提交 6938c954 编写于 作者: D Dr. Stephen Henson

Remove unused cert_verify_mac code

Reviewed-by: NAndy Polyakov <appro@openssl.org>
上级 f6739c3d
......@@ -90,7 +90,6 @@ const SSL3_ENC_METHOD DTLSv1_enc_data = {
tls1_change_cipher_state,
tls1_final_finish_mac,
TLS1_FINISH_MAC_LENGTH,
tls1_cert_verify_mac,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
tls1_alert_code,
......@@ -109,7 +108,6 @@ const SSL3_ENC_METHOD DTLSv1_2_enc_data = {
tls1_change_cipher_state,
tls1_final_finish_mac,
TLS1_FINISH_MAC_LENGTH,
tls1_cert_verify_mac,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
tls1_alert_code,
......
......@@ -560,11 +560,6 @@ int ssl3_digest_cached_records(SSL *s, int keep)
return 1;
}
int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
{
return (ssl3_handshake_mac(s, md_nid, NULL, 0, p));
}
int ssl3_final_finish_mac(SSL *s,
const char *sender, int len, unsigned char *p)
{
......
......@@ -3809,7 +3809,6 @@ const SSL3_ENC_METHOD SSLv3_enc_data = {
ssl3_change_cipher_state,
ssl3_final_finish_mac,
MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
ssl3_cert_verify_mac,
SSL3_MD_CLIENT_FINISHED_CONST, 4,
SSL3_MD_SERVER_FINISHED_CONST, 4,
ssl3_alert_code,
......
......@@ -176,7 +176,6 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = {
(int (*)(SSL *, const char *, int, unsigned char *))
ssl_undefined_function,
0, /* finish_mac_length */
(int (*)(SSL *, int, unsigned char *))ssl_undefined_function,
NULL, /* client_finished_label */
0, /* client_finished_label_len */
NULL, /* server_finished_label */
......
......@@ -1266,8 +1266,6 @@ typedef struct ssl3_state_st {
int num_renegotiations;
int in_read_app_data;
struct {
/* actually needs to be 32+32+64 for GOST */
unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2];
/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
int finish_md_len;
......@@ -1685,7 +1683,6 @@ typedef struct ssl3_enc_method {
int (*change_cipher_state) (SSL *, int);
int (*final_finish_mac) (SSL *, const char *, int, unsigned char *);
int finish_mac_length;
int (*cert_verify_mac) (SSL *, int, unsigned char *);
const char *client_finished_label;
int client_finished_label_len;
const char *server_finished_label;
......@@ -1948,7 +1945,6 @@ int ssl3_renegotiate_check(SSL *ssl);
__owur int ssl3_dispatch_alert(SSL *s);
__owur int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
unsigned char *p);
__owur int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
void ssl3_free_digest_list(SSL *s);
__owur unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk);
......@@ -2032,7 +2028,6 @@ __owur int tls1_change_cipher_state(SSL *s, int which);
__owur int tls1_setup_key_block(SSL *s);
__owur int tls1_final_finish_mac(SSL *s,
const char *str, int slen, unsigned char *p);
__owur int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
__owur int tls1_generate_master_secret(SSL *s, unsigned char *out,
unsigned char *p, int len);
__owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
......
......@@ -698,36 +698,6 @@ int tls1_setup_key_block(SSL *s)
return (ret);
}
int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
{
unsigned int ret;
EVP_MD_CTX ctx, *d = NULL;
int i;
if (!ssl3_digest_cached_records(s, 0))
return 0;
for (i = 0; i < SSL_MAX_DIGEST; i++) {
if (s->s3->handshake_dgst[i]
&& EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
d = s->s3->handshake_dgst[i];
break;
}
}
if (!d) {
SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC, SSL_R_NO_REQUIRED_DIGEST);
return 0;
}
EVP_MD_CTX_init(&ctx);
if (EVP_MD_CTX_copy_ex(&ctx, d) <=0
|| EVP_DigestFinal_ex(&ctx, out, &ret) <= 0)
ret = 0;
EVP_MD_CTX_cleanup(&ctx);
return ((int)ret);
}
int tls1_final_finish_mac(SSL *s, const char *str, int slen,
unsigned char *out)
{
......
......@@ -135,7 +135,6 @@ SSL3_ENC_METHOD const TLSv1_enc_data = {
tls1_change_cipher_state,
tls1_final_finish_mac,
TLS1_FINISH_MAC_LENGTH,
tls1_cert_verify_mac,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
tls1_alert_code,
......@@ -154,7 +153,6 @@ SSL3_ENC_METHOD const TLSv1_1_enc_data = {
tls1_change_cipher_state,
tls1_final_finish_mac,
TLS1_FINISH_MAC_LENGTH,
tls1_cert_verify_mac,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
tls1_alert_code,
......@@ -173,7 +171,6 @@ SSL3_ENC_METHOD const TLSv1_2_enc_data = {
tls1_change_cipher_state,
tls1_final_finish_mac,
TLS1_FINISH_MAC_LENGTH,
tls1_cert_verify_mac,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
tls1_alert_code,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册