Get correct GOST private key instead of just assuming the last one is

correct: this isn't always true if we have more than one certificate.
author: steve <steve> 2010-11-14 13:50:29 +0000
committer: steve <steve> 2010-11-14 13:50:29 +0000
commit: ce36af5e243aa4ecdb6917706a44f33c539a4899 (patch)
tree: c6c3cae33977c1c7f4603f01c252ca856221d6f6
parent: 594182cf81b7e5dde065affac9045d40b9205fbd (diff)
download: openssl-ce36af5e243aa4ecdb6917706a44f33c539a4899.tar.gz
1 files changed, 10 insertions, 3 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 92f73b668..d0921c59f 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2579,12 +2579,19 @@ int ssl3_get_client_key_exchange(SSL *s)
 			{
 			int ret = 0;
 			EVP_PKEY_CTX *pkey_ctx;
-			EVP_PKEY *client_pub_pkey = NULL;
+			EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
 			unsigned char premaster_secret[32], *start;
-			size_t outlen=32, inlen;			
+			size_t outlen=32, inlen;
+			unsigned long alg_a;
 
 			/* Get our certificate private key*/
-			pkey_ctx = EVP_PKEY_CTX_new(s->cert->key->privatekey,NULL);	
+			alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+			if (alg_a & SSL_aGOST94)
+				pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
+			else if (alg_a & SSL_aGOST01)
+				pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
+
+			pkey_ctx = EVP_PKEY_CTX_new(pk,NULL);
 			EVP_PKEY_decrypt_init(pkey_ctx);
 			/* If client certificate is present and is of the same type, maybe
 			 * use it for key exchange.  Don't mind errors from
author	steve <steve>	2010-11-14 13:50:29 +0000
committer	steve <steve>	2010-11-14 13:50:29 +0000
commit	ce36af5e243aa4ecdb6917706a44f33c539a4899 (patch)
tree	c6c3cae33977c1c7f4603f01c252ca856221d6f6
parent	594182cf81b7e5dde065affac9045d40b9205fbd (diff)
download	openssl-ce36af5e243aa4ecdb6917706a44f33c539a4899.tar.gz