From 48785f83a9f6abc9abdda0e64947adc49f083d87 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 8 Jun 2014 15:10:14 +0000
Subject: Add a define for the SSLv3 sequence size and use it, rather than
 sprinkling magic numbers around.

ok deraadt@
---
 src/lib/libssl/s3_cbc.c         | 4 ++--
 src/lib/libssl/src/ssl/s3_cbc.c | 4 ++--
 src/lib/libssl/src/ssl/s3_enc.c | 4 ++--
 src/lib/libssl/src/ssl/ssl3.h   | 5 +++--
 src/lib/libssl/src/ssl/t1_enc.c | 4 ++--
 src/lib/libssl/ssl3.h           | 5 +++--
 src/lib/libssl/t1_enc.c         | 4 ++--
 7 files changed, 16 insertions(+), 14 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c
index 9ba9896a52..eb1a8fdff7 100644
--- a/src/lib/libssl/s3_cbc.c
+++ b/src/lib/libssl/s3_cbc.c
@@ -172,8 +172,8 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
 	 */
 	if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) {
 		/* First packet is even in size, so check */
-		if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) &&
-		    !(padding_length & 1)) {
+		if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",
+		    SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) {
 			s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
 		}
 		if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) &&
diff --git a/src/lib/libssl/src/ssl/s3_cbc.c b/src/lib/libssl/src/ssl/s3_cbc.c
index 9ba9896a52..eb1a8fdff7 100644
--- a/src/lib/libssl/src/ssl/s3_cbc.c
+++ b/src/lib/libssl/src/ssl/s3_cbc.c
@@ -172,8 +172,8 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
 	 */
 	if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) {
 		/* First packet is even in size, so check */
-		if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) &&
-		    !(padding_length & 1)) {
+		if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",
+		    SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) {
 			s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
 		}
 		if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) &&
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index e8d96d5356..57f9c133cc 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -272,7 +272,7 @@ ssl3_change_cipher_state(SSL *s, int which)
 				goto err;
 		}
 #endif
-		memset(&(s->s3->read_sequence[0]), 0, 8);
+		memset(s->s3->read_sequence, 0, SSL3_SEQUENCE_SIZE);
 		mac_secret = &(s->s3->read_mac_secret[0]);
 	} else {
 		if (s->enc_write_ctx != NULL)
@@ -301,7 +301,7 @@ ssl3_change_cipher_state(SSL *s, int which)
 			}
 		}
 #endif
-		memset(&(s->s3->write_sequence[0]), 0, 8);
+		memset(s->s3->write_sequence, 0, SSL3_SEQUENCE_SIZE);
 		mac_secret = &(s->s3->write_mac_secret[0]);
 	}
 
diff --git a/src/lib/libssl/src/ssl/ssl3.h b/src/lib/libssl/src/ssl/ssl3.h
index 8444ccb57d..feaf0f8dd9 100644
--- a/src/lib/libssl/src/ssl/ssl3.h
+++ b/src/lib/libssl/src/ssl/ssl3.h
@@ -232,6 +232,7 @@ extern "C" {
 
 #define SSL3_MASTER_SECRET_SIZE			48
 #define SSL3_RANDOM_SIZE			32
+#define SSL3_SEQUENCE_SIZE			8
 #define SSL3_SESSION_ID_SIZE			32
 #define SSL3_RT_HEADER_LENGTH			5
 
@@ -389,10 +390,10 @@ typedef struct ssl3_state_st {
 	long flags;
 	int delay_buf_pop_ret;
 
-	unsigned char read_sequence[8];
+	unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
 	int read_mac_secret_size;
 	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
-	unsigned char write_sequence[8];
+	unsigned char write_sequence[SSL3_SEQUENCE_SIZE];
 	int write_mac_secret_size;
 	unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
 
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index 353a408c98..6dcb2c849f 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -525,7 +525,7 @@ tls1_change_cipher_state(SSL *s, int which)
 	 */
 	if (!SSL_IS_DTLS(s)) {
 		seq = is_read ? s->s3->read_sequence : s->s3->write_sequence;
-		memset(seq, 0, 8);
+		memset(seq, 0, SSL3_SEQUENCE_SIZE);
 	}
 
 	key_len = EVP_CIPHER_key_length(cipher);
@@ -753,7 +753,7 @@ tls1_enc(SSL *s, int send)
 				memcpy(p, &seq[2], 6);
 				memcpy(buf, dtlsseq, 8);
 			} else {
-				memcpy(buf, seq, 8);
+				memcpy(buf, seq, SSL3_SEQUENCE_SIZE);
 				for (i = 7; i >= 0; i--) {	/* increment */
 					++seq[i];
 					if (seq[i] != 0)
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 8444ccb57d..feaf0f8dd9 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -232,6 +232,7 @@ extern "C" {
 
 #define SSL3_MASTER_SECRET_SIZE			48
 #define SSL3_RANDOM_SIZE			32
+#define SSL3_SEQUENCE_SIZE			8
 #define SSL3_SESSION_ID_SIZE			32
 #define SSL3_RT_HEADER_LENGTH			5
 
@@ -389,10 +390,10 @@ typedef struct ssl3_state_st {
 	long flags;
 	int delay_buf_pop_ret;
 
-	unsigned char read_sequence[8];
+	unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
 	int read_mac_secret_size;
 	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
-	unsigned char write_sequence[8];
+	unsigned char write_sequence[SSL3_SEQUENCE_SIZE];
 	int write_mac_secret_size;
 	unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
 
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 353a408c98..6dcb2c849f 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -525,7 +525,7 @@ tls1_change_cipher_state(SSL *s, int which)
 	 */
 	if (!SSL_IS_DTLS(s)) {
 		seq = is_read ? s->s3->read_sequence : s->s3->write_sequence;
-		memset(seq, 0, 8);
+		memset(seq, 0, SSL3_SEQUENCE_SIZE);
 	}
 
 	key_len = EVP_CIPHER_key_length(cipher);
@@ -753,7 +753,7 @@ tls1_enc(SSL *s, int send)
 				memcpy(p, &seq[2], 6);
 				memcpy(buf, dtlsseq, 8);
 			} else {
-				memcpy(buf, seq, 8);
+				memcpy(buf, seq, SSL3_SEQUENCE_SIZE);
 				for (i = 7; i >= 0; i--) {	/* increment */
 					++seq[i];
 					if (seq[i] != 0)
-- 
cgit v1.2.3-55-g6feb