summaryrefslogtreecommitdiff
path: root/lib/libssl
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2015-09-12 12:58:16 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2015-09-12 12:58:16 +0000
commit2567b6e684dfcb657d4293e6dde8f231fd1e491a (patch)
tree86c3fc4af7e5d6a1905a6ac898f8f6cd704b7dd3 /lib/libssl
parent1301aecdd59782653ce8bdc8ab8748cb9391dbe6 (diff)
Uncopy and unpaste dtls1_send_client_verify() - the
ssl3_send_client_verify() is different, but it correctly supports things like SIGALGS. Another 74 lines of code bites the dust.
Diffstat (limited to 'lib/libssl')
-rw-r--r--lib/libssl/d1_clnt.c74
-rw-r--r--lib/libssl/ssl_locl.h3
2 files changed, 3 insertions, 74 deletions
diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c
index 7dd6126c979..4b02fcf3c4b 100644
--- a/lib/libssl/d1_clnt.c
+++ b/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.53 2015/09/12 12:26:56 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.54 2015/09/12 12:58:15 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -415,7 +415,7 @@ dtls1_connect(SSL *s)
case SSL3_ST_CW_CERT_VRFY_A:
case SSL3_ST_CW_CERT_VRFY_B:
dtls1_start_timer(s);
- ret = dtls1_send_client_verify(s);
+ ret = ssl3_send_client_verify(s);
if (ret <= 0)
goto end;
s->state = SSL3_ST_CW_CHANGE_A;
@@ -659,76 +659,6 @@ f_err:
}
int
-dtls1_send_client_verify(SSL *s)
-{
- unsigned char *p;
- unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
- EVP_PKEY *pkey;
- unsigned u = 0;
- unsigned long n;
- int j;
-
- if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
- p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
-
- pkey = s->cert->key->privatekey;
-
- s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
- &(data[MD5_DIGEST_LENGTH]));
-
- if (pkey->type == EVP_PKEY_RSA) {
- s->method->ssl3_enc->cert_verify_mac(s,
- NID_md5, &(data[0]));
- if (RSA_sign(NID_md5_sha1, data,
- MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
- &(p[2]), &u, pkey->pkey.rsa) <= 0 ) {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
- ERR_R_RSA_LIB);
- goto err;
- }
- s2n(u, p);
- n = u + 2;
- } else if (pkey->type == EVP_PKEY_DSA) {
- if (!DSA_sign(pkey->save_type,
- &(data[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH, &(p[2]),
- (unsigned int *)&j, pkey->pkey.dsa)) {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
- ERR_R_DSA_LIB);
- goto err;
- }
- s2n(j, p);
- n = j + 2;
- } else if (pkey->type == EVP_PKEY_EC) {
- if (!ECDSA_sign(pkey->save_type,
- &(data[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH, &(p[2]),
- (unsigned int *)&j, pkey->pkey.ec)) {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
- ERR_R_ECDSA_LIB);
- goto err;
- }
- s2n(j, p);
- n = j + 2;
- } else {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
- ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- ssl3_handshake_msg_finish(s, n);
-
- s->state = SSL3_ST_CW_CERT_VRFY_B;
- }
-
- /* s->state = SSL3_ST_CW_CERT_VRFY_B */
- return (ssl3_handshake_write(s));
-
-err:
- return (-1);
-}
-
-int
dtls1_send_client_certificate(SSL *s)
{
X509 *x509 = NULL;
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 92842346a20..48ac8c8b2de 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.120 2015/09/12 12:26:56 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.121 2015/09/12 12:58:15 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -711,7 +711,6 @@ int ssl3_check_finished(SSL *s);
int ssl3_send_next_proto(SSL *s);
int dtls1_send_client_certificate(SSL *s);
-int dtls1_send_client_verify(SSL *s);
/* some server-only functions */
int ssl3_get_client_hello(SSL *s);