[openssl] master update

tmraz at fedoraproject.org tmraz at fedoraproject.org
Tue Sep 1 12:27:37 UTC 2020


The branch master has been updated
       via  807b0a1dbb65fcf0d432184326e76e9f745dc3f1 (commit)
      from  72c1e37421ffe9a4db4bba46f3d736dbc227c255 (commit)


- Log -----------------------------------------------------------------
commit 807b0a1dbb65fcf0d432184326e76e9f745dc3f1
Author: Felix Monninger <felix.monninger at gmail.com>
Date:   Tue Jun 30 22:57:36 2020 +0200

    also zero pad DHE public key in ClientKeyExchange message for interop
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12331)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem_clnt.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 4c994dd389..0780e5fc9a 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -3069,9 +3069,9 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
 {
 #ifndef OPENSSL_NO_DH
     DH *dh_clnt = NULL;
-    const BIGNUM *pub_key;
     EVP_PKEY *ckey = NULL, *skey = NULL;
     unsigned char *keybytes = NULL;
+    int prime_len;
 
     skey = s->s3.peer_tmp;
     if (skey == NULL) {
@@ -3101,15 +3101,19 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
     }
 
     /* send off the data */
-    DH_get0_key(dh_clnt, &pub_key, NULL);
-    if (!WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(pub_key),
-                                        &keybytes)) {
+    prime_len = BN_num_bytes(DH_get0_p(dh_clnt));
+    /*
+     * For interoperability with some versions of the Microsoft TLS
+     * stack, we need to zero pad the DHE pub key to the same length
+     * as the prime, so use the length of the prime here.
+     */
+    if (!WPACKET_sub_allocate_bytes_u16(pkt, prime_len, &keybytes)
+            || BN_bn2binpad(DH_get0_pub_key(dh_clnt), keybytes, prime_len) < 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
                  ERR_R_INTERNAL_ERROR);
         goto err;
     }
 
-    BN_bn2bin(pub_key, keybytes);
     EVP_PKEY_free(ckey);
 
     return 1;


More information about the openssl-commits mailing list