[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Tue Dec 29 23:22:09 UTC 2015
The branch master has been updated
via 923ffa97d1278a155d2ec7783c997fb7e2c5e28b (commit)
from 0d0769a4dbe760c5c1b104fc11ca2a7c697f650d (commit)
- Log -----------------------------------------------------------------
commit 923ffa97d1278a155d2ec7783c997fb7e2c5e28b
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Mon Dec 28 00:45:48 2015 +0000
Convert RSA encrypt to use EVP_PKEY
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_clnt.c | 31 ++++++++++++++++++++++---------
1 file changed, 22 insertions(+), 9 deletions(-)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 536689b..a7c51df 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2253,6 +2253,7 @@ int tls_construct_client_key_exchange(SSL *s)
#ifndef OPENSSL_NO_RSA
unsigned char *q;
EVP_PKEY *pkey = NULL;
+ EVP_PKEY_CTX *pctx = NULL;
#endif
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY *ckey = NULL, *skey = NULL;
@@ -2347,7 +2348,7 @@ psk_err:
}
#ifndef OPENSSL_NO_RSA
else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
- RSA *rsa;
+ size_t enclen;
pmslen = SSL_MAX_MASTER_KEY_LENGTH;
pms = OPENSSL_malloc(pmslen);
if (pms == NULL)
@@ -2370,8 +2371,6 @@ psk_err:
EVP_PKEY_free(pkey);
goto err;
}
- rsa = pkey->pkey.rsa;
- EVP_PKEY_free(pkey);
pms[0] = s->client_version >> 8;
pms[1] = s->client_version & 0xff;
@@ -2382,18 +2381,29 @@ psk_err:
/* Fix buf for TLS and beyond */
if (s->version > SSL3_VERSION)
p += 2;
- n = RSA_public_encrypt(pmslen, pms, p, rsa, RSA_PKCS1_PADDING);
+ pctx = EVP_PKEY_CTX_new(pkey, NULL);
+ EVP_PKEY_free(pkey);
+ pkey = NULL;
+ if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0
+ || EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+ ERR_R_EVP_LIB);
+ goto err;
+ }
+ if (EVP_PKEY_encrypt(pctx, p, &enclen, pms, pmslen) <= 0) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+ SSL_R_BAD_RSA_ENCRYPT);
+ goto err;
+ }
+ n = enclen;
+ EVP_PKEY_CTX_free(pctx);
+ pctx = NULL;
# ifdef PKCS1_CHECK
if (s->options & SSL_OP_PKCS1_CHECK_1)
p[1]++;
if (s->options & SSL_OP_PKCS1_CHECK_2)
tmp_buf[0] = 0x70;
# endif
- if (n <= 0) {
- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
- SSL_R_BAD_RSA_ENCRYPT);
- goto err;
- }
/* Fix buf for TLS and beyond */
if (s->version > SSL3_VERSION) {
@@ -2655,6 +2665,9 @@ psk_err:
err:
OPENSSL_clear_free(pms, pmslen);
s->s3->tmp.pms = NULL;
+#ifndef OPENSSL_NO_RSA
+ EVP_PKEY_CTX_free(pctx);
+#endif
#ifndef OPENSSL_NO_EC
OPENSSL_free(encodedPoint);
#endif
More information about the openssl-commits
mailing list