summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2014-06-08 15:10:14 +0000
committerjsing <>2014-06-08 15:10:14 +0000
commite09f346f585ebbff7e51f7095ad14e930011ddf9 (patch)
treeeeaa4bb55da13a0440a55e4d626f2f38e5d93b9e /src
parent052a9a9be92e722401a6631b2605e5939c1cdce9 (diff)
downloadopenbsd-e09f346f585ebbff7e51f7095ad14e930011ddf9.tar.gz
openbsd-e09f346f585ebbff7e51f7095ad14e930011ddf9.tar.bz2
openbsd-e09f346f585ebbff7e51f7095ad14e930011ddf9.zip
Add a define for the SSLv3 sequence size and use it, rather than sprinkling
magic numbers around. ok deraadt@
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/s3_cbc.c4
-rw-r--r--src/lib/libssl/src/ssl/s3_cbc.c4
-rw-r--r--src/lib/libssl/src/ssl/s3_enc.c4
-rw-r--r--src/lib/libssl/src/ssl/ssl3.h5
-rw-r--r--src/lib/libssl/src/ssl/t1_enc.c4
-rw-r--r--src/lib/libssl/ssl3.h5
-rw-r--r--src/lib/libssl/t1_enc.c4
7 files changed, 16 insertions, 14 deletions
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c
index 9ba9896a52..eb1a8fdff7 100644
--- a/src/lib/libssl/s3_cbc.c
+++ b/src/lib/libssl/s3_cbc.c
@@ -172,8 +172,8 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
172 */ 172 */
173 if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) { 173 if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) {
174 /* First packet is even in size, so check */ 174 /* First packet is even in size, so check */
175 if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) && 175 if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",
176 !(padding_length & 1)) { 176 SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) {
177 s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; 177 s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
178 } 178 }
179 if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && 179 if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) &&
diff --git a/src/lib/libssl/src/ssl/s3_cbc.c b/src/lib/libssl/src/ssl/s3_cbc.c
index 9ba9896a52..eb1a8fdff7 100644
--- a/src/lib/libssl/src/ssl/s3_cbc.c
+++ b/src/lib/libssl/src/ssl/s3_cbc.c
@@ -172,8 +172,8 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
172 */ 172 */
173 if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) { 173 if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) {
174 /* First packet is even in size, so check */ 174 /* First packet is even in size, so check */
175 if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) && 175 if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",
176 !(padding_length & 1)) { 176 SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) {
177 s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; 177 s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
178 } 178 }
179 if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && 179 if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) &&
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index e8d96d5356..57f9c133cc 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -272,7 +272,7 @@ ssl3_change_cipher_state(SSL *s, int which)
272 goto err; 272 goto err;
273 } 273 }
274#endif 274#endif
275 memset(&(s->s3->read_sequence[0]), 0, 8); 275 memset(s->s3->read_sequence, 0, SSL3_SEQUENCE_SIZE);
276 mac_secret = &(s->s3->read_mac_secret[0]); 276 mac_secret = &(s->s3->read_mac_secret[0]);
277 } else { 277 } else {
278 if (s->enc_write_ctx != NULL) 278 if (s->enc_write_ctx != NULL)
@@ -301,7 +301,7 @@ ssl3_change_cipher_state(SSL *s, int which)
301 } 301 }
302 } 302 }
303#endif 303#endif
304 memset(&(s->s3->write_sequence[0]), 0, 8); 304 memset(s->s3->write_sequence, 0, SSL3_SEQUENCE_SIZE);
305 mac_secret = &(s->s3->write_mac_secret[0]); 305 mac_secret = &(s->s3->write_mac_secret[0]);
306 } 306 }
307 307
diff --git a/src/lib/libssl/src/ssl/ssl3.h b/src/lib/libssl/src/ssl/ssl3.h
index 8444ccb57d..feaf0f8dd9 100644
--- a/src/lib/libssl/src/ssl/ssl3.h
+++ b/src/lib/libssl/src/ssl/ssl3.h
@@ -232,6 +232,7 @@ extern "C" {
232 232
233#define SSL3_MASTER_SECRET_SIZE 48 233#define SSL3_MASTER_SECRET_SIZE 48
234#define SSL3_RANDOM_SIZE 32 234#define SSL3_RANDOM_SIZE 32
235#define SSL3_SEQUENCE_SIZE 8
235#define SSL3_SESSION_ID_SIZE 32 236#define SSL3_SESSION_ID_SIZE 32
236#define SSL3_RT_HEADER_LENGTH 5 237#define SSL3_RT_HEADER_LENGTH 5
237 238
@@ -389,10 +390,10 @@ typedef struct ssl3_state_st {
389 long flags; 390 long flags;
390 int delay_buf_pop_ret; 391 int delay_buf_pop_ret;
391 392
392 unsigned char read_sequence[8]; 393 unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
393 int read_mac_secret_size; 394 int read_mac_secret_size;
394 unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; 395 unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
395 unsigned char write_sequence[8]; 396 unsigned char write_sequence[SSL3_SEQUENCE_SIZE];
396 int write_mac_secret_size; 397 int write_mac_secret_size;
397 unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; 398 unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
398 399
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index 353a408c98..6dcb2c849f 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -525,7 +525,7 @@ tls1_change_cipher_state(SSL *s, int which)
525 */ 525 */
526 if (!SSL_IS_DTLS(s)) { 526 if (!SSL_IS_DTLS(s)) {
527 seq = is_read ? s->s3->read_sequence : s->s3->write_sequence; 527 seq = is_read ? s->s3->read_sequence : s->s3->write_sequence;
528 memset(seq, 0, 8); 528 memset(seq, 0, SSL3_SEQUENCE_SIZE);
529 } 529 }
530 530
531 key_len = EVP_CIPHER_key_length(cipher); 531 key_len = EVP_CIPHER_key_length(cipher);
@@ -753,7 +753,7 @@ tls1_enc(SSL *s, int send)
753 memcpy(p, &seq[2], 6); 753 memcpy(p, &seq[2], 6);
754 memcpy(buf, dtlsseq, 8); 754 memcpy(buf, dtlsseq, 8);
755 } else { 755 } else {
756 memcpy(buf, seq, 8); 756 memcpy(buf, seq, SSL3_SEQUENCE_SIZE);
757 for (i = 7; i >= 0; i--) { /* increment */ 757 for (i = 7; i >= 0; i--) { /* increment */
758 ++seq[i]; 758 ++seq[i];
759 if (seq[i] != 0) 759 if (seq[i] != 0)
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 8444ccb57d..feaf0f8dd9 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -232,6 +232,7 @@ extern "C" {
232 232
233#define SSL3_MASTER_SECRET_SIZE 48 233#define SSL3_MASTER_SECRET_SIZE 48
234#define SSL3_RANDOM_SIZE 32 234#define SSL3_RANDOM_SIZE 32
235#define SSL3_SEQUENCE_SIZE 8
235#define SSL3_SESSION_ID_SIZE 32 236#define SSL3_SESSION_ID_SIZE 32
236#define SSL3_RT_HEADER_LENGTH 5 237#define SSL3_RT_HEADER_LENGTH 5
237 238
@@ -389,10 +390,10 @@ typedef struct ssl3_state_st {
389 long flags; 390 long flags;
390 int delay_buf_pop_ret; 391 int delay_buf_pop_ret;
391 392
392 unsigned char read_sequence[8]; 393 unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
393 int read_mac_secret_size; 394 int read_mac_secret_size;
394 unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; 395 unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
395 unsigned char write_sequence[8]; 396 unsigned char write_sequence[SSL3_SEQUENCE_SIZE];
396 int write_mac_secret_size; 397 int write_mac_secret_size;
397 unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; 398 unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
398 399
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 353a408c98..6dcb2c849f 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -525,7 +525,7 @@ tls1_change_cipher_state(SSL *s, int which)
525 */ 525 */
526 if (!SSL_IS_DTLS(s)) { 526 if (!SSL_IS_DTLS(s)) {
527 seq = is_read ? s->s3->read_sequence : s->s3->write_sequence; 527 seq = is_read ? s->s3->read_sequence : s->s3->write_sequence;
528 memset(seq, 0, 8); 528 memset(seq, 0, SSL3_SEQUENCE_SIZE);
529 } 529 }
530 530
531 key_len = EVP_CIPHER_key_length(cipher); 531 key_len = EVP_CIPHER_key_length(cipher);
@@ -753,7 +753,7 @@ tls1_enc(SSL *s, int send)
753 memcpy(p, &seq[2], 6); 753 memcpy(p, &seq[2], 6);
754 memcpy(buf, dtlsseq, 8); 754 memcpy(buf, dtlsseq, 8);
755 } else { 755 } else {
756 memcpy(buf, seq, 8); 756 memcpy(buf, seq, SSL3_SEQUENCE_SIZE);
757 for (i = 7; i >= 0; i--) { /* increment */ 757 for (i = 7; i >= 0; i--) { /* increment */
758 ++seq[i]; 758 ++seq[i];
759 if (seq[i] != 0) 759 if (seq[i] != 0)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-31 14:12:14 +0000