diff options
Diffstat (limited to 'src/lib/libssl/ssl_clnt.c')
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 262e09fe5e..2174e3a83d 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.59 2019/03/25 16:35:48 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.60 2019/03/25 17:21:18 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1512,7 +1512,7 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1512 | if (!CBS_get_u16(&cbs, &sigalg_value)) | 1512 | if (!CBS_get_u16(&cbs, &sigalg_value)) |
| 1513 | goto truncated; | 1513 | goto truncated; |
| 1514 | if ((sigalg = ssl_sigalg(sigalg_value, tls12_sigalgs, | 1514 | if ((sigalg = ssl_sigalg(sigalg_value, tls12_sigalgs, |
| 1515 | tls12_sigalgs_len)) == NULL) { | 1515 | tls12_sigalgs_len)) == NULL) { |
| 1516 | SSLerror(s, SSL_R_UNKNOWN_DIGEST); | 1516 | SSLerror(s, SSL_R_UNKNOWN_DIGEST); |
| 1517 | al = SSL_AD_DECODE_ERROR; | 1517 | al = SSL_AD_DECODE_ERROR; |
| 1518 | goto f_err; | 1518 | goto f_err; |
| @@ -1522,7 +1522,7 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1522 | al = SSL_AD_DECODE_ERROR; | 1522 | al = SSL_AD_DECODE_ERROR; |
| 1523 | goto f_err; | 1523 | goto f_err; |
| 1524 | } | 1524 | } |
| 1525 | if (!ssl_sigalg_pkey_ok(sigalg, pkey)) { | 1525 | if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) { |
| 1526 | SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); | 1526 | SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); |
| 1527 | al = SSL_AD_DECODE_ERROR; | 1527 | al = SSL_AD_DECODE_ERROR; |
| 1528 | goto f_err; | 1528 | goto f_err; |
| @@ -1671,21 +1671,19 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1671 | SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); | 1671 | SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); |
| 1672 | goto err; | 1672 | goto err; |
| 1673 | } | 1673 | } |
| 1674 | |||
| 1675 | /* Check we have enough room for signature algorithms and | ||
| 1676 | * following length value. | ||
| 1677 | */ | ||
| 1678 | if (!CBS_get_u16_length_prefixed(&cert_request, &sigalgs)) { | 1674 | if (!CBS_get_u16_length_prefixed(&cert_request, &sigalgs)) { |
| 1679 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | 1675 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); |
| 1680 | SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); | 1676 | SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); |
| 1681 | goto err; | 1677 | goto err; |
| 1682 | } | 1678 | } |
| 1683 | if (!tls1_process_sigalgs(s, &sigalgs, tls12_sigalgs, | 1679 | if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64) { |
| 1684 | tls12_sigalgs_len)) { | ||
| 1685 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | 1680 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); |
| 1686 | SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); | 1681 | SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); |
| 1687 | goto err; | 1682 | goto err; |
| 1688 | } | 1683 | } |
| 1684 | if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs, | ||
| 1685 | &S3I(s)->hs.sigalgs_len)) | ||
| 1686 | goto err; | ||
| 1689 | } | 1687 | } |
| 1690 | 1688 | ||
| 1691 | /* get the CA RDNs */ | 1689 | /* get the CA RDNs */ |
| @@ -2372,6 +2370,7 @@ err: | |||
| 2372 | static int | 2370 | static int |
| 2373 | ssl3_send_client_verify_sigalgs(SSL *s, CBB *cert_verify) | 2371 | ssl3_send_client_verify_sigalgs(SSL *s, CBB *cert_verify) |
| 2374 | { | 2372 | { |
| 2373 | const struct ssl_sigalg *sigalg; | ||
| 2375 | CBB cbb_signature; | 2374 | CBB cbb_signature; |
| 2376 | EVP_PKEY_CTX *pctx = NULL; | 2375 | EVP_PKEY_CTX *pctx = NULL; |
| 2377 | EVP_PKEY *pkey; | 2376 | EVP_PKEY *pkey; |
| @@ -2387,10 +2386,17 @@ ssl3_send_client_verify_sigalgs(SSL *s, CBB *cert_verify) | |||
| 2387 | EVP_MD_CTX_init(&mctx); | 2386 | EVP_MD_CTX_init(&mctx); |
| 2388 | 2387 | ||
| 2389 | pkey = s->cert->key->privatekey; | 2388 | pkey = s->cert->key->privatekey; |
| 2390 | md = s->cert->key->sigalg->md(); | 2389 | if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) { |
| 2390 | SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); | ||
| 2391 | goto err; | ||
| 2392 | } | ||
| 2393 | if ((md = sigalg->md()) == NULL) { | ||
| 2394 | SSLerror(s, SSL_R_UNKNOWN_DIGEST); | ||
| 2395 | goto err; | ||
| 2396 | } | ||
| 2391 | 2397 | ||
| 2392 | if (!tls1_transcript_data(s, &hdata, &hdatalen) || | 2398 | if (!tls1_transcript_data(s, &hdata, &hdatalen) || |
| 2393 | !CBB_add_u16(cert_verify, s->cert->key->sigalg->value)) { | 2399 | !CBB_add_u16(cert_verify, sigalg->value)) { |
| 2394 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 2400 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 2395 | goto err; | 2401 | goto err; |
| 2396 | } | 2402 | } |
| @@ -2398,7 +2404,7 @@ ssl3_send_client_verify_sigalgs(SSL *s, CBB *cert_verify) | |||
| 2398 | SSLerror(s, ERR_R_EVP_LIB); | 2404 | SSLerror(s, ERR_R_EVP_LIB); |
| 2399 | goto err; | 2405 | goto err; |
| 2400 | } | 2406 | } |
| 2401 | if ((s->cert->key->sigalg->flags & SIGALG_FLAG_RSA_PSS) && | 2407 | if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && |
| 2402 | (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) || | 2408 | (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) || |
| 2403 | !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) { | 2409 | !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) { |
| 2404 | SSLerror(s, ERR_R_EVP_LIB); | 2410 | SSLerror(s, ERR_R_EVP_LIB); |