diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2015-09-11 17:17:45 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2015-09-11 17:17:45 +0000 |
commit | 7b06263d3697e91b4a1124a5eb4da636fbd24c81 (patch) | |
tree | 534e62981a10856de38ace73f7dc2c95c5eb0bfb /lib/libssl | |
parent | 5060cdd2d8dfa91c19dfa37d90b99a3f0948b9dd (diff) |
Nuke ssl3_cbc_remove_padding().
ok "flensing knife"
Diffstat (limited to 'lib/libssl')
-rw-r--r-- | lib/libssl/src/ssl/s3_cbc.c | 32 | ||||
-rw-r--r-- | lib/libssl/src/ssl/ssl_locl.h | 4 |
2 files changed, 2 insertions, 34 deletions
diff --git a/lib/libssl/src/ssl/s3_cbc.c b/lib/libssl/src/ssl/s3_cbc.c index 57485caacf1..824ccf983b8 100644 --- a/lib/libssl/src/ssl/s3_cbc.c +++ b/lib/libssl/src/ssl/s3_cbc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_cbc.c,v 1.10 2015/07/17 07:04:40 doug Exp $ */ +/* $OpenBSD: s3_cbc.c,v 1.11 2015/09/11 17:17:44 jsing Exp $ */ /* ==================================================================== * Copyright (c) 2012 The OpenSSL Project. All rights reserved. * @@ -101,36 +101,6 @@ constant_time_eq_8(unsigned a, unsigned b) return DUPLICATE_MSB_TO_ALL_8(c); } -/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC - * record in |rec| by updating |rec->length| in constant time. - * - * block_size: the block size of the cipher used to encrypt the record. - * returns: - * 0: (in non-constant time) if the record is publicly invalid. - * 1: if the padding was valid - * -1: otherwise. */ -int -ssl3_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, - unsigned mac_size) -{ - unsigned padding_length, good; - const unsigned overhead = 1 /* padding length byte */ + mac_size; - - /* These lengths are all public so we can test them in non-constant - * time. */ - if (overhead > rec->length) - return 0; - - padding_length = rec->data[rec->length - 1]; - good = constant_time_ge(rec->length, padding_length + overhead); - /* SSLv3 requires that the padding is minimal. */ - good &= constant_time_ge(block_size, padding_length + 1); - padding_length = good & (padding_length + 1); - rec->length -= padding_length; - rec->type |= padding_length << 8; /* kludge: pass padding length */ - return (int)((good & 1) | (~good & -1)); -} - /* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC * record in |rec| in constant time and returns 1 if the padding is valid and * -1 otherwise. It also removes any explicit IV from the start of the record diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h index 88af440f21d..a1302104e67 100644 --- a/lib/libssl/src/ssl/ssl_locl.h +++ b/lib/libssl/src/ssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.113 2015/09/11 17:11:53 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.114 2015/09/11 17:17:44 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -844,8 +844,6 @@ int ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, /* s3_cbc.c */ void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD *rec, unsigned md_size, unsigned orig_len); -int ssl3_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec, - unsigned block_size, unsigned mac_size); int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec, unsigned block_size, unsigned mac_size); char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); |