enum ssl_private_key_result_t tls13_prepare_certificate_verify( SSL *ssl, int is_first_run) { enum ssl_private_key_result_t ret = ssl_private_key_failure; uint8_t *msg = NULL; size_t msg_len; CBB cbb, body; CBB_zero(&cbb); uint16_t signature_algorithm; if (!tls1_choose_signature_algorithm(ssl, &signature_algorithm)) { goto err; } if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_CERTIFICATE_VERIFY) || !CBB_add_u16(&body, signature_algorithm)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); goto err; } /* Sign the digest. */ CBB child; const size_t max_sig_len = ssl_private_key_max_signature_len(ssl); uint8_t *sig; size_t sig_len; if (!CBB_add_u16_length_prefixed(&body, &child) || !CBB_reserve(&child, &sig, max_sig_len)) { ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); goto err; } enum ssl_private_key_result_t sign_result; if (is_first_run) { if (!tls13_get_cert_verify_signature_input(ssl, &msg, &msg_len, ssl->server)) { ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); goto err; } sign_result = ssl_private_key_sign(ssl, sig, &sig_len, max_sig_len, signature_algorithm, msg, msg_len); } else { sign_result = ssl_private_key_complete(ssl, sig, &sig_len, max_sig_len); } if (sign_result != ssl_private_key_success) { ret = sign_result; goto err; } if (!CBB_did_write(&child, sig_len) || !ssl->method->finish_message(ssl, &cbb)) { goto err; } ret = ssl_private_key_success; err: CBB_cleanup(&cbb); OPENSSL_free(msg); return ret; }
int tls13_process_certificate_verify(SSL *ssl) { int ret = 0; X509 *peer = ssl->s3->new_session->peer; EVP_PKEY *pkey = NULL; uint8_t *msg = NULL; size_t msg_len; /* Filter out unsupported certificate types. */ pkey = X509_get_pubkey(peer); if (pkey == NULL) { goto err; } CBS cbs, signature; uint16_t signature_algorithm; CBS_init(&cbs, ssl->init_msg, ssl->init_num); if (!CBS_get_u16(&cbs, &signature_algorithm) || !CBS_get_u16_length_prefixed(&cbs, &signature) || CBS_len(&cbs) != 0) { OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); goto err; } int al; if (!tls12_check_peer_sigalg(ssl, &al, signature_algorithm)) { ssl3_send_alert(ssl, SSL3_AL_FATAL, al); goto err; } ssl->s3->tmp.peer_signature_algorithm = signature_algorithm; if (!tls13_get_cert_verify_signature_input( ssl, &msg, &msg_len, ssl->server ? ssl_cert_verify_client : ssl_cert_verify_server)) { ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); goto err; } int sig_ok = ssl_public_key_verify(ssl, CBS_data(&signature), CBS_len(&signature), signature_algorithm, pkey, msg, msg_len); #if defined(BORINGSSL_UNSAFE_FUZZER_MODE) sig_ok = 1; ERR_clear_error(); #endif if (!sig_ok) { OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE); ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR); goto err; } ret = 1; err: EVP_PKEY_free(pkey); OPENSSL_free(msg); return ret; }
int tls13_process_certificate_verify(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; int ret = 0; uint8_t *msg = NULL; size_t msg_len; if (hs->peer_pubkey == NULL) { goto err; } CBS cbs, signature; uint16_t signature_algorithm; CBS_init(&cbs, ssl->init_msg, ssl->init_num); if (!CBS_get_u16(&cbs, &signature_algorithm) || !CBS_get_u16_length_prefixed(&cbs, &signature) || CBS_len(&cbs) != 0) { OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); goto err; } int al; if (!tls12_check_peer_sigalg(ssl, &al, signature_algorithm)) { ssl3_send_alert(ssl, SSL3_AL_FATAL, al); goto err; } ssl->s3->new_session->peer_signature_algorithm = signature_algorithm; if (!tls13_get_cert_verify_signature_input( ssl, &msg, &msg_len, ssl->server ? ssl_cert_verify_client : ssl_cert_verify_server)) { ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); goto err; } int sig_ok = ssl_public_key_verify(ssl, CBS_data(&signature), CBS_len(&signature), signature_algorithm, hs->peer_pubkey, msg, msg_len); #if defined(BORINGSSL_UNSAFE_FUZZER_MODE) sig_ok = 1; ERR_clear_error(); #endif if (!sig_ok) { OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE); ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR); goto err; } ret = 1; err: OPENSSL_free(msg); return ret; }