Clean up and simplify the tls1_PRF() implementation now that we have a

single EVP MD for the PRF hash.

ok beck@ inoguchi@

1 files changed, 19 insertions, 48 deletions

diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c
index 62578beeea3..84f2e182d9e 100644
--- a/lib/libssl/t1_enc.c
+++ b/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.97 2017/03/05 14:39:53 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.98 2017/03/06 15:08:57 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -372,67 +372,39 @@ err:
 
 /* seed1 through seed5 are virtually concatenated */
 static int
-tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2,
+tls1_PRF(SSL *s, const void *seed1, int seed1_len, const void *seed2,
     int seed2_len, const void *seed3, int seed3_len, const void *seed4,
     int seed4_len, const void *seed5, int seed5_len, const unsigned char *sec,
     int slen, unsigned char *out1, unsigned char *out2, int olen)
 {
-	int len, i, idx, count;
-	const unsigned char *S1;
-	long m;
 	const EVP_MD *md;
-	int ret = 0;
+	int i;
 
-	/* Count number of digests and partition sec evenly */
-	count = 0;
-	for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
-		if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask)
-			count++;
-	}
-	if (count == 0) {
-		SSLerrorx(SSL_R_SSL_HANDSHAKE_FAILURE);
-		goto err;
-	}
-	len = slen / count;
-	if (count == 1)
-		slen = 0;
-	S1 = sec;
 	memset(out1, 0, olen);
-	for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
-		if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) {
-			if (!md) {
-				SSLerrorx(SSL_R_UNSUPPORTED_DIGEST_TYPE);
-				goto err;
-			}
-			if (!tls1_P_hash(md , S1, len + (slen&1), seed1,
-			    seed1_len, seed2, seed2_len, seed3, seed3_len,
-			    seed4, seed4_len, seed5, seed5_len, out2, olen))
-				goto err;
-			S1 += len;
-			for (i = 0; i < olen; i++) {
-				out1[i] ^= out2[i];
-			}
-		}
-	}
-	ret = 1;
 
-err:
-	return ret;
+	if (!ssl_get_handshake_evp_md(s, &md))
+		return (0);
+
+	if (!tls1_P_hash(md, sec, slen, seed1, seed1_len, seed2, seed2_len,
+	    seed3, seed3_len, seed4, seed4_len, seed5, seed5_len, out2, olen))
+		return (0);
+
+	for (i = 0; i < olen; i++)
+		out1[i] ^= out2[i];
+
+	return (1);
 }
 
 static int
 tls1_generate_key_block(SSL *s, unsigned char *km, unsigned char *tmp, int num)
 {
-	int ret;
-
-	ret = tls1_PRF(ssl_get_algorithm2(s),
+	return tls1_PRF(s,
 	    TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE,
 	    s->s3->server_random, SSL3_RANDOM_SIZE,
 	    s->s3->client_random, SSL3_RANDOM_SIZE,
 	    NULL, 0, NULL, 0,
 	    s->session->master_key, s->session->master_key_length,
 	    km, tmp, num);
-	return ret;
 }
 
 /*
@@ -1138,8 +1110,7 @@ tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
 	if (hlen > INT_MAX)
 		return 0;
 
-	if (!tls1_PRF(ssl_get_algorithm2(s), str, slen, buf1, hlen,
-	    NULL, 0, NULL, 0, NULL, 0,
+	if (!tls1_PRF(s, str, slen, buf1, hlen, NULL, 0, NULL, 0, NULL, 0,
 	    s->session->master_key, s->session->master_key_length,
 	    out, buf2, sizeof(buf2)))
 		return 0;
@@ -1235,7 +1206,8 @@ tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
 {
 	unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
 
-	tls1_PRF(ssl_get_algorithm2(s),
+	/* XXX - check return value. */
+	tls1_PRF(s,
 	    TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
 	    s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0,
 	    s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0,
@@ -1307,8 +1279,7 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
 	    TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
 		goto err1;
 
-	rv = tls1_PRF(ssl_get_algorithm2(s),
-	    val, vallen, NULL, 0, NULL, 0, NULL, 0, NULL, 0,
+	rv = tls1_PRF(s, val, vallen, NULL, 0, NULL, 0, NULL, 0, NULL, 0,
 	    s->session->master_key, s->session->master_key_length,
 	    out, buff, olen);