diff options
| author | jsing <> | 2022-01-09 15:28:47 +0000 |
|---|---|---|
| committer | jsing <> | 2022-01-09 15:28:47 +0000 |
| commit | 99a74d01dd8887de0c54a62e77d50a9f7ef35224 (patch) | |
| tree | ed9056dc51e37cc5096a934a9be2012e0113a8ef /src | |
| parent | 12dd2352d38b1ef2237d623bc6b869d169e71567 (diff) | |
| download | openbsd-99a74d01dd8887de0c54a62e77d50a9f7ef35224.tar.gz openbsd-99a74d01dd8887de0c54a62e77d50a9f7ef35224.tar.bz2 openbsd-99a74d01dd8887de0c54a62e77d50a9f7ef35224.zip | |
Fix GOST skip certificate verify handling.
GOST skip certificate verify handling got broken in r1.132 of s3_srvr.c
circa 2016. Prior to this, ssl3_get_client_key_exchange() returned an
'extra special' value to indicate that the state machine should skip
certificate verify. Fix this by setting and checking the
TLS1_FLAGS_SKIP_CERT_VERIFY flag, which is the same as is done in the
client.
ok inoguchi@ tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 30 |
1 files changed, 11 insertions, 19 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 7f7a176950..aa1b62c8db 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.134 2022/01/08 12:59:59 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.135 2022/01/09 15:28:47 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -539,15 +539,11 @@ ssl3_accept(SSL *s) | |||
| 539 | } | 539 | } |
| 540 | 540 | ||
| 541 | alg_k = S3I(s)->hs.cipher->algorithm_mkey; | 541 | alg_k = S3I(s)->hs.cipher->algorithm_mkey; |
| 542 | if (ret == 2) { | 542 | if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { |
| 543 | /* | 543 | /* |
| 544 | * For the ECDH ciphersuites when | 544 | * A GOST client may use the key from its |
| 545 | * the client sends its ECDH pub key in | 545 | * certificate for key exchange, in which case |
| 546 | * a certificate, the CertificateVerify | 546 | * the CertificateVerify message is not sent. |
| 547 | * message is not sent. | ||
| 548 | * Also for GOST ciphersuites when | ||
| 549 | * the client uses its key from the certificate | ||
| 550 | * for key exchange. | ||
| 551 | */ | 547 | */ |
| 552 | S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A; | 548 | S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A; |
| 553 | s->internal->init_num = 0; | 549 | s->internal->init_num = 0; |
| @@ -1780,7 +1776,6 @@ ssl3_get_client_kex_gost(SSL *s, CBS *cbs) | |||
| 1780 | size_t outlen = 32; | 1776 | size_t outlen = 32; |
| 1781 | CBS gostblob; | 1777 | CBS gostblob; |
| 1782 | int al; | 1778 | int al; |
| 1783 | int ret = 0; | ||
| 1784 | 1779 | ||
| 1785 | /* Get our certificate private key*/ | 1780 | /* Get our certificate private key*/ |
| 1786 | alg_a = S3I(s)->hs.cipher->algorithm_auth; | 1781 | alg_a = S3I(s)->hs.cipher->algorithm_auth; |
| @@ -1820,18 +1815,15 @@ ssl3_get_client_kex_gost(SSL *s, CBS *cbs) | |||
| 1820 | goto err; | 1815 | goto err; |
| 1821 | 1816 | ||
| 1822 | /* Check if pubkey from client certificate was used */ | 1817 | /* Check if pubkey from client certificate was used */ |
| 1823 | if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, | 1818 | if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, |
| 1824 | EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) | 1819 | 2, NULL) > 0) |
| 1825 | ret = 2; | 1820 | s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; |
| 1826 | else | 1821 | |
| 1827 | ret = 1; | ||
| 1828 | gerr: | 1822 | gerr: |
| 1829 | EVP_PKEY_free(client_pub_pkey); | 1823 | EVP_PKEY_free(client_pub_pkey); |
| 1830 | EVP_PKEY_CTX_free(pkey_ctx); | 1824 | EVP_PKEY_CTX_free(pkey_ctx); |
| 1831 | if (ret) | 1825 | |
| 1832 | return (ret); | 1826 | return 1; |
| 1833 | else | ||
| 1834 | goto err; | ||
| 1835 | 1827 | ||
| 1836 | decode_err: | 1828 | decode_err: |
| 1837 | al = SSL_AD_DECODE_ERROR; | 1829 | al = SSL_AD_DECODE_ERROR; |