summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_srvr.c')
-rw-r--r--src/lib/libssl/ssl_srvr.c101
1 files changed, 38 insertions, 63 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index f06491e558..b099fdb8b1 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.45 2018/08/24 18:10:25 jsing Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.46 2018/08/27 16:42:48 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2526,20 +2526,21 @@ int
2526ssl3_send_newsession_ticket(SSL *s) 2526ssl3_send_newsession_ticket(SSL *s)
2527{ 2527{
2528 CBB cbb, session_ticket, ticket; 2528 CBB cbb, session_ticket, ticket;
2529 unsigned char *enc_ticket = NULL;
2530 unsigned char *senc = NULL;
2531 const unsigned char *const_p;
2532 unsigned char *p, *hmac;
2533 size_t hmac_len;
2534 int enc_ticket_len, len, slen;
2535 int slen_full = 0;
2536 SSL_SESSION *sess;
2537 unsigned int hlen;
2538 EVP_CIPHER_CTX ctx;
2539 HMAC_CTX hctx;
2540 SSL_CTX *tctx = s->initial_ctx; 2529 SSL_CTX *tctx = s->initial_ctx;
2530 size_t enc_session_len, enc_session_max_len, hmac_len;
2531 size_t session_len = 0;
2532 unsigned char *enc_session = NULL, *session = NULL;
2541 unsigned char iv[EVP_MAX_IV_LENGTH]; 2533 unsigned char iv[EVP_MAX_IV_LENGTH];
2542 unsigned char key_name[16]; 2534 unsigned char key_name[16];
2535 unsigned char *hmac;
2536 unsigned int hlen;
2537 EVP_CIPHER_CTX ctx;
2538 HMAC_CTX hctx;
2539 int len;
2540
2541 /*
2542 * New Session Ticket - RFC 5077, section 3.3.
2543 */
2543 2544
2544 EVP_CIPHER_CTX_init(&ctx); 2545 EVP_CIPHER_CTX_init(&ctx);
2545 HMAC_CTX_init(&hctx); 2546 HMAC_CTX_init(&hctx);
@@ -2551,47 +2552,17 @@ ssl3_send_newsession_ticket(SSL *s)
2551 SSL3_MT_NEWSESSION_TICKET)) 2552 SSL3_MT_NEWSESSION_TICKET))
2552 goto err; 2553 goto err;
2553 2554
2554 /* get session encoding length */ 2555 if (!SSL_SESSION_ticket(s->session, &session, &session_len))
2555 slen_full = i2d_SSL_SESSION(s->session, NULL);
2556 /*
2557 * Some length values are 16 bits, so forget it if session is
2558 * too long
2559 */
2560 if (slen_full > 0xFF00)
2561 goto err; 2556 goto err;
2562 senc = malloc(slen_full); 2557 if (session_len > 0xffff)
2563 if (!senc)
2564 goto err; 2558 goto err;
2565 p = senc;
2566 i2d_SSL_SESSION(s->session, &p);
2567 2559
2568 /* 2560 /*
2569 * Create a fresh copy (not shared with other threads) to 2561 * Initialize HMAC and cipher contexts. If callback is present
2570 * clean up 2562 * it does all the work, otherwise use generated values from
2563 * parent context.
2571 */ 2564 */
2572 const_p = senc; 2565 if (tctx->internal->tlsext_ticket_key_cb != NULL) {
2573 sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
2574 if (sess == NULL)
2575 goto err;
2576
2577 /* ID is irrelevant for the ticket */
2578 sess->session_id_length = 0;
2579
2580 slen = i2d_SSL_SESSION(sess, NULL);
2581 if (slen > slen_full) {
2582 /* shouldn't ever happen */
2583 goto err;
2584 }
2585 p = senc;
2586 i2d_SSL_SESSION(sess, &p);
2587 SSL_SESSION_free(sess);
2588
2589 /*
2590 * Initialize HMAC and cipher contexts. If callback present
2591 * it does all the work otherwise use generated values
2592 * from parent ctx.
2593 */
2594 if (tctx->internal->tlsext_ticket_key_cb) {
2595 if (tctx->internal->tlsext_ticket_key_cb(s, 2566 if (tctx->internal->tlsext_ticket_key_cb(s,
2596 key_name, iv, &ctx, &hctx, 1) < 0) { 2567 key_name, iv, &ctx, &hctx, 1) < 0) {
2597 EVP_CIPHER_CTX_cleanup(&ctx); 2568 EVP_CIPHER_CTX_cleanup(&ctx);
@@ -2606,19 +2577,21 @@ ssl3_send_newsession_ticket(SSL *s)
2606 memcpy(key_name, tctx->internal->tlsext_tick_key_name, 16); 2577 memcpy(key_name, tctx->internal->tlsext_tick_key_name, 16);
2607 } 2578 }
2608 2579
2609 /* Encrypt the session ticket. */ 2580 /* Encrypt the session state. */
2610 if ((enc_ticket = calloc(1, slen + EVP_MAX_BLOCK_LENGTH)) == NULL) 2581 enc_session_max_len = session_len + EVP_MAX_BLOCK_LENGTH;
2582 if ((enc_session = calloc(1, enc_session_max_len)) == NULL)
2611 goto err; 2583 goto err;
2612 enc_ticket_len = 0; 2584 enc_session_len = 0;
2613 if (!EVP_EncryptUpdate(&ctx, enc_ticket, &len, senc, slen)) 2585 if (!EVP_EncryptUpdate(&ctx, enc_session, &len, session,
2586 session_len))
2614 goto err; 2587 goto err;
2615 enc_ticket_len += len; 2588 enc_session_len += len;
2616 if (!EVP_EncryptFinal_ex(&ctx, enc_ticket + enc_ticket_len, &len)) 2589 if (!EVP_EncryptFinal_ex(&ctx, enc_session + enc_session_len,
2590 &len))
2617 goto err; 2591 goto err;
2618 enc_ticket_len += len; 2592 enc_session_len += len;
2619 2593
2620 if (enc_ticket_len < 0 || 2594 if (enc_session_len > enc_session_max_len)
2621 enc_ticket_len > slen + EVP_MAX_BLOCK_LENGTH)
2622 goto err; 2595 goto err;
2623 2596
2624 /* Generate the HMAC. */ 2597 /* Generate the HMAC. */
@@ -2626,7 +2599,7 @@ ssl3_send_newsession_ticket(SSL *s)
2626 goto err; 2599 goto err;
2627 if (!HMAC_Update(&hctx, iv, EVP_CIPHER_CTX_iv_length(&ctx))) 2600 if (!HMAC_Update(&hctx, iv, EVP_CIPHER_CTX_iv_length(&ctx)))
2628 goto err; 2601 goto err;
2629 if (!HMAC_Update(&hctx, enc_ticket, enc_ticket_len)) 2602 if (!HMAC_Update(&hctx, enc_session, enc_session_len))
2630 goto err; 2603 goto err;
2631 2604
2632 if ((hmac_len = HMAC_size(&hctx)) <= 0) 2605 if ((hmac_len = HMAC_size(&hctx)) <= 0)
@@ -2648,13 +2621,15 @@ ssl3_send_newsession_ticket(SSL *s)
2648 goto err; 2621 goto err;
2649 if (!CBB_add_bytes(&ticket, iv, EVP_CIPHER_CTX_iv_length(&ctx))) 2622 if (!CBB_add_bytes(&ticket, iv, EVP_CIPHER_CTX_iv_length(&ctx)))
2650 goto err; 2623 goto err;
2651 if (!CBB_add_bytes(&ticket, enc_ticket, enc_ticket_len)) 2624 if (!CBB_add_bytes(&ticket, enc_session, enc_session_len))
2652 goto err; 2625 goto err;
2653 if (!CBB_add_space(&ticket, &hmac, hmac_len)) 2626 if (!CBB_add_space(&ticket, &hmac, hmac_len))
2654 goto err; 2627 goto err;
2655 2628
2656 if (!HMAC_Final(&hctx, hmac, &hlen)) 2629 if (!HMAC_Final(&hctx, hmac, &hlen))
2657 goto err; 2630 goto err;
2631 if (hlen != hmac_len)
2632 goto err;
2658 2633
2659 if (!ssl3_handshake_msg_finish(s, &cbb)) 2634 if (!ssl3_handshake_msg_finish(s, &cbb))
2660 goto err; 2635 goto err;
@@ -2664,8 +2639,8 @@ ssl3_send_newsession_ticket(SSL *s)
2664 2639
2665 EVP_CIPHER_CTX_cleanup(&ctx); 2640 EVP_CIPHER_CTX_cleanup(&ctx);
2666 HMAC_CTX_cleanup(&hctx); 2641 HMAC_CTX_cleanup(&hctx);
2667 freezero(senc, slen_full); 2642 freezero(session, session_len);
2668 free(enc_ticket); 2643 free(enc_session);
2669 2644
2670 /* SSL3_ST_SW_SESSION_TICKET_B */ 2645 /* SSL3_ST_SW_SESSION_TICKET_B */
2671 return (ssl3_handshake_write(s)); 2646 return (ssl3_handshake_write(s));
@@ -2674,8 +2649,8 @@ ssl3_send_newsession_ticket(SSL *s)
2674 CBB_cleanup(&cbb); 2649 CBB_cleanup(&cbb);
2675 EVP_CIPHER_CTX_cleanup(&ctx); 2650 EVP_CIPHER_CTX_cleanup(&ctx);
2676 HMAC_CTX_cleanup(&hctx); 2651 HMAC_CTX_cleanup(&hctx);
2677 freezero(senc, slen_full); 2652 freezero(session, session_len);
2678 free(enc_ticket); 2653 free(enc_session);
2679 2654
2680 return (-1); 2655 return (-1);
2681} 2656}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-20 00:21:50 +0000