diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2019-06-07 12:05:23 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2019-06-11 20:25:33 +1000 |
commit | 83b4a24384e62ed8cf91f51bf9a303f98017e13e (patch) | |
tree | 736978aa1768b11fae53518b03378c272180a70b /ssl | |
parent | 3d700c3fde15086fcb514ab7c90097f7f0f5d75f (diff) |
Make EVP_MD_CTX_ctrl() work for legacy use cases (ssl3).
This is still required currently by engines and digestsign/digestverify.
This PR contains merged in code from Richard Levitte's PR #9126.
[extended tests]
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9103)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_enc.c | 13 | ||||
-rw-r--r-- | ssl/statem/statem_lib.c | 22 |
2 files changed, 19 insertions, 16 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index c666014327..6c3b711072 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -415,14 +415,10 @@ void ssl3_digest_master_key_set_params(const SSL_SESSION *session, OSSL_PARAM params[]) { int n = 0; - int cmd = EVP_CTRL_SSL3_MASTER_SECRET; - - params[n++] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_CMD, &cmd, - NULL); - params[n++] = OSSL_PARAM_construct_octet_ptr(OSSL_DIGEST_PARAM_MSG, - (void **)&session->master_key, - session->master_key_length, - NULL); + params[n++] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, + (void *)session->master_key, + session->master_key_length, + NULL); params[n++] = OSSL_PARAM_construct_end(); } @@ -468,6 +464,7 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, OSSL_PARAM digest_cmd_params[3]; ssl3_digest_master_key_set_params(s->session, digest_cmd_params); + if (EVP_DigestUpdate(ctx, sender, len) <= 0 || EVP_MD_CTX_set_params(ctx, digest_cmd_params) <= 0 || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index e59b49bb3d..e6d2478dcb 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -285,11 +285,14 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) } } if (s->version == SSL3_VERSION) { - OSSL_PARAM digest_cmd_params[3]; - - ssl3_digest_master_key_set_params(s->session, digest_cmd_params); if (EVP_DigestSignUpdate(mctx, hdata, hdatalen) <= 0 - || EVP_MD_CTX_set_params(mctx, digest_cmd_params) <= 0 + /* + * TODO(3.0) Replace this when EVP_MD_CTX_ctrl() is deprecated + * with a call to ssl3_digest_master_key_set_params() + */ + || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, + (int)s->session->master_key_length, + s->session->master_key) <= 0 || EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, @@ -474,11 +477,14 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) } } if (s->version == SSL3_VERSION) { - OSSL_PARAM digest_cmd_params[3]; - - ssl3_digest_master_key_set_params(s->session, digest_cmd_params); + /* + * TODO(3.0) Replace this when EVP_MD_CTX_ctrl() is deprecated + * with a call to ssl3_digest_master_key_set_params() + */ if (EVP_DigestVerifyUpdate(mctx, hdata, hdatalen) <= 0 - || EVP_MD_CTX_set_params(mctx, digest_cmd_params) <= 0) { + || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, + (int)s->session->master_key_length, + s->session->master_key) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB); goto err; |