diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2019-04-11 20:27:59 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2019-06-04 12:09:50 +1000 |
commit | d5e5e2ffafc7dbc861f7d285508cf129c5e8f5ac (patch) | |
tree | 3920b0febd6d2716940fb022b57894fe2ebf565d /ssl/s3_enc.c | |
parent | bf5b04ea25d6ac7d31e388b4e87d3eb5cd1e1e2b (diff) |
Move digests to providers
Move digest code into the relevant providers (fips, default, legacy).
The headers are temporarily moved to be internal, and will be moved
into providers after all external references are resolved. The deprecated
digest code can not be removed until EVP_PKEY (signing) is supported by
providers. EVP_MD data can also not yet be cleaned up for the same reasons.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8763)
Diffstat (limited to 'ssl/s3_enc.c')
-rw-r--r-- | ssl/s3_enc.c | 35 |
1 files changed, 27 insertions, 8 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index de4e678c93..c666014327 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -12,6 +12,7 @@ #include "ssl_locl.h" #include <openssl/evp.h> #include <openssl/md5.h> +#include <openssl/core_names.h> #include "internal/cryptlib.h" static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) @@ -410,6 +411,21 @@ int ssl3_digest_cached_records(SSL *s, int keep) return 1; } +void ssl3_digest_master_key_set_params(const SSL_SESSION *session, + OSSL_PARAM params[]) +{ + int n = 0; + int cmd = EVP_CTRL_SSL3_MASTER_SECRET; + + params[n++] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_CMD, &cmd, + NULL); + params[n++] = OSSL_PARAM_construct_octet_ptr(OSSL_DIGEST_PARAM_MSG, + (void **)&session->master_key, + session->master_key_length, + NULL); + params[n++] = OSSL_PARAM_construct_end(); +} + size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, unsigned char *p) { @@ -448,14 +464,17 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, goto err; } - if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0) - || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET, - (int)s->session->master_key_length, - s->session->master_key) <= 0 - || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, - ERR_R_INTERNAL_ERROR); - ret = 0; + if (sender != NULL) { + OSSL_PARAM digest_cmd_params[3]; + + ssl3_digest_master_key_set_params(s->session, digest_cmd_params); + if (EVP_DigestUpdate(ctx, sender, len) <= 0 + || EVP_MD_CTX_set_params(ctx, digest_cmd_params) <= 0 + || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, + ERR_R_INTERNAL_ERROR); + ret = 0; + } } err: |