *s, const char *sender, int slen, unsigned char *p); -__owur int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); void ssl3_free_digest_list(SSL *s); __owur unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk); @@ -2032,7 +2028,6 @@ __owur int tls1_change_cipher_state(SSL *s, int which); __owur int tls1_setup_key_block(SSL *s); __owur int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *p); -__owur int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); __owur int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, int len); __owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 729ceccb7e..906029c8fc 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -698,36 +698,6 @@ int tls1_setup_key_block(SSL *s) return (ret); } - -int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) -{ - unsigned int ret; - EVP_MD_CTX ctx, *d = NULL; - int i; - - if (!ssl3_digest_cached_records(s, 0)) - return 0; - - for (i = 0; i < SSL_MAX_DIGEST; i++) { - if (s->s3->handshake_dgst[i] - && EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) { - d = s->s3->handshake_dgst[i]; - break; - } - } - if (!d) { - SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC, SSL_R_NO_REQUIRED_DIGEST); - return 0; - } - - EVP_MD_CTX_init(&ctx); - if (EVP_MD_CTX_copy_ex(&ctx, d) <=0 - || EVP_DigestFinal_ex(&ctx, out, &ret) <= 0) - ret = 0; - EVP_MD_CTX_cleanup(&ctx); - return ((int)ret); -} - int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out) { diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 999859e999..2784fa1f23 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -135,7 +135,6 @@ SSL3_ENC_METHOD const TLSv1_enc_data = { tls1_change_cipher_state, tls1_final_finish_mac, TLS1_FINISH_MAC_LENGTH, - tls1_cert_verify_mac, TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, @@ -154,7 +153,6 @@ SSL3_ENC_METHOD const TLSv1_1_enc_data = { tls1_change_cipher_state, tls1_final_finish_mac, TLS1_FINISH_MAC_LENGTH, - tls1_cert_verify_mac, TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, @@ -173,7 +171,6 @@ SSL3_ENC_METHOD const TLSv1_2_enc_data = { tls1_change_cipher_state, tls1_final_finish_mac, TLS1_FINISH_MAC_LENGTH, - tls1_cert_verify_mac, TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, -- cgit v1.2.3