aboutsummaryrefslogtreecommitdiffstats
path: root/src/ssl
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-09-13 15:54:50 +0000
committerlloyd <[email protected]>2010-09-13 15:54:50 +0000
commit36bfef27271eadffefbc6891a9d7fa7eed7b1e10 (patch)
tree81fe9b37bb580cedba5bb25ac04dfecdd36b18de /src/ssl
parent4a7e9edcc92b08a285ea24549fd8c813d10b63b9 (diff)
More vector->pointer conversion removals.
Add RandomNumberGenerator::random_vec, which takes an length n and returns a new SecureVector with randomized contents of that size. This nicely covers most of the cases where randomize was being called on a vector, and is a little cleaner in the code as well, instead of vec.resize(length); rng.randomize(&vec[0], vec.size()); we just write vec = rng.random_vec(length);
Diffstat (limited to 'src/ssl')
-rw-r--r--src/ssl/c_kex.cpp15
-rw-r--r--src/ssl/hello.cpp8
-rw-r--r--src/ssl/rec_read.cpp2
-rw-r--r--src/ssl/s_kex.cpp2
4 files changed, 14 insertions, 13 deletions
diff --git a/src/ssl/c_kex.cpp b/src/ssl/c_kex.cpp
index 5194c8c3d..fafb67d3d 100644
--- a/src/ssl/c_kex.cpp
+++ b/src/ssl/c_kex.cpp
@@ -40,8 +40,7 @@ Client_Key_Exchange::Client_Key_Exchange(RandomNumberGenerator& rng,
}
else if(const RSA_PublicKey* rsa_pub = dynamic_cast<const RSA_PublicKey*>(pub_key))
{
- pre_master.resize(48);
- rng.randomize(pre_master, 48);
+ pre_master = rng.random_vec(48);
pre_master[0] = (pref_version >> 8) & 0xFF;
pre_master[1] = (pref_version ) & 0xFF;
@@ -123,8 +122,13 @@ Client_Key_Exchange::pre_master_secret(RandomNumberGenerator& rng,
}
catch(...)
{
- pre_master.resize(dh_priv->public_value().size());
- rng.randomize(pre_master, pre_master.size());
+ /*
+ * Something failed in the DH computation. To avoid possible
+ * timing attacks, randomize the pre-master output and carry
+ * on, allowing the protocol to fail later in the finished
+ * checks.
+ */
+ pre_master = rng.random_vec(dh_priv->public_value().size());
}
return pre_master;
@@ -142,8 +146,7 @@ Client_Key_Exchange::pre_master_secret(RandomNumberGenerator& rng,
}
catch(...)
{
- pre_master.resize(48);
- rng.randomize(pre_master, pre_master.size());
+ pre_master = rng.random_vec(48);
pre_master[0] = (version >> 8) & 0xFF;
pre_master[1] = (version ) & 0xFF;
}
diff --git a/src/ssl/hello.cpp b/src/ssl/hello.cpp
index 2fb5bb567..9ee3f87b9 100644
--- a/src/ssl/hello.cpp
+++ b/src/ssl/hello.cpp
@@ -29,7 +29,7 @@ void HandshakeMessage::send(Record_Writer& writer, HandshakeHash& hash) const
hash.update(send_buf);
- writer.send(HANDSHAKE, send_buf, send_buf.size());
+ writer.send(HANDSHAKE, &send_buf[0], send_buf.size());
writer.flush();
}
@@ -66,8 +66,7 @@ Client_Hello::Client_Hello(RandomNumberGenerator& rng,
Record_Writer& writer, const TLS_Policy* policy,
HandshakeHash& hash)
{
- c_random.resize(32);
- rng.randomize(c_random, c_random.size());
+ c_random = rng.random_vec(32);
suites = policy->ciphersuites();
comp_algos = policy->compression();
@@ -249,8 +248,7 @@ Server_Hello::Server_Hello(RandomNumberGenerator& rng,
comp_algo = policy->choose_compression(c_hello.compression_algos());
s_version = ver;
- s_random.resize(32);
- rng.randomize(s_random, s_random.size());
+ s_random = rng.random_vec(32);
send(writer, hash);
}
diff --git a/src/ssl/rec_read.cpp b/src/ssl/rec_read.cpp
index 86b976417..789cac187 100644
--- a/src/ssl/rec_read.cpp
+++ b/src/ssl/rec_read.cpp
@@ -167,7 +167,7 @@ u32bit Record_Reader::get_record(byte& msg_type,
SecureVector<byte> buffer(record_len);
input_queue.read(header, sizeof(header)); // pull off the header
- input_queue.read(buffer, buffer.size());
+ input_queue.read(&buffer[0], buffer.size());
/*
* We are handshaking, no crypto to do so return as-is
diff --git a/src/ssl/s_kex.cpp b/src/ssl/s_kex.cpp
index bf0a25c62..9fe37d490 100644
--- a/src/ssl/s_kex.cpp
+++ b/src/ssl/s_kex.cpp
@@ -180,7 +180,7 @@ bool Server_Key_Exchange::verify(const X509_Certificate& cert,
verifier.update(s_random);
verifier.update(params_got);
- return verifier.check_signature(signature, signature.size());
+ return verifier.check_signature(signature);
}
}