diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-09-18 22:37:44 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-09-18 22:37:44 +0000 |
commit | 1c80019a2c8f59410552197723829fd72ab45a5e (patch) | |
tree | e78f00fb8637de56d6dc390c9d5a239b494ab830 /ssl | |
parent | 090d848ea89b112587cf2e5b26acfaaae6bf79c2 (diff) |
Add new sign and verify members to RSA_METHOD and change SSL code to use sign
and verify rather than direct encrypt/decrypt.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_clnt.c | 16 | ||||
-rw-r--r-- | ssl/s3_srvr.c | 13 |
2 files changed, 13 insertions, 16 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index d3e6b4d1e5..31a8535bb0 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1053,15 +1053,15 @@ static int ssl3_get_key_exchange(SSL *s) q+=i; j+=i; } - i=RSA_public_decrypt((int)n,p,p,pkey->pkey.rsa, - RSA_PKCS1_PADDING); - if (i <= 0) + i=RSA_verify(NID_md5_sha1, md_buf, j, p, n, + pkey->pkey.rsa); + if (i < 0) { al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); goto f_err; } - if ((j != i) || (memcmp(p,md_buf,i) != 0)) + if (i == 0) { /* bad signature */ al=SSL_AD_DECRYPT_ERROR; @@ -1481,11 +1481,9 @@ static int ssl3_send_client_verify(SSL *s) { s->method->ssl3_enc->cert_verify_mac(s, &(s->s3->finish_dgst1),&(data[0])); - i=RSA_private_encrypt( - MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, - data,&(p[2]),pkey->pkey.rsa, - RSA_PKCS1_PADDING); - if (i <= 0) + if (RSA_sign(NID_md5_sha1, data, + MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, + &(p[2]), &i, pkey->pkey.rsa) <= 0 ) { SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB); goto err; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 0cefa09d2f..d722ff3860 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1026,9 +1026,8 @@ static int ssl3_send_server_key_exchange(SSL *s) q+=i; j+=i; } - i=RSA_private_encrypt(j,md_buf,&(p[2]), - pkey->pkey.rsa,RSA_PKCS1_PADDING); - if (i <= 0) + if (RSA_sign(NID_md5_sha1, md_buf, j, + &(p[2]), &i, pkey->pkey.rsa) <= 0) { SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA); goto err; @@ -1449,16 +1448,16 @@ static int ssl3_get_cert_verify(SSL *s) #ifndef NO_RSA if (pkey->type == EVP_PKEY_RSA) { - i=RSA_public_decrypt(i,p,p,pkey->pkey.rsa,RSA_PKCS1_PADDING); + i=RSA_verify(NID_md5_sha1, s->s3->tmp.finish_md, + MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i, + pkey->pkey.rsa); if (i < 0) { al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT); goto f_err; } - if ((i != (MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH)) || - memcmp(&(s->s3->tmp.finish_md[0]),p, - MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH)) + if (i == 0) { al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE); |