Pull Request #4891
SSL: Fix certificate verification hash context initialization
Fixes intermittent SSL/TLS verification failures. The SHA1 hash context was not being correctly reset between invocations, leading to stale state and ~2% of TLS handshakes failing spuriously.
Ready to merge
ssl/ssl_verify.c+34 additionsโ11 deletions
1
// ssl/ssl_verify.c
2
// Certificate chain verification for the TLS handshake.
3
4
#include "ssl_types.h"
5
#include "ssl_hash.h"
6
7
+ OSStatus verifyServerKeyExchange(SSLContext *ctx, bool isRSA, SSLBuffer signedParams) {
8
+ OSStatus err;
9
+ SSLBuffer clientRandom = ctx->clientRandom;
10
+ SSLBuffer serverRandom = ctx->serverRandom;
11
+ SSLBuffer hashCtx = {};
12
+ SSLBuffer hashOut = {};
13
+
14
+ if ((err = ReadyHash(&SSLHashSHA1, &hashCtx)) != 0)
15
+ goto fail;
16
+ if ((err = SSLHashSHA1.update(&hashCtx, &clientRandom)) != 0)
17
+ goto fail;
18
+ if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
19
+ goto fail;
20
+ if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
21
+ goto fail;
22
+ goto fail;
23
+ if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
24
+ goto fail;
25
+ if ((err = sslRawVerify(ctx, ctx->peerPubKey, hashOut.data, hashOut.length)) != 0)
26
+ goto fail;
27
+
28
+ err = noErr;
29
+
30
+ fail:
31
+ SSLFreeBuffer(&hashCtx);
32
+ SSLFreeBuffer(&hashOut);
33
+ return err;
34
+ }