diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2019-06-07 12:05:23 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2019-06-11 20:25:33 +1000 |
commit | 83b4a24384e62ed8cf91f51bf9a303f98017e13e (patch) | |
tree | 736978aa1768b11fae53518b03378c272180a70b /ssl/statem | |
parent | 3d700c3fde15086fcb514ab7c90097f7f0f5d75f (diff) |
Make EVP_MD_CTX_ctrl() work for legacy use cases (ssl3).
This is still required currently by engines and digestsign/digestverify.
This PR contains merged in code from Richard Levitte's PR #9126.
[extended tests]
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9103)
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/statem_lib.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index e59b49bb3d..e6d2478dcb 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -285,11 +285,14 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) } } if (s->version == SSL3_VERSION) { - OSSL_PARAM digest_cmd_params[3]; - - ssl3_digest_master_key_set_params(s->session, digest_cmd_params); if (EVP_DigestSignUpdate(mctx, hdata, hdatalen) <= 0 - || EVP_MD_CTX_set_params(mctx, digest_cmd_params) <= 0 + /* + * TODO(3.0) Replace this when EVP_MD_CTX_ctrl() is deprecated + * with a call to ssl3_digest_master_key_set_params() + */ + || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, + (int)s->session->master_key_length, + s->session->master_key) <= 0 || EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, @@ -474,11 +477,14 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) } } if (s->version == SSL3_VERSION) { - OSSL_PARAM digest_cmd_params[3]; - - ssl3_digest_master_key_set_params(s->session, digest_cmd_params); + /* + * TODO(3.0) Replace this when EVP_MD_CTX_ctrl() is deprecated + * with a call to ssl3_digest_master_key_set_params() + */ if (EVP_DigestVerifyUpdate(mctx, hdata, hdatalen) <= 0 - || EVP_MD_CTX_set_params(mctx, digest_cmd_params) <= 0) { + || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, + (int)s->session->master_key_length, + s->session->master_key) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB); goto err; |