diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2017-06-16 19:23:47 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2017-06-21 14:11:01 +0100 |
commit | 72ceb6a6923456d9ff036cd81014024cf54280c4 (patch) | |
tree | a9fe2515e748b253980c8631d60344b17ecb99d3 /ssl/statem/statem_srvr.c | |
parent | 03327c8bf2af2db937a7d39268ea70ab90819279 (diff) | |
download | openssl-72ceb6a6923456d9ff036cd81014024cf54280c4.zip openssl-72ceb6a6923456d9ff036cd81014024cf54280c4.tar.gz openssl-72ceb6a6923456d9ff036cd81014024cf54280c4.tar.bz2 |
Convert key exchange to one shot call
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
Diffstat (limited to 'ssl/statem/statem_srvr.c')
-rw-r--r-- | ssl/statem/statem_srvr.c | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 1cde8c8..6168b98 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2410,9 +2410,10 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) /* not anonymous */ if (lu != NULL) { EVP_PKEY *pkey = s->s3->tmp.cert->privatekey; - const EVP_MD *md = ssl_md(lu->hash_idx); - unsigned char *sigbytes1, *sigbytes2; - size_t siglen; + const EVP_MD *md; + unsigned char *sigbytes1, *sigbytes2, *tbs; + size_t siglen, tbslen; + int rv; if (pkey == NULL || md == NULL) { /* Should never happen */ @@ -2456,15 +2457,17 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) goto f_err; } } - if (EVP_DigestSignUpdate(md_ctx, &(s->s3->client_random[0]), - SSL3_RANDOM_SIZE) <= 0 - || EVP_DigestSignUpdate(md_ctx, &(s->s3->server_random[0]), - SSL3_RANDOM_SIZE) <= 0 - || EVP_DigestSignUpdate(md_ctx, - s->init_buf->data + paramoffset, - paramlen) <= 0 - || EVP_DigestSignFinal(md_ctx, sigbytes1, &siglen) <= 0 - || !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2) + tbslen = construct_key_exchange_tbs(s, &tbs, + s->init_buf->data + paramoffset, + paramlen); + if (tbslen == 0) { + SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); + goto f_err; + } + rv = EVP_DigestSign(md_ctx, sigbytes1, &siglen, tbs, tbslen); + OPENSSL_free(tbs); + if (rv <= 0 || !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2) || sigbytes1 != sigbytes2) { SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); |