| OLD | NEW |
|---|
| (Empty) |
| 1 diff --git android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c | |
| 2 index d6154c5..2b094c9 100644 | |
| 3 --- android-openssl.orig/ssl/s3_clnt.c | |
| 4 +++ android-openssl/ssl/s3_clnt.c | |
| 5 @@ -3022,33 +3022,18 @@ int ssl3_send_client_verify(SSL *s) | |
| 6 unsigned char *p,*d; | |
| 7 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; | |
| 8 EVP_PKEY *pkey; | |
| 9 - EVP_PKEY_CTX *pctx=NULL; | |
| 10 + EVP_PKEY_CTX *pctx = NULL; | |
| 11 EVP_MD_CTX mctx; | |
| 12 - unsigned u=0; | |
| 13 + unsigned signature_length = 0; | |
| 14 unsigned long n; | |
| 15 - int j; | |
| 16 | |
| 17 EVP_MD_CTX_init(&mctx); | |
| 18 | |
| 19 if (s->state == SSL3_ST_CW_CERT_VRFY_A) | |
| 20 { | |
| 21 - d=(unsigned char *)s->init_buf->data; | |
| 22 - p= &(d[4]); | |
| 23 - pkey=s->cert->key->privatekey; | |
| 24 -/* Create context from key and test if sha1 is allowed as digest */ | |
| 25 - pctx = EVP_PKEY_CTX_new(pkey,NULL); | |
| 26 - EVP_PKEY_sign_init(pctx); | |
| 27 - if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0) | |
| 28 - { | |
| 29 - if (TLS1_get_version(s) < TLS1_2_VERSION) | |
| 30 - s->method->ssl3_enc->cert_verify_mac(s, | |
| 31 - NID_sha1, | |
| 32 - &(data[MD5_DIGEST_LENGTH])); | |
| 33 - } | |
| 34 - else | |
| 35 - { | |
| 36 - ERR_clear_error(); | |
| 37 - } | |
| 38 + d = (unsigned char *)s->init_buf->data; | |
| 39 + p = &(d[4]); | |
| 40 + pkey = s->cert->key->privatekey; | |
| 41 /* For TLS v1.2 send signature algorithm and signature | |
| 42 * using agreed digest and cached handshake records. | |
| 43 */ | |
| 44 @@ -3072,14 +3057,15 @@ int ssl3_send_client_verify(SSL *s) | |
| 45 #endif | |
| 46 if (!EVP_SignInit_ex(&mctx, md, NULL) | |
| 47 || !EVP_SignUpdate(&mctx, hdata, hdatalen) | |
| 48 - || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) | |
| 49 + || !EVP_SignFinal(&mctx, p + 2, | |
| 50 + &signature_length, pkey)) | |
| 51 { | |
| 52 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | |
| 53 ERR_R_EVP_LIB); | |
| 54 goto err; | |
| 55 } | |
| 56 - s2n(u,p); | |
| 57 - n = u + 4; | |
| 58 + s2n(signature_length, p); | |
| 59 + n = signature_length + 4; | |
| 60 if (!ssl3_digest_cached_records(s)) | |
| 61 goto err; | |
| 62 } | |
| 63 @@ -3087,78 +3073,80 @@ int ssl3_send_client_verify(SSL *s) | |
| 64 #ifndef OPENSSL_NO_RSA | |
| 65 if (pkey->type == EVP_PKEY_RSA) | |
| 66 { | |
| 67 + s->method->ssl3_enc->cert_verify_mac(s, NID_md5, data); | |
| 68 s->method->ssl3_enc->cert_verify_mac(s, | |
| 69 - NID_md5, | |
| 70 - &(data[0])); | |
| 71 + NID_sha1, &(data[MD5_DIGEST_LENGTH])); | |
| 72 if (RSA_sign(NID_md5_sha1, data, | |
| 73 - MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, | |
| 74 - &(p[2]), &u, pkey->pkey.rsa) <= 0 ) | |
| 75 + MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, | |
| 76 + &(p[2]), &signature_length, pkey->pkey.r
sa) <= 0) | |
| 77 { | |
| 78 - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_L
IB); | |
| 79 + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_
LIB); | |
| 80 goto err; | |
| 81 } | |
| 82 - s2n(u,p); | |
| 83 - n=u+2; | |
| 84 + s2n(signature_length, p); | |
| 85 + n = signature_length + 2; | |
| 86 } | |
| 87 else | |
| 88 #endif | |
| 89 #ifndef OPENSSL_NO_DSA | |
| 90 - if (pkey->type == EVP_PKEY_DSA) | |
| 91 + if (pkey->type == EVP_PKEY_DSA) | |
| 92 { | |
| 93 - if (!DSA_sign(pkey->save_type, | |
| 94 - &(data[MD5_DIGEST_LENGTH]), | |
| 95 - SHA_DIGEST_LENGTH,&(p[2]), | |
| 96 - (unsigned int *)&j,pkey->pkey.dsa)) | |
| 97 + s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data); | |
| 98 + if (!DSA_sign(pkey->save_type, data, | |
| 99 + SHA_DIGEST_LENGTH, &(p[2]), | |
| 100 + &signature_length, pkey->pkey.dsa)) | |
| 101 { | |
| 102 - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_L
IB); | |
| 103 + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_
LIB); | |
| 104 goto err; | |
| 105 } | |
| 106 - s2n(j,p); | |
| 107 - n=j+2; | |
| 108 + s2n(signature_length, p); | |
| 109 + n = signature_length + 2; | |
| 110 } | |
| 111 else | |
| 112 #endif | |
| 113 #ifndef OPENSSL_NO_ECDSA | |
| 114 - if (pkey->type == EVP_PKEY_EC) | |
| 115 + if (pkey->type == EVP_PKEY_EC) | |
| 116 { | |
| 117 - if (!ECDSA_sign(pkey->save_type, | |
| 118 - &(data[MD5_DIGEST_LENGTH]), | |
| 119 - SHA_DIGEST_LENGTH,&(p[2]), | |
| 120 - (unsigned int *)&j,pkey->pkey.ec)) | |
| 121 + s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data); | |
| 122 + if (!ECDSA_sign(pkey->save_type, data, | |
| 123 + SHA_DIGEST_LENGTH, &(p[2]), | |
| 124 + &signature_length, pkey->pkey.ec)) | |
| 125 { | |
| 126 - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | |
| 127 - ERR_R_ECDSA_LIB); | |
| 128 + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_ECDS
A_LIB); | |
| 129 goto err; | |
| 130 } | |
| 131 - s2n(j,p); | |
| 132 - n=j+2; | |
| 133 + s2n(signature_length, p); | |
| 134 + n = signature_length + 2; | |
| 135 } | |
| 136 else | |
| 137 #endif | |
| 138 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_Go
stR3410_2001) | |
| 139 - { | |
| 140 - unsigned char signbuf[64]; | |
| 141 - int i; | |
| 142 - size_t sigsize=64; | |
| 143 - s->method->ssl3_enc->cert_verify_mac(s, | |
| 144 - NID_id_GostR3411_94, | |
| 145 - data); | |
| 146 - if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { | |
| 147 - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | |
| 148 - ERR_R_INTERNAL_ERROR); | |
| 149 - goto err; | |
| 150 - } | |
| 151 - for (i=63,j=0; i>=0; j++, i--) { | |
| 152 - p[2+j]=signbuf[i]; | |
| 153 - } | |
| 154 - s2n(j,p); | |
| 155 - n=j+2; | |
| 156 - } | |
| 157 + { | |
| 158 + unsigned char signbuf[64]; | |
| 159 + int i, j; | |
| 160 + size_t sigsize=64; | |
| 161 + | |
| 162 + s->method->ssl3_enc->cert_verify_mac(s, | |
| 163 + NID_id_GostR3411_94, | |
| 164 + data); | |
| 165 + pctx = EVP_PKEY_CTX_new(pkey, NULL); | |
| 166 + EVP_PKEY_sign_init(pctx); | |
| 167 + if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <=
0) { | |
| 168 + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | |
| 169 + ERR_R_INTERNAL_ERROR); | |
| 170 + goto err; | |
| 171 + } | |
| 172 + for (i=63,j=0; i>=0; j++, i--) { | |
| 173 + p[2+j]=signbuf[i]; | |
| 174 + } | |
| 175 + s2n(j,p); | |
| 176 + n=j+2; | |
| 177 + } | |
| 178 else | |
| 179 - { | |
| 180 + { | |
| 181 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERRO
R); | |
| 182 goto err; | |
| 183 - } | |
| 184 + } | |
| 185 *(d++)=SSL3_MT_CERTIFICATE_VERIFY; | |
| 186 l2n3(n,d); | |
| 187 | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2072073002:
Delete bundled copy of OpenSSL and replace with README. (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/openssl@master