Move some functions to file scope.
The various SSL3_ENC_METHODs ought to be defined in the same file their
functions are defined in, so they can be static.
Change-Id: I34a1d3437e8e61d4d50f2be70312e4630ea89c19
Reviewed-on: https://boringssl-review.googlesource.com/6840
Reviewed-by: Adam Langley <alangley@gmail.com>
diff --git a/ssl/internal.h b/ssl/internal.h
index 84d66aa..a9f1508 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1038,10 +1038,6 @@
int ssl3_send_certificate_status(SSL *ssl);
int ssl3_get_finished(SSL *ssl, int state_a, int state_b);
int ssl3_send_change_cipher_spec(SSL *ssl, int state_a, int state_b);
-int ssl3_prf(const SSL *ssl, uint8_t *out, size_t out_len,
- const uint8_t *secret, size_t secret_len, const char *label,
- size_t label_len, const uint8_t *seed1, size_t seed1_len,
- const uint8_t *seed2, size_t seed2_len);
void ssl3_cleanup_key_block(SSL *ssl);
int ssl3_do_write(SSL *ssl, int type);
int ssl3_send_alert(SSL *ssl, int level, int desc);
@@ -1071,8 +1067,6 @@
int ssl3_read_bytes(SSL *ssl, int type, uint8_t *buf, int len, int peek);
int ssl3_write_app_data(SSL *ssl, const void *buf, int len);
int ssl3_write_bytes(SSL *ssl, int type, const void *buf, int len);
-int ssl3_final_finish_mac(SSL *ssl, int from_server, uint8_t *out);
-int ssl3_cert_verify_mac(SSL *ssl, int md_nid, uint8_t *p);
int ssl3_output_cert_chain(SSL *ssl);
const SSL_CIPHER *ssl3_choose_cipher(
SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
@@ -1161,20 +1155,11 @@
int ssl_init_wbio_buffer(SSL *ssl, int push);
void ssl_free_wbio_buffer(SSL *ssl);
-int tls1_prf(const SSL *ssl, uint8_t *out, size_t out_len,
- const uint8_t *secret, size_t secret_len, const char *label,
- size_t label_len, const uint8_t *seed1, size_t seed1_len,
- const uint8_t *seed2, size_t seed2_len);
-
int tls1_change_cipher_state(SSL *ssl, int which);
int tls1_setup_key_block(SSL *ssl);
int tls1_handshake_digest(SSL *ssl, uint8_t *out, size_t out_len);
-int tls1_final_finish_mac(SSL *ssl, int from_server, uint8_t *out);
-int tls1_cert_verify_mac(SSL *ssl, int md_nid, uint8_t *p);
int tls1_generate_master_secret(SSL *ssl, uint8_t *out, const uint8_t *premaster,
size_t premaster_len);
-int tls1_alert_code(int code);
-int ssl3_alert_code(int code);
char ssl_early_callback_init(struct ssl_early_callback_ctx *ctx);
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 38b0c4e..790867f 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -148,27 +148,13 @@
#include "internal.h"
-static const uint8_t ssl3_pad_1[48] = {
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
- 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
-};
-
-static const uint8_t ssl3_pad_2[48] = {
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
- 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
-};
-
static int ssl3_handshake_mac(SSL *ssl, int md_nid, const char *sender,
size_t sender_len, uint8_t *p);
-int ssl3_prf(const SSL *ssl, uint8_t *out, size_t out_len,
- const uint8_t *secret, size_t secret_len, const char *label,
- size_t label_len, const uint8_t *seed1, size_t seed1_len,
- const uint8_t *seed2, size_t seed2_len) {
+static int ssl3_prf(const SSL *ssl, uint8_t *out, size_t out_len,
+ const uint8_t *secret, size_t secret_len, const char *label,
+ size_t label_len, const uint8_t *seed1, size_t seed1_len,
+ const uint8_t *seed2, size_t seed2_len) {
EVP_MD_CTX md5;
EVP_MD_CTX sha1;
uint8_t buf[16], smd[SHA_DIGEST_LENGTH];
@@ -309,11 +295,11 @@
return 1;
}
-int ssl3_cert_verify_mac(SSL *ssl, int md_nid, uint8_t *p) {
+static int ssl3_cert_verify_mac(SSL *ssl, int md_nid, uint8_t *p) {
return ssl3_handshake_mac(ssl, md_nid, NULL, 0, p);
}
-int ssl3_final_finish_mac(SSL *ssl, int from_server, uint8_t *out) {
+static int ssl3_final_finish_mac(SSL *ssl, int from_server, uint8_t *out) {
const char *sender = from_server ? SSL3_MD_SERVER_FINISHED_CONST
: SSL3_MD_CLIENT_FINISHED_CONST;
const size_t sender_len = 4;
@@ -359,6 +345,20 @@
return 0;
}
+ static const uint8_t kPad1[48] = {
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ };
+
+ static const uint8_t kPad2[48] = {
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ };
+
n = EVP_MD_CTX_size(&ctx);
npad = (48 / n) * n;
@@ -367,7 +367,7 @@
}
EVP_DigestUpdate(&ctx, ssl->session->master_key,
ssl->session->master_key_length);
- EVP_DigestUpdate(&ctx, ssl3_pad_1, npad);
+ EVP_DigestUpdate(&ctx, kPad1, npad);
EVP_DigestFinal_ex(&ctx, md_buf, &i);
if (!EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL)) {
@@ -377,7 +377,7 @@
}
EVP_DigestUpdate(&ctx, ssl->session->master_key,
ssl->session->master_key_length);
- EVP_DigestUpdate(&ctx, ssl3_pad_2, npad);
+ EVP_DigestUpdate(&ctx, kPad2, npad);
EVP_DigestUpdate(&ctx, md_buf, i);
EVP_DigestFinal_ex(&ctx, p, &ret);
@@ -386,7 +386,7 @@
return ret;
}
-int ssl3_alert_code(int code) {
+static int ssl3_alert_code(int code) {
switch (code) {
case SSL_AD_CLOSE_NOTIFY:
return SSL3_AD_CLOSE_NOTIFY;
@@ -485,3 +485,11 @@
return -1;
}
}
+
+const SSL3_ENC_METHOD SSLv3_enc_data = {
+ ssl3_prf,
+ ssl3_final_finish_mac,
+ ssl3_cert_verify_mac,
+ ssl3_alert_code,
+ 0,
+};
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 2a5e4d6..7de12a8 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -163,14 +163,6 @@
#include "internal.h"
-const SSL3_ENC_METHOD SSLv3_enc_data = {
- ssl3_prf,
- ssl3_final_finish_mac,
- ssl3_cert_verify_mac,
- ssl3_alert_code,
- 0,
-};
-
int ssl3_supports_cipher(const SSL_CIPHER *cipher) {
return 1;
}
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 8b2ee54..a40f4a4 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -224,10 +224,10 @@
return ret;
}
-int tls1_prf(const SSL *ssl, uint8_t *out, size_t out_len,
- const uint8_t *secret, size_t secret_len, const char *label,
- size_t label_len, const uint8_t *seed1, size_t seed1_len,
- const uint8_t *seed2, size_t seed2_len) {
+static int tls1_prf(const SSL *ssl, uint8_t *out, size_t out_len,
+ const uint8_t *secret, size_t secret_len, const char *label,
+ size_t label_len, const uint8_t *seed1, size_t seed1_len,
+ const uint8_t *seed2, size_t seed2_len) {
if (out_len == 0) {
return 1;
}
@@ -390,7 +390,7 @@
return 1;
}
-int tls1_cert_verify_mac(SSL *ssl, int md_nid, uint8_t *out) {
+static int tls1_cert_verify_mac(SSL *ssl, int md_nid, uint8_t *out) {
const EVP_MD_CTX *ctx_template;
if (md_nid == NID_md5) {
ctx_template = &ssl->s3->handshake_md5;
@@ -459,7 +459,7 @@
return (int)(md5_len + len);
}
-int tls1_final_finish_mac(SSL *ssl, int from_server, uint8_t *out) {
+static int tls1_final_finish_mac(SSL *ssl, int from_server, uint8_t *out) {
/* At this point, the handshake should have released the handshake buffer on
* its own. */
assert(ssl->s3->handshake_buffer == NULL);
@@ -554,7 +554,7 @@
return ret;
}
-int tls1_alert_code(int code) {
+static int tls1_alert_code(int code) {
switch (code) {
case SSL_AD_CLOSE_NOTIFY:
return SSL3_AD_CLOSE_NOTIFY;
@@ -652,3 +652,27 @@
return -1;
}
}
+
+const SSL3_ENC_METHOD TLSv1_enc_data = {
+ tls1_prf,
+ tls1_final_finish_mac,
+ tls1_cert_verify_mac,
+ tls1_alert_code,
+ 0,
+};
+
+const SSL3_ENC_METHOD TLSv1_1_enc_data = {
+ tls1_prf,
+ tls1_final_finish_mac,
+ tls1_cert_verify_mac,
+ tls1_alert_code,
+ SSL_ENC_FLAG_EXPLICIT_IV,
+};
+
+const SSL3_ENC_METHOD TLSv1_2_enc_data = {
+ tls1_prf,
+ tls1_final_finish_mac,
+ tls1_cert_verify_mac,
+ tls1_alert_code,
+ SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS|SSL_ENC_FLAG_SHA256_PRF,
+};
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 20115e8..d6ae87e 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -130,30 +130,6 @@
static int ssl_check_clienthello_tlsext(SSL *ssl);
static int ssl_check_serverhello_tlsext(SSL *ssl);
-const SSL3_ENC_METHOD TLSv1_enc_data = {
- tls1_prf,
- tls1_final_finish_mac,
- tls1_cert_verify_mac,
- tls1_alert_code,
- 0,
-};
-
-const SSL3_ENC_METHOD TLSv1_1_enc_data = {
- tls1_prf,
- tls1_final_finish_mac,
- tls1_cert_verify_mac,
- tls1_alert_code,
- SSL_ENC_FLAG_EXPLICIT_IV,
-};
-
-const SSL3_ENC_METHOD TLSv1_2_enc_data = {
- tls1_prf,
- tls1_final_finish_mac,
- tls1_cert_verify_mac,
- tls1_alert_code,
- SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS|SSL_ENC_FLAG_SHA256_PRF,
-};
-
static int compare_uint16_t(const void *p1, const void *p2) {
uint16_t u1 = *((const uint16_t *)p1);
uint16_t u2 = *((const uint16_t *)p2);