diff options
| author | jsing <> | 2015-09-13 12:39:16 +0000 |
|---|---|---|
| committer | jsing <> | 2015-09-13 12:39:16 +0000 |
| commit | 2555ca7b86c3ba095a21111d3f7d00e279de8e4d (patch) | |
| tree | a1c3a5f61faf14648f7d771dcc47e0f23b97a617 /src/lib | |
| parent | 28892a43750ee4ef043c57940de90e1b76e61209 (diff) | |
| download | openbsd-2555ca7b86c3ba095a21111d3f7d00e279de8e4d.tar.gz openbsd-2555ca7b86c3ba095a21111d3f7d00e279de8e4d.tar.bz2 openbsd-2555ca7b86c3ba095a21111d3f7d00e279de8e4d.zip | |
Use ECDH_size() instead of rolling our own.
ok beck@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 11 | ||||
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_clnt.c | 11 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_srvr.c | 12 |
4 files changed, 22 insertions, 24 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index c2f5ea4e07..e33d745b19 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.133 2015/09/12 20:56:14 jsing Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.134 2015/09/13 12:39:16 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1975,7 +1975,7 @@ ssl3_client_kex_ecdh(SSL *s, SESS_CERT *sess_cert, unsigned char *p, | |||
| 1975 | unsigned char *encodedPoint = NULL; | 1975 | unsigned char *encodedPoint = NULL; |
| 1976 | unsigned long alg_k; | 1976 | unsigned long alg_k; |
| 1977 | int encoded_pt_len = 0; | 1977 | int encoded_pt_len = 0; |
| 1978 | int field_size = 0; | 1978 | int key_size; |
| 1979 | EC_KEY *tkey; | 1979 | EC_KEY *tkey; |
| 1980 | int ret = -1; | 1980 | int ret = -1; |
| 1981 | int n; | 1981 | int n; |
| @@ -2035,13 +2035,12 @@ ssl3_client_kex_ecdh(SSL *s, SESS_CERT *sess_cert, unsigned char *p, | |||
| 2035 | * Use the 'p' output buffer for the ECDH key, but make sure to clear | 2035 | * Use the 'p' output buffer for the ECDH key, but make sure to clear |
| 2036 | * it out afterwards. | 2036 | * it out afterwards. |
| 2037 | */ | 2037 | */ |
| 2038 | field_size = EC_GROUP_get_degree(srvr_group); | 2038 | key_size = ECDH_size(clnt_ecdh); |
| 2039 | if (field_size <= 0) { | 2039 | if (key_size <= 0) { |
| 2040 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); | 2040 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); |
| 2041 | goto err; | 2041 | goto err; |
| 2042 | } | 2042 | } |
| 2043 | n = ECDH_compute_key(p, (field_size + 7) / 8, srvr_ecpoint, clnt_ecdh, | 2043 | n = ECDH_compute_key(p, key_size, srvr_ecpoint, clnt_ecdh, NULL); |
| 2044 | NULL); | ||
| 2045 | if (n <= 0) { | 2044 | if (n <= 0) { |
| 2046 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); | 2045 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); |
| 2047 | goto err; | 2046 | goto err; |
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index cd63422db8..37d96e4e18 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.122 2015/09/13 09:20:19 jsing Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.123 2015/09/13 12:39:16 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1778,7 +1778,7 @@ ssl3_get_client_key_exchange(SSL *s) | |||
| 1778 | 1778 | ||
| 1779 | if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { | 1779 | if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { |
| 1780 | int ret = 1; | 1780 | int ret = 1; |
| 1781 | int field_size = 0; | 1781 | int key_size; |
| 1782 | const EC_KEY *tkey; | 1782 | const EC_KEY *tkey; |
| 1783 | const EC_GROUP *group; | 1783 | const EC_GROUP *group; |
| 1784 | const BIGNUM *priv_key; | 1784 | const BIGNUM *priv_key; |
| @@ -1891,14 +1891,14 @@ ssl3_get_client_key_exchange(SSL *s) | |||
| 1891 | } | 1891 | } |
| 1892 | 1892 | ||
| 1893 | /* Compute the shared pre-master secret */ | 1893 | /* Compute the shared pre-master secret */ |
| 1894 | field_size = EC_GROUP_get_degree(group); | 1894 | key_size = ECDH_size(srvr_ecdh); |
| 1895 | if (field_size <= 0) { | 1895 | if (key_size <= 0) { |
| 1896 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | 1896 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |
| 1897 | ERR_R_ECDH_LIB); | 1897 | ERR_R_ECDH_LIB); |
| 1898 | goto err; | 1898 | goto err; |
| 1899 | } | 1899 | } |
| 1900 | i = ECDH_compute_key(p, (field_size + 7)/8, clnt_ecpoint, | 1900 | i = ECDH_compute_key(p, key_size, clnt_ecpoint, srvr_ecdh, |
| 1901 | srvr_ecdh, NULL); | 1901 | NULL); |
| 1902 | if (i <= 0) { | 1902 | if (i <= 0) { |
| 1903 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | 1903 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |
| 1904 | ERR_R_ECDH_LIB); | 1904 | ERR_R_ECDH_LIB); |
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index c2f5ea4e07..e33d745b19 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.133 2015/09/12 20:56:14 jsing Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.134 2015/09/13 12:39:16 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1975,7 +1975,7 @@ ssl3_client_kex_ecdh(SSL *s, SESS_CERT *sess_cert, unsigned char *p, | |||
| 1975 | unsigned char *encodedPoint = NULL; | 1975 | unsigned char *encodedPoint = NULL; |
| 1976 | unsigned long alg_k; | 1976 | unsigned long alg_k; |
| 1977 | int encoded_pt_len = 0; | 1977 | int encoded_pt_len = 0; |
| 1978 | int field_size = 0; | 1978 | int key_size; |
| 1979 | EC_KEY *tkey; | 1979 | EC_KEY *tkey; |
| 1980 | int ret = -1; | 1980 | int ret = -1; |
| 1981 | int n; | 1981 | int n; |
| @@ -2035,13 +2035,12 @@ ssl3_client_kex_ecdh(SSL *s, SESS_CERT *sess_cert, unsigned char *p, | |||
| 2035 | * Use the 'p' output buffer for the ECDH key, but make sure to clear | 2035 | * Use the 'p' output buffer for the ECDH key, but make sure to clear |
| 2036 | * it out afterwards. | 2036 | * it out afterwards. |
| 2037 | */ | 2037 | */ |
| 2038 | field_size = EC_GROUP_get_degree(srvr_group); | 2038 | key_size = ECDH_size(clnt_ecdh); |
| 2039 | if (field_size <= 0) { | 2039 | if (key_size <= 0) { |
| 2040 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); | 2040 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); |
| 2041 | goto err; | 2041 | goto err; |
| 2042 | } | 2042 | } |
| 2043 | n = ECDH_compute_key(p, (field_size + 7) / 8, srvr_ecpoint, clnt_ecdh, | 2043 | n = ECDH_compute_key(p, key_size, srvr_ecpoint, clnt_ecdh, NULL); |
| 2044 | NULL); | ||
| 2045 | if (n <= 0) { | 2044 | if (n <= 0) { |
| 2046 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); | 2045 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); |
| 2047 | goto err; | 2046 | goto err; |
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index cd63422db8..37d96e4e18 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.122 2015/09/13 09:20:19 jsing Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.123 2015/09/13 12:39:16 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1778,7 +1778,7 @@ ssl3_get_client_key_exchange(SSL *s) | |||
| 1778 | 1778 | ||
| 1779 | if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { | 1779 | if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { |
| 1780 | int ret = 1; | 1780 | int ret = 1; |
| 1781 | int field_size = 0; | 1781 | int key_size; |
| 1782 | const EC_KEY *tkey; | 1782 | const EC_KEY *tkey; |
| 1783 | const EC_GROUP *group; | 1783 | const EC_GROUP *group; |
| 1784 | const BIGNUM *priv_key; | 1784 | const BIGNUM *priv_key; |
| @@ -1891,14 +1891,14 @@ ssl3_get_client_key_exchange(SSL *s) | |||
| 1891 | } | 1891 | } |
| 1892 | 1892 | ||
| 1893 | /* Compute the shared pre-master secret */ | 1893 | /* Compute the shared pre-master secret */ |
| 1894 | field_size = EC_GROUP_get_degree(group); | 1894 | key_size = ECDH_size(srvr_ecdh); |
| 1895 | if (field_size <= 0) { | 1895 | if (key_size <= 0) { |
| 1896 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | 1896 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |
| 1897 | ERR_R_ECDH_LIB); | 1897 | ERR_R_ECDH_LIB); |
| 1898 | goto err; | 1898 | goto err; |
| 1899 | } | 1899 | } |
| 1900 | i = ECDH_compute_key(p, (field_size + 7)/8, clnt_ecpoint, | 1900 | i = ECDH_compute_key(p, key_size, clnt_ecpoint, srvr_ecdh, |
| 1901 | srvr_ecdh, NULL); | 1901 | NULL); |
| 1902 | if (i <= 0) { | 1902 | if (i <= 0) { |
| 1903 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | 1903 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |
| 1904 | ERR_R_ECDH_LIB); | 1904 | ERR_R_ECDH_LIB); |