shithub: drawterm

Download patch

ref: 15e68cc285cf082696ab68faa16f4662f50306c1
parent: d60c87d4600665582676ce3f39eb492e835f9e1b
author: cinap_lenrek <[email protected]>
date: Sun Apr 2 22:49:08 EDT 2017

tlshand: fix ECDHE and DHE for SSLv3 (from 9front)

--- a/libsec/tlshand.c
+++ b/libsec/tlshand.c
@@ -1401,12 +1401,10 @@
 		if(m->u.clientKeyExchange.key == nil)
 			break;
 		n = m->u.clientKeyExchange.key->len;
-		if(c->version != SSL3Version){
-			if(isECDHE(c->cipher))
-				*p++ = n;
-			else
-				put16(p, n), p += 2;
-		}
+		if(isECDHE(c->cipher))
+			*p++ = n;
+		else if(isDHE(c->cipher) || c->version != SSL3Version)
+			put16(p, n), p += 2;
 		memmove(p, m->u.clientKeyExchange.key->data, n);
 		p += n;
 		break;
@@ -1785,18 +1783,14 @@
 			if(n == 0)
 				break;
 		}
-		if(c->version == SSL3Version)
+		if(n < 2)
+			goto Short;
+		if(isECDHE(c->cipher))
+			nn = *p++, n--;
+		else if(isDHE(c->cipher) || c->version != SSL3Version)
+			nn = get16(p), p += 2, n -= 2;
+		else
 			nn = n;
-		else{
-			if(n < 2)
-				goto Short;
-			if(isECDHE(c->cipher))
-				nn = *p++, n--;
-			else {
-				nn = get16(p);
-				p += 2, n -= 2;
-			}
-		}
 		if(n < nn)
 			goto Short;
 		m->u.clientKeyExchange.key = makebytes(p, nn);