[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Rich Salz rsalz at openssl.org
Fri Jun 9 16:42:51 UTC 2017


The branch OpenSSL_1_1_0-stable has been updated
       via  a892766934c8e1b9de5645c526716efe4b14a133 (commit)
      from  998636b80c799fdb7649a6c5e0a4da1ba9bf88ae (commit)


- Log -----------------------------------------------------------------
commit a892766934c8e1b9de5645c526716efe4b14a133
Author: Rich Salz <rsalz at openssl.org>
Date:   Fri Jun 9 12:26:30 2017 -0400

    fix broken implementations of GOST ciphersuites
    
    removed the unnecessary upper bracket
    add !SSL_USE_SIGALGS to check for broken implementations of GOST
    client signature (signature without length field)
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3588)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem_srvr.c | 83 +++++++++++++++++++++++++-----------------------
 1 file changed, 43 insertions(+), 40 deletions(-)

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index ce7bb33..c7cd9eb 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2692,53 +2692,56 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
         goto f_err;
     }
 
+    if (SSL_USE_SIGALGS(s)) {
+        int rv;
+
+        if (!PACKET_get_bytes(pkt, &sig, 2)) {
+            al = SSL_AD_DECODE_ERROR;
+            goto f_err;
+        }
+        rv = tls12_check_peer_sigalg(&md, s, sig, pkey);
+        if (rv == -1) {
+            al = SSL_AD_INTERNAL_ERROR;
+            goto f_err;
+        } else if (rv == 0) {
+            al = SSL_AD_DECODE_ERROR;
+            goto f_err;
+        }
+#ifdef SSL_DEBUG
+        fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
+#endif
+    } else {
+        /* Use default digest for this key type */
+        int idx = ssl_cert_type(NULL, pkey);
+        if (idx >= 0)
+            md = s->s3->tmp.md[idx];
+        if (md == NULL) {
+            al = SSL_AD_INTERNAL_ERROR;
+            goto f_err;
+        }
+    }
+
     /* Check for broken implementations of GOST ciphersuites */
     /*
-     * If key is GOST and n is exactly 64, it is bare signature without
-     * length field (CryptoPro implementations at least till CSP 4.0)
+     * If key is GOST and len is exactly 64 or 128, it is signature without
+     * length field (CryptoPro implementations at least till TLS 1.2)
      */
 #ifndef OPENSSL_NO_GOST
-    if (PACKET_remaining(pkt) == 64
-        && EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) {
-        len = 64;
+    if (!SSL_USE_SIGALGS(s)
+        && ((PACKET_remaining(pkt) == 64
+             && (EVP_PKEY_id(pkey) == NID_id_GostR3410_2001
+                 || EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_256))
+            || (PACKET_remaining(pkt) == 128
+                && EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_512))) {
+        len = PACKET_remaining(pkt);
     } else
 #endif
-    {
-        if (SSL_USE_SIGALGS(s)) {
-            int rv;
-
-            if (!PACKET_get_bytes(pkt, &sig, 2)) {
-                al = SSL_AD_DECODE_ERROR;
-                goto f_err;
-            }
-            rv = tls12_check_peer_sigalg(&md, s, sig, pkey);
-            if (rv == -1) {
-                al = SSL_AD_INTERNAL_ERROR;
-                goto f_err;
-            } else if (rv == 0) {
-                al = SSL_AD_DECODE_ERROR;
-                goto f_err;
-            }
-#ifdef SSL_DEBUG
-            fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
-#endif
-        } else {
-            /* Use default digest for this key type */
-            int idx = ssl_cert_type(NULL, pkey);
-            if (idx >= 0)
-                md = s->s3->tmp.md[idx];
-            if (md == NULL) {
-                al = SSL_AD_INTERNAL_ERROR;
-                goto f_err;
-            }
-        }
-
-        if (!PACKET_get_net_2(pkt, &len)) {
-            SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_LENGTH_MISMATCH);
-            al = SSL_AD_DECODE_ERROR;
-            goto f_err;
-        }
+    if (!PACKET_get_net_2(pkt, &len)) {
+        SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_LENGTH_MISMATCH);
+        al = SSL_AD_DECODE_ERROR;
+        goto f_err;
     }
+
     j = EVP_PKEY_size(pkey);
     if (((int)len > j) || ((int)PACKET_remaining(pkt) > j)
         || (PACKET_remaining(pkt) == 0)) {


More information about the openssl-commits mailing list