From: Dr. Stephen Henson Date: Wed, 1 Jul 2015 22:40:03 +0000 (+0100) Subject: Fix PSK handling. X-Git-Tag: OpenSSL_1_0_1p~8 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d6be3124f22870f1888c532523b74ea5d89795eb;p=oweals%2Fopenssl.git Fix PSK handling. The PSK identity hint should be stored in the SSL_SESSION structure and not in the parent context (which will overwrite values used by other SSL structures with the same SSL_CTX). Use BUF_strndup when copying identity as it may not be null terminated. Reviewed-by: Tim Hudson (cherry picked from commit 3c66a669dfc7b3792f7af0758ea26fe8502ce70c) --- diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 0879a0f8ba..35ad1217a6 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1381,8 +1381,6 @@ int ssl3_get_key_exchange(SSL *s) #ifndef OPENSSL_NO_PSK if (alg_k & SSL_kPSK) { - char tmp_id_hint[PSK_MAX_IDENTITY_LEN + 1]; - param_len = 2; if (param_len > n) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); @@ -1408,17 +1406,8 @@ int ssl3_get_key_exchange(SSL *s) } param_len += i; - /* - * If received PSK identity hint contains NULL characters, the hint - * is truncated from the first NULL. p may not be ending with NULL, - * so create a NULL-terminated string. - */ - memcpy(tmp_id_hint, p, i); - memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i); - if (s->ctx->psk_identity_hint != NULL) - OPENSSL_free(s->ctx->psk_identity_hint); - s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); - if (s->ctx->psk_identity_hint == NULL) { + s->session->psk_identity_hint = BUF_strndup((char *)p, i); + if (s->session->psk_identity_hint == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto f_err; @@ -2951,7 +2940,7 @@ int ssl3_send_client_key_exchange(SSL *s) } memset(identity, 0, sizeof(identity)); - psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, + psk_len = s->psk_client_callback(s, s->session->psk_identity_hint, identity, sizeof(identity) - 1, psk_or_pre_ms, sizeof(psk_or_pre_ms)); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 9aa329260a..3a5f71d745 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2792,7 +2792,7 @@ int ssl3_get_client_key_exchange(SSL *s) if (s->session->psk_identity != NULL) OPENSSL_free(s->session->psk_identity); - s->session->psk_identity = BUF_strdup((char *)p); + s->session->psk_identity = BUF_strndup((char *)p, i); if (s->session->psk_identity == NULL) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto psk_err;