Convert ssl3_send_client_kex_ecdhe() to CBB. Also check the return value of

the EC_POINT_point2oct() calls. Feedback from and ok doug@
author: jsing <> 2016-12-13 13:56:15 +0000
committer: jsing <> 2016-12-13 13:56:15 +0000
commit: 4be3c7bb0b60a3aeb42d3c810b2c253f94d17dfc (patch)
tree: 53dd2acd0421becf99721eb70ca8a49c63c5b294 /src
parent: a13fc188fa0f2d55808e0fb7154aafab89156c90 (diff)
download: openbsd-4be3c7bb0b60a3aeb42d3c810b2c253f94d17dfc.tar.gz
openbsd-4be3c7bb0b60a3aeb42d3c810b2c253f94d17dfc.tar.bz2
openbsd-4be3c7bb0b60a3aeb42d3c810b2c253f94d17dfc.zip
1 files changed, 35 insertions, 34 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 136bd4c6b4..7549dd6f87 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.152 2016/12/07 13:40:17 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.153 2016/12/13 13:56:15 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2002,18 +2002,18 @@ err:
 }
 static int
-ssl3_send_client_kex_ecdhe(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
+ssl3_send_client_kex_ecdhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
-    int *outlen)
 {
        EC_KEY *clnt_ecdh = NULL;
        const EC_GROUP *srvr_group = NULL;
        const EC_POINT *srvr_ecpoint = NULL;
        BN_CTX *bn_ctx = NULL;
-        unsigned char *encodedPoint = NULL;
        unsigned char *key = NULL;
-        int encoded_pt_len = 0;
+        unsigned char *data;
-        int key_size, n;
+        size_t encoded_len;
+        int key_size, key_len;
        int ret = -1;
+        CBB ecpoint;
        if (sess_cert->peer_ecdh_tmp == NULL) {
                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
@@ -2056,8 +2056,8 @@ ssl3_send_client_kex_ecdhe(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
                    ERR_R_MALLOC_FAILURE);
        }
-        n = ECDH_compute_key(key, key_size, srvr_ecpoint, clnt_ecdh, NULL);
+        key_len = ECDH_compute_key(key, key_size, srvr_ecpoint, clnt_ecdh, NULL);
-        if (n <= 0) {
+        if (key_len <= 0) {
                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
                goto err;
        }
@@ -2065,47 +2065,42 @@ ssl3_send_client_kex_ecdhe(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
        /* Generate master key from the result. */
        s->session->master_key_length =
            s->method->ssl3_enc->generate_master_secret(s,
-                s->session->master_key, key, n);
+                s->session->master_key, key, key_len);
-        /*
+        encoded_len = EC_POINT_point2oct(srvr_group,
-         * First check the size of encoding and allocate memory accordingly.
-         */
-        encoded_pt_len = EC_POINT_point2oct(srvr_group,
            EC_KEY_get0_public_key(clnt_ecdh),
            POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
+        if (encoded_len == 0) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+                goto err;
+        }
-        bn_ctx = BN_CTX_new();
+        if ((bn_ctx = BN_CTX_new()) == NULL) {
-        encodedPoint = malloc(encoded_pt_len);
-        if (encodedPoint == NULL || bn_ctx == NULL) {
                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
                    ERR_R_MALLOC_FAILURE);
                goto err;
        }
-        /* Encode the public key */
+        /* Encode the public key. */
-        n = EC_POINT_point2oct(srvr_group, EC_KEY_get0_public_key(clnt_ecdh),
+        if (!CBB_add_u8_length_prefixed(cbb, &ecpoint))
-            POINT_CONVERSION_UNCOMPRESSED, encodedPoint, encoded_pt_len,
+                goto err;
-            bn_ctx);
+        if (!CBB_add_space(&ecpoint, &data, encoded_len))
+                goto err;
-        *p = n; /* length of encoded point */
+        if (EC_POINT_point2oct(srvr_group, EC_KEY_get0_public_key(clnt_ecdh),
-        /* Encoded point will be copied here */
+            POINT_CONVERSION_UNCOMPRESSED, data, encoded_len,
-        p += 1;
+            bn_ctx) == 0)
+                goto err;
-        /* copy the point */
+        if (!CBB_flush(cbb))
-        memcpy((unsigned char *)p, encodedPoint, n);
+                goto err;
-        /* increment n to account for length field */
-        n += 1;
-        *outlen = n;
        ret = 1;
-err:
+ err:
        if (key != NULL)
                explicit_bzero(key, key_size);
        free(key);
        BN_CTX_free(bn_ctx);
-        free(encodedPoint);
        EC_KEY_free(clnt_ecdh);
        return (ret);
@@ -2276,9 +2271,15 @@ ssl3_send_client_key_exchange(SSL *s)
                                goto err;
                        n = (int)outlen;
                } else if (alg_k & SSL_kECDHE) {
-                        if (ssl3_send_client_kex_ecdhe(s, sess_cert, p,
+                        if (!CBB_init_fixed(&cbb, p, bufend - p))
-                            &n) != 1)
                                goto err;
+                        if (ssl3_send_client_kex_ecdhe(s, sess_cert, &cbb) != 1)
+                                goto err;
+                        if (!CBB_finish(&cbb, NULL, &outlen))
+                                goto err;
+                        if (outlen > INT_MAX)
+                                goto err;
+                        n = (int)outlen;
                } else if (alg_k & SSL_kGOST) {
                        if (ssl3_send_client_kex_gost(s, sess_cert, p, &n) != 1)
                                goto err;
author	jsing <>	2016-12-13 13:56:15 +0000
committer	jsing <>	2016-12-13 13:56:15 +0000
commit	4be3c7bb0b60a3aeb42d3c810b2c253f94d17dfc (patch)
tree	53dd2acd0421becf99721eb70ca8a49c63c5b294 /src
parent	a13fc188fa0f2d55808e0fb7154aafab89156c90 (diff)
download	openbsd-4be3c7bb0b60a3aeb42d3c810b2c253f94d17dfc.tar.gz openbsd-4be3c7bb0b60a3aeb42d3c810b2c253f94d17dfc.tar.bz2 openbsd-4be3c7bb0b60a3aeb42d3c810b2c253f94d17dfc.zip

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 136bd4c6b4..7549dd6f87 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_clnt.c,v 1.152 2016/12/07 13:40:17 jsing Exp $ */	1	/* $OpenBSD: s3_clnt.c,v 1.153 2016/12/13 13:56:15 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2002,18 +2002,18 @@ err:
2002	}	2002	}
2003		2003
2004	static int	2004	static int
2005	ssl3_send_client_kex_ecdhe(SSL s, SESS_CERT sess_cert, unsigned char *p,	2005	ssl3_send_client_kex_ecdhe(SSL s, SESS_CERT sess_cert, CBB *cbb)
2006	int *outlen)
2007	{	2006	{
2008	EC_KEY *clnt_ecdh = NULL;	2007	EC_KEY *clnt_ecdh = NULL;
2009	const EC_GROUP *srvr_group = NULL;	2008	const EC_GROUP *srvr_group = NULL;
2010	const EC_POINT *srvr_ecpoint = NULL;	2009	const EC_POINT *srvr_ecpoint = NULL;
2011	BN_CTX *bn_ctx = NULL;	2010	BN_CTX *bn_ctx = NULL;
2012	unsigned char *encodedPoint = NULL;
2013	unsigned char *key = NULL;	2011	unsigned char *key = NULL;
2014	int encoded_pt_len = 0;	2012	unsigned char *data;
2015	int key_size, n;	2013	size_t encoded_len;
		2014	int key_size, key_len;
2016	int ret = -1;	2015	int ret = -1;
		2016	CBB ecpoint;
2017		2017
2018	if (sess_cert->peer_ecdh_tmp == NULL) {	2018	if (sess_cert->peer_ecdh_tmp == NULL) {
2019	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);	2019	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
@@ -2056,8 +2056,8 @@ ssl3_send_client_kex_ecdhe(SSL s, SESS_CERT sess_cert, unsigned char *p,
2056	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,	2056	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2057	ERR_R_MALLOC_FAILURE);	2057	ERR_R_MALLOC_FAILURE);
2058	}	2058	}
2059	n = ECDH_compute_key(key, key_size, srvr_ecpoint, clnt_ecdh, NULL);	2059	key_len = ECDH_compute_key(key, key_size, srvr_ecpoint, clnt_ecdh, NULL);
2060	if (n <= 0) {	2060	if (key_len <= 0) {
2061	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);	2061	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
2062	goto err;	2062	goto err;
2063	}	2063	}
@@ -2065,47 +2065,42 @@ ssl3_send_client_kex_ecdhe(SSL s, SESS_CERT sess_cert, unsigned char *p,
2065	/* Generate master key from the result. */	2065	/* Generate master key from the result. */
2066	s->session->master_key_length =	2066	s->session->master_key_length =
2067	s->method->ssl3_enc->generate_master_secret(s,	2067	s->method->ssl3_enc->generate_master_secret(s,
2068	s->session->master_key, key, n);	2068	s->session->master_key, key, key_len);
2069		2069
2070	/*	2070	encoded_len = EC_POINT_point2oct(srvr_group,
2071	* First check the size of encoding and allocate memory accordingly.
2072	*/
2073	encoded_pt_len = EC_POINT_point2oct(srvr_group,
2074	EC_KEY_get0_public_key(clnt_ecdh),	2071	EC_KEY_get0_public_key(clnt_ecdh),
2075	POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);	2072	POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
		2073	if (encoded_len == 0) {
		2074	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
		2075	goto err;
		2076	}
2076		2077
2077	bn_ctx = BN_CTX_new();	2078	if ((bn_ctx = BN_CTX_new()) == NULL) {
2078	encodedPoint = malloc(encoded_pt_len);
2079	if (encodedPoint == NULL \|\| bn_ctx == NULL) {
2080	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,	2079	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2081	ERR_R_MALLOC_FAILURE);	2080	ERR_R_MALLOC_FAILURE);
2082	goto err;	2081	goto err;
2083	}	2082	}
2084		2083
2085	/* Encode the public key */	2084	/* Encode the public key. */
2086	n = EC_POINT_point2oct(srvr_group, EC_KEY_get0_public_key(clnt_ecdh),	2085	if (!CBB_add_u8_length_prefixed(cbb, &ecpoint))
2087	POINT_CONVERSION_UNCOMPRESSED, encodedPoint, encoded_pt_len,	2086	goto err;
2088	bn_ctx);	2087	if (!CBB_add_space(&ecpoint, &data, encoded_len))
2089		2088	goto err;
2090	p = n; / length of encoded point */	2089	if (EC_POINT_point2oct(srvr_group, EC_KEY_get0_public_key(clnt_ecdh),
2091	/* Encoded point will be copied here */	2090	POINT_CONVERSION_UNCOMPRESSED, data, encoded_len,
2092	p += 1;	2091	bn_ctx) == 0)
2093		2092	goto err;
2094	/* copy the point */	2093	if (!CBB_flush(cbb))
2095	memcpy((unsigned char *)p, encodedPoint, n);	2094	goto err;
2096	/* increment n to account for length field */
2097	n += 1;
2098		2095
2099	*outlen = n;
2100	ret = 1;	2096	ret = 1;
2101		2097
2102	err:	2098	err:
2103	if (key != NULL)	2099	if (key != NULL)
2104	explicit_bzero(key, key_size);	2100	explicit_bzero(key, key_size);
2105	free(key);	2101	free(key);
2106		2102
2107	BN_CTX_free(bn_ctx);	2103	BN_CTX_free(bn_ctx);
2108	free(encodedPoint);
2109	EC_KEY_free(clnt_ecdh);	2104	EC_KEY_free(clnt_ecdh);
2110		2105
2111	return (ret);	2106	return (ret);
@@ -2276,9 +2271,15 @@ ssl3_send_client_key_exchange(SSL *s)
2276	goto err;	2271	goto err;
2277	n = (int)outlen;	2272	n = (int)outlen;
2278	} else if (alg_k & SSL_kECDHE) {	2273	} else if (alg_k & SSL_kECDHE) {
2279	if (ssl3_send_client_kex_ecdhe(s, sess_cert, p,	2274	if (!CBB_init_fixed(&cbb, p, bufend - p))
2280	&n) != 1)
2281	goto err;	2275	goto err;
		2276	if (ssl3_send_client_kex_ecdhe(s, sess_cert, &cbb) != 1)
		2277	goto err;
		2278	if (!CBB_finish(&cbb, NULL, &outlen))
		2279	goto err;
		2280	if (outlen > INT_MAX)
		2281	goto err;
		2282	n = (int)outlen;
2282	} else if (alg_k & SSL_kGOST) {	2283	} else if (alg_k & SSL_kGOST) {
2283	if (ssl3_send_client_kex_gost(s, sess_cert, p, &n) != 1)	2284	if (ssl3_send_client_kex_gost(s, sess_cert, p, &n) != 1)
2284	goto err;	2285	goto err;