summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2019-04-22 16:03:54 +0000
committerjsing <>2019-04-22 16:03:54 +0000
commite9d90e49492029ba1aa3e87e920475ddc0aeb803 (patch)
tree4db4def5e409d4e69e04548641981818f8ba249d
parentd01f36627de39df35d37b5b5eb0190e03796fb4b (diff)
downloadopenbsd-e9d90e49492029ba1aa3e87e920475ddc0aeb803.tar.gz
openbsd-e9d90e49492029ba1aa3e87e920475ddc0aeb803.tar.bz2
openbsd-e9d90e49492029ba1aa3e87e920475ddc0aeb803.zip
Provide a derr label (decode/decrypt error) in tls1_decrypt_ticket().
This handles the ret = 2 case and makes the code more readable. ok tb@
Diffstat
-rw-r--r--src/lib/libssl/t1_lib.c70
1 files changed, 29 insertions, 41 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 6af6d77edd..d21e6ef646 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.159 2019/04/22 15:12:20 jsing Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.160 2019/04/22 16:03:54 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -896,10 +896,8 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, const unsigned char *etick,
896 * required for a session cookie is never less than this, 896 * required for a session cookie is never less than this,
897 * this check isn't too strict. The exact check comes later. 897 * this check isn't too strict. The exact check comes later.
898 */ 898 */
899 if (eticklen < 16 + EVP_MAX_IV_LENGTH) { 899 if (eticklen < 16 + EVP_MAX_IV_LENGTH)
900 ret = 2; 900 goto derr;
901 goto done;
902 }
903 901
904 /* Initialize session ticket encryption and HMAC contexts */ 902 /* Initialize session ticket encryption and HMAC contexts */
905 if (tctx->internal->tlsext_ticket_key_cb) { 903 if (tctx->internal->tlsext_ticket_key_cb) {
@@ -908,19 +906,15 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, const unsigned char *etick,
908 nctick, nctick + 16, &ctx, &hctx, 0); 906 nctick, nctick + 16, &ctx, &hctx, 0);
909 if (rv < 0) 907 if (rv < 0)
910 goto err; 908 goto err;
911 if (rv == 0) { 909 if (rv == 0)
912 ret = 2; 910 goto derr;
913 goto done;
914 }
915 if (rv == 2) 911 if (rv == 2)
916 renew_ticket = 1; 912 renew_ticket = 1;
917 } else { 913 } else {
918 /* Check key name matches */ 914 /* Check key name matches */
919 if (timingsafe_memcmp(etick, 915 if (timingsafe_memcmp(etick,
920 tctx->internal->tlsext_tick_key_name, 16)) { 916 tctx->internal->tlsext_tick_key_name, 16))
921 ret = 2; 917 goto derr;
922 goto done;
923 }
924 HMAC_Init_ex(&hctx, tctx->internal->tlsext_tick_hmac_key, 918 HMAC_Init_ex(&hctx, tctx->internal->tlsext_tick_hmac_key,
925 16, EVP_sha256(), NULL); 919 16, EVP_sha256(), NULL);
926 EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, 920 EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
@@ -936,10 +930,8 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, const unsigned char *etick,
936 goto err; 930 goto err;
937 931
938 /* Sanity check ticket length: must exceed keyname + IV + HMAC */ 932 /* Sanity check ticket length: must exceed keyname + IV + HMAC */
939 if (eticklen <= 16 + EVP_CIPHER_CTX_iv_length(&ctx) + mlen) { 933 if (eticklen <= 16 + EVP_CIPHER_CTX_iv_length(&ctx) + mlen)
940 ret = 2; 934 goto derr;
941 goto done;
942 }
943 eticklen -= mlen; 935 eticklen -= mlen;
944 936
945 /* Check HMAC of encrypted ticket */ 937 /* Check HMAC of encrypted ticket */
@@ -947,38 +939,29 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, const unsigned char *etick,
947 HMAC_Final(&hctx, tick_hmac, NULL) <= 0) 939 HMAC_Final(&hctx, tick_hmac, NULL) <= 0)
948 goto err; 940 goto err;
949 941
950 if (timingsafe_memcmp(tick_hmac, etick + eticklen, mlen)) { 942 if (timingsafe_memcmp(tick_hmac, etick + eticklen, mlen))
951 ret = 2; 943 goto derr;
952 goto done;
953 }
954 944
955 /* Attempt to decrypt session data */ 945 /* Attempt to decrypt session data */
956 /* Move p after IV to start of encrypted ticket, update length */ 946 /* Move p after IV to start of encrypted ticket, update length */
957 p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); 947 p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
958 eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); 948 eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
959 if ((sdec = malloc(eticklen)) == NULL) { 949 if ((sdec = malloc(eticklen)) == NULL)
960 ret = -1; 950 goto err;
961 goto done; 951 if (EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0)
962 } 952 goto derr;
963 if (EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) { 953 if (EVP_DecryptFinal_ex(&ctx, sdec + slen, &mlen) <= 0)
964 ret = 2; 954 goto derr;
965 goto done; 955
966 }
967 if (EVP_DecryptFinal_ex(&ctx, sdec + slen, &mlen) <= 0) {
968 ret = 2;
969 goto done;
970 }
971 slen += mlen; 956 slen += mlen;
972 p = sdec; 957 p = sdec;
973 958
974 if ((sess = d2i_SSL_SESSION(NULL, &p, slen)) == NULL) { 959 /*
975 /* 960 * For session parse failures, indicate that we need to send a new
976 * For session parse failure, indicate that we need to send a 961 * ticket.
977 * new ticket. 962 */
978 */ 963 if ((sess = d2i_SSL_SESSION(NULL, &p, slen)) == NULL)
979 ret = 2; 964 goto derr;
980 goto done;
981 }
982 965
983 /* 966 /*
984 * The session ID, if non-empty, is used by some clients to detect that 967 * The session ID, if non-empty, is used by some clients to detect that
@@ -1000,8 +983,13 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, const unsigned char *etick,
1000 983
1001 goto done; 984 goto done;
1002 985
986 derr:
987 ret = 2;
988 goto done;
989
1003 err: 990 err:
1004 ret = -1; 991 ret = -1;
992 goto done;
1005 993
1006 done: 994 done:
1007 free(sdec); 995 free(sdec);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 14:39:44 +0000