Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(679)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: openssl/ssl/s3_clnt.c

Issue 284693002: Refactor ssl3_send_client_verify. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/openssl.git@master
Patch Set: Attempt to fix base URL. Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « README.chromium ('k') | patches.chromium/0016-send_client_verify_cleanup.patch » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: openssl/ssl/s3_clnt.c
diff --git a/openssl/ssl/s3_clnt.c b/openssl/ssl/s3_clnt.c
index d6154c521d088e37d1c8af3335ccdb6c19e6d7e2..2b094c9901d5cd7ae2ca8233c203e65bafbbf59a 100644
--- a/openssl/ssl/s3_clnt.c
+++ b/openssl/ssl/s3_clnt.c
@@ -3022,33 +3022,18 @@ int ssl3_send_client_verify(SSL *s)
unsigned char *p,*d;
unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
EVP_PKEY *pkey;
- EVP_PKEY_CTX *pctx=NULL;
+ EVP_PKEY_CTX *pctx = NULL;
EVP_MD_CTX mctx;
- unsigned u=0;
+ unsigned signature_length = 0;
unsigned long n;
- int j;
EVP_MD_CTX_init(&mctx);
if (s->state == SSL3_ST_CW_CERT_VRFY_A)
{
- d=(unsigned char *)s->init_buf->data;
- p= &(d[4]);
- pkey=s->cert->key->privatekey;
-/* Create context from key and test if sha1 is allowed as digest */
- pctx = EVP_PKEY_CTX_new(pkey,NULL);
- EVP_PKEY_sign_init(pctx);
- if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0)
- {
- if (TLS1_get_version(s) < TLS1_2_VERSION)
- s->method->ssl3_enc->cert_verify_mac(s,
- NID_sha1,
- &(data[MD5_DIGEST_LENGTH]));
- }
- else
- {
- ERR_clear_error();
- }
+ d = (unsigned char *)s->init_buf->data;
+ p = &(d[4]);
+ pkey = s->cert->key->privatekey;
/* For TLS v1.2 send signature algorithm and signature
* using agreed digest and cached handshake records.
*/
@@ -3072,14 +3057,15 @@ int ssl3_send_client_verify(SSL *s)
#endif
if (!EVP_SignInit_ex(&mctx, md, NULL)
|| !EVP_SignUpdate(&mctx, hdata, hdatalen)
- || !EVP_SignFinal(&mctx, p + 2, &u, pkey))
+ || !EVP_SignFinal(&mctx, p + 2,
+ &signature_length, pkey))
{
SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
ERR_R_EVP_LIB);
goto err;
}
- s2n(u,p);
- n = u + 4;
+ s2n(signature_length, p);
+ n = signature_length + 4;
if (!ssl3_digest_cached_records(s))
goto err;
}
@@ -3087,78 +3073,80 @@ int ssl3_send_client_verify(SSL *s)
#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA)
{
+ s->method->ssl3_enc->cert_verify_mac(s, NID_md5, data);
s->method->ssl3_enc->cert_verify_mac(s,
- NID_md5,
- &(data[0]));
+ NID_sha1, &(data[MD5_DIGEST_LENGTH]));
if (RSA_sign(NID_md5_sha1, data,
- MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
- &(p[2]), &u, pkey->pkey.rsa) <= 0 )
+ MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
+ &(p[2]), &signature_length, pkey->pkey.rsa) <= 0)
{
- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB);
goto err;
}
- s2n(u,p);
- n=u+2;
+ s2n(signature_length, p);
+ n = signature_length + 2;
}
else
#endif
#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
+ if (pkey->type == EVP_PKEY_DSA)
{
- if (!DSA_sign(pkey->save_type,
- &(data[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH,&(p[2]),
- (unsigned int *)&j,pkey->pkey.dsa))
+ s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data);
+ if (!DSA_sign(pkey->save_type, data,
+ SHA_DIGEST_LENGTH, &(p[2]),
+ &signature_length, pkey->pkey.dsa))
{
- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB);
goto err;
}
- s2n(j,p);
- n=j+2;
+ s2n(signature_length, p);
+ n = signature_length + 2;
}
else
#endif
#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_EC)
+ if (pkey->type == EVP_PKEY_EC)
{
- if (!ECDSA_sign(pkey->save_type,
- &(data[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH,&(p[2]),
- (unsigned int *)&j,pkey->pkey.ec))
+ s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data);
+ if (!ECDSA_sign(pkey->save_type, data,
+ SHA_DIGEST_LENGTH, &(p[2]),
+ &signature_length, pkey->pkey.ec))
{
- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
- ERR_R_ECDSA_LIB);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_ECDSA_LIB);
goto err;
}
- s2n(j,p);
- n=j+2;
+ s2n(signature_length, p);
+ n = signature_length + 2;
}
else
#endif
if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001)
- {
- unsigned char signbuf[64];
- int i;
- size_t sigsize=64;
- s->method->ssl3_enc->cert_verify_mac(s,
- NID_id_GostR3411_94,
- data);
- if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
- ERR_R_INTERNAL_ERROR);
- goto err;
- }
- for (i=63,j=0; i>=0; j++, i--) {
- p[2+j]=signbuf[i];
- }
- s2n(j,p);
- n=j+2;
- }
+ {
+ unsigned char signbuf[64];
+ int i, j;
+ size_t sigsize=64;
+
+ s->method->ssl3_enc->cert_verify_mac(s,
+ NID_id_GostR3411_94,
+ data);
+ pctx = EVP_PKEY_CTX_new(pkey, NULL);
+ EVP_PKEY_sign_init(pctx);
+ if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ for (i=63,j=0; i>=0; j++, i--) {
+ p[2+j]=signbuf[i];
+ }
+ s2n(j,p);
+ n=j+2;
+ }
else
- {
+ {
SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
goto err;
- }
+ }
*(d++)=SSL3_MT_CERTIFICATE_VERIFY;
l2n3(n,d);
« no previous file with comments | « README.chromium ('k') | patches.chromium/0016-send_client_verify_cleanup.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698