diff options
Diffstat (limited to '')
-rw-r--r-- | src/lib/libssl/tls13_client.c | 16 |
1 files changed, 5 insertions, 11 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 3555ebadd1..053cf1689b 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: tls13_client.c,v 1.101 2022/11/26 16:08:56 tb Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.102 2023/06/10 15:34:36 tb Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
4 | * | 4 | * |
@@ -688,12 +688,8 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
688 | if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) | 688 | if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) |
689 | goto err; | 689 | goto err; |
690 | } | 690 | } |
691 | if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) { | 691 | if (EVP_DigestVerify(mdctx, CBS_data(&signature), CBS_len(&signature), |
692 | ctx->alert = TLS13_ALERT_DECRYPT_ERROR; | 692 | sig_content, sig_content_len) <= 0) { |
693 | goto err; | ||
694 | } | ||
695 | if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature), | ||
696 | CBS_len(&signature)) <= 0) { | ||
697 | ctx->alert = TLS13_ALERT_DECRYPT_ERROR; | 693 | ctx->alert = TLS13_ALERT_DECRYPT_ERROR; |
698 | goto err; | 694 | goto err; |
699 | } | 695 | } |
@@ -956,13 +952,11 @@ tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) | |||
956 | if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) | 952 | if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) |
957 | goto err; | 953 | goto err; |
958 | } | 954 | } |
959 | if (!EVP_DigestSignUpdate(mdctx, sig_content, sig_content_len)) | 955 | if (!EVP_DigestSign(mdctx, NULL, &sig_len, sig_content, sig_content_len)) |
960 | goto err; | ||
961 | if (EVP_DigestSignFinal(mdctx, NULL, &sig_len) <= 0) | ||
962 | goto err; | 956 | goto err; |
963 | if ((sig = calloc(1, sig_len)) == NULL) | 957 | if ((sig = calloc(1, sig_len)) == NULL) |
964 | goto err; | 958 | goto err; |
965 | if (EVP_DigestSignFinal(mdctx, sig, &sig_len) <= 0) | 959 | if (!EVP_DigestSign(mdctx, sig, &sig_len, sig_content, sig_content_len)) |
966 | goto err; | 960 | goto err; |
967 | 961 | ||
968 | if (!CBB_add_u16(cbb, sigalg->value)) | 962 | if (!CBB_add_u16(cbb, sigalg->value)) |