diff options
| author | Nikos Mavrogiannopoulos <nmav@crystal.(none)> | 2008-09-28 00:40:11 +0300 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@crystal.(none)> | 2008-09-28 00:40:11 +0300 |
| commit | 2e607973d6fa03fa7630822355757700cefc0856 (patch) | |
| tree | 4043cb64bbf8d9227133deabaebcc3a1414a5235 | |
| parent | d01acbc48ae78ae85da6659f4183367f49495018 (diff) | |
| download | gnutls-2e607973d6fa03fa7630822355757700cefc0856.tar.gz | |
avoid using malloc for small buffers.
| -rw-r--r-- | lib/gnutls_algorithms.c | 2 | ||||
| -rw-r--r-- | lib/gnutls_constate.c | 7 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 2 |
3 files changed, 7 insertions, 4 deletions
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index 124774ffae..d37d494470 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -156,6 +156,8 @@ typedef struct gnutls_cipher_entry gnutls_cipher_entry; * Do not add any algorithms in other modes (avoid modified algorithms). * View first: "The order of encryption and authentication for * protecting communications" by Hugo Krawczyk - CRYPTO 2001 + * + * Make sure to updated MAX_CIPHER_BLOCK_SIZE and MAX_CIPHER_KEY_SIZE as well. */ static const gnutls_cipher_entry algorithms[] = { {"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC, 16, 32, CIPHER_BLOCK, 16, 0}, diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index 946e59ad8a..5252643b5c 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -63,6 +63,8 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size, int pos, ret; int block_size; char buf[65]; + /* avoid using malloc */ + opaque key_block[2 * MAX_HASH_SIZE + 2 * MAX_CIPHER_KEY_SIZE + 2 * MAX_CIPHER_BLOCK_SIZE]; if (session->cipher_specs.generated_keys != 0) { @@ -77,9 +79,6 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size, if (export_flag == 0) block_size += 2 * IV_size; - /* avoid using malloc */ - opaque key_block[block_size]; - memcpy (rnd, session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); memcpy (&rnd[GNUTLS_RANDOM_SIZE], @@ -294,7 +293,7 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size, } else if (IV_size > 0 && export_flag != 0) { - opaque iv_block[IV_size * 2]; + opaque iv_block[MAX_CIPHER_BLOCK_SIZE * 2]; if (session->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */ diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 0dba651094..cc7a3256a1 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -82,6 +82,8 @@ typedef struct /* The maximum digest size of hash algorithms. */ #define MAX_HASH_SIZE 64 +#define MAX_CIPHER_BLOCK_SIZE 16 +#define MAX_CIPHER_KEY_SIZE 32 #define MAX_LOG_SIZE 1024 /* maximum size of log message */ #define MAX_SRP_USERNAME 128 |