mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Convert key exchange to one shot call

Browse Source 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
This commit is contained in:
Dr. Stephen Henson 2017-06-16 19:23:47 +01:00
parent 03327c8bf2
commit 72ceb6a692
4 changed files with 51 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
ssl/statem/statem_clnt.c
View File

@ -2170,6 +2170,9 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
PACKET params; PACKET params;
int maxsig; int maxsig;
const EVP_MD *md = NULL; const EVP_MD *md = NULL;
unsigned char *tbs;
size_t tbslen;
int rv;
/* /*
* |pkt| now points to the beginning of the signature, so the difference * |pkt| now points to the beginning of the signature, so the difference
@ -2185,7 +2188,6 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
if (SSL_USE_SIGALGS(s)) { if (SSL_USE_SIGALGS(s)) {
unsigned int sigalg; unsigned int sigalg;
int rv;
if (!PACKET_get_net_2(pkt, &sigalg)) { if (!PACKET_get_net_2(pkt, &sigalg)) {
al = SSL_AD_DECODE_ERROR; al = SSL_AD_DECODE_ERROR;
@ -2255,19 +2257,22 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
goto err; goto err;
} }
} }
if (EVP_DigestVerifyUpdate(md_ctx, &(s->s3->client_random[0]), tbslen = construct_key_exchange_tbs(s, &tbs, PACKET_data(&params),
SSL3_RANDOM_SIZE) <= 0 PACKET_remaining(&params));
|| EVP_DigestVerifyUpdate(md_ctx, &(s->s3->server_random[0]), if (tbslen == 0) {
SSL3_RANDOM_SIZE) <= 0 al = SSL_AD_INTERNAL_ERROR;
|| EVP_DigestVerifyUpdate(md_ctx, PACKET_data(&params), SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
PACKET_remaining(&params)) <= 0) { goto err;
}
rv = EVP_DigestVerify(md_ctx, PACKET_data(&signature),
PACKET_remaining(&signature), tbs, tbslen);
OPENSSL_free(tbs);
if (rv < 0) {
al = SSL_AD_INTERNAL_ERROR; al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB); SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
goto err; goto err;
} } else if (rv == 0) {
if (EVP_DigestVerifyFinal(md_ctx, PACKET_data(&signature),
PACKET_remaining(&signature)) <= 0) {
/* bad signature */
al = SSL_AD_DECRYPT_ERROR; al = SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE); SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
goto err; goto err;

18
ssl/statem/statem_lib.c
View File

@ -2132,3 +2132,21 @@ int construct_ca_names(SSL *s, WPACKET *pkt)
return 1; return 1;
} }
/* Create a buffer containing data to be signed for server key exchange */
size_t construct_key_exchange_tbs(const SSL *s, unsigned char **ptbs,
const void *param, size_t paramlen)
{
size_t tbslen = 2 * SSL3_RANDOM_SIZE + paramlen;
unsigned char *tbs = OPENSSL_malloc(tbslen);
if (tbs == NULL)
return 0;
memcpy(tbs, s->s3->client_random, SSL3_RANDOM_SIZE);
memcpy(tbs + SSL3_RANDOM_SIZE, s->s3->server_random, SSL3_RANDOM_SIZE);
memcpy(tbs + SSL3_RANDOM_SIZE * 2, param, paramlen);
*ptbs = tbs;
return tbslen;
}

2
ssl/statem/statem_locl.h
View File

@ -63,6 +63,8 @@ int check_in_list(SSL *s, unsigned int group_id, const unsigned char *groups,
int create_synthetic_message_hash(SSL *s); int create_synthetic_message_hash(SSL *s);
int parse_ca_names(SSL *s, PACKET *pkt, int *al); int parse_ca_names(SSL *s, PACKET *pkt, int *al);
int construct_ca_names(SSL *s, WPACKET *pkt); int construct_ca_names(SSL *s, WPACKET *pkt);
size_t construct_key_exchange_tbs(const SSL *s, unsigned char **ptbs,
const void *param, size_t paramlen);
/* /*
* TLS/DTLS client state machine functions * TLS/DTLS client state machine functions

27
ssl/statem/statem_srvr.c
View File

@ -2410,9 +2410,10 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
/* not anonymous */ /* not anonymous */
if (lu != NULL) { if (lu != NULL) {
EVP_PKEY *pkey = s->s3->tmp.cert->privatekey; EVP_PKEY *pkey = s->s3->tmp.cert->privatekey;
const EVP_MD *md = ssl_md(lu->hash_idx); const EVP_MD *md;
unsigned char *sigbytes1, *sigbytes2; unsigned char *sigbytes1, *sigbytes2, *tbs;
size_t siglen; size_t siglen, tbslen;
int rv;
if (pkey == NULL || md == NULL) { if (pkey == NULL || md == NULL) {
/* Should never happen */ /* Should never happen */
@ -2456,15 +2457,17 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
goto f_err; goto f_err;
} }
} }
if (EVP_DigestSignUpdate(md_ctx, &(s->s3->client_random[0]), tbslen = construct_key_exchange_tbs(s, &tbs,
SSL3_RANDOM_SIZE) <= 0 s->init_buf->data + paramoffset,
|| EVP_DigestSignUpdate(md_ctx, &(s->s3->server_random[0]), paramlen);
SSL3_RANDOM_SIZE) <= 0 if (tbslen == 0) {
|| EVP_DigestSignUpdate(md_ctx, SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
s->init_buf->data + paramoffset, ERR_R_MALLOC_FAILURE);
paramlen) <= 0 goto f_err;
|| EVP_DigestSignFinal(md_ctx, sigbytes1, &siglen) <= 0 }
|| !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2) rv = EVP_DigestSign(md_ctx, sigbytes1, &siglen, tbs, tbslen);
OPENSSL_free(tbs);
if (rv <= 0 || !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2)
|| sigbytes1 != sigbytes2) { || sigbytes1 != sigbytes2) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);