diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 31 |
1 files changed, 13 insertions, 18 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index c2aa7e8190..f1b3d40e7c 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.37 2018/11/08 22:28:52 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.38 2018/11/09 00:34:55 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -170,6 +170,7 @@ | |||
| 170 | #endif | 170 | #endif |
| 171 | 171 | ||
| 172 | #include "bytestring.h" | 172 | #include "bytestring.h" |
| 173 | #include "ssl_sigalgs.h" | ||
| 173 | #include "ssl_tlsext.h" | 174 | #include "ssl_tlsext.h" |
| 174 | 175 | ||
| 175 | static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b); | 176 | static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b); |
| @@ -1431,9 +1432,8 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1431 | EVP_PKEY *pkey = NULL; | 1432 | EVP_PKEY *pkey = NULL; |
| 1432 | EVP_MD_CTX md_ctx; | 1433 | EVP_MD_CTX md_ctx; |
| 1433 | const unsigned char *param; | 1434 | const unsigned char *param; |
| 1434 | uint8_t hash_id, sig_id; | ||
| 1435 | long n, alg_k, alg_a; | 1435 | long n, alg_k, alg_a; |
| 1436 | int al, ok, sigalg; | 1436 | int al, ok; |
| 1437 | size_t param_len; | 1437 | size_t param_len; |
| 1438 | 1438 | ||
| 1439 | EVP_MD_CTX_init(&md_ctx); | 1439 | EVP_MD_CTX_init(&md_ctx); |
| @@ -1506,24 +1506,16 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1506 | /* if it was signed, check the signature */ | 1506 | /* if it was signed, check the signature */ |
| 1507 | if (pkey != NULL) { | 1507 | if (pkey != NULL) { |
| 1508 | if (SSL_USE_SIGALGS(s)) { | 1508 | if (SSL_USE_SIGALGS(s)) { |
| 1509 | if (!CBS_get_u8(&cbs, &hash_id)) | 1509 | uint16_t sigalg; |
| 1510 | goto truncated; | ||
| 1511 | if (!CBS_get_u8(&cbs, &sig_id)) | ||
| 1512 | goto truncated; | ||
| 1513 | 1510 | ||
| 1514 | if ((md = tls12_get_hash(hash_id)) == NULL) { | 1511 | if (!CBS_get_u16(&cbs, &sigalg)) |
| 1512 | goto truncated; | ||
| 1513 | if ((md = ssl_sigalg_md(sigalg)) == NULL) { | ||
| 1515 | SSLerror(s, SSL_R_UNKNOWN_DIGEST); | 1514 | SSLerror(s, SSL_R_UNKNOWN_DIGEST); |
| 1516 | al = SSL_AD_DECODE_ERROR; | 1515 | al = SSL_AD_DECODE_ERROR; |
| 1517 | goto f_err; | 1516 | goto f_err; |
| 1518 | } | 1517 | } |
| 1519 | 1518 | if (!ssl_sigalg_pkey_check(sigalg, pkey)) { | |
| 1520 | /* Check key type is consistent with signature. */ | ||
| 1521 | if ((sigalg = tls12_get_sigid(pkey)) == -1) { | ||
| 1522 | /* Should never happen */ | ||
| 1523 | SSLerror(s, ERR_R_INTERNAL_ERROR); | ||
| 1524 | goto err; | ||
| 1525 | } | ||
| 1526 | if (sigalg != sig_id) { | ||
| 1527 | SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); | 1519 | SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); |
| 1528 | al = SSL_AD_DECODE_ERROR; | 1520 | al = SSL_AD_DECODE_ERROR; |
| 1529 | goto f_err; | 1521 | goto f_err; |
| @@ -2409,10 +2401,13 @@ ssl3_send_client_verify(SSL *s) | |||
| 2409 | * using agreed digest and cached handshake records. | 2401 | * using agreed digest and cached handshake records. |
| 2410 | */ | 2402 | */ |
| 2411 | if (SSL_USE_SIGALGS(s)) { | 2403 | if (SSL_USE_SIGALGS(s)) { |
| 2412 | md = s->cert->key->digest; | 2404 | uint16_t sigalg; |
| 2413 | 2405 | ||
| 2406 | md = s->cert->key->digest; | ||
| 2414 | if (!tls1_transcript_data(s, &hdata, &hdatalen) || | 2407 | if (!tls1_transcript_data(s, &hdata, &hdatalen) || |
| 2415 | !tls12_get_hashandsig(&cert_verify, pkey, md)) { | 2408 | (sigalg = ssl_sigalg_value(pkey, md)) == |
| 2409 | SIGALG_NONE || | ||
| 2410 | !CBB_add_u16(&cert_verify, sigalg)) { | ||
| 2416 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 2411 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 2417 | goto err; | 2412 | goto err; |
| 2418 | } | 2413 | } |