summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/t1_enc.c96
1 files changed, 50 insertions, 46 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 0c182d49a2..42d384db7d 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.105 2017/03/18 13:04:30 jsing Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.106 2017/03/25 13:36:56 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -144,10 +144,10 @@
144#include <openssl/hmac.h> 144#include <openssl/hmac.h>
145#include <openssl/md5.h> 145#include <openssl/md5.h>
146 146
147int tls1_PRF(SSL *s, const void *seed1, int seed1_len, const void *seed2, 147int tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len,
148 int seed2_len, const void *seed3, int seed3_len, const void *seed4, 148 const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len,
149 int seed4_len, const void *seed5, int seed5_len, const unsigned char *sec, 149 const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len,
150 int slen, unsigned char *out, int olen); 150 const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len);
151 151
152void 152void
153tls1_cleanup_key_block(SSL *s) 153tls1_cleanup_key_block(SSL *s)
@@ -231,10 +231,10 @@ tls1_record_sequence_increment(unsigned char *seq)
231 * TLS P_hash() data expansion function - see RFC 5246, section 5. 231 * TLS P_hash() data expansion function - see RFC 5246, section 5.
232 */ 232 */
233static int 233static int
234tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, 234tls1_P_hash(const EVP_MD *md, const unsigned char *secret, size_t secret_len,
235 const void *seed1, int seed1_len, const void *seed2, int seed2_len, 235 const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len,
236 const void *seed3, int seed3_len, const void *seed4, int seed4_len, 236 const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len,
237 const void *seed5, int seed5_len, unsigned char *out, int olen) 237 const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len)
238{ 238{
239 unsigned char A1[EVP_MAX_MD_SIZE], hmac[EVP_MAX_MD_SIZE]; 239 unsigned char A1[EVP_MAX_MD_SIZE], hmac[EVP_MAX_MD_SIZE];
240 size_t A1_len, hmac_len; 240 size_t A1_len, hmac_len;
@@ -249,7 +249,7 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len,
249 249
250 EVP_MD_CTX_init(&ctx); 250 EVP_MD_CTX_init(&ctx);
251 251
252 mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len); 252 mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, secret, secret_len);
253 if (!mac_key) 253 if (!mac_key)
254 goto err; 254 goto err;
255 if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key)) 255 if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
@@ -285,16 +285,16 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len,
285 if (!EVP_DigestSignFinal(&ctx, hmac, &hmac_len)) 285 if (!EVP_DigestSignFinal(&ctx, hmac, &hmac_len))
286 goto err; 286 goto err;
287 287
288 if (hmac_len > olen) 288 if (hmac_len > out_len)
289 hmac_len = olen; 289 hmac_len = out_len;
290 290
291 for (i = 0; i < hmac_len; i++) 291 for (i = 0; i < hmac_len; i++)
292 out[i] ^= hmac[i]; 292 out[i] ^= hmac[i];
293 293
294 out += hmac_len; 294 out += hmac_len;
295 olen -= hmac_len; 295 out_len -= hmac_len;
296 296
297 if (olen == 0) 297 if (out_len == 0)
298 break; 298 break;
299 299
300 if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key)) 300 if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
@@ -316,17 +316,16 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len,
316 return ret; 316 return ret;
317} 317}
318 318
319/* seed1 through seed5 are virtually concatenated */
320int 319int
321tls1_PRF(SSL *s, const void *seed1, int seed1_len, const void *seed2, 320tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len,
322 int seed2_len, const void *seed3, int seed3_len, const void *seed4, 321 const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len,
323 int seed4_len, const void *seed5, int seed5_len, const unsigned char *sec, 322 const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len,
324 int slen, unsigned char *out, int olen) 323 const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len)
325{ 324{
326 const EVP_MD *md; 325 const EVP_MD *md;
327 size_t hlen; 326 size_t half_len;
328 327
329 memset(out, 0, olen); 328 memset(out, 0, out_len);
330 329
331 if (!ssl_get_handshake_evp_md(s, &md)) 330 if (!ssl_get_handshake_evp_md(s, &md))
332 return (0); 331 return (0);
@@ -336,23 +335,24 @@ tls1_PRF(SSL *s, const void *seed1, int seed1_len, const void *seed2,
336 * Partition secret between MD5 and SHA1, then XOR result. 335 * Partition secret between MD5 and SHA1, then XOR result.
337 * If the secret length is odd, a one byte overlap is used. 336 * If the secret length is odd, a one byte overlap is used.
338 */ 337 */
339 hlen = slen - (slen / 2); 338 half_len = secret_len - (secret_len / 2);
340 if (!tls1_P_hash(EVP_md5(), sec, hlen, seed1, seed1_len, seed2, 339 if (!tls1_P_hash(EVP_md5(), secret, half_len, seed1, seed1_len,
341 seed2_len, seed3, seed3_len, seed4, seed4_len, seed5, 340 seed2, seed2_len, seed3, seed3_len, seed4, seed4_len,
342 seed5_len, out, olen)) 341 seed5, seed5_len, out, out_len))
343 return (0); 342 return (0);
344 343
345 sec += slen - hlen; 344 secret += secret_len - half_len;
346 if (!tls1_P_hash(EVP_sha1(), sec, hlen, seed1, seed1_len, seed2, 345 if (!tls1_P_hash(EVP_sha1(), secret, half_len, seed1, seed1_len,
347 seed2_len, seed3, seed3_len, seed4, seed4_len, seed5, 346 seed2, seed2_len, seed3, seed3_len, seed4, seed4_len,
348 seed5_len, out, olen)) 347 seed5, seed5_len, out, out_len))
349 return (0); 348 return (0);
350 349
351 return (1); 350 return (1);
352 } 351 }
353 352
354 if (!tls1_P_hash(md, sec, slen, seed1, seed1_len, seed2, seed2_len, 353 if (!tls1_P_hash(md, secret, secret_len, seed1, seed1_len,
355 seed3, seed3_len, seed4, seed4_len, seed5, seed5_len, out, olen)) 354 seed2, seed2_len, seed3, seed3_len, seed4, seed4_len,
355 seed5, seed5_len, out, out_len))
356 return (0); 356 return (0);
357 357
358 return (1); 358 return (1);
@@ -361,13 +361,15 @@ tls1_PRF(SSL *s, const void *seed1, int seed1_len, const void *seed2,
361static int 361static int
362tls1_generate_key_block(SSL *s, unsigned char *km, int num) 362tls1_generate_key_block(SSL *s, unsigned char *km, int num)
363{ 363{
364 if (num < 0)
365 return (0);
366
364 return tls1_PRF(s, 367 return tls1_PRF(s,
368 s->session->master_key, s->session->master_key_length,
365 TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE, 369 TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE,
366 s->s3->server_random, SSL3_RANDOM_SIZE, 370 s->s3->server_random, SSL3_RANDOM_SIZE,
367 s->s3->client_random, SSL3_RANDOM_SIZE, 371 s->s3->client_random, SSL3_RANDOM_SIZE,
368 NULL, 0, NULL, 0, 372 NULL, 0, NULL, 0, km, num);
369 s->session->master_key, s->session->master_key_length,
370 km, num);
371} 373}
372 374
373/* 375/*
@@ -1020,19 +1022,19 @@ tls1_enc(SSL *s, int send)
1020} 1022}
1021 1023
1022int 1024int
1023tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out) 1025tls1_final_finish_mac(SSL *s, const char *str, int str_len, unsigned char *out)
1024{ 1026{
1025 unsigned char buf1[EVP_MAX_MD_SIZE]; 1027 unsigned char buf[EVP_MAX_MD_SIZE];
1026 size_t hlen; 1028 size_t hash_len;
1027 1029
1028 if (!tls1_handshake_hash_value(s, buf1, sizeof(buf1), &hlen)) 1030 if (str_len < 0)
1029 return 0; 1031 return 0;
1030 1032
1031 if (hlen > INT_MAX) 1033 if (!tls1_handshake_hash_value(s, buf, sizeof(buf), &hash_len))
1032 return 0; 1034 return 0;
1033 1035
1034 if (!tls1_PRF(s, str, slen, buf1, hlen, NULL, 0, NULL, 0, NULL, 0, 1036 if (!tls1_PRF(s, s->session->master_key, s->session->master_key_length,
1035 s->session->master_key, s->session->master_key_length, 1037 str, str_len, buf, hash_len, NULL, 0, NULL, 0, NULL, 0,
1036 out, TLS1_FINISH_MAC_LENGTH)) 1038 out, TLS1_FINISH_MAC_LENGTH))
1037 return 0; 1039 return 0;
1038 1040
@@ -1125,12 +1127,15 @@ int
1125tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, 1127tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
1126 int len) 1128 int len)
1127{ 1129{
1130 if (len < 0)
1131 return 0;
1132
1128 /* XXX - check return value. */ 1133 /* XXX - check return value. */
1129 tls1_PRF(s, 1134 tls1_PRF(s, p, len,
1130 TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE, 1135 TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
1131 s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0, 1136 s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0,
1132 s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0, 1137 s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0,
1133 p, len, s->session->master_key, SSL_MAX_MASTER_KEY_LENGTH); 1138 s->session->master_key, SSL_MAX_MASTER_KEY_LENGTH);
1134 1139
1135 return (SSL_MAX_MASTER_KEY_LENGTH); 1140 return (SSL_MAX_MASTER_KEY_LENGTH);
1136} 1141}
@@ -1193,9 +1198,8 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1193 TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) 1198 TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
1194 goto err1; 1199 goto err1;
1195 1200
1196 rv = tls1_PRF(s, val, vallen, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 1201 rv = tls1_PRF(s, s->session->master_key, s->session->master_key_length,
1197 s->session->master_key, s->session->master_key_length, 1202 val, vallen, NULL, 0, NULL, 0, NULL, 0, NULL, 0, out, olen);
1198 out, olen);
1199 1203
1200 goto ret; 1204 goto ret;
1201err1: 1205err1:
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 17:36:54 +0000