xfnw/plan9fox
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

tlshand: fix ECDHE and DHE for SSLv3

Browse source
This commit is contained in:
cinap_lenrek 2017-04-03 02:48:47 +02:00
parent 8829d51f50
commit 6ff5c10ffb
1 changed files with 11 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
sys/src/libsec/port/tlshand.c
View file

@ -1402,12 +1402,10 @@ msgSend(TlsConnection *c, Msg *m, int act)
if(m->u.clientKeyExchange.key == nil) if(m->u.clientKeyExchange.key == nil)
break; break;
n = m->u.clientKeyExchange.key->len; n = m->u.clientKeyExchange.key->len;
if(c->version != SSL3Version){ if(isECDHE(c->cipher))
if(isECDHE(c->cipher)) *p++ = n;
*p++ = n; else if(isDHE(c->cipher) || c->version != SSL3Version)
else put16(p, n), p += 2;
put16(p, n), p += 2;
}
memmove(p, m->u.clientKeyExchange.key->data, n); memmove(p, m->u.clientKeyExchange.key->data, n);
p += n; p += n;
break; break;
@ -1786,18 +1784,14 @@ msgRecv(TlsConnection *c, Msg *m)
if(n == 0) if(n == 0)
break; break;
} }
if(c->version == SSL3Version) if(n < 2)
goto Short;
if(isECDHE(c->cipher))
nn = *p++, n--;
else if(isDHE(c->cipher) || c->version != SSL3Version)
nn = get16(p), p += 2, n -= 2;
else
nn = n; nn = n;
else{
if(n < 2)
goto Short;
if(isECDHE(c->cipher))
nn = *p++, n--;
else {
nn = get16(p);
p += 2, n -= 2;
}
}
if(n < nn) if(n < nn)
goto Short; goto Short;
m->u.clientKeyExchange.key = makebytes(p, nn); m->u.clientKeyExchange.key = makebytes(p, nn);