diff options
| author | tobhe <tobhe@cvs.openbsd.org> | 2020-10-06 19:06:07 +0000 |
|---|---|---|
| committer | tobhe <tobhe@cvs.openbsd.org> | 2020-10-06 19:06:07 +0000 |
| commit | ba720cec7ecfb3bb354cc0a7e7d889c4c5fb9eea (patch) | |
| tree | 77da3685b55f4a922c53e3268498a91b2c553aea /sbin/iked | |
| parent | 1c69ccc2c7428708123fd9a075f5597290f1890b (diff) | |
Always allocate hash_keylength() for buffers passed to hash_final() to
make sure there is enough space for the non truncated hash output.
Diffstat (limited to 'sbin/iked')
| -rw-r--r-- | sbin/iked/ikev2.c | 6 | ||||
| -rw-r--r-- | sbin/iked/ikev2_msg.c | 11 |
2 files changed, 10 insertions, 7 deletions
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 6b73ab8b68c..8413d9339fd 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.264 2020/10/05 19:21:16 tobhe Exp $ */ +/* $OpenBSD: ikev2.c,v 1.265 2020/10/06 19:06:06 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -5312,7 +5312,7 @@ ikev2_sa_keys(struct iked *env, struct iked_sa *sa, struct ibuf *key) goto done; } - if ((skeyseed = ibuf_new(NULL, hash_length(prf))) == NULL) { + if ((skeyseed = ibuf_new(NULL, hash_keylength(prf))) == NULL) { log_info("%s: failed to get SKEYSEED buffer", SPI_SA(sa, __func__)); goto done; @@ -5474,7 +5474,7 @@ ikev2_prfplus(struct iked_hash *prf, struct ibuf *key, struct ibuf *seed, ibuf_release(t1); } else t2 = ibuf_new(NULL, 0); - t1 = ibuf_new(NULL, hash_length(prf)); + t1 = ibuf_new(NULL, hash_keylength(prf)); ibuf_add(t2, seed->buf, ibuf_length(seed)); pad = i + 1; diff --git a/sbin/iked/ikev2_msg.c b/sbin/iked/ikev2_msg.c index 00a8220bc28..f138208116f 100644 --- a/sbin/iked/ikev2_msg.c +++ b/sbin/iked/ikev2_msg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2_msg.c,v 1.73 2020/10/03 20:23:08 tobhe Exp $ */ +/* $OpenBSD: ikev2_msg.c,v 1.74 2020/10/06 19:06:06 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -584,7 +584,7 @@ ikev2_msg_decrypt(struct iked *env, struct iked_sa *sa, * Validate packet checksum */ if (!sa->sa_integr->hash_isaead) { - if ((tmp = ibuf_new(NULL, ibuf_length(integr))) == NULL) + if ((tmp = ibuf_new(NULL, hash_keylength(sa->sa_integr))) == NULL) goto done; hash_setkey(sa->sa_integr, integr->buf, ibuf_length(integr)); @@ -932,8 +932,11 @@ ikev2_msg_auth(struct iked *env, struct iked_sa *sa, int response) ibuf_size(prfkey))) == NULL) goto fail; - if ((ptr = ibuf_advance(authmsg, - hash_length(sa->sa_prf))) == NULL) + /* require non-truncating hash */ + if (hash_keylength(sa->sa_prf) != hash_length(sa->sa_prf)) + goto fail; + + if ((ptr = ibuf_advance(authmsg, hash_keylength(sa->sa_prf))) == NULL) goto fail; hash_init(sa->sa_prf); |