1 files changed, 45 insertions, 44 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 176a00fb75..6882d71399 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.37 2018/08/14 16:19:06 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.38 2018/08/16 17:49:48 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1501,33 +1501,37 @@ ssl3_send_server_kex_ecdhe(SSL *s, CBB *cbb)
 int
 ssl3_send_server_key_exchange(SSL *s)
 {
-        CBB cbb;
+        CBB cbb, cbb_params, cbb_signature, server_kex;
+        unsigned char *signature = NULL;
+        unsigned int signature_len;
        unsigned char *params = NULL;
        size_t params_len;
-        EVP_PKEY *pkey;
        const EVP_MD *md = NULL;
-        unsigned char *p, *d;
-        int al, i, n, kn;
        unsigned long type;
-        BUF_MEM *buf;
        EVP_MD_CTX md_ctx;
+        int al, key_len;
+        EVP_PKEY *pkey;
        memset(&cbb, 0, sizeof(cbb));
+        memset(&cbb_params, 0, sizeof(cbb_params));
        EVP_MD_CTX_init(&md_ctx);
        if (S3I(s)->hs.state == SSL3_ST_SW_KEY_EXCH_A) {
-                type = S3I(s)->hs.new_cipher->algorithm_mkey;
-                buf = s->internal->init_buf;
+                if (!ssl3_handshake_msg_start_cbb(s, &cbb, &server_kex,
+                    SSL3_MT_SERVER_KEY_EXCHANGE))
+                        goto err;
-                if (!CBB_init(&cbb, 0))
+                if (!CBB_init(&cbb_params, 0))
                        goto err;
+                type = S3I(s)->hs.new_cipher->algorithm_mkey;
                if (type & SSL_kDHE) {
-                        if (ssl3_send_server_kex_dhe(s, &cbb) != 1)
+                        if (ssl3_send_server_kex_dhe(s, &cbb_params) != 1)
                                goto err;
                } else if (type & SSL_kECDHE) {
-                        if (ssl3_send_server_kex_ecdhe(s, &cbb) != 1)
+                        if (ssl3_send_server_kex_ecdhe(s, &cbb_params) != 1)
                                goto err;
                } else {
                        al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1535,7 +1539,10 @@ ssl3_send_server_key_exchange(SSL *s)
                        goto f_err;
                }
-                if (!CBB_finish(&cbb, &params, &params_len))
+                if (!CBB_finish(&cbb_params, &params, &params_len))
+                        goto err;
+                if (!CBB_add_bytes(&server_kex, params, params_len))
                        goto err;
                if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) {
@@ -1544,29 +1551,12 @@ ssl3_send_server_key_exchange(SSL *s)
                                al = SSL_AD_DECODE_ERROR;
                                goto f_err;
                        }
-                        kn = EVP_PKEY_size(pkey);
+                        key_len = EVP_PKEY_size(pkey);
                } else {
                        pkey = NULL;
-                        kn = 0;
+                        key_len = 0;
                }
-                if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) +
-                    params_len + kn)) {
-                        SSLerror(s, ERR_LIB_BUF);
-                        goto err;
-                }
-                d = p = ssl3_handshake_msg_start(s,
-                    SSL3_MT_SERVER_KEY_EXCHANGE);
-                memcpy(p, params, params_len);
-                free(params);
-                params = NULL;
-                n = params_len;
-                p += params_len;
                /* Add signature unless anonymous. */
                if (pkey != NULL) {
                        if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s))
@@ -1581,14 +1571,17 @@ ssl3_send_server_key_exchange(SSL *s)
                        /* Send signature algorithm. */
                        if (SSL_USE_SIGALGS(s)) {
-                                if (!tls12_get_sigandhash(p, pkey, md)) {
+                                if (!tls12_get_sigandhash_cbb(&server_kex, pkey, md)) {
                                        /* Should never happen */
                                        al = SSL_AD_INTERNAL_ERROR;
                                        SSLerror(s, ERR_R_INTERNAL_ERROR);
                                        goto f_err;
                                }
-                                p += 2;
                        }
+                        if ((signature = calloc(1, key_len)) == NULL)
+                                goto err;
                        if (!EVP_SignInit_ex(&md_ctx, md, NULL))
                                goto err;
                        if (!EVP_SignUpdate(&md_ctx, s->s3->client_random,
@@ -1597,34 +1590,42 @@ ssl3_send_server_key_exchange(SSL *s)
                        if (!EVP_SignUpdate(&md_ctx, s->s3->server_random,
                            SSL3_RANDOM_SIZE))
                                goto err;
-                        if (!EVP_SignUpdate(&md_ctx, d, n))
+                        if (!EVP_SignUpdate(&md_ctx, params, params_len))
                                goto err;
-                        if (!EVP_SignFinal(&md_ctx, &p[2], (unsigned int *)&i,
+                        if (!EVP_SignFinal(&md_ctx, signature, &signature_len,
                            pkey)) {
                                SSLerror(s, ERR_R_EVP_LIB);
                                goto err;
                        }
-                        s2n(i, p);
-                        n += i + 2;
+                        if (!CBB_add_u16_length_prefixed(&server_kex,
-                        if (SSL_USE_SIGALGS(s))
+                            &cbb_signature))
-                                n += 2;
+                                goto err;
+                        if (!CBB_add_bytes(&cbb_signature, signature,
+                            signature_len))
+                                goto err;
                }
-                ssl3_handshake_msg_finish(s, n);
+                if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
-        }
+                        goto err;
-        S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_B;
+                S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_B;
+        }
        EVP_MD_CTX_cleanup(&md_ctx);
+        free(params);
+        free(signature);
        return (ssl3_handshake_write(s));
        
 f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
 err:
-        free(params);
+        CBB_cleanup(&cbb_params);
-        EVP_MD_CTX_cleanup(&md_ctx);
        CBB_cleanup(&cbb);
+        EVP_MD_CTX_cleanup(&md_ctx);
+        free(params);
+        free(signature);
        return (-1);
 }

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 176a00fb75..6882d71399 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.37 2018/08/14 16:19:06 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.38 2018/08/16 17:49:48 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1501,33 +1501,37 @@ ssl3_send_server_kex_ecdhe(SSL s, CBB cbb)
1501	int	1501	int
1502	ssl3_send_server_key_exchange(SSL *s)	1502	ssl3_send_server_key_exchange(SSL *s)
1503	{	1503	{
1504	CBB cbb;	1504	CBB cbb, cbb_params, cbb_signature, server_kex;
		1505	unsigned char *signature = NULL;
		1506	unsigned int signature_len;
1505	unsigned char *params = NULL;	1507	unsigned char *params = NULL;
1506	size_t params_len;	1508	size_t params_len;
1507	EVP_PKEY *pkey;
1508	const EVP_MD *md = NULL;	1509	const EVP_MD *md = NULL;
1509	unsigned char p, d;
1510	int al, i, n, kn;
1511	unsigned long type;	1510	unsigned long type;
1512	BUF_MEM *buf;
1513	EVP_MD_CTX md_ctx;	1511	EVP_MD_CTX md_ctx;
		1512	int al, key_len;
		1513	EVP_PKEY *pkey;
1514		1514
1515	memset(&cbb, 0, sizeof(cbb));	1515	memset(&cbb, 0, sizeof(cbb));
		1516	memset(&cbb_params, 0, sizeof(cbb_params));
1516		1517
1517	EVP_MD_CTX_init(&md_ctx);	1518	EVP_MD_CTX_init(&md_ctx);
		1519
1518	if (S3I(s)->hs.state == SSL3_ST_SW_KEY_EXCH_A) {	1520	if (S3I(s)->hs.state == SSL3_ST_SW_KEY_EXCH_A) {
1519	type = S3I(s)->hs.new_cipher->algorithm_mkey;
1520		1521
1521	buf = s->internal->init_buf;	1522	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &server_kex,
		1523	SSL3_MT_SERVER_KEY_EXCHANGE))
		1524	goto err;
1522		1525
1523	if (!CBB_init(&cbb, 0))	1526	if (!CBB_init(&cbb_params, 0))
1524	goto err;	1527	goto err;
1525		1528
		1529	type = S3I(s)->hs.new_cipher->algorithm_mkey;
1526	if (type & SSL_kDHE) {	1530	if (type & SSL_kDHE) {
1527	if (ssl3_send_server_kex_dhe(s, &cbb) != 1)	1531	if (ssl3_send_server_kex_dhe(s, &cbb_params) != 1)
1528	goto err;	1532	goto err;
1529	} else if (type & SSL_kECDHE) {	1533	} else if (type & SSL_kECDHE) {
1530	if (ssl3_send_server_kex_ecdhe(s, &cbb) != 1)	1534	if (ssl3_send_server_kex_ecdhe(s, &cbb_params) != 1)
1531	goto err;	1535	goto err;
1532	} else {	1536	} else {
1533	al = SSL_AD_HANDSHAKE_FAILURE;	1537	al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1535,7 +1539,10 @@ ssl3_send_server_key_exchange(SSL *s)
1535	goto f_err;	1539	goto f_err;
1536	}	1540	}
1537		1541
1538	if (!CBB_finish(&cbb, &params, &params_len))	1542	if (!CBB_finish(&cbb_params, &params, &params_len))
		1543	goto err;
		1544
		1545	if (!CBB_add_bytes(&server_kex, params, params_len))
1539	goto err;	1546	goto err;
1540		1547
1541	if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) {	1548	if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) {
@@ -1544,29 +1551,12 @@ ssl3_send_server_key_exchange(SSL *s)
1544	al = SSL_AD_DECODE_ERROR;	1551	al = SSL_AD_DECODE_ERROR;
1545	goto f_err;	1552	goto f_err;
1546	}	1553	}
1547	kn = EVP_PKEY_size(pkey);	1554	key_len = EVP_PKEY_size(pkey);
1548	} else {	1555	} else {
1549	pkey = NULL;	1556	pkey = NULL;
1550	kn = 0;	1557	key_len = 0;
1551	}	1558	}
1552		1559
1553	if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) +
1554	params_len + kn)) {
1555	SSLerror(s, ERR_LIB_BUF);
1556	goto err;
1557	}
1558
1559	d = p = ssl3_handshake_msg_start(s,
1560	SSL3_MT_SERVER_KEY_EXCHANGE);
1561
1562	memcpy(p, params, params_len);
1563
1564	free(params);
1565	params = NULL;
1566
1567	n = params_len;
1568	p += params_len;
1569
1570	/* Add signature unless anonymous. */	1560	/* Add signature unless anonymous. */
1571	if (pkey != NULL) {	1561	if (pkey != NULL) {
1572	if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s))	1562	if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s))
@@ -1581,14 +1571,17 @@ ssl3_send_server_key_exchange(SSL *s)
1581		1571
1582	/* Send signature algorithm. */	1572	/* Send signature algorithm. */
1583	if (SSL_USE_SIGALGS(s)) {	1573	if (SSL_USE_SIGALGS(s)) {
1584	if (!tls12_get_sigandhash(p, pkey, md)) {	1574	if (!tls12_get_sigandhash_cbb(&server_kex, pkey, md)) {
1585	/* Should never happen */	1575	/* Should never happen */
1586	al = SSL_AD_INTERNAL_ERROR;	1576	al = SSL_AD_INTERNAL_ERROR;
1587	SSLerror(s, ERR_R_INTERNAL_ERROR);	1577	SSLerror(s, ERR_R_INTERNAL_ERROR);
1588	goto f_err;	1578	goto f_err;
1589	}	1579	}
1590	p += 2;
1591	}	1580	}
		1581
		1582	if ((signature = calloc(1, key_len)) == NULL)
		1583	goto err;
		1584
1592	if (!EVP_SignInit_ex(&md_ctx, md, NULL))	1585	if (!EVP_SignInit_ex(&md_ctx, md, NULL))
1593	goto err;	1586	goto err;
1594	if (!EVP_SignUpdate(&md_ctx, s->s3->client_random,	1587	if (!EVP_SignUpdate(&md_ctx, s->s3->client_random,
@@ -1597,34 +1590,42 @@ ssl3_send_server_key_exchange(SSL *s)
1597	if (!EVP_SignUpdate(&md_ctx, s->s3->server_random,	1590	if (!EVP_SignUpdate(&md_ctx, s->s3->server_random,
1598	SSL3_RANDOM_SIZE))	1591	SSL3_RANDOM_SIZE))
1599	goto err;	1592	goto err;
1600	if (!EVP_SignUpdate(&md_ctx, d, n))	1593	if (!EVP_SignUpdate(&md_ctx, params, params_len))
1601	goto err;	1594	goto err;
1602	if (!EVP_SignFinal(&md_ctx, &p[2], (unsigned int *)&i,	1595	if (!EVP_SignFinal(&md_ctx, signature, &signature_len,
1603	pkey)) {	1596	pkey)) {
1604	SSLerror(s, ERR_R_EVP_LIB);	1597	SSLerror(s, ERR_R_EVP_LIB);
1605	goto err;	1598	goto err;
1606	}	1599	}
1607	s2n(i, p);	1600
1608	n += i + 2;	1601	if (!CBB_add_u16_length_prefixed(&server_kex,
1609	if (SSL_USE_SIGALGS(s))	1602	&cbb_signature))
1610	n += 2;	1603	goto err;
		1604	if (!CBB_add_bytes(&cbb_signature, signature,
		1605	signature_len))
		1606	goto err;
1611	}	1607	}
1612		1608
1613	ssl3_handshake_msg_finish(s, n);	1609	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
1614	}	1610	goto err;
1615		1611
1616	S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_B;	1612	S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_B;
		1613	}
1617		1614
1618	EVP_MD_CTX_cleanup(&md_ctx);	1615	EVP_MD_CTX_cleanup(&md_ctx);
		1616	free(params);
		1617	free(signature);
1619		1618
1620	return (ssl3_handshake_write(s));	1619	return (ssl3_handshake_write(s));
1621		1620
1622	f_err:	1621	f_err:
1623	ssl3_send_alert(s, SSL3_AL_FATAL, al);	1622	ssl3_send_alert(s, SSL3_AL_FATAL, al);
1624	err:	1623	err:
1625	free(params);	1624	CBB_cleanup(&cbb_params);
1626	EVP_MD_CTX_cleanup(&md_ctx);
1627	CBB_cleanup(&cbb);	1625	CBB_cleanup(&cbb);
		1626	EVP_MD_CTX_cleanup(&md_ctx);
		1627	free(params);
		1628	free(signature);
1628		1629
1629	return (-1);	1630	return (-1);
1630	}	1631	}