summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_client.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/tls13_client.c16
1 files changed, 5 insertions, 11 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 3555ebadd1..053cf1689b 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_client.c,v 1.101 2022/11/26 16:08:56 tb Exp $ */ 1/* $OpenBSD: tls13_client.c,v 1.102 2023/06/10 15:34:36 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -688,12 +688,8 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
688 if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) 688 if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))
689 goto err; 689 goto err;
690 } 690 }
691 if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) { 691 if (EVP_DigestVerify(mdctx, CBS_data(&signature), CBS_len(&signature),
692 ctx->alert = TLS13_ALERT_DECRYPT_ERROR; 692 sig_content, sig_content_len) <= 0) {
693 goto err;
694 }
695 if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature),
696 CBS_len(&signature)) <= 0) {
697 ctx->alert = TLS13_ALERT_DECRYPT_ERROR; 693 ctx->alert = TLS13_ALERT_DECRYPT_ERROR;
698 goto err; 694 goto err;
699 } 695 }
@@ -956,13 +952,11 @@ tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
956 if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) 952 if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))
957 goto err; 953 goto err;
958 } 954 }
959 if (!EVP_DigestSignUpdate(mdctx, sig_content, sig_content_len)) 955 if (!EVP_DigestSign(mdctx, NULL, &sig_len, sig_content, sig_content_len))
960 goto err;
961 if (EVP_DigestSignFinal(mdctx, NULL, &sig_len) <= 0)
962 goto err; 956 goto err;
963 if ((sig = calloc(1, sig_len)) == NULL) 957 if ((sig = calloc(1, sig_len)) == NULL)
964 goto err; 958 goto err;
965 if (EVP_DigestSignFinal(mdctx, sig, &sig_len) <= 0) 959 if (!EVP_DigestSign(mdctx, sig, &sig_len, sig_content, sig_content_len))
966 goto err; 960 goto err;
967 961
968 if (!CBB_add_u16(cbb, sigalg->value)) 962 if (!CBB_add_u16(cbb, sigalg->value))