diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2015-09-12 12:58:16 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2015-09-12 12:58:16 +0000 |
commit | a19e01056912eef793fa5f9b7cf610ee80de291b (patch) | |
tree | e2ff8748bf8b0d767c7bed5de8eedb03a4489c66 /lib | |
parent | 3a1a212b3f44369d5d16faa073694986c6d61e82 (diff) |
Uncopy and unpaste dtls1_send_client_verify() - the
ssl3_send_client_verify() is different, but it correctly supports things
like SIGALGS. Another 74 lines of code bites the dust.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libssl/src/ssl/d1_clnt.c | 74 | ||||
-rw-r--r-- | lib/libssl/src/ssl/ssl_locl.h | 3 |
2 files changed, 3 insertions, 74 deletions
diff --git a/lib/libssl/src/ssl/d1_clnt.c b/lib/libssl/src/ssl/d1_clnt.c index 7dd6126c979..4b02fcf3c4b 100644 --- a/lib/libssl/src/ssl/d1_clnt.c +++ b/lib/libssl/src/ssl/d1_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_clnt.c,v 1.53 2015/09/12 12:26:56 jsing Exp $ */ +/* $OpenBSD: d1_clnt.c,v 1.54 2015/09/12 12:58:15 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -415,7 +415,7 @@ dtls1_connect(SSL *s) case SSL3_ST_CW_CERT_VRFY_A: case SSL3_ST_CW_CERT_VRFY_B: dtls1_start_timer(s); - ret = dtls1_send_client_verify(s); + ret = ssl3_send_client_verify(s); if (ret <= 0) goto end; s->state = SSL3_ST_CW_CHANGE_A; @@ -659,76 +659,6 @@ f_err: } int -dtls1_send_client_verify(SSL *s) -{ - unsigned char *p; - unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; - EVP_PKEY *pkey; - unsigned u = 0; - unsigned long n; - int j; - - if (s->state == SSL3_ST_CW_CERT_VRFY_A) { - p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY); - - pkey = s->cert->key->privatekey; - - s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, - &(data[MD5_DIGEST_LENGTH])); - - if (pkey->type == EVP_PKEY_RSA) { - s->method->ssl3_enc->cert_verify_mac(s, - NID_md5, &(data[0])); - if (RSA_sign(NID_md5_sha1, data, - MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, - &(p[2]), &u, pkey->pkey.rsa) <= 0 ) { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, - ERR_R_RSA_LIB); - goto err; - } - s2n(u, p); - n = u + 2; - } else if (pkey->type == EVP_PKEY_DSA) { - if (!DSA_sign(pkey->save_type, - &(data[MD5_DIGEST_LENGTH]), - SHA_DIGEST_LENGTH, &(p[2]), - (unsigned int *)&j, pkey->pkey.dsa)) { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, - ERR_R_DSA_LIB); - goto err; - } - s2n(j, p); - n = j + 2; - } else if (pkey->type == EVP_PKEY_EC) { - if (!ECDSA_sign(pkey->save_type, - &(data[MD5_DIGEST_LENGTH]), - SHA_DIGEST_LENGTH, &(p[2]), - (unsigned int *)&j, pkey->pkey.ec)) { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, - ERR_R_ECDSA_LIB); - goto err; - } - s2n(j, p); - n = j + 2; - } else { - SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, - ERR_R_INTERNAL_ERROR); - goto err; - } - - ssl3_handshake_msg_finish(s, n); - - s->state = SSL3_ST_CW_CERT_VRFY_B; - } - - /* s->state = SSL3_ST_CW_CERT_VRFY_B */ - return (ssl3_handshake_write(s)); - -err: - return (-1); -} - -int dtls1_send_client_certificate(SSL *s) { X509 *x509 = NULL; diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h index 92842346a20..48ac8c8b2de 100644 --- a/lib/libssl/src/ssl/ssl_locl.h +++ b/lib/libssl/src/ssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.120 2015/09/12 12:26:56 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.121 2015/09/12 12:58:15 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -711,7 +711,6 @@ int ssl3_check_finished(SSL *s); int ssl3_send_next_proto(SSL *s); int dtls1_send_client_certificate(SSL *s); -int dtls1_send_client_verify(SSL *s); /* some server-only functions */ int ssl3_get_client_hello(SSL *s); |