| OLD | NEW |
|---|
| 1 /* ssl/s3_clnt.c */ | 1 /* ssl/s3_clnt.c */ |
| 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 * All rights reserved. | 3 * All rights reserved. |
| 4 * | 4 * |
| 5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
| 6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
| 7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
| 8 * | 8 * |
| 9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
| 10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
| (...skipping 3004 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3015 EVP_PKEY_free(srvr_pub_pkey); | 3015 EVP_PKEY_free(srvr_pub_pkey); |
| 3016 #endif | 3016 #endif |
| 3017 return(-1); | 3017 return(-1); |
| 3018 } | 3018 } |
| 3019 | 3019 |
| 3020 int ssl3_send_client_verify(SSL *s) | 3020 int ssl3_send_client_verify(SSL *s) |
| 3021 { | 3021 { |
| 3022 unsigned char *p,*d; | 3022 unsigned char *p,*d; |
| 3023 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; | 3023 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; |
| 3024 EVP_PKEY *pkey; | 3024 EVP_PKEY *pkey; |
| 3025 » EVP_PKEY_CTX *pctx=NULL; | 3025 » EVP_PKEY_CTX *pctx = NULL; |
| 3026 EVP_MD_CTX mctx; | 3026 EVP_MD_CTX mctx; |
| 3027 » unsigned u=0; | 3027 » unsigned signature_length = 0; |
| 3028 unsigned long n; | 3028 unsigned long n; |
| 3029 int j; | |
| 3030 | 3029 |
| 3031 EVP_MD_CTX_init(&mctx); | 3030 EVP_MD_CTX_init(&mctx); |
| 3032 | 3031 |
| 3033 if (s->state == SSL3_ST_CW_CERT_VRFY_A) | 3032 if (s->state == SSL3_ST_CW_CERT_VRFY_A) |
| 3034 { | 3033 { |
| 3035 » » d=(unsigned char *)s->init_buf->data; | 3034 » » d = (unsigned char *)s->init_buf->data; |
| 3036 » » p= &(d[4]); | 3035 » » p = &(d[4]); |
| 3037 » » pkey=s->cert->key->privatekey; | 3036 » » pkey = s->cert->key->privatekey; |
| 3038 /* Create context from key and test if sha1 is allowed as digest */ | |
| 3039 » » pctx = EVP_PKEY_CTX_new(pkey,NULL); | |
| 3040 » » EVP_PKEY_sign_init(pctx); | |
| 3041 » » if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0) | |
| 3042 » » » { | |
| 3043 » » » if (TLS1_get_version(s) < TLS1_2_VERSION) | |
| 3044 » » » » s->method->ssl3_enc->cert_verify_mac(s, | |
| 3045 » » » » » » NID_sha1, | |
| 3046 » » » » » » &(data[MD5_DIGEST_LENGTH])); | |
| 3047 » » » } | |
| 3048 » » else | |
| 3049 » » » { | |
| 3050 » » » ERR_clear_error(); | |
| 3051 » » » } | |
| 3052 /* For TLS v1.2 send signature algorithm and signature | 3037 /* For TLS v1.2 send signature algorithm and signature |
| 3053 * using agreed digest and cached handshake records. | 3038 * using agreed digest and cached handshake records. |
| 3054 */ | 3039 */ |
| 3055 if (TLS1_get_version(s) >= TLS1_2_VERSION) | 3040 if (TLS1_get_version(s) >= TLS1_2_VERSION) |
| 3056 { | 3041 { |
| 3057 long hdatalen = 0; | 3042 long hdatalen = 0; |
| 3058 void *hdata; | 3043 void *hdata; |
| 3059 const EVP_MD *md = s->cert->key->digest; | 3044 const EVP_MD *md = s->cert->key->digest; |
| 3060 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, | 3045 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, |
| 3061 &hdata); | 3046 &hdata); |
| 3062 if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) | 3047 if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) |
| 3063 { | 3048 { |
| 3064 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | 3049 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, |
| 3065 ERR_R_INTERNAL_ERROR); | 3050 ERR_R_INTERNAL_ERROR); |
| 3066 goto err; | 3051 goto err; |
| 3067 } | 3052 } |
| 3068 p += 2; | 3053 p += 2; |
| 3069 #ifdef SSL_DEBUG | 3054 #ifdef SSL_DEBUG |
| 3070 fprintf(stderr, "Using TLS 1.2 with client alg %s\n", | 3055 fprintf(stderr, "Using TLS 1.2 with client alg %s\n", |
| 3071 EVP_MD_name(md)); | 3056 EVP_MD_name(md)); |
| 3072 #endif | 3057 #endif |
| 3073 if (!EVP_SignInit_ex(&mctx, md, NULL) | 3058 if (!EVP_SignInit_ex(&mctx, md, NULL) |
| 3074 || !EVP_SignUpdate(&mctx, hdata, hdatalen) | 3059 || !EVP_SignUpdate(&mctx, hdata, hdatalen) |
| 3075 » » » » || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) | 3060 » » » » || !EVP_SignFinal(&mctx, p + 2, |
| 3061 » » » » » &signature_length, pkey)) |
| 3076 { | 3062 { |
| 3077 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | 3063 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, |
| 3078 ERR_R_EVP_LIB); | 3064 ERR_R_EVP_LIB); |
| 3079 goto err; | 3065 goto err; |
| 3080 } | 3066 } |
| 3081 » » » s2n(u,p); | 3067 » » » s2n(signature_length, p); |
| 3082 » » » n = u + 4; | 3068 » » » n = signature_length + 4; |
| 3083 if (!ssl3_digest_cached_records(s)) | 3069 if (!ssl3_digest_cached_records(s)) |
| 3084 goto err; | 3070 goto err; |
| 3085 } | 3071 } |
| 3086 else | 3072 else |
| 3087 #ifndef OPENSSL_NO_RSA | 3073 #ifndef OPENSSL_NO_RSA |
| 3088 if (pkey->type == EVP_PKEY_RSA) | 3074 if (pkey->type == EVP_PKEY_RSA) |
| 3089 { | 3075 { |
| 3076 s->method->ssl3_enc->cert_verify_mac(s, NID_md5, data); |
| 3090 s->method->ssl3_enc->cert_verify_mac(s, | 3077 s->method->ssl3_enc->cert_verify_mac(s, |
| 3091 » » » » NID_md5, | 3078 » » » » NID_sha1, &(data[MD5_DIGEST_LENGTH])); |
| 3092 » » » » &(data[0])); | |
| 3093 if (RSA_sign(NID_md5_sha1, data, | 3079 if (RSA_sign(NID_md5_sha1, data, |
| 3094 » » » » » MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, | 3080 » » » » » MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, |
| 3095 » » » » » &(p[2]), &u, pkey->pkey.rsa) <= 0 ) | 3081 » » » » » &(p[2]), &signature_length, pkey->pkey.r
sa) <= 0) |
| 3096 { | 3082 { |
| 3097 » » » » SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_L
IB); | 3083 » » » » SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_
LIB); |
| 3098 goto err; | 3084 goto err; |
| 3099 } | 3085 } |
| 3100 » » » s2n(u,p); | 3086 » » » s2n(signature_length, p); |
| 3101 » » » n=u+2; | 3087 » » » n = signature_length + 2; |
| 3102 } | 3088 } |
| 3103 else | 3089 else |
| 3104 #endif | 3090 #endif |
| 3105 #ifndef OPENSSL_NO_DSA | 3091 #ifndef OPENSSL_NO_DSA |
| 3106 » » » if (pkey->type == EVP_PKEY_DSA) | 3092 » » if (pkey->type == EVP_PKEY_DSA) |
| 3107 { | 3093 { |
| 3108 » » » if (!DSA_sign(pkey->save_type, | 3094 » » » s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data); |
| 3109 » » » » &(data[MD5_DIGEST_LENGTH]), | 3095 » » » if (!DSA_sign(pkey->save_type, data, |
| 3110 » » » » SHA_DIGEST_LENGTH,&(p[2]), | 3096 » » » » » SHA_DIGEST_LENGTH, &(p[2]), |
| 3111 » » » » (unsigned int *)&j,pkey->pkey.dsa)) | 3097 » » » » » &signature_length, pkey->pkey.dsa)) |
| 3112 { | 3098 { |
| 3113 » » » » SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_L
IB); | 3099 » » » » SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_
LIB); |
| 3114 goto err; | 3100 goto err; |
| 3115 } | 3101 } |
| 3102 s2n(signature_length, p); |
| 3103 n = signature_length + 2; |
| 3104 } |
| 3105 else |
| 3106 #endif |
| 3107 #ifndef OPENSSL_NO_ECDSA |
| 3108 if (pkey->type == EVP_PKEY_EC) |
| 3109 { |
| 3110 s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data); |
| 3111 if (!ECDSA_sign(pkey->save_type, data, |
| 3112 SHA_DIGEST_LENGTH, &(p[2]), |
| 3113 &signature_length, pkey->pkey.ec)) |
| 3114 { |
| 3115 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_ECDS
A_LIB); |
| 3116 goto err; |
| 3117 } |
| 3118 s2n(signature_length, p); |
| 3119 n = signature_length + 2; |
| 3120 } |
| 3121 else |
| 3122 #endif |
| 3123 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_Go
stR3410_2001) |
| 3124 { |
| 3125 unsigned char signbuf[64]; |
| 3126 int i, j; |
| 3127 size_t sigsize=64; |
| 3128 |
| 3129 s->method->ssl3_enc->cert_verify_mac(s, |
| 3130 NID_id_GostR3411_94, |
| 3131 data); |
| 3132 pctx = EVP_PKEY_CTX_new(pkey, NULL); |
| 3133 EVP_PKEY_sign_init(pctx); |
| 3134 if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <=
0) { |
| 3135 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, |
| 3136 ERR_R_INTERNAL_ERROR); |
| 3137 goto err; |
| 3138 } |
| 3139 for (i=63,j=0; i>=0; j++, i--) { |
| 3140 p[2+j]=signbuf[i]; |
| 3141 } |
| 3116 s2n(j,p); | 3142 s2n(j,p); |
| 3117 n=j+2; | 3143 n=j+2; |
| 3118 } | 3144 } |
| 3119 else | 3145 else |
| 3120 #endif | |
| 3121 #ifndef OPENSSL_NO_ECDSA | |
| 3122 if (pkey->type == EVP_PKEY_EC) | |
| 3123 { | 3146 { |
| 3124 if (!ECDSA_sign(pkey->save_type, | |
| 3125 &(data[MD5_DIGEST_LENGTH]), | |
| 3126 SHA_DIGEST_LENGTH,&(p[2]), | |
| 3127 (unsigned int *)&j,pkey->pkey.ec)) | |
| 3128 { | |
| 3129 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | |
| 3130 ERR_R_ECDSA_LIB); | |
| 3131 goto err; | |
| 3132 } | |
| 3133 s2n(j,p); | |
| 3134 n=j+2; | |
| 3135 } | |
| 3136 else | |
| 3137 #endif | |
| 3138 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_Go
stR3410_2001) | |
| 3139 { | |
| 3140 unsigned char signbuf[64]; | |
| 3141 int i; | |
| 3142 size_t sigsize=64; | |
| 3143 s->method->ssl3_enc->cert_verify_mac(s, | |
| 3144 NID_id_GostR3411_94, | |
| 3145 data); | |
| 3146 if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { | |
| 3147 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | |
| 3148 ERR_R_INTERNAL_ERROR); | |
| 3149 goto err; | |
| 3150 } | |
| 3151 for (i=63,j=0; i>=0; j++, i--) { | |
| 3152 p[2+j]=signbuf[i]; | |
| 3153 } | |
| 3154 s2n(j,p); | |
| 3155 n=j+2; | |
| 3156 } | |
| 3157 else | |
| 3158 { | |
| 3159 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERRO
R); | 3147 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERRO
R); |
| 3160 goto err; | 3148 goto err; |
| 3161 » » } | 3149 » » » } |
| 3162 *(d++)=SSL3_MT_CERTIFICATE_VERIFY; | 3150 *(d++)=SSL3_MT_CERTIFICATE_VERIFY; |
| 3163 l2n3(n,d); | 3151 l2n3(n,d); |
| 3164 | 3152 |
| 3165 s->state=SSL3_ST_CW_CERT_VRFY_B; | 3153 s->state=SSL3_ST_CW_CERT_VRFY_B; |
| 3166 s->init_num=(int)n+4; | 3154 s->init_num=(int)n+4; |
| 3167 s->init_off=0; | 3155 s->init_off=0; |
| 3168 } | 3156 } |
| 3169 EVP_MD_CTX_cleanup(&mctx); | 3157 EVP_MD_CTX_cleanup(&mctx); |
| 3170 EVP_PKEY_CTX_free(pctx); | 3158 EVP_PKEY_CTX_free(pctx); |
| 3171 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 3159 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| (...skipping 411 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3583 SSL_get_client_CA_list(s), | 3571 SSL_get_client_CA_list(s), |
| 3584 px509, ppkey, NULL, NULL, NULL); | 3572 px509, ppkey, NULL, NULL, NULL); |
| 3585 if (i != 0) | 3573 if (i != 0) |
| 3586 return i; | 3574 return i; |
| 3587 } | 3575 } |
| 3588 #endif | 3576 #endif |
| 3589 if (s->ctx->client_cert_cb) | 3577 if (s->ctx->client_cert_cb) |
| 3590 i = s->ctx->client_cert_cb(s,px509,ppkey); | 3578 i = s->ctx->client_cert_cb(s,px509,ppkey); |
| 3591 return i; | 3579 return i; |
| 3592 } | 3580 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 284693002:
Refactor ssl3_send_client_verify. (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/openssl.git@master