diff options
| author |   tb <tb@openbsd.org> | 2020-12-15 16:04:49 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2020-12-15 16:04:49 +0000 |
| commit | 07c79ec5956a98bd7797869b5f56b6ed90fb294b (patch) | |
| tree | 9b775390e1c2e74e1a89d04a3cd50cbd2c18756d | |
| parent | missing NET_LOCK()/NET_UNLOCK() in pf_osfp_flush() (diff) | |
| download | wireguard-openbsd-07c79ec5956a98bd7797869b5f56b6ed90fb294b.tar.xz wireguard-openbsd-07c79ec5956a98bd7797869b5f56b6ed90fb294b.zip | |
Use natural sizes for S3I(s)->tmp's *_md arrays
It is a historical artifact that cert_verify_md[], finish_md[] and
peer_finish_md[] are twice as large as they need to be. This is
confusing, especially for finish_md[] and peer_finish_md[] which are
copied to to previous_client_finished[] and previous_server_finished[]
which are only half as large. It is easy to check that they will never
get more than EVP_MAX_MD_SIZE data written to them.
In 1998, EVP_MAX_MD_SIZE was 20 bytes long (for SHA-1). This got bumped to
16+20 for the SSLv3-specific md5+sha1. Apparently under the impression
that EVP_MAX_MD_SIZE was still 20 bytes, someone else doubled finish_md[]'s
size to EVP_MAX_MD_SIZE*2 and added /* actually only needs to be 16+20 */.
A bit later finish_md[] was split up, and still a bit later the comment was
amended for TLSv1. Shortly thereafter SHA-512 required a bump of
EVP_MAX_MD_SIZE to 64 by a third person and we have been carrying 192 bytes
of untouched memory in each of our SSLs ever since.
ok inoguchi jsing (jsing had the same diff)
| -rw-r--r-- | lib/libssl/ssl_locl.h | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 80a7d95be58..312c18f7ca2 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.309 2020/12/14 15:20:31 tb Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.310 2020/12/15 16:04:49 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -892,13 +892,11 @@ typedef struct ssl3_state_internal_st { struct { int new_mac_secret_size; - /* actually only needs to be 16+20 */ - unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; + unsigned char cert_verify_md[EVP_MAX_MD_SIZE]; - /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ - unsigned char finish_md[EVP_MAX_MD_SIZE*2]; + unsigned char finish_md[EVP_MAX_MD_SIZE]; size_t finish_md_len; - unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2]; + unsigned char peer_finish_md[EVP_MAX_MD_SIZE]; size_t peer_finish_md_len; unsigned long message_size; |