diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2022-03-27 20:28:41 +0000 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2022-03-27 20:28:41 +0000 |
| commit | 89ae389eb670fcc4d2aff786ed502f1bbae4d4fb (patch) | |
| tree | 249a79b6be765e8df1b7b57a006b10843626888e /sys/src/libsec | |
| parent | 00542efd15c5ee37fa927fbe9ba85a2bb377d406 (diff) | |
libsec: fix wrong tls1.0 prf regression
The change 775a4bea4386c12067057de0e56dd8baa34f43ec
"libsec: various changes to tls"
...
4. simply prf code...
... broke the TLS1.0 prf function, missing the fact
that the prf ouput for sha1 and md5 need to be
xored together.
Diffstat (limited to 'sys/src/libsec')
| -rw-r--r-- | sys/src/libsec/port/tlshand.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/sys/src/libsec/port/tlshand.c b/sys/src/libsec/port/tlshand.c index a4b0a21e1..11d22151d 100644 --- a/sys/src/libsec/port/tlshand.c +++ b/sys/src/libsec/port/tlshand.c @@ -2342,13 +2342,14 @@ factotum_rsa_close(AuthRpc *rpc) auth_freerpc(rpc); } +// buf ^= prf static void tlsP(uchar *buf, int nbuf, uchar *key, int nkey, uchar *label, int nlabel, uchar *seed, int nseed, DigestState* (*x)(uchar*, ulong, uchar*, ulong, uchar*, DigestState*), int xlen) { uchar ai[SHA2_256dlen], tmp[SHA2_256dlen]; DigestState *s; - int n; + int n, i; assert(xlen <= sizeof(ai) && xlen <= sizeof(tmp)); // generate a1 @@ -2362,7 +2363,8 @@ tlsP(uchar *buf, int nbuf, uchar *key, int nkey, uchar *label, int nlabel, uchar n = xlen; if(n > nbuf) n = nbuf; - memmove(buf, tmp, n); + for(i = 0; i < n; i++) + buf[i] ^= tmp[i]; buf += n; nbuf -= n; x(ai, xlen, key, nkey, tmp, nil); @@ -2370,6 +2372,7 @@ tlsP(uchar *buf, int nbuf, uchar *key, int nkey, uchar *label, int nlabel, uchar } } + // fill buf with md5(args)^sha1(args) static void tls10PRF(uchar *buf, int nbuf, uchar *key, int nkey, char *label, uchar *seed, int nseed) @@ -2377,6 +2380,7 @@ tls10PRF(uchar *buf, int nbuf, uchar *key, int nkey, char *label, uchar *seed, i int nlabel = strlen(label); int n = (nkey + 1) >> 1; + memset(buf, 0, nbuf); tlsP(buf, nbuf, key, n, (uchar*)label, nlabel, seed, nseed, hmac_md5, MD5dlen); tlsP(buf, nbuf, key+nkey-n, n, (uchar*)label, nlabel, seed, nseed, @@ -2386,6 +2390,7 @@ tls10PRF(uchar *buf, int nbuf, uchar *key, int nkey, char *label, uchar *seed, i static void tls12PRF(uchar *buf, int nbuf, uchar *key, int nkey, char *label, uchar *seed, int nseed) { + memset(buf, 0, nbuf); tlsP(buf, nbuf, key, nkey, (uchar*)label, strlen(label), seed, nseed, hmac_sha2_256, SHA2_256dlen); } |