mirror of https://github.com/openssl/openssl.git
Remove unused cert_verify_mac code
Reviewed-by: Andy Polyakov <appro@openssl.org>
This commit is contained in:
Dr. Stephen Henson
parent
f6739c3db4
commit
6938c954b0
|
|
@ -90,7 +90,6 @@ const SSL3_ENC_METHOD DTLSv1_enc_data = {
|
|||
tls1_change_cipher_state,
|
||||
tls1_final_finish_mac,
|
||||
TLS1_FINISH_MAC_LENGTH,
|
||||
tls1_cert_verify_mac,
|
||||
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
|
||||
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
|
||||
tls1_alert_code,
|
||||
|
|
@ -109,7 +108,6 @@ const SSL3_ENC_METHOD DTLSv1_2_enc_data = {
|
|||
tls1_change_cipher_state,
|
||||
tls1_final_finish_mac,
|
||||
TLS1_FINISH_MAC_LENGTH,
|
||||
tls1_cert_verify_mac,
|
||||
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
|
||||
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
|
||||
tls1_alert_code,
|
||||
|
|
|
|||
|
|
@ -560,11 +560,6 @@ int ssl3_digest_cached_records(SSL *s, int keep)
|
|||
return 1;
|
||||
}
|
||||
|
||||
int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
|
||||
{
|
||||
return (ssl3_handshake_mac(s, md_nid, NULL, 0, p));
|
||||
}
|
||||
|
||||
int ssl3_final_finish_mac(SSL *s,
|
||||
const char *sender, int len, unsigned char *p)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -3809,7 +3809,6 @@ const SSL3_ENC_METHOD SSLv3_enc_data = {
|
|||
ssl3_change_cipher_state,
|
||||
ssl3_final_finish_mac,
|
||||
MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
|
||||
ssl3_cert_verify_mac,
|
||||
SSL3_MD_CLIENT_FINISHED_CONST, 4,
|
||||
SSL3_MD_SERVER_FINISHED_CONST, 4,
|
||||
ssl3_alert_code,
|
||||
|
|
|
|||
|
|
@ -176,7 +176,6 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = {
|
|||
(int (*)(SSL *, const char *, int, unsigned char *))
|
||||
ssl_undefined_function,
|
||||
0, /* finish_mac_length */
|
||||
(int (*)(SSL *, int, unsigned char *))ssl_undefined_function,
|
||||
NULL, /* client_finished_label */
|
||||
0, /* client_finished_label_len */
|
||||
NULL, /* server_finished_label */
|
||||
|
|
|
|||
|
|
@ -1266,8 +1266,6 @@ typedef struct ssl3_state_st {
|
|||
int num_renegotiations;
|
||||
int in_read_app_data;
|
||||
struct {
|
||||
/* actually needs to be 32+32+64 for GOST */
|
||||
unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2];
|
||||
/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
|
||||
unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
|
||||
int finish_md_len;
|
||||
|
|
@ -1685,7 +1683,6 @@ typedef struct ssl3_enc_method {
|
|||
int (*change_cipher_state) (SSL *, int);
|
||||
int (*final_finish_mac) (SSL *, const char *, int, unsigned char *);
|
||||
int finish_mac_length;
|
||||
int (*cert_verify_mac) (SSL *, int, unsigned char *);
|
||||
const char *client_finished_label;
|
||||
int client_finished_label_len;
|
||||
const char *server_finished_label;
|
||||
|
|
@ -1948,7 +1945,6 @@ int ssl3_renegotiate_check(SSL *ssl);
|
|||
__owur int ssl3_dispatch_alert(SSL *s);
|
||||
__owur int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
|
||||
unsigned char *p);
|
||||
__owur int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
|
||||
void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
|
||||
void ssl3_free_digest_list(SSL *s);
|
||||
__owur unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk);
|
||||
|
|
@ -2032,7 +2028,6 @@ __owur int tls1_change_cipher_state(SSL *s, int which);
|
|||
__owur int tls1_setup_key_block(SSL *s);
|
||||
__owur int tls1_final_finish_mac(SSL *s,
|
||||
const char *str, int slen, unsigned char *p);
|
||||
__owur int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
|
||||
__owur int tls1_generate_master_secret(SSL *s, unsigned char *out,
|
||||
unsigned char *p, int len);
|
||||
__owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
|
||||
|
|
|
|||
30
ssl/t1_enc.c
30
ssl/t1_enc.c
|
|
@ -698,36 +698,6 @@ int tls1_setup_key_block(SSL *s)
|
|||
return (ret);
|
||||
}
|
||||
|
||||
|
||||
int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
|
||||
{
|
||||
unsigned int ret;
|
||||
EVP_MD_CTX ctx, *d = NULL;
|
||||
int i;
|
||||
|
||||
if (!ssl3_digest_cached_records(s, 0))
|
||||
return 0;
|
||||
|
||||
for (i = 0; i < SSL_MAX_DIGEST; i++) {
|
||||
if (s->s3->handshake_dgst[i]
|
||||
&& EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
|
||||
d = s->s3->handshake_dgst[i];
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!d) {
|
||||
SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC, SSL_R_NO_REQUIRED_DIGEST);
|
||||
return 0;
|
||||
}
|
||||
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
if (EVP_MD_CTX_copy_ex(&ctx, d) <=0
|
||||
|| EVP_DigestFinal_ex(&ctx, out, &ret) <= 0)
|
||||
ret = 0;
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
return ((int)ret);
|
||||
}
|
||||
|
||||
int tls1_final_finish_mac(SSL *s, const char *str, int slen,
|
||||
unsigned char *out)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -135,7 +135,6 @@ SSL3_ENC_METHOD const TLSv1_enc_data = {
|
|||
tls1_change_cipher_state,
|
||||
tls1_final_finish_mac,
|
||||
TLS1_FINISH_MAC_LENGTH,
|
||||
tls1_cert_verify_mac,
|
||||
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
|
||||
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
|
||||
tls1_alert_code,
|
||||
|
|
@ -154,7 +153,6 @@ SSL3_ENC_METHOD const TLSv1_1_enc_data = {
|
|||
tls1_change_cipher_state,
|
||||
tls1_final_finish_mac,
|
||||
TLS1_FINISH_MAC_LENGTH,
|
||||
tls1_cert_verify_mac,
|
||||
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
|
||||
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
|
||||
tls1_alert_code,
|
||||
|
|
@ -173,7 +171,6 @@ SSL3_ENC_METHOD const TLSv1_2_enc_data = {
|
|||
tls1_change_cipher_state,
|
||||
tls1_final_finish_mac,
|
||||
TLS1_FINISH_MAC_LENGTH,
|
||||
tls1_cert_verify_mac,
|
||||
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
|
||||
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
|
||||
tls1_alert_code,
|
||||
|
|
|
|||
Loading…
Reference in New Issue