ref: 15e68cc285cf082696ab68faa16f4662f50306c1
parent: d60c87d4600665582676ce3f39eb492e835f9e1b
author: cinap_lenrek <[email protected]>
date: Sun Apr 2 22:49:08 EDT 2017
tlshand: fix ECDHE and DHE for SSLv3 (from 9front)
--- a/libsec/tlshand.c
+++ b/libsec/tlshand.c
@@ -1401,12 +1401,10 @@
if(m->u.clientKeyExchange.key == nil)
break;
n = m->u.clientKeyExchange.key->len;
- if(c->version != SSL3Version){
- if(isECDHE(c->cipher))
- *p++ = n;
- else
- put16(p, n), p += 2;
- }
+ if(isECDHE(c->cipher))
+ *p++ = n;
+ else if(isDHE(c->cipher) || c->version != SSL3Version)
+ put16(p, n), p += 2;
memmove(p, m->u.clientKeyExchange.key->data, n);
p += n;
break;
@@ -1785,18 +1783,14 @@
if(n == 0)
break;
}
- if(c->version == SSL3Version)
+ if(n < 2)
+ goto Short;
+ if(isECDHE(c->cipher))
+ nn = *p++, n--;
+ else if(isDHE(c->cipher) || c->version != SSL3Version)
+ nn = get16(p), p += 2, n -= 2;
+ else
nn = n;
- else{
- if(n < 2)
- goto Short;
- if(isECDHE(c->cipher))
- nn = *p++, n--;
- else {
- nn = get16(p);
- p += 2, n -= 2;
- }
- }
if(n < nn)
goto Short;
m->u.clientKeyExchange.key = makebytes(p, nn);