remove redundant code

siemens · Mar 4, 2024 · 0bf3ccc · 0bf3ccc
1 parent cccf9ba
commit 0bf3ccc
Show file tree

Hide file tree

Showing 6 changed files with 8 additions and 22 deletions.
diff --git a/ssl/record/methods/tls13_meth.c b/ssl/record/methods/tls13_meth.c
@@ -91,7 +91,7 @@ static int tls13_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs,
                         size_t macsize)
 {
     EVP_CIPHER_CTX *ctx;
-    unsigned char iv[EVP_MAX_IV_LENGTH], recheader[SSL3_RT_HEADER_LENGTH];
+    unsigned char recheader[SSL3_RT_HEADER_LENGTH];
     unsigned char tag[EVP_MAX_MD_SIZE];
     size_t ivlen, offset, loop, hdrlen, taglen;
     unsigned char *staticiv;

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
@@ -136,8 +136,8 @@ static SSL_CIPHER tls13_ciphers[] = {
         TLS1_3_CK_SHA384_SHA384,
         SSL_kANY,
         SSL_aANY,
-        SSL_eNULLHMACSHA384,
-        SSL_AEAD,
+        SSL_eNULL,
+        SSL_SHA384,
         TLS1_3_VERSION, TLS1_3_VERSION,
         0, 0,
         SSL_NOT_DEFAULT | SSL_STRONG_NONE,

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
@@ -55,10 +55,6 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
     {SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */
     {SSL_MAGMA, NID_magma_ctr_acpkm}, /* SSL_ENC_MAGMA_IDX */
     {SSL_KUZNYECHIK, NID_kuznyechik_ctr_acpkm}, /* SSL_ENC_KUZNYECHIK_IDX */
-    /* SSL_ENC_eNULLHMACSHA256_IDX 24 */
-    {SSL_eNULLHMACSHA256, NID_null_hmac_sha256},
-    /* SSL_ENC_eNULLHMACSHA384_IDX 25 */
-    {SSL_eNULLHMACSHA384, NID_null_hmac_sha384},
 };
 
 #define SSL_COMP_NULL_IDX       0
@@ -85,9 +81,8 @@ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = {
     {0, NID_md5_sha1},          /* SSL_MD_MD5_SHA1_IDX 9 */
     {0, NID_sha224},            /* SSL_MD_SHA224_IDX 10 */
     {0, NID_sha512},            /* SSL_MD_SHA512_IDX 11 */
-    {SSL_MAGMAOMAC, NID_magma_mac}, /* sSL_MD_MAGMAOMAC_IDX 12 */
-    {SSL_KUZNYECHIKOMAC, NID_kuznyechik_mac}, /* SSL_MD_KUZNYECHIKOMAC_IDX 13 */
-    {SSL_HMACSHA256, NID_sha256}  /* SSL_HMACSHA256_IDX 14 */
+    {SSL_MAGMAOMAC, NID_magma_mac}, /* sSL_MD_MAGMAOMAC_IDX */
+    {SSL_KUZNYECHIKOMAC, NID_kuznyechik_mac} /* SSL_MD_KUZNYECHIKOMAC_IDX */
 };
 
 /* *INDENT-OFF* */

diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
@@ -152,8 +152,6 @@
 # define SSL_ARIA256GCM          0x00200000U
 # define SSL_MAGMA               0x00400000U
 # define SSL_KUZNYECHIK          0x00800000U
-# define SSL_eNULLHMACSHA256     0x01000000U
-# define SSL_eNULLHMACSHA384     0x02000000U
 
 # define SSL_AESGCM              (SSL_AES128GCM | SSL_AES256GCM)
 # define SSL_AESCCM              (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8)
@@ -165,7 +163,6 @@
 # define SSL_CBC                 (SSL_DES | SSL_3DES | SSL_RC2 | SSL_IDEA \
                                   | SSL_AES128 | SSL_AES256 | SSL_CAMELLIA128 \
                                   | SSL_CAMELLIA256 | SSL_SEED)
-# define SSL_eNULLHMAC          (SSL_eNULLHMACSHA256 | SSL_eNULLHMACSHA384)
 
 /* Bits for algorithm_mac (symmetric authentication) */
 
@@ -182,8 +179,6 @@
 # define SSL_GOST12_512          0x00000200U
 # define SSL_MAGMAOMAC           0x00000400U
 # define SSL_KUZNYECHIKOMAC      0x00000800U
-# define SSL_HMACSHA256          0x00001000U
-# define SSL_HMACSHA384          0x00002000U
 
 /*
  * When adding new digest in the ssl_ciph.c and increment SSL_MD_NUM_IDX make
@@ -204,8 +199,7 @@
 # define SSL_MD_SHA512_IDX 11
 # define SSL_MD_MAGMAOMAC_IDX 12
 # define SSL_MD_KUZNYECHIKOMAC_IDX 13
-# define SSL_HMACSHA256_IDX 14
-# define SSL_MAX_DIGEST 15
+# define SSL_MAX_DIGEST 14
 
 #define SSL_MD_NUM_IDX  SSL_MAX_DIGEST
 
@@ -367,9 +361,7 @@
 # define SSL_ENC_ARIA256GCM_IDX  21
 # define SSL_ENC_MAGMA_IDX       22
 # define SSL_ENC_KUZNYECHIK_IDX  23
-# define SSL_ENC_NULL_HMAC_SHA256_IDX  24
-# define SSL_ENC_NULL_HMAC_SHA384_IDX  25
-# define SSL_ENC_NUM_IDX 26
+# define SSL_ENC_NUM_IDX         24
 
 /*-
  * SSL_kRSA <- RSA_ENC

diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
@@ -471,7 +471,6 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
     int ret = 0;
     const EVP_MD *md = NULL, *mac_md = NULL;
     const EVP_CIPHER *cipher = NULL;
-    const EVP_MAC *mac = NULL;
     int mac_pkey_type = NID_undef;
     SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
     size_t keylen, ivlen, taglen, mac_secret_size;

diff --git a/test/quicapitest.c b/test/quicapitest.c
@@ -593,7 +593,7 @@ static int test_quic_forbidden_apis_ctx(void)
     "TLS_AES_256_CCM_SHA384:"           \
     "TLS_AES_128_CCM_8_SHA256:"         \
     "TLS_SHA256_SHA256:"                \
-    "TLS_SHA384_SHA384"                 \
+    "TLS_SHA384_SHA384"
 
     /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
     if (!TEST_true(SSL_CTX_set_ciphersuites(ctx,