diff options
| author | Pauli <ppzgs1@gmail.com> | 2021-02-25 13:49:10 +1000 |
|---|---|---|
| committer | Pauli <ppzgs1@gmail.com> | 2021-02-28 17:25:49 +1000 |
| commit | 0edb81944133a5f2f9e4c6fd7282e40a2d1aa582 (patch) | |
| tree | b3dd60ddaef422b384f673c325841abba24e6b79 /ssl | |
| parent | cc2314a9f630c47860afbddd29ef5b4223371a8a (diff) | |
tls: updates for the new additional MAC_init arguments
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/t1_lib.c | 5 | ||||
| -rw-r--r-- | ssl/tls13_enc.c | 20 |
2 files changed, 9 insertions, 16 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index ace890d915..4d66db9f9d 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3393,13 +3393,12 @@ EVP_MAC_CTX *ssl_hmac_get0_EVP_MAC_CTX(SSL_HMAC *ctx) int ssl_hmac_init(SSL_HMAC *ctx, void *key, size_t len, char *md) { - OSSL_PARAM params[3], *p = params; + OSSL_PARAM params[2], *p = params; if (ctx->ctx != NULL) { *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, md, 0); - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key, len); *p = OSSL_PARAM_construct_end(); - if (EVP_MAC_CTX_set_params(ctx->ctx, params) && EVP_MAC_init(ctx->ctx)) + if (EVP_MAC_init(ctx->ctx, key, len, params)) return 1; } #ifndef OPENSSL_NO_DEPRECATED_3_0 diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index c5b4dcc8d1..b9757fd5f3 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -311,9 +311,10 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, EVP_MAC *hmac = EVP_MAC_fetch(s->ctx->libctx, "HMAC", s->ctx->propq); unsigned char hash[EVP_MAX_MD_SIZE]; unsigned char finsecret[EVP_MAX_MD_SIZE]; + unsigned char *key = NULL; size_t hashlen, ret = 0; EVP_MAC_CTX *ctx = NULL; - OSSL_PARAM params[4], *p = params; + OSSL_PARAM params[3], *p = params; if (hmac == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -327,6 +328,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, *p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_PROPERTIES, (char *)s->ctx->propq, 0); + *p = OSSL_PARAM_construct_end(); if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) { /* SSLfatal() already called */ @@ -334,28 +336,20 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, } if (str == s->method->ssl3_enc->server_finished_label) { - *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, - s->server_finished_secret, - hashlen); + key = s->server_finished_secret; } else if (SSL_IS_FIRST_HANDSHAKE(s)) { - *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, - s->client_finished_secret, - hashlen); + key = s->client_finished_secret; } else { if (!tls13_derive_finishedkey(s, ssl_handshake_md(s), s->client_app_traffic_secret, finsecret, hashlen)) goto err; - - *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, finsecret, - hashlen); + key = finsecret; } - *p++ = OSSL_PARAM_construct_end(); ctx = EVP_MAC_CTX_new(hmac); if (ctx == NULL - || !EVP_MAC_CTX_set_params(ctx, params) - || !EVP_MAC_init(ctx) + || !EVP_MAC_init(ctx, key, hashlen, params) || !EVP_MAC_update(ctx, hash, hashlen) /* outsize as per sizeof(peer_finish_md) */ || !EVP_MAC_final(ctx, out, &hashlen, EVP_MAX_MD_SIZE * 2)) { |