[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Wed Nov 25 18:22:52 UTC 2015
The branch master has been updated
via 6938c954b072c1ddddeb0ec9f6a151df0d2cd925 (commit)
from f6739c3db455f37cc04a8f12f741b1521738b562 (commit)
- Log -----------------------------------------------------------------
commit 6938c954b072c1ddddeb0ec9f6a151df0d2cd925
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed Nov 25 13:08:08 2015 +0000
Remove unused cert_verify_mac code
Reviewed-by: Andy Polyakov <appro at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/d1_lib.c | 2 --
ssl/s3_enc.c | 5 -----
ssl/s3_lib.c | 1 -
ssl/ssl_lib.c | 1 -
ssl/ssl_locl.h | 5 -----
ssl/t1_enc.c | 30 ------------------------------
ssl/t1_lib.c | 3 ---
7 files changed, 47 deletions(-)
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 6e70c56..0fdfd51 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -90,7 +90,6 @@ const SSL3_ENC_METHOD DTLSv1_enc_data = {
tls1_change_cipher_state,
tls1_final_finish_mac,
TLS1_FINISH_MAC_LENGTH,
- tls1_cert_verify_mac,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
tls1_alert_code,
@@ -109,7 +108,6 @@ const SSL3_ENC_METHOD DTLSv1_2_enc_data = {
tls1_change_cipher_state,
tls1_final_finish_mac,
TLS1_FINISH_MAC_LENGTH,
- tls1_cert_verify_mac,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
tls1_alert_code,
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 1a5aaec..b801d05 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -560,11 +560,6 @@ int ssl3_digest_cached_records(SSL *s, int keep)
return 1;
}
-int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
-{
- return (ssl3_handshake_mac(s, md_nid, NULL, 0, p));
-}
-
int ssl3_final_finish_mac(SSL *s,
const char *sender, int len, unsigned char *p)
{
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 5ad9863..8c1b4aa 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3809,7 +3809,6 @@ const SSL3_ENC_METHOD SSLv3_enc_data = {
ssl3_change_cipher_state,
ssl3_final_finish_mac,
MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
- ssl3_cert_verify_mac,
SSL3_MD_CLIENT_FINISHED_CONST, 4,
SSL3_MD_SERVER_FINISHED_CONST, 4,
ssl3_alert_code,
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 5068c15..e02b049 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -176,7 +176,6 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = {
(int (*)(SSL *, const char *, int, unsigned char *))
ssl_undefined_function,
0, /* finish_mac_length */
- (int (*)(SSL *, int, unsigned char *))ssl_undefined_function,
NULL, /* client_finished_label */
0, /* client_finished_label_len */
NULL, /* server_finished_label */
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 3cec5c3..70689bc 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1266,8 +1266,6 @@ typedef struct ssl3_state_st {
int num_renegotiations;
int in_read_app_data;
struct {
- /* actually needs to be 32+32+64 for GOST */
- unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2];
/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
int finish_md_len;
@@ -1685,7 +1683,6 @@ typedef struct ssl3_enc_method {
int (*change_cipher_state) (SSL *, int);
int (*final_finish_mac) (SSL *, const char *, int, unsigned char *);
int finish_mac_length;
- int (*cert_verify_mac) (SSL *, int, unsigned char *);
const char *client_finished_label;
int client_finished_label_len;
const char *server_finished_label;
@@ -1948,7 +1945,6 @@ int ssl3_renegotiate_check(SSL *ssl);
__owur int ssl3_dispatch_alert(SSL *s);
__owur int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
unsigned char *p);
-__owur int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
void ssl3_free_digest_list(SSL *s);
__owur unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk);
@@ -2032,7 +2028,6 @@ __owur int tls1_change_cipher_state(SSL *s, int which);
__owur int tls1_setup_key_block(SSL *s);
__owur int tls1_final_finish_mac(SSL *s,
const char *str, int slen, unsigned char *p);
-__owur int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
__owur int tls1_generate_master_secret(SSL *s, unsigned char *out,
unsigned char *p, int len);
__owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 729cecc..906029c 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -698,36 +698,6 @@ int tls1_setup_key_block(SSL *s)
return (ret);
}
-
-int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
-{
- unsigned int ret;
- EVP_MD_CTX ctx, *d = NULL;
- int i;
-
- if (!ssl3_digest_cached_records(s, 0))
- return 0;
-
- for (i = 0; i < SSL_MAX_DIGEST; i++) {
- if (s->s3->handshake_dgst[i]
- && EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
- d = s->s3->handshake_dgst[i];
- break;
- }
- }
- if (!d) {
- SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC, SSL_R_NO_REQUIRED_DIGEST);
- return 0;
- }
-
- EVP_MD_CTX_init(&ctx);
- if (EVP_MD_CTX_copy_ex(&ctx, d) <=0
- || EVP_DigestFinal_ex(&ctx, out, &ret) <= 0)
- ret = 0;
- EVP_MD_CTX_cleanup(&ctx);
- return ((int)ret);
-}
-
int tls1_final_finish_mac(SSL *s, const char *str, int slen,
unsigned char *out)
{
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 999859e..2784fa1 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -135,7 +135,6 @@ SSL3_ENC_METHOD const TLSv1_enc_data = {
tls1_change_cipher_state,
tls1_final_finish_mac,
TLS1_FINISH_MAC_LENGTH,
- tls1_cert_verify_mac,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
tls1_alert_code,
@@ -154,7 +153,6 @@ SSL3_ENC_METHOD const TLSv1_1_enc_data = {
tls1_change_cipher_state,
tls1_final_finish_mac,
TLS1_FINISH_MAC_LENGTH,
- tls1_cert_verify_mac,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
tls1_alert_code,
@@ -173,7 +171,6 @@ SSL3_ENC_METHOD const TLSv1_2_enc_data = {
tls1_change_cipher_state,
tls1_final_finish_mac,
TLS1_FINISH_MAC_LENGTH,
- tls1_cert_verify_mac,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
tls1_alert_code,
More information about the openssl-commits
mailing list