1 files changed, 26 insertions, 21 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index cc66ed0473..ca54515a32 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.131 2022/01/09 15:34:21 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.132 2022/01/09 15:40:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1925,40 +1925,44 @@ static int
 ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
 {
        unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
-        EVP_PKEY *pub_key = NULL;
+        EVP_PKEY_CTX *pkey_ctx = NULL;
-        EVP_PKEY_CTX *pkey_ctx;
+        EVP_MD_CTX *ukm_hash = NULL;
+        EVP_PKEY *pub_key;
        X509 *peer_cert;
        size_t msglen;
        unsigned int md_len;
-        EVP_MD_CTX *ukm_hash;
-        int nid;
        CBB gostblob;
+        int nid;
        int ret = 0;
        /* Get server sertificate PKEY and create ctx from it */
        peer_cert = s->session->peer_pkeys[SSL_PKEY_GOST01].x509;
-        if (peer_cert == NULL) {
+        if ((pub_key = X509_get0_pubkey(peer_cert)) == NULL) {
                SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
                goto err;
        }
+        if ((pkey_ctx = EVP_PKEY_CTX_new(pub_key, NULL)) == NULL) {
-        pub_key = X509_get_pubkey(peer_cert);
+                SSLerror(s, ERR_R_MALLOC_FAILURE);
-        pkey_ctx = EVP_PKEY_CTX_new(pub_key, NULL);
+                goto err;
+        }
        /*
         * If we have send a certificate, and certificate key parameters match
         * those of server certificate, use certificate key for key exchange.
         * Otherwise, generate ephemeral key pair.
         */
-        EVP_PKEY_encrypt_init(pkey_ctx);
+        if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0)
+                goto err;
        /* Generate session key. */
-        arc4random_buf(premaster_secret, 32);
+        arc4random_buf(premaster_secret, sizeof(premaster_secret));
        /*
         * If we have client certificate, use its secret as peer key.
+         * XXX - this presumably lacks PFS.
         */
-        if (S3I(s)->hs.tls12.cert_request && s->cert->key->privatekey) {
+        if (S3I(s)->hs.tls12.cert_request != 0 &&
+            s->cert->key->privatekey != NULL) {
                if (EVP_PKEY_derive_set_peer(pkey_ctx,
                    s->cert->key->privatekey) <=0) {
                        /*
@@ -1972,8 +1976,7 @@ ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
        /*
         * Compute shared IV and store it in algorithm-specific context data.
         */
-        ukm_hash = EVP_MD_CTX_new();
+        if ((ukm_hash = EVP_MD_CTX_new()) == NULL) {
-        if (ukm_hash == NULL) {
                SSLerror(s, ERR_R_MALLOC_FAILURE);
                goto err;
        }
@@ -1985,10 +1988,12 @@ ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
                nid = NID_id_tc26_gost3411_2012_256;
        if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)))
                goto err;
-        EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE);
+        if (!EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE))
-        EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE);
+                goto err;
-        EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
+        if (!EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE))
-        EVP_MD_CTX_free(ukm_hash);
+                goto err;
+        if (!EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len))
+                goto err;
        if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
            EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
                SSLerror(s, SSL_R_LIBRARY_BUG);
@@ -2000,7 +2005,7 @@ ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
         */
        msglen = 255;
        if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret,
-            32) < 0) {
+            sizeof(premaster_secret)) < 0) {
                SSLerror(s, SSL_R_LIBRARY_BUG);
                goto err;
        }
@@ -2016,7 +2021,6 @@ ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
        if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
            NULL) > 0)
                s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
-        EVP_PKEY_CTX_free(pkey_ctx);
        if (!tls12_derive_master_secret(s, premaster_secret, 32))
                goto err;
@@ -2025,7 +2029,8 @@ ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
 err:
        explicit_bzero(premaster_secret, sizeof(premaster_secret));
-        EVP_PKEY_free(pub_key);
+        EVP_PKEY_CTX_free(pkey_ctx);
+        EVP_MD_CTX_free(ukm_hash);
        return ret;
 }

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index cc66ed0473..ca54515a32 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.131 2022/01/09 15:34:21 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.132 2022/01/09 15:40:13 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1925,40 +1925,44 @@ static int
1925	ssl3_send_client_kex_gost(SSL s, CBB cbb)	1925	ssl3_send_client_kex_gost(SSL s, CBB cbb)
1926	{	1926	{
1927	unsigned char premaster_secret[32], shared_ukm[32], tmp[256];	1927	unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
1928	EVP_PKEY *pub_key = NULL;	1928	EVP_PKEY_CTX *pkey_ctx = NULL;
1929	EVP_PKEY_CTX *pkey_ctx;	1929	EVP_MD_CTX *ukm_hash = NULL;
		1930	EVP_PKEY *pub_key;
1930	X509 *peer_cert;	1931	X509 *peer_cert;
1931	size_t msglen;	1932	size_t msglen;
1932	unsigned int md_len;	1933	unsigned int md_len;
1933	EVP_MD_CTX *ukm_hash;
1934	int nid;
1935	CBB gostblob;	1934	CBB gostblob;
		1935	int nid;
1936	int ret = 0;	1936	int ret = 0;
1937		1937
1938	/* Get server sertificate PKEY and create ctx from it */	1938	/* Get server sertificate PKEY and create ctx from it */
1939	peer_cert = s->session->peer_pkeys[SSL_PKEY_GOST01].x509;	1939	peer_cert = s->session->peer_pkeys[SSL_PKEY_GOST01].x509;
1940	if (peer_cert == NULL) {	1940	if ((pub_key = X509_get0_pubkey(peer_cert)) == NULL) {
1941	SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);	1941	SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
1942	goto err;	1942	goto err;
1943	}	1943	}
1944		1944	if ((pkey_ctx = EVP_PKEY_CTX_new(pub_key, NULL)) == NULL) {
1945	pub_key = X509_get_pubkey(peer_cert);	1945	SSLerror(s, ERR_R_MALLOC_FAILURE);
1946	pkey_ctx = EVP_PKEY_CTX_new(pub_key, NULL);	1946	goto err;
		1947	}
1947		1948
1948	/*	1949	/*
1949	* If we have send a certificate, and certificate key parameters match	1950	* If we have send a certificate, and certificate key parameters match
1950	* those of server certificate, use certificate key for key exchange.	1951	* those of server certificate, use certificate key for key exchange.
1951	* Otherwise, generate ephemeral key pair.	1952	* Otherwise, generate ephemeral key pair.
1952	*/	1953	*/
1953	EVP_PKEY_encrypt_init(pkey_ctx);	1954	if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0)
		1955	goto err;
1954		1956
1955	/* Generate session key. */	1957	/* Generate session key. */
1956	arc4random_buf(premaster_secret, 32);	1958	arc4random_buf(premaster_secret, sizeof(premaster_secret));
1957		1959
1958	/*	1960	/*
1959	* If we have client certificate, use its secret as peer key.	1961	* If we have client certificate, use its secret as peer key.
		1962	* XXX - this presumably lacks PFS.
1960	*/	1963	*/
1961	if (S3I(s)->hs.tls12.cert_request && s->cert->key->privatekey) {	1964	if (S3I(s)->hs.tls12.cert_request != 0 &&
		1965	s->cert->key->privatekey != NULL) {
1962	if (EVP_PKEY_derive_set_peer(pkey_ctx,	1966	if (EVP_PKEY_derive_set_peer(pkey_ctx,
1963	s->cert->key->privatekey) <=0) {	1967	s->cert->key->privatekey) <=0) {
1964	/*	1968	/*
@@ -1972,8 +1976,7 @@ ssl3_send_client_kex_gost(SSL s, CBB cbb)
1972	/*	1976	/*
1973	* Compute shared IV and store it in algorithm-specific context data.	1977	* Compute shared IV and store it in algorithm-specific context data.
1974	*/	1978	*/
1975	ukm_hash = EVP_MD_CTX_new();	1979	if ((ukm_hash = EVP_MD_CTX_new()) == NULL) {
1976	if (ukm_hash == NULL) {
1977	SSLerror(s, ERR_R_MALLOC_FAILURE);	1980	SSLerror(s, ERR_R_MALLOC_FAILURE);
1978	goto err;	1981	goto err;
1979	}	1982	}
@@ -1985,10 +1988,12 @@ ssl3_send_client_kex_gost(SSL s, CBB cbb)
1985	nid = NID_id_tc26_gost3411_2012_256;	1988	nid = NID_id_tc26_gost3411_2012_256;
1986	if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)))	1989	if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)))
1987	goto err;	1990	goto err;
1988	EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE);	1991	if (!EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE))
1989	EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE);	1992	goto err;
1990	EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);	1993	if (!EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE))
1991	EVP_MD_CTX_free(ukm_hash);	1994	goto err;
		1995	if (!EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len))
		1996	goto err;
1992	if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,	1997	if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
1993	EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {	1998	EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
1994	SSLerror(s, SSL_R_LIBRARY_BUG);	1999	SSLerror(s, SSL_R_LIBRARY_BUG);
@@ -2000,7 +2005,7 @@ ssl3_send_client_kex_gost(SSL s, CBB cbb)
2000	*/	2005	*/
2001	msglen = 255;	2006	msglen = 255;
2002	if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret,	2007	if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret,
2003	32) < 0) {	2008	sizeof(premaster_secret)) < 0) {
2004	SSLerror(s, SSL_R_LIBRARY_BUG);	2009	SSLerror(s, SSL_R_LIBRARY_BUG);
2005	goto err;	2010	goto err;
2006	}	2011	}
@@ -2016,7 +2021,6 @@ ssl3_send_client_kex_gost(SSL s, CBB cbb)
2016	if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,	2021	if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
2017	NULL) > 0)	2022	NULL) > 0)
2018	s->s3->flags \|= TLS1_FLAGS_SKIP_CERT_VERIFY;	2023	s->s3->flags \|= TLS1_FLAGS_SKIP_CERT_VERIFY;
2019	EVP_PKEY_CTX_free(pkey_ctx);
2020		2024
2021	if (!tls12_derive_master_secret(s, premaster_secret, 32))	2025	if (!tls12_derive_master_secret(s, premaster_secret, 32))
2022	goto err;	2026	goto err;
@@ -2025,7 +2029,8 @@ ssl3_send_client_kex_gost(SSL s, CBB cbb)
2025		2029
2026	err:	2030	err:
2027	explicit_bzero(premaster_secret, sizeof(premaster_secret));	2031	explicit_bzero(premaster_secret, sizeof(premaster_secret));
2028	EVP_PKEY_free(pub_key);	2032	EVP_PKEY_CTX_free(pkey_ctx);
		2033	EVP_MD_CTX_free(ukm_hash);
2029		2034
2030	return ret;	2035	return ret;
2031	}	2036	}