commit 491956c8668a4a5da13120212a10b0c3183dec63
author David Benjamin <davidben@chromium.org> Mon Oct 27 02:20:16 2014 -0400
committer Adam Langley <agl@google.com> Wed Oct 29 20:32:45 2014 +0000
tree 1969b8c13842470d8ce69d3a3a184453cf944c96
parent 48cae085630e85095740e23ccdffc55f29a8a60a

Fix ECDHE_PSK key exchange.

The current implementation switches the order of other_secret and psk;
other_secret is first. Fix it and rewrite with CBB instead. The server half got
fixed on accident in a prior refactor.

Change-Id: Ib52a756aadd66e4bf22c66794447f71f4772da09
Reviewed-on: https://boringssl-review.googlesource.com/2052
Reviewed-by: Adam Langley <agl@google.com>

ssl/s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 0321fd1..15684a6 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2192,23 +2192,23 @@
 			/* ECDHE PSK ciphersuites from RFC 5489 */
 			if ((alg_a & SSL_aPSK) && psk_len != 0)
 				{
-				uint8_t *t;
+				CBB cbb, child;
 
-				pms_len = 2+psk_len+2+n;
-				pms = OPENSSL_malloc(pms_len);
-				if (pms == NULL)
+				if (!CBB_init(&cbb, 2+psk_len+2+n))
 					{
 					OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, ERR_R_MALLOC_FAILURE);
 					goto err;
 					}
-
-				t = pms;
-				memset(t, 0, pms_len);
-				s2n(psk_len, t);
-				memcpy(t, psk, psk_len);
-				t += psk_len;
-				s2n(n, t);
-				memcpy(t, p, n);
+				if (!CBB_add_u16_length_prefixed(&cbb, &child) ||
+					!CBB_add_bytes(&child, p, n) ||
+					!CBB_add_u16_length_prefixed(&cbb, &child) ||
+					!CBB_add_bytes(&child, psk, psk_len) ||
+					!CBB_finish(&cbb, &pms, &pms_len))
+					{
+					CBB_cleanup(&cbb);
+					OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, ERR_R_INTERNAL_ERROR);
+					goto err;
+					}
 				}
 			if (!(alg_a & SSL_aPSK))
 				{