ref: 9877596b3dc7b4749077f9150f055a7b4409eca9
parent: 2200f997c1798e54ca1b130b21a2b2a1917eb190
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sun Mar 27 16:28:41 EDT 2022
libsec: fix wrong tls1.0 prf regression The change 0b7161814676a8c001b0b681740c9bee27bc86d2 "libsec: various changes to tls" ... 4. simply prf code... ... broke the TLS1.0 prf function, missing the fact that the prf ouput for sha1 and md5 need to be xored together.
--- a/sys/src/libsec/port/tlshand.c
+++ b/sys/src/libsec/port/tlshand.c
@@ -2342,6 +2342,7 @@
auth_freerpc(rpc);
}
+// buf ^= prf
static void
tlsP(uchar *buf, int nbuf, uchar *key, int nkey, uchar *label, int nlabel, uchar *seed, int nseed,
DigestState* (*x)(uchar*, ulong, uchar*, ulong, uchar*, DigestState*), int xlen)
@@ -2348,7 +2349,7 @@
{uchar ai[SHA2_256dlen], tmp[SHA2_256dlen];
DigestState *s;
- int n;
+ int n, i;
assert(xlen <= sizeof(ai) && xlen <= sizeof(tmp));
// generate a1
@@ -2362,7 +2363,8 @@
n = xlen;
if(n > nbuf)
n = nbuf;
- memmove(buf, tmp, n);
+ for(i = 0; i < n; i++)
+ buf[i] ^= tmp[i];
buf += n;
nbuf -= n;
x(ai, xlen, key, nkey, tmp, nil);
@@ -2370,6 +2372,7 @@
}
}
+
// fill buf with md5(args)^sha1(args)
static void
tls10PRF(uchar *buf, int nbuf, uchar *key, int nkey, char *label, uchar *seed, int nseed)
@@ -2377,6 +2380,7 @@
int nlabel = strlen(label);
int n = (nkey + 1) >> 1;
+ memset(buf, 0, nbuf);
tlsP(buf, nbuf, key, n, (uchar*)label, nlabel, seed, nseed,
hmac_md5, MD5dlen);
tlsP(buf, nbuf, key+nkey-n, n, (uchar*)label, nlabel, seed, nseed,
@@ -2386,6 +2390,7 @@
static void
tls12PRF(uchar *buf, int nbuf, uchar *key, int nkey, char *label, uchar *seed, int nseed)
{+ memset(buf, 0, nbuf);
tlsP(buf, nbuf, key, nkey, (uchar*)label, strlen(label), seed, nseed,
hmac_sha2_256, SHA2_256dlen);
}
--
⑨