Remove a few unnecessary SSL3_ENC_METHOD hooks. As things stand now, they don't actually do anything. Change-Id: I9f8b4cbf38a0dffabfc5265805c52bb8d7a8fb0d Reviewed-on: https://boringssl-review.googlesource.com/6837 Reviewed-by: Adam Langley <alangley@gmail.com>
diff --git a/ssl/internal.h b/ssl/internal.h index 58dca0f..8a4f708 100644 --- a/ssl/internal.h +++ b/ssl/internal.h
@@ -854,7 +854,6 @@ struct ssl3_enc_method { int (*prf)(SSL *, uint8_t *, size_t, const uint8_t *, size_t, const char *, size_t, const uint8_t *, size_t, const uint8_t *, size_t); - int (*generate_master_secret)(SSL *, uint8_t *, const uint8_t *, size_t); int (*final_finish_mac)(SSL *, const char *, int, uint8_t *); int (*cert_verify_mac)(SSL *, int, uint8_t *); const char *client_finished_label; @@ -862,8 +861,6 @@ const char *server_finished_label; int server_finished_label_len; int (*alert_value)(int); - int (*export_keying_material)(SSL *, uint8_t *, size_t, const char *, size_t, - const uint8_t *, size_t, int use_context); /* Various flags indicating protocol version requirements */ unsigned int enc_flags; }; @@ -1179,10 +1176,6 @@ int tls1_cert_verify_mac(SSL *ssl, int md_nid, uint8_t *p); int tls1_generate_master_secret(SSL *ssl, uint8_t *out, const uint8_t *premaster, size_t premaster_len); -int tls1_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len, - const char *label, size_t label_len, - const uint8_t *context, size_t context_len, - int use_context); int tls1_alert_code(int code); int ssl3_alert_code(int code);
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 569599d..2c1a32f 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c
@@ -1754,8 +1754,8 @@ } ssl->state = SSL3_ST_CW_KEY_EXCH_B; - ssl->session->master_key_length = ssl->enc_method->generate_master_secret( - ssl, ssl->session->master_key, pms, pms_len); + ssl->session->master_key_length = + tls1_generate_master_secret(ssl, ssl->session->master_key, pms, pms_len); if (ssl->session->master_key_length == 0) { goto err; }
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 6b132ed..1e18e54 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c
@@ -165,13 +165,11 @@ const SSL3_ENC_METHOD SSLv3_enc_data = { ssl3_prf, - tls1_generate_master_secret, ssl3_final_finish_mac, ssl3_cert_verify_mac, SSL3_MD_CLIENT_FINISHED_CONST, 4, SSL3_MD_SERVER_FINISHED_CONST, 4, ssl3_alert_code, - tls1_export_keying_material, 0, };
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index c0b2d80..eee7b0c 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c
@@ -1700,7 +1700,7 @@ } /* Compute the master secret */ - ssl->session->master_key_length = ssl->enc_method->generate_master_secret( + ssl->session->master_key_length = tls1_generate_master_secret( ssl, ssl->session->master_key, premaster_secret, premaster_secret_len); if (ssl->session->master_key_length == 0) { goto err;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 6b9e6ba..3e2b156 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c
@@ -1636,18 +1636,6 @@ } } -int SSL_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len, - const char *label, size_t label_len, - const uint8_t *context, size_t context_len, - int use_context) { - if (ssl->version < TLS1_VERSION) { - return 0; - } - - return ssl->enc_method->export_keying_material( - ssl, out, out_len, label, label_len, context, context_len, use_context); -} - void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *store_ctx, void *arg),
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 8c4b6d8..92a8489 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c
@@ -513,12 +513,11 @@ return SSL3_MASTER_SECRET_SIZE; } -int tls1_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len, - const char *label, size_t label_len, - const uint8_t *context, size_t context_len, - int use_context) { +int SSL_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len, + const char *label, size_t label_len, + const uint8_t *context, size_t context_len, + int use_context) { if (!ssl->s3->have_version || ssl->version == SSL3_VERSION) { - OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; }
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 2d0a4fb..d2fc8af 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c
@@ -132,37 +132,31 @@ const SSL3_ENC_METHOD TLSv1_enc_data = { tls1_prf, - tls1_generate_master_secret, tls1_final_finish_mac, tls1_cert_verify_mac, TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, - tls1_export_keying_material, 0, }; const SSL3_ENC_METHOD TLSv1_1_enc_data = { tls1_prf, - tls1_generate_master_secret, tls1_final_finish_mac, tls1_cert_verify_mac, TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, - tls1_export_keying_material, SSL_ENC_FLAG_EXPLICIT_IV, }; const SSL3_ENC_METHOD TLSv1_2_enc_data = { tls1_prf, - tls1_generate_master_secret, tls1_final_finish_mac, tls1_cert_verify_mac, TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, - tls1_export_keying_material, SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS|SSL_ENC_FLAG_SHA256_PRF, };