upstream/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2026-06-09 00:42:51 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

generate_key_expansion: make assumption explicit, use C99 features

Browse source 
This function potentially allocates memory, and can therefor not be run
again on an initialized key_ctx_bi.  Make this explicit by adding an error
if someone tries do to this anyway.

While touching the function, cleanup it up a bit to make up for the added
lines of code.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1479845366-15774-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13202.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
Steffan Karger 2016-11-22 21:09:26 +01:00 committed by Gert Doering
parent da941141f3
commit 48d41413c4
1 changed files with 8 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/openvpn/ssl.c
View file

@ -1620,13 +1620,15 @@ generate_key_expansion (struct key_ctx_bi *key,
const struct session_id *server_sid,
bool server)
{
uint8_t master[48];
struct key2 key2;
uint8_t master[48] = { 0 };
struct key2 key2 = { 0 };
bool ret = false;
int i;
CLEAR (master);
CLEAR (key2);
if (key->initialized)
{
msg (D_TLS_ERRORS, "TLS Error: key already initialized");
goto exit;
}
/* debugging print of source key material */
key_source2_print (key_src);
@ -1662,7 +1664,7 @@ generate_key_expansion (struct key_ctx_bi *key,
key2_print (&key2, key_type, "Master Encrypt", "Master Decrypt");
/* check for weak keys */
for (i = 0; i < 2; ++i)
for (int i = 0; i < 2; ++i)
{
fixup_key (&key2.keys[i], key_type);
if (!check_key (&key2.keys[i], key_type))