Fix bug in DHE-PSK PMS computation

This commit is contained in:
Manuel Pégourié-Gonnard 2014-06-23 17:56:08 +02:00 committed by Paul Bakker
parent 5c1f032653
commit 8df68632e8
2 changed files with 8 additions and 3 deletions

View file

@ -51,6 +51,9 @@ Bugfix
interpret semicolons as comment delimiters (found by Barry K. Nathan). interpret semicolons as comment delimiters (found by Barry K. Nathan).
* Fix off-by-one error in parsing Supported Point Format extension that * Fix off-by-one error in parsing Supported Point Format extension that
caused some handshakes to fail. caused some handshakes to fail.
* Fix possible miscomputation of the premaster secret with DHE-PSK key
exchange that caused some handshakes to fail with other implementations.
(Failure rate <= 1/255 with common DHM moduli.)
= PolarSSL 1.3.7 released on 2014-05-02 = PolarSSL 1.3.7 released on 2014-05-02
Features Features

View file

@ -913,14 +913,16 @@ int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex )
if( end - p < 2 + (int) len ) if( end - p < 2 + (int) len )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
*(p++) = (unsigned char)( len >> 8 ); /* Write length only when we know the actual value */
*(p++) = (unsigned char)( len );
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx, if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
p, &len, ssl->f_rng, ssl->p_rng ) ) != 0 ) p + 2, &len,
ssl->f_rng, ssl->p_rng ) ) != 0 )
{ {
SSL_DEBUG_RET( 1, "dhm_calc_secret", ret ); SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
return( ret ); return( ret );
} }
*(p++) = (unsigned char)( len >> 8 );
*(p++) = (unsigned char)( len );
p += len; p += len;
SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );