diff options
| author | doug <> | 2015-07-24 03:50:12 +0000 |
|---|---|---|
| committer | doug <> | 2015-07-24 03:50:12 +0000 |
| commit | f81ac49bb30eb3dff10b31b642500814f0c6a464 (patch) | |
| tree | 8ba0367a88bfcffeb6081a35e3208c06d626a285 | |
| parent | 02469b82fc01a40a1ac05c9550dc105c6ab371a1 (diff) | |
| download | openbsd-f81ac49bb30eb3dff10b31b642500814f0c6a464.tar.gz openbsd-f81ac49bb30eb3dff10b31b642500814f0c6a464.tar.bz2 openbsd-f81ac49bb30eb3dff10b31b642500814f0c6a464.zip | |
Convert tls1_process_sigalgs to CBS.
ok miod@ jsing@
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_lib.c | 19 | ||||
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 19 |
2 files changed, 28 insertions, 10 deletions
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 70823bf8e7..2481a71f84 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.80 2015/07/19 20:32:18 doug Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.81 2015/07/24 03:50:12 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2336,26 +2336,35 @@ tls12_get_hash(unsigned char hash_alg) | |||
| 2336 | int | 2336 | int |
| 2337 | tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) | 2337 | tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) |
| 2338 | { | 2338 | { |
| 2339 | int i, idx; | 2339 | int idx; |
| 2340 | const EVP_MD *md; | 2340 | const EVP_MD *md; |
| 2341 | CERT *c = s->cert; | 2341 | CERT *c = s->cert; |
| 2342 | CBS cbs; | ||
| 2342 | 2343 | ||
| 2343 | /* Extension ignored for inappropriate versions */ | 2344 | /* Extension ignored for inappropriate versions */ |
| 2344 | if (!SSL_USE_SIGALGS(s)) | 2345 | if (!SSL_USE_SIGALGS(s)) |
| 2345 | return 1; | 2346 | return 1; |
| 2346 | 2347 | ||
| 2347 | /* Should never happen */ | 2348 | /* Should never happen */ |
| 2348 | if (!c) | 2349 | if (!c || dsize < 0) |
| 2349 | return 0; | 2350 | return 0; |
| 2350 | 2351 | ||
| 2352 | CBS_init(&cbs, data, dsize); | ||
| 2353 | |||
| 2351 | c->pkeys[SSL_PKEY_DSA_SIGN].digest = NULL; | 2354 | c->pkeys[SSL_PKEY_DSA_SIGN].digest = NULL; |
| 2352 | c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; | 2355 | c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; |
| 2353 | c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; | 2356 | c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; |
| 2354 | c->pkeys[SSL_PKEY_ECC].digest = NULL; | 2357 | c->pkeys[SSL_PKEY_ECC].digest = NULL; |
| 2355 | c->pkeys[SSL_PKEY_GOST01].digest = NULL; | 2358 | c->pkeys[SSL_PKEY_GOST01].digest = NULL; |
| 2356 | 2359 | ||
| 2357 | for (i = 0; i < dsize; i += 2) { | 2360 | while (CBS_len(&cbs) > 0) { |
| 2358 | unsigned char hash_alg = data[i], sig_alg = data[i + 1]; | 2361 | uint8_t hash_alg, sig_alg; |
| 2362 | |||
| 2363 | if (!CBS_get_u8(&cbs, &hash_alg) || | ||
| 2364 | !CBS_get_u8(&cbs, &sig_alg)) { | ||
| 2365 | /* Should never happen */ | ||
| 2366 | return 0; | ||
| 2367 | } | ||
| 2359 | 2368 | ||
| 2360 | switch (sig_alg) { | 2369 | switch (sig_alg) { |
| 2361 | case TLSEXT_signature_rsa: | 2370 | case TLSEXT_signature_rsa: |
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 70823bf8e7..2481a71f84 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.80 2015/07/19 20:32:18 doug Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.81 2015/07/24 03:50:12 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2336,26 +2336,35 @@ tls12_get_hash(unsigned char hash_alg) | |||
| 2336 | int | 2336 | int |
| 2337 | tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) | 2337 | tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) |
| 2338 | { | 2338 | { |
| 2339 | int i, idx; | 2339 | int idx; |
| 2340 | const EVP_MD *md; | 2340 | const EVP_MD *md; |
| 2341 | CERT *c = s->cert; | 2341 | CERT *c = s->cert; |
| 2342 | CBS cbs; | ||
| 2342 | 2343 | ||
| 2343 | /* Extension ignored for inappropriate versions */ | 2344 | /* Extension ignored for inappropriate versions */ |
| 2344 | if (!SSL_USE_SIGALGS(s)) | 2345 | if (!SSL_USE_SIGALGS(s)) |
| 2345 | return 1; | 2346 | return 1; |
| 2346 | 2347 | ||
| 2347 | /* Should never happen */ | 2348 | /* Should never happen */ |
| 2348 | if (!c) | 2349 | if (!c || dsize < 0) |
| 2349 | return 0; | 2350 | return 0; |
| 2350 | 2351 | ||
| 2352 | CBS_init(&cbs, data, dsize); | ||
| 2353 | |||
| 2351 | c->pkeys[SSL_PKEY_DSA_SIGN].digest = NULL; | 2354 | c->pkeys[SSL_PKEY_DSA_SIGN].digest = NULL; |
| 2352 | c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; | 2355 | c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; |
| 2353 | c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; | 2356 | c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; |
| 2354 | c->pkeys[SSL_PKEY_ECC].digest = NULL; | 2357 | c->pkeys[SSL_PKEY_ECC].digest = NULL; |
| 2355 | c->pkeys[SSL_PKEY_GOST01].digest = NULL; | 2358 | c->pkeys[SSL_PKEY_GOST01].digest = NULL; |
| 2356 | 2359 | ||
| 2357 | for (i = 0; i < dsize; i += 2) { | 2360 | while (CBS_len(&cbs) > 0) { |
| 2358 | unsigned char hash_alg = data[i], sig_alg = data[i + 1]; | 2361 | uint8_t hash_alg, sig_alg; |
| 2362 | |||
| 2363 | if (!CBS_get_u8(&cbs, &hash_alg) || | ||
| 2364 | !CBS_get_u8(&cbs, &sig_alg)) { | ||
| 2365 | /* Should never happen */ | ||
| 2366 | return 0; | ||
| 2367 | } | ||
| 2359 | 2368 | ||
| 2360 | switch (sig_alg) { | 2369 | switch (sig_alg) { |
| 2361 | case TLSEXT_signature_rsa: | 2370 | case TLSEXT_signature_rsa: |