diff options
| -rw-r--r-- | lib/libssl/d1_srvr.c | 26 | ||||
| -rw-r--r-- | lib/libssl/s3_lib.c | 4 | ||||
| -rw-r--r-- | lib/libssl/ssl_ciph.c | 22 | ||||
| -rw-r--r-- | lib/libssl/ssl_clnt.c | 22 | ||||
| -rw-r--r-- | lib/libssl/ssl_locl.h | 8 | ||||
| -rw-r--r-- | lib/libssl/ssl_srvr.c | 32 | ||||
| -rw-r--r-- | lib/libssl/t1_enc.c | 97 |
7 files changed, 45 insertions, 166 deletions
diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c index 508e1317302..605f0a59ad9 100644 --- a/lib/libssl/d1_srvr.c +++ b/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.85 2017/03/05 14:24:12 jsing Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.86 2017/03/10 16:03:27 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -519,13 +519,23 @@ dtls1_accept(SSL *s) s->internal->state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; - /* We need to get hashes here so if there is - * a client cert, it can be verified */ - tls1_cert_verify_mac(s, - NID_md5, &(S3I(s)->tmp.cert_verify_md[0])); - tls1_cert_verify_mac(s, - NID_sha1, - &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); + /* + * We need to get hashes here so if there is + * a client cert, it can be verified. + */ + if (S3I(s)->handshake_buffer) { + if (!tls1_digest_cached_records(s)) { + ret = -1; + goto end; + } + } + if (!tls1_handshake_hash_value(s, + S3I(s)->tmp.cert_verify_md, + sizeof(S3I(s)->tmp.cert_verify_md), + NULL)) { + ret = -1; + goto end; + } } break; diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index d6bf6a45746..8d45e1f8c17 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.137 2017/03/05 14:39:53 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.138 2017/03/10 16:03:27 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1842,7 +1842,6 @@ ssl3_free(SSL *s) BIO_free(S3I(s)->handshake_buffer); - tls1_free_digest_list(s); tls1_handshake_hash_free(s); free(S3I(s)->alpn_selected); @@ -1884,7 +1883,6 @@ ssl3_clear(SSL *s) BIO_free(S3I(s)->handshake_buffer); S3I(s)->handshake_buffer = NULL; - tls1_free_digest_list(s); tls1_handshake_hash_free(s); free(S3I(s)->alpn_selected); diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index da48765aba2..49af292d6c0 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.95 2017/03/05 14:39:53 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.96 2017/03/10 16:03:27 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -193,12 +193,6 @@ static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = { 0, 0, 0, 0, 0, 0, 0, }; -static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = { - SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA, - SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, - SSL_HANDSHAKE_MAC_SHA384, SSL_HANDSHAKE_MAC_STREEBOG256, -}; - #define CIPHER_ADD 1 #define CIPHER_KILL 2 #define CIPHER_DEL 3 @@ -706,20 +700,6 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead) } int -ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) -{ - if (idx < 0 || idx >= SSL_MD_NUM_IDX) { - return 0; - } - *mask = ssl_handshake_digest_flag[idx]; - if (*mask) - *md = ssl_digest_methods[idx]; - else - *md = NULL; - return 1; -} - -int ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md) { *md = NULL; diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index 8dd30e87fba..1cdbf86c504 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.10 2017/03/05 14:39:53 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.11 2017/03/10 16:03:27 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2354,13 +2354,21 @@ ssl3_send_client_verify(SSL *s) pkey = s->cert->key->privatekey; pctx = EVP_PKEY_CTX_new(pkey, NULL); EVP_PKEY_sign_init(pctx); - if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) { - if (!SSL_USE_SIGALGS(s)) - tls1_cert_verify_mac(s, - NID_sha1, &(data[MD5_DIGEST_LENGTH])); - } else { + + /* XXX - is this needed? */ + if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) <= 0) ERR_clear_error(); + + if (!SSL_USE_SIGALGS(s)) { + if (S3I(s)->handshake_buffer) { + if (!tls1_digest_cached_records(s)) + goto err; + } + if (!tls1_handshake_hash_value(s, data, sizeof(data), + NULL)) + goto err; } + /* * For TLS v1.2 send signature algorithm and signature * using agreed digest and cached handshake records. @@ -2388,8 +2396,6 @@ ssl3_send_client_verify(SSL *s) if (!tls1_digest_cached_records(s)) goto err; } else if (pkey->type == EVP_PKEY_RSA) { - tls1_cert_verify_mac( - s, NID_md5, &(data[0])); if (RSA_sign(NID_md5_sha1, data, MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]), &u, pkey->pkey.rsa) <= 0 ) { diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 3f5d6fad202..b68b6801061 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.177 2017/03/05 14:39:53 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.178 2017/03/10 16:03:27 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -805,10 +805,6 @@ typedef struct ssl3_state_internal_st { /* used during startup, digest all incoming/outgoing packets */ BIO *handshake_buffer; - /* When set of handshake digests is determined, buffer is hashed - * and freed and MD_CTX-es for all required digests are stored in - * this array */ - EVP_MD_CTX **handshake_dgst; /* Rolling hash of handshake messages. */ EVP_MD_CTX *handshake_hash; @@ -1103,7 +1099,6 @@ void ssl_update_cache(SSL *s, int mode); int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size); int ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead); -int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md); int ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md); int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); @@ -1293,7 +1288,6 @@ int tls1_change_cipher_state(SSL *s, int which); int tls1_setup_key_block(SSL *s); int tls1_enc(SSL *s, int snd); int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *p); -int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); int tls1_mac(SSL *ssl, unsigned char *md, int snd); int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, int len); diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index a48cf246da5..d98a76f8f0a 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.10 2017/03/05 14:39:53 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.11 2017/03/10 16:03:27 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -493,18 +493,12 @@ ssl3_accept(SSL *s) goto end; } } else { - int offset = 0; - int dgst_num; - s->internal->state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; /* * We need to get hashes here so if there is - * a client cert, it can be verified - * FIXME - digest processing for - * CertificateVerify should be generalized. - * But it is next step + * a client cert, it can be verified. */ if (S3I(s)->handshake_buffer) { if (!tls1_digest_cached_records(s)) { @@ -512,22 +506,12 @@ ssl3_accept(SSL *s) goto end; } } - for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST; - dgst_num++) - if (S3I(s)->handshake_dgst[dgst_num]) { - int dgst_size; - - tls1_cert_verify_mac(s, - EVP_MD_CTX_type( - S3I(s)->handshake_dgst[dgst_num]), - &(S3I(s)->tmp.cert_verify_md[offset])); - dgst_size = EVP_MD_CTX_size( - S3I(s)->handshake_dgst[dgst_num]); - if (dgst_size < 0) { - ret = -1; - goto end; - } - offset += dgst_size; + if (!tls1_handshake_hash_value(s, + S3I(s)->tmp.cert_verify_md, + sizeof(S3I(s)->tmp.cert_verify_md), + NULL)) { + ret = -1; + goto end; } } break; diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index 0179ac30615..e9a97131347 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.101 2017/03/10 15:08:49 jsing Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.102 2017/03/10 16:03:27 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -165,7 +165,6 @@ int tls1_init_finished_mac(SSL *s) { BIO_free(S3I(s)->handshake_buffer); - tls1_free_digest_list(s); S3I(s)->handshake_buffer = BIO_new(BIO_s_mem()); if (S3I(s)->handshake_buffer == NULL) @@ -176,29 +175,9 @@ tls1_init_finished_mac(SSL *s) return (1); } -void -tls1_free_digest_list(SSL *s) -{ - int i; - - if (s == NULL) - return; - if (S3I(s)->handshake_dgst == NULL) - return; - - for (i = 0; i < SSL_MAX_DIGEST; i++) { - if (S3I(s)->handshake_dgst[i]) - EVP_MD_CTX_destroy(S3I(s)->handshake_dgst[i]); - } - free(S3I(s)->handshake_dgst); - S3I(s)->handshake_dgst = NULL; -} - int tls1_finish_mac(SSL *s, const unsigned char *buf, int len) { - int i; - if (len < 0) return 0; @@ -211,60 +190,21 @@ tls1_finish_mac(SSL *s, const unsigned char *buf, int len) return 1; } - for (i = 0; i < SSL_MAX_DIGEST; i++) { - if (S3I(s)->handshake_dgst[i] == NULL) - continue; - if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], buf, len)) { - SSLerror(s, ERR_R_EVP_LIB); - return 0; - } - } - return 1; } int tls1_digest_cached_records(SSL *s) { - const EVP_MD *md; - long hdatalen, mask; + long hdatalen; void *hdata; - int i; - - tls1_free_digest_list(s); - S3I(s)->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *)); - if (S3I(s)->handshake_dgst == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); if (hdatalen <= 0) { SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH); goto err; } - /* Loop through bits of the algorithm2 field and create MD contexts. */ - for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) { - if ((mask & ssl_get_algorithm2(s)) == 0 || md == NULL) - continue; - - S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create(); - if (S3I(s)->handshake_dgst[i] == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } - if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], hdata, - hdatalen)) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } - } - if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) { BIO_free(S3I(s)->handshake_buffer); S3I(s)->handshake_buffer = NULL; @@ -273,7 +213,6 @@ tls1_digest_cached_records(SSL *s) return 1; err: - tls1_free_digest_list(s); return 0; } @@ -1091,38 +1030,6 @@ tls1_enc(SSL *s, int send) } int -tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) -{ - EVP_MD_CTX ctx, *d = NULL; - unsigned int ret; - int i; - - if (S3I(s)->handshake_buffer) - if (!tls1_digest_cached_records(s)) - return 0; - - for (i = 0; i < SSL_MAX_DIGEST; i++) { - if (S3I(s)->handshake_dgst[i] && - EVP_MD_CTX_type(S3I(s)->handshake_dgst[i]) == md_nid) { - d = S3I(s)->handshake_dgst[i]; - break; - } - } - if (d == NULL) { - SSLerror(s, SSL_R_NO_REQUIRED_DIGEST); - return 0; - } - - EVP_MD_CTX_init(&ctx); - if (!EVP_MD_CTX_copy_ex(&ctx, d)) - return 0; - EVP_DigestFinal_ex(&ctx, out, &ret); - EVP_MD_CTX_cleanup(&ctx); - - return ((int)ret); -} - -int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out) { unsigned char buf1[EVP_MAX_MD_SIZE]; |