summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls12_record_layer.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/tls12_record_layer.c')
-rw-r--r--src/lib/libssl/tls12_record_layer.c43
1 files changed, 5 insertions, 38 deletions
diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c
index 3f2fe71e21..9786d7d0bd 100644
--- a/src/lib/libssl/tls12_record_layer.c
+++ b/src/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls12_record_layer.c,v 1.41 2024/01/18 16:30:43 tb Exp $ */ 1/* $OpenBSD: tls12_record_layer.c,v 1.42 2024/02/03 15:58:34 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -468,7 +468,6 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
468 CBS *iv) 468 CBS *iv)
469{ 469{
470 EVP_PKEY *mac_pkey = NULL; 470 EVP_PKEY *mac_pkey = NULL;
471 int gost_param_nid;
472 int mac_type; 471 int mac_type;
473 int ret = 0; 472 int ret = 0;
474 473
@@ -484,25 +483,10 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
484 goto err; 483 goto err;
485 if (EVP_CIPHER_key_length(rl->cipher) != CBS_len(key)) 484 if (EVP_CIPHER_key_length(rl->cipher) != CBS_len(key))
486 goto err; 485 goto err;
487 486 if (CBS_len(mac_key) > INT_MAX)
488#ifndef OPENSSL_NO_GOST 487 goto err;
489 /* XXX die die die */ 488 if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key))
490 /* Special handling for GOST... */ 489 goto err;
491 if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) {
492 if (CBS_len(mac_key) != 32)
493 goto err;
494 mac_type = EVP_PKEY_GOSTIMIT;
495 rp->stream_mac = 1;
496 } else {
497#endif
498 if (CBS_len(mac_key) > INT_MAX)
499 goto err;
500 if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key))
501 goto err;
502#ifndef OPENSSL_NO_GOST
503 }
504#endif
505
506 if ((rp->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) 490 if ((rp->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
507 goto err; 491 goto err;
508 if ((rp->hash_ctx = EVP_MD_CTX_new()) == NULL) 492 if ((rp->hash_ctx = EVP_MD_CTX_new()) == NULL)
@@ -524,23 +508,6 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
524 mac_pkey) <= 0) 508 mac_pkey) <= 0)
525 goto err; 509 goto err;
526 510
527 /* More special handling for GOST... */
528 if (EVP_CIPHER_nid(rl->cipher) == NID_gost89_cnt) {
529 gost_param_nid = NID_id_tc26_gost_28147_param_Z;
530 if (EVP_MD_type(rl->handshake_hash) == NID_id_GostR3411_94)
531 gost_param_nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
532
533 if (EVP_CIPHER_CTX_ctrl(rp->cipher_ctx, EVP_CTRL_GOST_SET_SBOX,
534 gost_param_nid, 0) <= 0)
535 goto err;
536
537 if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) {
538 if (EVP_MD_CTX_ctrl(rp->hash_ctx, EVP_MD_CTRL_GOST_SET_SBOX,
539 gost_param_nid, 0) <= 0)
540 goto err;
541 }
542 }
543
544 ret = 1; 511 ret = 1;
545 512
546 err: 513 err: