diff options
author | davidben@chromium.org <davidben@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> | 2014-05-14 16:27:52 +0000 |
---|---|---|
committer | davidben@chromium.org <davidben@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> | 2014-05-14 16:27:52 +0000 |
commit | 3b4db11065e17f93065278faaa5952ab8d0e5c26 (patch) | |
tree | 4b96ca2529f2957adb7acaaa49a151f0492a7fcc | |
parent | af1de6dffdeccfab8cc920fcf3681286490a1459 (diff) | |
download | openssl-3b4db11065e17f93065278faaa5952ab8d0e5c26.tar.gz |
Refactor ssl3_send_client_verify.
The original logic was a confusing spaghetti and mixed up initialization for
all the different cases together. Tidy it up in preparation for having to
adjust this logic later to support asynchronous crypto operations.
BUG=none
R=agl@chromium.org
Review URL: https://codereview.chromium.org//284693002
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@270417 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
-rw-r--r-- | README.chromium | 4 | ||||
-rw-r--r-- | openssl/ssl/s3_clnt.c | 122 | ||||
-rw-r--r-- | patches.chromium/0016-send_client_verify_cleanup.patch | 187 |
3 files changed, 246 insertions, 67 deletions
diff --git a/README.chromium b/README.chromium index 8ffa5ea..4aee197 100644 --- a/README.chromium +++ b/README.chromium @@ -215,6 +215,10 @@ located in patches.chromium/. Currently this consists of: export_certificate_types.patch Export the certificate_types field in CertificateRequest. + send_client_verify_cleanup.patch + Clean up ssl3_send_client_verify so the various cases (TLS 1.2, pre-TLS-1.2 + cases for each cipher suite) are less intertwined. + ************************************************************************** Adding new Chromium patches: diff --git a/openssl/ssl/s3_clnt.c b/openssl/ssl/s3_clnt.c index d6154c5..2b094c9 100644 --- a/openssl/ssl/s3_clnt.c +++ b/openssl/ssl/s3_clnt.c @@ -3022,33 +3022,18 @@ int ssl3_send_client_verify(SSL *s) unsigned char *p,*d; unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; EVP_PKEY *pkey; - EVP_PKEY_CTX *pctx=NULL; + EVP_PKEY_CTX *pctx = NULL; EVP_MD_CTX mctx; - unsigned u=0; + unsigned signature_length = 0; unsigned long n; - int j; EVP_MD_CTX_init(&mctx); if (s->state == SSL3_ST_CW_CERT_VRFY_A) { - d=(unsigned char *)s->init_buf->data; - p= &(d[4]); - pkey=s->cert->key->privatekey; -/* Create context from key and test if sha1 is allowed as digest */ - pctx = EVP_PKEY_CTX_new(pkey,NULL); - EVP_PKEY_sign_init(pctx); - if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0) - { - if (TLS1_get_version(s) < TLS1_2_VERSION) - s->method->ssl3_enc->cert_verify_mac(s, - NID_sha1, - &(data[MD5_DIGEST_LENGTH])); - } - else - { - ERR_clear_error(); - } + d = (unsigned char *)s->init_buf->data; + p = &(d[4]); + pkey = s->cert->key->privatekey; /* For TLS v1.2 send signature algorithm and signature * using agreed digest and cached handshake records. */ @@ -3072,14 +3057,15 @@ int ssl3_send_client_verify(SSL *s) #endif if (!EVP_SignInit_ex(&mctx, md, NULL) || !EVP_SignUpdate(&mctx, hdata, hdatalen) - || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) + || !EVP_SignFinal(&mctx, p + 2, + &signature_length, pkey)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_EVP_LIB); goto err; } - s2n(u,p); - n = u + 4; + s2n(signature_length, p); + n = signature_length + 4; if (!ssl3_digest_cached_records(s)) goto err; } @@ -3087,78 +3073,80 @@ int ssl3_send_client_verify(SSL *s) #ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) { + s->method->ssl3_enc->cert_verify_mac(s, NID_md5, data); s->method->ssl3_enc->cert_verify_mac(s, - NID_md5, - &(data[0])); + NID_sha1, &(data[MD5_DIGEST_LENGTH])); if (RSA_sign(NID_md5_sha1, data, - MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, - &(p[2]), &u, pkey->pkey.rsa) <= 0 ) + MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, + &(p[2]), &signature_length, pkey->pkey.rsa) <= 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB); + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB); goto err; } - s2n(u,p); - n=u+2; + s2n(signature_length, p); + n = signature_length + 2; } else #endif #ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) + if (pkey->type == EVP_PKEY_DSA) { - if (!DSA_sign(pkey->save_type, - &(data[MD5_DIGEST_LENGTH]), - SHA_DIGEST_LENGTH,&(p[2]), - (unsigned int *)&j,pkey->pkey.dsa)) + s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data); + if (!DSA_sign(pkey->save_type, data, + SHA_DIGEST_LENGTH, &(p[2]), + &signature_length, pkey->pkey.dsa)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB); + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB); goto err; } - s2n(j,p); - n=j+2; + s2n(signature_length, p); + n = signature_length + 2; } else #endif #ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_EC) + if (pkey->type == EVP_PKEY_EC) { - if (!ECDSA_sign(pkey->save_type, - &(data[MD5_DIGEST_LENGTH]), - SHA_DIGEST_LENGTH,&(p[2]), - (unsigned int *)&j,pkey->pkey.ec)) + s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data); + if (!ECDSA_sign(pkey->save_type, data, + SHA_DIGEST_LENGTH, &(p[2]), + &signature_length, pkey->pkey.ec)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, - ERR_R_ECDSA_LIB); + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_ECDSA_LIB); goto err; } - s2n(j,p); - n=j+2; + s2n(signature_length, p); + n = signature_length + 2; } else #endif if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) - { - unsigned char signbuf[64]; - int i; - size_t sigsize=64; - s->method->ssl3_enc->cert_verify_mac(s, - NID_id_GostR3411_94, - data); - if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, - ERR_R_INTERNAL_ERROR); - goto err; - } - for (i=63,j=0; i>=0; j++, i--) { - p[2+j]=signbuf[i]; - } - s2n(j,p); - n=j+2; - } + { + unsigned char signbuf[64]; + int i, j; + size_t sigsize=64; + + s->method->ssl3_enc->cert_verify_mac(s, + NID_id_GostR3411_94, + data); + pctx = EVP_PKEY_CTX_new(pkey, NULL); + EVP_PKEY_sign_init(pctx); + if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, + ERR_R_INTERNAL_ERROR); + goto err; + } + for (i=63,j=0; i>=0; j++, i--) { + p[2+j]=signbuf[i]; + } + s2n(j,p); + n=j+2; + } else - { + { SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); goto err; - } + } *(d++)=SSL3_MT_CERTIFICATE_VERIFY; l2n3(n,d); diff --git a/patches.chromium/0016-send_client_verify_cleanup.patch b/patches.chromium/0016-send_client_verify_cleanup.patch new file mode 100644 index 0000000..6f728ed --- /dev/null +++ b/patches.chromium/0016-send_client_verify_cleanup.patch @@ -0,0 +1,187 @@ +diff --git android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c +index d6154c5..2b094c9 100644 +--- android-openssl.orig/ssl/s3_clnt.c ++++ android-openssl/ssl/s3_clnt.c +@@ -3022,33 +3022,18 @@ int ssl3_send_client_verify(SSL *s) + unsigned char *p,*d; + unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; + EVP_PKEY *pkey; +- EVP_PKEY_CTX *pctx=NULL; ++ EVP_PKEY_CTX *pctx = NULL; + EVP_MD_CTX mctx; +- unsigned u=0; ++ unsigned signature_length = 0; + unsigned long n; +- int j; + + EVP_MD_CTX_init(&mctx); + + if (s->state == SSL3_ST_CW_CERT_VRFY_A) + { +- d=(unsigned char *)s->init_buf->data; +- p= &(d[4]); +- pkey=s->cert->key->privatekey; +-/* Create context from key and test if sha1 is allowed as digest */ +- pctx = EVP_PKEY_CTX_new(pkey,NULL); +- EVP_PKEY_sign_init(pctx); +- if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0) +- { +- if (TLS1_get_version(s) < TLS1_2_VERSION) +- s->method->ssl3_enc->cert_verify_mac(s, +- NID_sha1, +- &(data[MD5_DIGEST_LENGTH])); +- } +- else +- { +- ERR_clear_error(); +- } ++ d = (unsigned char *)s->init_buf->data; ++ p = &(d[4]); ++ pkey = s->cert->key->privatekey; + /* For TLS v1.2 send signature algorithm and signature + * using agreed digest and cached handshake records. + */ +@@ -3072,14 +3057,15 @@ int ssl3_send_client_verify(SSL *s) + #endif + if (!EVP_SignInit_ex(&mctx, md, NULL) + || !EVP_SignUpdate(&mctx, hdata, hdatalen) +- || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) ++ || !EVP_SignFinal(&mctx, p + 2, ++ &signature_length, pkey)) + { + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, + ERR_R_EVP_LIB); + goto err; + } +- s2n(u,p); +- n = u + 4; ++ s2n(signature_length, p); ++ n = signature_length + 4; + if (!ssl3_digest_cached_records(s)) + goto err; + } +@@ -3087,78 +3073,80 @@ int ssl3_send_client_verify(SSL *s) + #ifndef OPENSSL_NO_RSA + if (pkey->type == EVP_PKEY_RSA) + { ++ s->method->ssl3_enc->cert_verify_mac(s, NID_md5, data); + s->method->ssl3_enc->cert_verify_mac(s, +- NID_md5, +- &(data[0])); ++ NID_sha1, &(data[MD5_DIGEST_LENGTH])); + if (RSA_sign(NID_md5_sha1, data, +- MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, +- &(p[2]), &u, pkey->pkey.rsa) <= 0 ) ++ MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, ++ &(p[2]), &signature_length, pkey->pkey.rsa) <= 0) + { +- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB); ++ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB); + goto err; + } +- s2n(u,p); +- n=u+2; ++ s2n(signature_length, p); ++ n = signature_length + 2; + } + else + #endif + #ifndef OPENSSL_NO_DSA +- if (pkey->type == EVP_PKEY_DSA) ++ if (pkey->type == EVP_PKEY_DSA) + { +- if (!DSA_sign(pkey->save_type, +- &(data[MD5_DIGEST_LENGTH]), +- SHA_DIGEST_LENGTH,&(p[2]), +- (unsigned int *)&j,pkey->pkey.dsa)) ++ s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data); ++ if (!DSA_sign(pkey->save_type, data, ++ SHA_DIGEST_LENGTH, &(p[2]), ++ &signature_length, pkey->pkey.dsa)) + { +- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB); ++ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB); + goto err; + } +- s2n(j,p); +- n=j+2; ++ s2n(signature_length, p); ++ n = signature_length + 2; + } + else + #endif + #ifndef OPENSSL_NO_ECDSA +- if (pkey->type == EVP_PKEY_EC) ++ if (pkey->type == EVP_PKEY_EC) + { +- if (!ECDSA_sign(pkey->save_type, +- &(data[MD5_DIGEST_LENGTH]), +- SHA_DIGEST_LENGTH,&(p[2]), +- (unsigned int *)&j,pkey->pkey.ec)) ++ s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data); ++ if (!ECDSA_sign(pkey->save_type, data, ++ SHA_DIGEST_LENGTH, &(p[2]), ++ &signature_length, pkey->pkey.ec)) + { +- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, +- ERR_R_ECDSA_LIB); ++ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_ECDSA_LIB); + goto err; + } +- s2n(j,p); +- n=j+2; ++ s2n(signature_length, p); ++ n = signature_length + 2; + } + else + #endif + if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) +- { +- unsigned char signbuf[64]; +- int i; +- size_t sigsize=64; +- s->method->ssl3_enc->cert_verify_mac(s, +- NID_id_GostR3411_94, +- data); +- if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { +- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, +- ERR_R_INTERNAL_ERROR); +- goto err; +- } +- for (i=63,j=0; i>=0; j++, i--) { +- p[2+j]=signbuf[i]; +- } +- s2n(j,p); +- n=j+2; +- } ++ { ++ unsigned char signbuf[64]; ++ int i, j; ++ size_t sigsize=64; ++ ++ s->method->ssl3_enc->cert_verify_mac(s, ++ NID_id_GostR3411_94, ++ data); ++ pctx = EVP_PKEY_CTX_new(pkey, NULL); ++ EVP_PKEY_sign_init(pctx); ++ if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { ++ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ++ ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ for (i=63,j=0; i>=0; j++, i--) { ++ p[2+j]=signbuf[i]; ++ } ++ s2n(j,p); ++ n=j+2; ++ } + else +- { ++ { + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); + goto err; +- } ++ } + *(d++)=SSL3_MT_CERTIFICATE_VERIFY; + l2n3(n,d); + |