Remove RSA exception when generating server key exchange.

Reviewed-by: Tim Hudson <tjh@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-11-21 04:03:48 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2015-11-24 19:18:44 +0000
commit: e3e11e99cebd2f0cbf0b46cc4200a094a9c4b4eb (patch)
tree: 0ec31d259dbb7bffc10d81fb85745e4b4b5162ed /ssl
parent: 192e4bbbf93d258c94075ad329404212f62337f3 (diff)
1 files changed, 0 insertions, 37 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index ab9b163671..3b83add75a 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1725,11 +1725,7 @@ int tls_construct_server_done(SSL *s)
 int tls_construct_server_key_exchange(SSL *s)
 {
 #ifndef OPENSSL_NO_RSA
-    unsigned char *q;
-    int j, num;
     RSA *rsa;
-    unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
-    unsigned int u;
 #endif
 #ifndef OPENSSL_NO_DH
     DH *dh = NULL, *dhp;
@@ -2103,39 +2099,6 @@ int tls_construct_server_key_exchange(SSL *s)
          * n is the length of the params, they start at &(d[4]) and p
          * points to the space at the end.
          */
-#ifndef OPENSSL_NO_RSA
-        if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {
-            q = md_buf;
-            j = 0;
-            for (num = 2; num > 0; num--) {
-                EVP_MD_CTX_set_flags(&md_ctx,
-                                     EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-                if (EVP_DigestInit_ex(&md_ctx, (num == 2)
-                                      ? s->ctx->md5 : s->ctx->sha1, NULL) <= 0
-                        || EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
-                                            SSL3_RANDOM_SIZE) <= 0
-                        || EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
-                                            SSL3_RANDOM_SIZE) <= 0
-                        || EVP_DigestUpdate(&md_ctx, d, n) <= 0
-                        || EVP_DigestFinal_ex(&md_ctx, q,
-                                              (unsigned int *)&i) <= 0) {
-                    SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
-                           ERR_LIB_EVP);
-                    al = SSL_AD_INTERNAL_ERROR;
-                    goto f_err;
-                }
-                q += i;
-                j += i;
-            }
-            if (RSA_sign(NID_md5_sha1, md_buf, j,
-                         &(p[2]), &u, pkey->pkey.rsa) <= 0) {
-                SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_LIB_RSA);
-                goto err;
-            }
-            s2n(u, p);
-            n += u + 2;
-        } else
-#endif
         if (md) {
             /* send signature algorithm */
             if (SSL_USE_SIGALGS(s)) {
author	Dr. Stephen Henson <steve@openssl.org>	2015-11-21 04:03:48 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2015-11-24 19:18:44 +0000
commit	e3e11e99cebd2f0cbf0b46cc4200a094a9c4b4eb (patch)
tree	0ec31d259dbb7bffc10d81fb85745e4b4b5162ed /ssl
parent	192e4bbbf93d258c94075ad329404212f62337f3 (diff)