Overview

File 2039-ssl-Correct-DTLS-mac-handling.patch of Package erlang

From b65187abe4c18b05bd2391f56a8309ca1e78750d Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Wed, 26 Apr 2017 21:35:24 +0200
Subject: [PATCH] ssl: Correct DTLS mac handling

---
 lib/ssl/src/dtls_record.erl | 13 +++++++------
 lib/ssl/src/dtls_v1.erl     |  7 +++----
 lib/ssl/src/tls_v1.erl      |  2 +-
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/lib/ssl/src/dtls_record.erl b/lib/ssl/src/dtls_record.erl
index de6b6e400..bc2097c02 100644
--- a/lib/ssl/src/dtls_record.erl
+++ b/lib/ssl/src/dtls_record.erl
@@ -534,8 +534,7 @@ calc_mac_hash(Type, Version, #{mac_secret := MacSecret,
 			       security_parameters := #security_parameters{mac_algorithm = MacAlg}},
 	      Epoch, SeqNo, Fragment) ->
     Length = erlang:iolist_size(Fragment),
-    NewSeq = (Epoch bsl 48) + SeqNo,
-    mac_hash(Version, MacAlg, MacSecret, NewSeq, Type,
+    mac_hash(Version, MacAlg, MacSecret, Epoch, SeqNo, Type,
 	     Length, Fragment).
 
 highest_protocol_version() ->
@@ -548,9 +547,11 @@ sufficient_dtlsv1_2_crypto_support() ->
     CryptoSupport = crypto:supports(),
     proplists:get_bool(sha256, proplists:get_value(hashs, CryptoSupport)).
 
-mac_hash(Version, MacAlg, MacSecret, SeqNo, Type, Length, Fragment) ->
-    dtls_v1:mac_hash(Version, MacAlg, MacSecret, SeqNo, Type,
-		     Length, Fragment).
-
+mac_hash({Major, Minor}, MacAlg, MacSecret, Epoch, SeqNo, Type, Length, Fragment) ->
+    Value = [<<?UINT16(Epoch), ?UINT48(SeqNo), ?BYTE(Type),
+       ?BYTE(Major), ?BYTE(Minor), ?UINT16(Length)>>,
+     Fragment],
+    dtls_v1:hmac_hash(MacAlg, MacSecret, Value).
+    
 calc_aad(Type, {MajVer, MinVer}, Epoch, SeqNo) ->
     <<?UINT16(Epoch), ?UINT48(SeqNo), ?BYTE(Type), ?BYTE(MajVer), ?BYTE(MinVer)>>.
diff --git a/lib/ssl/src/dtls_v1.erl b/lib/ssl/src/dtls_v1.erl
index 4aaf8baa6..7f7223cde 100644
--- a/lib/ssl/src/dtls_v1.erl
+++ b/lib/ssl/src/dtls_v1.erl
@@ -21,7 +21,7 @@
 
 -include("ssl_cipher.hrl").
 
--export([suites/1, all_suites/1, mac_hash/7, ecc_curves/1, 
+-export([suites/1, all_suites/1, hmac_hash/3, ecc_curves/1, 
          corresponding_tls_version/1, corresponding_dtls_version/1,
          cookie_secret/0, cookie_timeout/0]).
 
@@ -40,9 +40,8 @@ all_suites(Version) ->
                  end,
                  ssl_cipher:all_suites(corresponding_tls_version(Version))).
 
-mac_hash(Version, MacAlg, MacSecret, SeqNo, Type, Length, Fragment) ->
-    tls_v1:mac_hash(MacAlg, MacSecret, SeqNo, Type, Version,
-		    Length, Fragment).
+hmac_hash(MacAlg, MacSecret, Value) ->
+    tls_v1:hmac_hash(MacAlg, MacSecret, Value).
 
 ecc_curves({_Major, Minor}) ->
     tls_v1:ecc_curves(corresponding_minor_tls_version(Minor)).
diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index f52ee06e7..5a46b1770 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -29,7 +29,7 @@
 -include("ssl_internal.hrl").
 -include("ssl_record.hrl").
 
--export([master_secret/4, finished/5, certificate_verify/3, mac_hash/7,
+-export([master_secret/4, finished/5, certificate_verify/3, mac_hash/7, hmac_hash/3,
 	 setup_keys/8, suites/1, prf/5,
 	 ecc_curves/1, ecc_curves/2, oid_to_enum/1, enum_to_oid/1, 
 	 default_signature_algs/1, signature_algs/2]).
-- 
2.12.2
openSUSE Build Service is sponsored by
Places