From bff93678cf13da4ecca1851234578e671787a38b Mon Sep 17 00:00:00 2001 From: lloyd Date: Wed, 28 Dec 2011 16:40:19 +0000 Subject: Additional bits for SSLv3 client auth --- src/tls/cert_ver.cpp | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) (limited to 'src/tls/cert_ver.cpp') diff --git a/src/tls/cert_ver.cpp b/src/tls/cert_ver.cpp index 4203e2542..023c6ccd7 100644 --- a/src/tls/cert_ver.cpp +++ b/src/tls/cert_ver.cpp @@ -7,6 +7,7 @@ #include #include +#include #include #include #include @@ -71,7 +72,9 @@ void Certificate_Verify::deserialize(const MemoryRegion& buf) * Verify a Certificate Verify message */ bool Certificate_Verify::verify(const X509_Certificate& cert, - TLS_Handshake_Hash& hash) + TLS_Handshake_Hash& hash, + Version_Code version, + const SecureVector& master_secret) { // FIXME: duplicate of Server_Key_Exchange::verify @@ -84,7 +87,10 @@ bool Certificate_Verify::verify(const X509_Certificate& cert, padding = "EMSA3(TLS.Digest.0)"; else if(key->algo_name() == "DSA") { - padding == "EMSA1(SHA-1)"; + if(version == SSL_V3) + padding = "Raw"; + else + padding = "EMSA1(SHA-1)"; format = DER_SEQUENCE; } else @@ -92,7 +98,19 @@ bool Certificate_Verify::verify(const X509_Certificate& cert, " is invalid/unknown for TLS signatures"); PK_Verifier verifier(*key, padding, format); - return verifier.verify_message(hash.get_contents(), signature); + + if(version == SSL_V3) + { + SecureVector md5_sha = hash.final_ssl3(master_secret); + + return verifier.verify_message(&md5_sha[16], md5_sha.size()-16, + &signature[0], signature.size()); + } + else if(version == TLS_V10 || version == TLS_V11) + return verifier.verify_message(hash.get_contents(), signature); + else + throw TLS_Exception(PROTOCOL_VERSION, + "Unknown TLS version in certificate verification"); } } -- cgit v1.2.3