feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

allow for extra bytes in sig encoding for conforming signed big int, patch ssn1

Browse Source
This commit is contained in:
toddouska
2013-03-07 10:47:01 -08:00
parent 49e67487e7
commit 23d6c70d3e
1 changed files with 39 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
src/internal.c
View File

@ -4280,12 +4280,16 @@ int ProcessReply(CYASSL* ssl)
/* the record layer is here */ /* the record layer is here */
case runProcessingOneMessage: case runProcessingOneMessage:
if (ssl->keys.encryptionOn && ssl->keys.decryptedCur == 0) if (ssl->keys.encryptionOn && ssl->keys.decryptedCur == 0) {
if (DecryptMessage(ssl, ssl->buffers.inputBuffer.buffer + ret = DecryptMessage(ssl, ssl->buffers.inputBuffer.buffer +
ssl->buffers.inputBuffer.idx, ssl->buffers.inputBuffer.idx,
ssl->curSize, ssl->curSize,
&ssl->buffers.inputBuffer.idx) < 0) &ssl->buffers.inputBuffer.idx);
if (ret < 0) {
CYASSL_ERROR(ret);
return DECRYPT_ERROR; return DECRYPT_ERROR;
}
}
CYASSL_MSG("received record layer msg"); CYASSL_MSG("received record layer msg");
@ -5051,7 +5055,7 @@ int ReceiveData(CYASSL* ssl, byte* output, int sz, int peek)
CYASSL_ERROR(ssl->error); CYASSL_ERROR(ssl->error);
if (ssl->error == ZERO_RETURN) { if (ssl->error == ZERO_RETURN) {
CYASSL_MSG("Zero return, no more data coming"); CYASSL_MSG("Zero return, no more data coming");
ssl->options.isClosed = 1; ssl->options.isClosed = 1; /* Don't send close_notify */
return 0; /* no more data coming */ return 0; /* no more data coming */
} }
if (ssl->error == SOCKET_ERROR_E) { if (ssl->error == SOCKET_ERROR_E) {
@ -7222,7 +7226,7 @@ int SetCipherList(Suites* s, const char* list)
if (ret == 0) { if (ret == 0) {
CYASSL_MSG("Using ECC client cert"); CYASSL_MSG("Using ECC client cert");
usingEcc = 1; usingEcc = 1;
sigOutSz = ecc_sig_size(&eccKey); sigOutSz = MAX_ENCODED_SIG_SZ;
} }
else { else {
CYASSL_MSG("Bad client cert type"); CYASSL_MSG("Bad client cert type");
@ -7247,11 +7251,10 @@ int SetCipherList(Suites* s, const char* list)
verify[1] = usingEcc ? ecc_dsa_sa_algo : rsa_sa_algo; verify[1] = usingEcc ? ecc_dsa_sa_algo : rsa_sa_algo;
extraSz = HASH_SIG_SIZE; extraSz = HASH_SIG_SIZE;
} }
c16toa((word16)length, verify + extraSz); /* prepend verify header*/
if (usingEcc) { if (usingEcc) {
#ifdef HAVE_ECC #ifdef HAVE_ECC
word32 localSz = sigOutSz; word32 localSz = MAX_ENCODED_SIG_SZ;
word32 digestSz = SHA_DIGEST_SIZE; word32 digestSz = SHA_DIGEST_SIZE;
byte* digest = ssl->certHashes.sha; byte* digest = ssl->certHashes.sha;
@ -7270,9 +7273,13 @@ int SetCipherList(Suites* s, const char* list)
} }
} }
ret = ecc_sign_hash(digest, digestSz, ret = ecc_sign_hash(digest, digestSz, encodedSig,
verify + extraSz + VERIFY_HEADER, &localSz, ssl->rng, &eccKey);
&localSz, ssl->rng, &eccKey); if (ret == 0) {
length = localSz;
c16toa((word16)length, verify + extraSz); /* prepend hdr */
XMEMCPY(verify + extraSz + VERIFY_HEADER,encodedSig,length);
}
#endif #endif
} }
else { else {
@ -7300,6 +7307,7 @@ int SetCipherList(Suites* s, const char* list)
signBuffer = encodedSig; signBuffer = encodedSig;
} }
c16toa((word16)length, verify + extraSz); /* prepend hdr */
ret = RsaSSL_Sign(signBuffer, signSz, verify + extraSz + ret = RsaSSL_Sign(signBuffer, signSz, verify + extraSz +
VERIFY_HEADER, ENCRYPT_LEN, &key, ssl->rng); VERIFY_HEADER, ENCRYPT_LEN, &key, ssl->rng);
@ -7591,7 +7599,7 @@ int SetCipherList(Suites* s, const char* list)
ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &i, ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &i,
&dsaKey, ssl->buffers.key.length); &dsaKey, ssl->buffers.key.length);
if (ret != 0) return ret; if (ret != 0) return ret;
sigSz = ecc_sig_size(&dsaKey); sigSz = ecc_sig_size(&dsaKey) + 2; /* worst case estimate */
} }
else { else {
FreeRsaKey(&rsaKey); FreeRsaKey(&rsaKey);
@ -7623,7 +7631,8 @@ int SetCipherList(Suites* s, const char* list)
output = ssl->buffers.outputBuffer.buffer + output = ssl->buffers.outputBuffer.buffer +
ssl->buffers.outputBuffer.length; ssl->buffers.outputBuffer.length;
AddHeaders(output, length, server_key_exchange, ssl); /* record and message headers will be added below, when we're sure
of the sig length */
/* key exchange data */ /* key exchange data */
output[idx++] = named_curve; output[idx++] = named_curve;
@ -7636,8 +7645,9 @@ int SetCipherList(Suites* s, const char* list)
output[idx++] = ssl->suites->hashAlgo; output[idx++] = ssl->suites->hashAlgo;
output[idx++] = ssl->suites->sigAlgo; output[idx++] = ssl->suites->sigAlgo;
} }
c16toa((word16)sigSz, output + idx);
idx += LENGTH_SZ; /* Signtaure length will be written later, when we're sure what it
is */
/* do signature */ /* do signature */
{ {
@ -7711,6 +7721,10 @@ int SetCipherList(Suites* s, const char* list)
typeH); typeH);
signBuffer = encodedSig; signBuffer = encodedSig;
} }
/* write sig size here */
c16toa((word16)sigSz, output + idx);
idx += LENGTH_SZ;
ret = RsaSSL_Sign(signBuffer, signSz, output + idx, sigSz, ret = RsaSSL_Sign(signBuffer, signSz, output + idx, sigSz,
&rsaKey, ssl->rng); &rsaKey, ssl->rng);
FreeRsaKey(&rsaKey); FreeRsaKey(&rsaKey);
@ -7741,13 +7755,21 @@ int SetCipherList(Suites* s, const char* list)
} }
ret = ecc_sign_hash(digest, digestSz, ret = ecc_sign_hash(digest, digestSz,
output + idx, &sz, ssl->rng, &dsaKey); output + LENGTH_SZ + idx, &sz, ssl->rng, &dsaKey);
FreeRsaKey(&rsaKey); FreeRsaKey(&rsaKey);
ecc_free(&dsaKey); ecc_free(&dsaKey);
if (ret < 0) return ret; if (ret < 0) return ret;
/* Now that we know the real sig size, write it. */
c16toa((word16)sz, output + idx);
/* And adjust length and sendSz from estimates */
length += sz - sigSz;
sendSz += sz - sigSz;
} }
} }
AddHeaders(output, length, server_key_exchange, ssl);
HashOutput(ssl, output, sendSz, 0); HashOutput(ssl, output, sendSz, 0);
#ifdef CYASSL_CALLBACKS #ifdef CYASSL_CALLBACKS