diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 50 |
1 files changed, 36 insertions, 14 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 772bb703dd..c88835b91e 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.150 2016/12/06 13:17:52 jsing Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.151 2016/12/06 13:42:32 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1877,14 +1877,14 @@ ssl3_get_server_done(SSL *s) | |||
| 1877 | } | 1877 | } |
| 1878 | 1878 | ||
| 1879 | static int | 1879 | static int |
| 1880 | ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, unsigned char *p, | 1880 | ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb) |
| 1881 | int *outlen) | ||
| 1882 | { | 1881 | { |
| 1883 | unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH]; | 1882 | unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH]; |
| 1883 | unsigned char *enc_pms = NULL; | ||
| 1884 | EVP_PKEY *pkey = NULL; | 1884 | EVP_PKEY *pkey = NULL; |
| 1885 | unsigned char *q; | ||
| 1886 | int ret = -1; | 1885 | int ret = -1; |
| 1887 | int n; | 1886 | int enc_len; |
| 1887 | CBB epms; | ||
| 1888 | 1888 | ||
| 1889 | /* | 1889 | /* |
| 1890 | * RSA-Encrypted Premaster Secret Message - RFC 5246 section 7.4.7.1. | 1890 | * RSA-Encrypted Premaster Secret Message - RFC 5246 section 7.4.7.1. |
| @@ -1902,30 +1902,37 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, unsigned char *p, | |||
| 1902 | pms[1] = s->client_version & 0xff; | 1902 | pms[1] = s->client_version & 0xff; |
| 1903 | arc4random_buf(&pms[2], sizeof(pms) - 2); | 1903 | arc4random_buf(&pms[2], sizeof(pms) - 2); |
| 1904 | 1904 | ||
| 1905 | q = p; | 1905 | if ((enc_pms = malloc(RSA_size(pkey->pkey.rsa))) == NULL) { |
| 1906 | p += 2; | 1906 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, |
| 1907 | ERR_R_MALLOC_FAILURE); | ||
| 1908 | goto err; | ||
| 1909 | } | ||
| 1907 | 1910 | ||
| 1908 | n = RSA_public_encrypt(sizeof(pms), pms, p, pkey->pkey.rsa, | 1911 | enc_len = RSA_public_encrypt(sizeof(pms), pms, enc_pms, pkey->pkey.rsa, |
| 1909 | RSA_PKCS1_PADDING); | 1912 | RSA_PKCS1_PADDING); |
| 1910 | if (n <= 0) { | 1913 | if (enc_len <= 0) { |
| 1911 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | 1914 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, |
| 1912 | SSL_R_BAD_RSA_ENCRYPT); | 1915 | SSL_R_BAD_RSA_ENCRYPT); |
| 1913 | goto err; | 1916 | goto err; |
| 1914 | } | 1917 | } |
| 1915 | 1918 | ||
| 1916 | s2n(n, q); | 1919 | if (!CBB_add_u16_length_prefixed(cbb, &epms)) |
| 1917 | n += 2; | 1920 | goto err; |
| 1921 | if (!CBB_add_bytes(&epms, enc_pms, enc_len)) | ||
| 1922 | goto err; | ||
| 1923 | if (!CBB_flush(cbb)) | ||
| 1924 | goto err; | ||
| 1918 | 1925 | ||
| 1919 | s->session->master_key_length = | 1926 | s->session->master_key_length = |
| 1920 | s->method->ssl3_enc->generate_master_secret(s, | 1927 | s->method->ssl3_enc->generate_master_secret(s, |
| 1921 | s->session->master_key, pms, sizeof(pms)); | 1928 | s->session->master_key, pms, sizeof(pms)); |
| 1922 | 1929 | ||
| 1923 | *outlen = n; | ||
| 1924 | ret = 1; | 1930 | ret = 1; |
| 1925 | 1931 | ||
| 1926 | err: | 1932 | err: |
| 1927 | explicit_bzero(pms, sizeof(pms)); | 1933 | explicit_bzero(pms, sizeof(pms)); |
| 1928 | EVP_PKEY_free(pkey); | 1934 | EVP_PKEY_free(pkey); |
| 1935 | free(enc_pms); | ||
| 1929 | 1936 | ||
| 1930 | return (ret); | 1937 | return (ret); |
| 1931 | } | 1938 | } |
| @@ -2224,8 +2231,14 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2224 | { | 2231 | { |
| 2225 | SESS_CERT *sess_cert; | 2232 | SESS_CERT *sess_cert; |
| 2226 | unsigned long alg_k; | 2233 | unsigned long alg_k; |
| 2227 | unsigned char *p; | 2234 | unsigned char *bufend, *p; |
| 2235 | size_t outlen; | ||
| 2228 | int n = 0; | 2236 | int n = 0; |
| 2237 | CBB cbb; | ||
| 2238 | |||
| 2239 | memset(&cbb, 0, sizeof(cbb)); | ||
| 2240 | |||
| 2241 | bufend = (unsigned char *)s->init_buf->data + s->init_buf->max; | ||
| 2229 | 2242 | ||
| 2230 | if (s->state == SSL3_ST_CW_KEY_EXCH_A) { | 2243 | if (s->state == SSL3_ST_CW_KEY_EXCH_A) { |
| 2231 | p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_KEY_EXCHANGE); | 2244 | p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_KEY_EXCHANGE); |
| @@ -2241,8 +2254,15 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2241 | } | 2254 | } |
| 2242 | 2255 | ||
| 2243 | if (alg_k & SSL_kRSA) { | 2256 | if (alg_k & SSL_kRSA) { |
| 2244 | if (ssl3_send_client_kex_rsa(s, sess_cert, p, &n) != 1) | 2257 | if (!CBB_init_fixed(&cbb, p, bufend - p)) |
| 2245 | goto err; | 2258 | goto err; |
| 2259 | if (ssl3_send_client_kex_rsa(s, sess_cert, &cbb) != 1) | ||
| 2260 | goto err; | ||
| 2261 | if (!CBB_finish(&cbb, NULL, &outlen)) | ||
| 2262 | goto err; | ||
| 2263 | if (outlen > INT_MAX) | ||
| 2264 | goto err; | ||
| 2265 | n = (int)outlen; | ||
| 2246 | } else if (alg_k & SSL_kDHE) { | 2266 | } else if (alg_k & SSL_kDHE) { |
| 2247 | if (ssl3_send_client_kex_dhe(s, sess_cert, p, &n) != 1) | 2267 | if (ssl3_send_client_kex_dhe(s, sess_cert, p, &n) != 1) |
| 2248 | goto err; | 2268 | goto err; |
| @@ -2270,6 +2290,8 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2270 | return (ssl3_handshake_write(s)); | 2290 | return (ssl3_handshake_write(s)); |
| 2271 | 2291 | ||
| 2272 | err: | 2292 | err: |
| 2293 | CBB_cleanup(&cbb); | ||
| 2294 | |||
| 2273 | return (-1); | 2295 | return (-1); |
| 2274 | } | 2296 | } |
| 2275 | 2297 | ||