diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-01-19 00:21:12 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-01-20 03:24:59 +0000 |
commit | 3aeb93486588e7dd01379c50b8fd496d55cf8858 (patch) | |
tree | e5d5793ef4786dbfac5c724e8235a3aa1ce323b2 /ssl/statem | |
parent | a8eda4312db1f98cffda38670e2d40d36566785a (diff) |
make EVP_PKEY opaque
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/statem_clnt.c | 19 | ||||
-rw-r--r-- | ssl/statem/statem_lib.c | 2 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 20 |
3 files changed, 20 insertions, 21 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 5925923133..047bcf5d5b 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1683,7 +1683,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) #ifdef SSL_DEBUG fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); #endif - } else if (pkey->type == EVP_PKEY_RSA) { + } else if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) { md = EVP_md5_sha1(); } else { md = EVP_sha1(); @@ -2191,8 +2191,7 @@ psk_err: } pkey = X509_get0_pubkey(s->session->peer); - if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) - || (pkey->pkey.rsa == NULL)) { + if (EVP_PKEY_get0_RSA(pkey) == NULL) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; @@ -2273,9 +2272,7 @@ psk_err: } else { /* Get the Server Public Key from Cert */ skey = X509_get0_pubkey(s->session->peer); - if ((skey == NULL) - || (skey->type != EVP_PKEY_EC) - || (skey->pkey.ec == NULL)) { + if ((skey == NULL) || EVP_PKEY_get0_EC_KEY(skey) == NULL) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; @@ -2609,10 +2606,12 @@ int tls_construct_client_verify(SSL *s) goto err; } #ifndef OPENSSL_NO_GOST - if (pkey->type == NID_id_GostR3410_2001 - || pkey->type == NID_id_GostR3410_2012_256 - || pkey->type == NID_id_GostR3410_2012_512) { - BUF_reverse(p + 2, NULL, u); + { + int pktype = EVP_PKEY_id(pkey); + if (pktype == NID_id_GostR3410_2001 + || pktype == NID_id_GostR3410_2012_256 + || pktype == NID_id_GostR3410_2012_512) + BUF_reverse(p + 2, NULL, u); } #endif diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 984df19b58..70559666b0 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -612,7 +612,7 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey) if (pk == NULL) goto err; - i = pk->type; + i = EVP_PKEY_id(pk); if (i == EVP_PKEY_RSA) { ret = SSL_PKEY_RSA_ENC; } else if (i == EVP_PKEY_DSA) { diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 5ee0c94e17..2ac9dc3a59 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2080,7 +2080,6 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) unsigned long alg_k; #ifndef OPENSSL_NO_RSA RSA *rsa = NULL; - EVP_PKEY *pkey = NULL; #endif #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) EVP_PKEY *ckey = NULL; @@ -2173,15 +2172,13 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) size_t j; /* FIX THIS UP EAY EAY EAY EAY */ - pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey; - if ((pkey == NULL) || - (pkey->type != EVP_PKEY_RSA) || (pkey->pkey.rsa == NULL)) { + rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey); + if (rsa == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_MISSING_RSA_CERTIFICATE); goto f_err; } - rsa = pkey->pkey.rsa; /* SSLv3 and pre-standard DTLS omit the length bytes. */ if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) { @@ -2694,7 +2691,8 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) * length field (CryptoPro implementations at least till CSP 4.0) */ #ifndef OPENSSL_NO_GOST - if (PACKET_remaining(pkt) == 64 && pkey->type == NID_id_GostR3410_2001) { + if (PACKET_remaining(pkt) == 64 + && EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) { len = 64; } else #endif @@ -2764,10 +2762,12 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) } #ifndef OPENSSL_NO_GOST - if (pkey->type == NID_id_GostR3410_2001 - || pkey->type == NID_id_GostR3410_2012_256 - || pkey->type == NID_id_GostR3410_2012_512) { - BUF_reverse(data, NULL, len); + { + int pktype = EVP_PKEY_id(pkey); + if (pktype == NID_id_GostR3410_2001 + || pktype == NID_id_GostR3410_2012_256 + || pktype == NID_id_GostR3410_2012_512) + BUF_reverse(data, NULL, len); } #endif |