sync code with last fixes and improvements from OpenBSD
This commit is contained in:
parent
bf0676207f
commit
8f31919cdb
GPG key ID:
F42C07F07E2E35B7
325 changed files with 2094 additions and 51856 deletions
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssl_clnt.c,v 1.158 2022/12/26 07:31:44 jmc Exp $ */
|
||||
/* $OpenBSD: ssl_clnt.c,v 1.160 2023/06/11 19:01:01 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
|
|
@ -1299,13 +1299,17 @@ ssl3_get_server_kex_ecdhe(SSL *s, CBS *cbs)
|
|||
static int
|
||||
ssl3_get_server_key_exchange(SSL *s)
|
||||
{
|
||||
CBS cbs, signature;
|
||||
CBB cbb;
|
||||
CBS cbs, params, signature;
|
||||
EVP_MD_CTX *md_ctx;
|
||||
const unsigned char *param;
|
||||
size_t param_len;
|
||||
unsigned char *signed_params = NULL;
|
||||
size_t signed_params_len;
|
||||
size_t params_len;
|
||||
long alg_k, alg_a;
|
||||
int al, ret;
|
||||
|
||||
memset(&cbb, 0, sizeof(cbb));
|
||||
|
||||
alg_k = s->s3->hs.cipher->algorithm_mkey;
|
||||
alg_a = s->s3->hs.cipher->algorithm_auth;
|
||||
|
||||
|
|
@ -1341,8 +1345,14 @@ ssl3_get_server_key_exchange(SSL *s)
|
|||
return (1);
|
||||
}
|
||||
|
||||
param = CBS_data(&cbs);
|
||||
param_len = CBS_len(&cbs);
|
||||
if (!CBB_init(&cbb, 0))
|
||||
goto err;
|
||||
if (!CBB_add_bytes(&cbb, s->s3->client_random, SSL3_RANDOM_SIZE))
|
||||
goto err;
|
||||
if (!CBB_add_bytes(&cbb, s->s3->server_random, SSL3_RANDOM_SIZE))
|
||||
goto err;
|
||||
|
||||
CBS_dup(&cbs, ¶ms);
|
||||
|
||||
if (alg_k & SSL_kDHE) {
|
||||
if (!ssl3_get_server_kex_dhe(s, &cbs))
|
||||
|
|
@ -1356,7 +1366,12 @@ ssl3_get_server_key_exchange(SSL *s)
|
|||
goto fatal_err;
|
||||
}
|
||||
|
||||
param_len -= CBS_len(&cbs);
|
||||
if ((params_len = CBS_offset(&cbs)) > CBS_len(¶ms))
|
||||
goto err;
|
||||
if (!CBB_add_bytes(&cbb, CBS_data(¶ms), params_len))
|
||||
goto err;
|
||||
if (!CBB_finish(&cbb, &signed_params, &signed_params_len))
|
||||
goto err;
|
||||
|
||||
/* if it was signed, check the signature */
|
||||
if ((alg_a & SSL_aNULL) == 0) {
|
||||
|
|
@ -1400,21 +1415,13 @@ ssl3_get_server_key_exchange(SSL *s)
|
|||
if (!EVP_DigestVerifyInit(md_ctx, &pctx, sigalg->md(),
|
||||
NULL, pkey))
|
||||
goto err;
|
||||
if (!EVP_DigestVerifyUpdate(md_ctx, s->s3->client_random,
|
||||
SSL3_RANDOM_SIZE))
|
||||
goto err;
|
||||
if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
|
||||
(!EVP_PKEY_CTX_set_rsa_padding(pctx,
|
||||
RSA_PKCS1_PSS_PADDING) ||
|
||||
!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)))
|
||||
goto err;
|
||||
if (!EVP_DigestVerifyUpdate(md_ctx, s->s3->server_random,
|
||||
SSL3_RANDOM_SIZE))
|
||||
goto err;
|
||||
if (!EVP_DigestVerifyUpdate(md_ctx, param, param_len))
|
||||
goto err;
|
||||
if (EVP_DigestVerifyFinal(md_ctx, CBS_data(&signature),
|
||||
CBS_len(&signature)) <= 0) {
|
||||
if (EVP_DigestVerify(md_ctx, CBS_data(&signature),
|
||||
CBS_len(&signature), signed_params, signed_params_len) <= 0) {
|
||||
al = SSL_AD_DECRYPT_ERROR;
|
||||
SSLerror(s, SSL_R_BAD_SIGNATURE);
|
||||
goto fatal_err;
|
||||
|
|
@ -1428,6 +1435,7 @@ ssl3_get_server_key_exchange(SSL *s)
|
|||
}
|
||||
|
||||
EVP_MD_CTX_free(md_ctx);
|
||||
free(signed_params);
|
||||
|
||||
return (1);
|
||||
|
||||
|
|
@ -1439,7 +1447,9 @@ ssl3_get_server_key_exchange(SSL *s)
|
|||
ssl3_send_alert(s, SSL3_AL_FATAL, al);
|
||||
|
||||
err:
|
||||
CBB_cleanup(&cbb);
|
||||
EVP_MD_CTX_free(md_ctx);
|
||||
free(signed_params);
|
||||
|
||||
return (-1);
|
||||
}
|
||||
|
|
@ -2125,12 +2135,7 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey,
|
|||
SSLerror(s, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestSignUpdate(mctx, hdata, hdata_len)) {
|
||||
SSLerror(s, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestSignFinal(mctx, NULL, &signature_len) ||
|
||||
signature_len == 0) {
|
||||
if (!EVP_DigestSign(mctx, NULL, &signature_len, hdata, hdata_len)) {
|
||||
SSLerror(s, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
|
@ -2138,7 +2143,7 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey,
|
|||
SSLerror(s, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestSignFinal(mctx, signature, &signature_len)) {
|
||||
if (!EVP_DigestSign(mctx, signature, &signature_len, hdata, hdata_len)) {
|
||||
SSLerror(s, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
|
@ -2267,12 +2272,7 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
|
|||
SSLerror(s, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestSignUpdate(mctx, hdata, hdata_len)) {
|
||||
SSLerror(s, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestSignFinal(mctx, NULL, &signature_len) ||
|
||||
signature_len == 0) {
|
||||
if (!EVP_DigestSign(mctx, NULL, &signature_len, hdata, hdata_len)) {
|
||||
SSLerror(s, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
|
@ -2280,7 +2280,7 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
|
|||
SSLerror(s, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestSignFinal(mctx, signature, &signature_len)) {
|
||||
if (!EVP_DigestSign(mctx, signature, &signature_len, hdata, hdata_len)) {
|
||||
SSLerror(s, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssl_srvr.c,v 1.153 2022/12/26 07:31:44 jmc Exp $ */
|
||||
/* $OpenBSD: ssl_srvr.c,v 1.155 2023/06/11 19:01:01 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
|
|
@ -1431,12 +1431,13 @@ ssl3_send_server_kex_ecdhe(SSL *s, CBB *cbb)
|
|||
static int
|
||||
ssl3_send_server_key_exchange(SSL *s)
|
||||
{
|
||||
CBB cbb, cbb_params, cbb_signature, server_kex;
|
||||
CBB cbb, cbb_signature, cbb_signed_params, server_kex;
|
||||
CBS params;
|
||||
const struct ssl_sigalg *sigalg = NULL;
|
||||
unsigned char *signed_params = NULL;
|
||||
size_t signed_params_len;
|
||||
unsigned char *signature = NULL;
|
||||
size_t signature_len = 0;
|
||||
unsigned char *params = NULL;
|
||||
size_t params_len;
|
||||
const EVP_MD *md = NULL;
|
||||
unsigned long type;
|
||||
EVP_MD_CTX *md_ctx = NULL;
|
||||
|
|
@ -1445,7 +1446,7 @@ ssl3_send_server_key_exchange(SSL *s)
|
|||
int al;
|
||||
|
||||
memset(&cbb, 0, sizeof(cbb));
|
||||
memset(&cbb_params, 0, sizeof(cbb_params));
|
||||
memset(&cbb_signed_params, 0, sizeof(cbb_signed_params));
|
||||
|
||||
if ((md_ctx = EVP_MD_CTX_new()) == NULL)
|
||||
goto err;
|
||||
|
|
@ -1456,15 +1457,26 @@ ssl3_send_server_key_exchange(SSL *s)
|
|||
SSL3_MT_SERVER_KEY_EXCHANGE))
|
||||
goto err;
|
||||
|
||||
if (!CBB_init(&cbb_params, 0))
|
||||
if (!CBB_init(&cbb_signed_params, 0))
|
||||
goto err;
|
||||
|
||||
if (!CBB_add_bytes(&cbb_signed_params, s->s3->client_random,
|
||||
SSL3_RANDOM_SIZE)) {
|
||||
SSLerror(s, ERR_R_INTERNAL_ERROR);
|
||||
goto err;
|
||||
}
|
||||
if (!CBB_add_bytes(&cbb_signed_params, s->s3->server_random,
|
||||
SSL3_RANDOM_SIZE)) {
|
||||
SSLerror(s, ERR_R_INTERNAL_ERROR);
|
||||
goto err;
|
||||
}
|
||||
|
||||
type = s->s3->hs.cipher->algorithm_mkey;
|
||||
if (type & SSL_kDHE) {
|
||||
if (!ssl3_send_server_kex_dhe(s, &cbb_params))
|
||||
if (!ssl3_send_server_kex_dhe(s, &cbb_signed_params))
|
||||
goto err;
|
||||
} else if (type & SSL_kECDHE) {
|
||||
if (!ssl3_send_server_kex_ecdhe(s, &cbb_params))
|
||||
if (!ssl3_send_server_kex_ecdhe(s, &cbb_signed_params))
|
||||
goto err;
|
||||
} else {
|
||||
al = SSL_AD_HANDSHAKE_FAILURE;
|
||||
|
|
@ -1472,10 +1484,16 @@ ssl3_send_server_key_exchange(SSL *s)
|
|||
goto fatal_err;
|
||||
}
|
||||
|
||||
if (!CBB_finish(&cbb_params, ¶ms, ¶ms_len))
|
||||
if (!CBB_finish(&cbb_signed_params, &signed_params,
|
||||
&signed_params_len))
|
||||
goto err;
|
||||
|
||||
if (!CBB_add_bytes(&server_kex, params, params_len))
|
||||
CBS_init(¶ms, signed_params, signed_params_len);
|
||||
if (!CBS_skip(¶ms, 2 * SSL3_RANDOM_SIZE))
|
||||
goto err;
|
||||
|
||||
if (!CBB_add_bytes(&server_kex, CBS_data(¶ms),
|
||||
CBS_len(¶ms)))
|
||||
goto err;
|
||||
|
||||
/* Add signature unless anonymous. */
|
||||
|
|
@ -1507,22 +1525,8 @@ ssl3_send_server_key_exchange(SSL *s)
|
|||
SSLerror(s, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestSignUpdate(md_ctx, s->s3->client_random,
|
||||
SSL3_RANDOM_SIZE)) {
|
||||
SSLerror(s, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestSignUpdate(md_ctx, s->s3->server_random,
|
||||
SSL3_RANDOM_SIZE)) {
|
||||
SSLerror(s, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestSignUpdate(md_ctx, params, params_len)) {
|
||||
SSLerror(s, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestSignFinal(md_ctx, NULL, &signature_len) ||
|
||||
!signature_len) {
|
||||
if (!EVP_DigestSign(md_ctx, NULL, &signature_len,
|
||||
signed_params, signed_params_len)) {
|
||||
SSLerror(s, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
|
@ -1530,7 +1534,8 @@ ssl3_send_server_key_exchange(SSL *s)
|
|||
SSLerror(s, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestSignFinal(md_ctx, signature, &signature_len)) {
|
||||
if (!EVP_DigestSign(md_ctx, signature, &signature_len,
|
||||
signed_params, signed_params_len)) {
|
||||
SSLerror(s, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
|
@ -1550,19 +1555,19 @@ ssl3_send_server_key_exchange(SSL *s)
|
|||
}
|
||||
|
||||
EVP_MD_CTX_free(md_ctx);
|
||||
free(params);
|
||||
free(signature);
|
||||
free(signed_params);
|
||||
|
||||
return (ssl3_handshake_write(s));
|
||||
|
||||
fatal_err:
|
||||
ssl3_send_alert(s, SSL3_AL_FATAL, al);
|
||||
err:
|
||||
CBB_cleanup(&cbb_params);
|
||||
CBB_cleanup(&cbb_signed_params);
|
||||
CBB_cleanup(&cbb);
|
||||
EVP_MD_CTX_free(md_ctx);
|
||||
free(params);
|
||||
free(signature);
|
||||
free(signed_params);
|
||||
|
||||
return (-1);
|
||||
}
|
||||
|
|
@ -2049,17 +2054,12 @@ ssl3_get_cert_verify(SSL *s)
|
|||
al = SSL_AD_INTERNAL_ERROR;
|
||||
goto fatal_err;
|
||||
}
|
||||
if (!EVP_DigestVerifyUpdate(mctx, hdata, hdatalen)) {
|
||||
if (EVP_DigestVerify(mctx, CBS_data(&signature),
|
||||
CBS_len(&signature), hdata, hdatalen) <= 0) {
|
||||
SSLerror(s, ERR_R_EVP_LIB);
|
||||
al = SSL_AD_INTERNAL_ERROR;
|
||||
goto fatal_err;
|
||||
}
|
||||
if (EVP_DigestVerifyFinal(mctx, CBS_data(&signature),
|
||||
CBS_len(&signature)) <= 0) {
|
||||
al = SSL_AD_DECRYPT_ERROR;
|
||||
SSLerror(s, SSL_R_BAD_SIGNATURE);
|
||||
goto fatal_err;
|
||||
}
|
||||
} else if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
|
||||
RSA *rsa;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: tls13_client.c,v 1.101 2022/11/26 16:08:56 tb Exp $ */
|
||||
/* $OpenBSD: tls13_client.c,v 1.102 2023/06/10 15:34:36 tb Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
|
||||
*
|
||||
|
|
@ -688,12 +688,8 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
|
|||
if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) {
|
||||
ctx->alert = TLS13_ALERT_DECRYPT_ERROR;
|
||||
goto err;
|
||||
}
|
||||
if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature),
|
||||
CBS_len(&signature)) <= 0) {
|
||||
if (EVP_DigestVerify(mdctx, CBS_data(&signature), CBS_len(&signature),
|
||||
sig_content, sig_content_len) <= 0) {
|
||||
ctx->alert = TLS13_ALERT_DECRYPT_ERROR;
|
||||
goto err;
|
||||
}
|
||||
|
|
@ -956,13 +952,11 @@ tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
|
|||
if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestSignUpdate(mdctx, sig_content, sig_content_len))
|
||||
goto err;
|
||||
if (EVP_DigestSignFinal(mdctx, NULL, &sig_len) <= 0)
|
||||
if (!EVP_DigestSign(mdctx, NULL, &sig_len, sig_content, sig_content_len))
|
||||
goto err;
|
||||
if ((sig = calloc(1, sig_len)) == NULL)
|
||||
goto err;
|
||||
if (EVP_DigestSignFinal(mdctx, sig, &sig_len) <= 0)
|
||||
if (!EVP_DigestSign(mdctx, sig, &sig_len, sig_content, sig_content_len))
|
||||
goto err;
|
||||
|
||||
if (!CBB_add_u16(cbb, sigalg->value))
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: tls13_server.c,v 1.105 2022/11/26 16:08:56 tb Exp $ */
|
||||
/* $OpenBSD: tls13_server.c,v 1.106 2023/06/10 15:34:36 tb Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
|
||||
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
|
||||
|
|
@ -754,13 +754,11 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
|
|||
if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestSignUpdate(mdctx, sig_content, sig_content_len))
|
||||
goto err;
|
||||
if (EVP_DigestSignFinal(mdctx, NULL, &sig_len) <= 0)
|
||||
if (!EVP_DigestSign(mdctx, NULL, &sig_len, sig_content, sig_content_len))
|
||||
goto err;
|
||||
if ((sig = calloc(1, sig_len)) == NULL)
|
||||
goto err;
|
||||
if (EVP_DigestSignFinal(mdctx, sig, &sig_len) <= 0)
|
||||
if (!EVP_DigestSign(mdctx, sig, &sig_len, sig_content, sig_content_len))
|
||||
goto err;
|
||||
|
||||
if (!CBB_add_u16(cbb, sigalg->value))
|
||||
|
|
@ -999,12 +997,8 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
|
|||
if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) {
|
||||
ctx->alert = TLS13_ALERT_DECRYPT_ERROR;
|
||||
goto err;
|
||||
}
|
||||
if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature),
|
||||
CBS_len(&signature)) <= 0) {
|
||||
if (EVP_DigestVerify(mdctx, CBS_data(&signature), CBS_len(&signature),
|
||||
sig_content, sig_content_len) <= 0) {
|
||||
ctx->alert = TLS13_ALERT_DECRYPT_ERROR;
|
||||
goto err;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue