diff options
| author | beck <> | 2018-11-16 21:07:20 +0000 |
|---|---|---|
| committer | beck <> | 2018-11-16 21:07:20 +0000 |
| commit | cfa0592684c490f4f99b26ec631f6af09b5b8702 (patch) | |
| tree | 8c0ce9a22959ffc89ff13abe491a3208007e65e8 /src | |
| parent | 69bf77d3b518cd8ed78eef6ac0fe903148c8fa95 (diff) | |
| download | openbsd-cfa0592684c490f4f99b26ec631f6af09b5b8702.tar.gz openbsd-cfa0592684c490f4f99b26ec631f6af09b5b8702.tar.bz2 openbsd-cfa0592684c490f4f99b26ec631f6af09b5b8702.zip | |
Fix DTLS. Because the DTLS code is strange. I am really coming around to
joel's line of thinking about it
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 2f9724f99f..8a29a78f37 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.45 2018/11/16 02:41:16 beck Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.46 2018/11/16 21:07:20 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1533,7 +1533,10 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1533 | goto f_err; | 1533 | goto f_err; |
| 1534 | } | 1534 | } |
| 1535 | } else if (pkey->type == EVP_PKEY_RSA) { | 1535 | } else if (pkey->type == EVP_PKEY_RSA) { |
| 1536 | sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); | 1536 | if (SSL_IS_DTLS(s)) |
| 1537 | sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); | ||
| 1538 | else | ||
| 1539 | sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); | ||
| 1537 | } else if (pkey->type == EVP_PKEY_EC) { | 1540 | } else if (pkey->type == EVP_PKEY_EC) { |
| 1538 | sigalg = ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); | 1541 | sigalg = ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); |
| 1539 | } else { | 1542 | } else { |
| @@ -1541,7 +1544,6 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1541 | al = SSL_AD_DECODE_ERROR; | 1544 | al = SSL_AD_DECODE_ERROR; |
| 1542 | goto f_err; | 1545 | goto f_err; |
| 1543 | } | 1546 | } |
| 1544 | md = sigalg->md(); | ||
| 1545 | 1547 | ||
| 1546 | if (!CBS_get_u16_length_prefixed(&cbs, &signature)) | 1548 | if (!CBS_get_u16_length_prefixed(&cbs, &signature)) |
| 1547 | goto truncated; | 1549 | goto truncated; |