From 80a887b44157abe3cab06efedcbae8777a087b2f Mon Sep 17 00:00:00 2001 From: tb Date: Sun, 11 Jun 2023 18:50:51 +0000 Subject: [PATCH] Easy EVP_Digest{Sign,Verify} conversions for legacy stack Convert ssl3_send_client_verify_{sigalgs,gost}() to EVP_DigestSign() and ssl3_get_cert_verify() to EVP_DigestVerify(). ok jsing --- lib/libssl/ssl_clnt.c | 20 +++++--------------- lib/libssl/ssl_srvr.c | 11 +++-------- 2 files changed, 8 insertions(+), 23 deletions(-) diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index c721aede4ec..2ab90b5c37b 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.158 2022/12/26 07:31:44 jmc Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.159 2023/06/11 18:50:51 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2125,12 +2125,7 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey, SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestSignUpdate(mctx, hdata, hdata_len)) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } - if (!EVP_DigestSignFinal(mctx, NULL, &signature_len) || - signature_len == 0) { + if (!EVP_DigestSign(mctx, NULL, &signature_len, hdata, hdata_len)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -2138,7 +2133,7 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey, SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - if (!EVP_DigestSignFinal(mctx, signature, &signature_len)) { + if (!EVP_DigestSign(mctx, signature, &signature_len, hdata, hdata_len)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -2267,12 +2262,7 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestSignUpdate(mctx, hdata, hdata_len)) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } - if (!EVP_DigestSignFinal(mctx, NULL, &signature_len) || - signature_len == 0) { + if (!EVP_DigestSign(mctx, NULL, &signature_len, hdata, hdata_len)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -2280,7 +2270,7 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - if (!EVP_DigestSignFinal(mctx, signature, &signature_len)) { + if (!EVP_DigestSign(mctx, signature, &signature_len, hdata, hdata_len)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 556107f5a10..d0814a8455e 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.153 2022/12/26 07:31:44 jmc Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.154 2023/06/11 18:50:51 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2049,17 +2049,12 @@ ssl3_get_cert_verify(SSL *s) al = SSL_AD_INTERNAL_ERROR; goto fatal_err; } - if (!EVP_DigestVerifyUpdate(mctx, hdata, hdatalen)) { + if (EVP_DigestVerify(mctx, CBS_data(&signature), + CBS_len(&signature), hdata, hdatalen) <= 0) { SSLerror(s, ERR_R_EVP_LIB); al = SSL_AD_INTERNAL_ERROR; goto fatal_err; } - if (EVP_DigestVerifyFinal(mctx, CBS_data(&signature), - CBS_len(&signature)) <= 0) { - al = SSL_AD_DECRYPT_ERROR; - SSLerror(s, SSL_R_BAD_SIGNATURE); - goto fatal_err; - } } else if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) { RSA *rsa; -- 2.20.1