Convert key exchange to one shot call

Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
author: Dr. Stephen Henson <steve@openssl.org> 2017-06-16 19:23:47 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2017-06-21 14:11:01 +0100
commit: 72ceb6a6923456d9ff036cd81014024cf54280c4 (patch)
tree: a9fe2515e748b253980c8631d60344b17ecb99d3 /ssl/statem/statem_srvr.c
parent: 03327c8bf2af2db937a7d39268ea70ab90819279 (diff)
download: openssl-72ceb6a6923456d9ff036cd81014024cf54280c4.zip
openssl-72ceb6a6923456d9ff036cd81014024cf54280c4.tar.gz
openssl-72ceb6a6923456d9ff036cd81014024cf54280c4.tar.bz2
1 files changed, 15 insertions, 12 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 1cde8c8..6168b98 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2410,9 +2410,10 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
     /* not anonymous */
     if (lu != NULL) {
         EVP_PKEY *pkey = s->s3->tmp.cert->privatekey;
-        const EVP_MD *md = ssl_md(lu->hash_idx);
-        unsigned char *sigbytes1, *sigbytes2;
-        size_t siglen;
+        const EVP_MD *md;
+        unsigned char *sigbytes1, *sigbytes2, *tbs;
+        size_t siglen, tbslen;
+        int rv;
 
         if (pkey == NULL || md == NULL) {
             /* Should never happen */
@@ -2456,15 +2457,17 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
                 goto f_err;
             }
         }
-        if (EVP_DigestSignUpdate(md_ctx, &(s->s3->client_random[0]),
-                                 SSL3_RANDOM_SIZE) <= 0
-            || EVP_DigestSignUpdate(md_ctx, &(s->s3->server_random[0]),
-                                        SSL3_RANDOM_SIZE) <= 0
-            || EVP_DigestSignUpdate(md_ctx,
-                                        s->init_buf->data + paramoffset,
-                                        paramlen) <= 0
-            || EVP_DigestSignFinal(md_ctx, sigbytes1, &siglen) <= 0
-            || !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2)
+        tbslen = construct_key_exchange_tbs(s, &tbs,
+                                            s->init_buf->data + paramoffset,
+                                            paramlen);
+        if (tbslen == 0) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                   ERR_R_MALLOC_FAILURE);
+            goto f_err;
+        }
+        rv = EVP_DigestSign(md_ctx, sigbytes1, &siglen, tbs, tbslen);
+        OPENSSL_free(tbs);
+        if (rv <= 0 || !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2)
             || sigbytes1 != sigbytes2) {
             SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
                    ERR_R_INTERNAL_ERROR);
author	Dr. Stephen Henson <steve@openssl.org>	2017-06-16 19:23:47 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2017-06-21 14:11:01 +0100
commit	72ceb6a6923456d9ff036cd81014024cf54280c4 (patch)
tree	a9fe2515e748b253980c8631d60344b17ecb99d3 /ssl/statem/statem_srvr.c
parent	03327c8bf2af2db937a7d39268ea70ab90819279 (diff)
download	openssl-72ceb6a6923456d9ff036cd81014024cf54280c4.zip openssl-72ceb6a6923456d9ff036cd81014024cf54280c4.tar.gz openssl-72ceb6a6923456d9ff036cd81014024cf54280c4.tar.bz2