diff options
Diffstat (limited to 'src/lib/libssl/ssl_srvr.c')
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 0979750e22..dd622c2831 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.137 2022/01/09 15:40:13 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.138 2022/01/11 18:28:41 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1701,21 +1701,26 @@ ssl3_get_client_kex_dhe(SSL *s, CBS *cbs) | |||
| 1701 | { | 1701 | { |
| 1702 | uint8_t *key = NULL; | 1702 | uint8_t *key = NULL; |
| 1703 | size_t key_len = 0; | 1703 | size_t key_len = 0; |
| 1704 | int invalid_key; | 1704 | int decode_error, invalid_key; |
| 1705 | int ret = 0; | 1705 | int ret = 0; |
| 1706 | 1706 | ||
| 1707 | if (S3I(s)->hs.key_share == NULL) { | 1707 | if (S3I(s)->hs.key_share == NULL) { |
| 1708 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); | ||
| 1709 | SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); | 1708 | SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); |
| 1709 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); | ||
| 1710 | goto err; | 1710 | goto err; |
| 1711 | } | 1711 | } |
| 1712 | 1712 | ||
| 1713 | if (!tls_key_share_peer_public(S3I(s)->hs.key_share, cbs, | 1713 | if (!tls_key_share_peer_public(S3I(s)->hs.key_share, cbs, |
| 1714 | &invalid_key)) | 1714 | &decode_error, &invalid_key)) { |
| 1715 | if (decode_error) { | ||
| 1716 | SSLerror(s, SSL_R_BAD_PACKET_LENGTH); | ||
| 1717 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | ||
| 1718 | } | ||
| 1715 | goto err; | 1719 | goto err; |
| 1720 | } | ||
| 1716 | if (invalid_key) { | 1721 | if (invalid_key) { |
| 1717 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); | ||
| 1718 | SSLerror(s, SSL_R_BAD_DH_PUB_KEY_LENGTH); | 1722 | SSLerror(s, SSL_R_BAD_DH_PUB_KEY_LENGTH); |
| 1723 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); | ||
| 1719 | goto err; | 1724 | goto err; |
| 1720 | } | 1725 | } |
| 1721 | 1726 | ||
| @@ -1738,6 +1743,7 @@ ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs) | |||
| 1738 | { | 1743 | { |
| 1739 | uint8_t *key = NULL; | 1744 | uint8_t *key = NULL; |
| 1740 | size_t key_len = 0; | 1745 | size_t key_len = 0; |
| 1746 | int decode_error; | ||
| 1741 | CBS public; | 1747 | CBS public; |
| 1742 | int ret = 0; | 1748 | int ret = 0; |
| 1743 | 1749 | ||
| @@ -1747,10 +1753,19 @@ ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs) | |||
| 1747 | goto err; | 1753 | goto err; |
| 1748 | } | 1754 | } |
| 1749 | 1755 | ||
| 1750 | if (!CBS_get_u8_length_prefixed(cbs, &public)) | 1756 | if (!CBS_get_u8_length_prefixed(cbs, &public)) { |
| 1757 | SSLerror(s, SSL_R_BAD_PACKET_LENGTH); | ||
| 1758 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | ||
| 1751 | goto err; | 1759 | goto err; |
| 1752 | if (!tls_key_share_peer_public(S3I(s)->hs.key_share, &public, NULL)) | 1760 | } |
| 1761 | if (!tls_key_share_peer_public(S3I(s)->hs.key_share, &public, | ||
| 1762 | &decode_error, NULL)) { | ||
| 1763 | if (decode_error) { | ||
| 1764 | SSLerror(s, SSL_R_BAD_PACKET_LENGTH); | ||
| 1765 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | ||
| 1766 | } | ||
| 1753 | goto err; | 1767 | goto err; |
| 1768 | } | ||
| 1754 | 1769 | ||
| 1755 | if (!tls_key_share_derive(S3I(s)->hs.key_share, &key, &key_len)) | 1770 | if (!tls_key_share_derive(S3I(s)->hs.key_share, &key, &key_len)) |
| 1756 | goto err; | 1771 | goto err; |