Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
f2be92b9
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
f2be92b9
编写于
7月 26, 2014
作者:
M
Matt Caswell
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Fixed out-of-bounds read errors in ssl3_get_key_exchange.
PR#3450 Reviewed-by:
N
Emilia Käsper
<
emilia@openssl.org
>
上级
c9a81b30
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
158 addition
and
46 deletion
+158
-46
ssl/s3_clnt.c
ssl/s3_clnt.c
+158
-46
未找到文件。
ssl/s3_clnt.c
浏览文件 @
f2be92b9
...
...
@@ -1378,8 +1378,8 @@ int ssl3_get_key_exchange(SSL *s)
#endif
EVP_MD_CTX
md_ctx
;
unsigned
char
*
param
,
*
p
;
int
al
,
i
,
j
,
param_len
,
ok
;
long
n
,
alg_k
,
alg_a
;
int
al
,
j
,
ok
;
long
i
,
param_len
,
n
,
alg_k
,
alg_a
;
EVP_PKEY
*
pkey
=
NULL
;
const
EVP_MD
*
md
=
NULL
;
#ifndef OPENSSL_NO_RSA
...
...
@@ -1455,36 +1455,48 @@ int ssl3_get_key_exchange(SSL *s)
s
->
session
->
sess_cert
=
ssl_sess_cert_new
();
}
/* Total length of the parameters including the length prefix */
param_len
=
0
;
alg_k
=
s
->
s3
->
tmp
.
new_cipher
->
algorithm_mkey
;
alg_a
=
s
->
s3
->
tmp
.
new_cipher
->
algorithm_auth
;
EVP_MD_CTX_init
(
&
md_ctx
);
al
=
SSL_AD_DECODE_ERROR
;
#ifndef OPENSSL_NO_PSK
if
(
alg_k
&
SSL_kPSK
)
{
char
tmp_id_hint
[
PSK_MAX_IDENTITY_LEN
+
1
];
al
=
SSL_AD_HANDSHAKE_FAILURE
;
param_len
=
2
;
if
(
param_len
>
n
)
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_LENGTH_TOO_SHORT
);
goto
f_err
;
}
n2s
(
p
,
i
);
param_len
=
i
+
2
;
/* Store PSK identity hint for later use, hint is used
* in ssl3_send_client_key_exchange. Assume that the
* maximum length of a PSK identity hint can be as
* long as the maximum length of a PSK identity. */
if
(
i
>
PSK_MAX_IDENTITY_LEN
)
{
al
=
SSL_AD_HANDSHAKE_FAILURE
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_DATA_LENGTH_TOO_LONG
);
goto
f_err
;
}
if
(
param_len
>
n
)
if
(
i
>
n
-
param_le
n
)
{
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH
);
goto
f_err
;
}
param_len
+=
i
;
/* If received PSK identity hint contains NULL
* characters, the hint is truncated from the first
* NULL. p may not be ending with NULL, so create a
...
...
@@ -1496,6 +1508,7 @@ int ssl3_get_key_exchange(SSL *s)
s
->
ctx
->
psk_identity_hint
=
BUF_strdup
(
tmp_id_hint
);
if
(
s
->
ctx
->
psk_identity_hint
==
NULL
)
{
al
=
SSL_AD_HANDSHAKE_FAILURE
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
ERR_R_MALLOC_FAILURE
);
goto
f_err
;
}
...
...
@@ -1508,14 +1521,22 @@ int ssl3_get_key_exchange(SSL *s)
#ifndef OPENSSL_NO_SRP
if
(
alg_k
&
SSL_kSRP
)
{
n2s
(
p
,
i
);
param_len
=
i
+
2
;
param_len
=
2
;
if
(
param_len
>
n
)
{
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_LENGTH_TOO_SHORT
);
goto
f_err
;
}
n2s
(
p
,
i
);
if
(
i
>
n
-
param_len
)
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_BAD_SRP_N_LENGTH
);
goto
f_err
;
}
param_len
+=
i
;
if
(
!
(
s
->
srp_ctx
.
N
=
BN_bin2bn
(
p
,
i
,
NULL
)))
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
ERR_R_BN_LIB
);
...
...
@@ -1523,14 +1544,24 @@ int ssl3_get_key_exchange(SSL *s)
}
p
+=
i
;
if
(
2
>
n
-
param_len
)
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_LENGTH_TOO_SHORT
);
goto
f_err
;
}
param_len
+=
2
;
n2s
(
p
,
i
);
param_len
+=
i
+
2
;
if
(
param_len
>
n
)
if
(
i
>
n
-
param_le
n
)
{
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_BAD_SRP_G_LENGTH
);
goto
f_err
;
}
param_len
+=
i
;
if
(
!
(
s
->
srp_ctx
.
g
=
BN_bin2bn
(
p
,
i
,
NULL
)))
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
ERR_R_BN_LIB
);
...
...
@@ -1538,15 +1569,25 @@ int ssl3_get_key_exchange(SSL *s)
}
p
+=
i
;
if
(
1
>
n
-
param_len
)
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_LENGTH_TOO_SHORT
);
goto
f_err
;
}
param_len
+=
1
;
i
=
(
unsigned
int
)(
p
[
0
]);
p
++
;
param_len
+=
i
+
1
;
if
(
param_len
>
n
)
if
(
i
>
n
-
param_le
n
)
{
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_BAD_SRP_S_LENGTH
);
goto
f_err
;
}
param_len
+=
i
;
if
(
!
(
s
->
srp_ctx
.
s
=
BN_bin2bn
(
p
,
i
,
NULL
)))
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
ERR_R_BN_LIB
);
...
...
@@ -1554,14 +1595,23 @@ int ssl3_get_key_exchange(SSL *s)
}
p
+=
i
;
if
(
2
>
n
-
param_len
)
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_LENGTH_TOO_SHORT
);
goto
f_err
;
}
param_len
+=
2
;
n2s
(
p
,
i
);
param_len
+=
i
+
2
;
if
(
param_len
>
n
)
if
(
i
>
n
-
param_le
n
)
{
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_BAD_SRP_B_LENGTH
);
goto
f_err
;
}
param_len
+=
i
;
if
(
!
(
s
->
srp_ctx
.
B
=
BN_bin2bn
(
p
,
i
,
NULL
)))
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
ERR_R_BN_LIB
);
...
...
@@ -1599,14 +1649,23 @@ int ssl3_get_key_exchange(SSL *s)
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
ERR_R_MALLOC_FAILURE
);
goto
err
;
}
n2s
(
p
,
i
);
param_len
=
i
+
2
;
param_len
=
2
;
if
(
param_len
>
n
)
{
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_LENGTH_TOO_SHORT
);
goto
f_err
;
}
n2s
(
p
,
i
);
if
(
i
>
n
-
param_len
)
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_BAD_RSA_MODULUS_LENGTH
);
goto
f_err
;
}
param_len
+=
i
;
if
(
!
(
rsa
->
n
=
BN_bin2bn
(
p
,
i
,
rsa
->
n
)))
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
ERR_R_BN_LIB
);
...
...
@@ -1614,14 +1673,23 @@ int ssl3_get_key_exchange(SSL *s)
}
p
+=
i
;
if
(
2
>
n
-
param_len
)
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_LENGTH_TOO_SHORT
);
goto
f_err
;
}
param_len
+=
2
;
n2s
(
p
,
i
);
param_len
+=
i
+
2
;
if
(
param_len
>
n
)
if
(
i
>
n
-
param_le
n
)
{
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_BAD_RSA_E_LENGTH
);
goto
f_err
;
}
param_len
+=
i
;
if
(
!
(
rsa
->
e
=
BN_bin2bn
(
p
,
i
,
rsa
->
e
)))
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
ERR_R_BN_LIB
);
...
...
@@ -1653,14 +1721,23 @@ int ssl3_get_key_exchange(SSL *s)
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
ERR_R_DH_LIB
);
goto
err
;
}
n2s
(
p
,
i
);
param_len
=
i
+
2
;
param_len
=
2
;
if
(
param_len
>
n
)
{
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_LENGTH_TOO_SHORT
);
goto
f_err
;
}
n2s
(
p
,
i
);
if
(
i
>
n
-
param_len
)
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_BAD_DH_P_LENGTH
);
goto
f_err
;
}
param_len
+=
i
;
if
(
!
(
dh
->
p
=
BN_bin2bn
(
p
,
i
,
NULL
)))
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
ERR_R_BN_LIB
);
...
...
@@ -1668,14 +1745,23 @@ int ssl3_get_key_exchange(SSL *s)
}
p
+=
i
;
if
(
2
>
n
-
param_len
)
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_LENGTH_TOO_SHORT
);
goto
f_err
;
}
param_len
+=
2
;
n2s
(
p
,
i
);
param_len
+=
i
+
2
;
if
(
param_len
>
n
)
if
(
i
>
n
-
param_le
n
)
{
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_BAD_DH_G_LENGTH
);
goto
f_err
;
}
param_len
+=
i
;
if
(
!
(
dh
->
g
=
BN_bin2bn
(
p
,
i
,
NULL
)))
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
ERR_R_BN_LIB
);
...
...
@@ -1683,14 +1769,23 @@ int ssl3_get_key_exchange(SSL *s)
}
p
+=
i
;
if
(
2
>
n
-
param_len
)
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_LENGTH_TOO_SHORT
);
goto
f_err
;
}
param_len
+=
2
;
n2s
(
p
,
i
);
param_len
+=
i
+
2
;
if
(
param_len
>
n
)
if
(
i
>
n
-
param_le
n
)
{
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_BAD_DH_PUB_KEY_LENGTH
);
goto
f_err
;
}
param_len
+=
i
;
if
(
!
(
dh
->
pub_key
=
BN_bin2bn
(
p
,
i
,
NULL
)))
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
ERR_R_BN_LIB
);
...
...
@@ -1750,15 +1845,21 @@ int ssl3_get_key_exchange(SSL *s)
*/
/* XXX: For now we only support named (not generic) curves
* and the ECParameters in this case is just three bytes.
* and the ECParameters in this case is just three bytes. We
* also need one byte for the length of the encoded point
*/
param_len
=
3
;
param_len
=
4
;
if
(
param_len
>
n
)
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_LENGTH_TOO_SHORT
);
goto
f_err
;
}
/* Check curve is one of our preferences, if not server has
* sent an invalid curve.
* sent an invalid curve.
ECParameters is 3 bytes.
*/
if
(
!
tls1_check_curve
(
s
,
p
,
param_len
))
if
(
!
tls1_check_curve
(
s
,
p
,
3
))
{
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_WRONG_CURVE
);
goto
f_err
;
}
...
...
@@ -1805,15 +1906,15 @@ int ssl3_get_key_exchange(SSL *s)
encoded_pt_len
=
*
p
;
/* length of encoded point */
p
+=
1
;
param_len
+=
(
1
+
encoded_pt_len
);
if
((
param_len
>
n
)
||
if
((
encoded_pt_len
>
n
-
param_le
n
)
||
(
EC_POINT_oct2point
(
group
,
srvr_ecpoint
,
p
,
encoded_pt_len
,
bn_ctx
)
==
0
))
{
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_BAD_ECPOINT
);
goto
f_err
;
}
param_len
+=
encoded_pt_len
;
n
-=
param_len
;
p
+=
encoded_pt_len
;
...
...
@@ -1856,12 +1957,18 @@ int ssl3_get_key_exchange(SSL *s)
{
if
(
SSL_USE_SIGALGS
(
s
))
{
int
rv
=
tls12_check_peer_sigalg
(
&
md
,
s
,
p
,
pkey
);
int
rv
;
if
(
2
>
n
)
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_LENGTH_TOO_SHORT
);
goto
f_err
;
}
rv
=
tls12_check_peer_sigalg
(
&
md
,
s
,
p
,
pkey
);
if
(
rv
==
-
1
)
goto
err
;
else
if
(
rv
==
0
)
{
al
=
SSL_AD_DECODE_ERROR
;
goto
f_err
;
}
#ifdef SSL_DEBUG
...
...
@@ -1872,15 +1979,21 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
}
else
md
=
EVP_sha1
();
if
(
2
>
n
)
{
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_LENGTH_TOO_SHORT
);
goto
f_err
;
}
n2s
(
p
,
i
);
n
-=
2
;
j
=
EVP_PKEY_size
(
pkey
);
/* Check signature length. If n is 0 then signature is empty */
if
((
i
!=
n
)
||
(
n
>
j
)
||
(
n
<=
0
))
{
/* wrong packet length */
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_WRONG_SIGNATURE_LENGTH
);
goto
f_err
;
}
...
...
@@ -1951,7 +2064,6 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
/* still data left over */
if
(
n
!=
0
)
{
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_EXTRA_DATA_IN_MESSAGE
);
goto
f_err
;
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录