diff options
| author | jsing <> | 2017-03-25 13:36:56 +0000 |
|---|---|---|
| committer | jsing <> | 2017-03-25 13:36:56 +0000 |
| commit | 2625b1c3926492fbcc823928f95ea1591467a7af (patch) | |
| tree | 43a36bc540a1f7c48ca8997d49d270bb36a880e2 /src/lib | |
| parent | 9da87d2ce846e80f6be041f3d473143490c1c4e3 (diff) | |
| download | openbsd-2625b1c3926492fbcc823928f95ea1591467a7af.tar.gz openbsd-2625b1c3926492fbcc823928f95ea1591467a7af.tar.bz2 openbsd-2625b1c3926492fbcc823928f95ea1591467a7af.zip | |
More cleanup for tls1_PRF()/tls1_P_hash() - change the argument order of
tls1_PRF() so that it matches tls1_P_hash(), use more explicit argument
names and change lengths to size_t.
ok inoguchi@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 96 |
1 files changed, 50 insertions, 46 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 0c182d49a2..42d384db7d 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_enc.c,v 1.105 2017/03/18 13:04:30 jsing Exp $ */ | 1 | /* $OpenBSD: t1_enc.c,v 1.106 2017/03/25 13:36:56 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -144,10 +144,10 @@ | |||
| 144 | #include <openssl/hmac.h> | 144 | #include <openssl/hmac.h> |
| 145 | #include <openssl/md5.h> | 145 | #include <openssl/md5.h> |
| 146 | 146 | ||
| 147 | int tls1_PRF(SSL *s, const void *seed1, int seed1_len, const void *seed2, | 147 | int tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len, |
| 148 | int seed2_len, const void *seed3, int seed3_len, const void *seed4, | 148 | const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len, |
| 149 | int seed4_len, const void *seed5, int seed5_len, const unsigned char *sec, | 149 | const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len, |
| 150 | int slen, unsigned char *out, int olen); | 150 | const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len); |
| 151 | 151 | ||
| 152 | void | 152 | void |
| 153 | tls1_cleanup_key_block(SSL *s) | 153 | tls1_cleanup_key_block(SSL *s) |
| @@ -231,10 +231,10 @@ tls1_record_sequence_increment(unsigned char *seq) | |||
| 231 | * TLS P_hash() data expansion function - see RFC 5246, section 5. | 231 | * TLS P_hash() data expansion function - see RFC 5246, section 5. |
| 232 | */ | 232 | */ |
| 233 | static int | 233 | static int |
| 234 | tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, | 234 | tls1_P_hash(const EVP_MD *md, const unsigned char *secret, size_t secret_len, |
| 235 | const void *seed1, int seed1_len, const void *seed2, int seed2_len, | 235 | const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len, |
| 236 | const void *seed3, int seed3_len, const void *seed4, int seed4_len, | 236 | const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len, |
| 237 | const void *seed5, int seed5_len, unsigned char *out, int olen) | 237 | const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len) |
| 238 | { | 238 | { |
| 239 | unsigned char A1[EVP_MAX_MD_SIZE], hmac[EVP_MAX_MD_SIZE]; | 239 | unsigned char A1[EVP_MAX_MD_SIZE], hmac[EVP_MAX_MD_SIZE]; |
| 240 | size_t A1_len, hmac_len; | 240 | size_t A1_len, hmac_len; |
| @@ -249,7 +249,7 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, | |||
| 249 | 249 | ||
| 250 | EVP_MD_CTX_init(&ctx); | 250 | EVP_MD_CTX_init(&ctx); |
| 251 | 251 | ||
| 252 | mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len); | 252 | mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, secret, secret_len); |
| 253 | if (!mac_key) | 253 | if (!mac_key) |
| 254 | goto err; | 254 | goto err; |
| 255 | if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key)) | 255 | if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key)) |
| @@ -285,16 +285,16 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, | |||
| 285 | if (!EVP_DigestSignFinal(&ctx, hmac, &hmac_len)) | 285 | if (!EVP_DigestSignFinal(&ctx, hmac, &hmac_len)) |
| 286 | goto err; | 286 | goto err; |
| 287 | 287 | ||
| 288 | if (hmac_len > olen) | 288 | if (hmac_len > out_len) |
| 289 | hmac_len = olen; | 289 | hmac_len = out_len; |
| 290 | 290 | ||
| 291 | for (i = 0; i < hmac_len; i++) | 291 | for (i = 0; i < hmac_len; i++) |
| 292 | out[i] ^= hmac[i]; | 292 | out[i] ^= hmac[i]; |
| 293 | 293 | ||
| 294 | out += hmac_len; | 294 | out += hmac_len; |
| 295 | olen -= hmac_len; | 295 | out_len -= hmac_len; |
| 296 | 296 | ||
| 297 | if (olen == 0) | 297 | if (out_len == 0) |
| 298 | break; | 298 | break; |
| 299 | 299 | ||
| 300 | if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key)) | 300 | if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key)) |
| @@ -316,17 +316,16 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, | |||
| 316 | return ret; | 316 | return ret; |
| 317 | } | 317 | } |
| 318 | 318 | ||
| 319 | /* seed1 through seed5 are virtually concatenated */ | ||
| 320 | int | 319 | int |
| 321 | tls1_PRF(SSL *s, const void *seed1, int seed1_len, const void *seed2, | 320 | tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len, |
| 322 | int seed2_len, const void *seed3, int seed3_len, const void *seed4, | 321 | const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len, |
| 323 | int seed4_len, const void *seed5, int seed5_len, const unsigned char *sec, | 322 | const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len, |
| 324 | int slen, unsigned char *out, int olen) | 323 | const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len) |
| 325 | { | 324 | { |
| 326 | const EVP_MD *md; | 325 | const EVP_MD *md; |
| 327 | size_t hlen; | 326 | size_t half_len; |
| 328 | 327 | ||
| 329 | memset(out, 0, olen); | 328 | memset(out, 0, out_len); |
| 330 | 329 | ||
| 331 | if (!ssl_get_handshake_evp_md(s, &md)) | 330 | if (!ssl_get_handshake_evp_md(s, &md)) |
| 332 | return (0); | 331 | return (0); |
| @@ -336,23 +335,24 @@ tls1_PRF(SSL *s, const void *seed1, int seed1_len, const void *seed2, | |||
| 336 | * Partition secret between MD5 and SHA1, then XOR result. | 335 | * Partition secret between MD5 and SHA1, then XOR result. |
| 337 | * If the secret length is odd, a one byte overlap is used. | 336 | * If the secret length is odd, a one byte overlap is used. |
| 338 | */ | 337 | */ |
| 339 | hlen = slen - (slen / 2); | 338 | half_len = secret_len - (secret_len / 2); |
| 340 | if (!tls1_P_hash(EVP_md5(), sec, hlen, seed1, seed1_len, seed2, | 339 | if (!tls1_P_hash(EVP_md5(), secret, half_len, seed1, seed1_len, |
| 341 | seed2_len, seed3, seed3_len, seed4, seed4_len, seed5, | 340 | seed2, seed2_len, seed3, seed3_len, seed4, seed4_len, |
| 342 | seed5_len, out, olen)) | 341 | seed5, seed5_len, out, out_len)) |
| 343 | return (0); | 342 | return (0); |
| 344 | 343 | ||
| 345 | sec += slen - hlen; | 344 | secret += secret_len - half_len; |
| 346 | if (!tls1_P_hash(EVP_sha1(), sec, hlen, seed1, seed1_len, seed2, | 345 | if (!tls1_P_hash(EVP_sha1(), secret, half_len, seed1, seed1_len, |
| 347 | seed2_len, seed3, seed3_len, seed4, seed4_len, seed5, | 346 | seed2, seed2_len, seed3, seed3_len, seed4, seed4_len, |
| 348 | seed5_len, out, olen)) | 347 | seed5, seed5_len, out, out_len)) |
| 349 | return (0); | 348 | return (0); |
| 350 | 349 | ||
| 351 | return (1); | 350 | return (1); |
| 352 | } | 351 | } |
| 353 | 352 | ||
| 354 | if (!tls1_P_hash(md, sec, slen, seed1, seed1_len, seed2, seed2_len, | 353 | if (!tls1_P_hash(md, secret, secret_len, seed1, seed1_len, |
| 355 | seed3, seed3_len, seed4, seed4_len, seed5, seed5_len, out, olen)) | 354 | seed2, seed2_len, seed3, seed3_len, seed4, seed4_len, |
| 355 | seed5, seed5_len, out, out_len)) | ||
| 356 | return (0); | 356 | return (0); |
| 357 | 357 | ||
| 358 | return (1); | 358 | return (1); |
| @@ -361,13 +361,15 @@ tls1_PRF(SSL *s, const void *seed1, int seed1_len, const void *seed2, | |||
| 361 | static int | 361 | static int |
| 362 | tls1_generate_key_block(SSL *s, unsigned char *km, int num) | 362 | tls1_generate_key_block(SSL *s, unsigned char *km, int num) |
| 363 | { | 363 | { |
| 364 | if (num < 0) | ||
| 365 | return (0); | ||
| 366 | |||
| 364 | return tls1_PRF(s, | 367 | return tls1_PRF(s, |
| 368 | s->session->master_key, s->session->master_key_length, | ||
| 365 | TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE, | 369 | TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE, |
| 366 | s->s3->server_random, SSL3_RANDOM_SIZE, | 370 | s->s3->server_random, SSL3_RANDOM_SIZE, |
| 367 | s->s3->client_random, SSL3_RANDOM_SIZE, | 371 | s->s3->client_random, SSL3_RANDOM_SIZE, |
| 368 | NULL, 0, NULL, 0, | 372 | NULL, 0, NULL, 0, km, num); |
| 369 | s->session->master_key, s->session->master_key_length, | ||
| 370 | km, num); | ||
| 371 | } | 373 | } |
| 372 | 374 | ||
| 373 | /* | 375 | /* |
| @@ -1020,19 +1022,19 @@ tls1_enc(SSL *s, int send) | |||
| 1020 | } | 1022 | } |
| 1021 | 1023 | ||
| 1022 | int | 1024 | int |
| 1023 | tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out) | 1025 | tls1_final_finish_mac(SSL *s, const char *str, int str_len, unsigned char *out) |
| 1024 | { | 1026 | { |
| 1025 | unsigned char buf1[EVP_MAX_MD_SIZE]; | 1027 | unsigned char buf[EVP_MAX_MD_SIZE]; |
| 1026 | size_t hlen; | 1028 | size_t hash_len; |
| 1027 | 1029 | ||
| 1028 | if (!tls1_handshake_hash_value(s, buf1, sizeof(buf1), &hlen)) | 1030 | if (str_len < 0) |
| 1029 | return 0; | 1031 | return 0; |
| 1030 | 1032 | ||
| 1031 | if (hlen > INT_MAX) | 1033 | if (!tls1_handshake_hash_value(s, buf, sizeof(buf), &hash_len)) |
| 1032 | return 0; | 1034 | return 0; |
| 1033 | 1035 | ||
| 1034 | if (!tls1_PRF(s, str, slen, buf1, hlen, NULL, 0, NULL, 0, NULL, 0, | 1036 | if (!tls1_PRF(s, s->session->master_key, s->session->master_key_length, |
| 1035 | s->session->master_key, s->session->master_key_length, | 1037 | str, str_len, buf, hash_len, NULL, 0, NULL, 0, NULL, 0, |
| 1036 | out, TLS1_FINISH_MAC_LENGTH)) | 1038 | out, TLS1_FINISH_MAC_LENGTH)) |
| 1037 | return 0; | 1039 | return 0; |
| 1038 | 1040 | ||
| @@ -1125,12 +1127,15 @@ int | |||
| 1125 | tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, | 1127 | tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, |
| 1126 | int len) | 1128 | int len) |
| 1127 | { | 1129 | { |
| 1130 | if (len < 0) | ||
| 1131 | return 0; | ||
| 1132 | |||
| 1128 | /* XXX - check return value. */ | 1133 | /* XXX - check return value. */ |
| 1129 | tls1_PRF(s, | 1134 | tls1_PRF(s, p, len, |
| 1130 | TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE, | 1135 | TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE, |
| 1131 | s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0, | 1136 | s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0, |
| 1132 | s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0, | 1137 | s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0, |
| 1133 | p, len, s->session->master_key, SSL_MAX_MASTER_KEY_LENGTH); | 1138 | s->session->master_key, SSL_MAX_MASTER_KEY_LENGTH); |
| 1134 | 1139 | ||
| 1135 | return (SSL_MAX_MASTER_KEY_LENGTH); | 1140 | return (SSL_MAX_MASTER_KEY_LENGTH); |
| 1136 | } | 1141 | } |
| @@ -1193,9 +1198,8 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, | |||
| 1193 | TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) | 1198 | TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) |
| 1194 | goto err1; | 1199 | goto err1; |
| 1195 | 1200 | ||
| 1196 | rv = tls1_PRF(s, val, vallen, NULL, 0, NULL, 0, NULL, 0, NULL, 0, | 1201 | rv = tls1_PRF(s, s->session->master_key, s->session->master_key_length, |
| 1197 | s->session->master_key, s->session->master_key_length, | 1202 | val, vallen, NULL, 0, NULL, 0, NULL, 0, NULL, 0, out, olen); |
| 1198 | out, olen); | ||
| 1199 | 1203 | ||
| 1200 | goto ret; | 1204 | goto ret; |
| 1201 | err1: | 1205 | err1: |