[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Fri Jun 9 17:12:56 UTC 2017
The branch master has been updated
via f464f9c04bf3b26c22e9c386cb5d1700000c8e7e (commit)
from 9ae4e664da0692f27bfe0d1a34db29ed815203c8 (commit)
- Log -----------------------------------------------------------------
commit f464f9c04bf3b26c22e9c386cb5d1700000c8e7e
Author: Pichulin Dmitrii <deem at deem.ru>
Date: Fri Jun 9 13:04:00 2017 -0400
fix check of broken implementations of GOST ciphersuites
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3642)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_lib.c | 75 +++++++++++++++++++++++++------------------------
1 file changed, 39 insertions(+), 36 deletions(-)
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 29fb9dc..4f3eb5e 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -351,49 +351,52 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
goto f_err;
}
+ if (SSL_USE_SIGALGS(s)) {
+ int rv;
+ unsigned int sigalg;
+
+ if (!PACKET_get_net_2(pkt, &sigalg)) {
+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
+ }
+ rv = tls12_check_peer_sigalg(s, sigalg, pkey);
+ if (rv == -1) {
+ goto f_err;
+ } else if (rv == 0) {
+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
+ }
+#ifdef SSL_DEBUG
+ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
+#endif
+ } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ goto f_err;
+ }
+
+ md = ssl_md(s->s3->tmp.peer_sigalg->hash_idx);
+
/* Check for broken implementations of GOST ciphersuites */
/*
- * If key is GOST and n is exactly 64, it is bare signature without
- * length field (CryptoPro implementations at least till CSP 4.0)
+ * If key is GOST and len is exactly 64 or 128, it is signature without
+ * length field (CryptoPro implementations at least till TLS 1.2)
*/
#ifndef OPENSSL_NO_GOST
- if (PACKET_remaining(pkt) == 64
- && EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) {
- len = 64;
+ if (!SSL_USE_SIGALGS(s)
+ && ((PACKET_remaining(pkt) == 64
+ && (EVP_PKEY_id(pkey) == NID_id_GostR3410_2001
+ || EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_256))
+ || (PACKET_remaining(pkt) == 128
+ && EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_512))) {
+ len = PACKET_remaining(pkt);
} else
#endif
- {
- if (SSL_USE_SIGALGS(s)) {
- int rv;
- unsigned int sigalg;
-
- if (!PACKET_get_net_2(pkt, &sigalg)) {
- al = SSL_AD_DECODE_ERROR;
- goto f_err;
- }
- rv = tls12_check_peer_sigalg(s, sigalg, pkey);
- if (rv == -1) {
- goto f_err;
- } else if (rv == 0) {
- al = SSL_AD_DECODE_ERROR;
- goto f_err;
- }
-#ifdef SSL_DEBUG
- fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
-#endif
- } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) {
- al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
- }
-
- md = ssl_md(s->s3->tmp.peer_sigalg->hash_idx);
-
- if (!PACKET_get_net_2(pkt, &len)) {
- SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_LENGTH_MISMATCH);
- al = SSL_AD_DECODE_ERROR;
- goto f_err;
- }
+ if (!PACKET_get_net_2(pkt, &len)) {
+ SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_LENGTH_MISMATCH);
+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
}
+
j = EVP_PKEY_size(pkey);
if (((int)len > j) || ((int)PACKET_remaining(pkt) > j)
|| (PACKET_remaining(pkt) == 0)) {
More information about the openssl-commits
mailing list