diff options
| author | tb <> | 2023-06-11 18:50:51 +0000 |
|---|---|---|
| committer | tb <> | 2023-06-11 18:50:51 +0000 |
| commit | 9ca5a491a6bf2cf73c12da0cc924a6a0c445f762 (patch) | |
| tree | bd4972fced29b40abe4d731797b2dd209c2d8690 | |
| parent | e823b1655147ecdfc3662b823286cabd808805e0 (diff) | |
| download | openbsd-9ca5a491a6bf2cf73c12da0cc924a6a0c445f762.tar.gz openbsd-9ca5a491a6bf2cf73c12da0cc924a6a0c445f762.tar.bz2 openbsd-9ca5a491a6bf2cf73c12da0cc924a6a0c445f762.zip | |
Easy EVP_Digest{Sign,Verify} conversions for legacy stack
Convert ssl3_send_client_verify_{sigalgs,gost}() to EVP_DigestSign() and
ssl3_get_cert_verify() to EVP_DigestVerify().
ok jsing
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 20 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 11 |
2 files changed, 8 insertions, 23 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index c721aede4e..2ab90b5c37 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.158 2022/12/26 07:31:44 jmc Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.159 2023/06/11 18:50:51 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2125,12 +2125,7 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey, | |||
| 2125 | SSLerror(s, ERR_R_EVP_LIB); | 2125 | SSLerror(s, ERR_R_EVP_LIB); |
| 2126 | goto err; | 2126 | goto err; |
| 2127 | } | 2127 | } |
| 2128 | if (!EVP_DigestSignUpdate(mctx, hdata, hdata_len)) { | 2128 | if (!EVP_DigestSign(mctx, NULL, &signature_len, hdata, hdata_len)) { |
| 2129 | SSLerror(s, ERR_R_EVP_LIB); | ||
| 2130 | goto err; | ||
| 2131 | } | ||
| 2132 | if (!EVP_DigestSignFinal(mctx, NULL, &signature_len) || | ||
| 2133 | signature_len == 0) { | ||
| 2134 | SSLerror(s, ERR_R_EVP_LIB); | 2129 | SSLerror(s, ERR_R_EVP_LIB); |
| 2135 | goto err; | 2130 | goto err; |
| 2136 | } | 2131 | } |
| @@ -2138,7 +2133,7 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey, | |||
| 2138 | SSLerror(s, ERR_R_MALLOC_FAILURE); | 2133 | SSLerror(s, ERR_R_MALLOC_FAILURE); |
| 2139 | goto err; | 2134 | goto err; |
| 2140 | } | 2135 | } |
| 2141 | if (!EVP_DigestSignFinal(mctx, signature, &signature_len)) { | 2136 | if (!EVP_DigestSign(mctx, signature, &signature_len, hdata, hdata_len)) { |
| 2142 | SSLerror(s, ERR_R_EVP_LIB); | 2137 | SSLerror(s, ERR_R_EVP_LIB); |
| 2143 | goto err; | 2138 | goto err; |
| 2144 | } | 2139 | } |
| @@ -2267,12 +2262,7 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) | |||
| 2267 | SSLerror(s, ERR_R_EVP_LIB); | 2262 | SSLerror(s, ERR_R_EVP_LIB); |
| 2268 | goto err; | 2263 | goto err; |
| 2269 | } | 2264 | } |
| 2270 | if (!EVP_DigestSignUpdate(mctx, hdata, hdata_len)) { | 2265 | if (!EVP_DigestSign(mctx, NULL, &signature_len, hdata, hdata_len)) { |
| 2271 | SSLerror(s, ERR_R_EVP_LIB); | ||
| 2272 | goto err; | ||
| 2273 | } | ||
| 2274 | if (!EVP_DigestSignFinal(mctx, NULL, &signature_len) || | ||
| 2275 | signature_len == 0) { | ||
| 2276 | SSLerror(s, ERR_R_EVP_LIB); | 2266 | SSLerror(s, ERR_R_EVP_LIB); |
| 2277 | goto err; | 2267 | goto err; |
| 2278 | } | 2268 | } |
| @@ -2280,7 +2270,7 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) | |||
| 2280 | SSLerror(s, ERR_R_MALLOC_FAILURE); | 2270 | SSLerror(s, ERR_R_MALLOC_FAILURE); |
| 2281 | goto err; | 2271 | goto err; |
| 2282 | } | 2272 | } |
| 2283 | if (!EVP_DigestSignFinal(mctx, signature, &signature_len)) { | 2273 | if (!EVP_DigestSign(mctx, signature, &signature_len, hdata, hdata_len)) { |
| 2284 | SSLerror(s, ERR_R_EVP_LIB); | 2274 | SSLerror(s, ERR_R_EVP_LIB); |
| 2285 | goto err; | 2275 | goto err; |
| 2286 | } | 2276 | } |
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 556107f5a1..d0814a8455 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.153 2022/12/26 07:31:44 jmc Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.154 2023/06/11 18:50:51 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2049,17 +2049,12 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2049 | al = SSL_AD_INTERNAL_ERROR; | 2049 | al = SSL_AD_INTERNAL_ERROR; |
| 2050 | goto fatal_err; | 2050 | goto fatal_err; |
| 2051 | } | 2051 | } |
| 2052 | if (!EVP_DigestVerifyUpdate(mctx, hdata, hdatalen)) { | 2052 | if (EVP_DigestVerify(mctx, CBS_data(&signature), |
| 2053 | CBS_len(&signature), hdata, hdatalen) <= 0) { | ||
| 2053 | SSLerror(s, ERR_R_EVP_LIB); | 2054 | SSLerror(s, ERR_R_EVP_LIB); |
| 2054 | al = SSL_AD_INTERNAL_ERROR; | 2055 | al = SSL_AD_INTERNAL_ERROR; |
| 2055 | goto fatal_err; | 2056 | goto fatal_err; |
| 2056 | } | 2057 | } |
| 2057 | if (EVP_DigestVerifyFinal(mctx, CBS_data(&signature), | ||
| 2058 | CBS_len(&signature)) <= 0) { | ||
| 2059 | al = SSL_AD_DECRYPT_ERROR; | ||
| 2060 | SSLerror(s, SSL_R_BAD_SIGNATURE); | ||
| 2061 | goto fatal_err; | ||
| 2062 | } | ||
| 2063 | } else if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) { | 2058 | } else if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) { |
| 2064 | RSA *rsa; | 2059 | RSA *rsa; |
| 2065 | 2060 | ||