diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/ssl_packet.c | 36 |
1 files changed, 27 insertions, 9 deletions
diff --git a/src/lib/libssl/ssl_packet.c b/src/lib/libssl/ssl_packet.c index d5d5996735..53c7a86dc2 100644 --- a/src/lib/libssl/ssl_packet.c +++ b/src/lib/libssl/ssl_packet.c | |||
| @@ -74,11 +74,12 @@ ssl_convert_sslv2_client_hello(SSL *s) | |||
| 74 | CBS cbs, challenge, cipher_specs, session; | 74 | CBS cbs, challenge, cipher_specs, session; |
| 75 | uint16_t record_length, client_version, cipher_specs_length; | 75 | uint16_t record_length, client_version, cipher_specs_length; |
| 76 | uint16_t session_id_length, challenge_length; | 76 | uint16_t session_id_length, challenge_length; |
| 77 | unsigned char *client_random, *data = NULL; | 77 | unsigned char *client_random = NULL, *data = NULL; |
| 78 | size_t data_len, pad_len, len; | ||
| 78 | uint32_t cipher_spec; | 79 | uint32_t cipher_spec; |
| 79 | uint8_t message_type; | 80 | uint8_t message_type; |
| 80 | size_t data_len; | 81 | unsigned char *pad; |
| 81 | int rv = -1; | 82 | int ret = -1; |
| 82 | int n; | 83 | int n; |
| 83 | 84 | ||
| 84 | memset(&cbb, 0, sizeof(cbb)); | 85 | memset(&cbb, 0, sizeof(cbb)); |
| @@ -153,6 +154,25 @@ ssl_convert_sslv2_client_hello(SSL *s) | |||
| 153 | return -1; | 154 | return -1; |
| 154 | } | 155 | } |
| 155 | 156 | ||
| 157 | /* | ||
| 158 | * Convert SSLv2 challenge to SSLv3/TLS client random, by truncating or | ||
| 159 | * left-padding with zero bytes. | ||
| 160 | */ | ||
| 161 | if ((client_random = malloc(SSL3_RANDOM_SIZE)) == NULL) | ||
| 162 | goto err; | ||
| 163 | if (!CBB_init_fixed(&cbb, client_random, SSL3_RANDOM_SIZE)) | ||
| 164 | goto err; | ||
| 165 | if ((len = CBS_len(&challenge)) > SSL3_RANDOM_SIZE) | ||
| 166 | len = SSL3_RANDOM_SIZE; | ||
| 167 | pad_len = SSL3_RANDOM_SIZE - len; | ||
| 168 | if (!CBB_add_space(&cbb, &pad, pad_len)) | ||
| 169 | goto err; | ||
| 170 | memset(pad, 0, pad_len); | ||
| 171 | if (!CBB_add_bytes(&cbb, CBS_data(&challenge), len)) | ||
| 172 | goto err; | ||
| 173 | if (!CBB_finish(&cbb, NULL, NULL)) | ||
| 174 | goto err; | ||
| 175 | |||
| 156 | /* Build SSLv3/TLS record with client hello. */ | 176 | /* Build SSLv3/TLS record with client hello. */ |
| 157 | if (!CBB_init(&cbb, SSL3_RT_MAX_PLAIN_LENGTH)) | 177 | if (!CBB_init(&cbb, SSL3_RT_MAX_PLAIN_LENGTH)) |
| 158 | goto err; | 178 | goto err; |
| @@ -168,10 +188,7 @@ ssl_convert_sslv2_client_hello(SSL *s) | |||
| 168 | goto err; | 188 | goto err; |
| 169 | if (!CBB_add_u16(&client_hello, client_version)) | 189 | if (!CBB_add_u16(&client_hello, client_version)) |
| 170 | goto err; | 190 | goto err; |
| 171 | if (!CBB_add_space(&client_hello, &client_random, SSL3_RANDOM_SIZE)) | 191 | if (!CBB_add_bytes(&client_hello, client_random, SSL3_RANDOM_SIZE)) |
| 172 | goto err; | ||
| 173 | memset(client_random, 0, SSL3_RANDOM_SIZE); | ||
| 174 | if (!CBS_write_bytes(&challenge, client_random, SSL3_RANDOM_SIZE, NULL)) | ||
| 175 | goto err; | 192 | goto err; |
| 176 | if (!CBB_add_u8_length_prefixed(&client_hello, &session_id)) | 193 | if (!CBB_add_u8_length_prefixed(&client_hello, &session_id)) |
| 177 | goto err; | 194 | goto err; |
| @@ -198,13 +215,14 @@ ssl_convert_sslv2_client_hello(SSL *s) | |||
| 198 | s->internal->packet = s->s3->rbuf.buf; | 215 | s->internal->packet = s->s3->rbuf.buf; |
| 199 | s->internal->packet_length = data_len; | 216 | s->internal->packet_length = data_len; |
| 200 | memcpy(s->internal->packet, data, data_len); | 217 | memcpy(s->internal->packet, data, data_len); |
| 201 | rv = 1; | 218 | ret = 1; |
| 202 | 219 | ||
| 203 | err: | 220 | err: |
| 204 | CBB_cleanup(&cbb); | 221 | CBB_cleanup(&cbb); |
| 222 | free(client_random); | ||
| 205 | free(data); | 223 | free(data); |
| 206 | 224 | ||
| 207 | return (rv); | 225 | return (ret); |
| 208 | } | 226 | } |
| 209 | 227 | ||
| 210 | /* | 228 | /* |