diff options
Diffstat (limited to 'src/lib/libssl/tls12_record_layer.c')
-rw-r--r-- | src/lib/libssl/tls12_record_layer.c | 43 |
1 files changed, 5 insertions, 38 deletions
diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c index 3f2fe71e21..9786d7d0bd 100644 --- a/src/lib/libssl/tls12_record_layer.c +++ b/src/lib/libssl/tls12_record_layer.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: tls12_record_layer.c,v 1.41 2024/01/18 16:30:43 tb Exp $ */ | 1 | /* $OpenBSD: tls12_record_layer.c,v 1.42 2024/02/03 15:58:34 beck Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> |
4 | * | 4 | * |
@@ -468,7 +468,6 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl, | |||
468 | CBS *iv) | 468 | CBS *iv) |
469 | { | 469 | { |
470 | EVP_PKEY *mac_pkey = NULL; | 470 | EVP_PKEY *mac_pkey = NULL; |
471 | int gost_param_nid; | ||
472 | int mac_type; | 471 | int mac_type; |
473 | int ret = 0; | 472 | int ret = 0; |
474 | 473 | ||
@@ -484,25 +483,10 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl, | |||
484 | goto err; | 483 | goto err; |
485 | if (EVP_CIPHER_key_length(rl->cipher) != CBS_len(key)) | 484 | if (EVP_CIPHER_key_length(rl->cipher) != CBS_len(key)) |
486 | goto err; | 485 | goto err; |
487 | 486 | if (CBS_len(mac_key) > INT_MAX) | |
488 | #ifndef OPENSSL_NO_GOST | 487 | goto err; |
489 | /* XXX die die die */ | 488 | if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key)) |
490 | /* Special handling for GOST... */ | 489 | goto err; |
491 | if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) { | ||
492 | if (CBS_len(mac_key) != 32) | ||
493 | goto err; | ||
494 | mac_type = EVP_PKEY_GOSTIMIT; | ||
495 | rp->stream_mac = 1; | ||
496 | } else { | ||
497 | #endif | ||
498 | if (CBS_len(mac_key) > INT_MAX) | ||
499 | goto err; | ||
500 | if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key)) | ||
501 | goto err; | ||
502 | #ifndef OPENSSL_NO_GOST | ||
503 | } | ||
504 | #endif | ||
505 | |||
506 | if ((rp->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) | 490 | if ((rp->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) |
507 | goto err; | 491 | goto err; |
508 | if ((rp->hash_ctx = EVP_MD_CTX_new()) == NULL) | 492 | if ((rp->hash_ctx = EVP_MD_CTX_new()) == NULL) |
@@ -524,23 +508,6 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl, | |||
524 | mac_pkey) <= 0) | 508 | mac_pkey) <= 0) |
525 | goto err; | 509 | goto err; |
526 | 510 | ||
527 | /* More special handling for GOST... */ | ||
528 | if (EVP_CIPHER_nid(rl->cipher) == NID_gost89_cnt) { | ||
529 | gost_param_nid = NID_id_tc26_gost_28147_param_Z; | ||
530 | if (EVP_MD_type(rl->handshake_hash) == NID_id_GostR3411_94) | ||
531 | gost_param_nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; | ||
532 | |||
533 | if (EVP_CIPHER_CTX_ctrl(rp->cipher_ctx, EVP_CTRL_GOST_SET_SBOX, | ||
534 | gost_param_nid, 0) <= 0) | ||
535 | goto err; | ||
536 | |||
537 | if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) { | ||
538 | if (EVP_MD_CTX_ctrl(rp->hash_ctx, EVP_MD_CTRL_GOST_SET_SBOX, | ||
539 | gost_param_nid, 0) <= 0) | ||
540 | goto err; | ||
541 | } | ||
542 | } | ||
543 | |||
544 | ret = 1; | 511 | ret = 1; |
545 | 512 | ||
546 | err: | 513 | err: |