diff options
| author | jsing <> | 2018-06-03 15:33:37 +0000 |
|---|---|---|
| committer | jsing <> | 2018-06-03 15:33:37 +0000 |
| commit | 7f27f09eb6c6a98f827221c3c0e7c09e0e57314e (patch) | |
| tree | 9e483bb8cbd122fd639f44ad85e773f059334b08 | |
| parent | 1811b2ca6472f39211dd2559ff4abbd95fd0f0f2 (diff) | |
| download | openbsd-7f27f09eb6c6a98f827221c3c0e7c09e0e57314e.tar.gz openbsd-7f27f09eb6c6a98f827221c3c0e7c09e0e57314e.tar.bz2 openbsd-7f27f09eb6c6a98f827221c3c0e7c09e0e57314e.zip | |
Allocate a dedicated buffer for use when deriving a shared key during
client KEX DHE processing, rather than reusing the buffer that is used
to send/receive handshake messages.
ok beck@ inoguchi@
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 4de4b08db5..3bd3319989 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.33 2018/06/02 16:45:31 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.34 2018/06/03 15:33:37 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1829,8 +1829,9 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n) | |||
| 1829 | static int | 1829 | static int |
| 1830 | ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n) | 1830 | ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n) |
| 1831 | { | 1831 | { |
| 1832 | int key_size = 0, key_len, al; | ||
| 1833 | unsigned char *key = NULL; | ||
| 1832 | BIGNUM *bn = NULL; | 1834 | BIGNUM *bn = NULL; |
| 1833 | int key_size, al; | ||
| 1834 | CBS cbs, dh_Yc; | 1835 | CBS cbs, dh_Yc; |
| 1835 | DH *dh; | 1836 | DH *dh; |
| 1836 | 1837 | ||
| @@ -1857,22 +1858,26 @@ ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n) | |||
| 1857 | goto err; | 1858 | goto err; |
| 1858 | } | 1859 | } |
| 1859 | 1860 | ||
| 1860 | key_size = DH_compute_key(p, bn, dh); | 1861 | if ((key_size = DH_size(dh)) <= 0) { |
| 1861 | if (key_size <= 0) { | 1862 | SSLerror(s, ERR_R_DH_LIB); |
| 1863 | goto err; | ||
| 1864 | } | ||
| 1865 | if ((key = malloc(key_size)) == NULL) { | ||
| 1866 | SSLerror(s, ERR_R_MALLOC_FAILURE); | ||
| 1867 | goto err; | ||
| 1868 | } | ||
| 1869 | if ((key_len = DH_compute_key(key, bn, dh)) <= 0) { | ||
| 1862 | SSLerror(s, ERR_R_DH_LIB); | 1870 | SSLerror(s, ERR_R_DH_LIB); |
| 1863 | BN_clear_free(bn); | ||
| 1864 | goto err; | 1871 | goto err; |
| 1865 | } | 1872 | } |
| 1866 | 1873 | ||
| 1867 | s->session->master_key_length = | 1874 | s->session->master_key_length = tls1_generate_master_secret(s, |
| 1868 | tls1_generate_master_secret( | 1875 | s->session->master_key, key, key_len); |
| 1869 | s, s->session->master_key, p, key_size); | ||
| 1870 | |||
| 1871 | explicit_bzero(p, key_size); | ||
| 1872 | 1876 | ||
| 1873 | DH_free(S3I(s)->tmp.dh); | 1877 | DH_free(S3I(s)->tmp.dh); |
| 1874 | S3I(s)->tmp.dh = NULL; | 1878 | S3I(s)->tmp.dh = NULL; |
| 1875 | 1879 | ||
| 1880 | freezero(key, key_size); | ||
| 1876 | BN_clear_free(bn); | 1881 | BN_clear_free(bn); |
| 1877 | 1882 | ||
| 1878 | return (1); | 1883 | return (1); |
| @@ -1883,6 +1888,9 @@ ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n) | |||
| 1883 | f_err: | 1888 | f_err: |
| 1884 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 1889 | ssl3_send_alert(s, SSL3_AL_FATAL, al); |
| 1885 | err: | 1890 | err: |
| 1891 | freezero(key, key_size); | ||
| 1892 | BN_clear_free(bn); | ||
| 1893 | |||
| 1886 | return (-1); | 1894 | return (-1); |
| 1887 | } | 1895 | } |
| 1888 | 1896 | ||