shithub: drawterm-fdroid

Download patch

ref: 1361c96b22e5d09a99d4fbfac1df1cb8cf23551d
parent: 600869ad4163b0bafed7ff9ebedefeee8fcc7116
author: cinap_lenrek <[email protected]>
date: Sun Mar 27 16:37:10 EDT 2022

libsec: fix wrong tls1.0 prf regression

The 9front change 775a4bea4386c12067057de0e56dd8baa34f43ec
"libsec: various changes to tls"
...
4. simply prf code...

... broke the TLS1.0 prf function, missing the fact
that the prf ouput for sha1 and md5 need to be
xored together.

--- a/libsec/tlshand.c
+++ b/libsec/tlshand.c
@@ -2346,6 +2346,7 @@
 	auth_freerpc(rpc);
 }
 
+// buf ^= prf
 static void
 tlsP(uchar *buf, int nbuf, uchar *key, int nkey, uchar *label, int nlabel, uchar *seed, int nseed,
 	DigestState* (*x)(uchar*, ulong, uchar*, ulong, uchar*, DigestState*), int xlen)
@@ -2352,7 +2353,7 @@
 {
 	uchar ai[SHA2_256dlen], tmp[SHA2_256dlen];
 	DigestState *s;
-	int n;
+	int n, i;
 
 	assert(xlen <= sizeof(ai) && xlen <= sizeof(tmp));
 	// generate a1
@@ -2366,7 +2367,8 @@
 		n = xlen;
 		if(n > nbuf)
 			n = nbuf;
-		memmove(buf, tmp, n);
+		for(i = 0; i < n; i++)
+			buf[i] ^= tmp[i];
 		buf += n;
 		nbuf -= n;
 		x(ai, xlen, key, nkey, tmp, nil);
@@ -2374,6 +2376,7 @@
 	}
 }
 
+
 // fill buf with md5(args)^sha1(args)
 static void
 tls10PRF(uchar *buf, int nbuf, uchar *key, int nkey, char *label, uchar *seed, int nseed)
@@ -2381,6 +2384,7 @@
 	int nlabel = strlen(label);
 	int n = (nkey + 1) >> 1;
 
+	memset(buf, 0, nbuf);
 	tlsP(buf, nbuf, key, n, (uchar*)label, nlabel, seed, nseed,
 		hmac_md5, MD5dlen);
 	tlsP(buf, nbuf, key+nkey-n, n, (uchar*)label, nlabel, seed, nseed,
@@ -2390,6 +2394,7 @@
 static void
 tls12PRF(uchar *buf, int nbuf, uchar *key, int nkey, char *label, uchar *seed, int nseed)
 {
+	memset(buf, 0, nbuf);
 	tlsP(buf, nbuf, key, nkey, (uchar*)label, strlen(label), seed, nseed,
 		hmac_sha2_256, SHA2_256dlen);
 }