diff options
| author | David Benjamin <davidben@chromium.org> | 2014-08-31 02:29:42 -0400 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-09-02 23:42:15 +0000 |
| commit | df90a644831ff5b5962f8060227ca2646d069417 (patch) | |
| tree | 9ec537ac9d94d6ade9f894891dc8eca8390cf3de | |
| parent | 39ebf53dd34a553768277ee2e0a5c681b4ac6f9e (diff) | |
| download | src-df90a644831ff5b5962f8060227ca2646d069417.tar.gz | |
Remove MD5, SHA-224, and SHA-512 handling from s3_cbc.c.
The only MD5 CBC-mode cipher suites are TLS_KRB5_WITH_DES_CBC_MD5,
TLS_KRB5_WITH_3DES_EDE_CBC_MD5, and TLS_KRB5_WITH_IDEA_CBC_MD5. We do not
support those, and it seems quite safe to assume that list will not grow.
No current cipher suites use SHA-224 or SHA-512 MACs. We can restore those
cases if that ever changes, but hopefully any future cipher suites we care
about will be using the AEAD construction.
Change-Id: I7f2d30238e2156a59b5fed1e48fabe6660fc9b67
Reviewed-on: https://boringssl-review.googlesource.com/1697
Reviewed-by: Adam Langley <agl@google.com>
| -rw-r--r-- | ssl/s3_cbc.c | 60 |
1 files changed, 6 insertions, 54 deletions
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 4af096d..e1b18af 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -52,7 +52,6 @@ #include <assert.h> -#include <openssl/md5.h> #include <openssl/obj.h> #include <openssl/sha.h> @@ -327,15 +326,6 @@ void ssl3_cbc_copy_mac(unsigned char* out, /* These functions serialize the state of a hash and thus perform the standard * "final" operation without adding the padding and length that such a function * typically does. */ -static void tls1_md5_final_raw(void* ctx, unsigned char *md_out) - { - MD5_CTX *md5 = ctx; - u32toLE(md5->A, md_out); - u32toLE(md5->B, md_out); - u32toLE(md5->C, md_out); - u32toLE(md5->D, md_out); - } - static void tls1_sha1_final_raw(void* ctx, unsigned char *md_out) { SHA_CTX *sha1 = ctx; @@ -379,12 +369,9 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) { switch (EVP_MD_CTX_type(ctx)) { - case NID_md5: case NID_sha1: - case NID_sha224: case NID_sha256: case NID_sha384: - case NID_sha512: return 1; default: return 0; @@ -441,7 +428,6 @@ void ssl3_cbc_digest_record( /* mdLengthSize is the number of bytes in the length field that terminates * the hash. */ unsigned md_length_size = 8; - char length_is_big_endian = 1; /* This is a, hopefully redundant, check that allows us to forget about * many possible overflows later in this function. */ @@ -449,26 +435,12 @@ void ssl3_cbc_digest_record( switch (EVP_MD_CTX_type(ctx)) { - case NID_md5: - MD5_Init((MD5_CTX*)md_state.c); - md_final_raw = tls1_md5_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform; - md_size = 16; - sslv3_pad_length = 48; - length_is_big_endian = 0; - break; case NID_sha1: SHA1_Init((SHA_CTX*)md_state.c); md_final_raw = tls1_sha1_final_raw; md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform; md_size = 20; break; - case NID_sha224: - SHA224_Init((SHA256_CTX*)md_state.c); - md_final_raw = tls1_sha256_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; - md_size = 224/8; - break; case NID_sha256: SHA256_Init((SHA256_CTX*)md_state.c); md_final_raw = tls1_sha256_final_raw; @@ -483,14 +455,6 @@ void ssl3_cbc_digest_record( md_block_size = 128; md_length_size = 16; break; - case NID_sha512: - SHA512_Init((SHA512_CTX*)md_state.c); - md_final_raw = tls1_sha512_final_raw; - md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; - md_size = 64; - md_block_size = 128; - md_length_size = 16; - break; default: /* ssl3_cbc_record_digest_supported should have been * called first to check that the hash function is @@ -592,22 +556,11 @@ void ssl3_cbc_digest_record( md_transform(md_state.c, hmac_pad); } - if (length_is_big_endian) - { - memset(length_bytes,0,md_length_size-4); - length_bytes[md_length_size-4] = (unsigned char)(bits>>24); - length_bytes[md_length_size-3] = (unsigned char)(bits>>16); - length_bytes[md_length_size-2] = (unsigned char)(bits>>8); - length_bytes[md_length_size-1] = (unsigned char)bits; - } - else - { - memset(length_bytes,0,md_length_size); - length_bytes[md_length_size-5] = (unsigned char)(bits>>24); - length_bytes[md_length_size-6] = (unsigned char)(bits>>16); - length_bytes[md_length_size-7] = (unsigned char)(bits>>8); - length_bytes[md_length_size-8] = (unsigned char)bits; - } + memset(length_bytes,0,md_length_size-4); + length_bytes[md_length_size-4] = (unsigned char)(bits>>24); + length_bytes[md_length_size-3] = (unsigned char)(bits>>16); + length_bytes[md_length_size-2] = (unsigned char)(bits>>8); + length_bytes[md_length_size-1] = (unsigned char)bits; if (k > 0) { @@ -615,8 +568,7 @@ void ssl3_cbc_digest_record( { /* The SSLv3 header is larger than a single block. * overhang is the number of bytes beyond a single - * block that the header consumes: either 7 bytes - * (SHA1) or 11 bytes (MD5). */ + * block that the header consumes: 7 bytes (SHA1). */ unsigned overhang = header_length-md_block_size; md_transform(md_state.c, header); memcpy(first_block, header + md_block_size, overhang); |