Clean up server key exchange EC point handling. Encode the point directly

into the CBB memory, rather than mallocing and memcpying, which also makes makes the code more consistent with the client. Add a missing check for the first EC_POINT_point2oct() call. ok beck@
author: jsing <> 2017-04-14 15:19:39 +0000
committer: jsing <> 2017-04-14 15:19:39 +0000
commit: 7d63fd9b3176841577520a8b8499b6331562607f (patch)
tree: 80b771411162a0043354dd5e0ddbc9033d2158aa /src/lib
parent: c8e0fc6335c50b963cf789e50fa6dd954ee974b0 (diff)
download: openbsd-7d63fd9b3176841577520a8b8499b6331562607f.tar.gz
openbsd-7d63fd9b3176841577520a8b8499b6331562607f.tar.bz2
openbsd-7d63fd9b3176841577520a8b8499b6331562607f.zip
1 files changed, 15 insertions, 27 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index d98a76f8f0..aae7275998 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.11 2017/03/10 16:03:27 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.12 2017/04/14 15:19:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1271,8 +1271,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
        unsigned char *data;
        EC_KEY *ecdh = NULL, *ecdhp;
        const EC_GROUP *group;
-        unsigned char *encodedPoint = NULL;
+        int encoded_len = 0;
-        int encodedlen = 0;
        int curve_id = 0;
        BN_CTX *bn_ctx = NULL;
        int al;
@@ -1335,28 +1334,17 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
         * Encode the public key. First check the size of encoding and
         * allocate memory accordingly.
         */
-        encodedlen = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),
+        encoded_len = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),
            POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
+        if (encoded_len == 0) {
-        encodedPoint = malloc(encodedlen);
+                SSLerror(s, ERR_R_ECDH_LIB);
-        bn_ctx = BN_CTX_new();
-        if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
                goto err;
        }
+        if ((bn_ctx = BN_CTX_new()) == NULL) {
-        encodedlen = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),
+                SSLerror(s, ERR_R_MALLOC_FAILURE);
-            POINT_CONVERSION_UNCOMPRESSED, encodedPoint, encodedlen, bn_ctx);
-        if (encodedlen == 0) {
-                SSLerror(s, ERR_R_ECDH_LIB);
                goto err;
        }
-        BN_CTX_free(bn_ctx);
-        bn_ctx = NULL;
        /*
         * Only named curves are supported in ECDH ephemeral key exchanges.
         * In this case the ServerKeyExchange message has:
@@ -1370,23 +1358,23 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
                goto err;
        if (!CBB_add_u8_length_prefixed(cbb, &ecpoint))
                goto err;
-        if (!CBB_add_space(&ecpoint, &data, encodedlen))
+        if (!CBB_add_space(&ecpoint, &data, encoded_len))
                goto err;
+        if (EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),
-        memcpy(data, encodedPoint, encodedlen);
+            POINT_CONVERSION_UNCOMPRESSED, data, encoded_len, bn_ctx) == 0) {
+                SSLerror(s, ERR_R_ECDH_LIB);
-        free(encodedPoint);
+                goto err;
-        encodedPoint = NULL;
+        }
        if (!CBB_flush(cbb))
                goto err;
+        BN_CTX_free(bn_ctx);
        return (1);
        
 f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
 err:
-        free(encodedPoint);
        BN_CTX_free(bn_ctx);
        return (-1);
author	jsing <>	2017-04-14 15:19:39 +0000
committer	jsing <>	2017-04-14 15:19:39 +0000
commit	7d63fd9b3176841577520a8b8499b6331562607f (patch)
tree	80b771411162a0043354dd5e0ddbc9033d2158aa /src/lib
parent	c8e0fc6335c50b963cf789e50fa6dd954ee974b0 (diff)
download	openbsd-7d63fd9b3176841577520a8b8499b6331562607f.tar.gz openbsd-7d63fd9b3176841577520a8b8499b6331562607f.tar.bz2 openbsd-7d63fd9b3176841577520a8b8499b6331562607f.zip

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index d98a76f8f0..aae7275998 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.11 2017/03/10 16:03:27 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.12 2017/04/14 15:19:39 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1271,8 +1271,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL s, int nid, CBB cbb)
1271	unsigned char *data;	1271	unsigned char *data;
1272	EC_KEY ecdh = NULL, ecdhp;	1272	EC_KEY ecdh = NULL, ecdhp;
1273	const EC_GROUP *group;	1273	const EC_GROUP *group;
1274	unsigned char *encodedPoint = NULL;	1274	int encoded_len = 0;
1275	int encodedlen = 0;
1276	int curve_id = 0;	1275	int curve_id = 0;
1277	BN_CTX *bn_ctx = NULL;	1276	BN_CTX *bn_ctx = NULL;
1278	int al;	1277	int al;
@@ -1335,28 +1334,17 @@ ssl3_send_server_kex_ecdhe_ecp(SSL s, int nid, CBB cbb)
1335	* Encode the public key. First check the size of encoding and	1334	* Encode the public key. First check the size of encoding and
1336	* allocate memory accordingly.	1335	* allocate memory accordingly.
1337	*/	1336	*/
1338	encodedlen = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),	1337	encoded_len = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),
1339	POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);	1338	POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
1340		1339	if (encoded_len == 0) {
1341	encodedPoint = malloc(encodedlen);	1340	SSLerror(s, ERR_R_ECDH_LIB);
1342
1343	bn_ctx = BN_CTX_new();
1344	if ((encodedPoint == NULL) \|\| (bn_ctx == NULL)) {
1345	SSLerror(s, ERR_R_MALLOC_FAILURE);
1346	goto err;	1341	goto err;
1347	}	1342	}
1348		1343	if ((bn_ctx = BN_CTX_new()) == NULL) {
1349	encodedlen = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),	1344	SSLerror(s, ERR_R_MALLOC_FAILURE);
1350	POINT_CONVERSION_UNCOMPRESSED, encodedPoint, encodedlen, bn_ctx);
1351
1352	if (encodedlen == 0) {
1353	SSLerror(s, ERR_R_ECDH_LIB);
1354	goto err;	1345	goto err;
1355	}	1346	}
1356		1347
1357	BN_CTX_free(bn_ctx);
1358	bn_ctx = NULL;
1359
1360	/*	1348	/*
1361	* Only named curves are supported in ECDH ephemeral key exchanges.	1349	* Only named curves are supported in ECDH ephemeral key exchanges.
1362	* In this case the ServerKeyExchange message has:	1350	* In this case the ServerKeyExchange message has:
@@ -1370,23 +1358,23 @@ ssl3_send_server_kex_ecdhe_ecp(SSL s, int nid, CBB cbb)
1370	goto err;	1358	goto err;
1371	if (!CBB_add_u8_length_prefixed(cbb, &ecpoint))	1359	if (!CBB_add_u8_length_prefixed(cbb, &ecpoint))
1372	goto err;	1360	goto err;
1373	if (!CBB_add_space(&ecpoint, &data, encodedlen))	1361	if (!CBB_add_space(&ecpoint, &data, encoded_len))
1374	goto err;	1362	goto err;
1375		1363	if (EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),
1376	memcpy(data, encodedPoint, encodedlen);	1364	POINT_CONVERSION_UNCOMPRESSED, data, encoded_len, bn_ctx) == 0) {
1377		1365	SSLerror(s, ERR_R_ECDH_LIB);
1378	free(encodedPoint);	1366	goto err;
1379	encodedPoint = NULL;	1367	}
1380
1381	if (!CBB_flush(cbb))	1368	if (!CBB_flush(cbb))
1382	goto err;	1369	goto err;
1383		1370
		1371	BN_CTX_free(bn_ctx);
		1372
1384	return (1);	1373	return (1);
1385		1374
1386	f_err:	1375	f_err:
1387	ssl3_send_alert(s, SSL3_AL_FATAL, al);	1376	ssl3_send_alert(s, SSL3_AL_FATAL, al);
1388	err:	1377	err:
1389	free(encodedPoint);
1390	BN_CTX_free(bn_ctx);	1378	BN_CTX_free(bn_ctx);
1391		1379
1392	return (-1);	1380	return (-1);