wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve handling of static RSA's decrypted pre-master secret

Browse Source
This commit is contained in:
Sean Parkinson
2019-06-24 17:09:22 +10:00
parent 19cb31d429
commit f1f6ac9308
1 changed files with 22 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/internal.c
View File

@ -25649,15 +25649,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
* indistinguishable: * indistinguishable:
* RSA_BUFFER_E, RSA_PAD_E and RSA_PRIVATE_ERROR * RSA_BUFFER_E, RSA_PAD_E and RSA_PRIVATE_ERROR
*/ */
if (ret < 0 && ret != BAD_FUNC_ARG) { #ifdef WOLFSSL_ASYNC_CRYPT
#ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_PENDING_E)
if (ret == WC_PENDING_E) goto exit_dcke;
goto exit_dcke; #endif
#endif if (ret == BAD_FUNC_ARG)
/* store error code for handling below */ goto exit_dcke;
args->lastErr = ret;
ret = 0; args->lastErr = ret - (SECRET_LEN - args->sigSz);
} ret = 0;
break; break;
} /* rsa_kea */ } /* rsa_kea */
#endif /* !NO_RSA */ #endif /* !NO_RSA */
@ -25808,6 +25808,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifndef NO_RSA #ifndef NO_RSA
case rsa_kea: case rsa_kea:
{ {
byte mask;
int i;
/* Add the signature length to idx */ /* Add the signature length to idx */
args->idx += args->length; args->idx += args->length;
@ -25827,15 +25830,22 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
* indistinguishable from correctly formatted RSA blocks * indistinguishable from correctly formatted RSA blocks
*/ */
ret = args->lastErr;
args->lastErr = 0; /* reset */ args->lastErr = 0; /* reset */
/* On error 'ret' will be negative - top bit set */
mask = (ret >> ((sizeof(ret) * 8) - 1)) - 1;
/* build PreMasterSecret */ /* build PreMasterSecret */
ssl->arrays->preMasterSecret[0] = ssl->chVersion.major; ssl->arrays->preMasterSecret[0] = ssl->chVersion.major;
ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor; ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor;
if (args->output != NULL) { if (args->output != NULL) {
XMEMCPY(&ssl->arrays->preMasterSecret[VERSION_SZ], /* Use random secret on error */
&args->output[VERSION_SZ], for (i = VERSION_SZ; i < SECRET_LEN; i++) {
SECRET_LEN - VERSION_SZ); ssl->arrays->preMasterSecret[i] =
ctMaskSel(mask, args->output[i],
ssl->arrays->preMasterSecret[i]);
}
} }
/* preMasterSecret has RNG and version set /* preMasterSecret has RNG and version set
* return proper length and ignore error * return proper length and ignore error