summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2016-12-04 14:25:44 +0000
committerjsing <>2016-12-04 14:25:44 +0000
commit125562152f7bac1aa3f59cb62b9845b28dd7d530 (patch)
tree18c6c4735c5c0051c1ae3fc6ab69b9a96bc58574 /src
parente7683d50eff2e1aefa31cab62a549eedbdcef5a1 (diff)
downloadopenbsd-125562152f7bac1aa3f59cb62b9845b28dd7d530.tar.gz
openbsd-125562152f7bac1aa3f59cb62b9845b28dd7d530.tar.bz2
openbsd-125562152f7bac1aa3f59cb62b9845b28dd7d530.zip
Cleanup some of ssl3_send_client_kex_rsa() - tmp_buf is really the
premaster secret, so name it accordingly. Also, remove bogus assignment of master_key_length - the correct value is assigned when the master_key is set. ok beck@ doug@
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/s3_clnt.c22
1 files changed, 12 insertions, 10 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index a70e5492a3..7a327a76a3 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.147 2016/12/03 12:38:10 jsing Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.148 2016/12/04 14:25:44 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1877,12 +1877,16 @@ static int
1877ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, unsigned char *p, 1877ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
1878 int *outlen) 1878 int *outlen)
1879{ 1879{
1880 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 1880 unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH];
1881 EVP_PKEY *pkey = NULL; 1881 EVP_PKEY *pkey = NULL;
1882 unsigned char *q; 1882 unsigned char *q;
1883 int ret = -1; 1883 int ret = -1;
1884 int n; 1884 int n;
1885 1885
1886 /*
1887 * RSA-Encrypted Premaster Secret Message - RFC 5246 section 7.4.7.1.
1888 */
1889
1886 pkey = X509_get_pubkey(sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1890 pkey = X509_get_pubkey(sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1887 if (pkey == NULL || pkey->type != EVP_PKEY_RSA || 1891 if (pkey == NULL || pkey->type != EVP_PKEY_RSA ||
1888 pkey->pkey.rsa == NULL) { 1892 pkey->pkey.rsa == NULL) {
@@ -1891,16 +1895,14 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
1891 goto err; 1895 goto err;
1892 } 1896 }
1893 1897
1894 tmp_buf[0] = s->client_version >> 8; 1898 pms[0] = s->client_version >> 8;
1895 tmp_buf[1] = s->client_version & 0xff; 1899 pms[1] = s->client_version & 0xff;
1896 arc4random_buf(&tmp_buf[2], sizeof(tmp_buf) - 2); 1900 arc4random_buf(&pms[2], sizeof(pms) - 2);
1897
1898 s->session->master_key_length = sizeof(tmp_buf);
1899 1901
1900 q = p; 1902 q = p;
1901 p += 2; 1903 p += 2;
1902 1904
1903 n = RSA_public_encrypt(sizeof(tmp_buf), tmp_buf, p, pkey->pkey.rsa, 1905 n = RSA_public_encrypt(sizeof(pms), pms, p, pkey->pkey.rsa,
1904 RSA_PKCS1_PADDING); 1906 RSA_PKCS1_PADDING);
1905 if (n <= 0) { 1907 if (n <= 0) {
1906 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 1908 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
@@ -1913,13 +1915,13 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
1913 1915
1914 s->session->master_key_length = 1916 s->session->master_key_length =
1915 s->method->ssl3_enc->generate_master_secret(s, 1917 s->method->ssl3_enc->generate_master_secret(s,
1916 s->session->master_key, tmp_buf, sizeof(tmp_buf)); 1918 s->session->master_key, pms, sizeof(pms));
1917 1919
1918 *outlen = n; 1920 *outlen = n;
1919 ret = 1; 1921 ret = 1;
1920 1922
1921err: 1923err:
1922 explicit_bzero(tmp_buf, sizeof(tmp_buf)); 1924 explicit_bzero(pms, sizeof(pms));
1923 EVP_PKEY_free(pkey); 1925 EVP_PKEY_free(pkey);
1924 1926
1925 return (ret); 1927 return (ret);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 21:25:45 +0000