mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-11 14:22:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
b0bbe49360
openssl/ssl
History
Adam Langley be0d851732 psk_client_callback, 128-byte id bug. 
Fix a bug in handling of 128 byte long PSK identity in
psk_client_callback.

OpenSSL supports PSK identities of up to (and including) 128 bytes in
length. PSK identity is obtained via the psk_client_callback,
implementors of which are expected to provide a NULL-terminated
identity. However, the callback is invoked with only 128 bytes of
storage thus making it impossible to return a 128 byte long identity and
the required additional NULL byte.

This CL fixes the issue by passing in a 129 byte long buffer into the
psk_client_callback. As a safety precaution, this CL also zeroes out the
buffer before passing it into the callback, uses strnlen for obtaining
the length of the identity returned by the callback, and aborts the
handshake if the identity (without the NULL terminator) is longer than
128 bytes.

(Original patch amended to achieve strnlen in a different way.)

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-05 12:21:44 +02:00
..
.cvsignore
bio_ssl.c
d1_both.c RT1815: More const'ness improvements 2014-08-18 11:49:16 -04:00
d1_clnt.c
d1_enc.c
d1_lib.c Constification - mostly originally from Chromium. 2014-06-29 21:05:23 +01:00
d1_meth.c
d1_pkt.c RT3023: Redundant logical expressions 2014-08-15 10:45:00 -04:00
d1_srtp.c
d1_srvr.c Fix DTLS certificate requesting code. 2014-07-15 18:23:13 +01:00
dtls1.h
heartbeat_test.c Add conditional unit testing interface. 2014-07-24 19:41:29 +01:00
install-ssl.com
kssl_lcl.h
kssl.c RT2848: Remove extra NULL check 2014-08-19 12:43:58 -04:00
kssl.h Fix for WIN32 builds with KRB5 2014-02-26 15:33:11 +00:00
Makefile Custom extension revision. 2014-08-28 17:06:52 +01:00
s2_clnt.c Security framework. 2014-03-28 14:56:30 +00:00
s2_enc.c
s2_lib.c Update strength_bits for 3DES. 2014-06-09 12:09:52 +01:00
s2_meth.c
s2_pkt.c
s2_srvr.c Security framework. 2014-03-28 14:56:30 +00:00
s3_both.c Security framework. 2014-03-28 14:56:30 +00:00
s3_cbc.c Constant-time utilities 2014-08-28 15:48:45 +02:00
s3_clnt.c psk_client_callback, 128-byte id bug. 2014-09-05 12:21:44 +02:00
s3_enc.c RT1815: More const'ness improvements 2014-08-18 11:49:16 -04:00
s3_lib.c Remove serverinfo checks. 2014-08-28 17:06:53 +01:00
s3_meth.c
s3_pkt.c RT 3060: amend patch 2014-08-22 15:35:42 +02:00
s3_srvr.c Fix SRP authentication ciphersuites. 2014-08-09 13:21:30 +01:00
s23_clnt.c Custom extension revision. 2014-08-28 17:06:52 +01:00
s23_lib.c Don't advertise ECC ciphersuits in SSLv2 compatible client hello. 2014-06-27 16:51:26 +01:00
s23_meth.c
s23_pkt.c
s23_srvr.c Fix protocol downgrade bug in case of fragmented packets 2014-08-06 20:36:40 +01:00
srtp.h RT2724: Remove extra declaration 2014-08-19 09:38:43 -04:00
ssl2.h
ssl3.h Remove serverinfo checks. 2014-08-28 17:06:53 +01:00
ssl23.h
ssl_algs.c
ssl_asn1.c fix coverity issue 966597 - error line is not always initialised 2014-05-07 23:54:25 +01:00
ssl_cert.c Custom extension revision. 2014-08-28 17:06:52 +01:00
ssl_ciph.c RT1815: More const'ness improvements 2014-08-18 11:49:16 -04:00
ssl_conf.c Add -no_resumption_on_reneg to SSL_CONF. 2014-03-27 16:12:40 +00:00
ssl_err2.c
ssl_err.c RT 3060: amend patch 2014-08-22 15:35:42 +02:00
ssl_lib.c Custom extension revision. 2014-08-28 17:06:52 +01:00
ssl_locl.h New extension callback features. 2014-08-28 17:06:53 +01:00
ssl_rsa.c Rename some callbacks, fix alignment. 2014-08-28 17:06:53 +01:00
ssl_sess.c
ssl_stat.c Remove all RFC5878 code. 2014-07-04 13:26:35 +01:00
ssl_task.c
ssl_txt.c Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352 2014-05-24 00:02:24 +01:00
ssl_utst.c Add conditional unit testing interface. 2014-07-24 19:41:29 +01:00
ssl-lib.com
ssl.h Rename some callbacks, fix alignment. 2014-08-28 17:06:53 +01:00
ssltest.c Fix comments, add new test. 2014-08-28 17:06:53 +01:00
t1_clnt.c
t1_enc.c RT 1528; misleading debug print, "pre-master" should be "master key" 2014-07-01 13:22:38 -04:00
t1_ext.c Rename some callbacks, fix alignment. 2014-08-28 17:06:53 +01:00
t1_lib.c New extension callback features. 2014-08-28 17:06:53 +01:00
t1_meth.c
t1_reneg.c
t1_srvr.c
t1_trce.c Adding padding extension to trace code. 2014-05-20 11:09:04 +01:00
tls1.h Add support for Camellia HMAC-Based cipher suites from RFC6367 2014-08-15 23:41:20 +01:00
tls_srp.c Check SRP parameters early. 2014-08-06 20:36:41 +01:00