[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

Dr. Stephen Henson steve at openssl.org
Thu Jul 2 12:08:05 UTC 2015


The branch OpenSSL_1_0_1-stable has been updated
       via  d6be3124f22870f1888c532523b74ea5d89795eb (commit)
      from  eb0e2a5c5d904c3f74a9387d27bfbad4861469a9 (commit)


- Log -----------------------------------------------------------------
commit d6be3124f22870f1888c532523b74ea5d89795eb
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Wed Jul 1 23:40:03 2015 +0100

    Fix PSK handling.
    
    The PSK identity hint should be stored in the SSL_SESSION structure
    and not in the parent context (which will overwrite values used
    by other SSL structures with the same SSL_CTX).
    
    Use BUF_strndup when copying identity as it may not be null terminated.
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (cherry picked from commit 3c66a669dfc7b3792f7af0758ea26fe8502ce70c)

-----------------------------------------------------------------------

Summary of changes:
 ssl/s3_clnt.c | 17 +++--------------
 ssl/s3_srvr.c |  2 +-
 2 files changed, 4 insertions(+), 15 deletions(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 0879a0f..35ad121 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1381,8 +1381,6 @@ int ssl3_get_key_exchange(SSL *s)
 
 #ifndef OPENSSL_NO_PSK
     if (alg_k & SSL_kPSK) {
-        char tmp_id_hint[PSK_MAX_IDENTITY_LEN + 1];
-
         param_len = 2;
         if (param_len > n) {
             SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
@@ -1408,17 +1406,8 @@ int ssl3_get_key_exchange(SSL *s)
         }
         param_len += i;
 
-        /*
-         * If received PSK identity hint contains NULL characters, the hint
-         * is truncated from the first NULL. p may not be ending with NULL,
-         * so create a NULL-terminated string.
-         */
-        memcpy(tmp_id_hint, p, i);
-        memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
-        if (s->ctx->psk_identity_hint != NULL)
-            OPENSSL_free(s->ctx->psk_identity_hint);
-        s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
-        if (s->ctx->psk_identity_hint == NULL) {
+        s->session->psk_identity_hint = BUF_strndup((char *)p, i);
+        if (s->session->psk_identity_hint == NULL) {
             al = SSL_AD_HANDSHAKE_FAILURE;
             SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
             goto f_err;
@@ -2951,7 +2940,7 @@ int ssl3_send_client_key_exchange(SSL *s)
             }
 
             memset(identity, 0, sizeof(identity));
-            psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
+            psk_len = s->psk_client_callback(s, s->session->psk_identity_hint,
                                              identity, sizeof(identity) - 1,
                                              psk_or_pre_ms,
                                              sizeof(psk_or_pre_ms));
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 9aa3292..3a5f71d 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2792,7 +2792,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 
         if (s->session->psk_identity != NULL)
             OPENSSL_free(s->session->psk_identity);
-        s->session->psk_identity = BUF_strdup((char *)p);
+        s->session->psk_identity = BUF_strndup((char *)p, i);
         if (s->session->psk_identity == NULL) {
             SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
             goto psk_err;


More information about the openssl-commits mailing list