diff options
| author | tb <> | 2023-06-11 19:01:01 +0000 |
|---|---|---|
| committer | tb <> | 2023-06-11 19:01:01 +0000 |
| commit | 3e78f2fb356efca03fc4bfdadb63b49114e128a2 (patch) | |
| tree | 857746157a022e2a8e92ad5ea6c98c37f02c1123 /src/lib/libssl/ssl_srvr.c | |
| parent | 9ca5a491a6bf2cf73c12da0cc924a6a0c445f762 (diff) | |
| download | openbsd-3e78f2fb356efca03fc4bfdadb63b49114e128a2.tar.gz openbsd-3e78f2fb356efca03fc4bfdadb63b49114e128a2.tar.bz2 openbsd-3e78f2fb356efca03fc4bfdadb63b49114e128a2.zip | |
Convert legacy server kex to one-shot sign/verify
This converts ssl3_{get,send}_server_key_exchange() to EVP_DigestVerify()
and EVP_DigestSign(). In order to do this, build the full signed_params
up front and rework the way the key exchange parameters are constructed.
This way we can do the verify and sign steps in one go and at the same
use a more idiomatic approach with CBB/CBS.
with/ok jsing
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 65 |
1 files changed, 35 insertions, 30 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index d0814a8455..8edbf77156 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.154 2023/06/11 18:50:51 tb Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.155 2023/06/11 19:01:01 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1431,12 +1431,13 @@ ssl3_send_server_kex_ecdhe(SSL *s, CBB *cbb) | |||
| 1431 | static int | 1431 | static int |
| 1432 | ssl3_send_server_key_exchange(SSL *s) | 1432 | ssl3_send_server_key_exchange(SSL *s) |
| 1433 | { | 1433 | { |
| 1434 | CBB cbb, cbb_params, cbb_signature, server_kex; | 1434 | CBB cbb, cbb_signature, cbb_signed_params, server_kex; |
| 1435 | CBS params; | ||
| 1435 | const struct ssl_sigalg *sigalg = NULL; | 1436 | const struct ssl_sigalg *sigalg = NULL; |
| 1437 | unsigned char *signed_params = NULL; | ||
| 1438 | size_t signed_params_len; | ||
| 1436 | unsigned char *signature = NULL; | 1439 | unsigned char *signature = NULL; |
| 1437 | size_t signature_len = 0; | 1440 | size_t signature_len = 0; |
| 1438 | unsigned char *params = NULL; | ||
| 1439 | size_t params_len; | ||
| 1440 | const EVP_MD *md = NULL; | 1441 | const EVP_MD *md = NULL; |
| 1441 | unsigned long type; | 1442 | unsigned long type; |
| 1442 | EVP_MD_CTX *md_ctx = NULL; | 1443 | EVP_MD_CTX *md_ctx = NULL; |
| @@ -1445,7 +1446,7 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1445 | int al; | 1446 | int al; |
| 1446 | 1447 | ||
| 1447 | memset(&cbb, 0, sizeof(cbb)); | 1448 | memset(&cbb, 0, sizeof(cbb)); |
| 1448 | memset(&cbb_params, 0, sizeof(cbb_params)); | 1449 | memset(&cbb_signed_params, 0, sizeof(cbb_signed_params)); |
| 1449 | 1450 | ||
| 1450 | if ((md_ctx = EVP_MD_CTX_new()) == NULL) | 1451 | if ((md_ctx = EVP_MD_CTX_new()) == NULL) |
| 1451 | goto err; | 1452 | goto err; |
| @@ -1456,15 +1457,26 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1456 | SSL3_MT_SERVER_KEY_EXCHANGE)) | 1457 | SSL3_MT_SERVER_KEY_EXCHANGE)) |
| 1457 | goto err; | 1458 | goto err; |
| 1458 | 1459 | ||
| 1459 | if (!CBB_init(&cbb_params, 0)) | 1460 | if (!CBB_init(&cbb_signed_params, 0)) |
| 1460 | goto err; | 1461 | goto err; |
| 1461 | 1462 | ||
| 1463 | if (!CBB_add_bytes(&cbb_signed_params, s->s3->client_random, | ||
| 1464 | SSL3_RANDOM_SIZE)) { | ||
| 1465 | SSLerror(s, ERR_R_INTERNAL_ERROR); | ||
| 1466 | goto err; | ||
| 1467 | } | ||
| 1468 | if (!CBB_add_bytes(&cbb_signed_params, s->s3->server_random, | ||
| 1469 | SSL3_RANDOM_SIZE)) { | ||
| 1470 | SSLerror(s, ERR_R_INTERNAL_ERROR); | ||
| 1471 | goto err; | ||
| 1472 | } | ||
| 1473 | |||
| 1462 | type = s->s3->hs.cipher->algorithm_mkey; | 1474 | type = s->s3->hs.cipher->algorithm_mkey; |
| 1463 | if (type & SSL_kDHE) { | 1475 | if (type & SSL_kDHE) { |
| 1464 | if (!ssl3_send_server_kex_dhe(s, &cbb_params)) | 1476 | if (!ssl3_send_server_kex_dhe(s, &cbb_signed_params)) |
| 1465 | goto err; | 1477 | goto err; |
| 1466 | } else if (type & SSL_kECDHE) { | 1478 | } else if (type & SSL_kECDHE) { |
| 1467 | if (!ssl3_send_server_kex_ecdhe(s, &cbb_params)) | 1479 | if (!ssl3_send_server_kex_ecdhe(s, &cbb_signed_params)) |
| 1468 | goto err; | 1480 | goto err; |
| 1469 | } else { | 1481 | } else { |
| 1470 | al = SSL_AD_HANDSHAKE_FAILURE; | 1482 | al = SSL_AD_HANDSHAKE_FAILURE; |
| @@ -1472,10 +1484,16 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1472 | goto fatal_err; | 1484 | goto fatal_err; |
| 1473 | } | 1485 | } |
| 1474 | 1486 | ||
| 1475 | if (!CBB_finish(&cbb_params, ¶ms, ¶ms_len)) | 1487 | if (!CBB_finish(&cbb_signed_params, &signed_params, |
| 1488 | &signed_params_len)) | ||
| 1489 | goto err; | ||
| 1490 | |||
| 1491 | CBS_init(¶ms, signed_params, signed_params_len); | ||
| 1492 | if (!CBS_skip(¶ms, 2 * SSL3_RANDOM_SIZE)) | ||
| 1476 | goto err; | 1493 | goto err; |
| 1477 | 1494 | ||
| 1478 | if (!CBB_add_bytes(&server_kex, params, params_len)) | 1495 | if (!CBB_add_bytes(&server_kex, CBS_data(¶ms), |
| 1496 | CBS_len(¶ms))) | ||
| 1479 | goto err; | 1497 | goto err; |
| 1480 | 1498 | ||
| 1481 | /* Add signature unless anonymous. */ | 1499 | /* Add signature unless anonymous. */ |
| @@ -1507,22 +1525,8 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1507 | SSLerror(s, ERR_R_EVP_LIB); | 1525 | SSLerror(s, ERR_R_EVP_LIB); |
| 1508 | goto err; | 1526 | goto err; |
| 1509 | } | 1527 | } |
| 1510 | if (!EVP_DigestSignUpdate(md_ctx, s->s3->client_random, | 1528 | if (!EVP_DigestSign(md_ctx, NULL, &signature_len, |
| 1511 | SSL3_RANDOM_SIZE)) { | 1529 | signed_params, signed_params_len)) { |
| 1512 | SSLerror(s, ERR_R_EVP_LIB); | ||
| 1513 | goto err; | ||
| 1514 | } | ||
| 1515 | if (!EVP_DigestSignUpdate(md_ctx, s->s3->server_random, | ||
| 1516 | SSL3_RANDOM_SIZE)) { | ||
| 1517 | SSLerror(s, ERR_R_EVP_LIB); | ||
| 1518 | goto err; | ||
| 1519 | } | ||
| 1520 | if (!EVP_DigestSignUpdate(md_ctx, params, params_len)) { | ||
| 1521 | SSLerror(s, ERR_R_EVP_LIB); | ||
| 1522 | goto err; | ||
| 1523 | } | ||
| 1524 | if (!EVP_DigestSignFinal(md_ctx, NULL, &signature_len) || | ||
| 1525 | !signature_len) { | ||
| 1526 | SSLerror(s, ERR_R_EVP_LIB); | 1530 | SSLerror(s, ERR_R_EVP_LIB); |
| 1527 | goto err; | 1531 | goto err; |
| 1528 | } | 1532 | } |
| @@ -1530,7 +1534,8 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1530 | SSLerror(s, ERR_R_MALLOC_FAILURE); | 1534 | SSLerror(s, ERR_R_MALLOC_FAILURE); |
| 1531 | goto err; | 1535 | goto err; |
| 1532 | } | 1536 | } |
| 1533 | if (!EVP_DigestSignFinal(md_ctx, signature, &signature_len)) { | 1537 | if (!EVP_DigestSign(md_ctx, signature, &signature_len, |
| 1538 | signed_params, signed_params_len)) { | ||
| 1534 | SSLerror(s, ERR_R_EVP_LIB); | 1539 | SSLerror(s, ERR_R_EVP_LIB); |
| 1535 | goto err; | 1540 | goto err; |
| 1536 | } | 1541 | } |
| @@ -1550,19 +1555,19 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1550 | } | 1555 | } |
| 1551 | 1556 | ||
| 1552 | EVP_MD_CTX_free(md_ctx); | 1557 | EVP_MD_CTX_free(md_ctx); |
| 1553 | free(params); | ||
| 1554 | free(signature); | 1558 | free(signature); |
| 1559 | free(signed_params); | ||
| 1555 | 1560 | ||
| 1556 | return (ssl3_handshake_write(s)); | 1561 | return (ssl3_handshake_write(s)); |
| 1557 | 1562 | ||
| 1558 | fatal_err: | 1563 | fatal_err: |
| 1559 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 1564 | ssl3_send_alert(s, SSL3_AL_FATAL, al); |
| 1560 | err: | 1565 | err: |
| 1561 | CBB_cleanup(&cbb_params); | 1566 | CBB_cleanup(&cbb_signed_params); |
| 1562 | CBB_cleanup(&cbb); | 1567 | CBB_cleanup(&cbb); |
| 1563 | EVP_MD_CTX_free(md_ctx); | 1568 | EVP_MD_CTX_free(md_ctx); |
| 1564 | free(params); | ||
| 1565 | free(signature); | 1569 | free(signature); |
| 1570 | free(signed_params); | ||
| 1566 | 1571 | ||
| 1567 | return (-1); | 1572 | return (-1); |
| 1568 | } | 1573 | } |