summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_server.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/tls13_server.c16
1 files changed, 5 insertions, 11 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 75510a9085..dfeb1e0166 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_server.c,v 1.105 2022/11/26 16:08:56 tb Exp $ */ 1/* $OpenBSD: tls13_server.c,v 1.106 2023/06/10 15:34:36 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -754,13 +754,11 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
754 if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) 754 if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))
755 goto err; 755 goto err;
756 } 756 }
757 if (!EVP_DigestSignUpdate(mdctx, sig_content, sig_content_len)) 757 if (!EVP_DigestSign(mdctx, NULL, &sig_len, sig_content, sig_content_len))
758 goto err;
759 if (EVP_DigestSignFinal(mdctx, NULL, &sig_len) <= 0)
760 goto err; 758 goto err;
761 if ((sig = calloc(1, sig_len)) == NULL) 759 if ((sig = calloc(1, sig_len)) == NULL)
762 goto err; 760 goto err;
763 if (EVP_DigestSignFinal(mdctx, sig, &sig_len) <= 0) 761 if (!EVP_DigestSign(mdctx, sig, &sig_len, sig_content, sig_content_len))
764 goto err; 762 goto err;
765 763
766 if (!CBB_add_u16(cbb, sigalg->value)) 764 if (!CBB_add_u16(cbb, sigalg->value))
@@ -999,12 +997,8 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
999 if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) 997 if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))
1000 goto err; 998 goto err;
1001 } 999 }
1002 if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) { 1000 if (EVP_DigestVerify(mdctx, CBS_data(&signature), CBS_len(&signature),
1003 ctx->alert = TLS13_ALERT_DECRYPT_ERROR; 1001 sig_content, sig_content_len) <= 0) {
1004 goto err;
1005 }
1006 if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature),
1007 CBS_len(&signature)) <= 0) {
1008 ctx->alert = TLS13_ALERT_DECRYPT_ERROR; 1002 ctx->alert = TLS13_ALERT_DECRYPT_ERROR;
1009 goto err; 1003 goto err;
1010 } 1004 }