diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 44 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 65 |
2 files changed, 62 insertions, 47 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 2ab90b5c37..6aea590132 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.159 2023/06/11 18:50:51 tb Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.160 2023/06/11 19:01:01 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1299,13 +1299,17 @@ ssl3_get_server_kex_ecdhe(SSL *s, CBS *cbs) | |||
| 1299 | static int | 1299 | static int |
| 1300 | ssl3_get_server_key_exchange(SSL *s) | 1300 | ssl3_get_server_key_exchange(SSL *s) |
| 1301 | { | 1301 | { |
| 1302 | CBS cbs, signature; | 1302 | CBB cbb; |
| 1303 | CBS cbs, params, signature; | ||
| 1303 | EVP_MD_CTX *md_ctx; | 1304 | EVP_MD_CTX *md_ctx; |
| 1304 | const unsigned char *param; | 1305 | unsigned char *signed_params = NULL; |
| 1305 | size_t param_len; | 1306 | size_t signed_params_len; |
| 1307 | size_t params_len; | ||
| 1306 | long alg_k, alg_a; | 1308 | long alg_k, alg_a; |
| 1307 | int al, ret; | 1309 | int al, ret; |
| 1308 | 1310 | ||
| 1311 | memset(&cbb, 0, sizeof(cbb)); | ||
| 1312 | |||
| 1309 | alg_k = s->s3->hs.cipher->algorithm_mkey; | 1313 | alg_k = s->s3->hs.cipher->algorithm_mkey; |
| 1310 | alg_a = s->s3->hs.cipher->algorithm_auth; | 1314 | alg_a = s->s3->hs.cipher->algorithm_auth; |
| 1311 | 1315 | ||
| @@ -1341,8 +1345,14 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1341 | return (1); | 1345 | return (1); |
| 1342 | } | 1346 | } |
| 1343 | 1347 | ||
| 1344 | param = CBS_data(&cbs); | 1348 | if (!CBB_init(&cbb, 0)) |
| 1345 | param_len = CBS_len(&cbs); | 1349 | goto err; |
| 1350 | if (!CBB_add_bytes(&cbb, s->s3->client_random, SSL3_RANDOM_SIZE)) | ||
| 1351 | goto err; | ||
| 1352 | if (!CBB_add_bytes(&cbb, s->s3->server_random, SSL3_RANDOM_SIZE)) | ||
| 1353 | goto err; | ||
| 1354 | |||
| 1355 | CBS_dup(&cbs, ¶ms); | ||
| 1346 | 1356 | ||
| 1347 | if (alg_k & SSL_kDHE) { | 1357 | if (alg_k & SSL_kDHE) { |
| 1348 | if (!ssl3_get_server_kex_dhe(s, &cbs)) | 1358 | if (!ssl3_get_server_kex_dhe(s, &cbs)) |
| @@ -1356,7 +1366,12 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1356 | goto fatal_err; | 1366 | goto fatal_err; |
| 1357 | } | 1367 | } |
| 1358 | 1368 | ||
| 1359 | param_len -= CBS_len(&cbs); | 1369 | if ((params_len = CBS_offset(&cbs)) > CBS_len(¶ms)) |
| 1370 | goto err; | ||
| 1371 | if (!CBB_add_bytes(&cbb, CBS_data(¶ms), params_len)) | ||
| 1372 | goto err; | ||
| 1373 | if (!CBB_finish(&cbb, &signed_params, &signed_params_len)) | ||
| 1374 | goto err; | ||
| 1360 | 1375 | ||
| 1361 | /* if it was signed, check the signature */ | 1376 | /* if it was signed, check the signature */ |
| 1362 | if ((alg_a & SSL_aNULL) == 0) { | 1377 | if ((alg_a & SSL_aNULL) == 0) { |
| @@ -1400,21 +1415,13 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1400 | if (!EVP_DigestVerifyInit(md_ctx, &pctx, sigalg->md(), | 1415 | if (!EVP_DigestVerifyInit(md_ctx, &pctx, sigalg->md(), |
| 1401 | NULL, pkey)) | 1416 | NULL, pkey)) |
| 1402 | goto err; | 1417 | goto err; |
| 1403 | if (!EVP_DigestVerifyUpdate(md_ctx, s->s3->client_random, | ||
| 1404 | SSL3_RANDOM_SIZE)) | ||
| 1405 | goto err; | ||
| 1406 | if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && | 1418 | if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && |
| 1407 | (!EVP_PKEY_CTX_set_rsa_padding(pctx, | 1419 | (!EVP_PKEY_CTX_set_rsa_padding(pctx, |
| 1408 | RSA_PKCS1_PSS_PADDING) || | 1420 | RSA_PKCS1_PSS_PADDING) || |
| 1409 | !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) | 1421 | !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) |
| 1410 | goto err; | 1422 | goto err; |
| 1411 | if (!EVP_DigestVerifyUpdate(md_ctx, s->s3->server_random, | 1423 | if (EVP_DigestVerify(md_ctx, CBS_data(&signature), |
| 1412 | SSL3_RANDOM_SIZE)) | 1424 | CBS_len(&signature), signed_params, signed_params_len) <= 0) { |
| 1413 | goto err; | ||
| 1414 | if (!EVP_DigestVerifyUpdate(md_ctx, param, param_len)) | ||
| 1415 | goto err; | ||
| 1416 | if (EVP_DigestVerifyFinal(md_ctx, CBS_data(&signature), | ||
| 1417 | CBS_len(&signature)) <= 0) { | ||
| 1418 | al = SSL_AD_DECRYPT_ERROR; | 1425 | al = SSL_AD_DECRYPT_ERROR; |
| 1419 | SSLerror(s, SSL_R_BAD_SIGNATURE); | 1426 | SSLerror(s, SSL_R_BAD_SIGNATURE); |
| 1420 | goto fatal_err; | 1427 | goto fatal_err; |
| @@ -1428,6 +1435,7 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1428 | } | 1435 | } |
| 1429 | 1436 | ||
| 1430 | EVP_MD_CTX_free(md_ctx); | 1437 | EVP_MD_CTX_free(md_ctx); |
| 1438 | free(signed_params); | ||
| 1431 | 1439 | ||
| 1432 | return (1); | 1440 | return (1); |
| 1433 | 1441 | ||
| @@ -1439,7 +1447,9 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1439 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 1447 | ssl3_send_alert(s, SSL3_AL_FATAL, al); |
| 1440 | 1448 | ||
| 1441 | err: | 1449 | err: |
| 1450 | CBB_cleanup(&cbb); | ||
| 1442 | EVP_MD_CTX_free(md_ctx); | 1451 | EVP_MD_CTX_free(md_ctx); |
| 1452 | free(signed_params); | ||
| 1443 | 1453 | ||
| 1444 | return (-1); | 1454 | return (-1); |
| 1445 | } | 1455 | } |
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index d0814a8455..8edbf77156 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.154 2023/06/11 18:50:51 tb Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.155 2023/06/11 19:01:01 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1431,12 +1431,13 @@ ssl3_send_server_kex_ecdhe(SSL *s, CBB *cbb) | |||
| 1431 | static int | 1431 | static int |
| 1432 | ssl3_send_server_key_exchange(SSL *s) | 1432 | ssl3_send_server_key_exchange(SSL *s) |
| 1433 | { | 1433 | { |
| 1434 | CBB cbb, cbb_params, cbb_signature, server_kex; | 1434 | CBB cbb, cbb_signature, cbb_signed_params, server_kex; |
| 1435 | CBS params; | ||
| 1435 | const struct ssl_sigalg *sigalg = NULL; | 1436 | const struct ssl_sigalg *sigalg = NULL; |
| 1437 | unsigned char *signed_params = NULL; | ||
| 1438 | size_t signed_params_len; | ||
| 1436 | unsigned char *signature = NULL; | 1439 | unsigned char *signature = NULL; |
| 1437 | size_t signature_len = 0; | 1440 | size_t signature_len = 0; |
| 1438 | unsigned char *params = NULL; | ||
| 1439 | size_t params_len; | ||
| 1440 | const EVP_MD *md = NULL; | 1441 | const EVP_MD *md = NULL; |
| 1441 | unsigned long type; | 1442 | unsigned long type; |
| 1442 | EVP_MD_CTX *md_ctx = NULL; | 1443 | EVP_MD_CTX *md_ctx = NULL; |
| @@ -1445,7 +1446,7 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1445 | int al; | 1446 | int al; |
| 1446 | 1447 | ||
| 1447 | memset(&cbb, 0, sizeof(cbb)); | 1448 | memset(&cbb, 0, sizeof(cbb)); |
| 1448 | memset(&cbb_params, 0, sizeof(cbb_params)); | 1449 | memset(&cbb_signed_params, 0, sizeof(cbb_signed_params)); |
| 1449 | 1450 | ||
| 1450 | if ((md_ctx = EVP_MD_CTX_new()) == NULL) | 1451 | if ((md_ctx = EVP_MD_CTX_new()) == NULL) |
| 1451 | goto err; | 1452 | goto err; |
| @@ -1456,15 +1457,26 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1456 | SSL3_MT_SERVER_KEY_EXCHANGE)) | 1457 | SSL3_MT_SERVER_KEY_EXCHANGE)) |
| 1457 | goto err; | 1458 | goto err; |
| 1458 | 1459 | ||
| 1459 | if (!CBB_init(&cbb_params, 0)) | 1460 | if (!CBB_init(&cbb_signed_params, 0)) |
| 1460 | goto err; | 1461 | goto err; |
| 1461 | 1462 | ||
| 1463 | if (!CBB_add_bytes(&cbb_signed_params, s->s3->client_random, | ||
| 1464 | SSL3_RANDOM_SIZE)) { | ||
| 1465 | SSLerror(s, ERR_R_INTERNAL_ERROR); | ||
| 1466 | goto err; | ||
| 1467 | } | ||
| 1468 | if (!CBB_add_bytes(&cbb_signed_params, s->s3->server_random, | ||
| 1469 | SSL3_RANDOM_SIZE)) { | ||
| 1470 | SSLerror(s, ERR_R_INTERNAL_ERROR); | ||
| 1471 | goto err; | ||
| 1472 | } | ||
| 1473 | |||
| 1462 | type = s->s3->hs.cipher->algorithm_mkey; | 1474 | type = s->s3->hs.cipher->algorithm_mkey; |
| 1463 | if (type & SSL_kDHE) { | 1475 | if (type & SSL_kDHE) { |
| 1464 | if (!ssl3_send_server_kex_dhe(s, &cbb_params)) | 1476 | if (!ssl3_send_server_kex_dhe(s, &cbb_signed_params)) |
| 1465 | goto err; | 1477 | goto err; |
| 1466 | } else if (type & SSL_kECDHE) { | 1478 | } else if (type & SSL_kECDHE) { |
| 1467 | if (!ssl3_send_server_kex_ecdhe(s, &cbb_params)) | 1479 | if (!ssl3_send_server_kex_ecdhe(s, &cbb_signed_params)) |
| 1468 | goto err; | 1480 | goto err; |
| 1469 | } else { | 1481 | } else { |
| 1470 | al = SSL_AD_HANDSHAKE_FAILURE; | 1482 | al = SSL_AD_HANDSHAKE_FAILURE; |
| @@ -1472,10 +1484,16 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1472 | goto fatal_err; | 1484 | goto fatal_err; |
| 1473 | } | 1485 | } |
| 1474 | 1486 | ||
| 1475 | if (!CBB_finish(&cbb_params, ¶ms, ¶ms_len)) | 1487 | if (!CBB_finish(&cbb_signed_params, &signed_params, |
| 1488 | &signed_params_len)) | ||
| 1489 | goto err; | ||
| 1490 | |||
| 1491 | CBS_init(¶ms, signed_params, signed_params_len); | ||
| 1492 | if (!CBS_skip(¶ms, 2 * SSL3_RANDOM_SIZE)) | ||
| 1476 | goto err; | 1493 | goto err; |
| 1477 | 1494 | ||
| 1478 | if (!CBB_add_bytes(&server_kex, params, params_len)) | 1495 | if (!CBB_add_bytes(&server_kex, CBS_data(¶ms), |
| 1496 | CBS_len(¶ms))) | ||
| 1479 | goto err; | 1497 | goto err; |
| 1480 | 1498 | ||
| 1481 | /* Add signature unless anonymous. */ | 1499 | /* Add signature unless anonymous. */ |
| @@ -1507,22 +1525,8 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1507 | SSLerror(s, ERR_R_EVP_LIB); | 1525 | SSLerror(s, ERR_R_EVP_LIB); |
| 1508 | goto err; | 1526 | goto err; |
| 1509 | } | 1527 | } |
| 1510 | if (!EVP_DigestSignUpdate(md_ctx, s->s3->client_random, | 1528 | if (!EVP_DigestSign(md_ctx, NULL, &signature_len, |
| 1511 | SSL3_RANDOM_SIZE)) { | 1529 | signed_params, signed_params_len)) { |
| 1512 | SSLerror(s, ERR_R_EVP_LIB); | ||
| 1513 | goto err; | ||
| 1514 | } | ||
| 1515 | if (!EVP_DigestSignUpdate(md_ctx, s->s3->server_random, | ||
| 1516 | SSL3_RANDOM_SIZE)) { | ||
| 1517 | SSLerror(s, ERR_R_EVP_LIB); | ||
| 1518 | goto err; | ||
| 1519 | } | ||
| 1520 | if (!EVP_DigestSignUpdate(md_ctx, params, params_len)) { | ||
| 1521 | SSLerror(s, ERR_R_EVP_LIB); | ||
| 1522 | goto err; | ||
| 1523 | } | ||
| 1524 | if (!EVP_DigestSignFinal(md_ctx, NULL, &signature_len) || | ||
| 1525 | !signature_len) { | ||
| 1526 | SSLerror(s, ERR_R_EVP_LIB); | 1530 | SSLerror(s, ERR_R_EVP_LIB); |
| 1527 | goto err; | 1531 | goto err; |
| 1528 | } | 1532 | } |
| @@ -1530,7 +1534,8 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1530 | SSLerror(s, ERR_R_MALLOC_FAILURE); | 1534 | SSLerror(s, ERR_R_MALLOC_FAILURE); |
| 1531 | goto err; | 1535 | goto err; |
| 1532 | } | 1536 | } |
| 1533 | if (!EVP_DigestSignFinal(md_ctx, signature, &signature_len)) { | 1537 | if (!EVP_DigestSign(md_ctx, signature, &signature_len, |
| 1538 | signed_params, signed_params_len)) { | ||
| 1534 | SSLerror(s, ERR_R_EVP_LIB); | 1539 | SSLerror(s, ERR_R_EVP_LIB); |
| 1535 | goto err; | 1540 | goto err; |
| 1536 | } | 1541 | } |
| @@ -1550,19 +1555,19 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1550 | } | 1555 | } |
| 1551 | 1556 | ||
| 1552 | EVP_MD_CTX_free(md_ctx); | 1557 | EVP_MD_CTX_free(md_ctx); |
| 1553 | free(params); | ||
| 1554 | free(signature); | 1558 | free(signature); |
| 1559 | free(signed_params); | ||
| 1555 | 1560 | ||
| 1556 | return (ssl3_handshake_write(s)); | 1561 | return (ssl3_handshake_write(s)); |
| 1557 | 1562 | ||
| 1558 | fatal_err: | 1563 | fatal_err: |
| 1559 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 1564 | ssl3_send_alert(s, SSL3_AL_FATAL, al); |
| 1560 | err: | 1565 | err: |
| 1561 | CBB_cleanup(&cbb_params); | 1566 | CBB_cleanup(&cbb_signed_params); |
| 1562 | CBB_cleanup(&cbb); | 1567 | CBB_cleanup(&cbb); |
| 1563 | EVP_MD_CTX_free(md_ctx); | 1568 | EVP_MD_CTX_free(md_ctx); |
| 1564 | free(params); | ||
| 1565 | free(signature); | 1569 | free(signature); |
| 1570 | free(signed_params); | ||
| 1566 | 1571 | ||
| 1567 | return (-1); | 1572 | return (-1); |
| 1568 | } | 1573 | } |