diff options
author | Miod Vallat <miod@cvs.openbsd.org> | 2014-07-11 12:24:52 +0000 |
---|---|---|
committer | Miod Vallat <miod@cvs.openbsd.org> | 2014-07-11 12:24:52 +0000 |
commit | da4dd7c473160af5399f503b233bc09e00e1f6c9 (patch) | |
tree | 79138e3a0da048cd5598c217f43adebca7f7f205 /lib/libssl/s3_srvr.c | |
parent | bdeb73f2226d6b5738535098b64db4403f1f7b2f (diff) |
In ssl3_get_client_key_exchange() parsing a GOST session key, invoke the
regular ASN.1 parser rather than trying to handroll one and potentially
misbehave; OpenSSL PR #3335 via OpenSSL trunk.
Diffstat (limited to 'lib/libssl/s3_srvr.c')
-rw-r--r-- | lib/libssl/s3_srvr.c | 21 |
1 files changed, 8 insertions, 13 deletions
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index c31ac39fe1a..b0bfe493e81 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.72 2014/07/11 09:24:44 beck Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.73 2014/07/11 12:24:51 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2181,6 +2181,8 @@ ssl3_get_client_key_exchange(SSL *s) unsigned char premaster_secret[32], *start; size_t outlen = 32, inlen; unsigned long alg_a; + int Ttag, Tclass; + long Tlen; /* Get our certificate private key*/ alg_a = s->s3->tmp.new_cipher->algorithm_auth; @@ -2205,22 +2207,15 @@ ssl3_get_client_key_exchange(SSL *s) ERR_clear_error(); } /* Decrypt session key */ - if ((*p != ( V_ASN1_SEQUENCE| V_ASN1_CONSTRUCTED))) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DECRYPTION_FAILED); - goto gerr; - } - if (p[1] == 0x81) { - start = p + 3; - inlen = p[2]; - } else if (p[1] < 0x80) { - start = p + 2; - inlen = p[1]; - } else { + if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag, + &Tclass, n) != V_ASN1_CONSTRUCTED || + Ttag != V_ASN1_SEQUENCE || Tclass != V_ASN1_UNIVERSAL) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DECRYPTION_FAILED); goto gerr; } + start = p; + inlen = Tlen; if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, start, inlen) <=0) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |