diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2023-06-10 15:34:37 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2023-06-10 15:34:37 +0000 |
commit | 5f3a9388361639352f055ca5f5e1f839cfe26e4e (patch) | |
tree | cddac9d078854caee9eca69d03f0a74e747c83f5 /lib | |
parent | 3afa6ca8315a5c5e39d27b301840e7959e752a2c (diff) |
Convert EVP_Digest{Sign,Verify}* to one-shot for TLSv1.3
Using one-shot EVP_DigestSign() and EVP_DigestVerify() is slightly shorter
and is needed for Ed25519 support.
ok jsing
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libssl/tls13_client.c | 16 | ||||
-rw-r--r-- | lib/libssl/tls13_server.c | 16 |
2 files changed, 10 insertions, 22 deletions
diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c index 3555ebadd19..053cf1689b1 100644 --- a/lib/libssl/tls13_client.c +++ b/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.101 2022/11/26 16:08:56 tb Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.102 2023/06/10 15:34:36 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * @@ -688,12 +688,8 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) goto err; } - if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) { - ctx->alert = TLS13_ALERT_DECRYPT_ERROR; - goto err; - } - if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature), - CBS_len(&signature)) <= 0) { + if (EVP_DigestVerify(mdctx, CBS_data(&signature), CBS_len(&signature), + sig_content, sig_content_len) <= 0) { ctx->alert = TLS13_ALERT_DECRYPT_ERROR; goto err; } @@ -956,13 +952,11 @@ tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) goto err; } - if (!EVP_DigestSignUpdate(mdctx, sig_content, sig_content_len)) - goto err; - if (EVP_DigestSignFinal(mdctx, NULL, &sig_len) <= 0) + if (!EVP_DigestSign(mdctx, NULL, &sig_len, sig_content, sig_content_len)) goto err; if ((sig = calloc(1, sig_len)) == NULL) goto err; - if (EVP_DigestSignFinal(mdctx, sig, &sig_len) <= 0) + if (!EVP_DigestSign(mdctx, sig, &sig_len, sig_content, sig_content_len)) goto err; if (!CBB_add_u16(cbb, sigalg->value)) diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index 75510a90855..dfeb1e01663 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.105 2022/11/26 16:08:56 tb Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.106 2023/06/10 15:34:36 tb Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> * Copyright (c) 2020 Bob Beck <beck@openbsd.org> @@ -754,13 +754,11 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) goto err; } - if (!EVP_DigestSignUpdate(mdctx, sig_content, sig_content_len)) - goto err; - if (EVP_DigestSignFinal(mdctx, NULL, &sig_len) <= 0) + if (!EVP_DigestSign(mdctx, NULL, &sig_len, sig_content, sig_content_len)) goto err; if ((sig = calloc(1, sig_len)) == NULL) goto err; - if (EVP_DigestSignFinal(mdctx, sig, &sig_len) <= 0) + if (!EVP_DigestSign(mdctx, sig, &sig_len, sig_content, sig_content_len)) goto err; if (!CBB_add_u16(cbb, sigalg->value)) @@ -999,12 +997,8 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) goto err; } - if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) { - ctx->alert = TLS13_ALERT_DECRYPT_ERROR; - goto err; - } - if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature), - CBS_len(&signature)) <= 0) { + if (EVP_DigestVerify(mdctx, CBS_data(&signature), CBS_len(&signature), + sig_content, sig_content_len) <= 0) { ctx->alert = TLS13_ALERT_DECRYPT_ERROR; goto err; } |