OSStatus SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams, uint8_t *signature, UInt16 signatureLen) { OSStatus err; uint8_t buf[SSL_MAX_DIGEST_LEN]; const HashReference *hash; hash = isRsa ? &SSLHashMD5SHA1 : &SSLHashSHA1; SSLCalculateServerKeyExchangeHash(hash, ctx, signedParams, buf); err = sslRawVerify(ctx, ctx->peerPubKey, buf, hash->digestSize, signature, signatureLen); if (err) { sslErrorLog("SSLVerifySignedServerKeyExchange: sslRawVerify " "returned %d\n", (int)err); } return err; }
int SSLProcessCertificateVerify(tls_buffer message, tls_handshake_t ctx) { int err; UInt8 hashData[SSL_MAX_DIGEST_LEN]; size_t signatureLen; tls_buffer hashDataBuf; uint8_t *charPtr = message.data; uint8_t *endCp = charPtr + message.length; tls_signature_and_hash_algorithm sigAlg = {0,}; if (sslVersionIsLikeTls12(ctx)) { /* Parse the algorithm field added in TLS1.2 */ if((charPtr+2) > endCp) { sslErrorLog("SSLProcessCertificateVerify: msg len error 1\n"); return errSSLProtocol; } sigAlg.hash = *charPtr++; sigAlg.signature = *charPtr++; } if ((charPtr + 2) > endCp) { sslErrorLog("SSLProcessCertificateVerify: msg len error\n"); return errSSLProtocol; } signatureLen = SSLDecodeSize(charPtr, 2); charPtr += 2; if ((charPtr + signatureLen) > endCp) { sslErrorLog("SSLProcessCertificateVerify: sig len error 1\n"); return errSSLProtocol; } hashDataBuf.data = hashData; hashDataBuf.length = SSL_MAX_DIGEST_LEN; assert(ctx->sslTslCalls != NULL); if ((err = ctx->sslTslCalls->computeCertVfyMac(ctx, &hashDataBuf, sigAlg.hash)) != 0) goto fail; if (sslVersionIsLikeTls12(ctx)) { if(sigAlg.signature==tls_signature_algorithm_RSA) { err = sslRsaVerify(&ctx->peerPubKey, sigAlg.hash, hashData, hashDataBuf.length, charPtr, signatureLen); } else { err = sslRawVerify(&ctx->peerPubKey, hashData, hashDataBuf.length, charPtr, signatureLen); } } else { /* sslRawVerify does the decrypt & compare for us in one shot. */ err = sslRawVerify(&ctx->peerPubKey, hashData, // data to verify hashDataBuf.length, charPtr, // signature signatureLen); } if(err) { SSLFatalSessionAlert(SSL_AlertDecryptError, ctx); goto fail; } err = errSSLSuccess; fail: return err; }