4 files changed, 28 insertions, 39 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index fd78a8e8a5..b026aaaee2 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.31 2018/08/17 16:28:21 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.32 2018/08/19 15:38:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2416,7 +2416,7 @@ ssl3_send_client_verify(SSL *s)
                            &hdata);
                        md = s->cert->key->digest;
                        if (hdatalen <= 0 ||
-                            !tls12_get_sigandhash_cbb(&cert_verify, pkey, md)) {
+                            !tls12_get_hashandsig(&cert_verify, pkey, md)) {
                                SSLerror(s, ERR_R_INTERNAL_ERROR);
                                goto err;
                        }
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index da4bde09f3..8e85f100aa 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.206 2018/08/16 17:49:48 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.207 2018/08/19 15:38:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1282,11 +1282,9 @@ int ssl_check_serverhello_tlsext(SSL *s);
 #define tlsext_tick_md  EVP_sha256
 int tls1_process_ticket(SSL *s, const unsigned char *session_id, int len,
    const unsigned char *limit, SSL_SESSION **ret);
-int tls12_get_sigandhash_cbb(CBB *cbb, const EVP_PKEY *pk,
+int tls12_get_hashid(const EVP_MD *md);
-    const EVP_MD *md);
-int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
-    const EVP_MD *md);
 int tls12_get_sigid(const EVP_PKEY *pk);
+int tls12_get_hashandsig(CBB *cbb, const EVP_PKEY *pk, const EVP_MD *md);
 const EVP_MD *tls12_get_hash(unsigned char hash_alg);
 void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 80c7208c13..01fe647500 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.40 2018/08/19 15:29:26 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.41 2018/08/19 15:38:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1565,8 +1565,7 @@ ssl3_send_server_key_exchange(SSL *s)
                        /* Send signature algorithm. */
                        if (SSL_USE_SIGALGS(s)) {
-                                if (!tls12_get_sigandhash_cbb(&server_kex, pkey,
+                                if (!tls12_get_hashandsig(&server_kex, pkey, md)) {
-                                    md)) {
                                        /* Should never happen */
                                        al = SSL_AD_INTERNAL_ERROR;
                                        SSLerror(s, ERR_R_INTERNAL_ERROR);
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 7f166942f7..1b2e0844fb 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.142 2018/08/16 17:49:48 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.143 2018/08/19 15:38:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1116,51 +1116,43 @@ tls12_find_id(int nid, tls12_lookup *table, size_t tlen)
 }
 int
-tls12_get_sigandhash_cbb(CBB *cbb, const EVP_PKEY *pk, const EVP_MD *md)
+tls12_get_hashid(const EVP_MD *md)
 {
-        unsigned char p[2];
+        if (md == NULL)
+                return -1;
-        if (!tls12_get_sigandhash(p, pk, md))
+        return tls12_find_id(EVP_MD_type(md), tls12_md,
-                return 0;
+            sizeof(tls12_md) / sizeof(tls12_lookup));
+}
-        if (!CBB_add_u8(cbb, p[0]))
+int
-                return 0;
+tls12_get_sigid(const EVP_PKEY *pk)
-        if (!CBB_add_u8(cbb, p[1]))
+{
-                return 0;
+        if (pk == NULL)
+                return -1;
-        return 1;
+        return tls12_find_id(pk->type, tls12_sig,
+            sizeof(tls12_sig) / sizeof(tls12_lookup));
 }
 int
-tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md)
+tls12_get_hashandsig(CBB *cbb, const EVP_PKEY *pk, const EVP_MD *md)
 {
-        int sig_id, md_id;
+        int hash_id, sig_id;
-        if (md == NULL)
+        if ((hash_id = tls12_get_hashid(md)) == -1)
                return 0;
+        if ((sig_id = tls12_get_sigid(pk)) == -1)
-        md_id = tls12_find_id(EVP_MD_type(md), tls12_md,
-            sizeof(tls12_md) / sizeof(tls12_lookup));
-        if (md_id == -1)
                return 0;
-        sig_id = tls12_get_sigid(pk);
+        if (!CBB_add_u8(cbb, hash_id))
-        if (sig_id == -1)
+                return 0;
+        if (!CBB_add_u8(cbb, sig_id))
                return 0;
-        p[0] = (unsigned char)md_id;
-        p[1] = (unsigned char)sig_id;
        return 1;
 }
-int
-tls12_get_sigid(const EVP_PKEY *pk)
-{
-        return tls12_find_id(pk->type, tls12_sig,
-            sizeof(tls12_sig) / sizeof(tls12_lookup));
-}
 const EVP_MD *
 tls12_get_hash(unsigned char hash_alg)
 {

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index fd78a8e8a5..b026aaaee2 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.31 2018/08/17 16:28:21 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.32 2018/08/19 15:38:03 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2416,7 +2416,7 @@ ssl3_send_client_verify(SSL *s)
2416	&hdata);	2416	&hdata);
2417	md = s->cert->key->digest;	2417	md = s->cert->key->digest;
2418	if (hdatalen <= 0 \|\|	2418	if (hdatalen <= 0 \|\|
2419	!tls12_get_sigandhash_cbb(&cert_verify, pkey, md)) {	2419	!tls12_get_hashandsig(&cert_verify, pkey, md)) {
2420	SSLerror(s, ERR_R_INTERNAL_ERROR);	2420	SSLerror(s, ERR_R_INTERNAL_ERROR);
2421	goto err;	2421	goto err;
2422	}	2422	}


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index da4bde09f3..8e85f100aa 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.206 2018/08/16 17:49:48 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.207 2018/08/19 15:38:03 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1282,11 +1282,9 @@ int ssl_check_serverhello_tlsext(SSL *s);
1282	#define tlsext_tick_md EVP_sha256	1282	#define tlsext_tick_md EVP_sha256
1283	int tls1_process_ticket(SSL s, const unsigned char session_id, int len,	1283	int tls1_process_ticket(SSL s, const unsigned char session_id, int len,
1284	const unsigned char limit, SSL_SESSION *ret);	1284	const unsigned char limit, SSL_SESSION *ret);
1285	int tls12_get_sigandhash_cbb(CBB cbb, const EVP_PKEY pk,	1285	int tls12_get_hashid(const EVP_MD *md);
1286	const EVP_MD *md);
1287	int tls12_get_sigandhash(unsigned char p, const EVP_PKEY pk,
1288	const EVP_MD *md);
1289	int tls12_get_sigid(const EVP_PKEY *pk);	1286	int tls12_get_sigid(const EVP_PKEY *pk);
		1287	int tls12_get_hashandsig(CBB cbb, const EVP_PKEY pk, const EVP_MD *md);
1290	const EVP_MD *tls12_get_hash(unsigned char hash_alg);	1288	const EVP_MD *tls12_get_hash(unsigned char hash_alg);
1291		1289
1292	void ssl_clear_hash_ctx(EVP_MD_CTX **hash);	1290	void ssl_clear_hash_ctx(EVP_MD_CTX **hash);


diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 80c7208c13..01fe647500 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.40 2018/08/19 15:29:26 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.41 2018/08/19 15:38:03 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1565,8 +1565,7 @@ ssl3_send_server_key_exchange(SSL *s)
1565		1565
1566	/* Send signature algorithm. */	1566	/* Send signature algorithm. */
1567	if (SSL_USE_SIGALGS(s)) {	1567	if (SSL_USE_SIGALGS(s)) {
1568	if (!tls12_get_sigandhash_cbb(&server_kex, pkey,	1568	if (!tls12_get_hashandsig(&server_kex, pkey, md)) {
1569	md)) {
1570	/* Should never happen */	1569	/* Should never happen */
1571	al = SSL_AD_INTERNAL_ERROR;	1570	al = SSL_AD_INTERNAL_ERROR;
1572	SSLerror(s, ERR_R_INTERNAL_ERROR);	1571	SSLerror(s, ERR_R_INTERNAL_ERROR);


diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 7f166942f7..1b2e0844fb 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.142 2018/08/16 17:49:48 jsing Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.143 2018/08/19 15:38:03 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1116,51 +1116,43 @@ tls12_find_id(int nid, tls12_lookup *table, size_t tlen)
1116	}	1116	}
1117		1117
1118	int	1118	int
1119	tls12_get_sigandhash_cbb(CBB cbb, const EVP_PKEY pk, const EVP_MD *md)	1119	tls12_get_hashid(const EVP_MD *md)
1120	{	1120	{
1121	unsigned char p[2];	1121	if (md == NULL)
		1122	return -1;
1122		1123
1123	if (!tls12_get_sigandhash(p, pk, md))	1124	return tls12_find_id(EVP_MD_type(md), tls12_md,
1124	return 0;	1125	sizeof(tls12_md) / sizeof(tls12_lookup));
		1126	}
1125		1127
1126	if (!CBB_add_u8(cbb, p[0]))	1128	int
1127	return 0;	1129	tls12_get_sigid(const EVP_PKEY *pk)
1128	if (!CBB_add_u8(cbb, p[1]))	1130	{
1129	return 0;	1131	if (pk == NULL)
		1132	return -1;
1130		1133
1131	return 1;	1134	return tls12_find_id(pk->type, tls12_sig,
		1135	sizeof(tls12_sig) / sizeof(tls12_lookup));
1132	}	1136	}
1133		1137
1134	int	1138	int
1135	tls12_get_sigandhash(unsigned char p, const EVP_PKEY pk, const EVP_MD *md)	1139	tls12_get_hashandsig(CBB cbb, const EVP_PKEY pk, const EVP_MD *md)
1136	{	1140	{
1137	int sig_id, md_id;	1141	int hash_id, sig_id;
1138		1142
1139	if (md == NULL)	1143	if ((hash_id = tls12_get_hashid(md)) == -1)
1140	return 0;	1144	return 0;
1141		1145	if ((sig_id = tls12_get_sigid(pk)) == -1)
1142	md_id = tls12_find_id(EVP_MD_type(md), tls12_md,
1143	sizeof(tls12_md) / sizeof(tls12_lookup));
1144	if (md_id == -1)
1145	return 0;	1146	return 0;
1146		1147
1147	sig_id = tls12_get_sigid(pk);	1148	if (!CBB_add_u8(cbb, hash_id))
1148	if (sig_id == -1)	1149	return 0;
		1150	if (!CBB_add_u8(cbb, sig_id))
1149	return 0;	1151	return 0;
1150
1151	p[0] = (unsigned char)md_id;
1152	p[1] = (unsigned char)sig_id;
1153		1152
1154	return 1;	1153	return 1;
1155	}	1154	}
1156		1155
1157	int
1158	tls12_get_sigid(const EVP_PKEY *pk)
1159	{
1160	return tls12_find_id(pk->type, tls12_sig,
1161	sizeof(tls12_sig) / sizeof(tls12_lookup));
1162	}
1163
1164	const EVP_MD *	1156	const EVP_MD *
1165	tls12_get_hash(unsigned char hash_alg)	1157	tls12_get_hash(unsigned char hash_alg)
1166	{	1158	{