generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Get correct GOST private key instead of just assuming the last one is

Browse Source 
correct: this isn't always true if we have more than one certificate.
This commit is contained in:
Dr. Stephen Henson 2010-11-14 13:50:42 +00:00
parent 251431ff4f
commit d36c7b618d
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ssl/s3_srvr.c
View File

@ -2580,12 +2580,19 @@ int ssl3_get_client_key_exchange(SSL *s)
{ {
int ret = 0; int ret = 0;
EVP_PKEY_CTX *pkey_ctx; EVP_PKEY_CTX *pkey_ctx;
EVP_PKEY *client_pub_pkey = NULL; EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
unsigned char premaster_secret[32], *start; unsigned char premaster_secret[32], *start;
size_t outlen=32, inlen; size_t outlen=32, inlen;
unsigned long alg_a;
/* Get our certificate private key*/ /* Get our certificate private key*/
pkey_ctx = EVP_PKEY_CTX_new(s->cert->key->privatekey,NULL); alg_a = s->s3->tmp.new_cipher->algorithm_auth;
if (alg_a & SSL_aGOST94)
pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
else if (alg_a & SSL_aGOST01)
pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
pkey_ctx = EVP_PKEY_CTX_new(pk,NULL);
EVP_PKEY_decrypt_init(pkey_ctx); EVP_PKEY_decrypt_init(pkey_ctx);
/* If client certificate is present and is of the same type, maybe /* If client certificate is present and is of the same type, maybe
* use it for key exchange. Don't mind errors from * use it for key exchange. Don't mind errors from