generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix PSK handling.

Browse Source 
The PSK identity hint should be stored in the SSL_SESSION structure
and not in the parent context (which will overwrite values used
by other SSL structures with the same SSL_CTX).

Use BUF_strndup when copying identity as it may not be null terminated.

Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2015-07-01 23:40:03 +01:00
parent f8f75a7e4a
commit 3c66a669df
2 changed files with 4 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
ssl/s3_clnt.c
View File

@ -1456,8 +1456,6 @@ int ssl3_get_key_exchange(SSL *s)
#ifndef OPENSSL_NO_PSK #ifndef OPENSSL_NO_PSK
if (alg_k & SSL_kPSK) { if (alg_k & SSL_kPSK) {
char tmp_id_hint[PSK_MAX_IDENTITY_LEN + 1];
param_len = 2; param_len = 2;
if (param_len > n) { if (param_len > n) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
@ -1483,17 +1481,8 @@ int ssl3_get_key_exchange(SSL *s)
} }
param_len += i; param_len += i;
/* s->session->psk_identity_hint = BUF_strndup((char *)p, i);
* If received PSK identity hint contains NULL characters, the hint if (s->session->psk_identity_hint == NULL) {
* is truncated from the first NULL. p may not be ending with NULL,
* so create a NULL-terminated string.
*/
memcpy(tmp_id_hint, p, i);
memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
if (s->ctx->psk_identity_hint != NULL)
OPENSSL_free(s->ctx->psk_identity_hint);
s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
if (s->ctx->psk_identity_hint == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE; al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
goto f_err; goto f_err;
@ -3077,7 +3066,7 @@ int ssl3_send_client_key_exchange(SSL *s)
} }
memset(identity, 0, sizeof(identity)); memset(identity, 0, sizeof(identity));
psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, psk_len = s->psk_client_callback(s, s->session->psk_identity_hint,
identity, sizeof(identity) - 1, identity, sizeof(identity) - 1,
psk_or_pre_ms, psk_or_pre_ms,
sizeof(psk_or_pre_ms)); sizeof(psk_or_pre_ms));

2
ssl/s3_srvr.c
View File

@ -2780,7 +2780,7 @@ int ssl3_get_client_key_exchange(SSL *s)
if (s->session->psk_identity != NULL) if (s->session->psk_identity != NULL)
OPENSSL_free(s->session->psk_identity); OPENSSL_free(s->session->psk_identity);
s->session->psk_identity = BUF_strdup((char *)p); s->session->psk_identity = BUF_strndup((char *)p, i);
if (s->session->psk_identity == NULL) { if (s->session->psk_identity == NULL) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
goto psk_err; goto psk_err;