summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/tls13_client.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 477cca2e04..20b3038b93 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_client.c,v 1.31 2020/01/23 07:30:55 beck Exp $ */ 1/* $OpenBSD: tls13_client.c,v 1.32 2020/01/23 11:06:59 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -656,17 +656,20 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
656 if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) 656 if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))
657 goto err; 657 goto err;
658 } 658 }
659 if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) 659 if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) {
660 ctx->alert = TLS1_AD_DECRYPT_ERROR;
660 goto err; 661 goto err;
662 }
661 if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature), 663 if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature),
662 CBS_len(&signature)) <= 0) { 664 CBS_len(&signature)) <= 0) {
665 ctx->alert = TLS1_AD_DECRYPT_ERROR;
663 goto err; 666 goto err;
664 } 667 }
665 668
666 ret = 1; 669 ret = 1;
667 670
668 err: 671 err:
669 if (!ret) 672 if (!ret && ctx->alert == 0)
670 ctx->alert = TLS1_AD_DECODE_ERROR; 673 ctx->alert = TLS1_AD_DECODE_ERROR;
671 CBB_cleanup(&cbb); 674 CBB_cleanup(&cbb);
672 EVP_MD_CTX_free(mdctx); 675 EVP_MD_CTX_free(mdctx);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 17:33:30 +0000