diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2010-11-14 13:50:55 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2010-11-14 13:50:55 +0000 |
| commit | e827b58711ce508f5445a8460f857c71c8ffedcd (patch) | |
| tree | 844adc140c314f190a19771ff8a426f578106925 | |
| parent | 80f0bcbabb5469f7930feb72bb5f8f9aaba4ddb1 (diff) | |
| download | openssl-e827b58711ce508f5445a8460f857c71c8ffedcd.zip openssl-e827b58711ce508f5445a8460f857c71c8ffedcd.tar.gz openssl-e827b58711ce508f5445a8460f857c71c8ffedcd.tar.bz2 | |
Get correct GOST private key instead of just assuming the last one is
correct: this isn't always true if we have more than one certificate.
| -rw-r--r-- | ssl/s3_srvr.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index de3f9d2..49751a0 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2621,12 +2621,19 @@ int ssl3_get_client_key_exchange(SSL *s) { int ret = 0; EVP_PKEY_CTX *pkey_ctx; - EVP_PKEY *client_pub_pkey = NULL; + EVP_PKEY *client_pub_pkey = NULL, *pk = NULL; unsigned char premaster_secret[32], *start; - size_t outlen=32, inlen; + size_t outlen=32, inlen; + unsigned long alg_a; /* Get our certificate private key*/ - pkey_ctx = EVP_PKEY_CTX_new(s->cert->key->privatekey,NULL); + alg_a = s->s3->tmp.new_cipher->algorithm_auth; + if (alg_a & SSL_aGOST94) + pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey; + else if (alg_a & SSL_aGOST01) + pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; + + pkey_ctx = EVP_PKEY_CTX_new(pk,NULL); EVP_PKEY_decrypt_init(pkey_ctx); /* If client certificate is present and is of the same type, maybe * use it for key exchange. Don't mind errors from |