Easy EVP_Digest{Sign,Verify} conversions for legacy stack

Convert ssl3_send_client_verify_{sigalgs,gost}() to EVP_DigestSign() and
ssl3_get_cert_verify() to EVP_DigestVerify().

ok jsing

1 files changed, 3 insertions, 8 deletions

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 556107f5a1..d0814a8455 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.153 2022/12/26 07:31:44 jmc Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.154 2023/06/11 18:50:51 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2049,17 +2049,12 @@ ssl3_get_cert_verify(SSL *s)
                         al = SSL_AD_INTERNAL_ERROR;
                         goto fatal_err;
                 }
-                if (!EVP_DigestVerifyUpdate(mctx, hdata, hdatalen)) {
+                if (EVP_DigestVerify(mctx, CBS_data(&signature),
+                    CBS_len(&signature), hdata, hdatalen) <= 0) {
                         SSLerror(s, ERR_R_EVP_LIB);
                         al = SSL_AD_INTERNAL_ERROR;
                         goto fatal_err;
                 }
-                if (EVP_DigestVerifyFinal(mctx, CBS_data(&signature),
-                    CBS_len(&signature)) <= 0) {
-                        al = SSL_AD_DECRYPT_ERROR;
-                        SSLerror(s, SSL_R_BAD_SIGNATURE);
-                        goto fatal_err;
-                }
         } else if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
                 RSA *rsa;