diff options
author | steve <steve> | 2010-11-14 13:50:29 +0000 |
---|---|---|
committer | steve <steve> | 2010-11-14 13:50:29 +0000 |
commit | ce36af5e243aa4ecdb6917706a44f33c539a4899 (patch) | |
tree | c6c3cae33977c1c7f4603f01c252ca856221d6f6 | |
parent | 594182cf81b7e5dde065affac9045d40b9205fbd (diff) | |
download | openssl-ce36af5e243aa4ecdb6917706a44f33c539a4899.tar.gz |
Get correct GOST private key instead of just assuming the last one is
correct: this isn't always true if we have more than one certificate.
-rw-r--r-- | ssl/s3_srvr.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 92f73b668..d0921c59f 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2579,12 +2579,19 @@ int ssl3_get_client_key_exchange(SSL *s) { int ret = 0; EVP_PKEY_CTX *pkey_ctx; - EVP_PKEY *client_pub_pkey = NULL; + EVP_PKEY *client_pub_pkey = NULL, *pk = NULL; unsigned char premaster_secret[32], *start; - size_t outlen=32, inlen; + size_t outlen=32, inlen; + unsigned long alg_a; /* Get our certificate private key*/ - pkey_ctx = EVP_PKEY_CTX_new(s->cert->key->privatekey,NULL); + alg_a = s->s3->tmp.new_cipher->algorithm_auth; + if (alg_a & SSL_aGOST94) + pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey; + else if (alg_a & SSL_aGOST01) + pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; + + pkey_ctx = EVP_PKEY_CTX_new(pk,NULL); EVP_PKEY_decrypt_init(pkey_ctx); /* If client certificate is present and is of the same type, maybe * use it for key exchange. Don't mind errors from |