summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_client.c
diff options
context:
space:
mode:
authortb <>2023-06-10 15:34:36 +0000
committertb <>2023-06-10 15:34:36 +0000
commiteb0246e144fe40ea036a24f84618aff44aeec499 (patch)
tree21d70bef9b7aa0b3bee4a21d86ddc42c67815288 /src/lib/libssl/tls13_client.c
parent845474be2d49eab2540acf0c233c0f1045cdd2f8 (diff)
downloadopenbsd-eb0246e144fe40ea036a24f84618aff44aeec499.tar.gz
openbsd-eb0246e144fe40ea036a24f84618aff44aeec499.tar.bz2
openbsd-eb0246e144fe40ea036a24f84618aff44aeec499.zip
Convert EVP_Digest{Sign,Verify}* to one-shot for TLSv1.3
Using one-shot EVP_DigestSign() and EVP_DigestVerify() is slightly shorter and is needed for Ed25519 support. ok jsing
Diffstat (limited to 'src/lib/libssl/tls13_client.c')
-rw-r--r--src/lib/libssl/tls13_client.c16
1 files changed, 5 insertions, 11 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 3555ebadd1..053cf1689b 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_client.c,v 1.101 2022/11/26 16:08:56 tb Exp $ */ 1/* $OpenBSD: tls13_client.c,v 1.102 2023/06/10 15:34:36 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -688,12 +688,8 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
688 if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) 688 if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))
689 goto err; 689 goto err;
690 } 690 }
691 if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) { 691 if (EVP_DigestVerify(mdctx, CBS_data(&signature), CBS_len(&signature),
692 ctx->alert = TLS13_ALERT_DECRYPT_ERROR; 692 sig_content, sig_content_len) <= 0) {
693 goto err;
694 }
695 if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature),
696 CBS_len(&signature)) <= 0) {
697 ctx->alert = TLS13_ALERT_DECRYPT_ERROR; 693 ctx->alert = TLS13_ALERT_DECRYPT_ERROR;
698 goto err; 694 goto err;
699 } 695 }
@@ -956,13 +952,11 @@ tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
956 if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) 952 if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))
957 goto err; 953 goto err;
958 } 954 }
959 if (!EVP_DigestSignUpdate(mdctx, sig_content, sig_content_len)) 955 if (!EVP_DigestSign(mdctx, NULL, &sig_len, sig_content, sig_content_len))
960 goto err;
961 if (EVP_DigestSignFinal(mdctx, NULL, &sig_len) <= 0)
962 goto err; 956 goto err;
963 if ((sig = calloc(1, sig_len)) == NULL) 957 if ((sig = calloc(1, sig_len)) == NULL)
964 goto err; 958 goto err;
965 if (EVP_DigestSignFinal(mdctx, sig, &sig_len) <= 0) 959 if (!EVP_DigestSign(mdctx, sig, &sig_len, sig_content, sig_content_len))
966 goto err; 960 goto err;
967 961
968 if (!CBB_add_u16(cbb, sigalg->value)) 962 if (!CBB_add_u16(cbb, sigalg->value))
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-16 05:59:55 +0000