Correctly convert an SSLv2 challenge into an SSLv3/TLS client random by

truncating or left zero padding. ok beck@ inoguchi@ sthen@
author: jsing <> 2017-03-05 16:09:44 +0000
committer: jsing <> 2017-03-05 16:09:44 +0000
commit: 87117ac52c1642f68394967df52a4cac4effcfd4 (patch)
tree: e32801758b5d848da6c7d11a8c13c43f90165fe4 /src/lib/libssl/ssl_packet.c
parent: f57470f507d826e79950193b93592e734e79b608 (diff)
download: openbsd-87117ac52c1642f68394967df52a4cac4effcfd4.tar.gz
openbsd-87117ac52c1642f68394967df52a4cac4effcfd4.tar.bz2
openbsd-87117ac52c1642f68394967df52a4cac4effcfd4.zip
1 files changed, 27 insertions, 9 deletions
diff --git a/src/lib/libssl/ssl_packet.c b/src/lib/libssl/ssl_packet.c
index d5d5996735..53c7a86dc2 100644
--- a/src/lib/libssl/ssl_packet.c
+++ b/src/lib/libssl/ssl_packet.c
@@ -74,11 +74,12 @@ ssl_convert_sslv2_client_hello(SSL *s)
        CBS cbs, challenge, cipher_specs, session;
        uint16_t record_length, client_version, cipher_specs_length;
        uint16_t session_id_length, challenge_length;
-        unsigned char *client_random, *data = NULL;
+        unsigned char *client_random = NULL, *data = NULL;
+        size_t data_len, pad_len, len;
        uint32_t cipher_spec;
        uint8_t message_type;
-        size_t data_len;
+        unsigned char *pad;
-        int rv = -1;
+        int ret = -1;
        int n;
        memset(&cbb, 0, sizeof(cbb));
@@ -153,6 +154,25 @@ ssl_convert_sslv2_client_hello(SSL *s)
                return -1;
        }
+        /*
+         * Convert SSLv2 challenge to SSLv3/TLS client random, by truncating or
+         * left-padding with zero bytes.
+         */
+        if ((client_random = malloc(SSL3_RANDOM_SIZE)) == NULL)
+                goto err;
+        if (!CBB_init_fixed(&cbb, client_random, SSL3_RANDOM_SIZE))
+                goto err;
+        if ((len = CBS_len(&challenge)) > SSL3_RANDOM_SIZE)
+                len = SSL3_RANDOM_SIZE;
+        pad_len = SSL3_RANDOM_SIZE - len;
+        if (!CBB_add_space(&cbb, &pad, pad_len))
+                goto err;
+        memset(pad, 0, pad_len);
+        if (!CBB_add_bytes(&cbb, CBS_data(&challenge), len))
+                goto err;
+        if (!CBB_finish(&cbb, NULL, NULL))
+                goto err;
        /* Build SSLv3/TLS record with client hello. */
        if (!CBB_init(&cbb, SSL3_RT_MAX_PLAIN_LENGTH))
                goto err;
@@ -168,10 +188,7 @@ ssl_convert_sslv2_client_hello(SSL *s)
                goto err;
        if (!CBB_add_u16(&client_hello, client_version))
                goto err;
-        if (!CBB_add_space(&client_hello, &client_random, SSL3_RANDOM_SIZE))
+        if (!CBB_add_bytes(&client_hello, client_random, SSL3_RANDOM_SIZE))
-                goto err;
-        memset(client_random, 0, SSL3_RANDOM_SIZE);
-        if (!CBS_write_bytes(&challenge, client_random, SSL3_RANDOM_SIZE, NULL))
                goto err;
        if (!CBB_add_u8_length_prefixed(&client_hello, &session_id))
                goto err;
@@ -198,13 +215,14 @@ ssl_convert_sslv2_client_hello(SSL *s)
        s->internal->packet = s->s3->rbuf.buf;
        s->internal->packet_length = data_len;
        memcpy(s->internal->packet, data, data_len);
-        rv = 1;
+        ret = 1;
 err:
        CBB_cleanup(&cbb);
+        free(client_random);
        free(data);
-        return (rv);
+        return (ret);
 }
 /*
author	jsing <>	2017-03-05 16:09:44 +0000
committer	jsing <>	2017-03-05 16:09:44 +0000
commit	87117ac52c1642f68394967df52a4cac4effcfd4 (patch)
tree	e32801758b5d848da6c7d11a8c13c43f90165fe4 /src/lib/libssl/ssl_packet.c
parent	f57470f507d826e79950193b93592e734e79b608 (diff)
download	openbsd-87117ac52c1642f68394967df52a4cac4effcfd4.tar.gz openbsd-87117ac52c1642f68394967df52a4cac4effcfd4.tar.bz2 openbsd-87117ac52c1642f68394967df52a4cac4effcfd4.zip