diff options
Diffstat (limited to '')
-rw-r--r-- | src/lib/libssl/tls13_server.c | 16 |
1 files changed, 5 insertions, 11 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 75510a9085..dfeb1e0166 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: tls13_server.c,v 1.105 2022/11/26 16:08:56 tb Exp $ */ | 1 | /* $OpenBSD: tls13_server.c,v 1.106 2023/06/10 15:34:36 tb Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> |
4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> |
@@ -754,13 +754,11 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) | |||
754 | if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) | 754 | if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) |
755 | goto err; | 755 | goto err; |
756 | } | 756 | } |
757 | if (!EVP_DigestSignUpdate(mdctx, sig_content, sig_content_len)) | 757 | if (!EVP_DigestSign(mdctx, NULL, &sig_len, sig_content, sig_content_len)) |
758 | goto err; | ||
759 | if (EVP_DigestSignFinal(mdctx, NULL, &sig_len) <= 0) | ||
760 | goto err; | 758 | goto err; |
761 | if ((sig = calloc(1, sig_len)) == NULL) | 759 | if ((sig = calloc(1, sig_len)) == NULL) |
762 | goto err; | 760 | goto err; |
763 | if (EVP_DigestSignFinal(mdctx, sig, &sig_len) <= 0) | 761 | if (!EVP_DigestSign(mdctx, sig, &sig_len, sig_content, sig_content_len)) |
764 | goto err; | 762 | goto err; |
765 | 763 | ||
766 | if (!CBB_add_u16(cbb, sigalg->value)) | 764 | if (!CBB_add_u16(cbb, sigalg->value)) |
@@ -999,12 +997,8 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
999 | if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) | 997 | if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) |
1000 | goto err; | 998 | goto err; |
1001 | } | 999 | } |
1002 | if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) { | 1000 | if (EVP_DigestVerify(mdctx, CBS_data(&signature), CBS_len(&signature), |
1003 | ctx->alert = TLS13_ALERT_DECRYPT_ERROR; | 1001 | sig_content, sig_content_len) <= 0) { |
1004 | goto err; | ||
1005 | } | ||
1006 | if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature), | ||
1007 | CBS_len(&signature)) <= 0) { | ||
1008 | ctx->alert = TLS13_ALERT_DECRYPT_ERROR; | 1002 | ctx->alert = TLS13_ALERT_DECRYPT_ERROR; |
1009 | goto err; | 1003 | goto err; |
1010 | } | 1004 | } |