1 files changed, 32 insertions, 49 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 8b5ccd480a..61c1d71c8e 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.136 2022/01/11 18:39:28 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.137 2022/01/11 19:03:15 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1071,12 +1071,13 @@ ssl3_get_server_hello(SSL *s)
 int
 ssl3_get_server_certificate(SSL *s)
 {
-        int al, i, ret;
        CBS cbs, cert_list;
        X509 *x = NULL;
        const unsigned char *q;
        STACK_OF(X509) *sk = NULL;
-        EVP_PKEY *pkey = NULL;
+        EVP_PKEY *pkey;
+        int cert_type;
+        int al, ret;
        if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A,
            SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0)
@@ -1144,12 +1145,11 @@ ssl3_get_server_certificate(SSL *s)
                x = NULL;
        }
-        i = ssl_verify_cert_chain(s, sk);
+        if (ssl_verify_cert_chain(s, sk) <= 0 &&
-        if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) {
+            s->verify_mode != SSL_VERIFY_NONE) {
                al = ssl_verify_alarm_type(s->verify_result);
                SSLerror(s, SSL_R_CERTIFICATE_VERIFY_FAILED);
                goto fatal_err;
        }
        ERR_clear_error(); /* but we keep s->verify_result */
@@ -1159,39 +1159,31 @@ ssl3_get_server_certificate(SSL *s)
         */
        x = sk_X509_value(sk, 0);
-        pkey = X509_get_pubkey(x);
+        if ((pkey = X509_get0_pubkey(x)) == NULL ||
+            EVP_PKEY_missing_parameters(pkey)) {
-        if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) {
                x = NULL;
                al = SSL3_AL_FATAL;
                SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
                goto fatal_err;
        }
+        if ((cert_type = ssl_cert_type(x, pkey)) < 0) {
-        i = ssl_cert_type(x, pkey);
-        if (i < 0) {
                x = NULL;
                al = SSL3_AL_FATAL;
                SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
                goto fatal_err;
        }
-        s->session->peer_cert_type = i;
-        sk_X509_pop_free(s->session->cert_chain, X509_free);
-        s->session->cert_chain = sk;
-        sk = NULL;
-        X509_up_ref(x);
-        X509_free(s->session->peer_pkeys[i].x509);
-        s->session->peer_pkeys[i].x509 = x;
-        s->session->peer_key = &s->session->peer_pkeys[i];
        X509_up_ref(x);
        X509_free(s->session->peer_cert);
        s->session->peer_cert = x;
+        s->session->peer_cert_type = cert_type;
        s->session->verify_result = s->verify_result;
+        sk_X509_pop_free(s->session->cert_chain, X509_free);
+        s->session->cert_chain = sk;
+        sk = NULL;
        x = NULL;
        ret = 1;
@@ -1204,7 +1196,6 @@ ssl3_get_server_certificate(SSL *s)
                ssl3_send_alert(s, SSL3_AL_FATAL, al);
        }
 err:
-        EVP_PKEY_free(pkey);
        X509_free(x);
        sk_X509_pop_free(sk, X509_free);
@@ -1377,12 +1368,12 @@ ssl3_get_server_key_exchange(SSL *s)
                EVP_PKEY_CTX *pctx;
                EVP_PKEY *pkey = NULL;
-                if ((alg_a & SSL_aRSA) != 0) {
+                if ((alg_a & SSL_aRSA) != 0 &&
-                        pkey = X509_get0_pubkey(
+                    s->session->peer_cert_type == SSL_PKEY_RSA) {
-                            s->session->peer_pkeys[SSL_PKEY_RSA].x509);
+                        pkey = X509_get0_pubkey(s->session->peer_cert);
-                } else if ((alg_a & SSL_aECDSA) != 0) {
+                } else if ((alg_a & SSL_aECDSA) != 0 &&
-                        pkey = X509_get0_pubkey(
+                    s->session->peer_cert_type == SSL_PKEY_ECC) {
-                            s->session->peer_pkeys[SSL_PKEY_ECC].x509);
+                        pkey = X509_get0_pubkey(s->session->peer_cert);
                }
                if (pkey == NULL) {
                        al = SSL_AD_ILLEGAL_PARAMETER;
@@ -1800,7 +1791,7 @@ ssl3_send_client_kex_rsa(SSL *s, CBB *cbb)
        unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH];
        unsigned char *enc_pms = NULL;
        uint16_t max_legacy_version;
-        EVP_PKEY *pkey = NULL;
+        EVP_PKEY *pkey;
        RSA *rsa;
        int ret = 0;
        int enc_len;
@@ -1810,7 +1801,7 @@ ssl3_send_client_kex_rsa(SSL *s, CBB *cbb)
         * RSA-Encrypted Premaster Secret Message - RFC 5246 section 7.4.7.1.
         */
-        pkey = X509_get_pubkey(s->session->peer_pkeys[SSL_PKEY_RSA].x509);
+        pkey = X509_get0_pubkey(s->session->peer_cert);
        if (pkey == NULL || (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) {
                SSLerror(s, ERR_R_INTERNAL_ERROR);
                goto err;
@@ -1855,7 +1846,6 @@ ssl3_send_client_kex_rsa(SSL *s, CBB *cbb)
 err:
        explicit_bzero(pms, sizeof(pms));
-        EVP_PKEY_free(pkey);
        free(enc_pms);
        return ret;
@@ -1938,8 +1928,7 @@ ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
        unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
        EVP_PKEY_CTX *pkey_ctx = NULL;
        EVP_MD_CTX *ukm_hash = NULL;
-        EVP_PKEY *pub_key;
+        EVP_PKEY *pkey;
-        X509 *peer_cert;
        size_t msglen;
        unsigned int md_len;
        CBB gostblob;
@@ -1947,12 +1936,12 @@ ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
        int ret = 0;
        /* Get server sertificate PKEY and create ctx from it */
-        peer_cert = s->session->peer_pkeys[SSL_PKEY_GOST01].x509;
+        pkey = X509_get0_pubkey(s->session->peer_cert);
-        if ((pub_key = X509_get0_pubkey(peer_cert)) == NULL) {
+        if (pkey == NULL || s->session->peer_cert_type != SSL_PKEY_GOST01) {
                SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
                goto err;
        }
-        if ((pkey_ctx = EVP_PKEY_CTX_new(pub_key, NULL)) == NULL) {
+        if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
                SSLerror(s, ERR_R_MALLOC_FAILURE);
                goto err;
        }
@@ -2449,9 +2438,8 @@ int
 ssl3_check_cert_and_algorithm(SSL *s)
 {
        long alg_k, alg_a;
-        EVP_PKEY *pkey = NULL;
        int nid = NID_undef;
-        int i, idx;
+        int i;
        alg_k = S3I(s)->hs.cipher->algorithm_mkey;
        alg_a = S3I(s)->hs.cipher->algorithm_auth;
@@ -2465,20 +2453,15 @@ ssl3_check_cert_and_algorithm(SSL *s)
        /* This is the passed certificate. */
-        idx = s->session->peer_cert_type;
+        if (s->session->peer_cert_type == SSL_PKEY_ECC) {
-        if (idx == SSL_PKEY_ECC) {
+                if (!ssl_check_srvr_ecc_cert_and_alg(s, s->session->peer_cert)) {
-                if (!ssl_check_srvr_ecc_cert_and_alg(s,
-                    s->session->peer_pkeys[idx].x509)) {
-                        /* check failed */
                        SSLerror(s, SSL_R_BAD_ECC_CERT);
                        goto fatal_err;
-                } else {
-                        return (1);
                }
+                return (1);
        }
-        pkey = X509_get_pubkey(s->session->peer_pkeys[idx].x509);
-        i = X509_certificate_type(s->session->peer_pkeys[idx].x509, pkey);
+        i = X509_certificate_type(s->session->peer_cert, NULL);
-        EVP_PKEY_free(pkey);
        /* Check that we have a certificate if we require one. */
        if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) {

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 8b5ccd480a..61c1d71c8e 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.136 2022/01/11 18:39:28 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.137 2022/01/11 19:03:15 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1071,12 +1071,13 @@ ssl3_get_server_hello(SSL *s)
1071	int	1071	int
1072	ssl3_get_server_certificate(SSL *s)	1072	ssl3_get_server_certificate(SSL *s)
1073	{	1073	{
1074	int al, i, ret;
1075	CBS cbs, cert_list;	1074	CBS cbs, cert_list;
1076	X509 *x = NULL;	1075	X509 *x = NULL;
1077	const unsigned char *q;	1076	const unsigned char *q;
1078	STACK_OF(X509) *sk = NULL;	1077	STACK_OF(X509) *sk = NULL;
1079	EVP_PKEY *pkey = NULL;	1078	EVP_PKEY *pkey;
		1079	int cert_type;
		1080	int al, ret;
1080		1081
1081	if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A,	1082	if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A,
1082	SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0)	1083	SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0)
@@ -1144,12 +1145,11 @@ ssl3_get_server_certificate(SSL *s)
1144	x = NULL;	1145	x = NULL;
1145	}	1146	}
1146		1147
1147	i = ssl_verify_cert_chain(s, sk);	1148	if (ssl_verify_cert_chain(s, sk) <= 0 &&
1148	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) {	1149	s->verify_mode != SSL_VERIFY_NONE) {
1149	al = ssl_verify_alarm_type(s->verify_result);	1150	al = ssl_verify_alarm_type(s->verify_result);
1150	SSLerror(s, SSL_R_CERTIFICATE_VERIFY_FAILED);	1151	SSLerror(s, SSL_R_CERTIFICATE_VERIFY_FAILED);
1151	goto fatal_err;	1152	goto fatal_err;
1152
1153	}	1153	}
1154	ERR_clear_error(); /* but we keep s->verify_result */	1154	ERR_clear_error(); /* but we keep s->verify_result */
1155		1155
@@ -1159,39 +1159,31 @@ ssl3_get_server_certificate(SSL *s)
1159	*/	1159	*/
1160	x = sk_X509_value(sk, 0);	1160	x = sk_X509_value(sk, 0);
1161		1161
1162	pkey = X509_get_pubkey(x);	1162	if ((pkey = X509_get0_pubkey(x)) == NULL \|\|
1163		1163	EVP_PKEY_missing_parameters(pkey)) {
1164	if (pkey == NULL \|\| EVP_PKEY_missing_parameters(pkey)) {
1165	x = NULL;	1164	x = NULL;
1166	al = SSL3_AL_FATAL;	1165	al = SSL3_AL_FATAL;
1167	SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);	1166	SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
1168	goto fatal_err;	1167	goto fatal_err;
1169	}	1168	}
1170		1169	if ((cert_type = ssl_cert_type(x, pkey)) < 0) {
1171	i = ssl_cert_type(x, pkey);
1172	if (i < 0) {
1173	x = NULL;	1170	x = NULL;
1174	al = SSL3_AL_FATAL;	1171	al = SSL3_AL_FATAL;
1175	SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE);	1172	SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1176	goto fatal_err;	1173	goto fatal_err;
1177	}	1174	}
1178	s->session->peer_cert_type = i;
1179
1180	sk_X509_pop_free(s->session->cert_chain, X509_free);
1181	s->session->cert_chain = sk;
1182	sk = NULL;
1183
1184	X509_up_ref(x);
1185	X509_free(s->session->peer_pkeys[i].x509);
1186	s->session->peer_pkeys[i].x509 = x;
1187	s->session->peer_key = &s->session->peer_pkeys[i];
1188		1175
1189	X509_up_ref(x);	1176	X509_up_ref(x);
1190	X509_free(s->session->peer_cert);	1177	X509_free(s->session->peer_cert);
1191	s->session->peer_cert = x;	1178	s->session->peer_cert = x;
		1179	s->session->peer_cert_type = cert_type;
1192		1180
1193	s->session->verify_result = s->verify_result;	1181	s->session->verify_result = s->verify_result;
1194		1182
		1183	sk_X509_pop_free(s->session->cert_chain, X509_free);
		1184	s->session->cert_chain = sk;
		1185	sk = NULL;
		1186
1195	x = NULL;	1187	x = NULL;
1196	ret = 1;	1188	ret = 1;
1197		1189
@@ -1204,7 +1196,6 @@ ssl3_get_server_certificate(SSL *s)
1204	ssl3_send_alert(s, SSL3_AL_FATAL, al);	1196	ssl3_send_alert(s, SSL3_AL_FATAL, al);
1205	}	1197	}
1206	err:	1198	err:
1207	EVP_PKEY_free(pkey);
1208	X509_free(x);	1199	X509_free(x);
1209	sk_X509_pop_free(sk, X509_free);	1200	sk_X509_pop_free(sk, X509_free);
1210		1201
@@ -1377,12 +1368,12 @@ ssl3_get_server_key_exchange(SSL *s)
1377	EVP_PKEY_CTX *pctx;	1368	EVP_PKEY_CTX *pctx;
1378	EVP_PKEY *pkey = NULL;	1369	EVP_PKEY *pkey = NULL;
1379		1370
1380	if ((alg_a & SSL_aRSA) != 0) {	1371	if ((alg_a & SSL_aRSA) != 0 &&
1381	pkey = X509_get0_pubkey(	1372	s->session->peer_cert_type == SSL_PKEY_RSA) {
1382	s->session->peer_pkeys[SSL_PKEY_RSA].x509);	1373	pkey = X509_get0_pubkey(s->session->peer_cert);
1383	} else if ((alg_a & SSL_aECDSA) != 0) {	1374	} else if ((alg_a & SSL_aECDSA) != 0 &&
1384	pkey = X509_get0_pubkey(	1375	s->session->peer_cert_type == SSL_PKEY_ECC) {
1385	s->session->peer_pkeys[SSL_PKEY_ECC].x509);	1376	pkey = X509_get0_pubkey(s->session->peer_cert);
1386	}	1377	}
1387	if (pkey == NULL) {	1378	if (pkey == NULL) {
1388	al = SSL_AD_ILLEGAL_PARAMETER;	1379	al = SSL_AD_ILLEGAL_PARAMETER;
@@ -1800,7 +1791,7 @@ ssl3_send_client_kex_rsa(SSL s, CBB cbb)
1800	unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH];	1791	unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH];
1801	unsigned char *enc_pms = NULL;	1792	unsigned char *enc_pms = NULL;
1802	uint16_t max_legacy_version;	1793	uint16_t max_legacy_version;
1803	EVP_PKEY *pkey = NULL;	1794	EVP_PKEY *pkey;
1804	RSA *rsa;	1795	RSA *rsa;
1805	int ret = 0;	1796	int ret = 0;
1806	int enc_len;	1797	int enc_len;
@@ -1810,7 +1801,7 @@ ssl3_send_client_kex_rsa(SSL s, CBB cbb)
1810	* RSA-Encrypted Premaster Secret Message - RFC 5246 section 7.4.7.1.	1801	* RSA-Encrypted Premaster Secret Message - RFC 5246 section 7.4.7.1.
1811	*/	1802	*/
1812		1803
1813	pkey = X509_get_pubkey(s->session->peer_pkeys[SSL_PKEY_RSA].x509);	1804	pkey = X509_get0_pubkey(s->session->peer_cert);
1814	if (pkey == NULL \|\| (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) {	1805	if (pkey == NULL \|\| (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) {
1815	SSLerror(s, ERR_R_INTERNAL_ERROR);	1806	SSLerror(s, ERR_R_INTERNAL_ERROR);
1816	goto err;	1807	goto err;
@@ -1855,7 +1846,6 @@ ssl3_send_client_kex_rsa(SSL s, CBB cbb)
1855		1846
1856	err:	1847	err:
1857	explicit_bzero(pms, sizeof(pms));	1848	explicit_bzero(pms, sizeof(pms));
1858	EVP_PKEY_free(pkey);
1859	free(enc_pms);	1849	free(enc_pms);
1860		1850
1861	return ret;	1851	return ret;
@@ -1938,8 +1928,7 @@ ssl3_send_client_kex_gost(SSL s, CBB cbb)
1938	unsigned char premaster_secret[32], shared_ukm[32], tmp[256];	1928	unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
1939	EVP_PKEY_CTX *pkey_ctx = NULL;	1929	EVP_PKEY_CTX *pkey_ctx = NULL;
1940	EVP_MD_CTX *ukm_hash = NULL;	1930	EVP_MD_CTX *ukm_hash = NULL;
1941	EVP_PKEY *pub_key;	1931	EVP_PKEY *pkey;
1942	X509 *peer_cert;
1943	size_t msglen;	1932	size_t msglen;
1944	unsigned int md_len;	1933	unsigned int md_len;
1945	CBB gostblob;	1934	CBB gostblob;
@@ -1947,12 +1936,12 @@ ssl3_send_client_kex_gost(SSL s, CBB cbb)
1947	int ret = 0;	1936	int ret = 0;
1948		1937
1949	/* Get server sertificate PKEY and create ctx from it */	1938	/* Get server sertificate PKEY and create ctx from it */
1950	peer_cert = s->session->peer_pkeys[SSL_PKEY_GOST01].x509;	1939	pkey = X509_get0_pubkey(s->session->peer_cert);
1951	if ((pub_key = X509_get0_pubkey(peer_cert)) == NULL) {	1940	if (pkey == NULL \|\| s->session->peer_cert_type != SSL_PKEY_GOST01) {
1952	SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);	1941	SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
1953	goto err;	1942	goto err;
1954	}	1943	}
1955	if ((pkey_ctx = EVP_PKEY_CTX_new(pub_key, NULL)) == NULL) {	1944	if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
1956	SSLerror(s, ERR_R_MALLOC_FAILURE);	1945	SSLerror(s, ERR_R_MALLOC_FAILURE);
1957	goto err;	1946	goto err;
1958	}	1947	}
@@ -2449,9 +2438,8 @@ int
2449	ssl3_check_cert_and_algorithm(SSL *s)	2438	ssl3_check_cert_and_algorithm(SSL *s)
2450	{	2439	{
2451	long alg_k, alg_a;	2440	long alg_k, alg_a;
2452	EVP_PKEY *pkey = NULL;
2453	int nid = NID_undef;	2441	int nid = NID_undef;
2454	int i, idx;	2442	int i;
2455		2443
2456	alg_k = S3I(s)->hs.cipher->algorithm_mkey;	2444	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
2457	alg_a = S3I(s)->hs.cipher->algorithm_auth;	2445	alg_a = S3I(s)->hs.cipher->algorithm_auth;
@@ -2465,20 +2453,15 @@ ssl3_check_cert_and_algorithm(SSL *s)
2465		2453
2466	/* This is the passed certificate. */	2454	/* This is the passed certificate. */
2467		2455
2468	idx = s->session->peer_cert_type;	2456	if (s->session->peer_cert_type == SSL_PKEY_ECC) {
2469	if (idx == SSL_PKEY_ECC) {	2457	if (!ssl_check_srvr_ecc_cert_and_alg(s, s->session->peer_cert)) {
2470	if (!ssl_check_srvr_ecc_cert_and_alg(s,
2471	s->session->peer_pkeys[idx].x509)) {
2472	/* check failed */
2473	SSLerror(s, SSL_R_BAD_ECC_CERT);	2458	SSLerror(s, SSL_R_BAD_ECC_CERT);
2474	goto fatal_err;	2459	goto fatal_err;
2475	} else {
2476	return (1);
2477	}	2460	}
		2461	return (1);
2478	}	2462	}
2479	pkey = X509_get_pubkey(s->session->peer_pkeys[idx].x509);	2463
2480	i = X509_certificate_type(s->session->peer_pkeys[idx].x509, pkey);	2464	i = X509_certificate_type(s->session->peer_cert, NULL);
2481	EVP_PKEY_free(pkey);
2482		2465
2483	/* Check that we have a certificate if we require one. */	2466	/* Check that we have a certificate if we require one. */
2484	if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA\|EVP_PKT_SIGN)) {	2467	if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA\|EVP_PKT_SIGN)) {