WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

check RSA explicit size

pull/1/head
toddouska 2012-12-28 12:28:25 -08:00
parent 09ea7169d7
commit 23ff36075b
1 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/internal.c
View File

@ -74,7 +74,7 @@
#ifndef NO_CYASSL_SERVER #ifndef NO_CYASSL_SERVER
static int DoClientHello(CYASSL* ssl, const byte* input, word32*, word32, static int DoClientHello(CYASSL* ssl, const byte* input, word32*, word32,
word32); word32);
static int DoClientKeyExchange(CYASSL* ssl, byte* input, word32*); static int DoClientKeyExchange(CYASSL* ssl, byte* input, word32*, word32);
#if !defined(NO_RSA) || defined(HAVE_ECC) #if !defined(NO_RSA) || defined(HAVE_ECC)
static int DoCertificateVerify(CYASSL* ssl, byte*, word32*, word32); static int DoCertificateVerify(CYASSL* ssl, byte*, word32*, word32);
#endif #endif
@ -217,8 +217,6 @@ static INLINE void ato16(const byte* c, word16* u16)
} }
#ifdef CYASSL_DTLS
/* convert opaque to 32 bit integer */ /* convert opaque to 32 bit integer */
static INLINE void ato32(const byte* c, word32* u32) static INLINE void ato32(const byte* c, word32* u32)
{ {
@ -226,8 +224,6 @@ static INLINE void ato32(const byte* c, word32* u32)
*u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3]; *u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3];
} }
#endif /* CYASSL_DTLS */
#ifdef HAVE_LIBZ #ifdef HAVE_LIBZ
@ -2786,7 +2782,7 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
case client_key_exchange: case client_key_exchange:
CYASSL_MSG("processing client key exchange"); CYASSL_MSG("processing client key exchange");
ret = DoClientKeyExchange(ssl, input, inOutIdx); ret = DoClientKeyExchange(ssl, input, inOutIdx, totalSz);
break; break;
#if !defined(NO_RSA) || defined(HAVE_ECC) #if !defined(NO_RSA) || defined(HAVE_ECC)
@ -8000,7 +7996,7 @@ int SetCipherList(Suites* s, const char* list)
#endif #endif
static int DoClientKeyExchange(CYASSL* ssl, byte* input, static int DoClientKeyExchange(CYASSL* ssl, byte* input,
word32* inOutIdx) word32* inOutIdx, word32 totalSz)
{ {
int ret = 0; int ret = 0;
word32 length = 0; word32 length = 0;
@ -8010,6 +8006,7 @@ int SetCipherList(Suites* s, const char* list)
(void)out; (void)out;
(void)input; (void)input;
(void)inOutIdx; (void)inOutIdx;
(void)totalSz;
if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) { if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) {
CYASSL_MSG("Client sending keyexchange at wrong time"); CYASSL_MSG("Client sending keyexchange at wrong time");
@ -8051,11 +8048,25 @@ int SetCipherList(Suites* s, const char* list)
length = RsaEncryptSize(&key); length = RsaEncryptSize(&key);
ssl->arrays->preMasterSz = SECRET_LEN; ssl->arrays->preMasterSz = SECRET_LEN;
if (ssl->options.tls) if (ssl->options.tls) {
word16 check;
ato16(input + *inOutIdx, &check);
if ((word32)check != length) {
CYASSL_MSG("RSA explicit size doesn't match");
FreeRsaKey(&key);
return RSA_PRIVATE_ERROR;
}
(*inOutIdx) += 2; (*inOutIdx) += 2;
}
tmp = input + *inOutIdx; tmp = input + *inOutIdx;
*inOutIdx += length; *inOutIdx += length;
if (*inOutIdx > totalSz) {
CYASSL_MSG("RSA message too big");
FreeRsaKey(&key);
return INCOMPLETE_DATA;
}
if (RsaPrivateDecryptInline(tmp, length, &out, &key) == if (RsaPrivateDecryptInline(tmp, length, &out, &key) ==
SECRET_LEN) { SECRET_LEN) {
XMEMCPY(ssl->arrays->preMasterSecret, out, SECRET_LEN); XMEMCPY(ssl->arrays->preMasterSecret, out, SECRET_LEN);