summaryrefslogtreecommitdiffstats
path: root/lib/libssl/src/ssl/d1_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libssl/src/ssl/d1_srvr.c')
-rw-r--r--lib/libssl/src/ssl/d1_srvr.c58
1 files changed, 8 insertions, 50 deletions
diff --git a/lib/libssl/src/ssl/d1_srvr.c b/lib/libssl/src/ssl/d1_srvr.c
index a85715753ca..d2f642f8773 100644
--- a/lib/libssl/src/ssl/d1_srvr.c
+++ b/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.40 2014/10/18 16:13:16 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.41 2014/10/31 14:51:01 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -446,27 +446,8 @@ dtls1_accept(SSL *s)
case SSL3_ST_SW_KEY_EXCH_B:
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
- /* clear this, it may get reset by
- * send_server_key_exchange */
- if ((s->options & SSL_OP_EPHEMERAL_RSA)
- )
- /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
- * even when forbidden by protocol specs
- * (handshake may fail as clients are not required to
- * be able to handle this) */
- s->s3->tmp.use_rsa_tmp = 1;
- else
- s->s3->tmp.use_rsa_tmp = 0;
-
- /* only send if a DH key exchange or
- * RSA but we have a sign only certificate */
- if (s->s3->tmp.use_rsa_tmp
- || (alg_k & (SSL_kDHE|SSL_kECDHE))
- || ((alg_k & SSL_kRSA)
- && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
- )
- )
- ) {
+ /* Only send if using a DH key exchange. */
+ if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
dtls1_start_timer(s);
ret = dtls1_send_server_key_exchange(s);
if (ret <= 0)
@@ -994,7 +975,6 @@ dtls1_send_server_key_exchange(SSL *s)
{
unsigned char *q;
int j, num;
- RSA *rsa;
unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
unsigned int u;
DH *dh = NULL, *dhp;
@@ -1024,28 +1004,7 @@ dtls1_send_server_key_exchange(SSL *s)
r[0] = r[1] = r[2] = r[3] = NULL;
n = 0;
- if (type & SSL_kRSA) {
- rsa = cert->rsa_tmp;
- if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
- rsa = s->cert->rsa_tmp_cb(s, 0,
- SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher));
- if (rsa == NULL) {
- al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
- goto f_err;
- }
- RSA_up_ref(rsa);
- cert->rsa_tmp = rsa;
- }
- if (rsa == NULL) {
- al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_RSA_KEY);
- goto f_err;
- }
- r[0] = rsa->n;
- r[1] = rsa->e;
- s->s3->tmp.use_rsa_tmp = 1;
- } else
+
if (type & SSL_kDHE) {
dhp = cert->dh_tmp;
if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
@@ -1087,8 +1046,7 @@ dtls1_send_server_key_exchange(SSL *s)
r[0] = dh->p;
r[1] = dh->g;
r[2] = dh->pub_key;
- } else
- if (type & SSL_kECDHE) {
+ } else if (type & SSL_kECDHE) {
const EC_GROUP *group;
ecdhp = cert->ecdh_tmp;
@@ -1185,10 +1143,10 @@ dtls1_send_server_key_exchange(SSL *s)
r[1] = NULL;
r[2] = NULL;
r[3] = NULL;
- } else
- {
+ } else {
al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+ SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
goto f_err;
}
for (i = 0; r[i] != NULL; i++) {
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.