提交 a0f63828 编写于 作者: D Dr. Stephen Henson

Use EVP_md5_sha1() to generate client verify

Reviewed-by: NTim Hudson <tjh@openssl.org>
上级 396d5fd0
...@@ -2069,6 +2069,7 @@ __owur unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, ...@@ -2069,6 +2069,7 @@ __owur unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
__owur unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, __owur unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
unsigned char *limit, int *al); unsigned char *limit, int *al);
__owur int ssl_parse_clienthello_tlsext(SSL *s, PACKET *pkt); __owur int ssl_parse_clienthello_tlsext(SSL *s, PACKET *pkt);
void ssl_set_default_md(SSL *s);
__owur int tls1_set_server_sigalgs(SSL *s); __owur int tls1_set_server_sigalgs(SSL *s);
__owur int ssl_check_clienthello_tlsext_late(SSL *s); __owur int ssl_check_clienthello_tlsext_late(SSL *s);
__owur int ssl_parse_serverhello_tlsext(SSL *s, PACKET *pkt); __owur int ssl_parse_serverhello_tlsext(SSL *s, PACKET *pkt);
......
...@@ -1361,15 +1361,6 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) ...@@ -1361,15 +1361,6 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
goto f_err; goto f_err;
} }
s->s3->tmp.new_cipher = c; s->s3->tmp.new_cipher = c;
/*
* Don't digest cached records if no sigalgs: we may need them for client
* authentication.
*/
if (!(SSL_USE_SIGALGS(s)
|| (s->s3->tmp.new_cipher->algorithm_auth
& (SSL_aGOST12|SSL_aGOST01)))
&& !ssl3_digest_cached_records(s, 0))
goto f_err;
/* lets get the compression algorithm */ /* lets get the compression algorithm */
/* COMPRESSION */ /* COMPRESSION */
if (!PACKET_get_1(pkt, &compression)) { if (!PACKET_get_1(pkt, &compression)) {
...@@ -2075,6 +2066,8 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) ...@@ -2075,6 +2066,8 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
} else {
ssl_set_default_md(s);
} }
/* get the CA RDNs */ /* get the CA RDNs */
...@@ -2967,167 +2960,71 @@ int tls_client_key_exchange_post_work(SSL *s) ...@@ -2967,167 +2960,71 @@ int tls_client_key_exchange_post_work(SSL *s)
int tls_construct_client_verify(SSL *s) int tls_construct_client_verify(SSL *s)
{ {
unsigned char *p; unsigned char *p;
unsigned char data[EVP_MAX_MD_SIZE]; /* GOST R 34.11-2012-256*/
EVP_PKEY *pkey; EVP_PKEY *pkey;
EVP_PKEY_CTX *pctx = NULL; const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys];
EVP_MD_CTX mctx; EVP_MD_CTX mctx;
unsigned u = 0; unsigned u = 0;
unsigned long n; unsigned long n;
int j; long hdatalen = 0;
void *hdata;
EVP_MD_CTX_init(&mctx); EVP_MD_CTX_init(&mctx);
p = ssl_handshake_start(s); p = ssl_handshake_start(s);
pkey = s->cert->key->privatekey; pkey = s->cert->key->privatekey;
/* Create context from key and test if sha1 is allowed as digest */
pctx = EVP_PKEY_CTX_new(pkey, NULL); hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
if (pctx == NULL) { if (hdatalen <= 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_PKEY_sign_init(pctx) <= 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) { if (SSL_USE_SIGALGS(s)) {
if (!SSL_USE_SIGALGS(s)) if (!tls12_get_sigandhash(p, pkey, md)) {
s->method->ssl3_enc->cert_verify_mac(s,
NID_sha1,
&(data
[MD5_DIGEST_LENGTH]));
} else {
ERR_clear_error();
}
/*
* For TLS v1.2 send signature algorithm and signature using agreed
* digest and cached handshake records.
*/
if (SSL_USE_SIGALGS(s) || pkey->type == NID_id_GostR3410_2001
|| pkey->type == NID_id_GostR3410_2012_256
|| pkey->type == NID_id_GostR3410_2012_512) {
long hdatalen = 0;
void *hdata;
const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys];
hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
if (!SSL_USE_SIGALGS(s)) {
int dgst_nid;
if (EVP_PKEY_get_default_digest_nid(pkey, &dgst_nid) <= 0
|| (md = EVP_get_digestbynid(dgst_nid)) == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
}
}
if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
if (SSL_USE_SIGALGS(s) ) { p += 2;
p += 2; }
}
#ifdef SSL_DEBUG #ifdef SSL_DEBUG
fprintf(stderr, "Using TLS 1.2 with client alg %s\n", fprintf(stderr, "Using client alg %s\n", EVP_MD_name(md));
EVP_MD_name(md)); #endif
#endif if (!EVP_SignInit_ex(&mctx, md, NULL)
if (!EVP_SignInit_ex(&mctx, md, NULL) || !EVP_SignUpdate(&mctx, hdata, hdatalen)
|| !EVP_SignUpdate(&mctx, hdata, hdatalen) || (s->version == SSL3_VERSION
|| !EVP_SignFinal(&mctx, p + 2, &u, pkey)) { && !EVP_MD_CTX_ctrl(&mctx, EVP_CTRL_SSL3_MASTER_SECRET,
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_EVP_LIB); s->session->master_key_length,
goto err; s->session->master_key))
} || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) {
if (pkey->type == NID_id_GostR3410_2001 SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_EVP_LIB);
|| pkey->type == NID_id_GostR3410_2012_256 goto err;
|| pkey->type == NID_id_GostR3410_2012_512) { }
unsigned int i, k;
for (i = u - 1, k = 0; k < u/2; k++, i--) {
char c = p[2 + k];
p[2 + k] = p[2 + i];
p[2 + i] = c;
}
}
s2n(u, p);
n = u + 2;
if (SSL_USE_SIGALGS(s))
n += 2;
/* Digest cached records and discard handshake buffer */
if (!ssl3_digest_cached_records(s, 0))
goto err;
} else
#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA) {
s->method->ssl3_enc->cert_verify_mac(s, NID_md5, &(data[0]));
if (RSA_sign(NID_md5_sha1, data,
MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
&(p[2]), &u, pkey->pkey.rsa) <= 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_RSA_LIB);
goto err;
}
s2n(u, p);
n = u + 2;
} else
#endif
#ifndef OPENSSL_NO_DSA
if (pkey->type == EVP_PKEY_DSA) {
if (!DSA_sign(pkey->save_type,
&(data[MD5_DIGEST_LENGTH]),
SHA_DIGEST_LENGTH, &(p[2]),
(unsigned int *)&j, pkey->pkey.dsa)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_DSA_LIB);
goto err;
}
s2n(j, p);
n = j + 2;
} else
#endif
#ifndef OPENSSL_NO_EC
if (pkey->type == EVP_PKEY_EC) {
if (!ECDSA_sign(pkey->save_type,
&(data[MD5_DIGEST_LENGTH]),
SHA_DIGEST_LENGTH, &(p[2]),
(unsigned int *)&j, pkey->pkey.ec)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_ECDSA_LIB);
goto err;
}
s2n(j, p);
n = j + 2;
} else
#endif
if (pkey->type == NID_id_GostR3410_2001 if (pkey->type == NID_id_GostR3410_2001
|| pkey->type == NID_id_GostR3410_2012_256 || pkey->type == NID_id_GostR3410_2012_256
|| pkey->type == NID_id_GostR3410_2012_512) { || pkey->type == NID_id_GostR3410_2012_512) {
unsigned char signbuf[128]; unsigned int i, k;
int i; for (i = u - 1, k = 0; k < u/2; k++, i--) {
size_t sigsize = char c = p[2 + k];
(pkey->type == NID_id_GostR3410_2012_512) ? 128 : 64; p[2 + k] = p[2 + i];
int dgst_nid = NID_undef; p[2 + i] = c;
EVP_PKEY_get_default_digest_nid(pkey, &dgst_nid);
s->method->ssl3_enc->cert_verify_mac(s, dgst_nid, data);
if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data,
EVP_MD_size(EVP_get_digestbynid(dgst_nid))) <= 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
} }
for (i = sigsize - 1, j = 0; i >= 0; j++, i--) {
p[2 + j] = signbuf[i];
}
s2n(j, p);
n = j + 2;
} else {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
} }
s2n(u, p);
n = u + 2;
if (SSL_USE_SIGALGS(s))
n += 2;
/* Digest cached records and discard handshake buffer */
if (!ssl3_digest_cached_records(s, 0))
goto err;
if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_VERIFY, n)) { if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_VERIFY, n)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
EVP_MD_CTX_cleanup(&mctx); EVP_MD_CTX_cleanup(&mctx);
EVP_PKEY_CTX_free(pctx);
return 1; return 1;
err: err:
EVP_MD_CTX_cleanup(&mctx); EVP_MD_CTX_cleanup(&mctx);
EVP_PKEY_CTX_free(pctx);
return 0; return 0;
} }
......
...@@ -2705,7 +2705,7 @@ static int ssl_check_clienthello_tlsext_early(SSL *s) ...@@ -2705,7 +2705,7 @@ static int ssl_check_clienthello_tlsext_early(SSL *s)
} }
} }
/* Initialise digests to default values */ /* Initialise digests to default values */
static void ssl_set_default_md(SSL *s) void ssl_set_default_md(SSL *s)
{ {
const EVP_MD **pmd = s->s3->tmp.md; const EVP_MD **pmd = s->s3->tmp.md;
#ifndef OPENSSL_NO_DSA #ifndef OPENSSL_NO_DSA
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册