diff options
| author |   jsing <jsing@openbsd.org> | 2017-03-01 14:01:24 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2017-03-01 14:01:24 +0000 |
| commit | c08497fc04a197d182ede49480ffbb5ed57f3421 (patch) | |
| tree | d7cf4abc6c2b16b9b1cb0038f8dbbfd4858e1d15 | |
| parent | Add EVP test for MD5-SHA1. (diff) | |
| download | wireguard-openbsd-c08497fc04a197d182ede49480ffbb5ed57f3421.tar.xz wireguard-openbsd-c08497fc04a197d182ede49480ffbb5ed57f3421.zip | |
Convert ssl3_{get,send}_server_key_exchange() to EVP_md5_sha1().
ok inoguchi@
| -rw-r--r-- | lib/libssl/ssl_algs.c | 4 | ||||
| -rw-r--r-- | lib/libssl/ssl_clnt.c | 33 | ||||
| -rw-r--r-- | lib/libssl/ssl_srvr.c | 36 |
3 files changed, 29 insertions, 44 deletions
diff --git a/lib/libssl/ssl_algs.c b/lib/libssl/ssl_algs.c index ee1919c7252..efbf1a4f310 100644 --- a/lib/libssl/ssl_algs.c +++ b/lib/libssl/ssl_algs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_algs.c,v 1.23 2016/11/06 12:08:32 jsing Exp $ */ +/* $OpenBSD: ssl_algs.c,v 1.24 2017/03/01 14:01:24 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -101,8 +101,10 @@ SSL_library_init(void) #endif EVP_add_digest(EVP_md5()); + EVP_add_digest(EVP_md5_sha1()); EVP_add_digest_alias(SN_md5, "ssl2-md5"); EVP_add_digest_alias(SN_md5, "ssl3-md5"); + EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index da4b966bc66..223190c0a03 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.6 2017/02/28 14:08:49 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.7 2017/03/01 14:01:24 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1472,29 +1472,20 @@ ssl3_get_server_key_exchange(SSL *s) } if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) { - int num; - j = 0; q = md_buf; - for (num = 2; num > 0; num--) { - if (!EVP_DigestInit_ex(&md_ctx, - (num == 2) ? EVP_md5() : EVP_sha1(), - NULL)) { - al = SSL_AD_INTERNAL_ERROR; - goto f_err; - } - EVP_DigestUpdate(&md_ctx, - s->s3->client_random, - SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx, - s->s3->server_random, - SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx, param, param_len); - EVP_DigestFinal_ex(&md_ctx, q, - (unsigned int *)&i); - q += i; - j += i; + if (!EVP_DigestInit_ex(&md_ctx, EVP_md5_sha1(), NULL)) { + al = SSL_AD_INTERNAL_ERROR; + goto f_err; } + EVP_DigestUpdate(&md_ctx, s->s3->client_random, + SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md_ctx, s->s3->server_random, + SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md_ctx, param, param_len); + EVP_DigestFinal_ex(&md_ctx, q, (unsigned int *)&i); + q += i; + j += i; i = RSA_verify(NID_md5_sha1, md_buf, j, p, n, pkey->pkey.rsa); if (i < 0) { diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 8e7c1f4418a..ddf8755707b 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.7 2017/02/28 14:08:50 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.8 2017/03/01 14:01:24 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1445,16 +1445,13 @@ ssl3_send_server_key_exchange(SSL *s) unsigned char *params = NULL; size_t params_len; unsigned char *q; - int j, num; unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; unsigned int u; EVP_PKEY *pkey; const EVP_MD *md = NULL; unsigned char *p, *d; - int al, i; + int al, i, j, n, kn; unsigned long type; - int n; - int kn; BUF_MEM *buf; EVP_MD_CTX md_ctx; @@ -1522,23 +1519,18 @@ ssl3_send_server_key_exchange(SSL *s) if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) { q = md_buf; j = 0; - for (num = 2; num > 0; num--) { - if (!EVP_DigestInit_ex(&md_ctx, - (num == 2) ? EVP_md5() : EVP_sha1(), - NULL)) - goto err; - EVP_DigestUpdate(&md_ctx, - s->s3->client_random, - SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx, - s->s3->server_random, - SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx, d, n); - EVP_DigestFinal_ex(&md_ctx, q, - (unsigned int *)&i); - q += i; - j += i; - } + if (!EVP_DigestInit_ex(&md_ctx, EVP_md5_sha1(), + NULL)) + goto err; + EVP_DigestUpdate(&md_ctx, s->s3->client_random, + SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md_ctx, s->s3->server_random, + SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md_ctx, d, n); + EVP_DigestFinal_ex(&md_ctx, q, + (unsigned int *)&i); + q += i; + j += i; if (RSA_sign(NID_md5_sha1, md_buf, j, &(p[2]), &u, pkey->pkey.rsa) <= 0) { SSLerror(s, ERR_R_RSA_LIB); |