summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2014-06-08 15:10:15 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2014-06-08 15:10:15 +0000
commitf75f414ed3e5f3a3bb1d7a058e3093d93571ef77 (patch)
treec9374d1a3839e8940e7e9fa71399f02b2a7e378d /lib
parentb4de5015e5ccb0598fa5e2f21ffe0deeea11e9d4 (diff)
Add a define for the SSLv3 sequence size and use it, rather than sprinkling
magic numbers around. ok deraadt@
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/src/ssl/s3_cbc.c4
-rw-r--r--lib/libssl/src/ssl/s3_enc.c4
-rw-r--r--lib/libssl/src/ssl/ssl3.h5
-rw-r--r--lib/libssl/src/ssl/t1_enc.c4
4 files changed, 9 insertions, 8 deletions
diff --git a/lib/libssl/src/ssl/s3_cbc.c b/lib/libssl/src/ssl/s3_cbc.c
index 9ba9896a52f..eb1a8fdff7b 100644
--- a/lib/libssl/src/ssl/s3_cbc.c
+++ b/lib/libssl/src/ssl/s3_cbc.c
@@ -172,8 +172,8 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
*/
if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) {
/* First packet is even in size, so check */
- if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) &&
- !(padding_length & 1)) {
+ if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",
+ SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) {
s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
}
if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) &&
diff --git a/lib/libssl/src/ssl/s3_enc.c b/lib/libssl/src/ssl/s3_enc.c
index e8d96d53561..57f9c133cc3 100644
--- a/lib/libssl/src/ssl/s3_enc.c
+++ b/lib/libssl/src/ssl/s3_enc.c
@@ -272,7 +272,7 @@ ssl3_change_cipher_state(SSL *s, int which)
goto err;
}
#endif
- memset(&(s->s3->read_sequence[0]), 0, 8);
+ memset(s->s3->read_sequence, 0, SSL3_SEQUENCE_SIZE);
mac_secret = &(s->s3->read_mac_secret[0]);
} else {
if (s->enc_write_ctx != NULL)
@@ -301,7 +301,7 @@ ssl3_change_cipher_state(SSL *s, int which)
}
}
#endif
- memset(&(s->s3->write_sequence[0]), 0, 8);
+ memset(s->s3->write_sequence, 0, SSL3_SEQUENCE_SIZE);
mac_secret = &(s->s3->write_mac_secret[0]);
}
diff --git a/lib/libssl/src/ssl/ssl3.h b/lib/libssl/src/ssl/ssl3.h
index 8444ccb57dd..feaf0f8dd9f 100644
--- a/lib/libssl/src/ssl/ssl3.h
+++ b/lib/libssl/src/ssl/ssl3.h
@@ -232,6 +232,7 @@ extern "C" {
#define SSL3_MASTER_SECRET_SIZE 48
#define SSL3_RANDOM_SIZE 32
+#define SSL3_SEQUENCE_SIZE 8
#define SSL3_SESSION_ID_SIZE 32
#define SSL3_RT_HEADER_LENGTH 5
@@ -389,10 +390,10 @@ typedef struct ssl3_state_st {
long flags;
int delay_buf_pop_ret;
- unsigned char read_sequence[8];
+ unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
int read_mac_secret_size;
unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
- unsigned char write_sequence[8];
+ unsigned char write_sequence[SSL3_SEQUENCE_SIZE];
int write_mac_secret_size;
unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
diff --git a/lib/libssl/src/ssl/t1_enc.c b/lib/libssl/src/ssl/t1_enc.c
index 353a408c98e..6dcb2c849f1 100644
--- a/lib/libssl/src/ssl/t1_enc.c
+++ b/lib/libssl/src/ssl/t1_enc.c
@@ -525,7 +525,7 @@ tls1_change_cipher_state(SSL *s, int which)
*/
if (!SSL_IS_DTLS(s)) {
seq = is_read ? s->s3->read_sequence : s->s3->write_sequence;
- memset(seq, 0, 8);
+ memset(seq, 0, SSL3_SEQUENCE_SIZE);
}
key_len = EVP_CIPHER_key_length(cipher);
@@ -753,7 +753,7 @@ tls1_enc(SSL *s, int send)
memcpy(p, &seq[2], 6);
memcpy(buf, dtlsseq, 8);
} else {
- memcpy(buf, seq, 8);
+ memcpy(buf, seq, SSL3_SEQUENCE_SIZE);
for (i = 7; i >= 0; i--) { /* increment */
++seq[i];
if (seq[i] != 0)
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-23 20:58:42 +0000