[openssl] master update
tmraz at fedoraproject.org
tmraz at fedoraproject.org
Tue Sep 1 12:27:37 UTC 2020
The branch master has been updated
via 807b0a1dbb65fcf0d432184326e76e9f745dc3f1 (commit)
from 72c1e37421ffe9a4db4bba46f3d736dbc227c255 (commit)
- Log -----------------------------------------------------------------
commit 807b0a1dbb65fcf0d432184326e76e9f745dc3f1
Author: Felix Monninger <felix.monninger at gmail.com>
Date: Tue Jun 30 22:57:36 2020 +0200
also zero pad DHE public key in ClientKeyExchange message for interop
Reviewed-by: Ben Kaduk <kaduk at mit.edu>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12331)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_clnt.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 4c994dd389..0780e5fc9a 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -3069,9 +3069,9 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
{
#ifndef OPENSSL_NO_DH
DH *dh_clnt = NULL;
- const BIGNUM *pub_key;
EVP_PKEY *ckey = NULL, *skey = NULL;
unsigned char *keybytes = NULL;
+ int prime_len;
skey = s->s3.peer_tmp;
if (skey == NULL) {
@@ -3101,15 +3101,19 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
}
/* send off the data */
- DH_get0_key(dh_clnt, &pub_key, NULL);
- if (!WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(pub_key),
- &keybytes)) {
+ prime_len = BN_num_bytes(DH_get0_p(dh_clnt));
+ /*
+ * For interoperability with some versions of the Microsoft TLS
+ * stack, we need to zero pad the DHE pub key to the same length
+ * as the prime, so use the length of the prime here.
+ */
+ if (!WPACKET_sub_allocate_bytes_u16(pkt, prime_len, &keybytes)
+ || BN_bn2binpad(DH_get0_pub_key(dh_clnt), keybytes, prime_len) < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
ERR_R_INTERNAL_ERROR);
goto err;
}
- BN_bn2bin(pub_key, keybytes);
EVP_PKEY_free(ckey);
return 1;
More information about the openssl-commits
mailing list