Fix DTLS. Because the DTLS code is strange. I am really coming around to

joel's line of thinking about it
author: beck <beck@openbsd.org> 2018-11-16 21:07:20 +0000
committer: beck <beck@openbsd.org> 2018-11-16 21:07:20 +0000
commit: ff0320ea97bb8b2f187618c5580b0c41b76faf56 (patch)
tree: 58200a127da20da5ed8caa76293d6b2b86f89007 /lib/libssl/ssl_clnt.c
parent: add missing imsg names (diff)
download: wireguard-openbsd-ff0320ea97bb8b2f187618c5580b0c41b76faf56.tar.xz
wireguard-openbsd-ff0320ea97bb8b2f187618c5580b0c41b76faf56.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 2f9724f99f4..8a29a78f376 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.45 2018/11/16 02:41:16 beck Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.46 2018/11/16 21:07:20 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1533,7 +1533,10 @@ ssl3_get_server_key_exchange(SSL *s)
 				goto f_err;
 			}
 		} else if (pkey->type == EVP_PKEY_RSA) {
-			sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
+			if (SSL_IS_DTLS(s))
+				sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
+			else
+				sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
 		} else if (pkey->type == EVP_PKEY_EC) {
 			sigalg = ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
 		} else {
@@ -1541,7 +1544,6 @@ ssl3_get_server_key_exchange(SSL *s)
 			al = SSL_AD_DECODE_ERROR;
 			goto f_err;
 		}
-		md = sigalg->md();
 
 		if (!CBS_get_u16_length_prefixed(&cbs, &signature))
 			goto truncated;
author	beck <beck@openbsd.org>	2018-11-16 21:07:20 +0000
committer	beck <beck@openbsd.org>	2018-11-16 21:07:20 +0000
commit	ff0320ea97bb8b2f187618c5580b0c41b76faf56 (patch)
tree	58200a127da20da5ed8caa76293d6b2b86f89007 /lib/libssl/ssl_clnt.c
parent	add missing imsg names (diff)
download	wireguard-openbsd-ff0320ea97bb8b2f187618c5580b0c41b76faf56.tar.xz wireguard-openbsd-ff0320ea97bb8b2f187618c5580b0c41b76faf56.zip