Provide a rolling handshake hash that commences as soon as the cipher

suite has been selected, and convert the final finish MAC to use this handshake hash. This is a first step towards cleaning up the current handshake buffer/digest code. ok beck@ inoguchi@
author: jsing <> 2017-03-05 14:39:53 +0000
committer: jsing <> 2017-03-05 14:39:53 +0000
commit: e04ca894aa08b4b01dbc7ead7524d8026ce8f3be (patch)
tree: 4868a41992758cf1a7f9ffdaf1b940ee7bcceb4c /src/lib/libssl/t1_enc.c
parent: b7e97f3829f43765f12691c1665b5e6017d75d28 (diff)
download: openbsd-e04ca894aa08b4b01dbc7ead7524d8026ce8f3be.tar.gz
openbsd-e04ca894aa08b4b01dbc7ead7524d8026ce8f3be.tar.bz2
openbsd-e04ca894aa08b4b01dbc7ead7524d8026ce8f3be.zip
1 files changed, 19 insertions, 41 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 85d28298bf..62578beeea 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.96 2017/02/07 02:08:38 beck Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.97 2017/03/05 14:39:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -135,6 +135,7 @@
 * OTHERWISE.
 */
+#include <limits.h>
 #include <stdio.h>
 #include "ssl_locl.h"
@@ -193,6 +194,12 @@ tls1_finish_mac(SSL *s, const unsigned char *buf, int len)
 {
        int i;
+        if (len < 0)
+                return 0;
+        if (!tls1_handshake_hash_update(s, buf, len))
+                return 0;
        if (S3I(s)->handshake_buffer &&
            !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
                BIO_write(S3I(s)->handshake_buffer, (void *)buf, len);
@@ -1121,52 +1128,23 @@ tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
 int
 tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
 {
-        unsigned int i;
+        unsigned char buf1[EVP_MAX_MD_SIZE];
-        EVP_MD_CTX ctx;
+        unsigned char buf2[12];
-        unsigned char buf[2*EVP_MAX_MD_SIZE];
+        size_t hlen;
-        unsigned char *q, buf2[12];
-        int idx;
-        long mask;
-        int err = 0;
-        const EVP_MD *md;
-        q = buf;
-        if (S3I(s)->handshake_buffer)
+        if (!tls1_handshake_hash_value(s, buf1, sizeof(buf1), &hlen))
-                if (!tls1_digest_cached_records(s))
+                return 0;
-                        return 0;
-        EVP_MD_CTX_init(&ctx);
-        for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) {
+        if (hlen > INT_MAX)
-                if (ssl_get_algorithm2(s) & mask) {
+                return 0;
-                        int hashsize = EVP_MD_size(md);
-                        EVP_MD_CTX *hdgst = S3I(s)->handshake_dgst[idx];
-                        if (!hdgst || hashsize < 0 ||
-                            hashsize > (int)(sizeof buf - (size_t)(q - buf))) {
-                                /* internal error: 'buf' is too small for this cipersuite! */
-                                err = 1;
-                        } else {
-                                if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
-                                    !EVP_DigestFinal_ex(&ctx, q, &i) ||
-                                    (i != (unsigned int)hashsize))
-                                        err = 1;
-                                q += hashsize;
-                        }
-                }
-        }
-        if (!tls1_PRF(ssl_get_algorithm2(s), str, slen, buf, (int)(q - buf),
+        if (!tls1_PRF(ssl_get_algorithm2(s), str, slen, buf1, hlen,
            NULL, 0, NULL, 0, NULL, 0,
            s->session->master_key, s->session->master_key_length,
-            out, buf2, sizeof buf2))
+            out, buf2, sizeof(buf2)))
-                err = 1;
-        EVP_MD_CTX_cleanup(&ctx);
-        if (err)
                return 0;
-        else
-                return sizeof buf2;
+        return sizeof(buf2);
 }
 int
author	jsing <>	2017-03-05 14:39:53 +0000
committer	jsing <>	2017-03-05 14:39:53 +0000
commit	e04ca894aa08b4b01dbc7ead7524d8026ce8f3be (patch)
tree	4868a41992758cf1a7f9ffdaf1b940ee7bcceb4c /src/lib/libssl/t1_enc.c
parent	b7e97f3829f43765f12691c1665b5e6017d75d28 (diff)
download	openbsd-e04ca894aa08b4b01dbc7ead7524d8026ce8f3be.tar.gz openbsd-e04ca894aa08b4b01dbc7ead7524d8026ce8f3be.tar.bz2 openbsd-e04ca894aa08b4b01dbc7ead7524d8026ce8f3be.zip

diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 85d28298bf..62578beeea 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_enc.c,v 1.96 2017/02/07 02:08:38 beck Exp $ */	1	/* $OpenBSD: t1_enc.c,v 1.97 2017/03/05 14:39:53 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -135,6 +135,7 @@
135	* OTHERWISE.	135	* OTHERWISE.
136	*/	136	*/
137		137
		138	#include <limits.h>
138	#include <stdio.h>	139	#include <stdio.h>
139		140
140	#include "ssl_locl.h"	141	#include "ssl_locl.h"
@@ -193,6 +194,12 @@ tls1_finish_mac(SSL s, const unsigned char buf, int len)
193	{	194	{
194	int i;	195	int i;
195		196
		197	if (len < 0)
		198	return 0;
		199
		200	if (!tls1_handshake_hash_update(s, buf, len))
		201	return 0;
		202
196	if (S3I(s)->handshake_buffer &&	203	if (S3I(s)->handshake_buffer &&
197	!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {	204	!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
198	BIO_write(S3I(s)->handshake_buffer, (void *)buf, len);	205	BIO_write(S3I(s)->handshake_buffer, (void *)buf, len);
@@ -1121,52 +1128,23 @@ tls1_cert_verify_mac(SSL s, int md_nid, unsigned char out)
1121	int	1128	int
1122	tls1_final_finish_mac(SSL s, const char str, int slen, unsigned char *out)	1129	tls1_final_finish_mac(SSL s, const char str, int slen, unsigned char *out)
1123	{	1130	{
1124	unsigned int i;	1131	unsigned char buf1[EVP_MAX_MD_SIZE];
1125	EVP_MD_CTX ctx;	1132	unsigned char buf2[12];
1126	unsigned char buf[2*EVP_MAX_MD_SIZE];	1133	size_t hlen;
1127	unsigned char *q, buf2[12];
1128	int idx;
1129	long mask;
1130	int err = 0;
1131	const EVP_MD *md;
1132
1133	q = buf;
1134		1134
1135	if (S3I(s)->handshake_buffer)	1135	if (!tls1_handshake_hash_value(s, buf1, sizeof(buf1), &hlen))
1136	if (!tls1_digest_cached_records(s))	1136	return 0;
1137	return 0;
1138
1139	EVP_MD_CTX_init(&ctx);
1140		1137
1141	for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) {	1138	if (hlen > INT_MAX)
1142	if (ssl_get_algorithm2(s) & mask) {	1139	return 0;
1143	int hashsize = EVP_MD_size(md);
1144	EVP_MD_CTX *hdgst = S3I(s)->handshake_dgst[idx];
1145	if (!hdgst \|\| hashsize < 0 \|\|
1146	hashsize > (int)(sizeof buf - (size_t)(q - buf))) {
1147	/* internal error: 'buf' is too small for this cipersuite! */
1148	err = 1;
1149	} else {
1150	if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) \|\|
1151	!EVP_DigestFinal_ex(&ctx, q, &i) \|\|
1152	(i != (unsigned int)hashsize))
1153	err = 1;
1154	q += hashsize;
1155	}
1156	}
1157	}
1158		1140
1159	if (!tls1_PRF(ssl_get_algorithm2(s), str, slen, buf, (int)(q - buf),	1141	if (!tls1_PRF(ssl_get_algorithm2(s), str, slen, buf1, hlen,
1160	NULL, 0, NULL, 0, NULL, 0,	1142	NULL, 0, NULL, 0, NULL, 0,
1161	s->session->master_key, s->session->master_key_length,	1143	s->session->master_key, s->session->master_key_length,
1162	out, buf2, sizeof buf2))	1144	out, buf2, sizeof(buf2)))
1163	err = 1;
1164	EVP_MD_CTX_cleanup(&ctx);
1165
1166	if (err)
1167	return 0;	1145	return 0;
1168	else	1146
1169	return sizeof buf2;	1147	return sizeof(buf2);
1170	}	1148	}
1171		1149
1172	int	1150	int