1 files changed, 14 insertions, 8 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 8dd30e87fb..1cdbf86c50 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.10 2017/03/05 14:39:53 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.11 2017/03/10 16:03:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2354,13 +2354,21 @@ ssl3_send_client_verify(SSL *s)
                pkey = s->cert->key->privatekey;
                pctx = EVP_PKEY_CTX_new(pkey, NULL);
                EVP_PKEY_sign_init(pctx);
-                if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
-                        if (!SSL_USE_SIGALGS(s))
+                /* XXX - is this needed? */
-                                tls1_cert_verify_mac(s,
+                if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) <= 0)
-                                    NID_sha1, &(data[MD5_DIGEST_LENGTH]));
-                } else {
                        ERR_clear_error();
+                if (!SSL_USE_SIGALGS(s)) {
+                        if (S3I(s)->handshake_buffer) {
+                                if (!tls1_digest_cached_records(s))
+                                        goto err;
+                        }
+                        if (!tls1_handshake_hash_value(s, data, sizeof(data),
+                            NULL))
+                                goto err;
                }
                /*
                 * For TLS v1.2 send signature algorithm and signature
                 * using agreed digest and cached handshake records.
@@ -2388,8 +2396,6 @@ ssl3_send_client_verify(SSL *s)
                        if (!tls1_digest_cached_records(s))
                                goto err;
                } else if (pkey->type == EVP_PKEY_RSA) {
-                        tls1_cert_verify_mac(
-                            s, NID_md5, &(data[0]));
                        if (RSA_sign(NID_md5_sha1, data,
                            MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),
                            &u, pkey->pkey.rsa) <= 0 ) {

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 8dd30e87fb..1cdbf86c50 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.10 2017/03/05 14:39:53 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.11 2017/03/10 16:03:27 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2354,13 +2354,21 @@ ssl3_send_client_verify(SSL *s)
2354	pkey = s->cert->key->privatekey;	2354	pkey = s->cert->key->privatekey;
2355	pctx = EVP_PKEY_CTX_new(pkey, NULL);	2355	pctx = EVP_PKEY_CTX_new(pkey, NULL);
2356	EVP_PKEY_sign_init(pctx);	2356	EVP_PKEY_sign_init(pctx);
2357	if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {	2357
2358	if (!SSL_USE_SIGALGS(s))	2358	/* XXX - is this needed? */
2359	tls1_cert_verify_mac(s,	2359	if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) <= 0)
2360	NID_sha1, &(data[MD5_DIGEST_LENGTH]));
2361	} else {
2362	ERR_clear_error();	2360	ERR_clear_error();
		2361
		2362	if (!SSL_USE_SIGALGS(s)) {
		2363	if (S3I(s)->handshake_buffer) {
		2364	if (!tls1_digest_cached_records(s))
		2365	goto err;
		2366	}
		2367	if (!tls1_handshake_hash_value(s, data, sizeof(data),
		2368	NULL))
		2369	goto err;
2363	}	2370	}
		2371
2364	/*	2372	/*
2365	* For TLS v1.2 send signature algorithm and signature	2373	* For TLS v1.2 send signature algorithm and signature
2366	* using agreed digest and cached handshake records.	2374	* using agreed digest and cached handshake records.
@@ -2388,8 +2396,6 @@ ssl3_send_client_verify(SSL *s)
2388	if (!tls1_digest_cached_records(s))	2396	if (!tls1_digest_cached_records(s))
2389	goto err;	2397	goto err;
2390	} else if (pkey->type == EVP_PKEY_RSA) {	2398	} else if (pkey->type == EVP_PKEY_RSA) {
2391	tls1_cert_verify_mac(
2392	s, NID_md5, &(data[0]));
2393	if (RSA_sign(NID_md5_sha1, data,	2399	if (RSA_sign(NID_md5_sha1, data,
2394	MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),	2400	MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),
2395	&u, pkey->pkey.rsa) <= 0 ) {	2401	&u, pkey->pkey.rsa) <= 0 ) {