From c72ac7c3ef9b3012131e8a4a5d67aa8123364369 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 17 Dec 2013 10:17:08 +0100 Subject: [PATCH] Fix SSLv3 handling of SHA-384 suites Fixes memory corruption, introduced in a5bdfcd (Relax some SHA2 ciphersuite's version requirements) --- include/polarssl/ssl.h | 4 ++-- library/ssl_tls.c | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index fdb27f65a..4b0c5f8bb 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -471,8 +471,8 @@ struct _ssl_transform #if defined(POLARSSL_SSL_PROTO_SSL3) /* Needed only for SSL v3.0 secret */ - unsigned char mac_enc[32]; /*!< SSL v3.0 secret (enc) */ - unsigned char mac_dec[32]; /*!< SSL v3.0 secret (dec) */ + unsigned char mac_enc[48]; /*!< SSL v3.0 secret (enc) */ + unsigned char mac_dec[48]; /*!< SSL v3.0 secret (dec) */ #endif /* POLARSSL_SSL_PROTO_SSL3 */ md_context_t md_ctx_enc; /*!< MAC (encryption) */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c1e3d374f..a903b3e0d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -941,6 +941,8 @@ static void ssl_mac( md_context_t *md_ctx, unsigned char *secret, padlen = 40; else if( md_type == POLARSSL_MD_SHA256 ) padlen = 32; + else if( md_type == POLARSSL_MD_SHA384 ) + padlen = 16; memcpy( header, ctr, 8 ); header[ 8] = (unsigned char) type;