diff options
Diffstat (limited to 'src/lib/libssl/s3_clnt.c')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 19 |
1 files changed, 5 insertions, 14 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 264cb012d5..d7cd37dec8 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.138 2016/03/27 00:55:38 mmcc Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.139 2016/10/19 16:38:40 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1968,13 +1968,12 @@ err: | |||
| 1968 | } | 1968 | } |
| 1969 | 1969 | ||
| 1970 | static int | 1970 | static int |
| 1971 | ssl3_send_client_kex_ecdh(SSL *s, SESS_CERT *sess_cert, unsigned char *p, | 1971 | ssl3_send_client_kex_ecdhe(SSL *s, SESS_CERT *sess_cert, unsigned char *p, |
| 1972 | int *outlen) | 1972 | int *outlen) |
| 1973 | { | 1973 | { |
| 1974 | EC_KEY *tkey, *clnt_ecdh = NULL; | 1974 | EC_KEY *tkey, *clnt_ecdh = NULL; |
| 1975 | const EC_GROUP *srvr_group = NULL; | 1975 | const EC_GROUP *srvr_group = NULL; |
| 1976 | const EC_POINT *srvr_ecpoint = NULL; | 1976 | const EC_POINT *srvr_ecpoint = NULL; |
| 1977 | EVP_PKEY *srvr_pub_pkey = NULL; | ||
| 1978 | BN_CTX *bn_ctx = NULL; | 1977 | BN_CTX *bn_ctx = NULL; |
| 1979 | unsigned char *encodedPoint = NULL; | 1978 | unsigned char *encodedPoint = NULL; |
| 1980 | unsigned char *key = NULL; | 1979 | unsigned char *key = NULL; |
| @@ -1994,14 +1993,6 @@ ssl3_send_client_kex_ecdh(SSL *s, SESS_CERT *sess_cert, unsigned char *p, | |||
| 1994 | } | 1993 | } |
| 1995 | tkey = sess_cert->peer_ecdh_tmp; | 1994 | tkey = sess_cert->peer_ecdh_tmp; |
| 1996 | 1995 | ||
| 1997 | if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { | ||
| 1998 | /* Get the Server Public Key from certificate. */ | ||
| 1999 | srvr_pub_pkey = X509_get_pubkey( | ||
| 2000 | sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); | ||
| 2001 | if (srvr_pub_pkey != NULL && srvr_pub_pkey->type == EVP_PKEY_EC) | ||
| 2002 | tkey = srvr_pub_pkey->pkey.ec; | ||
| 2003 | } | ||
| 2004 | |||
| 2005 | if (tkey == NULL) { | 1996 | if (tkey == NULL) { |
| 2006 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | 1997 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, |
| 2007 | ERR_R_INTERNAL_ERROR); | 1998 | ERR_R_INTERNAL_ERROR); |
| @@ -2093,7 +2084,6 @@ err: | |||
| 2093 | BN_CTX_free(bn_ctx); | 2084 | BN_CTX_free(bn_ctx); |
| 2094 | free(encodedPoint); | 2085 | free(encodedPoint); |
| 2095 | EC_KEY_free(clnt_ecdh); | 2086 | EC_KEY_free(clnt_ecdh); |
| 2096 | EVP_PKEY_free(srvr_pub_pkey); | ||
| 2097 | 2087 | ||
| 2098 | return (ret); | 2088 | return (ret); |
| 2099 | } | 2089 | } |
| @@ -2242,8 +2232,9 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2242 | } else if (alg_k & SSL_kDHE) { | 2232 | } else if (alg_k & SSL_kDHE) { |
| 2243 | if (ssl3_send_client_kex_dhe(s, sess_cert, p, &n) != 1) | 2233 | if (ssl3_send_client_kex_dhe(s, sess_cert, p, &n) != 1) |
| 2244 | goto err; | 2234 | goto err; |
| 2245 | } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { | 2235 | } else if (alg_k & SSL_kECDHE) { |
| 2246 | if (ssl3_send_client_kex_ecdh(s, sess_cert, p, &n) != 1) | 2236 | if (ssl3_send_client_kex_ecdhe(s, sess_cert, p, |
| 2237 | &n) != 1) | ||
| 2247 | goto err; | 2238 | goto err; |
| 2248 | } else if (alg_k & SSL_kGOST) { | 2239 | } else if (alg_k & SSL_kGOST) { |
| 2249 | if (ssl3_send_client_kex_gost(s, sess_cert, p, &n) != 1) | 2240 | if (ssl3_send_client_kex_gost(s, sess_cert, p, &n) != 1) |