generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Convert RSA encrypt to use EVP_PKEY

Browse Source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2015-12-28 00:45:48 +00:00
parent 0d0769a4db
commit 923ffa97d1
1 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
ssl/statem/statem_clnt.c
View File

@ -2253,6 +2253,7 @@ int tls_construct_client_key_exchange(SSL *s)
#ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_RSA
unsigned char *q; unsigned char *q;
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
#endif #endif
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY *ckey = NULL, *skey = NULL; EVP_PKEY *ckey = NULL, *skey = NULL;
@ -2347,7 +2348,7 @@ psk_err:
} }
#ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_RSA
else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) { else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
RSA *rsa; size_t enclen;
pmslen = SSL_MAX_MASTER_KEY_LENGTH; pmslen = SSL_MAX_MASTER_KEY_LENGTH;
pms = OPENSSL_malloc(pmslen); pms = OPENSSL_malloc(pmslen);
if (pms == NULL) if (pms == NULL)
@ -2370,8 +2371,6 @@ psk_err:
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
goto err; goto err;
} }
rsa = pkey->pkey.rsa;
EVP_PKEY_free(pkey);
pms[0] = s->client_version >> 8; pms[0] = s->client_version >> 8;
pms[1] = s->client_version & 0xff; pms[1] = s->client_version & 0xff;
@ -2382,18 +2381,29 @@ psk_err:
/* Fix buf for TLS and beyond */ /* Fix buf for TLS and beyond */
if (s->version > SSL3_VERSION) if (s->version > SSL3_VERSION)
p += 2; p += 2;
n = RSA_public_encrypt(pmslen, pms, p, rsa, RSA_PKCS1_PADDING); pctx = EVP_PKEY_CTX_new(pkey, NULL);
EVP_PKEY_free(pkey);
pkey = NULL;
if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0
|| EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
ERR_R_EVP_LIB);
goto err;
}
if (EVP_PKEY_encrypt(pctx, p, &enclen, pms, pmslen) <= 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
SSL_R_BAD_RSA_ENCRYPT);
goto err;
}
n = enclen;
EVP_PKEY_CTX_free(pctx);
pctx = NULL;
# ifdef PKCS1_CHECK # ifdef PKCS1_CHECK
if (s->options & SSL_OP_PKCS1_CHECK_1) if (s->options & SSL_OP_PKCS1_CHECK_1)
p[1]++; p[1]++;
if (s->options & SSL_OP_PKCS1_CHECK_2) if (s->options & SSL_OP_PKCS1_CHECK_2)
tmp_buf[0] = 0x70; tmp_buf[0] = 0x70;
# endif # endif
if (n <= 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
SSL_R_BAD_RSA_ENCRYPT);
goto err;
}
/* Fix buf for TLS and beyond */ /* Fix buf for TLS and beyond */
if (s->version > SSL3_VERSION) { if (s->version > SSL3_VERSION) {
@ -2655,6 +2665,9 @@ psk_err:
err: err:
OPENSSL_clear_free(pms, pmslen); OPENSSL_clear_free(pms, pmslen);
s->s3->tmp.pms = NULL; s->s3->tmp.pms = NULL;
#ifndef OPENSSL_NO_RSA
EVP_PKEY_CTX_free(pctx);
#endif
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
OPENSSL_free(encodedPoint); OPENSSL_free(encodedPoint);
#endif #endif