diff options
| author | tb <> | 2021-12-09 17:50:48 +0000 |
|---|---|---|
| committer | tb <> | 2021-12-09 17:50:48 +0000 |
| commit | c3858ce7e20f4246cf6072ee57ffa016a6f8927c (patch) | |
| tree | b4208b3a9dd15bb6a2764ec222025865a05dafc6 /src | |
| parent | 7f76eb8796847dbd2050d240c944670b9a00e1c0 (diff) | |
| download | openbsd-c3858ce7e20f4246cf6072ee57ffa016a6f8927c.tar.gz openbsd-c3858ce7e20f4246cf6072ee57ffa016a6f8927c.tar.bz2 openbsd-c3858ce7e20f4246cf6072ee57ffa016a6f8927c.zip | |
Convert ssl_clnt.c to opaque EVP_MD_CTX
ok inoguchi jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 55 |
1 files changed, 29 insertions, 26 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index a3c78096f7..1242796f58 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.122 2021/12/04 13:50:35 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.123 2021/12/09 17:50:48 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1407,14 +1407,12 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1407 | { | 1407 | { |
| 1408 | CBS cbs, signature; | 1408 | CBS cbs, signature; |
| 1409 | EVP_PKEY *pkey = NULL; | 1409 | EVP_PKEY *pkey = NULL; |
| 1410 | EVP_MD_CTX md_ctx; | 1410 | EVP_MD_CTX *md_ctx; |
| 1411 | const unsigned char *param; | 1411 | const unsigned char *param; |
| 1412 | size_t param_len; | 1412 | size_t param_len; |
| 1413 | long alg_k, alg_a; | 1413 | long alg_k, alg_a; |
| 1414 | int al, ret; | 1414 | int al, ret; |
| 1415 | 1415 | ||
| 1416 | EVP_MD_CTX_init(&md_ctx); | ||
| 1417 | |||
| 1418 | alg_k = S3I(s)->hs.cipher->algorithm_mkey; | 1416 | alg_k = S3I(s)->hs.cipher->algorithm_mkey; |
| 1419 | alg_a = S3I(s)->hs.cipher->algorithm_auth; | 1417 | alg_a = S3I(s)->hs.cipher->algorithm_auth; |
| 1420 | 1418 | ||
| @@ -1426,6 +1424,9 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1426 | SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list)) <= 0) | 1424 | SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list)) <= 0) |
| 1427 | return ret; | 1425 | return ret; |
| 1428 | 1426 | ||
| 1427 | if ((md_ctx = EVP_MD_CTX_new()) == NULL) | ||
| 1428 | goto err; | ||
| 1429 | |||
| 1429 | if (s->internal->init_num < 0) | 1430 | if (s->internal->init_num < 0) |
| 1430 | goto err; | 1431 | goto err; |
| 1431 | 1432 | ||
| @@ -1443,7 +1444,7 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1443 | } | 1444 | } |
| 1444 | 1445 | ||
| 1445 | S3I(s)->hs.tls12.reuse_message = 1; | 1446 | S3I(s)->hs.tls12.reuse_message = 1; |
| 1446 | EVP_MD_CTX_cleanup(&md_ctx); | 1447 | EVP_MD_CTX_free(md_ctx); |
| 1447 | return (1); | 1448 | return (1); |
| 1448 | } | 1449 | } |
| 1449 | 1450 | ||
| @@ -1504,10 +1505,10 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1504 | } | 1505 | } |
| 1505 | S3I(s)->hs.peer_sigalg = sigalg; | 1506 | S3I(s)->hs.peer_sigalg = sigalg; |
| 1506 | 1507 | ||
| 1507 | if (!EVP_DigestVerifyInit(&md_ctx, &pctx, sigalg->md(), | 1508 | if (!EVP_DigestVerifyInit(md_ctx, &pctx, sigalg->md(), |
| 1508 | NULL, pkey)) | 1509 | NULL, pkey)) |
| 1509 | goto err; | 1510 | goto err; |
| 1510 | if (!EVP_DigestVerifyUpdate(&md_ctx, s->s3->client_random, | 1511 | if (!EVP_DigestVerifyUpdate(md_ctx, s->s3->client_random, |
| 1511 | SSL3_RANDOM_SIZE)) | 1512 | SSL3_RANDOM_SIZE)) |
| 1512 | goto err; | 1513 | goto err; |
| 1513 | if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && | 1514 | if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && |
| @@ -1515,12 +1516,12 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1515 | RSA_PKCS1_PSS_PADDING) || | 1516 | RSA_PKCS1_PSS_PADDING) || |
| 1516 | !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) | 1517 | !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) |
| 1517 | goto err; | 1518 | goto err; |
| 1518 | if (!EVP_DigestVerifyUpdate(&md_ctx, s->s3->server_random, | 1519 | if (!EVP_DigestVerifyUpdate(md_ctx, s->s3->server_random, |
| 1519 | SSL3_RANDOM_SIZE)) | 1520 | SSL3_RANDOM_SIZE)) |
| 1520 | goto err; | 1521 | goto err; |
| 1521 | if (!EVP_DigestVerifyUpdate(&md_ctx, param, param_len)) | 1522 | if (!EVP_DigestVerifyUpdate(md_ctx, param, param_len)) |
| 1522 | goto err; | 1523 | goto err; |
| 1523 | if (EVP_DigestVerifyFinal(&md_ctx, CBS_data(&signature), | 1524 | if (EVP_DigestVerifyFinal(md_ctx, CBS_data(&signature), |
| 1524 | CBS_len(&signature)) <= 0) { | 1525 | CBS_len(&signature)) <= 0) { |
| 1525 | al = SSL_AD_DECRYPT_ERROR; | 1526 | al = SSL_AD_DECRYPT_ERROR; |
| 1526 | SSLerror(s, SSL_R_BAD_SIGNATURE); | 1527 | SSLerror(s, SSL_R_BAD_SIGNATURE); |
| @@ -1541,7 +1542,7 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1541 | } | 1542 | } |
| 1542 | 1543 | ||
| 1543 | EVP_PKEY_free(pkey); | 1544 | EVP_PKEY_free(pkey); |
| 1544 | EVP_MD_CTX_cleanup(&md_ctx); | 1545 | EVP_MD_CTX_free(md_ctx); |
| 1545 | 1546 | ||
| 1546 | return (1); | 1547 | return (1); |
| 1547 | 1548 | ||
| @@ -1554,7 +1555,7 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1554 | 1555 | ||
| 1555 | err: | 1556 | err: |
| 1556 | EVP_PKEY_free(pkey); | 1557 | EVP_PKEY_free(pkey); |
| 1557 | EVP_MD_CTX_cleanup(&md_ctx); | 1558 | EVP_MD_CTX_free(md_ctx); |
| 1558 | 1559 | ||
| 1559 | return (-1); | 1560 | return (-1); |
| 1560 | } | 1561 | } |
| @@ -2277,19 +2278,20 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey, | |||
| 2277 | { | 2278 | { |
| 2278 | CBB cbb_signature; | 2279 | CBB cbb_signature; |
| 2279 | EVP_PKEY_CTX *pctx = NULL; | 2280 | EVP_PKEY_CTX *pctx = NULL; |
| 2280 | EVP_MD_CTX mctx; | 2281 | EVP_MD_CTX *mctx = NULL; |
| 2281 | const unsigned char *hdata; | 2282 | const unsigned char *hdata; |
| 2282 | unsigned char *signature = NULL; | 2283 | unsigned char *signature = NULL; |
| 2283 | size_t signature_len, hdata_len; | 2284 | size_t signature_len, hdata_len; |
| 2284 | int ret = 0; | 2285 | int ret = 0; |
| 2285 | 2286 | ||
| 2286 | EVP_MD_CTX_init(&mctx); | 2287 | if ((mctx = EVP_MD_CTX_new()) == NULL) |
| 2288 | goto err; | ||
| 2287 | 2289 | ||
| 2288 | if (!tls1_transcript_data(s, &hdata, &hdata_len)) { | 2290 | if (!tls1_transcript_data(s, &hdata, &hdata_len)) { |
| 2289 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 2291 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 2290 | goto err; | 2292 | goto err; |
| 2291 | } | 2293 | } |
| 2292 | if (!EVP_DigestSignInit(&mctx, &pctx, sigalg->md(), NULL, pkey)) { | 2294 | if (!EVP_DigestSignInit(mctx, &pctx, sigalg->md(), NULL, pkey)) { |
| 2293 | SSLerror(s, ERR_R_EVP_LIB); | 2295 | SSLerror(s, ERR_R_EVP_LIB); |
| 2294 | goto err; | 2296 | goto err; |
| 2295 | } | 2297 | } |
| @@ -2305,11 +2307,11 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey, | |||
| 2305 | SSLerror(s, ERR_R_EVP_LIB); | 2307 | SSLerror(s, ERR_R_EVP_LIB); |
| 2306 | goto err; | 2308 | goto err; |
| 2307 | } | 2309 | } |
| 2308 | if (!EVP_DigestSignUpdate(&mctx, hdata, hdata_len)) { | 2310 | if (!EVP_DigestSignUpdate(mctx, hdata, hdata_len)) { |
| 2309 | SSLerror(s, ERR_R_EVP_LIB); | 2311 | SSLerror(s, ERR_R_EVP_LIB); |
| 2310 | goto err; | 2312 | goto err; |
| 2311 | } | 2313 | } |
| 2312 | if (!EVP_DigestSignFinal(&mctx, NULL, &signature_len) || | 2314 | if (!EVP_DigestSignFinal(mctx, NULL, &signature_len) || |
| 2313 | signature_len == 0) { | 2315 | signature_len == 0) { |
| 2314 | SSLerror(s, ERR_R_EVP_LIB); | 2316 | SSLerror(s, ERR_R_EVP_LIB); |
| 2315 | goto err; | 2317 | goto err; |
| @@ -2318,7 +2320,7 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey, | |||
| 2318 | SSLerror(s, ERR_R_MALLOC_FAILURE); | 2320 | SSLerror(s, ERR_R_MALLOC_FAILURE); |
| 2319 | goto err; | 2321 | goto err; |
| 2320 | } | 2322 | } |
| 2321 | if (!EVP_DigestSignFinal(&mctx, signature, &signature_len)) { | 2323 | if (!EVP_DigestSignFinal(mctx, signature, &signature_len)) { |
| 2322 | SSLerror(s, ERR_R_EVP_LIB); | 2324 | SSLerror(s, ERR_R_EVP_LIB); |
| 2323 | goto err; | 2325 | goto err; |
| 2324 | } | 2326 | } |
| @@ -2335,7 +2337,7 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey, | |||
| 2335 | ret = 1; | 2337 | ret = 1; |
| 2336 | 2338 | ||
| 2337 | err: | 2339 | err: |
| 2338 | EVP_MD_CTX_cleanup(&mctx); | 2340 | EVP_MD_CTX_free(mctx); |
| 2339 | free(signature); | 2341 | free(signature); |
| 2340 | return ret; | 2342 | return ret; |
| 2341 | } | 2343 | } |
| @@ -2416,7 +2418,7 @@ static int | |||
| 2416 | ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) | 2418 | ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) |
| 2417 | { | 2419 | { |
| 2418 | CBB cbb_signature; | 2420 | CBB cbb_signature; |
| 2419 | EVP_MD_CTX mctx; | 2421 | EVP_MD_CTX *mctx; |
| 2420 | EVP_PKEY_CTX *pctx; | 2422 | EVP_PKEY_CTX *pctx; |
| 2421 | const EVP_MD *md; | 2423 | const EVP_MD *md; |
| 2422 | const unsigned char *hdata; | 2424 | const unsigned char *hdata; |
| @@ -2426,7 +2428,8 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) | |||
| 2426 | int nid; | 2428 | int nid; |
| 2427 | int ret = 0; | 2429 | int ret = 0; |
| 2428 | 2430 | ||
| 2429 | EVP_MD_CTX_init(&mctx); | 2431 | if ((mctx = EVP_MD_CTX_new()) == NULL) |
| 2432 | goto err; | ||
| 2430 | 2433 | ||
| 2431 | if (!tls1_transcript_data(s, &hdata, &hdata_len)) { | 2434 | if (!tls1_transcript_data(s, &hdata, &hdata_len)) { |
| 2432 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 2435 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| @@ -2437,7 +2440,7 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) | |||
| 2437 | SSLerror(s, ERR_R_EVP_LIB); | 2440 | SSLerror(s, ERR_R_EVP_LIB); |
| 2438 | goto err; | 2441 | goto err; |
| 2439 | } | 2442 | } |
| 2440 | if (!EVP_DigestSignInit(&mctx, &pctx, md, NULL, pkey)) { | 2443 | if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, pkey)) { |
| 2441 | SSLerror(s, ERR_R_EVP_LIB); | 2444 | SSLerror(s, ERR_R_EVP_LIB); |
| 2442 | goto err; | 2445 | goto err; |
| 2443 | } | 2446 | } |
| @@ -2446,11 +2449,11 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) | |||
| 2446 | SSLerror(s, ERR_R_EVP_LIB); | 2449 | SSLerror(s, ERR_R_EVP_LIB); |
| 2447 | goto err; | 2450 | goto err; |
| 2448 | } | 2451 | } |
| 2449 | if (!EVP_DigestSignUpdate(&mctx, hdata, hdata_len)) { | 2452 | if (!EVP_DigestSignUpdate(mctx, hdata, hdata_len)) { |
| 2450 | SSLerror(s, ERR_R_EVP_LIB); | 2453 | SSLerror(s, ERR_R_EVP_LIB); |
| 2451 | goto err; | 2454 | goto err; |
| 2452 | } | 2455 | } |
| 2453 | if (!EVP_DigestSignFinal(&mctx, NULL, &signature_len) || | 2456 | if (!EVP_DigestSignFinal(mctx, NULL, &signature_len) || |
| 2454 | signature_len == 0) { | 2457 | signature_len == 0) { |
| 2455 | SSLerror(s, ERR_R_EVP_LIB); | 2458 | SSLerror(s, ERR_R_EVP_LIB); |
| 2456 | goto err; | 2459 | goto err; |
| @@ -2459,7 +2462,7 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) | |||
| 2459 | SSLerror(s, ERR_R_MALLOC_FAILURE); | 2462 | SSLerror(s, ERR_R_MALLOC_FAILURE); |
| 2460 | goto err; | 2463 | goto err; |
| 2461 | } | 2464 | } |
| 2462 | if (!EVP_DigestSignFinal(&mctx, signature, &signature_len)) { | 2465 | if (!EVP_DigestSignFinal(mctx, signature, &signature_len)) { |
| 2463 | SSLerror(s, ERR_R_EVP_LIB); | 2466 | SSLerror(s, ERR_R_EVP_LIB); |
| 2464 | goto err; | 2467 | goto err; |
| 2465 | } | 2468 | } |
| @@ -2473,7 +2476,7 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) | |||
| 2473 | 2476 | ||
| 2474 | ret = 1; | 2477 | ret = 1; |
| 2475 | err: | 2478 | err: |
| 2476 | EVP_MD_CTX_cleanup(&mctx); | 2479 | EVP_MD_CTX_free(mctx); |
| 2477 | free(signature); | 2480 | free(signature); |
| 2478 | return ret; | 2481 | return ret; |
| 2479 | } | 2482 | } |