diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 119 | 
1 files changed, 67 insertions, 52 deletions
| diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 8ecd51669a..2c11d14912 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.128 2016/10/19 16:38:40 jsing Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.129 2016/11/05 19:03:39 jsing Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -1172,6 +1172,9 @@ ssl3_send_server_done(SSL *s) | |||
| 1172 | int | 1172 | int | 
| 1173 | ssl3_send_server_key_exchange(SSL *s) | 1173 | ssl3_send_server_key_exchange(SSL *s) | 
| 1174 | { | 1174 | { | 
| 1175 | CBB cbb, dh_p, dh_g, dh_Ys, ecpoint; | ||
| 1176 | unsigned char *data, *params = NULL; | ||
| 1177 | size_t params_len; | ||
| 1175 | unsigned char *q; | 1178 | unsigned char *q; | 
| 1176 | int j, num; | 1179 | int j, num; | 
| 1177 | unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; | 1180 | unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; | 
| @@ -1182,7 +1185,6 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1182 | int encodedlen = 0; | 1185 | int encodedlen = 0; | 
| 1183 | int curve_id = 0; | 1186 | int curve_id = 0; | 
| 1184 | BN_CTX *bn_ctx = NULL; | 1187 | BN_CTX *bn_ctx = NULL; | 
| 1185 | |||
| 1186 | EVP_PKEY *pkey; | 1188 | EVP_PKEY *pkey; | 
| 1187 | const EVP_MD *md = NULL; | 1189 | const EVP_MD *md = NULL; | 
| 1188 | unsigned char *p, *d; | 1190 | unsigned char *p, *d; | 
| @@ -1190,11 +1192,12 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1190 | unsigned long type; | 1192 | unsigned long type; | 
| 1191 | int n; | 1193 | int n; | 
| 1192 | CERT *cert; | 1194 | CERT *cert; | 
| 1193 | BIGNUM *r[4]; | 1195 | int kn; | 
| 1194 | int nr[4], kn; | ||
| 1195 | BUF_MEM *buf; | 1196 | BUF_MEM *buf; | 
| 1196 | EVP_MD_CTX md_ctx; | 1197 | EVP_MD_CTX md_ctx; | 
| 1197 | 1198 | ||
| 1199 | memset(&cbb, 0, sizeof(cbb)); | ||
| 1200 | |||
| 1198 | EVP_MD_CTX_init(&md_ctx); | 1201 | EVP_MD_CTX_init(&md_ctx); | 
| 1199 | if (s->state == SSL3_ST_SW_KEY_EXCH_A) { | 1202 | if (s->state == SSL3_ST_SW_KEY_EXCH_A) { | 
| 1200 | type = s->s3->tmp.new_cipher->algorithm_mkey; | 1203 | type = s->s3->tmp.new_cipher->algorithm_mkey; | 
| @@ -1202,7 +1205,9 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1202 | 1205 | ||
| 1203 | buf = s->init_buf; | 1206 | buf = s->init_buf; | 
| 1204 | 1207 | ||
| 1205 | r[0] = r[1] = r[2] = r[3] = NULL; | 1208 | if (!CBB_init(&cbb, 0)) | 
| 1209 | goto err; | ||
| 1210 | |||
| 1206 | n = 0; | 1211 | n = 0; | 
| 1207 | if (type & SSL_kDHE) { | 1212 | if (type & SSL_kDHE) { | 
| 1208 | if (s->cert->dh_tmp_auto != 0) { | 1213 | if (s->cert->dh_tmp_auto != 0) { | 
| @@ -1246,9 +1251,28 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1246 | ERR_R_DH_LIB); | 1251 | ERR_R_DH_LIB); | 
| 1247 | goto err; | 1252 | goto err; | 
| 1248 | } | 1253 | } | 
| 1249 | r[0] = dh->p; | 1254 | |
| 1250 | r[1] = dh->g; | 1255 | /* | 
| 1251 | r[2] = dh->pub_key; | 1256 | * Serialize the DH parameters and public key. | 
| 1257 | */ | ||
| 1258 | if (!CBB_add_u16_length_prefixed(&cbb, &dh_p)) | ||
| 1259 | goto err; | ||
| 1260 | if (!CBB_add_space(&dh_p, &data, BN_num_bytes(dh->p))) | ||
| 1261 | goto err; | ||
| 1262 | BN_bn2bin(dh->p, data); | ||
| 1263 | |||
| 1264 | if (!CBB_add_u16_length_prefixed(&cbb, &dh_g)) | ||
| 1265 | goto err; | ||
| 1266 | if (!CBB_add_space(&dh_g, &data, BN_num_bytes(dh->g))) | ||
| 1267 | goto err; | ||
| 1268 | BN_bn2bin(dh->g, data); | ||
| 1269 | |||
| 1270 | if (!CBB_add_u16_length_prefixed(&cbb, &dh_Ys)) | ||
| 1271 | goto err; | ||
| 1272 | if (!CBB_add_space(&dh_Ys, &data, BN_num_bytes(dh->pub_key))) | ||
| 1273 | goto err; | ||
| 1274 | BN_bn2bin(dh->pub_key, data); | ||
| 1275 | |||
| 1252 | } else if (type & SSL_kECDHE) { | 1276 | } else if (type & SSL_kECDHE) { | 
| 1253 | const EC_GROUP *group; | 1277 | const EC_GROUP *group; | 
| 1254 | 1278 | ||
| @@ -1360,24 +1384,35 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1360 | n = 4 + encodedlen; | 1384 | n = 4 + encodedlen; | 
| 1361 | 1385 | ||
| 1362 | /* | 1386 | /* | 
| 1363 | * We'll generate the serverKeyExchange message | 1387 | * XXX: For now, we only support named (not generic) | 
| 1364 | * explicitly so we can set these to NULLs | 1388 | * curves. | 
| 1389 | * In this situation, the serverKeyExchange message has: | ||
| 1390 | * [1 byte CurveType], [2 byte CurveName] | ||
| 1391 | * [1 byte length of encoded point], followed by | ||
| 1392 | * the actual encoded point itself | ||
| 1365 | */ | 1393 | */ | 
| 1366 | r[0] = NULL; | 1394 | if (!CBB_add_u8(&cbb, NAMED_CURVE_TYPE)) | 
| 1367 | r[1] = NULL; | 1395 | goto err; | 
| 1368 | r[2] = NULL; | 1396 | if (!CBB_add_u16(&cbb, curve_id)) | 
| 1369 | r[3] = NULL; | 1397 | goto err; | 
| 1370 | } else | 1398 | if (!CBB_add_u8_length_prefixed(&cbb, &ecpoint)) | 
| 1371 | { | 1399 | goto err; | 
| 1400 | if (!CBB_add_space(&ecpoint, &data, encodedlen)) | ||
| 1401 | goto err; | ||
| 1402 | memcpy(data, encodedPoint, encodedlen); | ||
| 1403 | |||
| 1404 | free(encodedPoint); | ||
| 1405 | encodedPoint = NULL; | ||
| 1406 | |||
| 1407 | } else { | ||
| 1372 | al = SSL_AD_HANDSHAKE_FAILURE; | 1408 | al = SSL_AD_HANDSHAKE_FAILURE; | 
| 1373 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | 1409 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | 
| 1374 | SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); | 1410 | SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); | 
| 1375 | goto f_err; | 1411 | goto f_err; | 
| 1376 | } | 1412 | } | 
| 1377 | for (i = 0; i < 4 && r[i] != NULL; i++) { | 1413 | |
| 1378 | nr[i] = BN_num_bytes(r[i]); | 1414 | if (!CBB_finish(&cbb, ¶ms, ¶ms_len)) | 
| 1379 | n += 2 + nr[i]; | 1415 | goto err; | 
| 1380 | } | ||
| 1381 | 1416 | ||
| 1382 | if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)) { | 1417 | if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)) { | 
| 1383 | if ((pkey = ssl_get_sign_pkey( | 1418 | if ((pkey = ssl_get_sign_pkey( | 
| @@ -1392,7 +1427,7 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1392 | } | 1427 | } | 
| 1393 | 1428 | ||
| 1394 | if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) + | 1429 | if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) + | 
| 1395 | n + kn)) { | 1430 | params_len + kn)) { | 
| 1396 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | 1431 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | 
| 1397 | ERR_LIB_BUF); | 1432 | ERR_LIB_BUF); | 
| 1398 | goto err; | 1433 | goto err; | 
| @@ -1401,36 +1436,12 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1401 | d = p = ssl3_handshake_msg_start(s, | 1436 | d = p = ssl3_handshake_msg_start(s, | 
| 1402 | SSL3_MT_SERVER_KEY_EXCHANGE); | 1437 | SSL3_MT_SERVER_KEY_EXCHANGE); | 
| 1403 | 1438 | ||
| 1404 | for (i = 0; i < 4 && r[i] != NULL; i++) { | 1439 | memcpy(p, params, params_len); | 
| 1405 | s2n(nr[i], p); | 1440 | free(params); | 
| 1406 | BN_bn2bin(r[i], p); | 1441 | params = NULL; | 
| 1407 | p += nr[i]; | ||
| 1408 | } | ||
| 1409 | |||
| 1410 | if (type & SSL_kECDHE) { | ||
| 1411 | /* | ||
| 1412 | * XXX: For now, we only support named (not generic) | ||
| 1413 | * curves. | ||
| 1414 | * In this situation, the serverKeyExchange message has: | ||
| 1415 | * [1 byte CurveType], [2 byte CurveName] | ||
| 1416 | * [1 byte length of encoded point], followed by | ||
| 1417 | * the actual encoded point itself | ||
| 1418 | */ | ||
| 1419 | *p = NAMED_CURVE_TYPE; | ||
| 1420 | p += 1; | ||
| 1421 | *p = 0; | ||
| 1422 | p += 1; | ||
| 1423 | *p = curve_id; | ||
| 1424 | p += 1; | ||
| 1425 | *p = encodedlen; | ||
| 1426 | p += 1; | ||
| 1427 | memcpy((unsigned char*)p, | ||
| 1428 | (unsigned char *)encodedPoint, encodedlen); | ||
| 1429 | free(encodedPoint); | ||
| 1430 | encodedPoint = NULL; | ||
| 1431 | p += encodedlen; | ||
| 1432 | } | ||
| 1433 | 1442 | ||
| 1443 | n = params_len; | ||
| 1444 | p += params_len; | ||
| 1434 | 1445 | ||
| 1435 | /* not anonymous */ | 1446 | /* not anonymous */ | 
| 1436 | if (pkey != NULL) { | 1447 | if (pkey != NULL) { | 
| @@ -1512,16 +1523,20 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1512 | } | 1523 | } | 
| 1513 | 1524 | ||
| 1514 | s->state = SSL3_ST_SW_KEY_EXCH_B; | 1525 | s->state = SSL3_ST_SW_KEY_EXCH_B; | 
| 1526 | |||
| 1515 | EVP_MD_CTX_cleanup(&md_ctx); | 1527 | EVP_MD_CTX_cleanup(&md_ctx); | 
| 1516 | 1528 | ||
| 1517 | return (ssl3_handshake_write(s)); | 1529 | return (ssl3_handshake_write(s)); | 
| 1518 | 1530 | ||
| 1519 | f_err: | 1531 | f_err: | 
| 1520 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 1532 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 
| 1521 | err: | 1533 | err: | 
| 1534 | free(params); | ||
| 1522 | free(encodedPoint); | 1535 | free(encodedPoint); | 
| 1523 | BN_CTX_free(bn_ctx); | 1536 | BN_CTX_free(bn_ctx); | 
| 1524 | EVP_MD_CTX_cleanup(&md_ctx); | 1537 | EVP_MD_CTX_cleanup(&md_ctx); | 
| 1538 | CBB_cleanup(&cbb); | ||
| 1539 | |||
| 1525 | return (-1); | 1540 | return (-1); | 
| 1526 | } | 1541 | } | 
| 1527 | 1542 | ||
