-/* $OpenBSD: ssl_clnt.c,v 1.159 2023/06/11 18:50:51 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.160 2023/06/11 19:01:01 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
static int
ssl3_get_server_key_exchange(SSL *s)
{
- CBS cbs, signature;
+ CBB cbb;
+ CBS cbs, params, signature;
EVP_MD_CTX *md_ctx;
- const unsigned char *param;
- size_t param_len;
+ unsigned char *signed_params = NULL;
+ size_t signed_params_len;
+ size_t params_len;
long alg_k, alg_a;
int al, ret;
+ memset(&cbb, 0, sizeof(cbb));
+
alg_k = s->s3->hs.cipher->algorithm_mkey;
alg_a = s->s3->hs.cipher->algorithm_auth;
return (1);
}
- param = CBS_data(&cbs);
- param_len = CBS_len(&cbs);
+ if (!CBB_init(&cbb, 0))
+ goto err;
+ if (!CBB_add_bytes(&cbb, s->s3->client_random, SSL3_RANDOM_SIZE))
+ goto err;
+ if (!CBB_add_bytes(&cbb, s->s3->server_random, SSL3_RANDOM_SIZE))
+ goto err;
+
+ CBS_dup(&cbs, ¶ms);
if (alg_k & SSL_kDHE) {
if (!ssl3_get_server_kex_dhe(s, &cbs))
goto fatal_err;
}
- param_len -= CBS_len(&cbs);
+ if ((params_len = CBS_offset(&cbs)) > CBS_len(¶ms))
+ goto err;
+ if (!CBB_add_bytes(&cbb, CBS_data(¶ms), params_len))
+ goto err;
+ if (!CBB_finish(&cbb, &signed_params, &signed_params_len))
+ goto err;
/* if it was signed, check the signature */
if ((alg_a & SSL_aNULL) == 0) {
if (!EVP_DigestVerifyInit(md_ctx, &pctx, sigalg->md(),
NULL, pkey))
goto err;
- if (!EVP_DigestVerifyUpdate(md_ctx, s->s3->client_random,
- SSL3_RANDOM_SIZE))
- goto err;
if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
(!EVP_PKEY_CTX_set_rsa_padding(pctx,
RSA_PKCS1_PSS_PADDING) ||
!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)))
goto err;
- if (!EVP_DigestVerifyUpdate(md_ctx, s->s3->server_random,
- SSL3_RANDOM_SIZE))
- goto err;
- if (!EVP_DigestVerifyUpdate(md_ctx, param, param_len))
- goto err;
- if (EVP_DigestVerifyFinal(md_ctx, CBS_data(&signature),
- CBS_len(&signature)) <= 0) {
+ if (EVP_DigestVerify(md_ctx, CBS_data(&signature),
+ CBS_len(&signature), signed_params, signed_params_len) <= 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerror(s, SSL_R_BAD_SIGNATURE);
goto fatal_err;
}
EVP_MD_CTX_free(md_ctx);
+ free(signed_params);
return (1);
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
+ CBB_cleanup(&cbb);
EVP_MD_CTX_free(md_ctx);
+ free(signed_params);
return (-1);
}
-/* $OpenBSD: ssl_srvr.c,v 1.154 2023/06/11 18:50:51 tb Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.155 2023/06/11 19:01:01 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
static int
ssl3_send_server_key_exchange(SSL *s)
{
- CBB cbb, cbb_params, cbb_signature, server_kex;
+ CBB cbb, cbb_signature, cbb_signed_params, server_kex;
+ CBS params;
const struct ssl_sigalg *sigalg = NULL;
+ unsigned char *signed_params = NULL;
+ size_t signed_params_len;
unsigned char *signature = NULL;
size_t signature_len = 0;
- unsigned char *params = NULL;
- size_t params_len;
const EVP_MD *md = NULL;
unsigned long type;
EVP_MD_CTX *md_ctx = NULL;
int al;
memset(&cbb, 0, sizeof(cbb));
- memset(&cbb_params, 0, sizeof(cbb_params));
+ memset(&cbb_signed_params, 0, sizeof(cbb_signed_params));
if ((md_ctx = EVP_MD_CTX_new()) == NULL)
goto err;
SSL3_MT_SERVER_KEY_EXCHANGE))
goto err;
- if (!CBB_init(&cbb_params, 0))
+ if (!CBB_init(&cbb_signed_params, 0))
goto err;
+ if (!CBB_add_bytes(&cbb_signed_params, s->s3->client_random,
+ SSL3_RANDOM_SIZE)) {
+ SSLerror(s, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ if (!CBB_add_bytes(&cbb_signed_params, s->s3->server_random,
+ SSL3_RANDOM_SIZE)) {
+ SSLerror(s, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
type = s->s3->hs.cipher->algorithm_mkey;
if (type & SSL_kDHE) {
- if (!ssl3_send_server_kex_dhe(s, &cbb_params))
+ if (!ssl3_send_server_kex_dhe(s, &cbb_signed_params))
goto err;
} else if (type & SSL_kECDHE) {
- if (!ssl3_send_server_kex_ecdhe(s, &cbb_params))
+ if (!ssl3_send_server_kex_ecdhe(s, &cbb_signed_params))
goto err;
} else {
al = SSL_AD_HANDSHAKE_FAILURE;
goto fatal_err;
}
- if (!CBB_finish(&cbb_params, ¶ms, ¶ms_len))
+ if (!CBB_finish(&cbb_signed_params, &signed_params,
+ &signed_params_len))
+ goto err;
+
+ CBS_init(¶ms, signed_params, signed_params_len);
+ if (!CBS_skip(¶ms, 2 * SSL3_RANDOM_SIZE))
goto err;
- if (!CBB_add_bytes(&server_kex, params, params_len))
+ if (!CBB_add_bytes(&server_kex, CBS_data(¶ms),
+ CBS_len(¶ms)))
goto err;
/* Add signature unless anonymous. */
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
- if (!EVP_DigestSignUpdate(md_ctx, s->s3->client_random,
- SSL3_RANDOM_SIZE)) {
- SSLerror(s, ERR_R_EVP_LIB);
- goto err;
- }
- if (!EVP_DigestSignUpdate(md_ctx, s->s3->server_random,
- SSL3_RANDOM_SIZE)) {
- SSLerror(s, ERR_R_EVP_LIB);
- goto err;
- }
- if (!EVP_DigestSignUpdate(md_ctx, params, params_len)) {
- SSLerror(s, ERR_R_EVP_LIB);
- goto err;
- }
- if (!EVP_DigestSignFinal(md_ctx, NULL, &signature_len) ||
- !signature_len) {
+ if (!EVP_DigestSign(md_ctx, NULL, &signature_len,
+ signed_params, signed_params_len)) {
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
SSLerror(s, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (!EVP_DigestSignFinal(md_ctx, signature, &signature_len)) {
+ if (!EVP_DigestSign(md_ctx, signature, &signature_len,
+ signed_params, signed_params_len)) {
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
}
EVP_MD_CTX_free(md_ctx);
- free(params);
free(signature);
+ free(signed_params);
return (ssl3_handshake_write(s));
fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
- CBB_cleanup(&cbb_params);
+ CBB_cleanup(&cbb_signed_params);
CBB_cleanup(&cbb);
EVP_MD_CTX_free(md_ctx);
- free(params);
free(signature);
+ free(signed_params);
return (-1);
}
projects / openbsd / commitdiff