summaryrefslogtreecommitdiff
path: root/src/ssl/tls13_both.cc
diff options
context:
space:
mode:
Diffstat (limited to 'src/ssl/tls13_both.cc')
-rw-r--r--src/ssl/tls13_both.cc16
1 files changed, 6 insertions, 10 deletions
diff --git a/src/ssl/tls13_both.cc b/src/ssl/tls13_both.cc
index ba5719fd..1a49e4c2 100644
--- a/src/ssl/tls13_both.cc
+++ b/src/ssl/tls13_both.cc
@@ -370,13 +370,8 @@ bool tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg)
return false;
}
- bool sig_ok = ssl_public_key_verify(ssl, signature, signature_algorithm,
- hs->peer_pubkey.get(), input);
-#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
- sig_ok = true;
- ERR_clear_error();
-#endif
- if (!sig_ok) {
+ if (!ssl_public_key_verify(ssl, signature, signature_algorithm,
+ hs->peer_pubkey.get(), input)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
return false;
@@ -488,15 +483,16 @@ bool tls13_add_certificate(SSL_HANDSHAKE *hs) {
if (ssl_signing_with_dc(hs)) {
const CRYPTO_BUFFER *raw = dc->raw.get();
+ CBB child;
if (!CBB_add_u16(&extensions, TLSEXT_TYPE_delegated_credential) ||
- !CBB_add_u16(&extensions, CRYPTO_BUFFER_len(raw)) ||
- !CBB_add_bytes(&extensions,
- CRYPTO_BUFFER_data(raw),
+ !CBB_add_u16_length_prefixed(&extensions, &child) ||
+ !CBB_add_bytes(&child, CRYPTO_BUFFER_data(raw),
CRYPTO_BUFFER_len(raw)) ||
!CBB_flush(&extensions)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
+ ssl->s3->delegated_credential_used = true;
}
for (size_t i = 1; i < sk_CRYPTO_BUFFER_num(cert->chain.get()); i++) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-26 08:23:41 +0000