diff options
| -rw-r--r-- | lib/libssl/d1_clnt.c | 10 | ||||
| -rw-r--r-- | lib/libssl/d1_lib.c | 15 | ||||
| -rw-r--r-- | lib/libssl/d1_pkt.c | 6 | ||||
| -rw-r--r-- | lib/libssl/d1_srvr.c | 14 | ||||
| -rw-r--r-- | lib/libssl/ssl_both.c | 18 | ||||
| -rw-r--r-- | lib/libssl/ssl_clnt.c | 24 | ||||
| -rw-r--r-- | lib/libssl/ssl_lib.c | 4 | ||||
| -rw-r--r-- | lib/libssl/ssl_locl.h | 22 | ||||
| -rw-r--r-- | lib/libssl/ssl_pkt.c | 22 | ||||
| -rw-r--r-- | lib/libssl/ssl_srvr.c | 22 | ||||
| -rw-r--r-- | lib/libssl/t1_lib.c | 41 |
11 files changed, 63 insertions, 135 deletions
diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c index 5f8b56ebed7..c0f90dce6fa 100644 --- a/lib/libssl/d1_clnt.c +++ b/lib/libssl/d1_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_clnt.c,v 1.70 2017/01/26 05:31:25 jsing Exp $ */ +/* $OpenBSD: d1_clnt.c,v 1.71 2017/01/26 06:32:58 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -437,12 +437,12 @@ dtls1_connect(SSL *s) s->internal->init_num = 0; s->session->cipher = S3I(s)->tmp.new_cipher; - if (!s->method->internal->ssl3_enc->setup_key_block(s)) { + if (!tls1_setup_key_block(s)) { ret = -1; goto end; } - if (!s->method->internal->ssl3_enc->change_cipher_state(s, + if (!tls1_change_cipher_state(s, SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret = -1; goto end; @@ -458,8 +458,8 @@ dtls1_connect(SSL *s) dtls1_start_timer(s); ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B, - s->method->internal->ssl3_enc->client_finished_label, - s->method->internal->ssl3_enc->client_finished_label_len); + TLS_MD_CLIENT_FINISH_CONST, + TLS_MD_CLIENT_FINISH_CONST_SIZE); if (ret <= 0) goto end; s->internal->state = SSL3_ST_CW_FLUSH; diff --git a/lib/libssl/d1_lib.c b/lib/libssl/d1_lib.c index e4805a1efac..e193d4ab811 100644 --- a/lib/libssl/d1_lib.c +++ b/lib/libssl/d1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_lib.c,v 1.38 2017/01/25 06:38:01 jsing Exp $ */ +/* $OpenBSD: d1_lib.c,v 1.39 2017/01/26 06:32:58 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -74,19 +74,6 @@ static int dtls1_listen(SSL *s, struct sockaddr *client); SSL3_ENC_METHOD DTLSv1_enc_data = { .enc = dtls1_enc, - .mac = tls1_mac, - .setup_key_block = tls1_setup_key_block, - .generate_master_secret = tls1_generate_master_secret, - .change_cipher_state = tls1_change_cipher_state, - .final_finish_mac = tls1_final_finish_mac, - .finish_mac_length = TLS1_FINISH_MAC_LENGTH, - .cert_verify_mac = tls1_cert_verify_mac, - .client_finished_label = TLS_MD_CLIENT_FINISH_CONST, - .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE, - .server_finished_label = TLS_MD_SERVER_FINISH_CONST, - .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, - .alert_value = tls1_alert_code, - .export_keying_material = tls1_export_keying_material, .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV, }; diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index 19853d23756..3ea02700b58 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.59 2017/01/25 06:13:02 jsing Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.60 2017/01/26 06:32:58 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -417,7 +417,7 @@ dtls1_process_record(SSL *s) mac = &rr->data[rr->length]; } - i = s->method->internal->ssl3_enc->mac(s, md, 0 /* not send */); + i = tls1_mac(s, md, 0 /* not send */); if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) enc_err = -1; if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) @@ -1272,7 +1272,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) * wr->data still points in the wb->buf */ if (mac_size != 0) { - if (s->method->internal->ssl3_enc->mac(s, &(p[wr->length + bs]), 1) < 0) + if (tls1_mac(s, &(p[wr->length + bs]), 1) < 0) goto err; wr->length += mac_size; } diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c index 1be0e4b5963..f36d3f40cd3 100644 --- a/lib/libssl/d1_srvr.c +++ b/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.80 2017/01/26 05:31:25 jsing Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.81 2017/01/26 06:32:58 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -522,9 +522,9 @@ dtls1_accept(SSL *s) /* We need to get hashes here so if there is * a client cert, it can be verified */ - s->method->internal->ssl3_enc->cert_verify_mac(s, + tls1_cert_verify_mac(s, NID_md5, &(S3I(s)->tmp.cert_verify_md[0])); - s->method->internal->ssl3_enc->cert_verify_mac(s, + tls1_cert_verify_mac(s, NID_sha1, &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); } @@ -582,7 +582,7 @@ dtls1_accept(SSL *s) case SSL3_ST_SW_CHANGE_B: s->session->cipher = S3I(s)->tmp.new_cipher; - if (!s->method->internal->ssl3_enc->setup_key_block(s)) { + if (!tls1_setup_key_block(s)) { ret = -1; goto end; } @@ -597,7 +597,7 @@ dtls1_accept(SSL *s) s->internal->state = SSL3_ST_SW_FINISHED_A; s->internal->init_num = 0; - if (!s->method->internal->ssl3_enc->change_cipher_state(s, + if (!tls1_change_cipher_state(s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret = -1; goto end; @@ -610,8 +610,8 @@ dtls1_accept(SSL *s) case SSL3_ST_SW_FINISHED_B: ret = ssl3_send_finished(s, SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B, - s->method->internal->ssl3_enc->server_finished_label, - s->method->internal->ssl3_enc->server_finished_label_len); + TLS_MD_SERVER_FINISH_CONST, + TLS_MD_SERVER_FINISH_CONST_SIZE); if (ret <= 0) goto end; s->internal->state = SSL3_ST_SW_FLUSH; diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c index e556e336edf..9d0dadef83a 100644 --- a/lib/libssl/ssl_both.c +++ b/lib/libssl/ssl_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_both.c,v 1.1 2017/01/26 05:51:54 jsing Exp $ */ +/* $OpenBSD: ssl_both.c,v 1.2 2017/01/26 06:32:58 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -170,10 +170,10 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) int md_len; if (s->internal->state == a) { - md_len = s->method->internal->ssl3_enc->finish_mac_length; + md_len = TLS1_FINISH_MAC_LENGTH; OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); - if (s->method->internal->ssl3_enc->final_finish_mac(s, sender, slen, + if (tls1_final_finish_mac(s, sender, slen, S3I(s)->tmp.finish_md) != md_len) return (0); S3I(s)->tmp.finish_md_len = md_len; @@ -217,15 +217,15 @@ ssl3_take_mac(SSL *s) return; if (s->internal->state & SSL_ST_CONNECT) { - sender = s->method->internal->ssl3_enc->server_finished_label; - slen = s->method->internal->ssl3_enc->server_finished_label_len; + sender = TLS_MD_SERVER_FINISH_CONST; + slen = TLS_MD_SERVER_FINISH_CONST_SIZE; } else { - sender = s->method->internal->ssl3_enc->client_finished_label; - slen = s->method->internal->ssl3_enc->client_finished_label_len; + sender = TLS_MD_CLIENT_FINISH_CONST; + slen = TLS_MD_CLIENT_FINISH_CONST_SIZE; } S3I(s)->tmp.peer_finish_md_len = - s->method->internal->ssl3_enc->final_finish_mac(s, sender, slen, + tls1_final_finish_mac(s, sender, slen, S3I(s)->tmp.peer_finish_md); } @@ -249,7 +249,7 @@ ssl3_get_finished(SSL *s, int a, int b) } S3I(s)->change_cipher_spec = 0; - md_len = s->method->internal->ssl3_enc->finish_mac_length; + md_len = TLS1_FINISH_MAC_LENGTH; if (n < 0) { al = SSL_AD_DECODE_ERROR; diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index e7c78b139bf..f7bbca0d787 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.1 2017/01/26 05:51:54 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.2 2017/01/26 06:32:58 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -419,12 +419,12 @@ ssl3_connect(SSL *s) s->internal->init_num = 0; s->session->cipher = S3I(s)->tmp.new_cipher; - if (!s->method->internal->ssl3_enc->setup_key_block(s)) { + if (!tls1_setup_key_block(s)) { ret = -1; goto end; } - if (!s->method->internal->ssl3_enc->change_cipher_state(s, + if (!tls1_change_cipher_state(s, SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret = -1; goto end; @@ -444,8 +444,8 @@ ssl3_connect(SSL *s) case SSL3_ST_CW_FINISHED_B: ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B, - s->method->internal->ssl3_enc->client_finished_label, - s->method->internal->ssl3_enc->client_finished_label_len); + TLS_MD_CLIENT_FINISH_CONST, + TLS_MD_CLIENT_FINISH_CONST_SIZE); if (ret <= 0) goto end; s->s3->flags |= SSL3_FLAGS_CCS_OK; @@ -2005,7 +2005,7 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb) goto err; s->session->master_key_length = - s->method->internal->ssl3_enc->generate_master_secret(s, + tls1_generate_master_secret(s, s->session->master_key, pms, sizeof(pms)); ret = 1; @@ -2060,7 +2060,7 @@ ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb) /* Generate master key from the result. */ s->session->master_key_length = - s->method->internal->ssl3_enc->generate_master_secret(s, + tls1_generate_master_secret(s, s->session->master_key, key, key_len); if (!CBB_add_u16_length_prefixed(cbb, &dh_Yc)) @@ -2135,7 +2135,7 @@ ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb) /* Generate master key from the result. */ s->session->master_key_length = - s->method->internal->ssl3_enc->generate_master_secret(s, + tls1_generate_master_secret(s, s->session->master_key, key, key_len); encoded_len = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh), @@ -2204,7 +2204,7 @@ ssl3_send_client_kex_ecdhe_ecx(SSL *s, SESS_CERT *sc, CBB *cbb) /* Generate master key from the result. */ s->session->master_key_length = - s->method->internal->ssl3_enc->generate_master_secret(s, + tls1_generate_master_secret(s, s->session->master_key, shared_key, X25519_KEY_LENGTH); ret = 1; @@ -2344,7 +2344,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb) } EVP_PKEY_CTX_free(pkey_ctx); s->session->master_key_length = - s->method->internal->ssl3_enc->generate_master_secret(s, + tls1_generate_master_secret(s, s->session->master_key, premaster_secret, 32); ret = 1; @@ -2441,7 +2441,7 @@ ssl3_send_client_verify(SSL *s) EVP_PKEY_sign_init(pctx); if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) { if (!SSL_USE_SIGALGS(s)) - s->method->internal->ssl3_enc->cert_verify_mac(s, + tls1_cert_verify_mac(s, NID_sha1, &(data[MD5_DIGEST_LENGTH])); } else { ERR_clear_error(); @@ -2475,7 +2475,7 @@ ssl3_send_client_verify(SSL *s) if (!tls1_digest_cached_records(s)) goto err; } else if (pkey->type == EVP_PKEY_RSA) { - s->method->internal->ssl3_enc->cert_verify_mac( + tls1_cert_verify_mac( s, NID_md5, &(data[0])); if (RSA_sign(NID_md5_sha1, data, MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]), diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 6f31d6dcdf7..6d5d5c468b8 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.152 2017/01/26 06:01:44 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.153 2017/01/26 06:32:58 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1732,7 +1732,7 @@ SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *p, size_t plen, int use_context) { - return (s->method->internal->ssl3_enc->export_keying_material(s, out, olen, + return (tls1_export_keying_material(s, out, olen, label, llen, p, plen, use_context)); } diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index bff28b17729..6834592516c 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.169 2017/01/26 05:31:25 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.170 2017/01/26 06:32:58 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1012,28 +1012,8 @@ typedef struct sess_cert_st { /*#define SSL_DEBUG */ /*#define RSA_DEBUG */ -/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff - * It is a bit of a mess of functions, but hell, think of it as - * an opaque structure :-) */ typedef struct ssl3_enc_method { int (*enc)(SSL *, int); - int (*mac)(SSL *, unsigned char *, int); - int (*setup_key_block)(SSL *); - int (*generate_master_secret)(SSL *, unsigned char *, - unsigned char *, int); - int (*change_cipher_state)(SSL *, int); - int (*final_finish_mac)(SSL *, const char *, int, unsigned char *); - int finish_mac_length; - int (*cert_verify_mac)(SSL *, int, unsigned char *); - const char *client_finished_label; - int client_finished_label_len; - const char *server_finished_label; - int server_finished_label_len; - int (*alert_value)(int); - int (*export_keying_material)(SSL *, unsigned char *, size_t, - const char *, size_t, const unsigned char *, size_t, - int use_context); - /* Flags indicating protocol version requirements. */ unsigned int enc_flags; } SSL3_ENC_METHOD; diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c index 2ab264f33f6..ef5b5737aaa 100644 --- a/lib/libssl/ssl_pkt.c +++ b/lib/libssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.1 2017/01/26 05:51:54 jsing Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.2 2017/01/26 06:32:58 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -475,7 +475,7 @@ again: mac = &rr->data[rr->length]; } - i = s->method->internal->ssl3_enc->mac(s,md,0 /* not send */); + i = tls1_mac(s,md,0 /* not send */); if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) enc_err = -1; @@ -747,7 +747,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, * wr->data still points in the wb->buf */ if (mac_size != 0) { - if (s->method->internal->ssl3_enc->mac(s, + if (tls1_mac(s, &(p[wr->length + eivlen]), 1) < 0) goto err; wr->length += mac_size; @@ -1360,25 +1360,25 @@ ssl3_do_change_cipher_spec(SSL *s) } s->session->cipher = S3I(s)->tmp.new_cipher; - if (!s->method->internal->ssl3_enc->setup_key_block(s)) + if (!tls1_setup_key_block(s)) return (0); } - if (!s->method->internal->ssl3_enc->change_cipher_state(s, i)) + if (!tls1_change_cipher_state(s, i)) return (0); /* we have to record the message digest at * this point so we can get it before we read * the finished message */ if (s->internal->state & SSL_ST_CONNECT) { - sender = s->method->internal->ssl3_enc->server_finished_label; - slen = s->method->internal->ssl3_enc->server_finished_label_len; + sender = TLS_MD_SERVER_FINISH_CONST; + slen = TLS_MD_SERVER_FINISH_CONST_SIZE; } else { - sender = s->method->internal->ssl3_enc->client_finished_label; - slen = s->method->internal->ssl3_enc->client_finished_label_len; + sender = TLS_MD_CLIENT_FINISH_CONST; + slen = TLS_MD_CLIENT_FINISH_CONST_SIZE; } - i = s->method->internal->ssl3_enc->final_finish_mac(s, sender, slen, + i = tls1_final_finish_mac(s, sender, slen, S3I(s)->tmp.peer_finish_md); if (i == 0) { SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); @@ -1393,7 +1393,7 @@ int ssl3_send_alert(SSL *s, int level, int desc) { /* Map tls/ssl alert value to correct one */ - desc = s->method->internal->ssl3_enc->alert_value(desc); + desc = tls1_alert_code(desc); if (desc < 0) return -1; /* If a fatal one, remove from cache */ diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index dfc6ee67b6c..a716947ab9f 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.1 2017/01/26 05:51:54 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.2 2017/01/26 06:32:58 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -519,7 +519,7 @@ ssl3_accept(SSL *s) if (S3I(s)->handshake_dgst[dgst_num]) { int dgst_size; - s->method->internal->ssl3_enc->cert_verify_mac(s, + tls1_cert_verify_mac(s, EVP_MD_CTX_type( S3I(s)->handshake_dgst[dgst_num]), &(S3I(s)->tmp.cert_verify_md[offset])); @@ -598,7 +598,7 @@ ssl3_accept(SSL *s) case SSL3_ST_SW_CHANGE_B: s->session->cipher = S3I(s)->tmp.new_cipher; - if (!s->method->internal->ssl3_enc->setup_key_block(s)) { + if (!tls1_setup_key_block(s)) { ret = -1; goto end; } @@ -611,7 +611,7 @@ ssl3_accept(SSL *s) s->internal->state = SSL3_ST_SW_FINISHED_A; s->internal->init_num = 0; - if (!s->method->internal->ssl3_enc->change_cipher_state( + if (!tls1_change_cipher_state( s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret = -1; goto end; @@ -623,8 +623,8 @@ ssl3_accept(SSL *s) case SSL3_ST_SW_FINISHED_B: ret = ssl3_send_finished(s, SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B, - s->method->internal->ssl3_enc->server_finished_label, - s->method->internal->ssl3_enc->server_finished_label_len); + TLS_MD_SERVER_FINISH_CONST, + TLS_MD_SERVER_FINISH_CONST_SIZE); if (ret <= 0) goto end; s->internal->state = SSL3_ST_SW_FLUSH; @@ -1808,7 +1808,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n) } s->session->master_key_length = - s->method->internal->ssl3_enc->generate_master_secret(s, + tls1_generate_master_secret(s, s->session->master_key, p, i); explicit_bzero(p, i); @@ -1864,7 +1864,7 @@ ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n) } s->session->master_key_length = - s->method->internal->ssl3_enc->generate_master_secret( + tls1_generate_master_secret( s, s->session->master_key, p, key_size); explicit_bzero(p, key_size); @@ -2018,7 +2018,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n) /* Compute the master secret */ s->session->master_key_length = - s->method->internal->ssl3_enc->generate_master_secret( + tls1_generate_master_secret( s, s->session->master_key, p, i); explicit_bzero(p, i); @@ -2060,7 +2060,7 @@ ssl3_get_client_kex_ecdhe_ecx(SSL *s, unsigned char *p, long n) S3I(s)->tmp.x25519 = NULL; s->session->master_key_length = - s->method->internal->ssl3_enc->generate_master_secret( + tls1_generate_master_secret( s, s->session->master_key, shared_key, X25519_KEY_LENGTH); ret = 1; @@ -2136,7 +2136,7 @@ ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n) } /* Generate master secret */ s->session->master_key_length = - s->method->internal->ssl3_enc->generate_master_secret( + tls1_generate_master_secret( s, s->session->master_key, premaster_secret, 32); /* Check if pubkey from client certificate was used */ if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 9b60d664e56..3585a3ac55c 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.111 2017/01/24 14:57:31 jsing Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.112 2017/01/26 06:32:58 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -125,55 +125,16 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, SSL3_ENC_METHOD TLSv1_enc_data = { .enc = tls1_enc, - .mac = tls1_mac, - .setup_key_block = tls1_setup_key_block, - .generate_master_secret = tls1_generate_master_secret, - .change_cipher_state = tls1_change_cipher_state, - .final_finish_mac = tls1_final_finish_mac, - .finish_mac_length = TLS1_FINISH_MAC_LENGTH, - .cert_verify_mac = tls1_cert_verify_mac, - .client_finished_label = TLS_MD_CLIENT_FINISH_CONST, - .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE, - .server_finished_label = TLS_MD_SERVER_FINISH_CONST, - .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, - .alert_value = tls1_alert_code, - .export_keying_material = tls1_export_keying_material, .enc_flags = 0, }; SSL3_ENC_METHOD TLSv1_1_enc_data = { .enc = tls1_enc, - .mac = tls1_mac, - .setup_key_block = tls1_setup_key_block, - .generate_master_secret = tls1_generate_master_secret, - .change_cipher_state = tls1_change_cipher_state, - .final_finish_mac = tls1_final_finish_mac, - .finish_mac_length = TLS1_FINISH_MAC_LENGTH, - .cert_verify_mac = tls1_cert_verify_mac, - .client_finished_label = TLS_MD_CLIENT_FINISH_CONST, - .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE, - .server_finished_label = TLS_MD_SERVER_FINISH_CONST, - .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, - .alert_value = tls1_alert_code, - .export_keying_material = tls1_export_keying_material, .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV, }; SSL3_ENC_METHOD TLSv1_2_enc_data = { .enc = tls1_enc, - .mac = tls1_mac, - .setup_key_block = tls1_setup_key_block, - .generate_master_secret = tls1_generate_master_secret, - .change_cipher_state = tls1_change_cipher_state, - .final_finish_mac = tls1_final_finish_mac, - .finish_mac_length = TLS1_FINISH_MAC_LENGTH, - .cert_verify_mac = tls1_cert_verify_mac, - .client_finished_label = TLS_MD_CLIENT_FINISH_CONST, - .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE, - .server_finished_label = TLS_MD_SERVER_FINISH_CONST, - .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, - .alert_value = tls1_alert_code, - .export_keying_material = tls1_export_keying_material, .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS| SSL_ENC_FLAG_SHA256_PRF|SSL_ENC_FLAG_TLS1_2_CIPHERS, }; |