diff options
| author | jsing <> | 2021-06-29 19:24:07 +0000 |
|---|---|---|
| committer | jsing <> | 2021-06-29 19:24:07 +0000 |
| commit | a9fca25b84daaf2725140dc9ed1fae79bc52327b (patch) | |
| tree | ca55a5ccce9f807b15c802be4db4036709e57de6 | |
| parent | 1c4ffb61b5971d1854050c16ef4555391ac12957 (diff) | |
| download | openbsd-a9fca25b84daaf2725140dc9ed1fae79bc52327b.tar.gz openbsd-a9fca25b84daaf2725140dc9ed1fae79bc52327b.tar.bz2 openbsd-a9fca25b84daaf2725140dc9ed1fae79bc52327b.zip | |
Convert legacy stack server to ssl_sigalg_for_peer().
ok inoguchi@ tb@
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 76 |
1 files changed, 29 insertions, 47 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 04e81a5d76..e3eeddab0f 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.115 2021/06/29 19:10:08 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.116 2021/06/29 19:24:07 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2113,7 +2113,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2113 | { | 2113 | { |
| 2114 | CBS cbs, signature; | 2114 | CBS cbs, signature; |
| 2115 | const struct ssl_sigalg *sigalg = NULL; | 2115 | const struct ssl_sigalg *sigalg = NULL; |
| 2116 | const EVP_MD *md = NULL; | 2116 | uint16_t sigalg_value = SIGALG_NONE; |
| 2117 | EVP_PKEY *pkey = NULL; | 2117 | EVP_PKEY *pkey = NULL; |
| 2118 | X509 *peer = NULL; | 2118 | X509 *peer = NULL; |
| 2119 | EVP_MD_CTX mctx; | 2119 | EVP_MD_CTX mctx; |
| @@ -2171,66 +2171,47 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2171 | goto fatal_err; | 2171 | goto fatal_err; |
| 2172 | } | 2172 | } |
| 2173 | 2173 | ||
| 2174 | if (!SSL_USE_SIGALGS(s)) { | ||
| 2175 | if (!CBS_get_u16_length_prefixed(&cbs, &signature)) | ||
| 2176 | goto err; | ||
| 2177 | if (CBS_len(&signature) > EVP_PKEY_size(pkey)) { | ||
| 2178 | SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE); | ||
| 2179 | al = SSL_AD_DECODE_ERROR; | ||
| 2180 | goto fatal_err; | ||
| 2181 | } | ||
| 2182 | if (CBS_len(&cbs) != 0) { | ||
| 2183 | al = SSL_AD_DECODE_ERROR; | ||
| 2184 | SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE); | ||
| 2185 | goto fatal_err; | ||
| 2186 | } | ||
| 2187 | } | ||
| 2188 | |||
| 2189 | if (SSL_USE_SIGALGS(s)) { | 2174 | if (SSL_USE_SIGALGS(s)) { |
| 2190 | EVP_PKEY_CTX *pctx; | ||
| 2191 | uint16_t sigalg_value; | ||
| 2192 | |||
| 2193 | if (!CBS_get_u16(&cbs, &sigalg_value)) | 2175 | if (!CBS_get_u16(&cbs, &sigalg_value)) |
| 2194 | goto decode_err; | 2176 | goto decode_err; |
| 2195 | if ((sigalg = ssl_sigalg_from_value( | 2177 | } |
| 2196 | S3I(s)->hs.negotiated_tls_version, sigalg_value)) == NULL || | 2178 | if (!CBS_get_u16_length_prefixed(&cbs, &signature)) |
| 2197 | (md = sigalg->md()) == NULL) { | 2179 | goto err; |
| 2198 | SSLerror(s, SSL_R_UNKNOWN_DIGEST); | 2180 | if (CBS_len(&cbs) != 0) { |
| 2199 | al = SSL_AD_DECODE_ERROR; | 2181 | al = SSL_AD_DECODE_ERROR; |
| 2200 | goto fatal_err; | 2182 | SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE); |
| 2201 | } | 2183 | goto fatal_err; |
| 2202 | if (!ssl_sigalg_pkey_ok(s, sigalg, pkey)) { | 2184 | } |
| 2203 | SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); | ||
| 2204 | al = SSL_AD_DECODE_ERROR; | ||
| 2205 | goto fatal_err; | ||
| 2206 | } | ||
| 2207 | 2185 | ||
| 2208 | if (!CBS_get_u16_length_prefixed(&cbs, &signature)) | 2186 | if (CBS_len(&signature) > EVP_PKEY_size(pkey)) { |
| 2209 | goto err; | 2187 | SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE); |
| 2210 | if (CBS_len(&signature) > EVP_PKEY_size(pkey)) { | 2188 | al = SSL_AD_DECODE_ERROR; |
| 2211 | SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE); | 2189 | goto fatal_err; |
| 2212 | al = SSL_AD_DECODE_ERROR; | 2190 | } |
| 2213 | goto fatal_err; | 2191 | |
| 2214 | } | 2192 | if ((sigalg = ssl_sigalg_for_peer(s, pkey, |
| 2215 | if (CBS_len(&cbs) != 0) { | 2193 | sigalg_value)) == NULL) { |
| 2216 | al = SSL_AD_DECODE_ERROR; | 2194 | al = SSL_AD_DECODE_ERROR; |
| 2217 | SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE); | 2195 | goto fatal_err; |
| 2218 | goto fatal_err; | 2196 | } |
| 2219 | } | 2197 | |
| 2198 | if (SSL_USE_SIGALGS(s)) { | ||
| 2199 | EVP_PKEY_CTX *pctx; | ||
| 2220 | 2200 | ||
| 2221 | if (!tls1_transcript_data(s, &hdata, &hdatalen)) { | 2201 | if (!tls1_transcript_data(s, &hdata, &hdatalen)) { |
| 2222 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 2202 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 2223 | al = SSL_AD_INTERNAL_ERROR; | 2203 | al = SSL_AD_INTERNAL_ERROR; |
| 2224 | goto fatal_err; | 2204 | goto fatal_err; |
| 2225 | } | 2205 | } |
| 2226 | if (!EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, pkey)) { | 2206 | if (!EVP_DigestVerifyInit(&mctx, &pctx, sigalg->md(), |
| 2207 | NULL, pkey)) { | ||
| 2227 | SSLerror(s, ERR_R_EVP_LIB); | 2208 | SSLerror(s, ERR_R_EVP_LIB); |
| 2228 | al = SSL_AD_INTERNAL_ERROR; | 2209 | al = SSL_AD_INTERNAL_ERROR; |
| 2229 | goto fatal_err; | 2210 | goto fatal_err; |
| 2230 | } | 2211 | } |
| 2231 | if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && | 2212 | if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && |
| 2232 | (!EVP_PKEY_CTX_set_rsa_padding | 2213 | (!EVP_PKEY_CTX_set_rsa_padding(pctx, |
| 2233 | (pctx, RSA_PKCS1_PSS_PADDING) || | 2214 | RSA_PKCS1_PSS_PADDING) || |
| 2234 | !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) { | 2215 | !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) { |
| 2235 | al = SSL_AD_INTERNAL_ERROR; | 2216 | al = SSL_AD_INTERNAL_ERROR; |
| 2236 | goto fatal_err; | 2217 | goto fatal_err; |
| @@ -2283,6 +2264,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2283 | unsigned char sigbuf[128]; | 2264 | unsigned char sigbuf[128]; |
| 2284 | unsigned int siglen = sizeof(sigbuf); | 2265 | unsigned int siglen = sizeof(sigbuf); |
| 2285 | EVP_PKEY_CTX *pctx; | 2266 | EVP_PKEY_CTX *pctx; |
| 2267 | const EVP_MD *md; | ||
| 2286 | int nid; | 2268 | int nid; |
| 2287 | 2269 | ||
| 2288 | if (!tls1_transcript_data(s, &hdata, &hdatalen)) { | 2270 | if (!tls1_transcript_data(s, &hdata, &hdatalen)) { |