7 files changed, 45 insertions, 166 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 508e131730..605f0a59ad 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.85 2017/03/05 14:24:12 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.86 2017/03/10 16:03:27 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -519,13 +519,23 @@ dtls1_accept(SSL *s)
                                s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
                                s->internal->init_num = 0;
-                                /* We need to get hashes here so if there is
+                                /*
-                                 * a client cert, it can be verified */
+                                 * We need to get hashes here so if there is
-                                tls1_cert_verify_mac(s,
+                                 * a client cert, it can be verified.
-                                    NID_md5, &(S3I(s)->tmp.cert_verify_md[0]));
+                                 */
-                                tls1_cert_verify_mac(s,
+                                if (S3I(s)->handshake_buffer) {
-                                    NID_sha1,
+                                        if (!tls1_digest_cached_records(s)) {
-                                    &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
+                                                ret = -1;
+                                                goto end;
+                                        }
+                                }
+                                if (!tls1_handshake_hash_value(s,
+                                    S3I(s)->tmp.cert_verify_md,
+                                    sizeof(S3I(s)->tmp.cert_verify_md),
+                                    NULL)) {
+                                        ret = -1;
+                                        goto end;
+                                }
                        }
                        break;
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index d6bf6a4574..8d45e1f8c1 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.137 2017/03/05 14:39:53 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.138 2017/03/10 16:03:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1842,7 +1842,6 @@ ssl3_free(SSL *s)
        BIO_free(S3I(s)->handshake_buffer);
-        tls1_free_digest_list(s);
        tls1_handshake_hash_free(s);
        free(S3I(s)->alpn_selected);
@@ -1884,7 +1883,6 @@ ssl3_clear(SSL *s)
        BIO_free(S3I(s)->handshake_buffer);
        S3I(s)->handshake_buffer = NULL;
-        tls1_free_digest_list(s);
        tls1_handshake_hash_free(s);
        free(S3I(s)->alpn_selected);
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index da48765aba..49af292d6c 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.95 2017/03/05 14:39:53 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.96 2017/03/10 16:03:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -193,12 +193,6 @@ static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
        0, 0, 0, 0, 0, 0, 0,
 };
-static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = {
-        SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA,
-        SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
-        SSL_HANDSHAKE_MAC_SHA384, SSL_HANDSHAKE_MAC_STREEBOG256,
-};
 #define CIPHER_ADD      1
 #define CIPHER_KILL     2
 #define CIPHER_DEL      3
@@ -706,20 +700,6 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead)
 }
 int
-ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
-{
-        if (idx < 0 || idx >= SSL_MD_NUM_IDX) {
-                return 0;
-        }
-        *mask = ssl_handshake_digest_flag[idx];
-        if (*mask)
-                *md = ssl_digest_methods[idx];
-        else
-                *md = NULL;
-        return 1;
-}
-int
 ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md)
 {
        *md = NULL;
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 8dd30e87fb..1cdbf86c50 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.10 2017/03/05 14:39:53 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.11 2017/03/10 16:03:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2354,13 +2354,21 @@ ssl3_send_client_verify(SSL *s)
                pkey = s->cert->key->privatekey;
                pctx = EVP_PKEY_CTX_new(pkey, NULL);
                EVP_PKEY_sign_init(pctx);
-                if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
-                        if (!SSL_USE_SIGALGS(s))
+                /* XXX - is this needed? */
-                                tls1_cert_verify_mac(s,
+                if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) <= 0)
-                                    NID_sha1, &(data[MD5_DIGEST_LENGTH]));
-                } else {
                        ERR_clear_error();
+                if (!SSL_USE_SIGALGS(s)) {
+                        if (S3I(s)->handshake_buffer) {
+                                if (!tls1_digest_cached_records(s))
+                                        goto err;
+                        }
+                        if (!tls1_handshake_hash_value(s, data, sizeof(data),
+                            NULL))
+                                goto err;
                }
                /*
                 * For TLS v1.2 send signature algorithm and signature
                 * using agreed digest and cached handshake records.
@@ -2388,8 +2396,6 @@ ssl3_send_client_verify(SSL *s)
                        if (!tls1_digest_cached_records(s))
                                goto err;
                } else if (pkey->type == EVP_PKEY_RSA) {
-                        tls1_cert_verify_mac(
-                            s, NID_md5, &(data[0]));
                        if (RSA_sign(NID_md5_sha1, data,
                            MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),
                            &u, pkey->pkey.rsa) <= 0 ) {
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 3f5d6fad20..b68b680106 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.177 2017/03/05 14:39:53 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.178 2017/03/10 16:03:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -805,10 +805,6 @@ typedef struct ssl3_state_internal_st {
        /* used during startup, digest all incoming/outgoing packets */
        BIO *handshake_buffer;
-        /* When set of handshake digests is determined, buffer is hashed
-         * and freed and MD_CTX-es for all required digests are stored in
-         * this array */
-        EVP_MD_CTX **handshake_dgst;
        /* Rolling hash of handshake messages. */
        EVP_MD_CTX *handshake_hash;
@@ -1103,7 +1099,6 @@ void ssl_update_cache(SSL *s, int mode);
 int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
    const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size);
 int ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead);
-int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md);
 int ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md);
 int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
@@ -1293,7 +1288,6 @@ int tls1_change_cipher_state(SSL *s, int which);
 int tls1_setup_key_block(SSL *s);
 int tls1_enc(SSL *s, int snd);
 int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *p);
-int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
 int tls1_mac(SSL *ssl, unsigned char *md, int snd);
 int tls1_generate_master_secret(SSL *s, unsigned char *out,
    unsigned char *p, int len);
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index a48cf246da..d98a76f8f0 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.10 2017/03/05 14:39:53 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.11 2017/03/10 16:03:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -493,18 +493,12 @@ ssl3_accept(SSL *s)
                                        goto end;
                                }
                        } else {
-                                int offset = 0;
-                                int dgst_num;
                                s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
                                s->internal->init_num = 0;
                                /*
                                 * We need to get hashes here so if there is
-                                 * a client cert, it can be verified
+                                 * a client cert, it can be verified.
-                                 * FIXME - digest processing for
-                                 * CertificateVerify should be generalized.
-                                 * But it is next step
                                 */
                                if (S3I(s)->handshake_buffer) {
                                        if (!tls1_digest_cached_records(s)) {
@@ -512,22 +506,12 @@ ssl3_accept(SSL *s)
                                                goto end;
                                        }
                                }
-                                for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST;
+                                if (!tls1_handshake_hash_value(s,
-                                    dgst_num++)
+                                    S3I(s)->tmp.cert_verify_md,
-                                        if (S3I(s)->handshake_dgst[dgst_num]) {
+                                    sizeof(S3I(s)->tmp.cert_verify_md),
-                                        int dgst_size;
+                                    NULL)) {
+                                        ret = -1;
-                                        tls1_cert_verify_mac(s,
+                                        goto end;
-                                            EVP_MD_CTX_type(
-                                            S3I(s)->handshake_dgst[dgst_num]),
-                                            &(S3I(s)->tmp.cert_verify_md[offset]));
-                                        dgst_size = EVP_MD_CTX_size(
-                                            S3I(s)->handshake_dgst[dgst_num]);
-                                        if (dgst_size < 0) {
-                                                ret = -1;
-                                                goto end;
-                                        }
-                                        offset += dgst_size;
                                }
                        }
                        break;
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 0179ac3061..e9a9713134 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.101 2017/03/10 15:08:49 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.102 2017/03/10 16:03:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -165,7 +165,6 @@ int
 tls1_init_finished_mac(SSL *s)
 {
        BIO_free(S3I(s)->handshake_buffer);
-        tls1_free_digest_list(s);
        S3I(s)->handshake_buffer = BIO_new(BIO_s_mem());
        if (S3I(s)->handshake_buffer == NULL)
@@ -176,29 +175,9 @@ tls1_init_finished_mac(SSL *s)
        return (1);
 }
-void
-tls1_free_digest_list(SSL *s)
-{
-        int i;
-        if (s == NULL)
-                return;
-        if (S3I(s)->handshake_dgst == NULL)
-                return;
-        for (i = 0; i < SSL_MAX_DIGEST; i++) {
-                if (S3I(s)->handshake_dgst[i])
-                        EVP_MD_CTX_destroy(S3I(s)->handshake_dgst[i]);
-        }
-        free(S3I(s)->handshake_dgst);
-        S3I(s)->handshake_dgst = NULL;
-}
 int
 tls1_finish_mac(SSL *s, const unsigned char *buf, int len)
 {
-        int i;
        if (len < 0)
                return 0;
@@ -211,60 +190,21 @@ tls1_finish_mac(SSL *s, const unsigned char *buf, int len)
                return 1;
        }
-        for (i = 0; i < SSL_MAX_DIGEST; i++) {
-                if (S3I(s)->handshake_dgst[i] == NULL)
-                        continue;
-                if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], buf, len)) {
-                        SSLerror(s, ERR_R_EVP_LIB);
-                        return 0;
-                }
-        }
        return 1;
 }
 int
 tls1_digest_cached_records(SSL *s)
 {
-        const EVP_MD *md;
+        long hdatalen;
-        long hdatalen, mask;
        void *hdata;
-        int i;
-        tls1_free_digest_list(s);
-        S3I(s)->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *));
-        if (S3I(s)->handshake_dgst == NULL) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
        hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
        if (hdatalen <= 0) {
                SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH);
                goto err;
        }
-        /* Loop through bits of the algorithm2 field and create MD contexts. */
-        for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) {
-                if ((mask & ssl_get_algorithm2(s)) == 0 || md == NULL)
-                        continue;
-                S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create();
-                if (S3I(s)->handshake_dgst[i] == NULL) {
-                        SSLerror(s, ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) {
-                        SSLerror(s, ERR_R_EVP_LIB);
-                        goto err;
-                }
-                if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], hdata,
-                    hdatalen)) {
-                        SSLerror(s, ERR_R_EVP_LIB);
-                        goto err;
-                }
-        }
        if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
                BIO_free(S3I(s)->handshake_buffer);
                S3I(s)->handshake_buffer = NULL;
@@ -273,7 +213,6 @@ tls1_digest_cached_records(SSL *s)
        return 1;
 err:
-        tls1_free_digest_list(s);
        return 0;
 }
@@ -1091,38 +1030,6 @@ tls1_enc(SSL *s, int send)
 }
 int
-tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
-{
-        EVP_MD_CTX ctx, *d = NULL;
-        unsigned int ret;
-        int i;
-        if (S3I(s)->handshake_buffer)
-                if (!tls1_digest_cached_records(s))
-                        return 0;
-        for (i = 0; i < SSL_MAX_DIGEST; i++) {
-                if (S3I(s)->handshake_dgst[i] &&
-                    EVP_MD_CTX_type(S3I(s)->handshake_dgst[i]) == md_nid) {
-                        d = S3I(s)->handshake_dgst[i];
-                        break;
-                }
-        }
-        if (d == NULL) {
-                SSLerror(s, SSL_R_NO_REQUIRED_DIGEST);
-                return 0;
-        }
-        EVP_MD_CTX_init(&ctx);
-        if (!EVP_MD_CTX_copy_ex(&ctx, d))
-                return 0;
-        EVP_DigestFinal_ex(&ctx, out, &ret);
-        EVP_MD_CTX_cleanup(&ctx);
-        return ((int)ret);
-}
-int
 tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
 {
        unsigned char buf1[EVP_MAX_MD_SIZE];

diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 508e131730..605f0a59ad 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_srvr.c,v 1.85 2017/03/05 14:24:12 jsing Exp $ */	1	/* $OpenBSD: d1_srvr.c,v 1.86 2017/03/10 16:03:27 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -519,13 +519,23 @@ dtls1_accept(SSL *s)
519	s->internal->state = SSL3_ST_SR_CERT_VRFY_A;	519	s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
520	s->internal->init_num = 0;	520	s->internal->init_num = 0;
521		521
522	/* We need to get hashes here so if there is	522	/*
523	* a client cert, it can be verified */	523	* We need to get hashes here so if there is
524	tls1_cert_verify_mac(s,	524	* a client cert, it can be verified.
525	NID_md5, &(S3I(s)->tmp.cert_verify_md[0]));	525	*/
526	tls1_cert_verify_mac(s,	526	if (S3I(s)->handshake_buffer) {
527	NID_sha1,	527	if (!tls1_digest_cached_records(s)) {
528	&(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));	528	ret = -1;
		529	goto end;
		530	}
		531	}
		532	if (!tls1_handshake_hash_value(s,
		533	S3I(s)->tmp.cert_verify_md,
		534	sizeof(S3I(s)->tmp.cert_verify_md),
		535	NULL)) {
		536	ret = -1;
		537	goto end;
		538	}
529	}	539	}
530	break;	540	break;
531		541


diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index d6bf6a4574..8d45e1f8c1 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.137 2017/03/05 14:39:53 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.138 2017/03/10 16:03:27 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1842,7 +1842,6 @@ ssl3_free(SSL *s)
1842		1842
1843	BIO_free(S3I(s)->handshake_buffer);	1843	BIO_free(S3I(s)->handshake_buffer);
1844		1844
1845	tls1_free_digest_list(s);
1846	tls1_handshake_hash_free(s);	1845	tls1_handshake_hash_free(s);
1847		1846
1848	free(S3I(s)->alpn_selected);	1847	free(S3I(s)->alpn_selected);
@@ -1884,7 +1883,6 @@ ssl3_clear(SSL *s)
1884	BIO_free(S3I(s)->handshake_buffer);	1883	BIO_free(S3I(s)->handshake_buffer);
1885	S3I(s)->handshake_buffer = NULL;	1884	S3I(s)->handshake_buffer = NULL;
1886		1885
1887	tls1_free_digest_list(s);
1888	tls1_handshake_hash_free(s);	1886	tls1_handshake_hash_free(s);
1889		1887
1890	free(S3I(s)->alpn_selected);	1888	free(S3I(s)->alpn_selected);


diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index da48765aba..49af292d6c 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_ciph.c,v 1.95 2017/03/05 14:39:53 jsing Exp $ */	1	/* $OpenBSD: ssl_ciph.c,v 1.96 2017/03/10 16:03:27 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -193,12 +193,6 @@ static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
193	0, 0, 0, 0, 0, 0, 0,	193	0, 0, 0, 0, 0, 0, 0,
194	};	194	};
195		195
196	static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = {
197	SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA,
198	SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
199	SSL_HANDSHAKE_MAC_SHA384, SSL_HANDSHAKE_MAC_STREEBOG256,
200	};
201
202	#define CIPHER_ADD 1	196	#define CIPHER_ADD 1
203	#define CIPHER_KILL 2	197	#define CIPHER_KILL 2
204	#define CIPHER_DEL 3	198	#define CIPHER_DEL 3
@@ -706,20 +700,6 @@ ssl_cipher_get_evp_aead(const SSL_SESSION s, const EVP_AEAD *aead)
706	}	700	}
707		701
708	int	702	int
709	ssl_get_handshake_digest(int idx, long mask, const EVP_MD *md)
710	{
711	if (idx < 0 \|\| idx >= SSL_MD_NUM_IDX) {
712	return 0;
713	}
714	*mask = ssl_handshake_digest_flag[idx];
715	if (*mask)
716	*md = ssl_digest_methods[idx];
717	else
718	*md = NULL;
719	return 1;
720	}
721
722	int
723	ssl_get_handshake_evp_md(SSL s, const EVP_MD *md)	703	ssl_get_handshake_evp_md(SSL s, const EVP_MD *md)
724	{	704	{
725	*md = NULL;	705	*md = NULL;


diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 8dd30e87fb..1cdbf86c50 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.10 2017/03/05 14:39:53 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.11 2017/03/10 16:03:27 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2354,13 +2354,21 @@ ssl3_send_client_verify(SSL *s)
2354	pkey = s->cert->key->privatekey;	2354	pkey = s->cert->key->privatekey;
2355	pctx = EVP_PKEY_CTX_new(pkey, NULL);	2355	pctx = EVP_PKEY_CTX_new(pkey, NULL);
2356	EVP_PKEY_sign_init(pctx);	2356	EVP_PKEY_sign_init(pctx);
2357	if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {	2357
2358	if (!SSL_USE_SIGALGS(s))	2358	/* XXX - is this needed? */
2359	tls1_cert_verify_mac(s,	2359	if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) <= 0)
2360	NID_sha1, &(data[MD5_DIGEST_LENGTH]));
2361	} else {
2362	ERR_clear_error();	2360	ERR_clear_error();
		2361
		2362	if (!SSL_USE_SIGALGS(s)) {
		2363	if (S3I(s)->handshake_buffer) {
		2364	if (!tls1_digest_cached_records(s))
		2365	goto err;
		2366	}
		2367	if (!tls1_handshake_hash_value(s, data, sizeof(data),
		2368	NULL))
		2369	goto err;
2363	}	2370	}
		2371
2364	/*	2372	/*
2365	* For TLS v1.2 send signature algorithm and signature	2373	* For TLS v1.2 send signature algorithm and signature
2366	* using agreed digest and cached handshake records.	2374	* using agreed digest and cached handshake records.
@@ -2388,8 +2396,6 @@ ssl3_send_client_verify(SSL *s)
2388	if (!tls1_digest_cached_records(s))	2396	if (!tls1_digest_cached_records(s))
2389	goto err;	2397	goto err;
2390	} else if (pkey->type == EVP_PKEY_RSA) {	2398	} else if (pkey->type == EVP_PKEY_RSA) {
2391	tls1_cert_verify_mac(
2392	s, NID_md5, &(data[0]));
2393	if (RSA_sign(NID_md5_sha1, data,	2399	if (RSA_sign(NID_md5_sha1, data,
2394	MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),	2400	MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),
2395	&u, pkey->pkey.rsa) <= 0 ) {	2401	&u, pkey->pkey.rsa) <= 0 ) {


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 3f5d6fad20..b68b680106 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.177 2017/03/05 14:39:53 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.178 2017/03/10 16:03:27 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -805,10 +805,6 @@ typedef struct ssl3_state_internal_st {
805		805
806	/* used during startup, digest all incoming/outgoing packets */	806	/* used during startup, digest all incoming/outgoing packets */
807	BIO *handshake_buffer;	807	BIO *handshake_buffer;
808	/* When set of handshake digests is determined, buffer is hashed
809	* and freed and MD_CTX-es for all required digests are stored in
810	* this array */
811	EVP_MD_CTX **handshake_dgst;
812		808
813	/* Rolling hash of handshake messages. */	809	/* Rolling hash of handshake messages. */
814	EVP_MD_CTX *handshake_hash;	810	EVP_MD_CTX *handshake_hash;
@@ -1103,7 +1099,6 @@ void ssl_update_cache(SSL *s, int mode);
1103	int ssl_cipher_get_evp(const SSL_SESSION s, const EVP_CIPHER *enc,	1099	int ssl_cipher_get_evp(const SSL_SESSION s, const EVP_CIPHER *enc,
1104	const EVP_MD *md, int mac_pkey_type, int *mac_secret_size);	1100	const EVP_MD *md, int mac_pkey_type, int *mac_secret_size);
1105	int ssl_cipher_get_evp_aead(const SSL_SESSION s, const EVP_AEAD *aead);	1101	int ssl_cipher_get_evp_aead(const SSL_SESSION s, const EVP_AEAD *aead);
1106	int ssl_get_handshake_digest(int i, long mask, const EVP_MD *md);
1107	int ssl_get_handshake_evp_md(SSL s, const EVP_MD *md);	1102	int ssl_get_handshake_evp_md(SSL s, const EVP_MD *md);
1108		1103
1109	int ssl_verify_cert_chain(SSL s, STACK_OF(X509) sk);	1104	int ssl_verify_cert_chain(SSL s, STACK_OF(X509) sk);
@@ -1293,7 +1288,6 @@ int tls1_change_cipher_state(SSL *s, int which);
1293	int tls1_setup_key_block(SSL *s);	1288	int tls1_setup_key_block(SSL *s);
1294	int tls1_enc(SSL *s, int snd);	1289	int tls1_enc(SSL *s, int snd);
1295	int tls1_final_finish_mac(SSL s, const char str, int slen, unsigned char *p);	1290	int tls1_final_finish_mac(SSL s, const char str, int slen, unsigned char *p);
1296	int tls1_cert_verify_mac(SSL s, int md_nid, unsigned char p);
1297	int tls1_mac(SSL ssl, unsigned char md, int snd);	1291	int tls1_mac(SSL ssl, unsigned char md, int snd);
1298	int tls1_generate_master_secret(SSL s, unsigned char out,	1292	int tls1_generate_master_secret(SSL s, unsigned char out,
1299	unsigned char *p, int len);	1293	unsigned char *p, int len);


diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index a48cf246da..d98a76f8f0 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.10 2017/03/05 14:39:53 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.11 2017/03/10 16:03:27 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -493,18 +493,12 @@ ssl3_accept(SSL *s)
493	goto end;	493	goto end;
494	}	494	}
495	} else {	495	} else {
496	int offset = 0;
497	int dgst_num;
498
499	s->internal->state = SSL3_ST_SR_CERT_VRFY_A;	496	s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
500	s->internal->init_num = 0;	497	s->internal->init_num = 0;
501		498
502	/*	499	/*
503	* We need to get hashes here so if there is	500	* We need to get hashes here so if there is
504	* a client cert, it can be verified	501	* a client cert, it can be verified.
505	* FIXME - digest processing for
506	* CertificateVerify should be generalized.
507	* But it is next step
508	*/	502	*/
509	if (S3I(s)->handshake_buffer) {	503	if (S3I(s)->handshake_buffer) {
510	if (!tls1_digest_cached_records(s)) {	504	if (!tls1_digest_cached_records(s)) {
@@ -512,22 +506,12 @@ ssl3_accept(SSL *s)
512	goto end;	506	goto end;
513	}	507	}
514	}	508	}
515	for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST;	509	if (!tls1_handshake_hash_value(s,
516	dgst_num++)	510	S3I(s)->tmp.cert_verify_md,
517	if (S3I(s)->handshake_dgst[dgst_num]) {	511	sizeof(S3I(s)->tmp.cert_verify_md),
518	int dgst_size;	512	NULL)) {
519		513	ret = -1;
520	tls1_cert_verify_mac(s,	514	goto end;
521	EVP_MD_CTX_type(
522	S3I(s)->handshake_dgst[dgst_num]),
523	&(S3I(s)->tmp.cert_verify_md[offset]));
524	dgst_size = EVP_MD_CTX_size(
525	S3I(s)->handshake_dgst[dgst_num]);
526	if (dgst_size < 0) {
527	ret = -1;
528	goto end;
529	}
530	offset += dgst_size;
531	}	515	}
532	}	516	}
533	break;	517	break;


diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 0179ac3061..e9a9713134 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_enc.c,v 1.101 2017/03/10 15:08:49 jsing Exp $ */	1	/* $OpenBSD: t1_enc.c,v 1.102 2017/03/10 16:03:27 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -165,7 +165,6 @@ int
165	tls1_init_finished_mac(SSL *s)	165	tls1_init_finished_mac(SSL *s)
166	{	166	{
167	BIO_free(S3I(s)->handshake_buffer);	167	BIO_free(S3I(s)->handshake_buffer);
168	tls1_free_digest_list(s);
169		168
170	S3I(s)->handshake_buffer = BIO_new(BIO_s_mem());	169	S3I(s)->handshake_buffer = BIO_new(BIO_s_mem());
171	if (S3I(s)->handshake_buffer == NULL)	170	if (S3I(s)->handshake_buffer == NULL)
@@ -176,29 +175,9 @@ tls1_init_finished_mac(SSL *s)
176	return (1);	175	return (1);
177	}	176	}
178		177
179	void
180	tls1_free_digest_list(SSL *s)
181	{
182	int i;
183
184	if (s == NULL)
185	return;
186	if (S3I(s)->handshake_dgst == NULL)
187	return;
188
189	for (i = 0; i < SSL_MAX_DIGEST; i++) {
190	if (S3I(s)->handshake_dgst[i])
191	EVP_MD_CTX_destroy(S3I(s)->handshake_dgst[i]);
192	}
193	free(S3I(s)->handshake_dgst);
194	S3I(s)->handshake_dgst = NULL;
195	}
196
197	int	178	int
198	tls1_finish_mac(SSL s, const unsigned char buf, int len)	179	tls1_finish_mac(SSL s, const unsigned char buf, int len)
199	{	180	{
200	int i;
201
202	if (len < 0)	181	if (len < 0)
203	return 0;	182	return 0;
204		183
@@ -211,60 +190,21 @@ tls1_finish_mac(SSL s, const unsigned char buf, int len)
211	return 1;	190	return 1;
212	}	191	}
213		192
214	for (i = 0; i < SSL_MAX_DIGEST; i++) {
215	if (S3I(s)->handshake_dgst[i] == NULL)
216	continue;
217	if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], buf, len)) {
218	SSLerror(s, ERR_R_EVP_LIB);
219	return 0;
220	}
221	}
222
223	return 1;	193	return 1;
224	}	194	}
225		195
226	int	196	int
227	tls1_digest_cached_records(SSL *s)	197	tls1_digest_cached_records(SSL *s)
228	{	198	{
229	const EVP_MD *md;	199	long hdatalen;
230	long hdatalen, mask;
231	void *hdata;	200	void *hdata;
232	int i;
233
234	tls1_free_digest_list(s);
235		201
236	S3I(s)->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *));
237	if (S3I(s)->handshake_dgst == NULL) {
238	SSLerror(s, ERR_R_MALLOC_FAILURE);
239	goto err;
240	}
241	hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);	202	hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
242	if (hdatalen <= 0) {	203	if (hdatalen <= 0) {
243	SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH);	204	SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH);
244	goto err;	205	goto err;
245	}	206	}
246		207
247	/* Loop through bits of the algorithm2 field and create MD contexts. */
248	for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) {
249	if ((mask & ssl_get_algorithm2(s)) == 0 \|\| md == NULL)
250	continue;
251
252	S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create();
253	if (S3I(s)->handshake_dgst[i] == NULL) {
254	SSLerror(s, ERR_R_MALLOC_FAILURE);
255	goto err;
256	}
257	if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) {
258	SSLerror(s, ERR_R_EVP_LIB);
259	goto err;
260	}
261	if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], hdata,
262	hdatalen)) {
263	SSLerror(s, ERR_R_EVP_LIB);
264	goto err;
265	}
266	}
267
268	if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {	208	if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
269	BIO_free(S3I(s)->handshake_buffer);	209	BIO_free(S3I(s)->handshake_buffer);
270	S3I(s)->handshake_buffer = NULL;	210	S3I(s)->handshake_buffer = NULL;
@@ -273,7 +213,6 @@ tls1_digest_cached_records(SSL *s)
273	return 1;	213	return 1;
274		214
275	err:	215	err:
276	tls1_free_digest_list(s);
277	return 0;	216	return 0;
278	}	217	}
279		218
@@ -1091,38 +1030,6 @@ tls1_enc(SSL *s, int send)
1091	}	1030	}
1092		1031
1093	int	1032	int
1094	tls1_cert_verify_mac(SSL s, int md_nid, unsigned char out)
1095	{
1096	EVP_MD_CTX ctx, *d = NULL;
1097	unsigned int ret;
1098	int i;
1099
1100	if (S3I(s)->handshake_buffer)
1101	if (!tls1_digest_cached_records(s))
1102	return 0;
1103
1104	for (i = 0; i < SSL_MAX_DIGEST; i++) {
1105	if (S3I(s)->handshake_dgst[i] &&
1106	EVP_MD_CTX_type(S3I(s)->handshake_dgst[i]) == md_nid) {
1107	d = S3I(s)->handshake_dgst[i];
1108	break;
1109	}
1110	}
1111	if (d == NULL) {
1112	SSLerror(s, SSL_R_NO_REQUIRED_DIGEST);
1113	return 0;
1114	}
1115
1116	EVP_MD_CTX_init(&ctx);
1117	if (!EVP_MD_CTX_copy_ex(&ctx, d))
1118	return 0;
1119	EVP_DigestFinal_ex(&ctx, out, &ret);
1120	EVP_MD_CTX_cleanup(&ctx);
1121
1122	return ((int)ret);
1123	}
1124
1125	int
1126	tls1_final_finish_mac(SSL s, const char str, int slen, unsigned char *out)	1033	tls1_final_finish_mac(SSL s, const char str, int slen, unsigned char *out)
1127	{	1034	{
1128	unsigned char buf1[EVP_MAX_MD_SIZE];	1035	unsigned char buf1[EVP_MAX_MD_SIZE];