From d139723b0e6718410d0f11f645387f9c90c1424d Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Wed, 2 Mar 2016 14:39:14 +0100 Subject: [PATCH] session tickets: use more sizeof Reviewed-by: Matt Caswell MR: #2153 --- ssl/s3_lib.c | 4 ++-- ssl/ssl_locl.h | 4 +++- ssl/statem/statem_srvr.c | 30 ++++++++++++++++++------------ 3 files changed, 23 insertions(+), 15 deletions(-) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 6f9b23b1ea..a742b952a8 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3396,8 +3396,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { unsigned char *keys = parg; long tlsext_tick_keylen = (sizeof(ctx->tlsext_tick_key_name) + - sizeof(ctx->tlsext_tick_hmac_key) + (ctx->tlsext_tick_aes_key)); - if (!keys) + sizeof(ctx->tlsext_tick_hmac_key) + sizeof(ctx->tlsext_tick_aes_key)); + if (keys == NULL) return tlsext_tick_keylen; if (larg != tlsext_tick_keylen) { SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index b39f387483..5cc1dcf391 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -686,6 +686,8 @@ DEFINE_LHASH_OF(SSL_SESSION); /* Needed in ssl_cert.c */ DEFINE_LHASH_OF(X509_NAME); +#define TLSEXT_KEYNAME_LENGTH 16 + struct ssl_ctx_st { const SSL_METHOD *method; STACK_OF(SSL_CIPHER) *cipher_list; @@ -857,7 +859,7 @@ struct ssl_ctx_st { int (*tlsext_servername_callback) (SSL *, int *, void *); void *tlsext_servername_arg; /* RFC 4507 session ticket keys */ - unsigned char tlsext_tick_key_name[16]; + unsigned char tlsext_tick_key_name[TLSEXT_KEYNAME_LENGTH]; unsigned char tlsext_tick_hmac_key[32]; unsigned char tlsext_tick_aes_key[32]; /* Callback to support customisation of ticket key setting */ diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 60f92e5fb9..8aa0915a19 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2978,7 +2978,8 @@ int tls_construct_new_session_ticket(SSL *s) unsigned int hlen; SSL_CTX *tctx = s->initial_ctx; unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char key_name[16]; + unsigned char key_name[TLSEXT_KEYNAME_LENGTH]; + int iv_len; /* get session encoding length */ slen_full = i2d_SSL_SESSION(s->session, NULL); @@ -3028,13 +3029,14 @@ int tls_construct_new_session_ticket(SSL *s) * Grow buffer if need be: the length calculation is as * follows handshake_header_length + * 4 (ticket lifetime hint) + 2 (ticket length) + - * 16 (key name) + max_iv_len (iv length) + - * session_length + max_enc_block_size (max encrypted session - * length) + max_md_size (HMAC). + * sizeof(keyname) + max_iv_len (iv length) + + * max_enc_block_size (max encrypted session * length) + + * max_md_size (HMAC) + session_length. */ if (!BUF_MEM_grow(s->init_buf, - SSL_HM_HEADER_LENGTH(s) + 22 + EVP_MAX_IV_LENGTH + - EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen)) + SSL_HM_HEADER_LENGTH(s) + 6 + sizeof(key_name) + + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + + EVP_MAX_MD_SIZE + slen)) goto err; p = ssl_handshake_start(s); @@ -3045,10 +3047,14 @@ int tls_construct_new_session_ticket(SSL *s) if (tctx->tlsext_ticket_key_cb) { if (tctx->tlsext_ticket_key_cb(s, key_name, iv, ctx, hctx, 1) < 0) goto err; + iv_len = EVP_CIPHER_CTX_iv_length(ctx); } else { - if (RAND_bytes(iv, 16) <= 0) + const EVP_CIPHER *cipher = EVP_aes_256_cbc(); + + iv_len = EVP_CIPHER_iv_length(cipher); + if (RAND_bytes(iv, iv_len) <= 0) goto err; - if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, + if (!EVP_EncryptInit_ex(ctx, cipher, NULL, tctx->tlsext_tick_aes_key, iv)) goto err; if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, @@ -3070,11 +3076,11 @@ int tls_construct_new_session_ticket(SSL *s) p += 2; /* Output key name */ macstart = p; - memcpy(p, key_name, 16); - p += 16; + memcpy(p, key_name, sizeof(key_name)); + p += sizeof(key_name); /* output IV */ - memcpy(p, iv, EVP_CIPHER_CTX_iv_length(ctx)); - p += EVP_CIPHER_CTX_iv_length(ctx); + memcpy(p, iv, iv_len); + p += iv_len; /* Encrypt session data */ if (!EVP_EncryptUpdate(ctx, p, &len, senc, slen)) goto err; -- 2.25.1