src - OpenBSD base system

diff options


context:
space:
mode:

author	Joel Sing <jsing@cvs.openbsd.org>	2015-09-13 12:39:17 +0000
committer	Joel Sing <jsing@cvs.openbsd.org>	2015-09-13 12:39:17 +0000
commit	2e045b6be90a3314999d7991161c51bdb1ac9e4b (patch)
tree	6506efa48c9f93d5be8326a37ebcf38d294fb7b4
parent	e3223edff8d509aa42f574089a80daa46cdf6034 (diff)

Use ECDH_size() instead of rolling our own.

ok beck@

Diffstat

-rw-r--r--

lib/libssl/s3_clnt.c

-rw-r--r--

lib/libssl/s3_srvr.c

2 files changed, 11 insertions, 12 deletions

diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index c2f5ea4e075..e33d745b198 100644
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: s3_clnt.c,v 1.133 2015/09/12 20:56:14 jsing Exp $ */

+/* $OpenBSD: s3_clnt.c,v 1.134 2015/09/13 12:39:16 jsing Exp $ */

@@ -1975,7 +1975,7 @@ ssl3_client_kex_ecdh(SSL *s, SESS_CERT *sess_cert, unsigned char *p,

unsigned char *encodedPoint = NULL;

unsigned long alg_k;

int encoded_pt_len = 0;

- int field_size = 0;

+ int key_size;

EC_KEY *tkey;

int ret = -1;

int n;

@@ -2035,13 +2035,12 @@ ssl3_client_kex_ecdh(SSL *s, SESS_CERT *sess_cert, unsigned char *p,

* Use the 'p' output buffer for the ECDH key, but make sure to clear

* it out afterwards.

- field_size = EC_GROUP_get_degree(srvr_group);

- if (field_size <= 0) {

+ key_size = ECDH_size(clnt_ecdh);

+ if (key_size <= 0) {

SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);

goto err;

}

- n = ECDH_compute_key(p, (field_size + 7) / 8, srvr_ecpoint, clnt_ecdh,

- NULL);

+ n = ECDH_compute_key(p, key_size, srvr_ecpoint, clnt_ecdh, NULL);

if (n <= 0) {

SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);

goto err;

diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index cd63422db8e..37d96e4e183 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: s3_srvr.c,v 1.122 2015/09/13 09:20:19 jsing Exp $ */

+/* $OpenBSD: s3_srvr.c,v 1.123 2015/09/13 12:39:16 jsing Exp $ */

@@ -1778,7 +1778,7 @@ ssl3_get_client_key_exchange(SSL *s)

if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {

int ret = 1;

- int field_size = 0;

+ int key_size;

const EC_KEY *tkey;

const EC_GROUP *group;

const BIGNUM *priv_key;

@@ -1891,14 +1891,14 @@ ssl3_get_client_key_exchange(SSL *s)

}

/* Compute the shared pre-master secret */

- field_size = EC_GROUP_get_degree(group);

- if (field_size <= 0) {

+ key_size = ECDH_size(srvr_ecdh);

+ if (key_size <= 0) {

SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

ERR_R_ECDH_LIB);

goto err;

}

- i = ECDH_compute_key(p, (field_size + 7)/8, clnt_ecpoint,

- srvr_ecdh, NULL);

+ i = ECDH_compute_key(p, key_size, clnt_ecpoint, srvr_ecdh,

+ NULL);

if (i <= 0) {

SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

ERR_R_ECDH_LIB);