diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 64 |
1 files changed, 22 insertions, 42 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 70b6fff6bf..1d1918b956 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.128 2022/01/08 12:59:58 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.129 2022/01/09 13:17:33 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1212,13 +1212,10 @@ ssl3_get_server_certificate(SSL *s) | |||
| 1212 | } | 1212 | } |
| 1213 | 1213 | ||
| 1214 | static int | 1214 | static int |
| 1215 | ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs) | 1215 | ssl3_get_server_kex_dhe(SSL *s, CBS *cbs) |
| 1216 | { | 1216 | { |
| 1217 | int nid = NID_dhKeyAgreement; | ||
| 1218 | int invalid_params, invalid_key; | 1217 | int invalid_params, invalid_key; |
| 1219 | long alg_a; | 1218 | int nid = NID_dhKeyAgreement; |
| 1220 | |||
| 1221 | alg_a = S3I(s)->hs.cipher->algorithm_auth; | ||
| 1222 | 1219 | ||
| 1223 | tls_key_share_free(S3I(s)->hs.key_share); | 1220 | tls_key_share_free(S3I(s)->hs.key_share); |
| 1224 | if ((S3I(s)->hs.key_share = tls_key_share_new_nid(nid)) == NULL) | 1221 | if ((S3I(s)->hs.key_share = tls_key_share_new_nid(nid)) == NULL) |
| @@ -1242,12 +1239,6 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs) | |||
| 1242 | goto err; | 1239 | goto err; |
| 1243 | } | 1240 | } |
| 1244 | 1241 | ||
| 1245 | if (alg_a & SSL_aRSA) | ||
| 1246 | *pkey = X509_get_pubkey(s->session->peer_pkeys[SSL_PKEY_RSA].x509); | ||
| 1247 | else | ||
| 1248 | /* XXX - Anonymous DH, so no certificate or pkey. */ | ||
| 1249 | *pkey = NULL; | ||
| 1250 | |||
| 1251 | return 1; | 1242 | return 1; |
| 1252 | 1243 | ||
| 1253 | decode_err: | 1244 | decode_err: |
| @@ -1259,14 +1250,11 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs) | |||
| 1259 | } | 1250 | } |
| 1260 | 1251 | ||
| 1261 | static int | 1252 | static int |
| 1262 | ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs) | 1253 | ssl3_get_server_kex_ecdhe(SSL *s, CBS *cbs) |
| 1263 | { | 1254 | { |
| 1264 | CBS public; | ||
| 1265 | uint8_t curve_type; | 1255 | uint8_t curve_type; |
| 1266 | uint16_t curve_id; | 1256 | uint16_t curve_id; |
| 1267 | long alg_a; | 1257 | CBS public; |
| 1268 | |||
| 1269 | alg_a = S3I(s)->hs.cipher->algorithm_auth; | ||
| 1270 | 1258 | ||
| 1271 | if (!CBS_get_u8(cbs, &curve_type)) | 1259 | if (!CBS_get_u8(cbs, &curve_type)) |
| 1272 | goto decode_err; | 1260 | goto decode_err; |
| @@ -1300,19 +1288,6 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs) | |||
| 1300 | if (!tls_key_share_peer_public(S3I(s)->hs.key_share, &public, NULL)) | 1288 | if (!tls_key_share_peer_public(S3I(s)->hs.key_share, &public, NULL)) |
| 1301 | goto err; | 1289 | goto err; |
| 1302 | 1290 | ||
| 1303 | /* | ||
| 1304 | * The ECC/TLS specification does not mention the use of DSA to sign | ||
| 1305 | * ECParameters in the server key exchange message. We do support RSA | ||
| 1306 | * and ECDSA. | ||
| 1307 | */ | ||
| 1308 | if (alg_a & SSL_aRSA) | ||
| 1309 | *pkey = X509_get_pubkey(s->session->peer_pkeys[SSL_PKEY_RSA].x509); | ||
| 1310 | else if (alg_a & SSL_aECDSA) | ||
| 1311 | *pkey = X509_get_pubkey(s->session->peer_pkeys[SSL_PKEY_ECC].x509); | ||
| 1312 | else | ||
| 1313 | /* XXX - Anonymous ECDH, so no certificate or pkey. */ | ||
| 1314 | *pkey = NULL; | ||
| 1315 | |||
| 1316 | return 1; | 1291 | return 1; |
| 1317 | 1292 | ||
| 1318 | decode_err: | 1293 | decode_err: |
| @@ -1326,7 +1301,6 @@ int | |||
| 1326 | ssl3_get_server_key_exchange(SSL *s) | 1301 | ssl3_get_server_key_exchange(SSL *s) |
| 1327 | { | 1302 | { |
| 1328 | CBS cbs, signature; | 1303 | CBS cbs, signature; |
| 1329 | EVP_PKEY *pkey = NULL; | ||
| 1330 | EVP_MD_CTX *md_ctx; | 1304 | EVP_MD_CTX *md_ctx; |
| 1331 | const unsigned char *param; | 1305 | const unsigned char *param; |
| 1332 | size_t param_len; | 1306 | size_t param_len; |
| @@ -1372,10 +1346,10 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1372 | param_len = CBS_len(&cbs); | 1346 | param_len = CBS_len(&cbs); |
| 1373 | 1347 | ||
| 1374 | if (alg_k & SSL_kDHE) { | 1348 | if (alg_k & SSL_kDHE) { |
| 1375 | if (!ssl3_get_server_kex_dhe(s, &pkey, &cbs)) | 1349 | if (!ssl3_get_server_kex_dhe(s, &cbs)) |
| 1376 | goto err; | 1350 | goto err; |
| 1377 | } else if (alg_k & SSL_kECDHE) { | 1351 | } else if (alg_k & SSL_kECDHE) { |
| 1378 | if (!ssl3_get_server_kex_ecdhe(s, &pkey, &cbs)) | 1352 | if (!ssl3_get_server_kex_ecdhe(s, &cbs)) |
| 1379 | goto err; | 1353 | goto err; |
| 1380 | } else if (alg_k != 0) { | 1354 | } else if (alg_k != 0) { |
| 1381 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1355 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| @@ -1386,10 +1360,24 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1386 | param_len -= CBS_len(&cbs); | 1360 | param_len -= CBS_len(&cbs); |
| 1387 | 1361 | ||
| 1388 | /* if it was signed, check the signature */ | 1362 | /* if it was signed, check the signature */ |
| 1389 | if (pkey != NULL) { | 1363 | if ((alg_a & SSL_aNULL) == 0) { |
| 1390 | uint16_t sigalg_value = SIGALG_NONE; | 1364 | uint16_t sigalg_value = SIGALG_NONE; |
| 1391 | const struct ssl_sigalg *sigalg; | 1365 | const struct ssl_sigalg *sigalg; |
| 1392 | EVP_PKEY_CTX *pctx; | 1366 | EVP_PKEY_CTX *pctx; |
| 1367 | EVP_PKEY *pkey = NULL; | ||
| 1368 | |||
| 1369 | if ((alg_a & SSL_aRSA) != 0) { | ||
| 1370 | pkey = X509_get0_pubkey( | ||
| 1371 | s->session->peer_pkeys[SSL_PKEY_RSA].x509); | ||
| 1372 | } else if ((alg_a & SSL_aECDSA) != 0) { | ||
| 1373 | pkey = X509_get0_pubkey( | ||
| 1374 | s->session->peer_pkeys[SSL_PKEY_ECC].x509); | ||
| 1375 | } | ||
| 1376 | if (pkey == NULL) { | ||
| 1377 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 1378 | SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE); | ||
| 1379 | goto err; | ||
| 1380 | } | ||
| 1393 | 1381 | ||
| 1394 | if (SSL_USE_SIGALGS(s)) { | 1382 | if (SSL_USE_SIGALGS(s)) { |
| 1395 | if (!CBS_get_u16(&cbs, &sigalg_value)) | 1383 | if (!CBS_get_u16(&cbs, &sigalg_value)) |
| @@ -1432,12 +1420,6 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1432 | SSLerror(s, SSL_R_BAD_SIGNATURE); | 1420 | SSLerror(s, SSL_R_BAD_SIGNATURE); |
| 1433 | goto fatal_err; | 1421 | goto fatal_err; |
| 1434 | } | 1422 | } |
| 1435 | } else { | ||
| 1436 | /* aNULL does not need public keys. */ | ||
| 1437 | if (!(alg_a & SSL_aNULL)) { | ||
| 1438 | SSLerror(s, ERR_R_INTERNAL_ERROR); | ||
| 1439 | goto err; | ||
| 1440 | } | ||
| 1441 | } | 1423 | } |
| 1442 | 1424 | ||
| 1443 | if (CBS_len(&cbs) != 0) { | 1425 | if (CBS_len(&cbs) != 0) { |
| @@ -1446,7 +1428,6 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1446 | goto fatal_err; | 1428 | goto fatal_err; |
| 1447 | } | 1429 | } |
| 1448 | 1430 | ||
| 1449 | EVP_PKEY_free(pkey); | ||
| 1450 | EVP_MD_CTX_free(md_ctx); | 1431 | EVP_MD_CTX_free(md_ctx); |
| 1451 | 1432 | ||
| 1452 | return (1); | 1433 | return (1); |
| @@ -1459,7 +1440,6 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1459 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 1440 | ssl3_send_alert(s, SSL3_AL_FATAL, al); |
| 1460 | 1441 | ||
| 1461 | err: | 1442 | err: |
| 1462 | EVP_PKEY_free(pkey); | ||
| 1463 | EVP_MD_CTX_free(md_ctx); | 1443 | EVP_MD_CTX_free(md_ctx); |
| 1464 | 1444 | ||
| 1465 | return (-1); | 1445 | return (-1); |