diff options
| author |   jsing <jsing@openbsd.org> | 2018-08-16 18:13:15 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2018-08-16 18:13:15 +0000 |
| commit | a7da159071734ef307bc334cf365723fda4b6914 (patch) | |
| tree | 28231411339b7f005af1ffaa01812d6e03838f7b | |
| parent | Switch nsd control socket from localhost to a unix domain socket. (diff) | |
| download | wireguard-openbsd-a7da159071734ef307bc334cf365723fda4b6914.tar.xz wireguard-openbsd-a7da159071734ef307bc334cf365723fda4b6914.zip | |
Simplify the add signature code/logic in ssl3_send_server_key_exchange().
ok tb@
| -rw-r--r-- | lib/libssl/ssl_srvr.c | 21 |
1 files changed, 8 insertions, 13 deletions
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 6882d713999..2fde588cb92 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.38 2018/08/16 17:49:48 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.39 2018/08/16 18:13:15 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1509,8 +1509,8 @@ ssl3_send_server_key_exchange(SSL *s) const EVP_MD *md = NULL; unsigned long type; EVP_MD_CTX md_ctx; - int al, key_len; EVP_PKEY *pkey; + int al; memset(&cbb, 0, sizeof(cbb)); memset(&cbb_params, 0, sizeof(cbb_params)); @@ -1545,20 +1545,14 @@ ssl3_send_server_key_exchange(SSL *s) if (!CBB_add_bytes(&server_kex, params, params_len)) goto err; + /* Add signature unless anonymous. */ if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) { - if ((pkey = ssl_get_sign_pkey( - s, S3I(s)->hs.new_cipher, &md)) == NULL) { + if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.new_cipher, + &md)) == NULL) { al = SSL_AD_DECODE_ERROR; goto f_err; } - key_len = EVP_PKEY_size(pkey); - } else { - pkey = NULL; - key_len = 0; - } - /* Add signature unless anonymous. */ - if (pkey != NULL) { if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) md = EVP_md5_sha1(); @@ -1571,7 +1565,8 @@ ssl3_send_server_key_exchange(SSL *s) /* Send signature algorithm. */ if (SSL_USE_SIGALGS(s)) { - if (!tls12_get_sigandhash_cbb(&server_kex, pkey, md)) { + if (!tls12_get_sigandhash_cbb(&server_kex, pkey, + md)) { /* Should never happen */ al = SSL_AD_INTERNAL_ERROR; SSLerror(s, ERR_R_INTERNAL_ERROR); @@ -1579,7 +1574,7 @@ ssl3_send_server_key_exchange(SSL *s) } } - if ((signature = calloc(1, key_len)) == NULL) + if ((signature = calloc(1, EVP_PKEY_size(pkey))) == NULL) goto err; if (!EVP_SignInit_ex(&md_ctx, md, NULL)) |