patches.chromium/0016-send_client_verify_cleanup.patch - chromium/deps/openssl - Git at Google

 diff --git android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c
 index d6154c5..2b094c9 100644
 --- android-openssl.orig/ssl/s3_clnt.c
 +++ android-openssl/ssl/s3_clnt.c
 @@ -3022,33 +3022,18 @@ int ssl3_send_client_verify(SSL *s)
  	unsigned char *p,*d;
  	unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
  	EVP_PKEY *pkey;
 -	EVP_PKEY_CTX *pctx=NULL;
 +	EVP_PKEY_CTX *pctx = NULL;
  	EVP_MD_CTX mctx;
 -	unsigned u=0;
 +	unsigned signature_length = 0;
  	unsigned long n;
 -	int j;

  	EVP_MD_CTX_init(&mctx);

  	if (s->state == SSL3_ST_CW_CERT_VRFY_A)
  		{
 -		d=(unsigned char *)s->init_buf->data;
 -		p= &(d[4]);
 -		pkey=s->cert->key->privatekey;
 -/* Create context from key and test if sha1 is allowed as digest */
 -		pctx = EVP_PKEY_CTX_new(pkey,NULL);
 -		EVP_PKEY_sign_init(pctx);
 -		if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0)
 -			{
 -			if (TLS1_get_version(s) < TLS1_2_VERSION)
 -				s->method->ssl3_enc->cert_verify_mac(s,
 -						NID_sha1,
 -						&(data[MD5_DIGEST_LENGTH]));
 -			}
 -		else
 -			{
 -			ERR_clear_error();
 -			}
 +		d = (unsigned char *)s->init_buf->data;
 +		p = &(d[4]);
 +		pkey = s->cert->key->privatekey;
  		/* For TLS v1.2 send signature algorithm and signature
  		 * using agreed digest and cached handshake records.
  		 */
 @@ -3072,14 +3057,15 @@ int ssl3_send_client_verify(SSL *s)
  #endif
  			if (!EVP_SignInit_ex(&mctx, md, NULL)
  				|| !EVP_SignUpdate(&mctx, hdata, hdatalen)
 -				|| !EVP_SignFinal(&mctx, p + 2, &u, pkey))
 +				|| !EVP_SignFinal(&mctx, p + 2,
 +					&signature_length, pkey))
  				{
  				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
  						ERR_R_EVP_LIB);
  				goto err;
  				}
 -			s2n(u,p);
 -			n = u + 4;
 +			s2n(signature_length, p);
 +			n = signature_length + 4;
  			if (!ssl3_digest_cached_records(s))
  				goto err;
  			}
 @@ -3087,78 +3073,80 @@ int ssl3_send_client_verify(SSL *s)
  #ifndef OPENSSL_NO_RSA
  		if (pkey->type == EVP_PKEY_RSA)
  			{
 +			s->method->ssl3_enc->cert_verify_mac(s, NID_md5, data);
  			s->method->ssl3_enc->cert_verify_mac(s,
 -				NID_md5,
 -			 	&(data[0]));
 +				NID_sha1, &(data[MD5_DIGEST_LENGTH]));
  			if (RSA_sign(NID_md5_sha1, data,
 -					 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
 -					&(p[2]), &u, pkey->pkey.rsa) <= 0 )
 +					MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
 +					&(p[2]), &signature_length, pkey->pkey.rsa) <= 0)
  				{
 -				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
 +				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB);
  				goto err;
  				}
 -			s2n(u,p);
 -			n=u+2;
 +			s2n(signature_length, p);
 +			n = signature_length + 2;
  			}
  		else
  #endif
  #ifndef OPENSSL_NO_DSA
 -			if (pkey->type == EVP_PKEY_DSA)
 +		if (pkey->type == EVP_PKEY_DSA)
  			{
 -			if (!DSA_sign(pkey->save_type,
 -				&(data[MD5_DIGEST_LENGTH]),
 -				SHA_DIGEST_LENGTH,&(p[2]),
 -				(unsigned int *)&j,pkey->pkey.dsa))
 +			s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data);
 +			if (!DSA_sign(pkey->save_type, data,
 +					SHA_DIGEST_LENGTH, &(p[2]),
 +					&signature_length, pkey->pkey.dsa))
  				{
 -				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
 +				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB);
  				goto err;
  				}
 -			s2n(j,p);
 -			n=j+2;
 +			s2n(signature_length, p);
 +			n = signature_length + 2;
  			}
  		else
  #endif
  #ifndef OPENSSL_NO_ECDSA
 -			if (pkey->type == EVP_PKEY_EC)
 +		if (pkey->type == EVP_PKEY_EC)
  			{
 -			if (!ECDSA_sign(pkey->save_type,
 -				&(data[MD5_DIGEST_LENGTH]),
 -				SHA_DIGEST_LENGTH,&(p[2]),
 -				(unsigned int *)&j,pkey->pkey.ec))
 +			s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data);
 +			if (!ECDSA_sign(pkey->save_type, data,
 +					SHA_DIGEST_LENGTH, &(p[2]),
 +					&signature_length, pkey->pkey.ec))
  				{
 -				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
 -				    ERR_R_ECDSA_LIB);
 +				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_ECDSA_LIB);
  				goto err;
  				}
 -			s2n(j,p);
 -			n=j+2;
 +			s2n(signature_length, p);
 +			n = signature_length + 2;
  			}
  		else
  #endif
  		if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001)
 -		{
 -		unsigned char signbuf[64];
 -		int i;
 -		size_t sigsize=64;
 -		s->method->ssl3_enc->cert_verify_mac(s,
 -			NID_id_GostR3411_94,
 -			data);
 -		if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
 -			SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
 -			ERR_R_INTERNAL_ERROR);
 -			goto err;
 -		}
 -		for (i=63,j=0; i>=0; j++, i--) {
 -			p[2+j]=signbuf[i];
 -		}
 -		s2n(j,p);
 -		n=j+2;
 -		}
 +			{
 +			unsigned char signbuf[64];
 +			int i, j;
 +			size_t sigsize=64;
 +
 +			s->method->ssl3_enc->cert_verify_mac(s,
 +				NID_id_GostR3411_94,
 +				data);
 +			pctx = EVP_PKEY_CTX_new(pkey, NULL);
 +			EVP_PKEY_sign_init(pctx);
 +			if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
 +				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
 +					ERR_R_INTERNAL_ERROR);
 +				goto err;
 +			}
 +			for (i=63,j=0; i>=0; j++, i--) {
 +				p[2+j]=signbuf[i];
 +			}
 +			s2n(j,p);
 +			n=j+2;
 +			}
  		else
 -		{
 +			{
  			SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
  			goto err;
 -		}
 +			}
  		*(d++)=SSL3_MT_CERTIFICATE_VERIFY;
  		l2n3(n,d);
	diff --git android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c
	index d6154c5..2b094c9 100644
	--- android-openssl.orig/ssl/s3_clnt.c
	+++ android-openssl/ssl/s3_clnt.c
	@@ -3022,33 +3022,18 @@ int ssl3_send_client_verify(SSL *s)
	unsigned char p,d;
	unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
	EVP_PKEY *pkey;
	- EVP_PKEY_CTX *pctx=NULL;
	+ EVP_PKEY_CTX *pctx = NULL;
	EVP_MD_CTX mctx;
	- unsigned u=0;
	+ unsigned signature_length = 0;
	unsigned long n;
	- int j;

	EVP_MD_CTX_init(&mctx);

	if (s->state == SSL3_ST_CW_CERT_VRFY_A)
	{
	- d=(unsigned char *)s->init_buf->data;
	- p= &(d[4]);
	- pkey=s->cert->key->privatekey;
	-/* Create context from key and test if sha1 is allowed as digest */
	- pctx = EVP_PKEY_CTX_new(pkey,NULL);
	- EVP_PKEY_sign_init(pctx);
	- if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0)
	- {
	- if (TLS1_get_version(s) < TLS1_2_VERSION)
	- s->method->ssl3_enc->cert_verify_mac(s,
	- NID_sha1,
	- &(data[MD5_DIGEST_LENGTH]));
	- }
	- else
	- {
	- ERR_clear_error();
	- }
	+ d = (unsigned char *)s->init_buf->data;
	+ p = &(d[4]);
	+ pkey = s->cert->key->privatekey;
	/* For TLS v1.2 send signature algorithm and signature
	* using agreed digest and cached handshake records.
	*/
	@@ -3072,14 +3057,15 @@ int ssl3_send_client_verify(SSL *s)
	#endif
	if (!EVP_SignInit_ex(&mctx, md, NULL)
	\|\| !EVP_SignUpdate(&mctx, hdata, hdatalen)
	- \|\| !EVP_SignFinal(&mctx, p + 2, &u, pkey))
	+ \|\| !EVP_SignFinal(&mctx, p + 2,
	+ &signature_length, pkey))
	{
	SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
	ERR_R_EVP_LIB);
	goto err;
	}
	- s2n(u,p);
	- n = u + 4;
	+ s2n(signature_length, p);
	+ n = signature_length + 4;
	if (!ssl3_digest_cached_records(s))
	goto err;
	}
	@@ -3087,78 +3073,80 @@ int ssl3_send_client_verify(SSL *s)
	#ifndef OPENSSL_NO_RSA
	if (pkey->type == EVP_PKEY_RSA)
	{
	+ s->method->ssl3_enc->cert_verify_mac(s, NID_md5, data);
	s->method->ssl3_enc->cert_verify_mac(s,
	- NID_md5,
	- &(data[0]));
	+ NID_sha1, &(data[MD5_DIGEST_LENGTH]));
	if (RSA_sign(NID_md5_sha1, data,
	- MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
	- &(p[2]), &u, pkey->pkey.rsa) <= 0 )
	+ MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
	+ &(p[2]), &signature_length, pkey->pkey.rsa) <= 0)
	{
	- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
	+ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB);
	goto err;
	}
	- s2n(u,p);
	- n=u+2;
	+ s2n(signature_length, p);
	+ n = signature_length + 2;
	}
	else
	#endif
	#ifndef OPENSSL_NO_DSA
	- if (pkey->type == EVP_PKEY_DSA)
	+ if (pkey->type == EVP_PKEY_DSA)
	{
	- if (!DSA_sign(pkey->save_type,
	- &(data[MD5_DIGEST_LENGTH]),
	- SHA_DIGEST_LENGTH,&(p[2]),
	- (unsigned int *)&j,pkey->pkey.dsa))
	+ s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data);
	+ if (!DSA_sign(pkey->save_type, data,
	+ SHA_DIGEST_LENGTH, &(p[2]),
	+ &signature_length, pkey->pkey.dsa))
	{
	- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
	+ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB);
	goto err;
	}
	- s2n(j,p);
	- n=j+2;
	+ s2n(signature_length, p);
	+ n = signature_length + 2;
	}
	else
	#endif
	#ifndef OPENSSL_NO_ECDSA
	- if (pkey->type == EVP_PKEY_EC)
	+ if (pkey->type == EVP_PKEY_EC)
	{
	- if (!ECDSA_sign(pkey->save_type,
	- &(data[MD5_DIGEST_LENGTH]),
	- SHA_DIGEST_LENGTH,&(p[2]),
	- (unsigned int *)&j,pkey->pkey.ec))
	+ s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data);
	+ if (!ECDSA_sign(pkey->save_type, data,
	+ SHA_DIGEST_LENGTH, &(p[2]),
	+ &signature_length, pkey->pkey.ec))
	{
	- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
	- ERR_R_ECDSA_LIB);
	+ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_ECDSA_LIB);
	goto err;
	}
	- s2n(j,p);
	- n=j+2;
	+ s2n(signature_length, p);
	+ n = signature_length + 2;
	}
	else
	#endif
	if (pkey->type == NID_id_GostR3410_94 \|\| pkey->type == NID_id_GostR3410_2001)
	- {
	- unsigned char signbuf[64];
	- int i;
	- size_t sigsize=64;
	- s->method->ssl3_enc->cert_verify_mac(s,
	- NID_id_GostR3411_94,
	- data);
	- if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
	- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
	- ERR_R_INTERNAL_ERROR);
	- goto err;
	- }
	- for (i=63,j=0; i>=0; j++, i--) {
	- p[2+j]=signbuf[i];
	- }
	- s2n(j,p);
	- n=j+2;
	- }
	+ {
	+ unsigned char signbuf[64];
	+ int i, j;
	+ size_t sigsize=64;
	+
	+ s->method->ssl3_enc->cert_verify_mac(s,
	+ NID_id_GostR3411_94,
	+ data);
	+ pctx = EVP_PKEY_CTX_new(pkey, NULL);
	+ EVP_PKEY_sign_init(pctx);
	+ if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
	+ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
	+ ERR_R_INTERNAL_ERROR);
	+ goto err;
	+ }
	+ for (i=63,j=0; i>=0; j++, i--) {
	+ p[2+j]=signbuf[i];
	+ }
	+ s2n(j,p);
	+ n=j+2;
	+ }
	else
	- {
	+ {
	SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
	goto err;
	- }
	+ }
	*(d++)=SSL3_MT_CERTIFICATE_VERIFY;
	l2n3(n,d);