psk_client_callback, 128-byte id bug.
Fix a bug in handling of 128 byte long PSK identity in
psk_client_callback.
OpenSSL supports PSK identities of up to (and including) 128 bytes in
length. PSK identity is obtained via the psk_client_callback,
implementors of which are expected to provide a NULL-terminated
identity. However, the callback is invoked with only 128 bytes of
storage thus making it impossible to return a 128 byte long identity and
the required additional NULL byte.
This CL fixes the issue by passing in a 129 byte long buffer into the
psk_client_callback. As a safety precaution, this CL also zeroes out the
buffer before passing it into the callback, uses strnlen for obtaining
the length of the identity returned by the callback, and aborts the
handshake if the identity (without the NULL terminator) is longer than
128 bytes.
diff --git a/crypto/mem.c b/crypto/mem.c
index 8a8482c..c2fd5fc 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -123,6 +123,18 @@
char *OPENSSL_strdup(const char *s) { return strdup(s); }
+size_t OPENSSL_strnlen(const char *s, size_t len) {
+ size_t i;
+
+ for (i = 0; i < len; i++) {
+ if (s[i] == 0) {
+ return i;
+ }
+ }
+
+ return len;
+}
+
int BIO_snprintf(char *buf, size_t n, const char *format, ...) {
va_list args;
int ret;
diff --git a/crypto/mem.h b/crypto/mem.h
index 134fef8..1a7effd 100644
--- a/crypto/mem.h
+++ b/crypto/mem.h
@@ -97,6 +97,9 @@
/* OPENSSL_strdup has the same behaviour as strdup(3). */
char *OPENSSL_strdup(const char *s);
+/* OPENSSL_strnlen has the same behaviour as strnlen(3). */
+size_t OPENSSL_strnlen(const char *s, size_t len);
+
/* DECIMAL_SIZE returns an upper bound for the length of the decimal
* representation of the given type. */
#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 4bc2380..e235863 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2294,7 +2294,8 @@
#ifndef OPENSSL_NO_PSK
if (alg_a & SSL_aPSK)
{
- char identity[PSK_MAX_IDENTITY_LEN];
+ char identity[PSK_MAX_IDENTITY_LEN + 1];
+ size_t identity_len;
unsigned char *t = NULL;
unsigned char pre_ms[PSK_MAX_PSK_LEN*2+4];
unsigned int pre_ms_len = 0;
@@ -2307,8 +2308,9 @@
goto err;
}
+ memset(identity, 0, sizeof(identity));
psk_len = s->psk_client_callback(s, s->session->psk_identity_hint,
- identity, PSK_MAX_IDENTITY_LEN, psk, sizeof(psk));
+ identity, sizeof(identity), psk, sizeof(psk));
if (psk_len > PSK_MAX_PSK_LEN)
{
OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, ERR_R_INTERNAL_ERROR);
@@ -2319,6 +2321,12 @@
OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, SSL_R_PSK_IDENTITY_NOT_FOUND);
goto psk_err;
}
+ identity_len = OPENSSL_strnlen(identity, sizeof(identity));
+ if (identity_len > PSK_MAX_IDENTITY_LEN)
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, ERR_R_INTERNAL_ERROR);
+ goto psk_err;
+ }
if (!(alg_k & SSL_kEECDH))
{
@@ -2335,10 +2343,9 @@
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
pre_ms, pre_ms_len);
- n = strlen(identity);
- s2n(n, p);
- memcpy(p, identity, n);
- n += 2;
+ s2n(identity_len, p);
+ memcpy(p, identity, identity_len);
+ n = 2 + identity_len;
}
if (s->session->psk_identity != NULL)
