Remove RSA exception when generating server key exchange.
Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Dr. Stephen Henson
parent
192e4bbbf9
commit
e3e11e99ce
@ -1725,11 +1725,7 @@ int tls_construct_server_done(SSL *s)
|
|||||||
int tls_construct_server_key_exchange(SSL *s)
|
int tls_construct_server_key_exchange(SSL *s)
|
||||||
{
|
{
|
||||||
#ifndef OPENSSL_NO_RSA
|
#ifndef OPENSSL_NO_RSA
|
||||||
unsigned char *q;
|
|
||||||
int j, num;
|
|
||||||
RSA *rsa;
|
RSA *rsa;
|
||||||
unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
|
|
||||||
unsigned int u;
|
|
||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_NO_DH
|
#ifndef OPENSSL_NO_DH
|
||||||
DH *dh = NULL, *dhp;
|
DH *dh = NULL, *dhp;
|
||||||
@ -2103,39 +2099,6 @@ int tls_construct_server_key_exchange(SSL *s)
|
|||||||
* n is the length of the params, they start at &(d[4]) and p
|
* n is the length of the params, they start at &(d[4]) and p
|
||||||
* points to the space at the end.
|
* points to the space at the end.
|
||||||
*/
|
*/
|
||||||
#ifndef OPENSSL_NO_RSA
|
|
||||||
if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {
|
|
||||||
q = md_buf;
|
|
||||||
j = 0;
|
|
||||||
for (num = 2; num > 0; num--) {
|
|
||||||
EVP_MD_CTX_set_flags(&md_ctx,
|
|
||||||
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
|
||||||
if (EVP_DigestInit_ex(&md_ctx, (num == 2)
|
|
||||||
? s->ctx->md5 : s->ctx->sha1, NULL) <= 0
|
|
||||||
|| EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
|
|
||||||
SSL3_RANDOM_SIZE) <= 0
|
|
||||||
|| EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
|
|
||||||
SSL3_RANDOM_SIZE) <= 0
|
|
||||||
|| EVP_DigestUpdate(&md_ctx, d, n) <= 0
|
|
||||||
|| EVP_DigestFinal_ex(&md_ctx, q,
|
|
||||||
(unsigned int *)&i) <= 0) {
|
|
||||||
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
|
|
||||||
ERR_LIB_EVP);
|
|
||||||
al = SSL_AD_INTERNAL_ERROR;
|
|
||||||
goto f_err;
|
|
||||||
}
|
|
||||||
q += i;
|
|
||||||
j += i;
|
|
||||||
}
|
|
||||||
if (RSA_sign(NID_md5_sha1, md_buf, j,
|
|
||||||
&(p[2]), &u, pkey->pkey.rsa) <= 0) {
|
|
||||||
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_LIB_RSA);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
s2n(u, p);
|
|
||||||
n += u + 2;
|
|
||||||
} else
|
|
||||||
#endif
|
|
||||||
if (md) {
|
if (md) {
|
||||||
/* send signature algorithm */
|
/* send signature algorithm */
|
||||||
if (SSL_USE_SIGALGS(s)) {
|
if (SSL_USE_SIGALGS(s)) {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user