1 files changed, 6 insertions, 76 deletions

diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index e80734e..6a0de9c 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -52,7 +52,6 @@
 
 #include <assert.h>
 
-#include <openssl/md5.h>
 #include <openssl/obj.h>
 #include <openssl/sha.h>
 
@@ -166,28 +165,6 @@ int tls1_cbc_remove_padding(const SSL* s,
 
 	padding_length = rec->data[rec->length-1];
 
-	if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
-		{
-		/* First packet is even in size, so check */
-		if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",8) == 0) &&
-		    !(padding_length & 1))
-			{
-			s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
-			}
-		if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) &&
-		    padding_length > 0)
-			{
-			padding_length--;
-			}
-		}
-
-	if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER)
-		{
-		/* padding is already verified */
-		rec->length -= padding_length + 1;
-		return 1;
-		}
-
 	good = constant_time_ge(rec->length, overhead+padding_length);
 	/* The padding consists of a length byte at the end of the record and
 	 * then that many bytes of padding, all with the same value as the
@@ -334,15 +311,6 @@ void ssl3_cbc_copy_mac(unsigned char* out,
 /* These functions serialize the state of a hash and thus perform the standard
  * "final" operation without adding the padding and length that such a function
  * typically does. */
-static void tls1_md5_final_raw(void* ctx, unsigned char *md_out)
-	{
-	MD5_CTX *md5 = ctx;
-	u32toLE(md5->A, md_out);
-	u32toLE(md5->B, md_out);
-	u32toLE(md5->C, md_out);
-	u32toLE(md5->D, md_out);
-	}
-
 static void tls1_sha1_final_raw(void* ctx, unsigned char *md_out)
 	{
 	SHA_CTX *sha1 = ctx;
@@ -386,12 +354,9 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
 	{
 	switch (EVP_MD_CTX_type(ctx))
 		{
-		case NID_md5:
 		case NID_sha1:
-		case NID_sha224:
 		case NID_sha256:
 		case NID_sha384:
-		case NID_sha512:
 			return 1;
 		default:
 			return 0;
@@ -448,7 +413,6 @@ void ssl3_cbc_digest_record(
 	/* mdLengthSize is the number of bytes in the length field that terminates
 	* the hash. */
 	unsigned md_length_size = 8;
-	char length_is_big_endian = 1;
 
 	/* This is a, hopefully redundant, check that allows us to forget about
 	 * many possible overflows later in this function. */
@@ -456,26 +420,12 @@ void ssl3_cbc_digest_record(
 
 	switch (EVP_MD_CTX_type(ctx))
 		{
-		case NID_md5:
-			MD5_Init((MD5_CTX*)md_state.c);
-			md_final_raw = tls1_md5_final_raw;
-			md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform;
-			md_size = 16;
-			sslv3_pad_length = 48;
-			length_is_big_endian = 0;
-			break;
 		case NID_sha1:
 			SHA1_Init((SHA_CTX*)md_state.c);
 			md_final_raw = tls1_sha1_final_raw;
 			md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform;
 			md_size = 20;
 			break;
-		case NID_sha224:
-			SHA224_Init((SHA256_CTX*)md_state.c);
-			md_final_raw = tls1_sha256_final_raw;
-			md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
-			md_size = 224/8;
-			break;
 		case NID_sha256:
 			SHA256_Init((SHA256_CTX*)md_state.c);
 			md_final_raw = tls1_sha256_final_raw;
@@ -490,14 +440,6 @@ void ssl3_cbc_digest_record(
 			md_block_size = 128;
 			md_length_size = 16;
 			break;
-		case NID_sha512:
-			SHA512_Init((SHA512_CTX*)md_state.c);
-			md_final_raw = tls1_sha512_final_raw;
-			md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
-			md_size = 64;
-			md_block_size = 128;
-			md_length_size = 16;
-			break;
 		default:
 			/* ssl3_cbc_record_digest_supported should have been
 			 * called first to check that the hash function is
@@ -599,22 +541,11 @@ void ssl3_cbc_digest_record(
 		md_transform(md_state.c, hmac_pad);
 		}
 
-	if (length_is_big_endian)
-		{
-		memset(length_bytes,0,md_length_size-4);
-		length_bytes[md_length_size-4] = (unsigned char)(bits>>24);
-		length_bytes[md_length_size-3] = (unsigned char)(bits>>16);
-		length_bytes[md_length_size-2] = (unsigned char)(bits>>8);
-		length_bytes[md_length_size-1] = (unsigned char)bits;
-		}
-	else
-		{
-		memset(length_bytes,0,md_length_size);
-		length_bytes[md_length_size-5] = (unsigned char)(bits>>24);
-		length_bytes[md_length_size-6] = (unsigned char)(bits>>16);
-		length_bytes[md_length_size-7] = (unsigned char)(bits>>8);
-		length_bytes[md_length_size-8] = (unsigned char)bits;
-		}
+	memset(length_bytes,0,md_length_size-4);
+	length_bytes[md_length_size-4] = (unsigned char)(bits>>24);
+	length_bytes[md_length_size-3] = (unsigned char)(bits>>16);
+	length_bytes[md_length_size-2] = (unsigned char)(bits>>8);
+	length_bytes[md_length_size-1] = (unsigned char)bits;
 
 	if (k > 0)
 		{
@@ -622,8 +553,7 @@ void ssl3_cbc_digest_record(
 			{
 			/* The SSLv3 header is larger than a single block.
 			 * overhang is the number of bytes beyond a single
-			 * block that the header consumes: either 7 bytes
-			 * (SHA1) or 11 bytes (MD5). */
+			 * block that the header consumes: 7 bytes (SHA1). */
 			unsigned overhang = header_length-md_block_size;
 			md_transform(md_state.c, header);
 			memcpy(first_block, header + md_block_size, overhang);