diff options
| author | jsing <> | 2014-12-06 14:24:26 +0000 |
|---|---|---|
| committer | jsing <> | 2014-12-06 14:24:26 +0000 |
| commit | 7b858dee1df9a704b4fd1755b70c8f53352dcbeb (patch) | |
| tree | 16f00a61036316c6d0afc1976c7e1dfaf932cde4 /src/lib/libssl/d1_clnt.c | |
| parent | a657ba9d9f7c27a3001f24d121b111838c1dc856 (diff) | |
| download | openbsd-7b858dee1df9a704b4fd1755b70c8f53352dcbeb.tar.gz openbsd-7b858dee1df9a704b4fd1755b70c8f53352dcbeb.tar.bz2 openbsd-7b858dee1df9a704b4fd1755b70c8f53352dcbeb.zip | |
Remove client handling of RSA in ServerKeyExchange messages, along with
the associated peer_rsa_tmp goop.
This was only needed for export cipher handling and intentional RFC
violations. The export cipher suites have already been removed and
previous cleanup means that we will never send ServerKeyExchange messages
from the server side for RSA.
Diffstat (limited to 'src/lib/libssl/d1_clnt.c')
| -rw-r--r-- | src/lib/libssl/d1_clnt.c | 24 |
1 files changed, 10 insertions, 14 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c index de5721851e..a73995ccda 100644 --- a/src/lib/libssl/d1_clnt.c +++ b/src/lib/libssl/d1_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_clnt.c,v 1.38 2014/11/27 16:03:03 jsing Exp $ */ | 1 | /* $OpenBSD: d1_clnt.c,v 1.39 2014/12/06 14:24:26 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -946,20 +946,16 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 946 | RSA *rsa; | 946 | RSA *rsa; |
| 947 | unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; | 947 | unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; |
| 948 | 948 | ||
| 949 | if (s->session->sess_cert->peer_rsa_tmp != NULL) | 949 | pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); |
| 950 | rsa = s->session->sess_cert->peer_rsa_tmp; | 950 | if ((pkey == NULL) || |
| 951 | else { | 951 | (pkey->type != EVP_PKEY_RSA) || |
| 952 | pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); | 952 | (pkey->pkey.rsa == NULL)) { |
| 953 | if ((pkey == NULL) || | 953 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, |
| 954 | (pkey->type != EVP_PKEY_RSA) || | 954 | ERR_R_INTERNAL_ERROR); |
| 955 | (pkey->pkey.rsa == NULL)) { | 955 | goto err; |
| 956 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 957 | ERR_R_INTERNAL_ERROR); | ||
| 958 | goto err; | ||
| 959 | } | ||
| 960 | rsa = pkey->pkey.rsa; | ||
| 961 | EVP_PKEY_free(pkey); | ||
| 962 | } | 956 | } |
| 957 | rsa = pkey->pkey.rsa; | ||
| 958 | EVP_PKEY_free(pkey); | ||
| 963 | 959 | ||
| 964 | tmp_buf[0] = s->client_version >> 8; | 960 | tmp_buf[0] = s->client_version >> 8; |
| 965 | tmp_buf[1] = s->client_version&0xff; | 961 | tmp_buf[1] = s->client_version&0xff; |