artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ae90046)
Correct sigalg hash usage when signing content for client verify.
authorjsing <jsing@openbsd.org>
Wed, 30 Jun 2021 09:59:07 +0000 (09:59 +0000)
committerjsing <jsing@openbsd.org>
Wed, 30 Jun 2021 09:59:07 +0000 (09:59 +0000)
This was inadvertently broken during sigalgs refactoring.

lib/libssl/ssl_clnt.c patch | blob | history

diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 4085fed..8864909 100644 (file)
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.106 2021/06/29 19:56:11 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.107 2021/06/30 09:59:07 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2323,7 +2323,6 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey,
        CBB cbb_signature;
        EVP_PKEY_CTX *pctx = NULL;
        EVP_MD_CTX mctx;
-       const EVP_MD *md;
        const unsigned char *hdata;
        unsigned char *signature = NULL;
        size_t signature_len, hdata_len;
@@ -2335,7 +2334,7 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey,
                SSLerror(s, ERR_R_INTERNAL_ERROR);
                goto err;
        }
-       if (!EVP_DigestSignInit(&mctx, &pctx, md, NULL, pkey)) {
+       if (!EVP_DigestSignInit(&mctx, &pctx, sigalg->md(), NULL, pkey)) {
                SSLerror(s, ERR_R_EVP_LIB);
                goto err;
        }
OpenBSD src
by Ahmet Artu Yildirim