OLD | NEW |
1 /* ssl/s3_clnt.c */ | 1 /* ssl/s3_clnt.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 3004 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3015 EVP_PKEY_free(srvr_pub_pkey); | 3015 EVP_PKEY_free(srvr_pub_pkey); |
3016 #endif | 3016 #endif |
3017 return(-1); | 3017 return(-1); |
3018 } | 3018 } |
3019 | 3019 |
3020 int ssl3_send_client_verify(SSL *s) | 3020 int ssl3_send_client_verify(SSL *s) |
3021 { | 3021 { |
3022 unsigned char *p,*d; | 3022 unsigned char *p,*d; |
3023 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; | 3023 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; |
3024 EVP_PKEY *pkey; | 3024 EVP_PKEY *pkey; |
3025 » EVP_PKEY_CTX *pctx=NULL; | 3025 » EVP_PKEY_CTX *pctx = NULL; |
3026 EVP_MD_CTX mctx; | 3026 EVP_MD_CTX mctx; |
3027 » unsigned u=0; | 3027 » unsigned signature_length = 0; |
3028 unsigned long n; | 3028 unsigned long n; |
3029 int j; | |
3030 | 3029 |
3031 EVP_MD_CTX_init(&mctx); | 3030 EVP_MD_CTX_init(&mctx); |
3032 | 3031 |
3033 if (s->state == SSL3_ST_CW_CERT_VRFY_A) | 3032 if (s->state == SSL3_ST_CW_CERT_VRFY_A) |
3034 { | 3033 { |
3035 » » d=(unsigned char *)s->init_buf->data; | 3034 » » d = (unsigned char *)s->init_buf->data; |
3036 » » p= &(d[4]); | 3035 » » p = &(d[4]); |
3037 » » pkey=s->cert->key->privatekey; | 3036 » » pkey = s->cert->key->privatekey; |
3038 /* Create context from key and test if sha1 is allowed as digest */ | |
3039 » » pctx = EVP_PKEY_CTX_new(pkey,NULL); | |
3040 » » EVP_PKEY_sign_init(pctx); | |
3041 » » if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0) | |
3042 » » » { | |
3043 » » » if (TLS1_get_version(s) < TLS1_2_VERSION) | |
3044 » » » » s->method->ssl3_enc->cert_verify_mac(s, | |
3045 » » » » » » NID_sha1, | |
3046 » » » » » » &(data[MD5_DIGEST_LENGTH])); | |
3047 » » » } | |
3048 » » else | |
3049 » » » { | |
3050 » » » ERR_clear_error(); | |
3051 » » » } | |
3052 /* For TLS v1.2 send signature algorithm and signature | 3037 /* For TLS v1.2 send signature algorithm and signature |
3053 * using agreed digest and cached handshake records. | 3038 * using agreed digest and cached handshake records. |
3054 */ | 3039 */ |
3055 if (TLS1_get_version(s) >= TLS1_2_VERSION) | 3040 if (TLS1_get_version(s) >= TLS1_2_VERSION) |
3056 { | 3041 { |
3057 long hdatalen = 0; | 3042 long hdatalen = 0; |
3058 void *hdata; | 3043 void *hdata; |
3059 const EVP_MD *md = s->cert->key->digest; | 3044 const EVP_MD *md = s->cert->key->digest; |
3060 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, | 3045 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, |
3061 &hdata); | 3046 &hdata); |
3062 if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) | 3047 if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) |
3063 { | 3048 { |
3064 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | 3049 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, |
3065 ERR_R_INTERNAL_ERROR); | 3050 ERR_R_INTERNAL_ERROR); |
3066 goto err; | 3051 goto err; |
3067 } | 3052 } |
3068 p += 2; | 3053 p += 2; |
3069 #ifdef SSL_DEBUG | 3054 #ifdef SSL_DEBUG |
3070 fprintf(stderr, "Using TLS 1.2 with client alg %s\n", | 3055 fprintf(stderr, "Using TLS 1.2 with client alg %s\n", |
3071 EVP_MD_name(md)); | 3056 EVP_MD_name(md)); |
3072 #endif | 3057 #endif |
3073 if (!EVP_SignInit_ex(&mctx, md, NULL) | 3058 if (!EVP_SignInit_ex(&mctx, md, NULL) |
3074 || !EVP_SignUpdate(&mctx, hdata, hdatalen) | 3059 || !EVP_SignUpdate(&mctx, hdata, hdatalen) |
3075 » » » » || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) | 3060 » » » » || !EVP_SignFinal(&mctx, p + 2, |
| 3061 » » » » » &signature_length, pkey)) |
3076 { | 3062 { |
3077 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | 3063 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, |
3078 ERR_R_EVP_LIB); | 3064 ERR_R_EVP_LIB); |
3079 goto err; | 3065 goto err; |
3080 } | 3066 } |
3081 » » » s2n(u,p); | 3067 » » » s2n(signature_length, p); |
3082 » » » n = u + 4; | 3068 » » » n = signature_length + 4; |
3083 if (!ssl3_digest_cached_records(s)) | 3069 if (!ssl3_digest_cached_records(s)) |
3084 goto err; | 3070 goto err; |
3085 } | 3071 } |
3086 else | 3072 else |
3087 #ifndef OPENSSL_NO_RSA | 3073 #ifndef OPENSSL_NO_RSA |
3088 if (pkey->type == EVP_PKEY_RSA) | 3074 if (pkey->type == EVP_PKEY_RSA) |
3089 { | 3075 { |
| 3076 s->method->ssl3_enc->cert_verify_mac(s, NID_md5, data); |
3090 s->method->ssl3_enc->cert_verify_mac(s, | 3077 s->method->ssl3_enc->cert_verify_mac(s, |
3091 » » » » NID_md5, | 3078 » » » » NID_sha1, &(data[MD5_DIGEST_LENGTH])); |
3092 » » » » &(data[0])); | |
3093 if (RSA_sign(NID_md5_sha1, data, | 3079 if (RSA_sign(NID_md5_sha1, data, |
3094 » » » » » MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, | 3080 » » » » » MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, |
3095 » » » » » &(p[2]), &u, pkey->pkey.rsa) <= 0 ) | 3081 » » » » » &(p[2]), &signature_length, pkey->pkey.r
sa) <= 0) |
3096 { | 3082 { |
3097 » » » » SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_L
IB); | 3083 » » » » SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_
LIB); |
3098 goto err; | 3084 goto err; |
3099 } | 3085 } |
3100 » » » s2n(u,p); | 3086 » » » s2n(signature_length, p); |
3101 » » » n=u+2; | 3087 » » » n = signature_length + 2; |
3102 } | 3088 } |
3103 else | 3089 else |
3104 #endif | 3090 #endif |
3105 #ifndef OPENSSL_NO_DSA | 3091 #ifndef OPENSSL_NO_DSA |
3106 » » » if (pkey->type == EVP_PKEY_DSA) | 3092 » » if (pkey->type == EVP_PKEY_DSA) |
3107 { | 3093 { |
3108 » » » if (!DSA_sign(pkey->save_type, | 3094 » » » s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data); |
3109 » » » » &(data[MD5_DIGEST_LENGTH]), | 3095 » » » if (!DSA_sign(pkey->save_type, data, |
3110 » » » » SHA_DIGEST_LENGTH,&(p[2]), | 3096 » » » » » SHA_DIGEST_LENGTH, &(p[2]), |
3111 » » » » (unsigned int *)&j,pkey->pkey.dsa)) | 3097 » » » » » &signature_length, pkey->pkey.dsa)) |
3112 { | 3098 { |
3113 » » » » SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_L
IB); | 3099 » » » » SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_
LIB); |
3114 goto err; | 3100 goto err; |
3115 } | 3101 } |
| 3102 s2n(signature_length, p); |
| 3103 n = signature_length + 2; |
| 3104 } |
| 3105 else |
| 3106 #endif |
| 3107 #ifndef OPENSSL_NO_ECDSA |
| 3108 if (pkey->type == EVP_PKEY_EC) |
| 3109 { |
| 3110 s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data); |
| 3111 if (!ECDSA_sign(pkey->save_type, data, |
| 3112 SHA_DIGEST_LENGTH, &(p[2]), |
| 3113 &signature_length, pkey->pkey.ec)) |
| 3114 { |
| 3115 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_ECDS
A_LIB); |
| 3116 goto err; |
| 3117 } |
| 3118 s2n(signature_length, p); |
| 3119 n = signature_length + 2; |
| 3120 } |
| 3121 else |
| 3122 #endif |
| 3123 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_Go
stR3410_2001) |
| 3124 { |
| 3125 unsigned char signbuf[64]; |
| 3126 int i, j; |
| 3127 size_t sigsize=64; |
| 3128 |
| 3129 s->method->ssl3_enc->cert_verify_mac(s, |
| 3130 NID_id_GostR3411_94, |
| 3131 data); |
| 3132 pctx = EVP_PKEY_CTX_new(pkey, NULL); |
| 3133 EVP_PKEY_sign_init(pctx); |
| 3134 if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <=
0) { |
| 3135 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, |
| 3136 ERR_R_INTERNAL_ERROR); |
| 3137 goto err; |
| 3138 } |
| 3139 for (i=63,j=0; i>=0; j++, i--) { |
| 3140 p[2+j]=signbuf[i]; |
| 3141 } |
3116 s2n(j,p); | 3142 s2n(j,p); |
3117 n=j+2; | 3143 n=j+2; |
3118 } | 3144 } |
3119 else | 3145 else |
3120 #endif | |
3121 #ifndef OPENSSL_NO_ECDSA | |
3122 if (pkey->type == EVP_PKEY_EC) | |
3123 { | 3146 { |
3124 if (!ECDSA_sign(pkey->save_type, | |
3125 &(data[MD5_DIGEST_LENGTH]), | |
3126 SHA_DIGEST_LENGTH,&(p[2]), | |
3127 (unsigned int *)&j,pkey->pkey.ec)) | |
3128 { | |
3129 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | |
3130 ERR_R_ECDSA_LIB); | |
3131 goto err; | |
3132 } | |
3133 s2n(j,p); | |
3134 n=j+2; | |
3135 } | |
3136 else | |
3137 #endif | |
3138 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_Go
stR3410_2001) | |
3139 { | |
3140 unsigned char signbuf[64]; | |
3141 int i; | |
3142 size_t sigsize=64; | |
3143 s->method->ssl3_enc->cert_verify_mac(s, | |
3144 NID_id_GostR3411_94, | |
3145 data); | |
3146 if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { | |
3147 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | |
3148 ERR_R_INTERNAL_ERROR); | |
3149 goto err; | |
3150 } | |
3151 for (i=63,j=0; i>=0; j++, i--) { | |
3152 p[2+j]=signbuf[i]; | |
3153 } | |
3154 s2n(j,p); | |
3155 n=j+2; | |
3156 } | |
3157 else | |
3158 { | |
3159 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERRO
R); | 3147 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERRO
R); |
3160 goto err; | 3148 goto err; |
3161 » » } | 3149 » » » } |
3162 *(d++)=SSL3_MT_CERTIFICATE_VERIFY; | 3150 *(d++)=SSL3_MT_CERTIFICATE_VERIFY; |
3163 l2n3(n,d); | 3151 l2n3(n,d); |
3164 | 3152 |
3165 s->state=SSL3_ST_CW_CERT_VRFY_B; | 3153 s->state=SSL3_ST_CW_CERT_VRFY_B; |
3166 s->init_num=(int)n+4; | 3154 s->init_num=(int)n+4; |
3167 s->init_off=0; | 3155 s->init_off=0; |
3168 } | 3156 } |
3169 EVP_MD_CTX_cleanup(&mctx); | 3157 EVP_MD_CTX_cleanup(&mctx); |
3170 EVP_PKEY_CTX_free(pctx); | 3158 EVP_PKEY_CTX_free(pctx); |
3171 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 3159 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
(...skipping 411 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3583 SSL_get_client_CA_list(s), | 3571 SSL_get_client_CA_list(s), |
3584 px509, ppkey, NULL, NULL, NULL); | 3572 px509, ppkey, NULL, NULL, NULL); |
3585 if (i != 0) | 3573 if (i != 0) |
3586 return i; | 3574 return i; |
3587 } | 3575 } |
3588 #endif | 3576 #endif |
3589 if (s->ctx->client_cert_cb) | 3577 if (s->ctx->client_cert_cb) |
3590 i = s->ctx->client_cert_cb(s,px509,ppkey); | 3578 i = s->ctx->client_cert_cb(s,px509,ppkey); |
3591 return i; | 3579 return i; |
3592 } | 3580 } |
OLD | NEW |