summaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
authorFelix Monninger <felix.monninger@gmail.com>2020-06-30 22:57:36 +0200
committerTomas Mraz <tmraz@fedoraproject.org>2020-09-01 14:27:05 +0200
commit807b0a1dbb65fcf0d432184326e76e9f745dc3f1 (patch)
tree0cb6a66cb6f5bf6a625e0f99f8282cdc104e4ebb /ssl
parent72c1e37421ffe9a4db4bba46f3d736dbc227c255 (diff)
also zero pad DHE public key in ClientKeyExchange message for interop
Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12331)
Diffstat (limited to 'ssl')
-rw-r--r--ssl/statem/statem_clnt.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 4c994dd389..0780e5fc9a 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -3069,9 +3069,9 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
{
#ifndef OPENSSL_NO_DH
DH *dh_clnt = NULL;
- const BIGNUM *pub_key;
EVP_PKEY *ckey = NULL, *skey = NULL;
unsigned char *keybytes = NULL;
+ int prime_len;
skey = s->s3.peer_tmp;
if (skey == NULL) {
@@ -3101,15 +3101,19 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
}
/* send off the data */
- DH_get0_key(dh_clnt, &pub_key, NULL);
- if (!WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(pub_key),
- &keybytes)) {
+ prime_len = BN_num_bytes(DH_get0_p(dh_clnt));
+ /*
+ * For interoperability with some versions of the Microsoft TLS
+ * stack, we need to zero pad the DHE pub key to the same length
+ * as the prime, so use the length of the prime here.
+ */
+ if (!WPACKET_sub_allocate_bytes_u16(pkt, prime_len, &keybytes)
+ || BN_bn2binpad(DH_get0_pub_key(dh_clnt), keybytes, prime_len) < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
ERR_R_INTERNAL_ERROR);
goto err;
}
- BN_bn2bin(pub_key, keybytes);
EVP_PKEY_free(ckey);
return 1;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 05:56:32 +0000