diff options
Diffstat (limited to 'src/lib/libssl/s3_srvr.c')
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 78 | 
1 files changed, 56 insertions, 22 deletions
| diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index a9f82b39d2..e1b2f9cf2d 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.90 2014/11/16 14:12:47 jsing Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.91 2014/11/18 05:33:43 miod Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -159,6 +159,9 @@ | |||
| 159 | #include <openssl/buffer.h> | 159 | #include <openssl/buffer.h> | 
| 160 | #include <openssl/evp.h> | 160 | #include <openssl/evp.h> | 
| 161 | #include <openssl/dh.h> | 161 | #include <openssl/dh.h> | 
| 162 | #ifndef OPENSSL_NO_GOST | ||
| 163 | #include <openssl/gost.h> | ||
| 164 | #endif | ||
| 162 | #include <openssl/hmac.h> | 165 | #include <openssl/hmac.h> | 
| 163 | #include <openssl/md5.h> | 166 | #include <openssl/md5.h> | 
| 164 | #include <openssl/objects.h> | 167 | #include <openssl/objects.h> | 
| @@ -516,6 +519,7 @@ ssl3_accept(SSL *s) | |||
| 516 | ret = ssl3_get_client_key_exchange(s); | 519 | ret = ssl3_get_client_key_exchange(s); | 
| 517 | if (ret <= 0) | 520 | if (ret <= 0) | 
| 518 | goto end; | 521 | goto end; | 
| 522 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 519 | if (ret == 2) { | 523 | if (ret == 2) { | 
| 520 | /* | 524 | /* | 
| 521 | * For the ECDH ciphersuites when | 525 | * For the ECDH ciphersuites when | 
| @@ -535,7 +539,7 @@ ssl3_accept(SSL *s) | |||
| 535 | s->state = SSL3_ST_SR_FINISHED_A; | 539 | s->state = SSL3_ST_SR_FINISHED_A; | 
| 536 | #endif | 540 | #endif | 
| 537 | s->init_num = 0; | 541 | s->init_num = 0; | 
| 538 | } else if (SSL_USE_SIGALGS(s)) { | 542 | } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { | 
| 539 | s->state = SSL3_ST_SR_CERT_VRFY_A; | 543 | s->state = SSL3_ST_SR_CERT_VRFY_A; | 
| 540 | s->init_num = 0; | 544 | s->init_num = 0; | 
| 541 | if (!s->session->peer) | 545 | if (!s->session->peer) | 
| @@ -842,6 +846,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 842 | unsigned char *p, *d; | 846 | unsigned char *p, *d; | 
| 843 | SSL_CIPHER *c; | 847 | SSL_CIPHER *c; | 
| 844 | STACK_OF(SSL_CIPHER) *ciphers = NULL; | 848 | STACK_OF(SSL_CIPHER) *ciphers = NULL; | 
| 849 | unsigned long alg_k; | ||
| 845 | 850 | ||
| 846 | /* | 851 | /* | 
| 847 | * We do this so that we will respond with our native type. | 852 | * We do this so that we will respond with our native type. | 
| @@ -1175,7 +1180,9 @@ ssl3_get_client_hello(SSL *s) | |||
| 1175 | s->s3->tmp.new_cipher = s->session->cipher; | 1180 | s->s3->tmp.new_cipher = s->session->cipher; | 
| 1176 | } | 1181 | } | 
| 1177 | 1182 | ||
| 1178 | if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER)) { | 1183 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 
| 1184 | if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) || | ||
| 1185 | !(s->verify_mode & SSL_VERIFY_PEER)) { | ||
| 1179 | if (!ssl3_digest_cached_records(s)) { | 1186 | if (!ssl3_digest_cached_records(s)) { | 
| 1180 | al = SSL_AD_INTERNAL_ERROR; | 1187 | al = SSL_AD_INTERNAL_ERROR; | 
| 1181 | goto f_err; | 1188 | goto f_err; | 
| @@ -2336,7 +2343,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2336 | goto f_err; | 2343 | goto f_err; | 
| 2337 | } | 2344 | } | 
| 2338 | 2345 | ||
| 2339 | if (EVP_VerifyFinal(&mctx, p , i, pkey) <= 0) { | 2346 | if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) { | 
| 2340 | al = SSL_AD_DECRYPT_ERROR; | 2347 | al = SSL_AD_DECRYPT_ERROR; | 
| 2341 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 2348 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 
| 2342 | SSL_R_BAD_SIGNATURE); | 2349 | SSL_R_BAD_SIGNATURE); | 
| @@ -2384,38 +2391,65 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2384 | goto f_err; | 2391 | goto f_err; | 
| 2385 | } | 2392 | } | 
| 2386 | } else | 2393 | } else | 
| 2394 | #ifndef OPENSSL_NO_GOST | ||
| 2387 | if (pkey->type == NID_id_GostR3410_94 || | 2395 | if (pkey->type == NID_id_GostR3410_94 || | 
| 2388 | pkey->type == NID_id_GostR3410_2001) { | 2396 | pkey->type == NID_id_GostR3410_2001) { | 
| 2389 | unsigned char signature[64]; | 2397 | long hdatalen = 0; | 
| 2390 | int idx; | 2398 | void *hdata; | 
| 2399 | unsigned char signature[128]; | ||
| 2400 | unsigned int siglen = sizeof(signature); | ||
| 2401 | int nid; | ||
| 2391 | EVP_PKEY_CTX *pctx; | 2402 | EVP_PKEY_CTX *pctx; | 
| 2392 | 2403 | ||
| 2393 | if (i != 64) { | 2404 | hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); | 
| 2405 | if (hdatalen <= 0) { | ||
| 2394 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 2406 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 
| 2395 | SSL_R_WRONG_SIGNATURE_SIZE); | 2407 | ERR_R_INTERNAL_ERROR); | 
| 2396 | al = SSL_AD_DECODE_ERROR; | 2408 | al = SSL_AD_INTERNAL_ERROR; | 
| 2409 | goto f_err; | ||
| 2410 | } | ||
| 2411 | if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) || | ||
| 2412 | !(md = EVP_get_digestbynid(nid))) { | ||
| 2413 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2414 | ERR_R_EVP_LIB); | ||
| 2415 | al = SSL_AD_INTERNAL_ERROR; | ||
| 2397 | goto f_err; | 2416 | goto f_err; | 
| 2398 | } | 2417 | } | 
| 2399 | pctx = EVP_PKEY_CTX_new(pkey, NULL); | 2418 | pctx = EVP_PKEY_CTX_new(pkey, NULL); | 
| 2400 | if (pctx == NULL) { | 2419 | if (!pctx) { | 
| 2401 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 2420 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 
| 2402 | ERR_R_INTERNAL_ERROR); | 2421 | ERR_R_EVP_LIB); | 
| 2403 | al = SSL_AD_DECODE_ERROR; | 2422 | al = SSL_AD_INTERNAL_ERROR; | 
| 2404 | goto f_err; | 2423 | goto f_err; | 
| 2405 | } | 2424 | } | 
| 2406 | EVP_PKEY_verify_init(pctx); | 2425 | if (!EVP_DigestInit_ex(&mctx, md, NULL) || | 
| 2407 | for (idx = 0; idx < 64; idx++) | 2426 | !EVP_DigestUpdate(&mctx, hdata, hdatalen) || | 
| 2408 | signature[63 - idx] = p[idx]; | 2427 | !EVP_DigestFinal(&mctx, signature, &siglen) || | 
| 2409 | j = EVP_PKEY_verify(pctx, signature, 64, | 2428 | (EVP_PKEY_verify_init(pctx) <= 0) || | 
| 2410 | s->s3->tmp.cert_verify_md, 32); | 2429 | (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) || | 
| 2411 | EVP_PKEY_CTX_free(pctx); | 2430 | (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY, | 
| 2412 | if (j <= 0) { | 2431 | EVP_PKEY_CTRL_GOST_SIG_FORMAT, | 
| 2432 | GOST_SIG_FORMAT_RS_LE, | ||
| 2433 | NULL) <= 0)) { | ||
| 2434 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2435 | ERR_R_EVP_LIB); | ||
| 2436 | al = SSL_AD_INTERNAL_ERROR; | ||
| 2437 | EVP_PKEY_CTX_free(pctx); | ||
| 2438 | goto f_err; | ||
| 2439 | } | ||
| 2440 | |||
| 2441 | if (EVP_PKEY_verify(pctx, p, i, signature, siglen) <= 0) { | ||
| 2413 | al = SSL_AD_DECRYPT_ERROR; | 2442 | al = SSL_AD_DECRYPT_ERROR; | 
| 2414 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 2443 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 
| 2415 | SSL_R_BAD_ECDSA_SIGNATURE); | 2444 | SSL_R_BAD_SIGNATURE); | 
| 2445 | EVP_PKEY_CTX_free(pctx); | ||
| 2416 | goto f_err; | 2446 | goto f_err; | 
| 2417 | } | 2447 | } | 
| 2418 | } else { | 2448 | |
| 2449 | EVP_PKEY_CTX_free(pctx); | ||
| 2450 | } else | ||
| 2451 | #endif | ||
| 2452 | { | ||
| 2419 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 2453 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 
| 2420 | ERR_R_INTERNAL_ERROR); | 2454 | ERR_R_INTERNAL_ERROR); | 
| 2421 | al = SSL_AD_UNSUPPORTED_CERTIFICATE; | 2455 | al = SSL_AD_UNSUPPORTED_CERTIFICATE; | 
