xfnw/plan9fox
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

libsec: fix wrong tls1.0 prf regression

Browse source 
The change 775a4bea43
"libsec: various changes to tls"
...
4. simply prf code...

... broke the TLS1.0 prf function, missing the fact
that the prf ouput for sha1 and md5 need to be
xored together.
This commit is contained in:
cinap_lenrek 2022-03-27 20:28:41 +00:00
parent 00542efd15
commit 89ae389eb6
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
sys/src/libsec/port/tlshand.c
View file

@ -2342,13 +2342,14 @@ factotum_rsa_close(AuthRpc *rpc)
auth_freerpc(rpc); auth_freerpc(rpc);
} }
// buf ^= prf
static void static void
tlsP(uchar *buf, int nbuf, uchar *key, int nkey, uchar *label, int nlabel, uchar *seed, int nseed, tlsP(uchar *buf, int nbuf, uchar *key, int nkey, uchar *label, int nlabel, uchar *seed, int nseed,
DigestState* (*x)(uchar*, ulong, uchar*, ulong, uchar*, DigestState*), int xlen) DigestState* (*x)(uchar*, ulong, uchar*, ulong, uchar*, DigestState*), int xlen)
{ {
uchar ai[SHA2_256dlen], tmp[SHA2_256dlen]; uchar ai[SHA2_256dlen], tmp[SHA2_256dlen];
DigestState *s; DigestState *s;
int n; int n, i;
assert(xlen <= sizeof(ai) && xlen <= sizeof(tmp)); assert(xlen <= sizeof(ai) && xlen <= sizeof(tmp));
// generate a1 // generate a1
@ -2362,7 +2363,8 @@ tlsP(uchar *buf, int nbuf, uchar *key, int nkey, uchar *label, int nlabel, uchar
n = xlen; n = xlen;
if(n > nbuf) if(n > nbuf)
n = nbuf; n = nbuf;
memmove(buf, tmp, n); for(i = 0; i < n; i++)
buf[i] ^= tmp[i];
buf += n; buf += n;
nbuf -= n; nbuf -= n;
x(ai, xlen, key, nkey, tmp, nil); x(ai, xlen, key, nkey, tmp, nil);
@ -2370,6 +2372,7 @@ tlsP(uchar *buf, int nbuf, uchar *key, int nkey, uchar *label, int nlabel, uchar
} }
} }
// fill buf with md5(args)^sha1(args) // fill buf with md5(args)^sha1(args)
static void static void
tls10PRF(uchar *buf, int nbuf, uchar *key, int nkey, char *label, uchar *seed, int nseed) tls10PRF(uchar *buf, int nbuf, uchar *key, int nkey, char *label, uchar *seed, int nseed)
@ -2377,6 +2380,7 @@ tls10PRF(uchar *buf, int nbuf, uchar *key, int nkey, char *label, uchar *seed, i
int nlabel = strlen(label); int nlabel = strlen(label);
int n = (nkey + 1) >> 1; int n = (nkey + 1) >> 1;
memset(buf, 0, nbuf);
tlsP(buf, nbuf, key, n, (uchar*)label, nlabel, seed, nseed, tlsP(buf, nbuf, key, n, (uchar*)label, nlabel, seed, nseed,
hmac_md5, MD5dlen); hmac_md5, MD5dlen);
tlsP(buf, nbuf, key+nkey-n, n, (uchar*)label, nlabel, seed, nseed, tlsP(buf, nbuf, key+nkey-n, n, (uchar*)label, nlabel, seed, nseed,
@ -2386,6 +2390,7 @@ tls10PRF(uchar *buf, int nbuf, uchar *key, int nkey, char *label, uchar *seed, i
static void static void
tls12PRF(uchar *buf, int nbuf, uchar *key, int nkey, char *label, uchar *seed, int nseed) tls12PRF(uchar *buf, int nbuf, uchar *key, int nkey, char *label, uchar *seed, int nseed)
{ {
memset(buf, 0, nbuf);
tlsP(buf, nbuf, key, nkey, (uchar*)label, strlen(label), seed, nseed, tlsP(buf, nbuf, key, nkey, (uchar*)label, strlen(label), seed, nseed,
hmac_sha2_256, SHA2_256dlen); hmac_sha2_256, SHA2_256dlen);
} }