diff options
Diffstat (limited to 'ssl/s3_cbc.c')
-rw-r--r-- | ssl/s3_cbc.c | 82 |
1 files changed, 6 insertions, 76 deletions
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index e80734e..6a0de9c 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -52,7 +52,6 @@ #include <assert.h> -#include <openssl/md5.h> #include <openssl/obj.h> #include <openssl/sha.h> @@ -166,28 +165,6 @@ int tls1_cbc_remove_padding(const SSL* s, padding_length = rec->data[rec->length-1]; - if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) - { - /* First packet is even in size, so check */ - if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",8) == 0) && - !(padding_length & 1)) - { - s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; - } - if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && - padding_length > 0) - { - padding_length--; - } - } - - if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) - { - /* padding is already verified */ - rec->length -= padding_length + 1; - return 1; - } - good = constant_time_ge(rec->length, overhead+padding_length); /* The padding consists of a length byte at the end of the record and * then that many bytes of padding, all with the same value as the @@ -334,15 +311,6 @@ void ssl3_cbc_copy_mac(unsigned char* out, /* These functions serialize the state of a hash and thus perform the standard * "final" operation without adding the padding and length that such a function * typically does. */ -static void tls1_md5_final_raw(void* ctx, unsigned char *md_out) - { - MD5_CTX *md5 = ctx; - u32toLE(md5->A, md_out); - u32toLE(md5->B, md_out); - u32toLE(md5->C, md_out); - u32toLE(md5->D, md_out); - } - static void tls1_sha1_final_raw(void* ctx, unsigned char *md_out) { SHA_CTX *sha1 = ctx; @@ -386,12 +354,9 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) { switch (EVP_MD_CTX_type(ctx)) { - case NID_md5: case NID_sha1: - case NID_sha224: case NID_sha256: case NID_sha384: - case NID_sha512: return 1; default: return 0; @@ -448,7 +413,6 @@ void ssl3_cbc_digest_record( /* mdLengthSize is the number of bytes in the length field that terminates * the hash. */ unsigned md_length_size = 8; - char length_is_big_endian = 1; /* This is a, hopefully redundant, check that allows us to forget about * many possible overflows later in this function. */ @@ -456,26 +420,12 @@ void ssl3_cbc_digest_record( switch (EVP_MD_CTX_type(ctx)) { - case NID_md5: - MD5_Init((MD5_CTX*)md_state.c); - md_final_raw = tls1_md5_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform; - md_size = 16; - sslv3_pad_length = 48; - length_is_big_endian = 0; - break; case NID_sha1: SHA1_Init((SHA_CTX*)md_state.c); md_final_raw = tls1_sha1_final_raw; md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform; md_size = 20; break; - case NID_sha224: - SHA224_Init((SHA256_CTX*)md_state.c); - md_final_raw = tls1_sha256_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; - md_size = 224/8; - break; case NID_sha256: SHA256_Init((SHA256_CTX*)md_state.c); md_final_raw = tls1_sha256_final_raw; @@ -490,14 +440,6 @@ void ssl3_cbc_digest_record( md_block_size = 128; md_length_size = 16; break; - case NID_sha512: - SHA512_Init((SHA512_CTX*)md_state.c); - md_final_raw = tls1_sha512_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; - md_size = 64; - md_block_size = 128; - md_length_size = 16; - break; default: /* ssl3_cbc_record_digest_supported should have been * called first to check that the hash function is @@ -599,22 +541,11 @@ void ssl3_cbc_digest_record( md_transform(md_state.c, hmac_pad); } - if (length_is_big_endian) - { - memset(length_bytes,0,md_length_size-4); - length_bytes[md_length_size-4] = (unsigned char)(bits>>24); - length_bytes[md_length_size-3] = (unsigned char)(bits>>16); - length_bytes[md_length_size-2] = (unsigned char)(bits>>8); - length_bytes[md_length_size-1] = (unsigned char)bits; - } - else - { - memset(length_bytes,0,md_length_size); - length_bytes[md_length_size-5] = (unsigned char)(bits>>24); - length_bytes[md_length_size-6] = (unsigned char)(bits>>16); - length_bytes[md_length_size-7] = (unsigned char)(bits>>8); - length_bytes[md_length_size-8] = (unsigned char)bits; - } + memset(length_bytes,0,md_length_size-4); + length_bytes[md_length_size-4] = (unsigned char)(bits>>24); + length_bytes[md_length_size-3] = (unsigned char)(bits>>16); + length_bytes[md_length_size-2] = (unsigned char)(bits>>8); + length_bytes[md_length_size-1] = (unsigned char)bits; if (k > 0) { @@ -622,8 +553,7 @@ void ssl3_cbc_digest_record( { /* The SSLv3 header is larger than a single block. * overhang is the number of bytes beyond a single - * block that the header consumes: either 7 bytes - * (SHA1) or 11 bytes (MD5). */ + * block that the header consumes: 7 bytes (SHA1). */ unsigned overhang = header_length-md_block_size; md_transform(md_state.c, header); memcpy(first_block, header + md_block_size, overhang); |