diff options
| author | jsing <> | 2017-03-01 14:01:24 +0000 |
|---|---|---|
| committer | jsing <> | 2017-03-01 14:01:24 +0000 |
| commit | 613ead8355aec8a2fe15dc50bc542e103c781b55 (patch) | |
| tree | f0f805682bcc8d26903692648cf6f3cfb6dab422 | |
| parent | 0cc22310c7e25a62c19ace035c038ac7a66671dd (diff) | |
| download | openbsd-613ead8355aec8a2fe15dc50bc542e103c781b55.tar.gz openbsd-613ead8355aec8a2fe15dc50bc542e103c781b55.tar.bz2 openbsd-613ead8355aec8a2fe15dc50bc542e103c781b55.zip | |
Convert ssl3_{get,send}_server_key_exchange() to EVP_md5_sha1().
ok inoguchi@
| -rw-r--r-- | src/lib/libssl/ssl_algs.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 33 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 36 |
3 files changed, 29 insertions, 44 deletions
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c index ee1919c725..efbf1a4f31 100644 --- a/src/lib/libssl/ssl_algs.c +++ b/src/lib/libssl/ssl_algs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_algs.c,v 1.23 2016/11/06 12:08:32 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_algs.c,v 1.24 2017/03/01 14:01:24 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -101,8 +101,10 @@ SSL_library_init(void) | |||
| 101 | #endif | 101 | #endif |
| 102 | 102 | ||
| 103 | EVP_add_digest(EVP_md5()); | 103 | EVP_add_digest(EVP_md5()); |
| 104 | EVP_add_digest(EVP_md5_sha1()); | ||
| 104 | EVP_add_digest_alias(SN_md5, "ssl2-md5"); | 105 | EVP_add_digest_alias(SN_md5, "ssl2-md5"); |
| 105 | EVP_add_digest_alias(SN_md5, "ssl3-md5"); | 106 | EVP_add_digest_alias(SN_md5, "ssl3-md5"); |
| 107 | |||
| 106 | EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ | 108 | EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ |
| 107 | EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); | 109 | EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); |
| 108 | EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); | 110 | EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); |
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index da4b966bc6..223190c0a0 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.6 2017/02/28 14:08:49 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.7 2017/03/01 14:01:24 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1472,29 +1472,20 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1472 | } | 1472 | } |
| 1473 | 1473 | ||
| 1474 | if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) { | 1474 | if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) { |
| 1475 | int num; | ||
| 1476 | |||
| 1477 | j = 0; | 1475 | j = 0; |
| 1478 | q = md_buf; | 1476 | q = md_buf; |
| 1479 | for (num = 2; num > 0; num--) { | 1477 | if (!EVP_DigestInit_ex(&md_ctx, EVP_md5_sha1(), NULL)) { |
| 1480 | if (!EVP_DigestInit_ex(&md_ctx, | 1478 | al = SSL_AD_INTERNAL_ERROR; |
| 1481 | (num == 2) ? EVP_md5() : EVP_sha1(), | 1479 | goto f_err; |
| 1482 | NULL)) { | ||
| 1483 | al = SSL_AD_INTERNAL_ERROR; | ||
| 1484 | goto f_err; | ||
| 1485 | } | ||
| 1486 | EVP_DigestUpdate(&md_ctx, | ||
| 1487 | s->s3->client_random, | ||
| 1488 | SSL3_RANDOM_SIZE); | ||
| 1489 | EVP_DigestUpdate(&md_ctx, | ||
| 1490 | s->s3->server_random, | ||
| 1491 | SSL3_RANDOM_SIZE); | ||
| 1492 | EVP_DigestUpdate(&md_ctx, param, param_len); | ||
| 1493 | EVP_DigestFinal_ex(&md_ctx, q, | ||
| 1494 | (unsigned int *)&i); | ||
| 1495 | q += i; | ||
| 1496 | j += i; | ||
| 1497 | } | 1480 | } |
| 1481 | EVP_DigestUpdate(&md_ctx, s->s3->client_random, | ||
| 1482 | SSL3_RANDOM_SIZE); | ||
| 1483 | EVP_DigestUpdate(&md_ctx, s->s3->server_random, | ||
| 1484 | SSL3_RANDOM_SIZE); | ||
| 1485 | EVP_DigestUpdate(&md_ctx, param, param_len); | ||
| 1486 | EVP_DigestFinal_ex(&md_ctx, q, (unsigned int *)&i); | ||
| 1487 | q += i; | ||
| 1488 | j += i; | ||
| 1498 | i = RSA_verify(NID_md5_sha1, md_buf, j, | 1489 | i = RSA_verify(NID_md5_sha1, md_buf, j, |
| 1499 | p, n, pkey->pkey.rsa); | 1490 | p, n, pkey->pkey.rsa); |
| 1500 | if (i < 0) { | 1491 | if (i < 0) { |
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 8e7c1f4418..ddf8755707 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.7 2017/02/28 14:08:50 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.8 2017/03/01 14:01:24 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1445,16 +1445,13 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1445 | unsigned char *params = NULL; | 1445 | unsigned char *params = NULL; |
| 1446 | size_t params_len; | 1446 | size_t params_len; |
| 1447 | unsigned char *q; | 1447 | unsigned char *q; |
| 1448 | int j, num; | ||
| 1449 | unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; | 1448 | unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; |
| 1450 | unsigned int u; | 1449 | unsigned int u; |
| 1451 | EVP_PKEY *pkey; | 1450 | EVP_PKEY *pkey; |
| 1452 | const EVP_MD *md = NULL; | 1451 | const EVP_MD *md = NULL; |
| 1453 | unsigned char *p, *d; | 1452 | unsigned char *p, *d; |
| 1454 | int al, i; | 1453 | int al, i, j, n, kn; |
| 1455 | unsigned long type; | 1454 | unsigned long type; |
| 1456 | int n; | ||
| 1457 | int kn; | ||
| 1458 | BUF_MEM *buf; | 1455 | BUF_MEM *buf; |
| 1459 | EVP_MD_CTX md_ctx; | 1456 | EVP_MD_CTX md_ctx; |
| 1460 | 1457 | ||
| @@ -1522,23 +1519,18 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1522 | if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) { | 1519 | if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) { |
| 1523 | q = md_buf; | 1520 | q = md_buf; |
| 1524 | j = 0; | 1521 | j = 0; |
| 1525 | for (num = 2; num > 0; num--) { | 1522 | if (!EVP_DigestInit_ex(&md_ctx, EVP_md5_sha1(), |
| 1526 | if (!EVP_DigestInit_ex(&md_ctx, | 1523 | NULL)) |
| 1527 | (num == 2) ? EVP_md5() : EVP_sha1(), | 1524 | goto err; |
| 1528 | NULL)) | 1525 | EVP_DigestUpdate(&md_ctx, s->s3->client_random, |
| 1529 | goto err; | 1526 | SSL3_RANDOM_SIZE); |
| 1530 | EVP_DigestUpdate(&md_ctx, | 1527 | EVP_DigestUpdate(&md_ctx, s->s3->server_random, |
| 1531 | s->s3->client_random, | 1528 | SSL3_RANDOM_SIZE); |
| 1532 | SSL3_RANDOM_SIZE); | 1529 | EVP_DigestUpdate(&md_ctx, d, n); |
| 1533 | EVP_DigestUpdate(&md_ctx, | 1530 | EVP_DigestFinal_ex(&md_ctx, q, |
| 1534 | s->s3->server_random, | 1531 | (unsigned int *)&i); |
| 1535 | SSL3_RANDOM_SIZE); | 1532 | q += i; |
| 1536 | EVP_DigestUpdate(&md_ctx, d, n); | 1533 | j += i; |
| 1537 | EVP_DigestFinal_ex(&md_ctx, q, | ||
| 1538 | (unsigned int *)&i); | ||
| 1539 | q += i; | ||
| 1540 | j += i; | ||
| 1541 | } | ||
| 1542 | if (RSA_sign(NID_md5_sha1, md_buf, j, | 1534 | if (RSA_sign(NID_md5_sha1, md_buf, j, |
| 1543 | &(p[2]), &u, pkey->pkey.rsa) <= 0) { | 1535 | &(p[2]), &u, pkey->pkey.rsa) <= 0) { |
| 1544 | SSLerror(s, ERR_R_RSA_LIB); | 1536 | SSLerror(s, ERR_R_RSA_LIB); |