diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 20 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 18 |
2 files changed, 23 insertions, 15 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index f9cdd8657a..dcd4da3634 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.27 2018/08/10 17:52:35 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.28 2018/08/14 16:19:06 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1553,13 +1553,17 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1553 | goto f_err; | 1553 | goto f_err; |
| 1554 | } | 1554 | } |
| 1555 | 1555 | ||
| 1556 | EVP_VerifyInit_ex(&md_ctx, md, NULL); | 1556 | if (!EVP_VerifyInit_ex(&md_ctx, md, NULL)) |
| 1557 | EVP_VerifyUpdate(&md_ctx, s->s3->client_random, | 1557 | goto err; |
| 1558 | SSL3_RANDOM_SIZE); | 1558 | if (!EVP_VerifyUpdate(&md_ctx, s->s3->client_random, |
| 1559 | EVP_VerifyUpdate(&md_ctx, s->s3->server_random, | 1559 | SSL3_RANDOM_SIZE)) |
| 1560 | SSL3_RANDOM_SIZE); | 1560 | goto err; |
| 1561 | EVP_VerifyUpdate(&md_ctx, param, param_len); | 1561 | if (!EVP_VerifyUpdate(&md_ctx, s->s3->server_random, |
| 1562 | if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) { | 1562 | SSL3_RANDOM_SIZE)) |
| 1563 | goto err; | ||
| 1564 | if (!EVP_VerifyUpdate(&md_ctx, param, param_len)) | ||
| 1565 | goto err; | ||
| 1566 | if (EVP_VerifyFinal(&md_ctx, p, (int)n, pkey) <= 0) { | ||
| 1563 | /* bad signature */ | 1567 | /* bad signature */ |
| 1564 | al = SSL_AD_DECRYPT_ERROR; | 1568 | al = SSL_AD_DECRYPT_ERROR; |
| 1565 | SSLerror(s, SSL_R_BAD_SIGNATURE); | 1569 | SSLerror(s, SSL_R_BAD_SIGNATURE); |
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 3d20f0f900..176a00fb75 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.36 2018/08/10 17:44:16 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.37 2018/08/14 16:19:06 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1589,12 +1589,16 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1589 | } | 1589 | } |
| 1590 | p += 2; | 1590 | p += 2; |
| 1591 | } | 1591 | } |
| 1592 | EVP_SignInit_ex(&md_ctx, md, NULL); | 1592 | if (!EVP_SignInit_ex(&md_ctx, md, NULL)) |
| 1593 | EVP_SignUpdate(&md_ctx, s->s3->client_random, | 1593 | goto err; |
| 1594 | SSL3_RANDOM_SIZE); | 1594 | if (!EVP_SignUpdate(&md_ctx, s->s3->client_random, |
| 1595 | EVP_SignUpdate(&md_ctx, s->s3->server_random, | 1595 | SSL3_RANDOM_SIZE)) |
| 1596 | SSL3_RANDOM_SIZE); | 1596 | goto err; |
| 1597 | EVP_SignUpdate(&md_ctx, d, n); | 1597 | if (!EVP_SignUpdate(&md_ctx, s->s3->server_random, |
| 1598 | SSL3_RANDOM_SIZE)) | ||
| 1599 | goto err; | ||
| 1600 | if (!EVP_SignUpdate(&md_ctx, d, n)) | ||
| 1601 | goto err; | ||
| 1598 | if (!EVP_SignFinal(&md_ctx, &p[2], (unsigned int *)&i, | 1602 | if (!EVP_SignFinal(&md_ctx, &p[2], (unsigned int *)&i, |
| 1599 | pkey)) { | 1603 | pkey)) { |
| 1600 | SSLerror(s, ERR_R_EVP_LIB); | 1604 | SSLerror(s, ERR_R_EVP_LIB); |