From 6dfc7023642caff94cab7f447c6485bfdfd4ffdf Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 24 Jun 2021 15:19:03 +0200 Subject: [PATCH] Correct serverDH_Pub length on renegotiation On a renegotiation the serverDH_Pub buffer may be too short. The previous DhGenKeyPair call may have generated a key that has a shorter binary representation (usually by one byte). Calling DhGenKeyPair with this shorter buffer results in a WC_KEY_SIZE_E error. --- src/internal.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/internal.c b/src/internal.c index c3cb2921e..13b62bdaa 100644 --- a/src/internal.c +++ b/src/internal.c @@ -26634,6 +26634,26 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } } + #ifdef HAVE_SECURE_RENEGOTIATION + /* Check that the DH public key buffer is large + * enough to hold the key. This may occur on a + * renegotiation when the key generated in the + * initial handshake is shorter than the key + * generated in the renegotiation. */ + if (ssl->buffers.serverDH_Pub.length < + ssl->buffers.serverDH_P.length) { + byte* tmp = (byte*)XREALLOC( + ssl->buffers.serverDH_Pub.buffer, + ssl->buffers.serverDH_P.length + + OPAQUE16_LEN, + ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + if (tmp == NULL) + ERROR_OUT(MEMORY_E, exit_sske); + ssl->buffers.serverDH_Pub.buffer = tmp; + ssl->buffers.serverDH_Pub.length = + ssl->buffers.serverDH_P.length + OPAQUE16_LEN; + } + #endif ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key, ssl->buffers.serverDH_Priv.buffer, (word32*)&ssl->buffers.serverDH_Priv.length,