summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortb <>2021-12-09 17:53:29 +0000
committertb <>2021-12-09 17:53:29 +0000
commit781c7fa1451987684b19a0ec5d2c2e7d7b1c6614 (patch)
treee308293853c0a74126fa9f2dbb4ccec97fded2c7
parentc3858ce7e20f4246cf6072ee57ffa016a6f8927c (diff)
downloadopenbsd-781c7fa1451987684b19a0ec5d2c2e7d7b1c6614.tar.gz
openbsd-781c7fa1451987684b19a0ec5d2c2e7d7b1c6614.tar.bz2
openbsd-781c7fa1451987684b19a0ec5d2c2e7d7b1c6614.zip
Convert ssl_srvr.c to opaque EVP_MD_CTX.
ok inoguchi jsing
Diffstat
-rw-r--r--src/lib/libssl/ssl_srvr.c86
1 files changed, 44 insertions, 42 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index e9ea6b141c..665fcc5037 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.127 2021/12/04 14:03:22 jsing Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.128 2021/12/09 17:53:29 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1496,7 +1496,7 @@ ssl3_send_server_key_exchange(SSL *s)
1496 size_t params_len; 1496 size_t params_len;
1497 const EVP_MD *md = NULL; 1497 const EVP_MD *md = NULL;
1498 unsigned long type; 1498 unsigned long type;
1499 EVP_MD_CTX md_ctx; 1499 EVP_MD_CTX *md_ctx = NULL;
1500 EVP_PKEY_CTX *pctx; 1500 EVP_PKEY_CTX *pctx;
1501 EVP_PKEY *pkey; 1501 EVP_PKEY *pkey;
1502 int al; 1502 int al;
@@ -1504,7 +1504,8 @@ ssl3_send_server_key_exchange(SSL *s)
1504 memset(&cbb, 0, sizeof(cbb)); 1504 memset(&cbb, 0, sizeof(cbb));
1505 memset(&cbb_params, 0, sizeof(cbb_params)); 1505 memset(&cbb_params, 0, sizeof(cbb_params));
1506 1506
1507 EVP_MD_CTX_init(&md_ctx); 1507 if ((md_ctx = EVP_MD_CTX_new()) == NULL)
1508 goto err;
1508 1509
1509 if (S3I(s)->hs.state == SSL3_ST_SW_KEY_EXCH_A) { 1510 if (S3I(s)->hs.state == SSL3_ST_SW_KEY_EXCH_A) {
1510 1511
@@ -1552,7 +1553,7 @@ ssl3_send_server_key_exchange(SSL *s)
1552 } 1553 }
1553 } 1554 }
1554 1555
1555 if (!EVP_DigestSignInit(&md_ctx, &pctx, md, NULL, pkey)) { 1556 if (!EVP_DigestSignInit(md_ctx, &pctx, md, NULL, pkey)) {
1556 SSLerror(s, ERR_R_EVP_LIB); 1557 SSLerror(s, ERR_R_EVP_LIB);
1557 goto err; 1558 goto err;
1558 } 1559 }
@@ -1563,21 +1564,21 @@ ssl3_send_server_key_exchange(SSL *s)
1563 SSLerror(s, ERR_R_EVP_LIB); 1564 SSLerror(s, ERR_R_EVP_LIB);
1564 goto err; 1565 goto err;
1565 } 1566 }
1566 if (!EVP_DigestSignUpdate(&md_ctx, s->s3->client_random, 1567 if (!EVP_DigestSignUpdate(md_ctx, s->s3->client_random,
1567 SSL3_RANDOM_SIZE)) { 1568 SSL3_RANDOM_SIZE)) {
1568 SSLerror(s, ERR_R_EVP_LIB); 1569 SSLerror(s, ERR_R_EVP_LIB);
1569 goto err; 1570 goto err;
1570 } 1571 }
1571 if (!EVP_DigestSignUpdate(&md_ctx, s->s3->server_random, 1572 if (!EVP_DigestSignUpdate(md_ctx, s->s3->server_random,
1572 SSL3_RANDOM_SIZE)) { 1573 SSL3_RANDOM_SIZE)) {
1573 SSLerror(s, ERR_R_EVP_LIB); 1574 SSLerror(s, ERR_R_EVP_LIB);
1574 goto err; 1575 goto err;
1575 } 1576 }
1576 if (!EVP_DigestSignUpdate(&md_ctx, params, params_len)) { 1577 if (!EVP_DigestSignUpdate(md_ctx, params, params_len)) {
1577 SSLerror(s, ERR_R_EVP_LIB); 1578 SSLerror(s, ERR_R_EVP_LIB);
1578 goto err; 1579 goto err;
1579 } 1580 }
1580 if (!EVP_DigestSignFinal(&md_ctx, NULL, &signature_len) || 1581 if (!EVP_DigestSignFinal(md_ctx, NULL, &signature_len) ||
1581 !signature_len) { 1582 !signature_len) {
1582 SSLerror(s, ERR_R_EVP_LIB); 1583 SSLerror(s, ERR_R_EVP_LIB);
1583 goto err; 1584 goto err;
@@ -1586,7 +1587,7 @@ ssl3_send_server_key_exchange(SSL *s)
1586 SSLerror(s, ERR_R_MALLOC_FAILURE); 1587 SSLerror(s, ERR_R_MALLOC_FAILURE);
1587 goto err; 1588 goto err;
1588 } 1589 }
1589 if (!EVP_DigestSignFinal(&md_ctx, signature, &signature_len)) { 1590 if (!EVP_DigestSignFinal(md_ctx, signature, &signature_len)) {
1590 SSLerror(s, ERR_R_EVP_LIB); 1591 SSLerror(s, ERR_R_EVP_LIB);
1591 goto err; 1592 goto err;
1592 } 1593 }
@@ -1605,7 +1606,7 @@ ssl3_send_server_key_exchange(SSL *s)
1605 S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_B; 1606 S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_B;
1606 } 1607 }
1607 1608
1608 EVP_MD_CTX_cleanup(&md_ctx); 1609 EVP_MD_CTX_free(md_ctx);
1609 free(params); 1610 free(params);
1610 free(signature); 1611 free(signature);
1611 1612
@@ -1616,7 +1617,7 @@ ssl3_send_server_key_exchange(SSL *s)
1616 err: 1617 err:
1617 CBB_cleanup(&cbb_params); 1618 CBB_cleanup(&cbb_params);
1618 CBB_cleanup(&cbb); 1619 CBB_cleanup(&cbb);
1619 EVP_MD_CTX_cleanup(&md_ctx); 1620 EVP_MD_CTX_free(md_ctx);
1620 free(params); 1621 free(params);
1621 free(signature); 1622 free(signature);
1622 1623
@@ -2061,15 +2062,13 @@ ssl3_get_cert_verify(SSL *s)
2061 uint16_t sigalg_value = SIGALG_NONE; 2062 uint16_t sigalg_value = SIGALG_NONE;
2062 EVP_PKEY *pkey = NULL; 2063 EVP_PKEY *pkey = NULL;
2063 X509 *peer = NULL; 2064 X509 *peer = NULL;
2064 EVP_MD_CTX mctx; 2065 EVP_MD_CTX *mctx = NULL;
2065 int al, verify; 2066 int al, verify;
2066 const unsigned char *hdata; 2067 const unsigned char *hdata;
2067 size_t hdatalen; 2068 size_t hdatalen;
2068 int type = 0; 2069 int type = 0;
2069 int ret; 2070 int ret;
2070 2071
2071 EVP_MD_CTX_init(&mctx);
2072
2073 if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_VRFY_A, 2072 if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
2074 SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH)) <= 0) 2073 SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH)) <= 0)
2075 return ret; 2074 return ret;
@@ -2079,6 +2078,9 @@ ssl3_get_cert_verify(SSL *s)
2079 if (s->internal->init_num < 0) 2078 if (s->internal->init_num < 0)
2080 goto err; 2079 goto err;
2081 2080
2081 if ((mctx = EVP_MD_CTX_new()) == NULL)
2082 goto err;
2083
2082 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); 2084 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
2083 2085
2084 if (s->session->peer != NULL) { 2086 if (s->session->peer != NULL) {
@@ -2149,7 +2151,7 @@ ssl3_get_cert_verify(SSL *s)
2149 al = SSL_AD_INTERNAL_ERROR; 2151 al = SSL_AD_INTERNAL_ERROR;
2150 goto fatal_err; 2152 goto fatal_err;
2151 } 2153 }
2152 if (!EVP_DigestVerifyInit(&mctx, &pctx, sigalg->md(), 2154 if (!EVP_DigestVerifyInit(mctx, &pctx, sigalg->md(),
2153 NULL, pkey)) { 2155 NULL, pkey)) {
2154 SSLerror(s, ERR_R_EVP_LIB); 2156 SSLerror(s, ERR_R_EVP_LIB);
2155 al = SSL_AD_INTERNAL_ERROR; 2157 al = SSL_AD_INTERNAL_ERROR;
@@ -2169,12 +2171,12 @@ ssl3_get_cert_verify(SSL *s)
2169 al = SSL_AD_INTERNAL_ERROR; 2171 al = SSL_AD_INTERNAL_ERROR;
2170 goto fatal_err; 2172 goto fatal_err;
2171 } 2173 }
2172 if (!EVP_DigestVerifyUpdate(&mctx, hdata, hdatalen)) { 2174 if (!EVP_DigestVerifyUpdate(mctx, hdata, hdatalen)) {
2173 SSLerror(s, ERR_R_EVP_LIB); 2175 SSLerror(s, ERR_R_EVP_LIB);
2174 al = SSL_AD_INTERNAL_ERROR; 2176 al = SSL_AD_INTERNAL_ERROR;
2175 goto fatal_err; 2177 goto fatal_err;
2176 } 2178 }
2177 if (EVP_DigestVerifyFinal(&mctx, CBS_data(&signature), 2179 if (EVP_DigestVerifyFinal(mctx, CBS_data(&signature),
2178 CBS_len(&signature)) <= 0) { 2180 CBS_len(&signature)) <= 0) {
2179 al = SSL_AD_DECRYPT_ERROR; 2181 al = SSL_AD_DECRYPT_ERROR;
2180 SSLerror(s, SSL_R_BAD_SIGNATURE); 2182 SSLerror(s, SSL_R_BAD_SIGNATURE);
@@ -2243,9 +2245,9 @@ ssl3_get_cert_verify(SSL *s)
2243 al = SSL_AD_INTERNAL_ERROR; 2245 al = SSL_AD_INTERNAL_ERROR;
2244 goto fatal_err; 2246 goto fatal_err;
2245 } 2247 }
2246 if (!EVP_DigestInit_ex(&mctx, md, NULL) || 2248 if (!EVP_DigestInit_ex(mctx, md, NULL) ||
2247 !EVP_DigestUpdate(&mctx, hdata, hdatalen) || 2249 !EVP_DigestUpdate(mctx, hdata, hdatalen) ||
2248 !EVP_DigestFinal(&mctx, sigbuf, &siglen) || 2250 !EVP_DigestFinal(mctx, sigbuf, &siglen) ||
2249 (EVP_PKEY_verify_init(pctx) <= 0) || 2251 (EVP_PKEY_verify_init(pctx) <= 0) ||
2250 (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) || 2252 (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) ||
2251 (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY, 2253 (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
@@ -2283,7 +2285,7 @@ ssl3_get_cert_verify(SSL *s)
2283 end: 2285 end:
2284 tls1_transcript_free(s); 2286 tls1_transcript_free(s);
2285 err: 2287 err:
2286 EVP_MD_CTX_cleanup(&mctx); 2288 EVP_MD_CTX_free(mctx);
2287 EVP_PKEY_free(pkey); 2289 EVP_PKEY_free(pkey);
2288 return (ret); 2290 return (ret);
2289} 2291}
@@ -2484,16 +2486,18 @@ ssl3_send_newsession_ticket(SSL *s)
2484 unsigned char key_name[16]; 2486 unsigned char key_name[16];
2485 unsigned char *hmac; 2487 unsigned char *hmac;
2486 unsigned int hlen; 2488 unsigned int hlen;
2487 EVP_CIPHER_CTX ctx; 2489 EVP_CIPHER_CTX *ctx = NULL;
2488 HMAC_CTX hctx; 2490 HMAC_CTX *hctx = NULL;
2489 int len; 2491 int len;
2490 2492
2491 /* 2493 /*
2492 * New Session Ticket - RFC 5077, section 3.3. 2494 * New Session Ticket - RFC 5077, section 3.3.
2493 */ 2495 */
2494 2496
2495 EVP_CIPHER_CTX_init(&ctx); 2497 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
2496 HMAC_CTX_init(&hctx); 2498 goto err;
2499 if ((hctx = HMAC_CTX_new()) == NULL)
2500 goto err;
2497 2501
2498 memset(&cbb, 0, sizeof(cbb)); 2502 memset(&cbb, 0, sizeof(cbb));
2499 2503
@@ -2514,15 +2518,13 @@ ssl3_send_newsession_ticket(SSL *s)
2514 */ 2518 */
2515 if (tctx->internal->tlsext_ticket_key_cb != NULL) { 2519 if (tctx->internal->tlsext_ticket_key_cb != NULL) {
2516 if (tctx->internal->tlsext_ticket_key_cb(s, 2520 if (tctx->internal->tlsext_ticket_key_cb(s,
2517 key_name, iv, &ctx, &hctx, 1) < 0) { 2521 key_name, iv, ctx, hctx, 1) < 0)
2518 EVP_CIPHER_CTX_cleanup(&ctx);
2519 goto err; 2522 goto err;
2520 }
2521 } else { 2523 } else {
2522 arc4random_buf(iv, 16); 2524 arc4random_buf(iv, 16);
2523 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, 2525 EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
2524 tctx->internal->tlsext_tick_aes_key, iv); 2526 tctx->internal->tlsext_tick_aes_key, iv);
2525 HMAC_Init_ex(&hctx, tctx->internal->tlsext_tick_hmac_key, 2527 HMAC_Init_ex(hctx, tctx->internal->tlsext_tick_hmac_key,
2526 16, EVP_sha256(), NULL); 2528 16, EVP_sha256(), NULL);
2527 memcpy(key_name, tctx->internal->tlsext_tick_key_name, 16); 2529 memcpy(key_name, tctx->internal->tlsext_tick_key_name, 16);
2528 } 2530 }
@@ -2532,11 +2534,11 @@ ssl3_send_newsession_ticket(SSL *s)
2532 if ((enc_session = calloc(1, enc_session_max_len)) == NULL) 2534 if ((enc_session = calloc(1, enc_session_max_len)) == NULL)
2533 goto err; 2535 goto err;
2534 enc_session_len = 0; 2536 enc_session_len = 0;
2535 if (!EVP_EncryptUpdate(&ctx, enc_session, &len, session, 2537 if (!EVP_EncryptUpdate(ctx, enc_session, &len, session,
2536 session_len)) 2538 session_len))
2537 goto err; 2539 goto err;
2538 enc_session_len += len; 2540 enc_session_len += len;
2539 if (!EVP_EncryptFinal_ex(&ctx, enc_session + enc_session_len, 2541 if (!EVP_EncryptFinal_ex(ctx, enc_session + enc_session_len,
2540 &len)) 2542 &len))
2541 goto err; 2543 goto err;
2542 enc_session_len += len; 2544 enc_session_len += len;
@@ -2545,14 +2547,14 @@ ssl3_send_newsession_ticket(SSL *s)
2545 goto err; 2547 goto err;
2546 2548
2547 /* Generate the HMAC. */ 2549 /* Generate the HMAC. */
2548 if (!HMAC_Update(&hctx, key_name, sizeof(key_name))) 2550 if (!HMAC_Update(hctx, key_name, sizeof(key_name)))
2549 goto err; 2551 goto err;
2550 if (!HMAC_Update(&hctx, iv, EVP_CIPHER_CTX_iv_length(&ctx))) 2552 if (!HMAC_Update(hctx, iv, EVP_CIPHER_CTX_iv_length(ctx)))
2551 goto err; 2553 goto err;
2552 if (!HMAC_Update(&hctx, enc_session, enc_session_len)) 2554 if (!HMAC_Update(hctx, enc_session, enc_session_len))
2553 goto err; 2555 goto err;
2554 2556
2555 if ((hmac_len = HMAC_size(&hctx)) <= 0) 2557 if ((hmac_len = HMAC_size(hctx)) <= 0)
2556 goto err; 2558 goto err;
2557 2559
2558 /* 2560 /*
@@ -2569,14 +2571,14 @@ ssl3_send_newsession_ticket(SSL *s)
2569 goto err; 2571 goto err;
2570 if (!CBB_add_bytes(&ticket, key_name, sizeof(key_name))) 2572 if (!CBB_add_bytes(&ticket, key_name, sizeof(key_name)))
2571 goto err; 2573 goto err;
2572 if (!CBB_add_bytes(&ticket, iv, EVP_CIPHER_CTX_iv_length(&ctx))) 2574 if (!CBB_add_bytes(&ticket, iv, EVP_CIPHER_CTX_iv_length(ctx)))
2573 goto err; 2575 goto err;
2574 if (!CBB_add_bytes(&ticket, enc_session, enc_session_len)) 2576 if (!CBB_add_bytes(&ticket, enc_session, enc_session_len))
2575 goto err; 2577 goto err;
2576 if (!CBB_add_space(&ticket, &hmac, hmac_len)) 2578 if (!CBB_add_space(&ticket, &hmac, hmac_len))
2577 goto err; 2579 goto err;
2578 2580
2579 if (!HMAC_Final(&hctx, hmac, &hlen)) 2581 if (!HMAC_Final(hctx, hmac, &hlen))
2580 goto err; 2582 goto err;
2581 if (hlen != hmac_len) 2583 if (hlen != hmac_len)
2582 goto err; 2584 goto err;
@@ -2587,8 +2589,8 @@ ssl3_send_newsession_ticket(SSL *s)
2587 S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_B; 2589 S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_B;
2588 } 2590 }
2589 2591
2590 EVP_CIPHER_CTX_cleanup(&ctx); 2592 EVP_CIPHER_CTX_free(ctx);
2591 HMAC_CTX_cleanup(&hctx); 2593 HMAC_CTX_free(hctx);
2592 freezero(session, session_len); 2594 freezero(session, session_len);
2593 free(enc_session); 2595 free(enc_session);
2594 2596
@@ -2597,8 +2599,8 @@ ssl3_send_newsession_ticket(SSL *s)
2597 2599
2598 err: 2600 err:
2599 CBB_cleanup(&cbb); 2601 CBB_cleanup(&cbb);
2600 EVP_CIPHER_CTX_cleanup(&ctx); 2602 EVP_CIPHER_CTX_free(ctx);
2601 HMAC_CTX_cleanup(&hctx); 2603 HMAC_CTX_free(hctx);
2602 freezero(session, session_len); 2604 freezero(session, session_len);
2603 free(enc_session); 2605 free(enc_session);
2604 2606
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 23:42:59 +0000