Clean up and simplify the client verify code:

- Be consistent with _len naming. - Use size_t where possible/appropriate. - Group the CBB code. - Use EVP_MAX_MD_SIZE consistently, instead of "magic" values. - Switch GOST to EVP_DigestSign*, making it similar to sigalgs. ok tb@ a while back.
author: jsing <> 2019-03-31 15:49:03 +0000
committer: jsing <> 2019-03-31 15:49:03 +0000
commit: fd2c35571a7ae32e91f4aa0a97a2611030cbdb3d (patch)
tree: c89f3423883cc5d58d0f92288a04f09b0e604759
parent: 918313053be2a9fe66f64b9266dec918010184c3 (diff)
download: openbsd-fd2c35571a7ae32e91f4aa0a97a2611030cbdb3d.tar.gz
openbsd-fd2c35571a7ae32e91f4aa0a97a2611030cbdb3d.tar.bz2
openbsd-fd2c35571a7ae32e91f4aa0a97a2611030cbdb3d.zip
1 files changed, 49 insertions, 50 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 2174e3a83d..90aa80f522 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.60 2019/03/25 17:21:18 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.61 2019/03/31 15:49:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2378,9 +2378,7 @@ ssl3_send_client_verify_sigalgs(SSL *s, CBB *cert_verify)
        const EVP_MD *md;
        const unsigned char *hdata;
        unsigned char *signature = NULL;
-        unsigned int signature_len = 0;
+        size_t signature_len, hdata_len;
-        size_t hdatalen;
-        size_t siglen;
        int ret = 0;
        EVP_MD_CTX_init(&mctx);
@@ -2395,8 +2393,7 @@ ssl3_send_client_verify_sigalgs(SSL *s, CBB *cert_verify)
                goto err;
        }
-        if (!tls1_transcript_data(s, &hdata, &hdatalen) ||
+        if (!tls1_transcript_data(s, &hdata, &hdata_len)) {
-            !CBB_add_u16(cert_verify, sigalg->value)) {
                SSLerror(s, ERR_R_INTERNAL_ERROR);
                goto err;
        }
@@ -2410,24 +2407,26 @@ ssl3_send_client_verify_sigalgs(SSL *s, CBB *cert_verify)
                SSLerror(s, ERR_R_EVP_LIB);
                goto err;
        }
-        if (!EVP_DigestSignUpdate(&mctx, hdata, hdatalen)) {
+        if (!EVP_DigestSignUpdate(&mctx, hdata, hdata_len)) {
                SSLerror(s, ERR_R_EVP_LIB);
                goto err;
        }
-        if (!EVP_DigestSignFinal(&mctx, NULL, &siglen) || siglen == 0) {
+        if (!EVP_DigestSignFinal(&mctx, NULL, &signature_len) ||
+            signature_len == 0) {
                SSLerror(s, ERR_R_EVP_LIB);
                goto err;
        }
-        if ((signature = calloc(1, siglen)) == NULL) {
+        if ((signature = calloc(1, signature_len)) == NULL) {
                SSLerror(s, ERR_R_MALLOC_FAILURE);
                goto err;
        }
-        if (!EVP_DigestSignFinal(&mctx, signature, &siglen)) {
+        if (!EVP_DigestSignFinal(&mctx, signature, &signature_len)) {
                SSLerror(s, ERR_R_EVP_LIB);
                goto err;
        }
-        signature_len = siglen; /* XXX */
+        if (!CBB_add_u16(cert_verify, sigalg->value))
+                goto err;
        if (!CBB_add_u16_length_prefixed(cert_verify, &cbb_signature))
                goto err;
        if (!CBB_add_bytes(&cbb_signature, signature, signature_len))
@@ -2436,6 +2435,7 @@ ssl3_send_client_verify_sigalgs(SSL *s, CBB *cert_verify)
                goto err;
        ret = 1;
 err:
        EVP_MD_CTX_cleanup(&mctx);
        free(signature);
@@ -2447,19 +2447,20 @@ ssl3_send_client_verify_rsa(SSL *s, CBB *cert_verify)
 {
        CBB cbb_signature;
        EVP_PKEY *pkey;
-        unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
+        unsigned char data[EVP_MAX_MD_SIZE];
        unsigned char *signature = NULL;
-        unsigned int signature_len = 0;
+        unsigned int signature_len;
+        size_t data_len;
        int ret = 0;
-        if (!tls1_transcript_hash_value(s, data, sizeof(data), NULL))
-                goto err;
        pkey = s->cert->key->privatekey;
+        if (!tls1_transcript_hash_value(s, data, sizeof(data), &data_len))
+                goto err;
        if ((signature = calloc(1, EVP_PKEY_size(pkey))) == NULL)
                goto err;
-        if (RSA_sign(NID_md5_sha1, data, MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
+        if (RSA_sign(NID_md5_sha1, data, data_len, signature,
-            signature, &signature_len, pkey->pkey.rsa) <= 0 ) {
+            &signature_len, pkey->pkey.rsa) <= 0 ) {
                SSLerror(s, ERR_R_RSA_LIB);
                goto err;
        }
@@ -2482,15 +2483,15 @@ ssl3_send_client_verify_ec(SSL *s, CBB *cert_verify)
 {
        CBB cbb_signature;
        EVP_PKEY *pkey;
-        unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
+        unsigned char data[EVP_MAX_MD_SIZE];
        unsigned char *signature = NULL;
-        unsigned int signature_len = 0;
+        unsigned int signature_len;
        int ret = 0;
+        pkey = s->cert->key->privatekey;
        if (!tls1_transcript_hash_value(s, data, sizeof(data), NULL))
                goto err;
-        pkey = s->cert->key->privatekey;
        if ((signature = calloc(1, EVP_PKEY_size(pkey))) == NULL)
                goto err;
        if (!ECDSA_sign(pkey->save_type, &data[MD5_DIGEST_LENGTH],
@@ -2522,12 +2523,9 @@ ssl3_send_client_verify_gost(SSL *s, CBB *cert_verify)
        EVP_PKEY *pkey;
        const EVP_MD *md;
        const unsigned char *hdata;
-        unsigned char signbuf[128];
        unsigned char *signature = NULL;
-        unsigned int signature_len = 0;
+        size_t signature_len;
-        unsigned int u;
+        size_t hdata_len;
-        size_t hdatalen;
-        size_t sigsize;
        int nid;
        int ret = 0;
@@ -2535,39 +2533,41 @@ ssl3_send_client_verify_gost(SSL *s, CBB *cert_verify)
        pkey = s->cert->key->privatekey;
-        /* Create context from key and test if sha1 is allowed as digest. */
+        if (!tls1_transcript_data(s, &hdata, &hdata_len)) {
-        if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL)
-                goto err;
-        if (EVP_PKEY_sign_init(pctx) <= 0)
-                goto err;
-        /* XXX - is this needed? */
-        if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) <= 0)
-                ERR_clear_error();
-        if (!tls1_transcript_data(s, &hdata, &hdatalen)) {
                SSLerror(s, ERR_R_INTERNAL_ERROR);
                goto err;
        }
        if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
-            !(md = EVP_get_digestbynid(nid))) {
+            (md = EVP_get_digestbynid(nid)) == NULL) {
                SSLerror(s, ERR_R_EVP_LIB);
                goto err;
        }
-        if (!EVP_DigestInit_ex(&mctx, md, NULL) ||
+        if (!EVP_DigestSignInit(&mctx, &pctx, md, NULL, pkey)) {
-            !EVP_DigestUpdate(&mctx, hdata, hdatalen) ||
+                SSLerror(s, ERR_R_EVP_LIB);
-            !EVP_DigestFinal(&mctx, signbuf, &u) ||
+                goto err;
+        }
-            (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) ||
+        if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-            (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+            EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) {
-                EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE,
-                NULL) <= 0) ||
-            (EVP_PKEY_sign(pctx, signature, &sigsize, signbuf, u) <= 0)) {
                SSLerror(s, ERR_R_EVP_LIB);
                goto err;
        }
-        if (sigsize > UINT_MAX)
+        if (!EVP_DigestSignUpdate(&mctx, hdata, hdata_len)) {
+                SSLerror(s, ERR_R_EVP_LIB);
+                goto err;
+        }
+        if (!EVP_DigestSignFinal(&mctx, NULL, &signature_len) ||
+            signature_len == 0) {
+                SSLerror(s, ERR_R_EVP_LIB);
                goto err;
-        signature_len = sigsize;
+        }
+        if ((signature = calloc(1, signature_len)) == NULL) {
+                SSLerror(s, ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        if (!EVP_DigestSignFinal(&mctx, signature, &signature_len)) {
+                SSLerror(s, ERR_R_EVP_LIB);
+                goto err;
+        }
        if (!CBB_add_u16_length_prefixed(cert_verify, &cbb_signature))
                goto err;
@@ -2579,7 +2579,6 @@ ssl3_send_client_verify_gost(SSL *s, CBB *cert_verify)
        ret = 1;
 err:
        EVP_MD_CTX_cleanup(&mctx);
-        EVP_PKEY_CTX_free(pctx);
        free(signature);
        return ret;
 }
author	jsing <>	2019-03-31 15:49:03 +0000
committer	jsing <>	2019-03-31 15:49:03 +0000
commit	fd2c35571a7ae32e91f4aa0a97a2611030cbdb3d (patch)
tree	c89f3423883cc5d58d0f92288a04f09b0e604759
parent	918313053be2a9fe66f64b9266dec918010184c3 (diff)
download	openbsd-fd2c35571a7ae32e91f4aa0a97a2611030cbdb3d.tar.gz openbsd-fd2c35571a7ae32e91f4aa0a97a2611030cbdb3d.tar.bz2 openbsd-fd2c35571a7ae32e91f4aa0a97a2611030cbdb3d.zip

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 2174e3a83d..90aa80f522 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.60 2019/03/25 17:21:18 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.61 2019/03/31 15:49:03 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2378,9 +2378,7 @@ ssl3_send_client_verify_sigalgs(SSL s, CBB cert_verify)
2378	const EVP_MD *md;	2378	const EVP_MD *md;
2379	const unsigned char *hdata;	2379	const unsigned char *hdata;
2380	unsigned char *signature = NULL;	2380	unsigned char *signature = NULL;
2381	unsigned int signature_len = 0;	2381	size_t signature_len, hdata_len;
2382	size_t hdatalen;
2383	size_t siglen;
2384	int ret = 0;	2382	int ret = 0;
2385		2383
2386	EVP_MD_CTX_init(&mctx);	2384	EVP_MD_CTX_init(&mctx);
@@ -2395,8 +2393,7 @@ ssl3_send_client_verify_sigalgs(SSL s, CBB cert_verify)
2395	goto err;	2393	goto err;
2396	}	2394	}
2397		2395
2398	if (!tls1_transcript_data(s, &hdata, &hdatalen) \|\|	2396	if (!tls1_transcript_data(s, &hdata, &hdata_len)) {
2399	!CBB_add_u16(cert_verify, sigalg->value)) {
2400	SSLerror(s, ERR_R_INTERNAL_ERROR);	2397	SSLerror(s, ERR_R_INTERNAL_ERROR);
2401	goto err;	2398	goto err;
2402	}	2399	}
@@ -2410,24 +2407,26 @@ ssl3_send_client_verify_sigalgs(SSL s, CBB cert_verify)
2410	SSLerror(s, ERR_R_EVP_LIB);	2407	SSLerror(s, ERR_R_EVP_LIB);
2411	goto err;	2408	goto err;
2412	}	2409	}
2413	if (!EVP_DigestSignUpdate(&mctx, hdata, hdatalen)) {	2410	if (!EVP_DigestSignUpdate(&mctx, hdata, hdata_len)) {
2414	SSLerror(s, ERR_R_EVP_LIB);	2411	SSLerror(s, ERR_R_EVP_LIB);
2415	goto err;	2412	goto err;
2416	}	2413	}
2417	if (!EVP_DigestSignFinal(&mctx, NULL, &siglen) \|\| siglen == 0) {	2414	if (!EVP_DigestSignFinal(&mctx, NULL, &signature_len) \|\|
		2415	signature_len == 0) {
2418	SSLerror(s, ERR_R_EVP_LIB);	2416	SSLerror(s, ERR_R_EVP_LIB);
2419	goto err;	2417	goto err;
2420	}	2418	}
2421	if ((signature = calloc(1, siglen)) == NULL) {	2419	if ((signature = calloc(1, signature_len)) == NULL) {
2422	SSLerror(s, ERR_R_MALLOC_FAILURE);	2420	SSLerror(s, ERR_R_MALLOC_FAILURE);
2423	goto err;	2421	goto err;
2424	}	2422	}
2425	if (!EVP_DigestSignFinal(&mctx, signature, &siglen)) {	2423	if (!EVP_DigestSignFinal(&mctx, signature, &signature_len)) {
2426	SSLerror(s, ERR_R_EVP_LIB);	2424	SSLerror(s, ERR_R_EVP_LIB);
2427	goto err;	2425	goto err;
2428	}	2426	}
2429	signature_len = siglen; /* XXX */
2430		2427
		2428	if (!CBB_add_u16(cert_verify, sigalg->value))
		2429	goto err;
2431	if (!CBB_add_u16_length_prefixed(cert_verify, &cbb_signature))	2430	if (!CBB_add_u16_length_prefixed(cert_verify, &cbb_signature))
2432	goto err;	2431	goto err;
2433	if (!CBB_add_bytes(&cbb_signature, signature, signature_len))	2432	if (!CBB_add_bytes(&cbb_signature, signature, signature_len))
@@ -2436,6 +2435,7 @@ ssl3_send_client_verify_sigalgs(SSL s, CBB cert_verify)
2436	goto err;	2435	goto err;
2437		2436
2438	ret = 1;	2437	ret = 1;
		2438
2439	err:	2439	err:
2440	EVP_MD_CTX_cleanup(&mctx);	2440	EVP_MD_CTX_cleanup(&mctx);
2441	free(signature);	2441	free(signature);
@@ -2447,19 +2447,20 @@ ssl3_send_client_verify_rsa(SSL s, CBB cert_verify)
2447	{	2447	{
2448	CBB cbb_signature;	2448	CBB cbb_signature;
2449	EVP_PKEY *pkey;	2449	EVP_PKEY *pkey;
2450	unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];	2450	unsigned char data[EVP_MAX_MD_SIZE];
2451	unsigned char *signature = NULL;	2451	unsigned char *signature = NULL;
2452	unsigned int signature_len = 0;	2452	unsigned int signature_len;
		2453	size_t data_len;
2453	int ret = 0;	2454	int ret = 0;
2454		2455
2455	if (!tls1_transcript_hash_value(s, data, sizeof(data), NULL))
2456	goto err;
2457
2458	pkey = s->cert->key->privatekey;	2456	pkey = s->cert->key->privatekey;
		2457
		2458	if (!tls1_transcript_hash_value(s, data, sizeof(data), &data_len))
		2459	goto err;
2459	if ((signature = calloc(1, EVP_PKEY_size(pkey))) == NULL)	2460	if ((signature = calloc(1, EVP_PKEY_size(pkey))) == NULL)
2460	goto err;	2461	goto err;
2461	if (RSA_sign(NID_md5_sha1, data, MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,	2462	if (RSA_sign(NID_md5_sha1, data, data_len, signature,
2462	signature, &signature_len, pkey->pkey.rsa) <= 0 ) {	2463	&signature_len, pkey->pkey.rsa) <= 0 ) {
2463	SSLerror(s, ERR_R_RSA_LIB);	2464	SSLerror(s, ERR_R_RSA_LIB);
2464	goto err;	2465	goto err;
2465	}	2466	}
@@ -2482,15 +2483,15 @@ ssl3_send_client_verify_ec(SSL s, CBB cert_verify)
2482	{	2483	{
2483	CBB cbb_signature;	2484	CBB cbb_signature;
2484	EVP_PKEY *pkey;	2485	EVP_PKEY *pkey;
2485	unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];	2486	unsigned char data[EVP_MAX_MD_SIZE];
2486	unsigned char *signature = NULL;	2487	unsigned char *signature = NULL;
2487	unsigned int signature_len = 0;	2488	unsigned int signature_len;
2488	int ret = 0;	2489	int ret = 0;
2489		2490
		2491	pkey = s->cert->key->privatekey;
		2492
2490	if (!tls1_transcript_hash_value(s, data, sizeof(data), NULL))	2493	if (!tls1_transcript_hash_value(s, data, sizeof(data), NULL))
2491	goto err;	2494	goto err;
2492
2493	pkey = s->cert->key->privatekey;
2494	if ((signature = calloc(1, EVP_PKEY_size(pkey))) == NULL)	2495	if ((signature = calloc(1, EVP_PKEY_size(pkey))) == NULL)
2495	goto err;	2496	goto err;
2496	if (!ECDSA_sign(pkey->save_type, &data[MD5_DIGEST_LENGTH],	2497	if (!ECDSA_sign(pkey->save_type, &data[MD5_DIGEST_LENGTH],
@@ -2522,12 +2523,9 @@ ssl3_send_client_verify_gost(SSL s, CBB cert_verify)
2522	EVP_PKEY *pkey;	2523	EVP_PKEY *pkey;
2523	const EVP_MD *md;	2524	const EVP_MD *md;
2524	const unsigned char *hdata;	2525	const unsigned char *hdata;
2525	unsigned char signbuf[128];
2526	unsigned char *signature = NULL;	2526	unsigned char *signature = NULL;
2527	unsigned int signature_len = 0;	2527	size_t signature_len;
2528	unsigned int u;	2528	size_t hdata_len;
2529	size_t hdatalen;
2530	size_t sigsize;
2531	int nid;	2529	int nid;
2532	int ret = 0;	2530	int ret = 0;
2533		2531
@@ -2535,39 +2533,41 @@ ssl3_send_client_verify_gost(SSL s, CBB cert_verify)
2535		2533
2536	pkey = s->cert->key->privatekey;	2534	pkey = s->cert->key->privatekey;
2537		2535
2538	/* Create context from key and test if sha1 is allowed as digest. */	2536	if (!tls1_transcript_data(s, &hdata, &hdata_len)) {
2539	if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL)
2540	goto err;
2541	if (EVP_PKEY_sign_init(pctx) <= 0)
2542	goto err;
2543	/* XXX - is this needed? */
2544	if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) <= 0)
2545	ERR_clear_error();
2546
2547	if (!tls1_transcript_data(s, &hdata, &hdatalen)) {
2548	SSLerror(s, ERR_R_INTERNAL_ERROR);	2537	SSLerror(s, ERR_R_INTERNAL_ERROR);
2549	goto err;	2538	goto err;
2550	}	2539	}
2551	if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) \|\|	2540	if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) \|\|
2552	!(md = EVP_get_digestbynid(nid))) {	2541	(md = EVP_get_digestbynid(nid)) == NULL) {
2553	SSLerror(s, ERR_R_EVP_LIB);	2542	SSLerror(s, ERR_R_EVP_LIB);
2554	goto err;	2543	goto err;
2555	}	2544	}
2556	if (!EVP_DigestInit_ex(&mctx, md, NULL) \|\|	2545	if (!EVP_DigestSignInit(&mctx, &pctx, md, NULL, pkey)) {
2557	!EVP_DigestUpdate(&mctx, hdata, hdatalen) \|\|	2546	SSLerror(s, ERR_R_EVP_LIB);
2558	!EVP_DigestFinal(&mctx, signbuf, &u) \|\|	2547	goto err;
2559		2548	}
2560	(EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) \|\|	2549	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
2561	(EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,	2550	EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) {
2562	EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE,
2563	NULL) <= 0) \|\|
2564	(EVP_PKEY_sign(pctx, signature, &sigsize, signbuf, u) <= 0)) {
2565	SSLerror(s, ERR_R_EVP_LIB);	2551	SSLerror(s, ERR_R_EVP_LIB);
2566	goto err;	2552	goto err;
2567	}	2553	}
2568	if (sigsize > UINT_MAX)	2554	if (!EVP_DigestSignUpdate(&mctx, hdata, hdata_len)) {
		2555	SSLerror(s, ERR_R_EVP_LIB);
		2556	goto err;
		2557	}
		2558	if (!EVP_DigestSignFinal(&mctx, NULL, &signature_len) \|\|
		2559	signature_len == 0) {
		2560	SSLerror(s, ERR_R_EVP_LIB);
2569	goto err;	2561	goto err;
2570	signature_len = sigsize;	2562	}
		2563	if ((signature = calloc(1, signature_len)) == NULL) {
		2564	SSLerror(s, ERR_R_MALLOC_FAILURE);
		2565	goto err;
		2566	}
		2567	if (!EVP_DigestSignFinal(&mctx, signature, &signature_len)) {
		2568	SSLerror(s, ERR_R_EVP_LIB);
		2569	goto err;
		2570	}
2571		2571
2572	if (!CBB_add_u16_length_prefixed(cert_verify, &cbb_signature))	2572	if (!CBB_add_u16_length_prefixed(cert_verify, &cbb_signature))
2573	goto err;	2573	goto err;
@@ -2579,7 +2579,6 @@ ssl3_send_client_verify_gost(SSL s, CBB cert_verify)
2579	ret = 1;	2579	ret = 1;
2580	err:	2580	err:
2581	EVP_MD_CTX_cleanup(&mctx);	2581	EVP_MD_CTX_cleanup(&mctx);
2582	EVP_PKEY_CTX_free(pctx);
2583	free(signature);	2582	free(signature);
2584	return ret;	2583	return ret;
2585	}	2584	}