6 files changed, 58 insertions, 96 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 8b5ccd480a..61c1d71c8e 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.136 2022/01/11 18:39:28 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.137 2022/01/11 19:03:15 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1071,12 +1071,13 @@ ssl3_get_server_hello(SSL *s)
 int
 ssl3_get_server_certificate(SSL *s)
 {
-        int al, i, ret;
        CBS cbs, cert_list;
        X509 *x = NULL;
        const unsigned char *q;
        STACK_OF(X509) *sk = NULL;
-        EVP_PKEY *pkey = NULL;
+        EVP_PKEY *pkey;
+        int cert_type;
+        int al, ret;
        if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A,
            SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0)
@@ -1144,12 +1145,11 @@ ssl3_get_server_certificate(SSL *s)
                x = NULL;
        }
-        i = ssl_verify_cert_chain(s, sk);
+        if (ssl_verify_cert_chain(s, sk) <= 0 &&
-        if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) {
+            s->verify_mode != SSL_VERIFY_NONE) {
                al = ssl_verify_alarm_type(s->verify_result);
                SSLerror(s, SSL_R_CERTIFICATE_VERIFY_FAILED);
                goto fatal_err;
        }
        ERR_clear_error(); /* but we keep s->verify_result */
@@ -1159,39 +1159,31 @@ ssl3_get_server_certificate(SSL *s)
         */
        x = sk_X509_value(sk, 0);
-        pkey = X509_get_pubkey(x);
+        if ((pkey = X509_get0_pubkey(x)) == NULL ||
+            EVP_PKEY_missing_parameters(pkey)) {
-        if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) {
                x = NULL;
                al = SSL3_AL_FATAL;
                SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
                goto fatal_err;
        }
+        if ((cert_type = ssl_cert_type(x, pkey)) < 0) {
-        i = ssl_cert_type(x, pkey);
-        if (i < 0) {
                x = NULL;
                al = SSL3_AL_FATAL;
                SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
                goto fatal_err;
        }
-        s->session->peer_cert_type = i;
-        sk_X509_pop_free(s->session->cert_chain, X509_free);
-        s->session->cert_chain = sk;
-        sk = NULL;
-        X509_up_ref(x);
-        X509_free(s->session->peer_pkeys[i].x509);
-        s->session->peer_pkeys[i].x509 = x;
-        s->session->peer_key = &s->session->peer_pkeys[i];
        X509_up_ref(x);
        X509_free(s->session->peer_cert);
        s->session->peer_cert = x;
+        s->session->peer_cert_type = cert_type;
        s->session->verify_result = s->verify_result;
+        sk_X509_pop_free(s->session->cert_chain, X509_free);
+        s->session->cert_chain = sk;
+        sk = NULL;
        x = NULL;
        ret = 1;
@@ -1204,7 +1196,6 @@ ssl3_get_server_certificate(SSL *s)
                ssl3_send_alert(s, SSL3_AL_FATAL, al);
        }
 err:
-        EVP_PKEY_free(pkey);
        X509_free(x);
        sk_X509_pop_free(sk, X509_free);
@@ -1377,12 +1368,12 @@ ssl3_get_server_key_exchange(SSL *s)
                EVP_PKEY_CTX *pctx;
                EVP_PKEY *pkey = NULL;
-                if ((alg_a & SSL_aRSA) != 0) {
+                if ((alg_a & SSL_aRSA) != 0 &&
-                        pkey = X509_get0_pubkey(
+                    s->session->peer_cert_type == SSL_PKEY_RSA) {
-                            s->session->peer_pkeys[SSL_PKEY_RSA].x509);
+                        pkey = X509_get0_pubkey(s->session->peer_cert);
-                } else if ((alg_a & SSL_aECDSA) != 0) {
+                } else if ((alg_a & SSL_aECDSA) != 0 &&
-                        pkey = X509_get0_pubkey(
+                    s->session->peer_cert_type == SSL_PKEY_ECC) {
-                            s->session->peer_pkeys[SSL_PKEY_ECC].x509);
+                        pkey = X509_get0_pubkey(s->session->peer_cert);
                }
                if (pkey == NULL) {
                        al = SSL_AD_ILLEGAL_PARAMETER;
@@ -1800,7 +1791,7 @@ ssl3_send_client_kex_rsa(SSL *s, CBB *cbb)
        unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH];
        unsigned char *enc_pms = NULL;
        uint16_t max_legacy_version;
-        EVP_PKEY *pkey = NULL;
+        EVP_PKEY *pkey;
        RSA *rsa;
        int ret = 0;
        int enc_len;
@@ -1810,7 +1801,7 @@ ssl3_send_client_kex_rsa(SSL *s, CBB *cbb)
         * RSA-Encrypted Premaster Secret Message - RFC 5246 section 7.4.7.1.
         */
-        pkey = X509_get_pubkey(s->session->peer_pkeys[SSL_PKEY_RSA].x509);
+        pkey = X509_get0_pubkey(s->session->peer_cert);
        if (pkey == NULL || (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) {
                SSLerror(s, ERR_R_INTERNAL_ERROR);
                goto err;
@@ -1855,7 +1846,6 @@ ssl3_send_client_kex_rsa(SSL *s, CBB *cbb)
 err:
        explicit_bzero(pms, sizeof(pms));
-        EVP_PKEY_free(pkey);
        free(enc_pms);
        return ret;
@@ -1938,8 +1928,7 @@ ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
        unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
        EVP_PKEY_CTX *pkey_ctx = NULL;
        EVP_MD_CTX *ukm_hash = NULL;
-        EVP_PKEY *pub_key;
+        EVP_PKEY *pkey;
-        X509 *peer_cert;
        size_t msglen;
        unsigned int md_len;
        CBB gostblob;
@@ -1947,12 +1936,12 @@ ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
        int ret = 0;
        /* Get server sertificate PKEY and create ctx from it */
-        peer_cert = s->session->peer_pkeys[SSL_PKEY_GOST01].x509;
+        pkey = X509_get0_pubkey(s->session->peer_cert);
-        if ((pub_key = X509_get0_pubkey(peer_cert)) == NULL) {
+        if (pkey == NULL || s->session->peer_cert_type != SSL_PKEY_GOST01) {
                SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
                goto err;
        }
-        if ((pkey_ctx = EVP_PKEY_CTX_new(pub_key, NULL)) == NULL) {
+        if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
                SSLerror(s, ERR_R_MALLOC_FAILURE);
                goto err;
        }
@@ -2449,9 +2438,8 @@ int
 ssl3_check_cert_and_algorithm(SSL *s)
 {
        long alg_k, alg_a;
-        EVP_PKEY *pkey = NULL;
        int nid = NID_undef;
-        int i, idx;
+        int i;
        alg_k = S3I(s)->hs.cipher->algorithm_mkey;
        alg_a = S3I(s)->hs.cipher->algorithm_auth;
@@ -2465,20 +2453,15 @@ ssl3_check_cert_and_algorithm(SSL *s)
        /* This is the passed certificate. */
-        idx = s->session->peer_cert_type;
+        if (s->session->peer_cert_type == SSL_PKEY_ECC) {
-        if (idx == SSL_PKEY_ECC) {
+                if (!ssl_check_srvr_ecc_cert_and_alg(s, s->session->peer_cert)) {
-                if (!ssl_check_srvr_ecc_cert_and_alg(s,
-                    s->session->peer_pkeys[idx].x509)) {
-                        /* check failed */
                        SSLerror(s, SSL_R_BAD_ECC_CERT);
                        goto fatal_err;
-                } else {
-                        return (1);
                }
+                return (1);
        }
-        pkey = X509_get_pubkey(s->session->peer_pkeys[idx].x509);
-        i = X509_certificate_type(s->session->peer_pkeys[idx].x509, pkey);
+        i = X509_certificate_type(s->session->peer_cert, NULL);
-        EVP_PKEY_free(pkey);
        /* Check that we have a certificate if we require one. */
        if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) {
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 36823d6462..546854b462 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.382 2022/01/11 18:39:28 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.383 2022/01/11 19:03:15 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -475,8 +475,9 @@ struct ssl_session_st {
        unsigned int sid_ctx_length;
        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-        /* This is the cert for the other end. */
+        /* Peer provided leaf (end-entity) certificate. */
        X509 *peer_cert;
+        int peer_cert_type;
        /* when app_verify_callback accepts a session where the peer's certificate
         * is not ok, we must remember the error for session reuse: */
@@ -513,14 +514,6 @@ struct ssl_session_st {
        STACK_OF(X509) *cert_chain; /* as received from peer */
-        /* The 'peer_...' members are used only by clients. */
-        int peer_cert_type;
-        /* Obviously we don't have the private keys of these,
-         * so maybe we shouldn't even use the SSL_CERT_PKEY type here. */
-        SSL_CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
-        SSL_CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
        size_t tlsext_ecpointformatlist_length;
        uint8_t *tlsext_ecpointformatlist; /* peer's list */
        size_t tlsext_supportedgroups_length;
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index a49076be74..44c2e846ba 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.108 2022/01/11 18:39:28 jsing Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.109 2022/01/11 19:03:15 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -230,8 +230,6 @@ SSL_SESSION_new(void)
        ss->next = NULL;
        ss->tlsext_hostname = NULL;
-        ss->peer_key = &ss->peer_pkeys[SSL_PKEY_RSA];
        ss->tlsext_ecpointformatlist_length = 0;
        ss->tlsext_ecpointformatlist = NULL;
        ss->tlsext_supportedgroups_length = 0;
@@ -763,8 +761,6 @@ SSL_SESSION_free(SSL_SESSION *ss)
        explicit_bzero(ss->session_id, sizeof ss->session_id);
        sk_X509_pop_free(ss->cert_chain, X509_free);
-        for (i = 0; i < SSL_PKEY_NUM; i++)
-                X509_free(ss->peer_pkeys[i].x509);
        X509_free(ss->peer_cert);
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 786362ea02..30545320b3 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.139 2022/01/11 18:39:28 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.140 2022/01/11 19:03:15 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1905,7 +1905,7 @@ ssl3_get_cert_verify(SSL *s)
        CBS cbs, signature;
        const struct ssl_sigalg *sigalg = NULL;
        uint16_t sigalg_value = SIGALG_NONE;
-        EVP_PKEY *pkey = NULL;
+        EVP_PKEY *pkey;
        X509 *peer_cert = NULL;
        EVP_MD_CTX *mctx = NULL;
        int al, verify;
@@ -1928,11 +1928,9 @@ ssl3_get_cert_verify(SSL *s)
        CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
-        if (s->session->peer_cert != NULL) {
+        peer_cert = s->session->peer_cert;
-                peer_cert = s->session->peer_cert;
+        pkey = X509_get0_pubkey(peer_cert);
-                pkey = X509_get_pubkey(peer_cert);
+        type = X509_certificate_type(peer_cert, pkey);
-                type = X509_certificate_type(peer_cert, pkey);
-        }
        if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
                S3I(s)->hs.tls12.reuse_message = 1;
@@ -2131,7 +2129,7 @@ ssl3_get_cert_verify(SSL *s)
        tls1_transcript_free(s);
 err:
        EVP_MD_CTX_free(mctx);
-        EVP_PKEY_free(pkey);
        return (ret);
 }
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 3e168a0b54..4b52f6cf62 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.92 2022/01/11 18:39:28 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.93 2022/01/11 19:03:15 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -561,7 +561,7 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
        X509 *cert = NULL;
        EVP_PKEY *pkey;
        const uint8_t *p;
-        int cert_idx, alert_desc;
+        int alert_desc, cert_type;
        int ret = 0;
        if ((certs = sk_X509_new_null()) == NULL)
@@ -625,24 +625,20 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
                goto err;
        if (EVP_PKEY_missing_parameters(pkey))
                goto err;
-        if ((cert_idx = ssl_cert_type(cert, pkey)) < 0)
+        if ((cert_type = ssl_cert_type(cert, pkey)) < 0)
                goto err;
-        sk_X509_pop_free(s->session->cert_chain, X509_free);
-        s->session->cert_chain = certs;
-        certs = NULL;
-        X509_up_ref(cert);
-        X509_free(s->session->peer_pkeys[cert_idx].x509);
-        s->session->peer_pkeys[cert_idx].x509 = cert;
-        s->session->peer_key = &s->session->peer_pkeys[cert_idx];
        X509_up_ref(cert);
        X509_free(s->session->peer_cert);
        s->session->peer_cert = cert;
+        s->session->peer_cert_type = cert_type;
        s->session->verify_result = s->verify_result;
+        sk_X509_pop_free(s->session->cert_chain, X509_free);
+        s->session->cert_chain = certs;
+        certs = NULL;
        if (ctx->ocsp_status_recv_cb != NULL &&
            !ctx->ocsp_status_recv_cb(ctx))
                goto err;
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 3330023430..10e49104d4 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.94 2022/01/11 18:39:28 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.95 2022/01/11 19:03:15 jsing Exp $ */
 /*
 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -857,7 +857,7 @@ tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
        X509 *cert = NULL;
        EVP_PKEY *pkey;
        const uint8_t *p;
-        int cert_idx;
+        int cert_type;
        int ret = 0;
        if (!CBS_get_u8_length_prefixed(cbs, &cert_request_context))
@@ -918,24 +918,20 @@ tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
                goto err;
        if (EVP_PKEY_missing_parameters(pkey))
                goto err;
-        if ((cert_idx = ssl_cert_type(cert, pkey)) < 0)
+        if ((cert_type = ssl_cert_type(cert, pkey)) < 0)
                goto err;
-        sk_X509_pop_free(s->session->cert_chain, X509_free);
-        s->session->cert_chain = certs;
-        certs = NULL;
-        X509_up_ref(cert);
-        X509_free(s->session->peer_pkeys[cert_idx].x509);
-        s->session->peer_pkeys[cert_idx].x509 = cert;
-        s->session->peer_key = &s->session->peer_pkeys[cert_idx];
        X509_up_ref(cert);
        X509_free(s->session->peer_cert);
        s->session->peer_cert = cert;
+        s->session->peer_cert_type = cert_type;
        s->session->verify_result = s->verify_result;
+        sk_X509_pop_free(s->session->cert_chain, X509_free);
+        s->session->cert_chain = certs;
+        certs = NULL;
        ctx->handshake_stage.hs_type |= WITH_CCV;
        ret = 1;

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 8b5ccd480a..61c1d71c8e 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.136 2022/01/11 18:39:28 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.137 2022/01/11 19:03:15 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1071,12 +1071,13 @@ ssl3_get_server_hello(SSL *s)
1071	int	1071	int
1072	ssl3_get_server_certificate(SSL *s)	1072	ssl3_get_server_certificate(SSL *s)
1073	{	1073	{
1074	int al, i, ret;
1075	CBS cbs, cert_list;	1074	CBS cbs, cert_list;
1076	X509 *x = NULL;	1075	X509 *x = NULL;
1077	const unsigned char *q;	1076	const unsigned char *q;
1078	STACK_OF(X509) *sk = NULL;	1077	STACK_OF(X509) *sk = NULL;
1079	EVP_PKEY *pkey = NULL;	1078	EVP_PKEY *pkey;
		1079	int cert_type;
		1080	int al, ret;
1080		1081
1081	if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A,	1082	if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A,
1082	SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0)	1083	SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0)
@@ -1144,12 +1145,11 @@ ssl3_get_server_certificate(SSL *s)
1144	x = NULL;	1145	x = NULL;
1145	}	1146	}
1146		1147
1147	i = ssl_verify_cert_chain(s, sk);	1148	if (ssl_verify_cert_chain(s, sk) <= 0 &&
1148	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) {	1149	s->verify_mode != SSL_VERIFY_NONE) {
1149	al = ssl_verify_alarm_type(s->verify_result);	1150	al = ssl_verify_alarm_type(s->verify_result);
1150	SSLerror(s, SSL_R_CERTIFICATE_VERIFY_FAILED);	1151	SSLerror(s, SSL_R_CERTIFICATE_VERIFY_FAILED);
1151	goto fatal_err;	1152	goto fatal_err;
1152
1153	}	1153	}
1154	ERR_clear_error(); /* but we keep s->verify_result */	1154	ERR_clear_error(); /* but we keep s->verify_result */
1155		1155
@@ -1159,39 +1159,31 @@ ssl3_get_server_certificate(SSL *s)
1159	*/	1159	*/
1160	x = sk_X509_value(sk, 0);	1160	x = sk_X509_value(sk, 0);
1161		1161
1162	pkey = X509_get_pubkey(x);	1162	if ((pkey = X509_get0_pubkey(x)) == NULL \|\|
1163		1163	EVP_PKEY_missing_parameters(pkey)) {
1164	if (pkey == NULL \|\| EVP_PKEY_missing_parameters(pkey)) {
1165	x = NULL;	1164	x = NULL;
1166	al = SSL3_AL_FATAL;	1165	al = SSL3_AL_FATAL;
1167	SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);	1166	SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
1168	goto fatal_err;	1167	goto fatal_err;
1169	}	1168	}
1170		1169	if ((cert_type = ssl_cert_type(x, pkey)) < 0) {
1171	i = ssl_cert_type(x, pkey);
1172	if (i < 0) {
1173	x = NULL;	1170	x = NULL;
1174	al = SSL3_AL_FATAL;	1171	al = SSL3_AL_FATAL;
1175	SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE);	1172	SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1176	goto fatal_err;	1173	goto fatal_err;
1177	}	1174	}
1178	s->session->peer_cert_type = i;
1179
1180	sk_X509_pop_free(s->session->cert_chain, X509_free);
1181	s->session->cert_chain = sk;
1182	sk = NULL;
1183
1184	X509_up_ref(x);
1185	X509_free(s->session->peer_pkeys[i].x509);
1186	s->session->peer_pkeys[i].x509 = x;
1187	s->session->peer_key = &s->session->peer_pkeys[i];
1188		1175
1189	X509_up_ref(x);	1176	X509_up_ref(x);
1190	X509_free(s->session->peer_cert);	1177	X509_free(s->session->peer_cert);
1191	s->session->peer_cert = x;	1178	s->session->peer_cert = x;
		1179	s->session->peer_cert_type = cert_type;
1192		1180
1193	s->session->verify_result = s->verify_result;	1181	s->session->verify_result = s->verify_result;
1194		1182
		1183	sk_X509_pop_free(s->session->cert_chain, X509_free);
		1184	s->session->cert_chain = sk;
		1185	sk = NULL;
		1186
1195	x = NULL;	1187	x = NULL;
1196	ret = 1;	1188	ret = 1;
1197		1189
@@ -1204,7 +1196,6 @@ ssl3_get_server_certificate(SSL *s)
1204	ssl3_send_alert(s, SSL3_AL_FATAL, al);	1196	ssl3_send_alert(s, SSL3_AL_FATAL, al);
1205	}	1197	}
1206	err:	1198	err:
1207	EVP_PKEY_free(pkey);
1208	X509_free(x);	1199	X509_free(x);
1209	sk_X509_pop_free(sk, X509_free);	1200	sk_X509_pop_free(sk, X509_free);
1210		1201
@@ -1377,12 +1368,12 @@ ssl3_get_server_key_exchange(SSL *s)
1377	EVP_PKEY_CTX *pctx;	1368	EVP_PKEY_CTX *pctx;
1378	EVP_PKEY *pkey = NULL;	1369	EVP_PKEY *pkey = NULL;
1379		1370
1380	if ((alg_a & SSL_aRSA) != 0) {	1371	if ((alg_a & SSL_aRSA) != 0 &&
1381	pkey = X509_get0_pubkey(	1372	s->session->peer_cert_type == SSL_PKEY_RSA) {
1382	s->session->peer_pkeys[SSL_PKEY_RSA].x509);	1373	pkey = X509_get0_pubkey(s->session->peer_cert);
1383	} else if ((alg_a & SSL_aECDSA) != 0) {	1374	} else if ((alg_a & SSL_aECDSA) != 0 &&
1384	pkey = X509_get0_pubkey(	1375	s->session->peer_cert_type == SSL_PKEY_ECC) {
1385	s->session->peer_pkeys[SSL_PKEY_ECC].x509);	1376	pkey = X509_get0_pubkey(s->session->peer_cert);
1386	}	1377	}
1387	if (pkey == NULL) {	1378	if (pkey == NULL) {
1388	al = SSL_AD_ILLEGAL_PARAMETER;	1379	al = SSL_AD_ILLEGAL_PARAMETER;
@@ -1800,7 +1791,7 @@ ssl3_send_client_kex_rsa(SSL s, CBB cbb)
1800	unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH];	1791	unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH];
1801	unsigned char *enc_pms = NULL;	1792	unsigned char *enc_pms = NULL;
1802	uint16_t max_legacy_version;	1793	uint16_t max_legacy_version;
1803	EVP_PKEY *pkey = NULL;	1794	EVP_PKEY *pkey;
1804	RSA *rsa;	1795	RSA *rsa;
1805	int ret = 0;	1796	int ret = 0;
1806	int enc_len;	1797	int enc_len;
@@ -1810,7 +1801,7 @@ ssl3_send_client_kex_rsa(SSL s, CBB cbb)
1810	* RSA-Encrypted Premaster Secret Message - RFC 5246 section 7.4.7.1.	1801	* RSA-Encrypted Premaster Secret Message - RFC 5246 section 7.4.7.1.
1811	*/	1802	*/
1812		1803
1813	pkey = X509_get_pubkey(s->session->peer_pkeys[SSL_PKEY_RSA].x509);	1804	pkey = X509_get0_pubkey(s->session->peer_cert);
1814	if (pkey == NULL \|\| (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) {	1805	if (pkey == NULL \|\| (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) {
1815	SSLerror(s, ERR_R_INTERNAL_ERROR);	1806	SSLerror(s, ERR_R_INTERNAL_ERROR);
1816	goto err;	1807	goto err;
@@ -1855,7 +1846,6 @@ ssl3_send_client_kex_rsa(SSL s, CBB cbb)
1855		1846
1856	err:	1847	err:
1857	explicit_bzero(pms, sizeof(pms));	1848	explicit_bzero(pms, sizeof(pms));
1858	EVP_PKEY_free(pkey);
1859	free(enc_pms);	1849	free(enc_pms);
1860		1850
1861	return ret;	1851	return ret;
@@ -1938,8 +1928,7 @@ ssl3_send_client_kex_gost(SSL s, CBB cbb)
1938	unsigned char premaster_secret[32], shared_ukm[32], tmp[256];	1928	unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
1939	EVP_PKEY_CTX *pkey_ctx = NULL;	1929	EVP_PKEY_CTX *pkey_ctx = NULL;
1940	EVP_MD_CTX *ukm_hash = NULL;	1930	EVP_MD_CTX *ukm_hash = NULL;
1941	EVP_PKEY *pub_key;	1931	EVP_PKEY *pkey;
1942	X509 *peer_cert;
1943	size_t msglen;	1932	size_t msglen;
1944	unsigned int md_len;	1933	unsigned int md_len;
1945	CBB gostblob;	1934	CBB gostblob;
@@ -1947,12 +1936,12 @@ ssl3_send_client_kex_gost(SSL s, CBB cbb)
1947	int ret = 0;	1936	int ret = 0;
1948		1937
1949	/* Get server sertificate PKEY and create ctx from it */	1938	/* Get server sertificate PKEY and create ctx from it */
1950	peer_cert = s->session->peer_pkeys[SSL_PKEY_GOST01].x509;	1939	pkey = X509_get0_pubkey(s->session->peer_cert);
1951	if ((pub_key = X509_get0_pubkey(peer_cert)) == NULL) {	1940	if (pkey == NULL \|\| s->session->peer_cert_type != SSL_PKEY_GOST01) {
1952	SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);	1941	SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
1953	goto err;	1942	goto err;
1954	}	1943	}
1955	if ((pkey_ctx = EVP_PKEY_CTX_new(pub_key, NULL)) == NULL) {	1944	if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
1956	SSLerror(s, ERR_R_MALLOC_FAILURE);	1945	SSLerror(s, ERR_R_MALLOC_FAILURE);
1957	goto err;	1946	goto err;
1958	}	1947	}
@@ -2449,9 +2438,8 @@ int
2449	ssl3_check_cert_and_algorithm(SSL *s)	2438	ssl3_check_cert_and_algorithm(SSL *s)
2450	{	2439	{
2451	long alg_k, alg_a;	2440	long alg_k, alg_a;
2452	EVP_PKEY *pkey = NULL;
2453	int nid = NID_undef;	2441	int nid = NID_undef;
2454	int i, idx;	2442	int i;
2455		2443
2456	alg_k = S3I(s)->hs.cipher->algorithm_mkey;	2444	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
2457	alg_a = S3I(s)->hs.cipher->algorithm_auth;	2445	alg_a = S3I(s)->hs.cipher->algorithm_auth;
@@ -2465,20 +2453,15 @@ ssl3_check_cert_and_algorithm(SSL *s)
2465		2453
2466	/* This is the passed certificate. */	2454	/* This is the passed certificate. */
2467		2455
2468	idx = s->session->peer_cert_type;	2456	if (s->session->peer_cert_type == SSL_PKEY_ECC) {
2469	if (idx == SSL_PKEY_ECC) {	2457	if (!ssl_check_srvr_ecc_cert_and_alg(s, s->session->peer_cert)) {
2470	if (!ssl_check_srvr_ecc_cert_and_alg(s,
2471	s->session->peer_pkeys[idx].x509)) {
2472	/* check failed */
2473	SSLerror(s, SSL_R_BAD_ECC_CERT);	2458	SSLerror(s, SSL_R_BAD_ECC_CERT);
2474	goto fatal_err;	2459	goto fatal_err;
2475	} else {
2476	return (1);
2477	}	2460	}
		2461	return (1);
2478	}	2462	}
2479	pkey = X509_get_pubkey(s->session->peer_pkeys[idx].x509);	2463
2480	i = X509_certificate_type(s->session->peer_pkeys[idx].x509, pkey);	2464	i = X509_certificate_type(s->session->peer_cert, NULL);
2481	EVP_PKEY_free(pkey);
2482		2465
2483	/* Check that we have a certificate if we require one. */	2466	/* Check that we have a certificate if we require one. */
2484	if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA\|EVP_PKT_SIGN)) {	2467	if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA\|EVP_PKT_SIGN)) {


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 36823d6462..546854b462 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.382 2022/01/11 18:39:28 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.383 2022/01/11 19:03:15 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -475,8 +475,9 @@ struct ssl_session_st {
475	unsigned int sid_ctx_length;	475	unsigned int sid_ctx_length;
476	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];	476	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
477		477
478	/* This is the cert for the other end. */	478	/* Peer provided leaf (end-entity) certificate. */
479	X509 *peer_cert;	479	X509 *peer_cert;
		480	int peer_cert_type;
480		481
481	/* when app_verify_callback accepts a session where the peer's certificate	482	/* when app_verify_callback accepts a session where the peer's certificate
482	* is not ok, we must remember the error for session reuse: */	483	* is not ok, we must remember the error for session reuse: */
@@ -513,14 +514,6 @@ struct ssl_session_st {
513		514
514	STACK_OF(X509) cert_chain; / as received from peer */	515	STACK_OF(X509) cert_chain; / as received from peer */
515		516
516	/* The 'peer_...' members are used only by clients. */
517	int peer_cert_type;
518
519	/* Obviously we don't have the private keys of these,
520	* so maybe we shouldn't even use the SSL_CERT_PKEY type here. */
521	SSL_CERT_PKEY peer_key; / points to an element of peer_pkeys (never NULL!) */
522	SSL_CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
523
524	size_t tlsext_ecpointformatlist_length;	517	size_t tlsext_ecpointformatlist_length;
525	uint8_t tlsext_ecpointformatlist; / peer's list */	518	uint8_t tlsext_ecpointformatlist; / peer's list */
526	size_t tlsext_supportedgroups_length;	519	size_t tlsext_supportedgroups_length;


diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index a49076be74..44c2e846ba 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_sess.c,v 1.108 2022/01/11 18:39:28 jsing Exp $ */	1	/* $OpenBSD: ssl_sess.c,v 1.109 2022/01/11 19:03:15 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -230,8 +230,6 @@ SSL_SESSION_new(void)
230	ss->next = NULL;	230	ss->next = NULL;
231	ss->tlsext_hostname = NULL;	231	ss->tlsext_hostname = NULL;
232		232
233	ss->peer_key = &ss->peer_pkeys[SSL_PKEY_RSA];
234
235	ss->tlsext_ecpointformatlist_length = 0;	233	ss->tlsext_ecpointformatlist_length = 0;
236	ss->tlsext_ecpointformatlist = NULL;	234	ss->tlsext_ecpointformatlist = NULL;
237	ss->tlsext_supportedgroups_length = 0;	235	ss->tlsext_supportedgroups_length = 0;
@@ -763,8 +761,6 @@ SSL_SESSION_free(SSL_SESSION *ss)
763	explicit_bzero(ss->session_id, sizeof ss->session_id);	761	explicit_bzero(ss->session_id, sizeof ss->session_id);
764		762
765	sk_X509_pop_free(ss->cert_chain, X509_free);	763	sk_X509_pop_free(ss->cert_chain, X509_free);
766	for (i = 0; i < SSL_PKEY_NUM; i++)
767	X509_free(ss->peer_pkeys[i].x509);
768		764
769	X509_free(ss->peer_cert);	765	X509_free(ss->peer_cert);
770		766


diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 786362ea02..30545320b3 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.139 2022/01/11 18:39:28 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.140 2022/01/11 19:03:15 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1905,7 +1905,7 @@ ssl3_get_cert_verify(SSL *s)
1905	CBS cbs, signature;	1905	CBS cbs, signature;
1906	const struct ssl_sigalg *sigalg = NULL;	1906	const struct ssl_sigalg *sigalg = NULL;
1907	uint16_t sigalg_value = SIGALG_NONE;	1907	uint16_t sigalg_value = SIGALG_NONE;
1908	EVP_PKEY *pkey = NULL;	1908	EVP_PKEY *pkey;
1909	X509 *peer_cert = NULL;	1909	X509 *peer_cert = NULL;
1910	EVP_MD_CTX *mctx = NULL;	1910	EVP_MD_CTX *mctx = NULL;
1911	int al, verify;	1911	int al, verify;
@@ -1928,11 +1928,9 @@ ssl3_get_cert_verify(SSL *s)
1928		1928
1929	CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);	1929	CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
1930		1930
1931	if (s->session->peer_cert != NULL) {	1931	peer_cert = s->session->peer_cert;
1932	peer_cert = s->session->peer_cert;	1932	pkey = X509_get0_pubkey(peer_cert);
1933	pkey = X509_get_pubkey(peer_cert);	1933	type = X509_certificate_type(peer_cert, pkey);
1934	type = X509_certificate_type(peer_cert, pkey);
1935	}
1936		1934
1937	if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) {	1935	if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
1938	S3I(s)->hs.tls12.reuse_message = 1;	1936	S3I(s)->hs.tls12.reuse_message = 1;
@@ -2131,7 +2129,7 @@ ssl3_get_cert_verify(SSL *s)
2131	tls1_transcript_free(s);	2129	tls1_transcript_free(s);
2132	err:	2130	err:
2133	EVP_MD_CTX_free(mctx);	2131	EVP_MD_CTX_free(mctx);
2134	EVP_PKEY_free(pkey);	2132
2135	return (ret);	2133	return (ret);
2136	}	2134	}
2137		2135


diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 3e168a0b54..4b52f6cf62 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_client.c,v 1.92 2022/01/11 18:39:28 jsing Exp $ */	1	/* $OpenBSD: tls13_client.c,v 1.93 2022/01/11 19:03:15 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -561,7 +561,7 @@ tls13_server_certificate_recv(struct tls13_ctx ctx, CBS cbs)
561	X509 *cert = NULL;	561	X509 *cert = NULL;
562	EVP_PKEY *pkey;	562	EVP_PKEY *pkey;
563	const uint8_t *p;	563	const uint8_t *p;
564	int cert_idx, alert_desc;	564	int alert_desc, cert_type;
565	int ret = 0;	565	int ret = 0;
566		566
567	if ((certs = sk_X509_new_null()) == NULL)	567	if ((certs = sk_X509_new_null()) == NULL)
@@ -625,24 +625,20 @@ tls13_server_certificate_recv(struct tls13_ctx ctx, CBS cbs)
625	goto err;	625	goto err;
626	if (EVP_PKEY_missing_parameters(pkey))	626	if (EVP_PKEY_missing_parameters(pkey))
627	goto err;	627	goto err;
628	if ((cert_idx = ssl_cert_type(cert, pkey)) < 0)	628	if ((cert_type = ssl_cert_type(cert, pkey)) < 0)
629	goto err;	629	goto err;
630		630
631	sk_X509_pop_free(s->session->cert_chain, X509_free);
632	s->session->cert_chain = certs;
633	certs = NULL;
634
635	X509_up_ref(cert);
636	X509_free(s->session->peer_pkeys[cert_idx].x509);
637	s->session->peer_pkeys[cert_idx].x509 = cert;
638	s->session->peer_key = &s->session->peer_pkeys[cert_idx];
639
640	X509_up_ref(cert);	631	X509_up_ref(cert);
641	X509_free(s->session->peer_cert);	632	X509_free(s->session->peer_cert);
642	s->session->peer_cert = cert;	633	s->session->peer_cert = cert;
		634	s->session->peer_cert_type = cert_type;
643		635
644	s->session->verify_result = s->verify_result;	636	s->session->verify_result = s->verify_result;
645		637
		638	sk_X509_pop_free(s->session->cert_chain, X509_free);
		639	s->session->cert_chain = certs;
		640	certs = NULL;
		641
646	if (ctx->ocsp_status_recv_cb != NULL &&	642	if (ctx->ocsp_status_recv_cb != NULL &&
647	!ctx->ocsp_status_recv_cb(ctx))	643	!ctx->ocsp_status_recv_cb(ctx))
648	goto err;	644	goto err;


diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 3330023430..10e49104d4 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_server.c,v 1.94 2022/01/11 18:39:28 jsing Exp $ */	1	/* $OpenBSD: tls13_server.c,v 1.95 2022/01/11 19:03:15 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -857,7 +857,7 @@ tls13_client_certificate_recv(struct tls13_ctx ctx, CBS cbs)
857	X509 *cert = NULL;	857	X509 *cert = NULL;
858	EVP_PKEY *pkey;	858	EVP_PKEY *pkey;
859	const uint8_t *p;	859	const uint8_t *p;
860	int cert_idx;	860	int cert_type;
861	int ret = 0;	861	int ret = 0;
862		862
863	if (!CBS_get_u8_length_prefixed(cbs, &cert_request_context))	863	if (!CBS_get_u8_length_prefixed(cbs, &cert_request_context))
@@ -918,24 +918,20 @@ tls13_client_certificate_recv(struct tls13_ctx ctx, CBS cbs)
918	goto err;	918	goto err;
919	if (EVP_PKEY_missing_parameters(pkey))	919	if (EVP_PKEY_missing_parameters(pkey))
920	goto err;	920	goto err;
921	if ((cert_idx = ssl_cert_type(cert, pkey)) < 0)	921	if ((cert_type = ssl_cert_type(cert, pkey)) < 0)
922	goto err;	922	goto err;
923		923
924	sk_X509_pop_free(s->session->cert_chain, X509_free);
925	s->session->cert_chain = certs;
926	certs = NULL;
927
928	X509_up_ref(cert);
929	X509_free(s->session->peer_pkeys[cert_idx].x509);
930	s->session->peer_pkeys[cert_idx].x509 = cert;
931	s->session->peer_key = &s->session->peer_pkeys[cert_idx];
932
933	X509_up_ref(cert);	924	X509_up_ref(cert);
934	X509_free(s->session->peer_cert);	925	X509_free(s->session->peer_cert);
935	s->session->peer_cert = cert;	926	s->session->peer_cert = cert;
		927	s->session->peer_cert_type = cert_type;
936		928
937	s->session->verify_result = s->verify_result;	929	s->session->verify_result = s->verify_result;
938		930
		931	sk_X509_pop_free(s->session->cert_chain, X509_free);
		932	s->session->cert_chain = certs;
		933	certs = NULL;
		934
939	ctx->handshake_stage.hs_type \|= WITH_CCV;	935	ctx->handshake_stage.hs_type \|= WITH_CCV;
940	ret = 1;	936	ret = 1;
941		937