diff options
| author | tb <> | 2023-06-10 15:34:36 +0000 |
|---|---|---|
| committer | tb <> | 2023-06-10 15:34:36 +0000 |
| commit | c6775209edf6efcc569187bf0a3962ec2cb890a7 (patch) | |
| tree | 21d70bef9b7aa0b3bee4a21d86ddc42c67815288 /src/lib/libssl/tls13_client.c | |
| parent | e28be516a5ec2bcb345bd7d8a50f3aebe9fd714c (diff) | |
| download | openbsd-c6775209edf6efcc569187bf0a3962ec2cb890a7.tar.gz openbsd-c6775209edf6efcc569187bf0a3962ec2cb890a7.tar.bz2 openbsd-c6775209edf6efcc569187bf0a3962ec2cb890a7.zip | |
Convert EVP_Digest{Sign,Verify}* to one-shot for TLSv1.3
Using one-shot EVP_DigestSign() and EVP_DigestVerify() is slightly shorter
and is needed for Ed25519 support.
ok jsing
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/tls13_client.c | 16 |
1 files changed, 5 insertions, 11 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 3555ebadd1..053cf1689b 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_client.c,v 1.101 2022/11/26 16:08:56 tb Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.102 2023/06/10 15:34:36 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -688,12 +688,8 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 688 | if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) | 688 | if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) |
| 689 | goto err; | 689 | goto err; |
| 690 | } | 690 | } |
| 691 | if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) { | 691 | if (EVP_DigestVerify(mdctx, CBS_data(&signature), CBS_len(&signature), |
| 692 | ctx->alert = TLS13_ALERT_DECRYPT_ERROR; | 692 | sig_content, sig_content_len) <= 0) { |
| 693 | goto err; | ||
| 694 | } | ||
| 695 | if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature), | ||
| 696 | CBS_len(&signature)) <= 0) { | ||
| 697 | ctx->alert = TLS13_ALERT_DECRYPT_ERROR; | 693 | ctx->alert = TLS13_ALERT_DECRYPT_ERROR; |
| 698 | goto err; | 694 | goto err; |
| 699 | } | 695 | } |
| @@ -956,13 +952,11 @@ tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) | |||
| 956 | if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) | 952 | if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) |
| 957 | goto err; | 953 | goto err; |
| 958 | } | 954 | } |
| 959 | if (!EVP_DigestSignUpdate(mdctx, sig_content, sig_content_len)) | 955 | if (!EVP_DigestSign(mdctx, NULL, &sig_len, sig_content, sig_content_len)) |
| 960 | goto err; | ||
| 961 | if (EVP_DigestSignFinal(mdctx, NULL, &sig_len) <= 0) | ||
| 962 | goto err; | 956 | goto err; |
| 963 | if ((sig = calloc(1, sig_len)) == NULL) | 957 | if ((sig = calloc(1, sig_len)) == NULL) |
| 964 | goto err; | 958 | goto err; |
| 965 | if (EVP_DigestSignFinal(mdctx, sig, &sig_len) <= 0) | 959 | if (!EVP_DigestSign(mdctx, sig, &sig_len, sig_content, sig_content_len)) |
| 966 | goto err; | 960 | goto err; |
| 967 | 961 | ||
| 968 | if (!CBB_add_u16(cbb, sigalg->value)) | 962 | if (!CBB_add_u16(cbb, sigalg->value)) |