diff options
| author | jsing <> | 2014-06-08 15:10:14 +0000 |
|---|---|---|
| committer | jsing <> | 2014-06-08 15:10:14 +0000 |
| commit | 48785f83a9f6abc9abdda0e64947adc49f083d87 (patch) | |
| tree | eeaa4bb55da13a0440a55e4d626f2f38e5d93b9e /src | |
| parent | 6edaa113208368ea663f46ef4188ba92cadb51a4 (diff) | |
| download | openbsd-48785f83a9f6abc9abdda0e64947adc49f083d87.tar.gz openbsd-48785f83a9f6abc9abdda0e64947adc49f083d87.tar.bz2 openbsd-48785f83a9f6abc9abdda0e64947adc49f083d87.zip | |
Add a define for the SSLv3 sequence size and use it, rather than sprinkling
magic numbers around.
ok deraadt@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/s3_cbc.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_cbc.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_enc.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl3.h | 5 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_enc.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl3.h | 5 | ||||
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 4 |
7 files changed, 16 insertions, 14 deletions
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c index 9ba9896a52..eb1a8fdff7 100644 --- a/src/lib/libssl/s3_cbc.c +++ b/src/lib/libssl/s3_cbc.c | |||
| @@ -172,8 +172,8 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, | |||
| 172 | */ | 172 | */ |
| 173 | if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) { | 173 | if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) { |
| 174 | /* First packet is even in size, so check */ | 174 | /* First packet is even in size, so check */ |
| 175 | if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) && | 175 | if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", |
| 176 | !(padding_length & 1)) { | 176 | SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) { |
| 177 | s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; | 177 | s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; |
| 178 | } | 178 | } |
| 179 | if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && | 179 | if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && |
diff --git a/src/lib/libssl/src/ssl/s3_cbc.c b/src/lib/libssl/src/ssl/s3_cbc.c index 9ba9896a52..eb1a8fdff7 100644 --- a/src/lib/libssl/src/ssl/s3_cbc.c +++ b/src/lib/libssl/src/ssl/s3_cbc.c | |||
| @@ -172,8 +172,8 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, | |||
| 172 | */ | 172 | */ |
| 173 | if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) { | 173 | if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) { |
| 174 | /* First packet is even in size, so check */ | 174 | /* First packet is even in size, so check */ |
| 175 | if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) && | 175 | if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", |
| 176 | !(padding_length & 1)) { | 176 | SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) { |
| 177 | s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; | 177 | s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; |
| 178 | } | 178 | } |
| 179 | if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && | 179 | if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && |
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c index e8d96d5356..57f9c133cc 100644 --- a/src/lib/libssl/src/ssl/s3_enc.c +++ b/src/lib/libssl/src/ssl/s3_enc.c | |||
| @@ -272,7 +272,7 @@ ssl3_change_cipher_state(SSL *s, int which) | |||
| 272 | goto err; | 272 | goto err; |
| 273 | } | 273 | } |
| 274 | #endif | 274 | #endif |
| 275 | memset(&(s->s3->read_sequence[0]), 0, 8); | 275 | memset(s->s3->read_sequence, 0, SSL3_SEQUENCE_SIZE); |
| 276 | mac_secret = &(s->s3->read_mac_secret[0]); | 276 | mac_secret = &(s->s3->read_mac_secret[0]); |
| 277 | } else { | 277 | } else { |
| 278 | if (s->enc_write_ctx != NULL) | 278 | if (s->enc_write_ctx != NULL) |
| @@ -301,7 +301,7 @@ ssl3_change_cipher_state(SSL *s, int which) | |||
| 301 | } | 301 | } |
| 302 | } | 302 | } |
| 303 | #endif | 303 | #endif |
| 304 | memset(&(s->s3->write_sequence[0]), 0, 8); | 304 | memset(s->s3->write_sequence, 0, SSL3_SEQUENCE_SIZE); |
| 305 | mac_secret = &(s->s3->write_mac_secret[0]); | 305 | mac_secret = &(s->s3->write_mac_secret[0]); |
| 306 | } | 306 | } |
| 307 | 307 | ||
diff --git a/src/lib/libssl/src/ssl/ssl3.h b/src/lib/libssl/src/ssl/ssl3.h index 8444ccb57d..feaf0f8dd9 100644 --- a/src/lib/libssl/src/ssl/ssl3.h +++ b/src/lib/libssl/src/ssl/ssl3.h | |||
| @@ -232,6 +232,7 @@ extern "C" { | |||
| 232 | 232 | ||
| 233 | #define SSL3_MASTER_SECRET_SIZE 48 | 233 | #define SSL3_MASTER_SECRET_SIZE 48 |
| 234 | #define SSL3_RANDOM_SIZE 32 | 234 | #define SSL3_RANDOM_SIZE 32 |
| 235 | #define SSL3_SEQUENCE_SIZE 8 | ||
| 235 | #define SSL3_SESSION_ID_SIZE 32 | 236 | #define SSL3_SESSION_ID_SIZE 32 |
| 236 | #define SSL3_RT_HEADER_LENGTH 5 | 237 | #define SSL3_RT_HEADER_LENGTH 5 |
| 237 | 238 | ||
| @@ -389,10 +390,10 @@ typedef struct ssl3_state_st { | |||
| 389 | long flags; | 390 | long flags; |
| 390 | int delay_buf_pop_ret; | 391 | int delay_buf_pop_ret; |
| 391 | 392 | ||
| 392 | unsigned char read_sequence[8]; | 393 | unsigned char read_sequence[SSL3_SEQUENCE_SIZE]; |
| 393 | int read_mac_secret_size; | 394 | int read_mac_secret_size; |
| 394 | unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; | 395 | unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; |
| 395 | unsigned char write_sequence[8]; | 396 | unsigned char write_sequence[SSL3_SEQUENCE_SIZE]; |
| 396 | int write_mac_secret_size; | 397 | int write_mac_secret_size; |
| 397 | unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; | 398 | unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; |
| 398 | 399 | ||
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c index 353a408c98..6dcb2c849f 100644 --- a/src/lib/libssl/src/ssl/t1_enc.c +++ b/src/lib/libssl/src/ssl/t1_enc.c | |||
| @@ -525,7 +525,7 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 525 | */ | 525 | */ |
| 526 | if (!SSL_IS_DTLS(s)) { | 526 | if (!SSL_IS_DTLS(s)) { |
| 527 | seq = is_read ? s->s3->read_sequence : s->s3->write_sequence; | 527 | seq = is_read ? s->s3->read_sequence : s->s3->write_sequence; |
| 528 | memset(seq, 0, 8); | 528 | memset(seq, 0, SSL3_SEQUENCE_SIZE); |
| 529 | } | 529 | } |
| 530 | 530 | ||
| 531 | key_len = EVP_CIPHER_key_length(cipher); | 531 | key_len = EVP_CIPHER_key_length(cipher); |
| @@ -753,7 +753,7 @@ tls1_enc(SSL *s, int send) | |||
| 753 | memcpy(p, &seq[2], 6); | 753 | memcpy(p, &seq[2], 6); |
| 754 | memcpy(buf, dtlsseq, 8); | 754 | memcpy(buf, dtlsseq, 8); |
| 755 | } else { | 755 | } else { |
| 756 | memcpy(buf, seq, 8); | 756 | memcpy(buf, seq, SSL3_SEQUENCE_SIZE); |
| 757 | for (i = 7; i >= 0; i--) { /* increment */ | 757 | for (i = 7; i >= 0; i--) { /* increment */ |
| 758 | ++seq[i]; | 758 | ++seq[i]; |
| 759 | if (seq[i] != 0) | 759 | if (seq[i] != 0) |
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index 8444ccb57d..feaf0f8dd9 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h | |||
| @@ -232,6 +232,7 @@ extern "C" { | |||
| 232 | 232 | ||
| 233 | #define SSL3_MASTER_SECRET_SIZE 48 | 233 | #define SSL3_MASTER_SECRET_SIZE 48 |
| 234 | #define SSL3_RANDOM_SIZE 32 | 234 | #define SSL3_RANDOM_SIZE 32 |
| 235 | #define SSL3_SEQUENCE_SIZE 8 | ||
| 235 | #define SSL3_SESSION_ID_SIZE 32 | 236 | #define SSL3_SESSION_ID_SIZE 32 |
| 236 | #define SSL3_RT_HEADER_LENGTH 5 | 237 | #define SSL3_RT_HEADER_LENGTH 5 |
| 237 | 238 | ||
| @@ -389,10 +390,10 @@ typedef struct ssl3_state_st { | |||
| 389 | long flags; | 390 | long flags; |
| 390 | int delay_buf_pop_ret; | 391 | int delay_buf_pop_ret; |
| 391 | 392 | ||
| 392 | unsigned char read_sequence[8]; | 393 | unsigned char read_sequence[SSL3_SEQUENCE_SIZE]; |
| 393 | int read_mac_secret_size; | 394 | int read_mac_secret_size; |
| 394 | unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; | 395 | unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; |
| 395 | unsigned char write_sequence[8]; | 396 | unsigned char write_sequence[SSL3_SEQUENCE_SIZE]; |
| 396 | int write_mac_secret_size; | 397 | int write_mac_secret_size; |
| 397 | unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; | 398 | unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; |
| 398 | 399 | ||
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 353a408c98..6dcb2c849f 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -525,7 +525,7 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 525 | */ | 525 | */ |
| 526 | if (!SSL_IS_DTLS(s)) { | 526 | if (!SSL_IS_DTLS(s)) { |
| 527 | seq = is_read ? s->s3->read_sequence : s->s3->write_sequence; | 527 | seq = is_read ? s->s3->read_sequence : s->s3->write_sequence; |
| 528 | memset(seq, 0, 8); | 528 | memset(seq, 0, SSL3_SEQUENCE_SIZE); |
| 529 | } | 529 | } |
| 530 | 530 | ||
| 531 | key_len = EVP_CIPHER_key_length(cipher); | 531 | key_len = EVP_CIPHER_key_length(cipher); |
| @@ -753,7 +753,7 @@ tls1_enc(SSL *s, int send) | |||
| 753 | memcpy(p, &seq[2], 6); | 753 | memcpy(p, &seq[2], 6); |
| 754 | memcpy(buf, dtlsseq, 8); | 754 | memcpy(buf, dtlsseq, 8); |
| 755 | } else { | 755 | } else { |
| 756 | memcpy(buf, seq, 8); | 756 | memcpy(buf, seq, SSL3_SEQUENCE_SIZE); |
| 757 | for (i = 7; i >= 0; i--) { /* increment */ | 757 | for (i = 7; i >= 0; i--) { /* increment */ |
| 758 | ++seq[i]; | 758 | ++seq[i]; |
| 759 | if (seq[i] != 0) | 759 | if (seq[i] != 0) |