Disentangle RSA premaster secret parsing
authorEmilia Kasper <emilia@openssl.org>
Wed, 9 Sep 2015 12:45:00 +0000 (14:45 +0200)
committerEmilia Kasper <emilia@openssl.org>
Thu, 17 Sep 2015 15:26:19 +0000 (17:26 +0200)
commit20ca916d7db4fe6feada88d0bea1489123339c7c
tree6064c04f0c2baad552f48150f214a712071bfb55
parent95ed0e7c1f4206191c1b0288e352010e70e252db
Disentangle RSA premaster secret parsing

Simplify encrypted premaster secret reading by using new methods in the
PACKET API.

Don't overwrite the packet buffer. RSA decrypt accepts truncated
ciphertext with leading zeroes omitted, so it's even possible that by
crafting a valid ciphertext with several leading zeroes, this could
cause a few bytes out-of-bounds write. The write is harmless because of
the size of the underlying message buffer, but nevertheless we shouldn't
write into the packet.

Reviewed-by: Matt Caswell <matt@openssl.org>
ssl/s3_srvr.c