diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-07-26 17:32:05 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-08-09 17:34:52 +1000 |
| commit | 0ab18e7924727f7b613edc187f3a5074d0ce9bc6 (patch) | |
| tree | 15d960fa8fd6adca2f9bf74621fada77098a8be5 /ssl/statem | |
| parent | 11eef7e766ad76158be8da497fba2bc048b02ca1 (diff) | |
Add EVP signature with libctx methods.
-Added EVP_SignFinal_with_libctx() and EVP_VerifyFinal_with_libctx()
-Renamed EVP_DigestSignInit_ex() and EVP_DigestVerifyInit_with_libctx() to
EVP_DigestSignInit_with_libctx() and EVP_DigestVerifyInit_with_libctx()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11884)
Diffstat (limited to 'ssl/statem')
| -rw-r--r-- | ssl/statem/extensions.c | 5 | ||||
| -rw-r--r-- | ssl/statem/extensions_srvr.c | 9 | ||||
| -rw-r--r-- | ssl/statem/statem_clnt.c | 7 | ||||
| -rw-r--r-- | ssl/statem/statem_lib.c | 14 | ||||
| -rw-r--r-- | ssl/statem/statem_srvr.c | 7 |
5 files changed, 24 insertions, 18 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 9086348618..1a8e3cf829 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1610,8 +1610,9 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, binderout = tmpbinder; bindersize = hashsize; - if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_name(md), s->ctx->propq, - mackey, s->ctx->libctx) <= 0 + if (EVP_DigestSignInit_with_libctx(mctx, NULL, EVP_MD_name(md), + s->ctx->libctx, s->ctx->propq, + mackey) <= 0 || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0 || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0 || bindersize != hashsize) { diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 27ddef9aaf..3eeafef828 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -784,8 +784,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } hmaclen = SHA256_DIGEST_LENGTH; - if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->propq, pkey, - s->ctx->libctx) <= 0 + if (EVP_DigestSignInit_with_libctx(hctx, NULL, "SHA2-256", + s->ctx->libctx, s->ctx->propq, pkey) <= 0 || EVP_DigestSign(hctx, hmac, &hmaclen, data, rawlen - SHA256_DIGEST_LENGTH) <= 0 || hmaclen != SHA256_DIGEST_LENGTH) { @@ -1873,8 +1873,9 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, goto err; } - if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->propq, pkey, - s->ctx->libctx) <= 0 + if (EVP_DigestSignInit_with_libctx(hctx, NULL, "SHA2-256", + s->ctx->libctx, s->ctx->propq, + pkey) <= 0 || EVP_DigestSign(hctx, hmac, &hmaclen, cookie, totcookielen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE, diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 4cd85ef609..ff48759436 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2377,9 +2377,10 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) goto err; } - if (EVP_DigestVerifyInit_ex(md_ctx, &pctx, - md == NULL ? NULL : EVP_MD_name(md), - s->ctx->propq, pkey, s->ctx->libctx) <= 0) { + if (EVP_DigestVerifyInit_with_libctx(md_ctx, &pctx, + md == NULL ? NULL : EVP_MD_name(md), + s->ctx->libctx, s->ctx->propq, + pkey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB); goto err; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index d8aab20e92..39ec4a92fd 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -277,9 +277,10 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) goto err; } - if (EVP_DigestSignInit_ex(mctx, &pctx, - md == NULL ? NULL : EVP_MD_name(md), - s->ctx->propq, pkey, s->ctx->libctx) <= 0) { + if (EVP_DigestSignInit_with_libctx(mctx, &pctx, + md == NULL ? NULL : EVP_MD_name(md), + s->ctx->libctx, s->ctx->propq, + pkey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, ERR_R_EVP_LIB); goto err; @@ -472,9 +473,10 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) OSSL_TRACE1(TLS, "Using client verify alg %s\n", md == NULL ? "n/a" : EVP_MD_name(md)); - if (EVP_DigestVerifyInit_ex(mctx, &pctx, - md == NULL ? NULL : EVP_MD_name(md), - s->ctx->propq, pkey, s->ctx->libctx) <= 0) { + if (EVP_DigestVerifyInit_with_libctx(mctx, &pctx, + md == NULL ? NULL : EVP_MD_name(md), + s->ctx->libctx, s->ctx->propq, + pkey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB); goto err; diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index b329e89379..c46254c858 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2807,9 +2807,10 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) goto err; } - if (EVP_DigestSignInit_ex(md_ctx, &pctx, - md == NULL ? NULL : EVP_MD_name(md), - s->ctx->propq, pkey, s->ctx->libctx) <= 0) { + if (EVP_DigestSignInit_with_libctx(md_ctx, &pctx, + md == NULL ? NULL : EVP_MD_name(md), + s->ctx->libctx, s->ctx->propq, + pkey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); |