diff options
| author | jsing <> | 2018-08-16 18:13:15 +0000 |
|---|---|---|
| committer | jsing <> | 2018-08-16 18:13:15 +0000 |
| commit | 999ae47c78c4e83057b83b087ccd65a791b96b4c (patch) | |
| tree | 5e3ddaf8431da4fcf87ec2680e66033090fa0c4a | |
| parent | e0aad66e1b58bd0f70558cdfc329a82340b21347 (diff) | |
| download | openbsd-999ae47c78c4e83057b83b087ccd65a791b96b4c.tar.gz openbsd-999ae47c78c4e83057b83b087ccd65a791b96b4c.tar.bz2 openbsd-999ae47c78c4e83057b83b087ccd65a791b96b4c.zip | |
Simplify the add signature code/logic in ssl3_send_server_key_exchange().
ok tb@
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 21 |
1 files changed, 8 insertions, 13 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 6882d71399..2fde588cb9 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.38 2018/08/16 17:49:48 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.39 2018/08/16 18:13:15 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1509,8 +1509,8 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1509 | const EVP_MD *md = NULL; | 1509 | const EVP_MD *md = NULL; |
| 1510 | unsigned long type; | 1510 | unsigned long type; |
| 1511 | EVP_MD_CTX md_ctx; | 1511 | EVP_MD_CTX md_ctx; |
| 1512 | int al, key_len; | ||
| 1513 | EVP_PKEY *pkey; | 1512 | EVP_PKEY *pkey; |
| 1513 | int al; | ||
| 1514 | 1514 | ||
| 1515 | memset(&cbb, 0, sizeof(cbb)); | 1515 | memset(&cbb, 0, sizeof(cbb)); |
| 1516 | memset(&cbb_params, 0, sizeof(cbb_params)); | 1516 | memset(&cbb_params, 0, sizeof(cbb_params)); |
| @@ -1545,20 +1545,14 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1545 | if (!CBB_add_bytes(&server_kex, params, params_len)) | 1545 | if (!CBB_add_bytes(&server_kex, params, params_len)) |
| 1546 | goto err; | 1546 | goto err; |
| 1547 | 1547 | ||
| 1548 | /* Add signature unless anonymous. */ | ||
| 1548 | if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) { | 1549 | if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) { |
| 1549 | if ((pkey = ssl_get_sign_pkey( | 1550 | if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.new_cipher, |
| 1550 | s, S3I(s)->hs.new_cipher, &md)) == NULL) { | 1551 | &md)) == NULL) { |
| 1551 | al = SSL_AD_DECODE_ERROR; | 1552 | al = SSL_AD_DECODE_ERROR; |
| 1552 | goto f_err; | 1553 | goto f_err; |
| 1553 | } | 1554 | } |
| 1554 | key_len = EVP_PKEY_size(pkey); | ||
| 1555 | } else { | ||
| 1556 | pkey = NULL; | ||
| 1557 | key_len = 0; | ||
| 1558 | } | ||
| 1559 | 1555 | ||
| 1560 | /* Add signature unless anonymous. */ | ||
| 1561 | if (pkey != NULL) { | ||
| 1562 | if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) | 1556 | if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) |
| 1563 | md = EVP_md5_sha1(); | 1557 | md = EVP_md5_sha1(); |
| 1564 | 1558 | ||
| @@ -1571,7 +1565,8 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1571 | 1565 | ||
| 1572 | /* Send signature algorithm. */ | 1566 | /* Send signature algorithm. */ |
| 1573 | if (SSL_USE_SIGALGS(s)) { | 1567 | if (SSL_USE_SIGALGS(s)) { |
| 1574 | if (!tls12_get_sigandhash_cbb(&server_kex, pkey, md)) { | 1568 | if (!tls12_get_sigandhash_cbb(&server_kex, pkey, |
| 1569 | md)) { | ||
| 1575 | /* Should never happen */ | 1570 | /* Should never happen */ |
| 1576 | al = SSL_AD_INTERNAL_ERROR; | 1571 | al = SSL_AD_INTERNAL_ERROR; |
| 1577 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 1572 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| @@ -1579,7 +1574,7 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1579 | } | 1574 | } |
| 1580 | } | 1575 | } |
| 1581 | 1576 | ||
| 1582 | if ((signature = calloc(1, key_len)) == NULL) | 1577 | if ((signature = calloc(1, EVP_PKEY_size(pkey))) == NULL) |
| 1583 | goto err; | 1578 | goto err; |
| 1584 | 1579 | ||
| 1585 | if (!EVP_SignInit_ex(&md_ctx, md, NULL)) | 1580 | if (!EVP_SignInit_ex(&md_ctx, md, NULL)) |