mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-04-06 20:20:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

Don't use one shot API for SSLv3.

Browse Source 
SSLv3 (specifically with client auth) cannot use one shot APIs: the digested
data and the master secret are handled in separate update operations. So
in the special case of SSLv3 use the streaming API.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3527)
This commit is contained in:
Dr. Stephen Henson 2017-05-23 12:56:51 +01:00
parent 719b289d62
commit caf2b6b54f
1 changed files with 32 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
ssl/statem/statem_lib.c
View File

@ -264,16 +264,18 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
SSLerr(SSL_F_TLS_CONSTRUCT_CERT_VERIFY, ERR_R_EVP_LIB);
goto err;
}
} else if (s->version == SSL3_VERSION) {
if (!EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
(int)s->session->master_key_length,
s->session->master_key)) {
}
if (s->version == SSL3_VERSION) {
if (EVP_DigestSignUpdate(mctx, hdata, hdatalen) <= 0
|| !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
(int)s->session->master_key_length,
s->session->master_key)
|| EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_CERT_VERIFY, ERR_R_EVP_LIB);
goto err;
}
}
if (EVP_DigestSign(mctx, sig, &siglen, hdata, hdatalen) <= 0) {
} else if (EVP_DigestSign(mctx, sig, &siglen, hdata, hdatalen) <= 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_CERT_VERIFY, ERR_R_EVP_LIB);
goto err;
}
@ -436,23 +438,30 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB);
goto f_err;
}
} else if (s->version == SSL3_VERSION
&& !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
(int)s->session->master_key_length,
s->session->master_key)) {
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB);
goto f_err;
}
j = EVP_DigestVerify(mctx, data, len, hdata, hdatalen);
if (j < 0) {
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB);
goto f_err;
} else if (j == 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_BAD_SIGNATURE);
goto f_err;
if (s->version == SSL3_VERSION) {
if (EVP_DigestVerifyUpdate(mctx, hdata, hdatalen) <= 0
|| !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
(int)s->session->master_key_length,
s->session->master_key)) {
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB);
goto f_err;
}
if (EVP_DigestVerifyFinal(mctx, data, len) <= 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_BAD_SIGNATURE);
goto f_err;
}
} else {
j = EVP_DigestVerify(mctx, data, len, hdata, hdatalen);
if (j < 0) {
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB);
goto f_err;
} else if (j == 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_BAD_SIGNATURE);
goto f_err;
}
}
ret = MSG_PROCESS_CONTINUE_READING;