diff options
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_enc.c | 100 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_locl.h | 3 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 3 |
3 files changed, 3 insertions, 103 deletions
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c index 7e0544a8fa..6a7026e158 100644 --- a/src/lib/libssl/src/ssl/s3_enc.c +++ b/src/lib/libssl/src/ssl/s3_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_enc.c,v 1.63 2015/09/11 16:53:51 jsing Exp $ */ | 1 | /* $OpenBSD: s3_enc.c,v 1.64 2015/09/11 16:56:17 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -574,104 +574,6 @@ ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len, | |||
| 574 | return ((int)ret); | 574 | return ((int)ret); |
| 575 | } | 575 | } |
| 576 | 576 | ||
| 577 | int | ||
| 578 | n_ssl3_mac(SSL *ssl, unsigned char *md, int send) | ||
| 579 | { | ||
| 580 | SSL3_RECORD *rec; | ||
| 581 | unsigned char *mac_sec, *seq; | ||
| 582 | EVP_MD_CTX md_ctx; | ||
| 583 | const EVP_MD_CTX *hash; | ||
| 584 | unsigned char *p, rec_char; | ||
| 585 | size_t md_size, orig_len; | ||
| 586 | int npad; | ||
| 587 | int t; | ||
| 588 | |||
| 589 | if (send) { | ||
| 590 | rec = &(ssl->s3->wrec); | ||
| 591 | mac_sec = &(ssl->s3->write_mac_secret[0]); | ||
| 592 | seq = &(ssl->s3->write_sequence[0]); | ||
| 593 | hash = ssl->write_hash; | ||
| 594 | } else { | ||
| 595 | rec = &(ssl->s3->rrec); | ||
| 596 | mac_sec = &(ssl->s3->read_mac_secret[0]); | ||
| 597 | seq = &(ssl->s3->read_sequence[0]); | ||
| 598 | hash = ssl->read_hash; | ||
| 599 | } | ||
| 600 | |||
| 601 | t = EVP_MD_CTX_size(hash); | ||
| 602 | if (t < 0) | ||
| 603 | return -1; | ||
| 604 | md_size = t; | ||
| 605 | npad = (48 / md_size) * md_size; | ||
| 606 | |||
| 607 | /* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */ | ||
| 608 | orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8); | ||
| 609 | rec->type &= 0xff; | ||
| 610 | |||
| 611 | if (!send && | ||
| 612 | EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && | ||
| 613 | ssl3_cbc_record_digest_supported(hash)) { | ||
| 614 | /* This is a CBC-encrypted record. We must avoid leaking any | ||
| 615 | * timing-side channel information about how many blocks of | ||
| 616 | * data we are hashing because that gives an attacker a | ||
| 617 | * timing-oracle. */ | ||
| 618 | |||
| 619 | /* npad is, at most, 48 bytes and that's with MD5: | ||
| 620 | * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75. | ||
| 621 | * | ||
| 622 | * With SHA-1 (the largest hash speced for SSLv3) the hash size | ||
| 623 | * goes up 4, but npad goes down by 8, resulting in a smaller | ||
| 624 | * total size. */ | ||
| 625 | unsigned char header[75]; | ||
| 626 | unsigned j = 0; | ||
| 627 | memcpy(header + j, mac_sec, md_size); | ||
| 628 | j += md_size; | ||
| 629 | memcpy(header + j, ssl3_pad_1, npad); | ||
| 630 | j += npad; | ||
| 631 | memcpy(header + j, seq, 8); | ||
| 632 | j += 8; | ||
| 633 | header[j++] = rec->type; | ||
| 634 | header[j++] = rec->length >> 8; | ||
| 635 | header[j++] = rec->length & 0xff; | ||
| 636 | |||
| 637 | if (!ssl3_cbc_digest_record(hash, md, &md_size, header, | ||
| 638 | rec->input, rec->length + md_size, orig_len, mac_sec, | ||
| 639 | md_size, 1 /* is SSLv3 */)) | ||
| 640 | return (-1); | ||
| 641 | } else { | ||
| 642 | unsigned int md_size_u; | ||
| 643 | /* Chop the digest off the end :-) */ | ||
| 644 | EVP_MD_CTX_init(&md_ctx); | ||
| 645 | |||
| 646 | if (!EVP_MD_CTX_copy_ex(&md_ctx, hash)) | ||
| 647 | return (-1); | ||
| 648 | EVP_DigestUpdate(&md_ctx, mac_sec, md_size); | ||
| 649 | EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad); | ||
| 650 | EVP_DigestUpdate(&md_ctx, seq, 8); | ||
| 651 | rec_char = rec->type; | ||
| 652 | EVP_DigestUpdate(&md_ctx, &rec_char, 1); | ||
| 653 | p = md; | ||
| 654 | s2n(rec->length, p); | ||
| 655 | EVP_DigestUpdate(&md_ctx, md, 2); | ||
| 656 | EVP_DigestUpdate(&md_ctx, rec->input, rec->length); | ||
| 657 | EVP_DigestFinal_ex(&md_ctx, md, NULL); | ||
| 658 | |||
| 659 | if (!EVP_MD_CTX_copy_ex(&md_ctx, hash)) | ||
| 660 | return (-1); | ||
| 661 | EVP_DigestUpdate(&md_ctx, mac_sec, md_size); | ||
| 662 | EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad); | ||
| 663 | EVP_DigestUpdate(&md_ctx, md, md_size); | ||
| 664 | EVP_DigestFinal_ex(&md_ctx, md, &md_size_u); | ||
| 665 | md_size = md_size_u; | ||
| 666 | |||
| 667 | EVP_MD_CTX_cleanup(&md_ctx); | ||
| 668 | } | ||
| 669 | |||
| 670 | ssl3_record_sequence_increment(seq); | ||
| 671 | |||
| 672 | return (md_size); | ||
| 673 | } | ||
| 674 | |||
| 675 | void | 577 | void |
| 676 | ssl3_record_sequence_increment(unsigned char *seq) | 578 | ssl3_record_sequence_increment(unsigned char *seq) |
| 677 | { | 579 | { |
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index ab576c28f9..1b46e990de 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.106 2015/09/11 16:53:51 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.107 2015/09/11 16:56:17 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -629,7 +629,6 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int slen, | |||
| 629 | unsigned char *p); | 629 | unsigned char *p); |
| 630 | int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); | 630 | int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); |
| 631 | void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); | 631 | void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); |
| 632 | int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data); | ||
| 633 | void ssl3_free_digest_list(SSL *s); | 632 | void ssl3_free_digest_list(SSL *s); |
| 634 | unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); | 633 | unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); |
| 635 | SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, | 634 | SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index ab576c28f9..1b46e990de 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.106 2015/09/11 16:53:51 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.107 2015/09/11 16:56:17 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -629,7 +629,6 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int slen, | |||
| 629 | unsigned char *p); | 629 | unsigned char *p); |
| 630 | int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); | 630 | int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); |
| 631 | void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); | 631 | void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); |
| 632 | int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data); | ||
| 633 | void ssl3_free_digest_list(SSL *s); | 632 | void ssl3_free_digest_list(SSL *s); |
| 634 | unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); | 633 | unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); |
| 635 | SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, | 634 | SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, |