Fix PSK handling.
The PSK identity hint should be stored in the SSL_SESSION structure and not in the parent context (which will overwrite values used by other SSL structures with the same SSL_CTX). Use BUF_strndup when copying identity as it may not be null terminated. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 3c66a669dfc7b3792f7af0758ea26fe8502ce70c)
This commit is contained in:
parent
eb0e2a5c5d
commit
d6be3124f2
@ -1381,8 +1381,6 @@ int ssl3_get_key_exchange(SSL *s)
|
|||||||
|
|
||||||
#ifndef OPENSSL_NO_PSK
|
#ifndef OPENSSL_NO_PSK
|
||||||
if (alg_k & SSL_kPSK) {
|
if (alg_k & SSL_kPSK) {
|
||||||
char tmp_id_hint[PSK_MAX_IDENTITY_LEN + 1];
|
|
||||||
|
|
||||||
param_len = 2;
|
param_len = 2;
|
||||||
if (param_len > n) {
|
if (param_len > n) {
|
||||||
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
|
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
|
||||||
@ -1408,17 +1406,8 @@ int ssl3_get_key_exchange(SSL *s)
|
|||||||
}
|
}
|
||||||
param_len += i;
|
param_len += i;
|
||||||
|
|
||||||
/*
|
s->session->psk_identity_hint = BUF_strndup((char *)p, i);
|
||||||
* If received PSK identity hint contains NULL characters, the hint
|
if (s->session->psk_identity_hint == NULL) {
|
||||||
* is truncated from the first NULL. p may not be ending with NULL,
|
|
||||||
* so create a NULL-terminated string.
|
|
||||||
*/
|
|
||||||
memcpy(tmp_id_hint, p, i);
|
|
||||||
memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
|
|
||||||
if (s->ctx->psk_identity_hint != NULL)
|
|
||||||
OPENSSL_free(s->ctx->psk_identity_hint);
|
|
||||||
s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
|
|
||||||
if (s->ctx->psk_identity_hint == NULL) {
|
|
||||||
al = SSL_AD_HANDSHAKE_FAILURE;
|
al = SSL_AD_HANDSHAKE_FAILURE;
|
||||||
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
|
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
|
||||||
goto f_err;
|
goto f_err;
|
||||||
@ -2951,7 +2940,7 @@ int ssl3_send_client_key_exchange(SSL *s)
|
|||||||
}
|
}
|
||||||
|
|
||||||
memset(identity, 0, sizeof(identity));
|
memset(identity, 0, sizeof(identity));
|
||||||
psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
|
psk_len = s->psk_client_callback(s, s->session->psk_identity_hint,
|
||||||
identity, sizeof(identity) - 1,
|
identity, sizeof(identity) - 1,
|
||||||
psk_or_pre_ms,
|
psk_or_pre_ms,
|
||||||
sizeof(psk_or_pre_ms));
|
sizeof(psk_or_pre_ms));
|
||||||
|
@ -2792,7 +2792,7 @@ int ssl3_get_client_key_exchange(SSL *s)
|
|||||||
|
|
||||||
if (s->session->psk_identity != NULL)
|
if (s->session->psk_identity != NULL)
|
||||||
OPENSSL_free(s->session->psk_identity);
|
OPENSSL_free(s->session->psk_identity);
|
||||||
s->session->psk_identity = BUF_strdup((char *)p);
|
s->session->psk_identity = BUF_strndup((char *)p, i);
|
||||||
if (s->session->psk_identity == NULL) {
|
if (s->session->psk_identity == NULL) {
|
||||||
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
|
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
|
||||||
goto psk_err;
|
goto psk_err;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user