EVP_PKEY DH client support.

author Dr. Stephen Henson <steve@openssl.org>

Thu, 17 Dec 2015 01:07:46 +0000 (01:07 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 23 Dec 2015 22:26:31 +0000 (22:26 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Thu, 17 Dec 2015 01:07:46 +0000 (01:07 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 23 Dec 2015 22:26:31 +0000 (22:26 +0000)
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c

index f7cdd93bb115b8e0854d7ebdd7037dede45f4d38..f3bf017042e4a6ddfd733f4bed50ae974fdfc051 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3377,11 +3377,13 @@ void ssl3_free(SSL *s)
  
  #ifndef OPENSSL_NO_DH
      DH_free(s->s3->tmp.dh);
-    DH_free(s->s3->peer_dh_tmp);
  #endif
+
  #ifndef OPENSSL_NO_EC
      EVP_PKEY_free(s->s3->tmp.pkey);
      s->s3->tmp.pkey = NULL;
+#endif
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
      EVP_PKEY_free(s->s3->peer_tmp);
      s->s3->peer_tmp = NULL;
  #endif
@@ -3414,15 +3416,15 @@ void ssl3_clear(SSL *s)
  #ifndef OPENSSL_NO_DH
      DH_free(s->s3->tmp.dh);
      s->s3->tmp.dh = NULL;
-    DH_free(s->s3->peer_dh_tmp);
-    s->s3->peer_dh_tmp = NULL;
  #endif
  #ifndef OPENSSL_NO_EC
      EVP_PKEY_free(s->s3->tmp.pkey);
      s->s3->tmp.pkey = NULL;
+    s->s3->is_probably_safari = 0;
+#endif
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
      EVP_PKEY_free(s->s3->peer_tmp);
      s->s3->peer_tmp = NULL;
-    s->s3->is_probably_safari = 0;
  #endif                         /* !OPENSSL_NO_EC */
  
      ssl3_free_digest_list(s);
@@ -3759,34 +3761,17 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
              return 0;
  
      case SSL_CTRL_GET_SERVER_TMP_KEY:
-        if (s->server || !s->session)
-            return 0;
-        else {
-            EVP_PKEY *ptmp;
-            int rv = 0;
-#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
-            if (s->s3->peer_dh_tmp == NULL && s->s3->peer_tmp == NULL)
-                return 0;
-#endif
-            ptmp = EVP_PKEY_new();
-            if (ptmp == NULL)
-                return 0;
-#ifndef OPENSSL_NO_DH
-            else if (s->s3->peer_dh_tmp != NULL)
-                rv = EVP_PKEY_set1_DH(ptmp, s->s3->peer_dh_tmp);
-#endif
-#ifndef OPENSSL_NO_EC
-            else if (s->s3->peer_tmp != NULL)
-                rv = EVP_PKEY_set1_EC_KEY(ptmp,
-                                          EVP_PKEY_get0_EC_KEY(s->s3->peer_tmp));
-#endif
-            if (rv) {
-                *(EVP_PKEY **)parg = ptmp;
-                return 1;
-            }
-            EVP_PKEY_free(ptmp);
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
+        if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
              return 0;
+        } else {
+            EVP_PKEY_up_ref(s->s3->peer_tmp);
+            *(EVP_PKEY **)parg = s->s3->peer_tmp;
+            return 1;
          }
+#else
+        return 0;
+#endif
  #ifndef OPENSSL_NO_EC
      case SSL_CTRL_GET_EC_POINT_FORMATS:
          {
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h

index 8a6678920f021ca91849dda1055b4441761d786b..c213aa471e814d74c6df95bc2f26b219fd38e98d 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1327,10 +1327,7 @@ typedef struct ssl3_state_st {
  #   endif                       /* !OPENSSL_NO_EC */
  
      /* For clients: peer temporary key */
-# ifndef OPENSSL_NO_DH
-    DH *peer_dh_tmp;
-# endif
-# ifndef OPENSSL_NO_EC
+# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
      EVP_PKEY *peer_tmp;
  # endif
  
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c

index e7c941357abfc947bb623ae48d20dfb35197eac4..46cb4b02efb791688a58d62d2eb5d60f80d12cb0 100644 (file)
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1581,9 +1581,6 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
  #ifndef OPENSSL_NO_RSA
      RSA *rsa = NULL;
  #endif
-#ifndef OPENSSL_NO_DH
-    DH *dh = NULL;
-#endif
  #ifndef OPENSSL_NO_EC
      EVP_PKEY_CTX *pctx = NULL;
  #endif
@@ -1600,11 +1597,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
  
      save_param_start = *pkt;
  
-#ifndef OPENSSL_NO_DH
-    DH_free(s->s3->peer_dh_tmp);
-    s->s3->peer_dh_tmp = NULL;
-#endif
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
      EVP_PKEY_free(s->s3->peer_tmp);
      s->s3->peer_tmp = NULL;
  #endif
@@ -1695,6 +1688,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
      else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
          PACKET prime, generator, pub_key;
  
+        DH *dh;
+
          if (!PACKET_get_length_prefixed_2(pkt, &prime)
              || !PACKET_get_length_prefixed_2(pkt, &generator)
              || !PACKET_get_length_prefixed_2(pkt, &pub_key)) {
@@ -1702,8 +1697,18 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
              goto f_err;
          }
  
-        if ((dh = DH_new()) == NULL) {
-            SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_DH_LIB);
+        s->s3->peer_tmp = EVP_PKEY_new();
+        dh = DH_new();
+
+        if (s->s3->peer_tmp == NULL || dh == NULL) {
+            SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+            DH_free(dh);
+            goto err;
+        }
+
+        if (EVP_PKEY_assign_DH(s->s3->peer_tmp, dh) == 0) {
+            SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
+            DH_free(dh);
              goto err;
          }
  
@@ -1731,9 +1736,6 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
          if (alg_a & (SSL_aRSA|SSL_aDSS))
              pkey = X509_get_pubkey(s->session->peer);
          /* else anonymous DH, so no certificate or pkey. */
-
-        s->s3->peer_dh_tmp = dh;
-        dh = NULL;
      }
  #endif                          /* !OPENSSL_NO_DH */
  
@@ -1915,9 +1917,6 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
  #ifndef OPENSSL_NO_RSA
      RSA_free(rsa);
  #endif
-#ifndef OPENSSL_NO_DH
-    DH_free(dh);
-#endif
  #ifndef OPENSSL_NO_EC
      EVP_PKEY_CTX_free(pctx);
  #endif
@@ -2243,8 +2242,10 @@ int tls_construct_client_key_exchange(SSL *s)
      unsigned char *q;
      EVP_PKEY *pkey = NULL;
  #endif
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
      EVP_PKEY *ckey = NULL, *skey = NULL;
+#endif
+#ifndef OPENSSL_NO_EC
      unsigned char *encodedPoint = NULL;
      int encoded_pt_len = 0;
  #endif
@@ -2391,52 +2392,30 @@ psk_err:
  #endif
  #ifndef OPENSSL_NO_DH
      else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
-        DH *dh_srvr, *dh_clnt;
-        if (s->s3->peer_dh_tmp == NULL) {
+        DH *dh_clnt = NULL;
+        skey = s->s3->peer_tmp;
+        if (skey == NULL) {
              SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
                     ERR_R_INTERNAL_ERROR);
              goto err;
          }
-        dh_srvr = s->s3->peer_dh_tmp;
-        /* generate a new random key */
-        if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
-            SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
-            goto err;
-        }
-        if (!DH_generate_key(dh_clnt)) {
-            SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
-            DH_free(dh_clnt);
-            goto err;
-        }
-
-        pmslen = DH_size(dh_clnt);
-        pms = OPENSSL_malloc(pmslen);
-        if (pms == NULL)
-            goto memerr;
-
-        /*
-         * use the 'p' output buffer for the DH key, but make sure to
-         * clear it out afterwards
-         */
-
-        n = DH_compute_key(pms, dh_srvr->pub_key, dh_clnt);
-        if (s->s3->peer_dh_tmp == NULL)
-            DH_free(dh_srvr);
+        ckey = ssl_generate_pkey(skey, NID_undef);
+        dh_clnt = EVP_PKEY_get0_DH(ckey);
  
-        if (n <= 0) {
-            SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
-            DH_free(dh_clnt);
+        if (dh_clnt == NULL || ssl_derive(s, ckey, skey) == 0) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+                   ERR_R_INTERNAL_ERROR);
              goto err;
          }
-        pmslen = n;
+
  
          /* send off the data */
          n = BN_num_bytes(dh_clnt->pub_key);
          s2n(n, p);
          BN_bn2bin(dh_clnt->pub_key, p);
          n += 2;
-
-        DH_free(dh_clnt);
+        EVP_PKEY_free(ckey);
+        ckey = NULL;
      }
  #endif
  
@@ -2666,6 +2645,8 @@ psk_err:
      s->s3->tmp.pms = NULL;
  #ifndef OPENSSL_NO_EC
      OPENSSL_free(encodedPoint);
+#endif
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
      EVP_PKEY_free(ckey);
  #endif
  #ifndef OPENSSL_NO_PSK
@@ -2927,9 +2908,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
  #endif
      long alg_k, alg_a;
      EVP_PKEY *pkey = NULL;
-#ifndef OPENSSL_NO_DH
-    DH *dh;
-#endif
      int al = SSL_AD_HANDSHAKE_FAILURE;
  
      alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
@@ -2938,9 +2916,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
      /* we don't have a certificate */
      if ((alg_a & SSL_aNULL) || (alg_k & SSL_kPSK))
          return (1);
-#ifndef OPENSSL_NO_DH
-    dh = s->s3->peer_dh_tmp;
-#endif
  
      /* This is the passed certificate */
  
@@ -2989,7 +2964,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
      }
  #endif
  #ifndef OPENSSL_NO_DH
-    if ((alg_k & SSL_kDHE) && (dh == NULL)) {
+    if ((alg_k & SSL_kDHE) && (s->s3->peer_tmp == NULL)) {
          al = SSL_AD_INTERNAL_ERROR;
          SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
          goto f_err;
author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 17 Dec 2015 01:07:46 +0000 (01:07 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 23 Dec 2015 22:26:31 +0000 (22:26 +0000)
ssl/s3_lib.c		patch \| blob \| history
ssl/ssl_locl.h		patch \| blob \| history
ssl/statem/statem_clnt.c		patch \| blob \| history