diff options
| author |   jsing <jsing@openbsd.org> | 2014-06-01 15:54:28 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2014-06-01 15:54:28 +0000 |
| commit | 622d4fa7e70d231277c700e5de47d83611da6b51 (patch) | |
| tree | 6e65dc34245f75eb4a87c0cac23a1da32a491ecb /lib/libssl/src | |
| parent | Remove mention of the old __P practice. (diff) | |
| download | wireguard-openbsd-622d4fa7e70d231277c700e5de47d83611da6b51.tar.xz wireguard-openbsd-622d4fa7e70d231277c700e5de47d83611da6b51.zip | |
In tls1_setup_key_block(), use the correct IV length for GCM mode, which
results in the key block length calculation also being correct. Rename a
number of variables so that their purpose becomes clear and simplify some
of the code.
Inspired by Adam Langley's chromium diffs.
ok miod@
Diffstat (limited to 'lib/libssl/src')
| -rw-r--r-- | lib/libssl/src/ssl/t1_enc.c | 41 |
1 files changed, 24 insertions, 17 deletions
diff --git a/lib/libssl/src/ssl/t1_enc.c b/lib/libssl/src/ssl/t1_enc.c index 9a2d979fd7e..e3acf59ab00 100644 --- a/lib/libssl/src/ssl/t1_enc.c +++ b/lib/libssl/src/ssl/t1_enc.c @@ -537,12 +537,12 @@ err2: int tls1_setup_key_block(SSL *s) { - unsigned char *p1, *p2 = NULL; - const EVP_CIPHER *c; + unsigned char *key_block, *tmp_block = NULL; + int mac_type = NID_undef, mac_secret_size = 0; + int key_block_len, key_len, iv_len; + const EVP_CIPHER *cipher; const EVP_MD *hash; - int num; SSL_COMP *comp; - int mac_type = NID_undef, mac_secret_size = 0; int ret = 0; if (s->s3->tmp.key_block_length != 0) @@ -554,41 +554,48 @@ tls1_setup_key_block(SSL *s) return (0); } - if (!ssl_cipher_get_evp(s->session, &c, &hash, &mac_type, + if (!ssl_cipher_get_evp(s->session, &cipher, &hash, &mac_type, &mac_secret_size)) { SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE); return (0); } - s->s3->tmp.new_sym_enc = c; + key_len = EVP_CIPHER_key_length(cipher); + + if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) + iv_len = EVP_GCM_TLS_FIXED_IV_LEN; + else + iv_len = EVP_CIPHER_iv_length(cipher); + + s->s3->tmp.new_sym_enc = cipher; s->s3->tmp.new_hash = hash; s->s3->tmp.new_mac_pkey_type = mac_type; s->s3->tmp.new_mac_secret_size = mac_secret_size; - num = EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c); - num *= 2; + key_block_len = (mac_secret_size + key_len + iv_len) * 2; ssl3_cleanup_key_block(s); - if ((p1 = malloc(num)) == NULL) { + if ((key_block = malloc(key_block_len)) == NULL) { SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); goto err; } - s->s3->tmp.key_block_length = num; - s->s3->tmp.key_block = p1; + s->s3->tmp.key_block_length = key_block_len; + s->s3->tmp.key_block = key_block; - if ((p2 = malloc(num)) == NULL) { + if ((tmp_block = malloc(key_block_len)) == NULL) { SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); goto err; } - if (!tls1_generate_key_block(s, p1, p2, num)) + if (!tls1_generate_key_block(s, key_block, tmp_block, key_block_len)) goto err; if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) && s->method->version <= TLS1_VERSION) { - /* enable vulnerability countermeasure for CBC ciphers with + /* + * Enable vulnerability countermeasure for CBC ciphers with * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */ s->s3->need_empty_fragments = 1; @@ -606,9 +613,9 @@ tls1_setup_key_block(SSL *s) ret = 1; err: - if (p2) { - OPENSSL_cleanse(p2, num); - free(p2); + if (tmp_block) { + OPENSSL_cleanse(tmp_block, key_block_len); + free(tmp_block); } return (ret); } |