Fix DTLS, because DTLS still remains a special flower, allows regress to pass

2 files changed, 10 insertions, 4 deletions

diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 57fdbcbced2..00bccf05713 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.47 2018/11/16 21:20:15 beck Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.48 2018/11/17 11:22:43 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1533,7 +1533,10 @@ ssl3_get_server_key_exchange(SSL *s)
 				goto f_err;
 			}
 		} else if (pkey->type == EVP_PKEY_RSA) {
-			sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
+			if (SSL_IS_DTLS(s))
+				sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
+			else
+				sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
 		} else if (pkey->type == EVP_PKEY_EC) {
 			sigalg = ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
 		} else {
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index b69b7cecfec..4ed6a954143 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.194 2018/11/14 17:24:14 mestre Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.195 2018/11/17 11:22:43 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2209,7 +2209,10 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd,
 	sigalg = c->pkeys[idx].sigalg;
 	if (!SSL_USE_SIGALGS(s)) {
 		if (pkey->type == EVP_PKEY_RSA) {
-			sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
+			if (SSL_IS_DTLS(s))
+			    sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
+			else
+			    sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
 		} else if (pkey->type == EVP_PKEY_EC) {
 			sigalg = ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
 		} else {