[openssl.org #2256] CVS HEAD: question: must this be hardcoded '8' or is it 'md_len' in disguise? :-S

Sat, 01 May 2010 06:22:11 -0700 

ssl\s3_clnt.c:

since the hash length lands in 'md_len' and the entire hash
would/should/might be used as the IV...

What do the protocol wizards have to say about this?


--- h:\prj\1original\openssl\openssl\ssl\s3_clnt.c    2010-02-28
02:24:04.000000000 +-0200
+++ h:\prj\3actual\openssl\ssl\s3_clnt.c    2009-08-24 19:56:01.000000000
+-0200
@@ -2505,15 +2471,15 @@

EVP_DigestInit(ukm_hash,EVP_get_digestbynid(NID_id_GostR3411_94));

EVP_DigestUpdate(ukm_hash,s->s3->client_random,SSL3_RANDOM_SIZE);

EVP_DigestUpdate(ukm_hash,s->s3->server_random,SSL3_RANDOM_SIZE);
             EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
             EVP_MD_CTX_destroy(ukm_hash);
             if
(EVP_PKEY_CTX_ctrl(pkey_ctx,-1,EVP_PKEY_OP_ENCRYPT,EVP_PKEY_CTRL_SET_IV,
-                8,shared_ukm)<0) {
+                8 /* [i_a] shouldn't this be 'md_len' ? */ ,shared_ukm)<0)
{
                     SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
                         SSL_R_LIBRARY_BUG);
                     goto err;
                 }
             /* Make GOST keytransport blob message */
             /*Encapsulate it into sequence */
             *(p++)=V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
             msglen=255;



-- 
Met vriendelijke groeten / Best regards,

Ger Hobbelt

--------------------------------------------------
web:    http://www.hobbelt.com/
       http://www.hebbut.net/
mail:   [email protected]
mobile: +31-6-11 120 978
--------------------------------------------------
ssl\s3_clnt.c:

since the hash length lands in 'md_len' and the entire hash would/should/might be used as the IV...

What do the protocol wizards have to say about this?


--- h:\prj\1original\openssl\openssl\ssl\s3_clnt.c    2010-02-28 02:24:04.000000000 +-0200
+++ h:\prj\3actual\openssl\ssl\s3_clnt.c    2009-08-24 19:56:01.000000000 +-0200
@@ -2505,15 +2471,15 @@
             EVP_DigestInit(ukm_hash,EVP_get_digestbynid(NID_id_GostR3411_94));
             EVP_DigestUpdate(ukm_hash,s->s3->client_random,SSL3_RANDOM_SIZE);
             EVP_DigestUpdate(ukm_hash,s->s3->server_random,SSL3_RANDOM_SIZE);
             EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
             EVP_MD_CTX_destroy(ukm_hash);
             if (EVP_PKEY_CTX_ctrl(pkey_ctx,-1,EVP_PKEY_OP_ENCRYPT,EVP_PKEY_CTRL_SET_IV,
-                8,shared_ukm)<0) {
+                8 /* [i_a] shouldn't this be 'md_len' ? */ ,shared_ukm)<0) {
                     SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
                         SSL_R_LIBRARY_BUG);
                     goto err;
                 }   
             /* Make GOST keytransport blob message */
             /*Encapsulate it into sequence */
             *(p++)=V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
             msglen=255;



--
Met vriendelijke groeten / Best regards,

Ger Hobbelt

--------------------------------------------------
web:    http://www.hobbelt.com/
       http://www.hebbut.net/
mail:   [email protected]
mobile: +31-6-11 120 978
--------------------------------------------------

Attachment: ssl_s3_clnt_question1.diff
Description: Binary data

Reply via email to