Remove the handshake digests and related code, replacing remaining uses

with the handshake hash. For now tls1_digest_cached_records() is retained to release the handshake buffer. ok beck@ inoguchi@
author: jsing <> 2017-03-10 16:03:27 +0000
committer: jsing <> 2017-03-10 16:03:27 +0000
commit: efcbc859d153bd2908ab9c32fb042c03eb84d265 (patch)
tree: 87f5d914b19030ee7a5a08676faeef2fa8269f08 /src/lib/libssl/d1_srvr.c
parent: 1cc414278817073fb56449c3b1ad7386acb12601 (diff)
download: openbsd-efcbc859d153bd2908ab9c32fb042c03eb84d265.tar.gz
openbsd-efcbc859d153bd2908ab9c32fb042c03eb84d265.tar.bz2
openbsd-efcbc859d153bd2908ab9c32fb042c03eb84d265.zip
1 files changed, 18 insertions, 8 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 508e131730..605f0a59ad 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.85 2017/03/05 14:24:12 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.86 2017/03/10 16:03:27 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -519,13 +519,23 @@ dtls1_accept(SSL *s)
                                s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
                                s->internal->init_num = 0;
-                                /* We need to get hashes here so if there is
+                                /*
-                                 * a client cert, it can be verified */
+                                 * We need to get hashes here so if there is
-                                tls1_cert_verify_mac(s,
+                                 * a client cert, it can be verified.
-                                    NID_md5, &(S3I(s)->tmp.cert_verify_md[0]));
+                                 */
-                                tls1_cert_verify_mac(s,
+                                if (S3I(s)->handshake_buffer) {
-                                    NID_sha1,
+                                        if (!tls1_digest_cached_records(s)) {
-                                    &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
+                                                ret = -1;
+                                                goto end;
+                                        }
+                                }
+                                if (!tls1_handshake_hash_value(s,
+                                    S3I(s)->tmp.cert_verify_md,
+                                    sizeof(S3I(s)->tmp.cert_verify_md),
+                                    NULL)) {
+                                        ret = -1;
+                                        goto end;
+                                }
                        }
                        break;
author	jsing <>	2017-03-10 16:03:27 +0000
committer	jsing <>	2017-03-10 16:03:27 +0000
commit	efcbc859d153bd2908ab9c32fb042c03eb84d265 (patch)
tree	87f5d914b19030ee7a5a08676faeef2fa8269f08 /src/lib/libssl/d1_srvr.c
parent	1cc414278817073fb56449c3b1ad7386acb12601 (diff)
download	openbsd-efcbc859d153bd2908ab9c32fb042c03eb84d265.tar.gz openbsd-efcbc859d153bd2908ab9c32fb042c03eb84d265.tar.bz2 openbsd-efcbc859d153bd2908ab9c32fb042c03eb84d265.zip