summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_clnt.c')
-rw-r--r--src/lib/libssl/ssl_clnt.c93
1 files changed, 50 insertions, 43 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index c53fbda4ba..fd78a8e8a5 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.30 2018/08/16 17:39:50 jsing Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.31 2018/08/17 16:28:21 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2362,19 +2362,25 @@ err:
2362int 2362int
2363ssl3_send_client_verify(SSL *s) 2363ssl3_send_client_verify(SSL *s)
2364{ 2364{
2365 unsigned char *p; 2365 CBB cbb, cert_verify, cbb_signature;
2366 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; 2366 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
2367 EVP_PKEY *pkey; 2367 unsigned char *signature = NULL;
2368 EVP_PKEY_CTX *pctx = NULL; 2368 unsigned int signature_len;
2369 EVP_MD_CTX mctx; 2369 EVP_PKEY_CTX *pctx = NULL;
2370 unsigned u = 0; 2370 EVP_PKEY *pkey;
2371 unsigned long n; 2371 EVP_MD_CTX mctx;
2372 int j; 2372 const EVP_MD *md;
2373 long hdatalen;
2374 void *hdata;
2373 2375
2374 EVP_MD_CTX_init(&mctx); 2376 EVP_MD_CTX_init(&mctx);
2375 2377
2378 memset(&cbb, 0, sizeof(cbb));
2379
2376 if (S3I(s)->hs.state == SSL3_ST_CW_CERT_VRFY_A) { 2380 if (S3I(s)->hs.state == SSL3_ST_CW_CERT_VRFY_A) {
2377 p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY); 2381 if (!ssl3_handshake_msg_start_cbb(s, &cbb, &cert_verify,
2382 SSL3_MT_CERTIFICATE_VERIFY))
2383 goto err;
2378 2384
2379 /* 2385 /*
2380 * Create context from key and test if sha1 is allowed as 2386 * Create context from key and test if sha1 is allowed as
@@ -2388,6 +2394,9 @@ ssl3_send_client_verify(SSL *s)
2388 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) <= 0) 2394 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) <= 0)
2389 ERR_clear_error(); 2395 ERR_clear_error();
2390 2396
2397 if ((signature = calloc(1, EVP_PKEY_size(pkey))) == NULL)
2398 goto err;
2399
2391 if (!SSL_USE_SIGALGS(s)) { 2400 if (!SSL_USE_SIGALGS(s)) {
2392 if (S3I(s)->handshake_buffer) { 2401 if (S3I(s)->handshake_buffer) {
2393 if (!tls1_digest_cached_records(s)) 2402 if (!tls1_digest_cached_records(s))
@@ -2403,55 +2412,44 @@ ssl3_send_client_verify(SSL *s)
2403 * using agreed digest and cached handshake records. 2412 * using agreed digest and cached handshake records.
2404 */ 2413 */
2405 if (SSL_USE_SIGALGS(s)) { 2414 if (SSL_USE_SIGALGS(s)) {
2406 long hdatalen = 0;
2407 void *hdata;
2408 const EVP_MD *md = s->cert->key->digest;
2409 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, 2415 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer,
2410 &hdata); 2416 &hdata);
2417 md = s->cert->key->digest;
2411 if (hdatalen <= 0 || 2418 if (hdatalen <= 0 ||
2412 !tls12_get_sigandhash(p, pkey, md)) { 2419 !tls12_get_sigandhash_cbb(&cert_verify, pkey, md)) {
2413 SSLerror(s, ERR_R_INTERNAL_ERROR); 2420 SSLerror(s, ERR_R_INTERNAL_ERROR);
2414 goto err; 2421 goto err;
2415 } 2422 }
2416 p += 2;
2417 if (!EVP_SignInit_ex(&mctx, md, NULL) || 2423 if (!EVP_SignInit_ex(&mctx, md, NULL) ||
2418 !EVP_SignUpdate(&mctx, hdata, hdatalen) || 2424 !EVP_SignUpdate(&mctx, hdata, hdatalen) ||
2419 !EVP_SignFinal(&mctx, p + 2, &u, pkey)) { 2425 !EVP_SignFinal(&mctx, signature, &signature_len,
2426 pkey)) {
2420 SSLerror(s, ERR_R_EVP_LIB); 2427 SSLerror(s, ERR_R_EVP_LIB);
2421 goto err; 2428 goto err;
2422 } 2429 }
2423 s2n(u, p);
2424 n = u + 4;
2425 if (!tls1_digest_cached_records(s)) 2430 if (!tls1_digest_cached_records(s))
2426 goto err; 2431 goto err;
2427 } else if (pkey->type == EVP_PKEY_RSA) { 2432 } else if (pkey->type == EVP_PKEY_RSA) {
2428 if (RSA_sign(NID_md5_sha1, data, 2433 if (RSA_sign(NID_md5_sha1, data,
2429 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]), 2434 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, signature,
2430 &u, pkey->pkey.rsa) <= 0 ) { 2435 &signature_len, pkey->pkey.rsa) <= 0 ) {
2431 SSLerror(s, ERR_R_RSA_LIB); 2436 SSLerror(s, ERR_R_RSA_LIB);
2432 goto err; 2437 goto err;
2433 } 2438 }
2434 s2n(u, p);
2435 n = u + 2;
2436 } else if (pkey->type == EVP_PKEY_EC) { 2439 } else if (pkey->type == EVP_PKEY_EC) {
2437 if (!ECDSA_sign(pkey->save_type, 2440 if (!ECDSA_sign(pkey->save_type,
2438 &(data[MD5_DIGEST_LENGTH]), 2441 &data[MD5_DIGEST_LENGTH], SHA_DIGEST_LENGTH,
2439 SHA_DIGEST_LENGTH, &(p[2]), 2442 signature, &signature_len, pkey->pkey.ec)) {
2440 (unsigned int *)&j, pkey->pkey.ec)) {
2441 SSLerror(s, ERR_R_ECDSA_LIB); 2443 SSLerror(s, ERR_R_ECDSA_LIB);
2442 goto err; 2444 goto err;
2443 } 2445 }
2444 s2n(j, p);
2445 n = j + 2;
2446#ifndef OPENSSL_NO_GOST 2446#ifndef OPENSSL_NO_GOST
2447 } else if (pkey->type == NID_id_GostR3410_94 || 2447 } else if (pkey->type == NID_id_GostR3410_94 ||
2448 pkey->type == NID_id_GostR3410_2001) { 2448 pkey->type == NID_id_GostR3410_2001) {
2449 unsigned char signbuf[128]; 2449 unsigned char signbuf[128];
2450 long hdatalen = 0; 2450 unsigned int u;
2451 void *hdata;
2452 const EVP_MD *md;
2453 int nid;
2454 size_t sigsize; 2451 size_t sigsize;
2452 int nid;
2455 2453
2456 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); 2454 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
2457 if (hdatalen <= 0) { 2455 if (hdatalen <= 0) {
@@ -2468,38 +2466,47 @@ ssl3_send_client_verify(SSL *s)
2468 !EVP_DigestFinal(&mctx, signbuf, &u) || 2466 !EVP_DigestFinal(&mctx, signbuf, &u) ||
2469 (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) || 2467 (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) ||
2470 (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 2468 (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
2471 EVP_PKEY_CTRL_GOST_SIG_FORMAT, 2469 EVP_PKEY_CTRL_GOST_SIG_FORMAT,
2472 GOST_SIG_FORMAT_RS_LE, 2470 GOST_SIG_FORMAT_RS_LE, NULL) <= 0) ||
2473 NULL) <= 0) || 2471 (EVP_PKEY_sign(pctx, signature, &sigsize,
2474 (EVP_PKEY_sign(pctx, &(p[2]), &sigsize, 2472 signbuf, u) <= 0)) {
2475 signbuf, u) <= 0)) {
2476 SSLerror(s, ERR_R_EVP_LIB); 2473 SSLerror(s, ERR_R_EVP_LIB);
2477 goto err; 2474 goto err;
2478 } 2475 }
2476 if (sigsize > UINT_MAX)
2477 goto err;
2478 signature_len = sigsize;
2479 if (!tls1_digest_cached_records(s)) 2479 if (!tls1_digest_cached_records(s))
2480 goto err; 2480 goto err;
2481 j = sigsize;
2482 s2n(j, p);
2483 n = j + 2;
2484#endif 2481#endif
2485 } else { 2482 } else {
2486 SSLerror(s, ERR_R_INTERNAL_ERROR); 2483 SSLerror(s, ERR_R_INTERNAL_ERROR);
2487 goto err; 2484 goto err;
2488 } 2485 }
2489 2486
2490 S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_B; 2487 if (!CBB_add_u16_length_prefixed(&cert_verify, &cbb_signature))
2488 goto err;
2489 if (!CBB_add_bytes(&cbb_signature, signature, signature_len))
2490 goto err;
2491 2491
2492 ssl3_handshake_msg_finish(s, n); 2492 if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
2493 goto err;
2494
2495 S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_B;
2493 } 2496 }
2494 2497
2495 EVP_MD_CTX_cleanup(&mctx); 2498 EVP_MD_CTX_cleanup(&mctx);
2496 EVP_PKEY_CTX_free(pctx); 2499 EVP_PKEY_CTX_free(pctx);
2500 free(signature);
2497 2501
2498 return (ssl3_handshake_write(s)); 2502 return (ssl3_handshake_write(s));
2499 2503
2500err: 2504 err:
2505 CBB_cleanup(&cbb);
2501 EVP_MD_CTX_cleanup(&mctx); 2506 EVP_MD_CTX_cleanup(&mctx);
2502 EVP_PKEY_CTX_free(pctx); 2507 EVP_PKEY_CTX_free(pctx);
2508 free(signature);
2509
2503 return (-1); 2510 return (-1);
2504} 2511}
2505 2512
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 22:19:19 +0000