diff options
| author | beck <> | 2018-11-11 02:03:23 +0000 |
|---|---|---|
| committer | beck <> | 2018-11-11 02:03:23 +0000 |
| commit | 54f742a337d02740020696e56783ec7595e582d5 (patch) | |
| tree | 9e311df175dd2b3edb9d866be4b779a74ce10b7a /src/lib/libssl/ssl_srvr.c | |
| parent | bb7bf59b27f2841b551d2aac13e012204e220296 (diff) | |
| download | openbsd-54f742a337d02740020696e56783ec7595e582d5.tar.gz openbsd-54f742a337d02740020696e56783ec7595e582d5.tar.bz2 openbsd-54f742a337d02740020696e56783ec7595e582d5.zip | |
Convert signatures and verifcation to use the EVP_DigestXXX api
to allow for adding PSS, Nuke the now unneejded guard around the PSS
algorithms in the sigalgs table
ok jsing@ tb@
Diffstat (limited to 'src/lib/libssl/ssl_srvr.c')
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 58 |
1 files changed, 40 insertions, 18 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 587a538060..f1b8a49468 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.55 2018/11/10 01:19:09 beck Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.56 2018/11/11 02:03:23 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -345,7 +345,7 @@ ssl3_accept(SSL *s) | |||
| 345 | D1I(s)->handshake_write_seq = 1; | 345 | D1I(s)->handshake_write_seq = 1; |
| 346 | D1I(s)->next_handshake_write_seq = 1; | 346 | D1I(s)->next_handshake_write_seq = 1; |
| 347 | goto end; | 347 | goto end; |
| 348 | } | 348 | } |
| 349 | } else { | 349 | } else { |
| 350 | if (s->internal->rwstate != SSL_X509_LOOKUP) { | 350 | if (s->internal->rwstate != SSL_X509_LOOKUP) { |
| 351 | ret = ssl3_get_client_hello(s); | 351 | ret = ssl3_get_client_hello(s); |
| @@ -1485,12 +1485,13 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1485 | CBB cbb, cbb_params, cbb_signature, server_kex; | 1485 | CBB cbb, cbb_params, cbb_signature, server_kex; |
| 1486 | const struct ssl_sigalg *sigalg = NULL; | 1486 | const struct ssl_sigalg *sigalg = NULL; |
| 1487 | unsigned char *signature = NULL; | 1487 | unsigned char *signature = NULL; |
| 1488 | unsigned int signature_len; | 1488 | size_t signature_len = 0; |
| 1489 | unsigned char *params = NULL; | 1489 | unsigned char *params = NULL; |
| 1490 | size_t params_len; | 1490 | size_t params_len; |
| 1491 | const EVP_MD *md = NULL; | 1491 | const EVP_MD *md = NULL; |
| 1492 | unsigned long type; | 1492 | unsigned long type; |
| 1493 | EVP_MD_CTX md_ctx; | 1493 | EVP_MD_CTX md_ctx; |
| 1494 | EVP_PKEY_CTX *pctx; | ||
| 1494 | EVP_PKEY *pkey; | 1495 | EVP_PKEY *pkey; |
| 1495 | int al; | 1496 | int al; |
| 1496 | 1497 | ||
| @@ -1544,21 +1545,34 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1544 | } | 1545 | } |
| 1545 | } | 1546 | } |
| 1546 | 1547 | ||
| 1547 | if ((signature = calloc(1, EVP_PKEY_size(pkey))) == NULL) | 1548 | if (!EVP_DigestSignInit(&md_ctx, &pctx, md, NULL, pkey)) { |
| 1549 | SSLerror(s, ERR_R_EVP_LIB); | ||
| 1548 | goto err; | 1550 | goto err; |
| 1549 | 1551 | } | |
| 1550 | if (!EVP_SignInit_ex(&md_ctx, md, NULL)) | 1552 | if (!EVP_DigestSignUpdate(&md_ctx, s->s3->client_random, |
| 1553 | SSL3_RANDOM_SIZE)) { | ||
| 1554 | SSLerror(s, ERR_R_EVP_LIB); | ||
| 1551 | goto err; | 1555 | goto err; |
| 1552 | if (!EVP_SignUpdate(&md_ctx, s->s3->client_random, | 1556 | } |
| 1553 | SSL3_RANDOM_SIZE)) | 1557 | if (!EVP_DigestSignUpdate(&md_ctx, s->s3->server_random, |
| 1558 | SSL3_RANDOM_SIZE)) { | ||
| 1559 | SSLerror(s, ERR_R_EVP_LIB); | ||
| 1560 | goto err; | ||
| 1561 | } | ||
| 1562 | if (!EVP_DigestSignUpdate(&md_ctx, params, params_len)) { | ||
| 1563 | SSLerror(s, ERR_R_EVP_LIB); | ||
| 1554 | goto err; | 1564 | goto err; |
| 1555 | if (!EVP_SignUpdate(&md_ctx, s->s3->server_random, | 1565 | } |
| 1556 | SSL3_RANDOM_SIZE)) | 1566 | if (!EVP_DigestSignFinal(&md_ctx, NULL, &signature_len) || |
| 1567 | !signature_len) { | ||
| 1568 | SSLerror(s, ERR_R_EVP_LIB); | ||
| 1557 | goto err; | 1569 | goto err; |
| 1558 | if (!EVP_SignUpdate(&md_ctx, params, params_len)) | 1570 | } |
| 1571 | if ((signature = calloc(1, signature_len)) == NULL) { | ||
| 1572 | SSLerror(s, ERR_R_MALLOC_FAILURE); | ||
| 1559 | goto err; | 1573 | goto err; |
| 1560 | if (!EVP_SignFinal(&md_ctx, signature, &signature_len, | 1574 | } |
| 1561 | pkey)) { | 1575 | if (!EVP_DigestSignFinal(&md_ctx, signature, &signature_len)) { |
| 1562 | SSLerror(s, ERR_R_EVP_LIB); | 1576 | SSLerror(s, ERR_R_EVP_LIB); |
| 1563 | goto err; | 1577 | goto err; |
| 1564 | } | 1578 | } |
| @@ -2071,6 +2085,7 @@ int | |||
| 2071 | ssl3_get_cert_verify(SSL *s) | 2085 | ssl3_get_cert_verify(SSL *s) |
| 2072 | { | 2086 | { |
| 2073 | CBS cbs, signature; | 2087 | CBS cbs, signature; |
| 2088 | const struct ssl_sigalg *sigalg; | ||
| 2074 | const EVP_MD *md = NULL; | 2089 | const EVP_MD *md = NULL; |
| 2075 | EVP_PKEY *pkey = NULL; | 2090 | EVP_PKEY *pkey = NULL; |
| 2076 | X509 *peer = NULL; | 2091 | X509 *peer = NULL; |
| @@ -2135,14 +2150,16 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2135 | * If key is GOST and n is exactly 64, it is a bare | 2150 | * If key is GOST and n is exactly 64, it is a bare |
| 2136 | * signature without length field. | 2151 | * signature without length field. |
| 2137 | */ | 2152 | */ |
| 2153 | /* This hack is awful and needs to die in fire */ | ||
| 2138 | if ((pkey->type == NID_id_GostR3410_94 || | 2154 | if ((pkey->type == NID_id_GostR3410_94 || |
| 2139 | pkey->type == NID_id_GostR3410_2001) && CBS_len(&cbs) == 64) { | 2155 | pkey->type == NID_id_GostR3410_2001) && CBS_len(&cbs) == 64) { |
| 2156 | if (SSL_USE_SIGALGS(s)) | ||
| 2157 | goto truncated; | ||
| 2140 | CBS_dup(&cbs, &signature); | 2158 | CBS_dup(&cbs, &signature); |
| 2141 | if (!CBS_skip(&cbs, CBS_len(&cbs))) | 2159 | if (!CBS_skip(&cbs, CBS_len(&cbs))) |
| 2142 | goto err; | 2160 | goto err; |
| 2143 | } else { | 2161 | } else { |
| 2144 | if (SSL_USE_SIGALGS(s)) { | 2162 | if (SSL_USE_SIGALGS(s)) { |
| 2145 | const struct ssl_sigalg *sigalg; | ||
| 2146 | uint16_t sigalg_value; | 2163 | uint16_t sigalg_value; |
| 2147 | 2164 | ||
| 2148 | if (!CBS_get_u16(&cbs, &sigalg_value)) | 2165 | if (!CBS_get_u16(&cbs, &sigalg_value)) |
| @@ -2175,19 +2192,24 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2175 | } | 2192 | } |
| 2176 | 2193 | ||
| 2177 | if (SSL_USE_SIGALGS(s)) { | 2194 | if (SSL_USE_SIGALGS(s)) { |
| 2195 | EVP_PKEY_CTX *pctx; | ||
| 2178 | if (!tls1_transcript_data(s, &hdata, &hdatalen)) { | 2196 | if (!tls1_transcript_data(s, &hdata, &hdatalen)) { |
| 2179 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 2197 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 2180 | al = SSL_AD_INTERNAL_ERROR; | 2198 | al = SSL_AD_INTERNAL_ERROR; |
| 2181 | goto f_err; | 2199 | goto f_err; |
| 2182 | } | 2200 | } |
| 2183 | if (!EVP_VerifyInit_ex(&mctx, md, NULL) || | 2201 | if (!EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, pkey)) { |
| 2184 | !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) { | 2202 | SSLerror(s, ERR_R_EVP_LIB); |
| 2203 | al = SSL_AD_INTERNAL_ERROR; | ||
| 2204 | goto f_err; | ||
| 2205 | } | ||
| 2206 | if (!EVP_DigestVerifyUpdate(&mctx, hdata, hdatalen)) { | ||
| 2185 | SSLerror(s, ERR_R_EVP_LIB); | 2207 | SSLerror(s, ERR_R_EVP_LIB); |
| 2186 | al = SSL_AD_INTERNAL_ERROR; | 2208 | al = SSL_AD_INTERNAL_ERROR; |
| 2187 | goto f_err; | 2209 | goto f_err; |
| 2188 | } | 2210 | } |
| 2189 | if (EVP_VerifyFinal(&mctx, CBS_data(&signature), | 2211 | if (EVP_DigestVerifyFinal(&mctx, CBS_data(&signature), |
| 2190 | CBS_len(&signature), pkey) <= 0) { | 2212 | CBS_len(&signature)) <= 0) { |
| 2191 | al = SSL_AD_DECRYPT_ERROR; | 2213 | al = SSL_AD_DECRYPT_ERROR; |
| 2192 | SSLerror(s, SSL_R_BAD_SIGNATURE); | 2214 | SSLerror(s, SSL_R_BAD_SIGNATURE); |
| 2193 | goto f_err; | 2215 | goto f_err; |