aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPéter Dimitrov <[email protected]>2018-12-03 15:24:07 +0100
committerPéter Dimitrov <[email protected]>2019-01-08 15:39:04 +0100
commit754685293582e9998e23c7cd6010941ce690eae7 (patch)
tree7f9b8c53f65bcc99418bb5fcfa974c5a0929e0d7
parentf0ea49125815ec9197ffb6c74e20ebb5f10732d4 (diff)
downloadotp-754685293582e9998e23c7cd6010941ce690eae7.tar.gz
otp-754685293582e9998e23c7cd6010941ce690eae7.tar.bz2
otp-754685293582e9998e23c7cd6010941ce690eae7.zip
ssl: Fix encoding/decoding of the SRP extension
The encoded value of the SRP extension length was bigger than the actual length of the extension. This could cause interoperability problems with third party SSL implementations. This commit corrects the encoding and decoding of the SRP extension length. Change-Id: I78d118faab7f5d02b755a7d1e2e8561b86f5a15c
-rw-r--r--lib/ssl/src/ssl_handshake.erl4
-rw-r--r--lib/ssl/test/ssl_handshake_SUITE.erl29
2 files changed, 30 insertions, 3 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 14df1d2e02..be0b241017 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -610,7 +610,7 @@ encode_hello_extensions([#ec_point_formats{ec_point_format_list = ECPointFormats
?UINT16(Len), ?BYTE(ListLen), ECPointFormatList/binary, Acc/binary>>);
encode_hello_extensions([#srp{username = UserName} | Rest], Acc) ->
SRPLen = byte_size(UserName),
- Len = SRPLen + 2,
+ Len = SRPLen + 1,
encode_hello_extensions(Rest, <<?UINT16(?SRP_EXT), ?UINT16(Len), ?BYTE(SRPLen),
UserName/binary, Acc/binary>>);
encode_hello_extensions([#hash_sign_algos{hash_sign_algos = HashSignAlgos} | Rest], Acc) ->
@@ -1941,7 +1941,7 @@ dec_hello_extensions(<<?UINT16(?RENEGOTIATION_EXT), ?UINT16(Len), Info:Len/binar
RenegotiateInfo}});
dec_hello_extensions(<<?UINT16(?SRP_EXT), ?UINT16(Len), ?BYTE(SRPLen), SRP:SRPLen/binary, Rest/binary>>, Acc)
- when Len == SRPLen + 2 ->
+ when Len == SRPLen + 1 ->
dec_hello_extensions(Rest, Acc#hello_extensions{srp = #srp{username = SRP}});
dec_hello_extensions(<<?UINT16(?SIGNATURE_ALGORITHMS_EXT), ?UINT16(Len),
diff --git a/lib/ssl/test/ssl_handshake_SUITE.erl b/lib/ssl/test/ssl_handshake_SUITE.erl
index b8b9989d30..1fa6029963 100644
--- a/lib/ssl/test/ssl_handshake_SUITE.erl
+++ b/lib/ssl/test/ssl_handshake_SUITE.erl
@@ -25,6 +25,7 @@
-compile(export_all).
-include_lib("common_test/include/ct.hrl").
+-include("ssl_handshake.hrl").
-include("ssl_internal.hrl").
-include("tls_handshake.hrl").
-include_lib("public_key/include/public_key.hrl").
@@ -41,7 +42,8 @@ all() -> [decode_hello_handshake,
decode_empty_server_sni_correctly,
select_proper_tls_1_2_rsa_default_hashsign,
ignore_hassign_extension_pre_tls_1_2,
- unorded_chain].
+ unorded_chain,
+ encode_decode_srp].
%%--------------------------------------------------------------------
init_per_suite(Config) ->
@@ -192,6 +194,31 @@ unorded_chain(Config) when is_list(Config) ->
{ok, _, OrderedChain} =
ssl_certificate:certificate_chain(PeerCert, ets:new(foo, []), ExtractedCerts, UnordedChain).
+encode_decode_srp(_Config) ->
+ Exts = #hello_extensions{
+ srp = #srp{username = <<"foo">>},
+ sni = #sni{hostname = "bar"},
+ renegotiation_info = undefined,
+ signature_algs = undefined,
+ alpn = undefined,
+ next_protocol_negotiation = undefined,
+ ec_point_formats = undefined,
+ elliptic_curves = undefined
+ },
+ EncodedExts = <<0,20, % Length
+ 0,0, % SNI extension
+ 0,8, % Length
+ 0,6, % ServerNameLength
+ 0, % NameType (host_name)
+ 0,3, % HostNameLength
+ 98,97,114, % hostname = "bar"
+ 0,12, % SRP extension
+ 0,4, % Length
+ 3, % srp_I length
+ 102,111,111>>, % username = "foo"
+ EncodedExts = ssl_handshake:encode_hello_extensions(Exts),
+ Exts = ssl_handshake:decode_hello_extensions({client, EncodedExts}).
+
%%--------------------------------------------------------------------
%% Internal functions ------------------------------------------------