diff options
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 92 |
1 files changed, 44 insertions, 48 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 0667ac8da3..80199d3f2e 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.61 2018/11/21 15:13:29 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.62 2018/12/07 07:22:09 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2149,55 +2149,53 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2149 | goto f_err; | 2149 | goto f_err; |
| 2150 | } | 2150 | } |
| 2151 | 2151 | ||
| 2152 | /* | 2152 | if (!SSL_USE_SIGALGS(s)) { |
| 2153 | * Check for broken implementations of GOST ciphersuites. | ||
| 2154 | * | ||
| 2155 | * If key is GOST and n is exactly 64, it is a bare | ||
| 2156 | * signature without length field. | ||
| 2157 | */ | ||
| 2158 | /* This hack is awful and needs to die in fire */ | ||
| 2159 | if ((pkey->type == NID_id_GostR3410_94 || | ||
| 2160 | pkey->type == NID_id_GostR3410_2001) && CBS_len(&cbs) == 64) { | ||
| 2161 | if (SSL_USE_SIGALGS(s)) | ||
| 2162 | goto truncated; | ||
| 2163 | CBS_dup(&cbs, &signature); | ||
| 2164 | if (!CBS_skip(&cbs, CBS_len(&cbs))) | ||
| 2165 | goto err; | ||
| 2166 | } else { | ||
| 2167 | if (SSL_USE_SIGALGS(s)) { | ||
| 2168 | uint16_t sigalg_value; | ||
| 2169 | |||
| 2170 | if (!CBS_get_u16(&cbs, &sigalg_value)) | ||
| 2171 | goto truncated; | ||
| 2172 | if ((sigalg = ssl_sigalg(sigalg_value, tls12_sigalgs, | ||
| 2173 | tls12_sigalgs_len)) == NULL || | ||
| 2174 | (md = sigalg->md()) == NULL) { | ||
| 2175 | SSLerror(s, SSL_R_UNKNOWN_DIGEST); | ||
| 2176 | al = SSL_AD_DECODE_ERROR; | ||
| 2177 | goto f_err; | ||
| 2178 | } | ||
| 2179 | if (!ssl_sigalg_pkey_ok(sigalg, pkey)) { | ||
| 2180 | SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); | ||
| 2181 | al = SSL_AD_DECODE_ERROR; | ||
| 2182 | goto f_err; | ||
| 2183 | } | ||
| 2184 | } | ||
| 2185 | if (!CBS_get_u16_length_prefixed(&cbs, &signature)) | 2153 | if (!CBS_get_u16_length_prefixed(&cbs, &signature)) |
| 2186 | goto err; | 2154 | goto err; |
| 2187 | } | 2155 | if (CBS_len(&signature) > EVP_PKEY_size(pkey)) { |
| 2188 | if (CBS_len(&signature) > EVP_PKEY_size(pkey)) { | 2156 | SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE); |
| 2189 | SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE); | 2157 | al = SSL_AD_DECODE_ERROR; |
| 2190 | al = SSL_AD_DECODE_ERROR; | 2158 | goto f_err; |
| 2191 | goto f_err; | 2159 | } |
| 2192 | } | 2160 | if (CBS_len(&cbs) != 0) { |
| 2193 | if (CBS_len(&cbs) != 0) { | 2161 | al = SSL_AD_DECODE_ERROR; |
| 2194 | al = SSL_AD_DECODE_ERROR; | 2162 | SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE); |
| 2195 | SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE); | 2163 | goto f_err; |
| 2196 | goto f_err; | 2164 | } |
| 2197 | } | 2165 | } |
| 2198 | 2166 | ||
| 2199 | if (SSL_USE_SIGALGS(s)) { | 2167 | if (SSL_USE_SIGALGS(s)) { |
| 2200 | EVP_PKEY_CTX *pctx; | 2168 | EVP_PKEY_CTX *pctx; |
| 2169 | uint16_t sigalg_value; | ||
| 2170 | |||
| 2171 | if (!CBS_get_u16(&cbs, &sigalg_value)) | ||
| 2172 | goto truncated; | ||
| 2173 | if ((sigalg = ssl_sigalg(sigalg_value, tls12_sigalgs, | ||
| 2174 | tls12_sigalgs_len)) == NULL || | ||
| 2175 | (md = sigalg->md()) == NULL) { | ||
| 2176 | SSLerror(s, SSL_R_UNKNOWN_DIGEST); | ||
| 2177 | al = SSL_AD_DECODE_ERROR; | ||
| 2178 | goto f_err; | ||
| 2179 | } | ||
| 2180 | if (!ssl_sigalg_pkey_ok(sigalg, pkey)) { | ||
| 2181 | SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); | ||
| 2182 | al = SSL_AD_DECODE_ERROR; | ||
| 2183 | goto f_err; | ||
| 2184 | } | ||
| 2185 | |||
| 2186 | if (!CBS_get_u16_length_prefixed(&cbs, &signature)) | ||
| 2187 | goto err; | ||
| 2188 | if (CBS_len(&signature) > EVP_PKEY_size(pkey)) { | ||
| 2189 | SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE); | ||
| 2190 | al = SSL_AD_DECODE_ERROR; | ||
| 2191 | goto f_err; | ||
| 2192 | } | ||
| 2193 | if (CBS_len(&cbs) != 0) { | ||
| 2194 | al = SSL_AD_DECODE_ERROR; | ||
| 2195 | SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE); | ||
| 2196 | goto f_err; | ||
| 2197 | } | ||
| 2198 | |||
| 2201 | if (!tls1_transcript_data(s, &hdata, &hdatalen)) { | 2199 | if (!tls1_transcript_data(s, &hdata, &hdatalen)) { |
| 2202 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 2200 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 2203 | al = SSL_AD_INTERNAL_ERROR; | 2201 | al = SSL_AD_INTERNAL_ERROR; |
| @@ -2250,9 +2248,8 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2250 | SSLerror(s, SSL_R_BAD_ECDSA_SIGNATURE); | 2248 | SSLerror(s, SSL_R_BAD_ECDSA_SIGNATURE); |
| 2251 | goto f_err; | 2249 | goto f_err; |
| 2252 | } | 2250 | } |
| 2253 | } else | ||
| 2254 | #ifndef OPENSSL_NO_GOST | 2251 | #ifndef OPENSSL_NO_GOST |
| 2255 | if (pkey->type == NID_id_GostR3410_94 || | 2252 | } else if (pkey->type == NID_id_GostR3410_94 || |
| 2256 | pkey->type == NID_id_GostR3410_2001) { | 2253 | pkey->type == NID_id_GostR3410_2001) { |
| 2257 | unsigned char sigbuf[128]; | 2254 | unsigned char sigbuf[128]; |
| 2258 | unsigned int siglen = sizeof(sigbuf); | 2255 | unsigned int siglen = sizeof(sigbuf); |
| @@ -2297,9 +2294,8 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2297 | } | 2294 | } |
| 2298 | 2295 | ||
| 2299 | EVP_PKEY_CTX_free(pctx); | 2296 | EVP_PKEY_CTX_free(pctx); |
| 2300 | } else | ||
| 2301 | #endif | 2297 | #endif |
| 2302 | { | 2298 | } else { |
| 2303 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 2299 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 2304 | al = SSL_AD_UNSUPPORTED_CERTIFICATE; | 2300 | al = SSL_AD_UNSUPPORTED_CERTIFICATE; |
| 2305 | goto f_err; | 2301 | goto f_err; |