Convert ssl3_get_client_kex_ecdhe_ecp() to CBS.

Also allocate a dedicated buffer to hold the shared secret, rather than reusing init_buf. ok inoguchi@ tb@
author: jsing <> 2018-06-02 16:45:31 +0000
committer: jsing <> 2018-06-02 16:45:31 +0000
commit: efd01a1e780bf24e47262357a24ff7a1dc9f8d6b (patch)
tree: 67b582a9660d05dbbd85649db6e3eeeaa58b0e1d /src
parent: f6c1331fa2e89997363ab59225590a4adc2e8407 (diff)
download: openbsd-efd01a1e780bf24e47262357a24ff7a1dc9f8d6b.tar.gz
openbsd-efd01a1e780bf24e47262357a24ff7a1dc9f8d6b.tar.bz2
openbsd-efd01a1e780bf24e47262357a24ff7a1dc9f8d6b.zip
1 files changed, 42 insertions, 44 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index b1861caa75..4de4b08db5 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.32 2018/05/19 14:23:16 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.33 2018/06/02 16:45:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1889,85 +1889,83 @@ ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n)
 static int
 ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
 {
+        unsigned char *key = NULL;
+        int key_size = 0, key_len;
        EC_POINT *point = NULL;
-        const EC_GROUP *group;
        BN_CTX *bn_ctx = NULL;
+        const EC_GROUP *group;
+        CBS cbs, public;
        EC_KEY *ecdh;
-        int key_size;
+        int ret = -1;
-        int ret = 1;
-        int i;
+        if (n < 0)
+                goto err;
+        CBS_init(&cbs, p, n);
+        if (!CBS_get_u8_length_prefixed(&cbs, &public))
+                goto err;
+        if (CBS_len(&cbs) != 0)
+                goto err;
        /*
-         * Use the ephemeral values we saved when
+         * Use the ephemeral values we saved when generating the
-         * generating the ServerKeyExchange message.
+         * ServerKeyExchange message.
         */
-        ecdh = S3I(s)->tmp.ecdh;
+        if ((ecdh = S3I(s)->tmp.ecdh) == NULL) {
-        group = EC_KEY_get0_group(ecdh);
+                SSLerror(s, ERR_R_INTERNAL_ERROR);
-        /* Let's get client's public key */
-        if ((point = EC_POINT_new(group)) == NULL) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
                goto err;
        }
+        group = EC_KEY_get0_group(ecdh);
        /*
-         * Get client's public key from encoded point
+         * Get client's public key from encoded point in the ClientKeyExchange
-         * in the ClientKeyExchange message.
+         * message.
         */
        if ((bn_ctx = BN_CTX_new()) == NULL) {
                SSLerror(s, ERR_R_MALLOC_FAILURE);
                goto err;
        }
+        if ((point = EC_POINT_new(group)) == NULL) {
-        /* Get encoded point length */
+                SSLerror(s, ERR_R_MALLOC_FAILURE);
-        if (n < 1)
-                goto err;
-        i = *p;
-        p += 1;
-        if (n != 1 + i) {
-                SSLerror(s, ERR_R_EC_LIB);
                goto err;
        }
-        if (EC_POINT_oct2point(group, point, p, i, bn_ctx) == 0) {
+        if (EC_POINT_oct2point(group, point, CBS_data(&public),
+            CBS_len(&public), bn_ctx) == 0) {
                SSLerror(s, ERR_R_EC_LIB);
                goto err;
        }
-        /*
-         * p is pointing to somewhere in the buffer
-         * currently, so set it to the start.
-         */
-        p = (unsigned char *)s->internal->init_buf->data;
        /* Compute the shared pre-master secret */
-        key_size = ECDH_size(ecdh);
+        if ((key_size = ECDH_size(ecdh)) <= 0) {
-        if (key_size <= 0) {
                SSLerror(s, ERR_R_ECDH_LIB);
                goto err;
        }
-        i = ECDH_compute_key(p, key_size, point, ecdh, NULL);
+        if ((key = malloc(key_size)) == NULL) {
-        if (i <= 0) {
+                SSLerror(s, ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        if ((key_len = ECDH_compute_key(key, key_size, point, ecdh,
+            NULL)) <= 0) {
                SSLerror(s, ERR_R_ECDH_LIB);
                goto err;
        }
-        EC_POINT_free(point);
+        /* Compute the master secret */
-        BN_CTX_free(bn_ctx);
+        s->session->master_key_length = tls1_generate_master_secret(s,
+            s->session->master_key, key, key_len);
        EC_KEY_free(S3I(s)->tmp.ecdh);
        S3I(s)->tmp.ecdh = NULL;
-        /* Compute the master secret */
+        ret = 1;
-        s->session->master_key_length =
-            tls1_generate_master_secret(
-                s, s->session->master_key, p, i);
-        explicit_bzero(p, i);
-        return (ret);
 err:
+        freezero(key, key_size);
        EC_POINT_free(point);
        BN_CTX_free(bn_ctx);
-        return (-1);
+        return (ret);
 }
 static int
author	jsing <>	2018-06-02 16:45:31 +0000
committer	jsing <>	2018-06-02 16:45:31 +0000
commit	efd01a1e780bf24e47262357a24ff7a1dc9f8d6b (patch)
tree	67b582a9660d05dbbd85649db6e3eeeaa58b0e1d /src
parent	f6c1331fa2e89997363ab59225590a4adc2e8407 (diff)
download	openbsd-efd01a1e780bf24e47262357a24ff7a1dc9f8d6b.tar.gz openbsd-efd01a1e780bf24e47262357a24ff7a1dc9f8d6b.tar.bz2 openbsd-efd01a1e780bf24e47262357a24ff7a1dc9f8d6b.zip

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index b1861caa75..4de4b08db5 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.32 2018/05/19 14:23:16 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.33 2018/06/02 16:45:31 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1889,85 +1889,83 @@ ssl3_get_client_kex_dhe(SSL s, unsigned char p, long n)
1889	static int	1889	static int
1890	ssl3_get_client_kex_ecdhe_ecp(SSL s, unsigned char p, long n)	1890	ssl3_get_client_kex_ecdhe_ecp(SSL s, unsigned char p, long n)
1891	{	1891	{
		1892	unsigned char *key = NULL;
		1893	int key_size = 0, key_len;
1892	EC_POINT *point = NULL;	1894	EC_POINT *point = NULL;
1893	const EC_GROUP *group;
1894	BN_CTX *bn_ctx = NULL;	1895	BN_CTX *bn_ctx = NULL;
		1896	const EC_GROUP *group;
		1897	CBS cbs, public;
1895	EC_KEY *ecdh;	1898	EC_KEY *ecdh;
1896	int key_size;	1899	int ret = -1;
1897	int ret = 1;	1900
1898	int i;	1901	if (n < 0)
		1902	goto err;
		1903
		1904	CBS_init(&cbs, p, n);
		1905
		1906	if (!CBS_get_u8_length_prefixed(&cbs, &public))
		1907	goto err;
		1908	if (CBS_len(&cbs) != 0)
		1909	goto err;
1899		1910
1900	/*	1911	/*
1901	* Use the ephemeral values we saved when	1912	* Use the ephemeral values we saved when generating the
1902	* generating the ServerKeyExchange message.	1913	* ServerKeyExchange message.
1903	*/	1914	*/
1904	ecdh = S3I(s)->tmp.ecdh;	1915	if ((ecdh = S3I(s)->tmp.ecdh) == NULL) {
1905	group = EC_KEY_get0_group(ecdh);	1916	SSLerror(s, ERR_R_INTERNAL_ERROR);
1906
1907	/* Let's get client's public key */
1908	if ((point = EC_POINT_new(group)) == NULL) {
1909	SSLerror(s, ERR_R_MALLOC_FAILURE);
1910	goto err;	1917	goto err;
1911	}	1918	}
		1919	group = EC_KEY_get0_group(ecdh);
1912		1920
1913	/*	1921	/*
1914	* Get client's public key from encoded point	1922	* Get client's public key from encoded point in the ClientKeyExchange
1915	* in the ClientKeyExchange message.	1923	* message.
1916	*/	1924	*/
1917	if ((bn_ctx = BN_CTX_new()) == NULL) {	1925	if ((bn_ctx = BN_CTX_new()) == NULL) {
1918	SSLerror(s, ERR_R_MALLOC_FAILURE);	1926	SSLerror(s, ERR_R_MALLOC_FAILURE);
1919	goto err;	1927	goto err;
1920	}	1928	}
1921		1929	if ((point = EC_POINT_new(group)) == NULL) {
1922	/* Get encoded point length */	1930	SSLerror(s, ERR_R_MALLOC_FAILURE);
1923	if (n < 1)
1924	goto err;
1925	i = *p;
1926	p += 1;
1927	if (n != 1 + i) {
1928	SSLerror(s, ERR_R_EC_LIB);
1929	goto err;	1931	goto err;
1930	}	1932	}
1931	if (EC_POINT_oct2point(group, point, p, i, bn_ctx) == 0) {	1933	if (EC_POINT_oct2point(group, point, CBS_data(&public),
		1934	CBS_len(&public), bn_ctx) == 0) {
1932	SSLerror(s, ERR_R_EC_LIB);	1935	SSLerror(s, ERR_R_EC_LIB);
1933	goto err;	1936	goto err;
1934	}	1937	}
1935		1938
1936	/*
1937	* p is pointing to somewhere in the buffer
1938	* currently, so set it to the start.
1939	*/
1940	p = (unsigned char *)s->internal->init_buf->data;
1941
1942	/* Compute the shared pre-master secret */	1939	/* Compute the shared pre-master secret */
1943	key_size = ECDH_size(ecdh);	1940	if ((key_size = ECDH_size(ecdh)) <= 0) {
1944	if (key_size <= 0) {
1945	SSLerror(s, ERR_R_ECDH_LIB);	1941	SSLerror(s, ERR_R_ECDH_LIB);
1946	goto err;	1942	goto err;
1947	}	1943	}
1948	i = ECDH_compute_key(p, key_size, point, ecdh, NULL);	1944	if ((key = malloc(key_size)) == NULL) {
1949	if (i <= 0) {	1945	SSLerror(s, ERR_R_MALLOC_FAILURE);
		1946	goto err;
		1947	}
		1948	if ((key_len = ECDH_compute_key(key, key_size, point, ecdh,
		1949	NULL)) <= 0) {
1950	SSLerror(s, ERR_R_ECDH_LIB);	1950	SSLerror(s, ERR_R_ECDH_LIB);
1951	goto err;	1951	goto err;
1952	}	1952	}
1953		1953
1954	EC_POINT_free(point);	1954	/* Compute the master secret */
1955	BN_CTX_free(bn_ctx);	1955	s->session->master_key_length = tls1_generate_master_secret(s,
		1956	s->session->master_key, key, key_len);
		1957
1956	EC_KEY_free(S3I(s)->tmp.ecdh);	1958	EC_KEY_free(S3I(s)->tmp.ecdh);
1957	S3I(s)->tmp.ecdh = NULL;	1959	S3I(s)->tmp.ecdh = NULL;
1958		1960
1959	/* Compute the master secret */	1961	ret = 1;
1960	s->session->master_key_length =
1961	tls1_generate_master_secret(
1962	s, s->session->master_key, p, i);
1963
1964	explicit_bzero(p, i);
1965	return (ret);
1966		1962
1967	err:	1963	err:
		1964	freezero(key, key_size);
1968	EC_POINT_free(point);	1965	EC_POINT_free(point);
1969	BN_CTX_free(bn_ctx);	1966	BN_CTX_free(bn_ctx);
1970	return (-1);	1967
		1968	return (ret);
1971	}	1969	}
1972		1970
1973	static int	1971	static int