diff options
Diffstat (limited to 'src/lib/libssl/ssl_clnt.c')
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 46 |
1 files changed, 16 insertions, 30 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 22e41da953..c2aa7e8190 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.36 2018/11/08 20:55:18 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.37 2018/11/08 22:28:52 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -244,7 +244,7 @@ ssl3_connect(SSL *s) | |||
| 244 | /* don't push the buffering BIO quite yet */ | 244 | /* don't push the buffering BIO quite yet */ |
| 245 | 245 | ||
| 246 | if (!SSL_IS_DTLS(s)) { | 246 | if (!SSL_IS_DTLS(s)) { |
| 247 | if (!tls1_init_finished_mac(s)) { | 247 | if (!tls1_transcript_init(s)) { |
| 248 | ret = -1; | 248 | ret = -1; |
| 249 | goto end; | 249 | goto end; |
| 250 | } | 250 | } |
| @@ -269,7 +269,7 @@ ssl3_connect(SSL *s) | |||
| 269 | 269 | ||
| 270 | if (SSL_IS_DTLS(s)) { | 270 | if (SSL_IS_DTLS(s)) { |
| 271 | /* every DTLS ClientHello resets Finished MAC */ | 271 | /* every DTLS ClientHello resets Finished MAC */ |
| 272 | if (!tls1_init_finished_mac(s)) { | 272 | if (!tls1_transcript_init(s)) { |
| 273 | ret = -1; | 273 | ret = -1; |
| 274 | goto end; | 274 | goto end; |
| 275 | } | 275 | } |
| @@ -583,7 +583,7 @@ ssl3_connect(SSL *s) | |||
| 583 | /* clean a few things up */ | 583 | /* clean a few things up */ |
| 584 | tls1_cleanup_key_block(s); | 584 | tls1_cleanup_key_block(s); |
| 585 | 585 | ||
| 586 | if (S3I(s)->handshake_buffer != NULL) { | 586 | if (S3I(s)->handshake_transcript != NULL) { |
| 587 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 587 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 588 | ret = -1; | 588 | ret = -1; |
| 589 | goto end; | 589 | goto end; |
| @@ -988,11 +988,8 @@ ssl3_get_server_hello(SSL *s) | |||
| 988 | * client authentication. | 988 | * client authentication. |
| 989 | */ | 989 | */ |
| 990 | alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; | 990 | alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; |
| 991 | if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) && | 991 | if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST))) |
| 992 | !tls1_digest_cached_records(s)) { | 992 | tls1_transcript_free(s); |
| 993 | al = SSL_AD_INTERNAL_ERROR; | ||
| 994 | goto f_err; | ||
| 995 | } | ||
| 996 | 993 | ||
| 997 | if (!CBS_get_u8(&cbs, &compression_method)) | 994 | if (!CBS_get_u8(&cbs, &compression_method)) |
| 998 | goto truncated; | 995 | goto truncated; |
| @@ -1619,10 +1616,7 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1619 | * If we get here we don't need any cached handshake records | 1616 | * If we get here we don't need any cached handshake records |
| 1620 | * as we wont be doing client auth. | 1617 | * as we wont be doing client auth. |
| 1621 | */ | 1618 | */ |
| 1622 | if (S3I(s)->handshake_buffer) { | 1619 | tls1_transcript_free(s); |
| 1623 | if (!tls1_digest_cached_records(s)) | ||
| 1624 | goto err; | ||
| 1625 | } | ||
| 1626 | return (1); | 1620 | return (1); |
| 1627 | } | 1621 | } |
| 1628 | 1622 | ||
| @@ -2372,12 +2366,12 @@ ssl3_send_client_verify(SSL *s) | |||
| 2372 | unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; | 2366 | unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; |
| 2373 | unsigned char *signature = NULL; | 2367 | unsigned char *signature = NULL; |
| 2374 | unsigned int signature_len; | 2368 | unsigned int signature_len; |
| 2369 | const unsigned char *hdata; | ||
| 2370 | size_t hdatalen; | ||
| 2375 | EVP_PKEY_CTX *pctx = NULL; | 2371 | EVP_PKEY_CTX *pctx = NULL; |
| 2376 | EVP_PKEY *pkey; | 2372 | EVP_PKEY *pkey; |
| 2377 | EVP_MD_CTX mctx; | 2373 | EVP_MD_CTX mctx; |
| 2378 | const EVP_MD *md; | 2374 | const EVP_MD *md; |
| 2379 | long hdatalen; | ||
| 2380 | void *hdata; | ||
| 2381 | 2375 | ||
| 2382 | EVP_MD_CTX_init(&mctx); | 2376 | EVP_MD_CTX_init(&mctx); |
| 2383 | 2377 | ||
| @@ -2404,10 +2398,7 @@ ssl3_send_client_verify(SSL *s) | |||
| 2404 | goto err; | 2398 | goto err; |
| 2405 | 2399 | ||
| 2406 | if (!SSL_USE_SIGALGS(s)) { | 2400 | if (!SSL_USE_SIGALGS(s)) { |
| 2407 | if (S3I(s)->handshake_buffer) { | 2401 | tls1_transcript_free(s); |
| 2408 | if (!tls1_digest_cached_records(s)) | ||
| 2409 | goto err; | ||
| 2410 | } | ||
| 2411 | if (!tls1_handshake_hash_value(s, data, sizeof(data), | 2402 | if (!tls1_handshake_hash_value(s, data, sizeof(data), |
| 2412 | NULL)) | 2403 | NULL)) |
| 2413 | goto err; | 2404 | goto err; |
| @@ -2418,10 +2409,9 @@ ssl3_send_client_verify(SSL *s) | |||
| 2418 | * using agreed digest and cached handshake records. | 2409 | * using agreed digest and cached handshake records. |
| 2419 | */ | 2410 | */ |
| 2420 | if (SSL_USE_SIGALGS(s)) { | 2411 | if (SSL_USE_SIGALGS(s)) { |
| 2421 | hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, | ||
| 2422 | &hdata); | ||
| 2423 | md = s->cert->key->digest; | 2412 | md = s->cert->key->digest; |
| 2424 | if (hdatalen <= 0 || | 2413 | |
| 2414 | if (!tls1_transcript_data(s, &hdata, &hdatalen) || | ||
| 2425 | !tls12_get_hashandsig(&cert_verify, pkey, md)) { | 2415 | !tls12_get_hashandsig(&cert_verify, pkey, md)) { |
| 2426 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 2416 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 2427 | goto err; | 2417 | goto err; |
| @@ -2433,8 +2423,7 @@ ssl3_send_client_verify(SSL *s) | |||
| 2433 | SSLerror(s, ERR_R_EVP_LIB); | 2423 | SSLerror(s, ERR_R_EVP_LIB); |
| 2434 | goto err; | 2424 | goto err; |
| 2435 | } | 2425 | } |
| 2436 | if (!tls1_digest_cached_records(s)) | 2426 | tls1_transcript_free(s); |
| 2437 | goto err; | ||
| 2438 | } else if (pkey->type == EVP_PKEY_RSA) { | 2427 | } else if (pkey->type == EVP_PKEY_RSA) { |
| 2439 | if (RSA_sign(NID_md5_sha1, data, | 2428 | if (RSA_sign(NID_md5_sha1, data, |
| 2440 | MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, signature, | 2429 | MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, signature, |
| @@ -2457,8 +2446,7 @@ ssl3_send_client_verify(SSL *s) | |||
| 2457 | size_t sigsize; | 2446 | size_t sigsize; |
| 2458 | int nid; | 2447 | int nid; |
| 2459 | 2448 | ||
| 2460 | hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); | 2449 | if (!tls1_transcript_data(s, &hdata, &hdatalen)) { |
| 2461 | if (hdatalen <= 0) { | ||
| 2462 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 2450 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 2463 | goto err; | 2451 | goto err; |
| 2464 | } | 2452 | } |
| @@ -2482,8 +2470,7 @@ ssl3_send_client_verify(SSL *s) | |||
| 2482 | if (sigsize > UINT_MAX) | 2470 | if (sigsize > UINT_MAX) |
| 2483 | goto err; | 2471 | goto err; |
| 2484 | signature_len = sigsize; | 2472 | signature_len = sigsize; |
| 2485 | if (!tls1_digest_cached_records(s)) | 2473 | tls1_transcript_free(s); |
| 2486 | goto err; | ||
| 2487 | #endif | 2474 | #endif |
| 2488 | } else { | 2475 | } else { |
| 2489 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 2476 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| @@ -2563,8 +2550,7 @@ ssl3_send_client_certificate(SSL *s) | |||
| 2563 | S3I(s)->tmp.cert_req = 2; | 2550 | S3I(s)->tmp.cert_req = 2; |
| 2564 | 2551 | ||
| 2565 | /* There is no client certificate to verify. */ | 2552 | /* There is no client certificate to verify. */ |
| 2566 | if (!tls1_digest_cached_records(s)) | 2553 | tls1_transcript_free(s); |
| 2567 | goto err; | ||
| 2568 | } | 2554 | } |
| 2569 | 2555 | ||
| 2570 | /* Ok, we have a cert */ | 2556 | /* Ok, we have a cert */ |