diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-05-21 16:58:08 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-06-01 12:40:00 +0200 |
commit | ed576acdf591d4164905ab98e89ca5a3b99d90ab (patch) | |
tree | c0f36ca1b3d42f34c0c502e700ad09b69b713d3c /ssl | |
parent | 5e2d22d53ed322a7124e26a4fbd116a8210eb77a (diff) |
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ktls.c | 23 | ||||
-rw-r--r-- | ssl/record/rec_layer_d1.c | 6 | ||||
-rw-r--r-- | ssl/record/rec_layer_s3.c | 10 | ||||
-rw-r--r-- | ssl/record/ssl3_record.c | 60 | ||||
-rw-r--r-- | ssl/record/ssl3_record_tls13.c | 2 | ||||
-rw-r--r-- | ssl/s3_enc.c | 16 | ||||
-rw-r--r-- | ssl/ssl_ciph.c | 15 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 16 | ||||
-rw-r--r-- | ssl/statem/extensions.c | 4 | ||||
-rw-r--r-- | ssl/statem/extensions_clnt.c | 6 | ||||
-rw-r--r-- | ssl/statem/extensions_srvr.c | 5 | ||||
-rw-r--r-- | ssl/statem/statem_clnt.c | 11 | ||||
-rw-r--r-- | ssl/statem/statem_dtls.c | 8 | ||||
-rw-r--r-- | ssl/statem/statem_lib.c | 17 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 10 | ||||
-rw-r--r-- | ssl/t1_enc.c | 32 | ||||
-rw-r--r-- | ssl/t1_lib.c | 26 | ||||
-rw-r--r-- | ssl/tls13_enc.c | 26 |
18 files changed, 150 insertions, 143 deletions
diff --git a/ssl/ktls.c b/ssl/ktls.c index 4aece2e7b7..a5de8bd720 100644 --- a/ssl/ktls.c +++ b/ssl/ktls.c @@ -67,7 +67,7 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, case SSL_AES256GCM: crypto_info->cipher_algorithm = CRYPTO_AES_NIST_GCM_16; if (s->version == TLS1_3_VERSION) - crypto_info->iv_len = EVP_CIPHER_CTX_iv_length(dd); + crypto_info->iv_len = EVP_CIPHER_CTX_get_iv_length(dd); else crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN; break; @@ -87,7 +87,7 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, return 0; } crypto_info->cipher_algorithm = CRYPTO_AES_CBC; - crypto_info->iv_len = EVP_CIPHER_iv_length(c); + crypto_info->iv_len = EVP_CIPHER_get_iv_length(c); crypto_info->auth_key = mac_key; crypto_info->auth_key_len = mac_secret_size; break; @@ -95,7 +95,7 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, return 0; } crypto_info->cipher_key = key; - crypto_info->cipher_key_len = EVP_CIPHER_key_length(c); + crypto_info->cipher_key_len = EVP_CIPHER_get_key_length(c); crypto_info->iv = iv; crypto_info->tls_vmajor = (s->version >> 8) & 0x000000ff; crypto_info->tls_vminor = (s->version & 0x000000ff); @@ -129,11 +129,11 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, /* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128 * or Chacha20-Poly1305 */ - switch (EVP_CIPHER_nid(c)) + switch (EVP_CIPHER_get_nid(c)) { # ifdef OPENSSL_KTLS_AES_CCM_128 case NID_aes_128_ccm: - if (EVP_CIPHER_CTX_tag_length(dd) != EVP_CCM_TLS_TAG_LEN) + if (EVP_CIPHER_CTX_get_tag_length(dd) != EVP_CCM_TLS_TAG_LEN) return 0; # endif # ifdef OPENSSL_KTLS_AES_GCM_128 @@ -163,7 +163,7 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, unsigned char *iiv = iv; if (s->version == TLS1_2_VERSION && - EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) { + EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) { if (!EVP_CIPHER_CTX_get_updated_iv(dd, geniv, EVP_GCM_TLS_FIXED_IV_LEN + EVP_GCM_TLS_EXPLICIT_IV_LEN)) @@ -172,7 +172,7 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, } memset(crypto_info, 0, sizeof(*crypto_info)); - switch (EVP_CIPHER_nid(c)) + switch (EVP_CIPHER_get_nid(c)) { # ifdef OPENSSL_KTLS_AES_GCM_128 case NID_aes_128_gcm: @@ -182,7 +182,7 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, memcpy(crypto_info->gcm128.iv, iiv + EVP_GCM_TLS_FIXED_IV_LEN, TLS_CIPHER_AES_GCM_128_IV_SIZE); memcpy(crypto_info->gcm128.salt, iiv, TLS_CIPHER_AES_GCM_128_SALT_SIZE); - memcpy(crypto_info->gcm128.key, key, EVP_CIPHER_key_length(c)); + memcpy(crypto_info->gcm128.key, key, EVP_CIPHER_get_key_length(c)); memcpy(crypto_info->gcm128.rec_seq, rl_sequence, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); if (rec_seq != NULL) @@ -197,7 +197,7 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, memcpy(crypto_info->gcm256.iv, iiv + EVP_GCM_TLS_FIXED_IV_LEN, TLS_CIPHER_AES_GCM_256_IV_SIZE); memcpy(crypto_info->gcm256.salt, iiv, TLS_CIPHER_AES_GCM_256_SALT_SIZE); - memcpy(crypto_info->gcm256.key, key, EVP_CIPHER_key_length(c)); + memcpy(crypto_info->gcm256.key, key, EVP_CIPHER_get_key_length(c)); memcpy(crypto_info->gcm256.rec_seq, rl_sequence, TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); if (rec_seq != NULL) @@ -212,7 +212,7 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, memcpy(crypto_info->ccm128.iv, iiv + EVP_CCM_TLS_FIXED_IV_LEN, TLS_CIPHER_AES_CCM_128_IV_SIZE); memcpy(crypto_info->ccm128.salt, iiv, TLS_CIPHER_AES_CCM_128_SALT_SIZE); - memcpy(crypto_info->ccm128.key, key, EVP_CIPHER_key_length(c)); + memcpy(crypto_info->ccm128.key, key, EVP_CIPHER_get_key_length(c)); memcpy(crypto_info->ccm128.rec_seq, rl_sequence, TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); if (rec_seq != NULL) @@ -226,7 +226,8 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, crypto_info->tls_crypto_info_len = sizeof(crypto_info->chacha20poly1305); memcpy(crypto_info->chacha20poly1305.iv, iiv, TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE); - memcpy(crypto_info->chacha20poly1305.key, key, EVP_CIPHER_key_length(c)); + memcpy(crypto_info->chacha20poly1305.key, key, + EVP_CIPHER_get_key_length(c)); memcpy(crypto_info->chacha20poly1305.rec_seq, rl_sequence, TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE); if (rec_seq != NULL) diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 6713ff72f5..336ebc8b79 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -837,7 +837,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, if (clear) mac_size = 0; else { - mac_size = EVP_MD_CTX_size(s->write_hash); + mac_size = EVP_MD_CTX_get_size(s->write_hash); if (mac_size < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE); @@ -871,9 +871,9 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, /* Explicit IV length, block ciphers appropriate version flag */ if (s->enc_write_ctx) { - int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); + int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx); if (mode == EVP_CIPH_CBC_MODE) { - eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); + eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx); if (eivlen <= 1) eivlen = 0; } diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 8cd102ecae..a217db772a 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -439,7 +439,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, && !SSL_WRITE_ETM(s) && SSL_USE_EXPLICIT_IV(s) && BIO_get_ktls_send(s->wbio) == 0 - && (EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) + && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) != 0) { unsigned char aad[13]; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; @@ -588,7 +588,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, } if (maxpipes == 0 || s->enc_write_ctx == NULL - || (EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) + || (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) & EVP_CIPH_FLAG_PIPELINE) == 0 || !SSL_USE_EXPLICIT_IV(s)) maxpipes = 1; @@ -723,7 +723,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, mac_size = 0; } else { /* TODO(siz_t): Convert me */ - mac_size = EVP_MD_CTX_size(s->write_hash); + mac_size = EVP_MD_CTX_get_size(s->write_hash); if (mac_size < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -831,10 +831,10 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* Explicit IV length, block ciphers appropriate version flag */ if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s) && !SSL_TREAT_AS_TLS13(s)) { - int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); + int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx); if (mode == EVP_CIPH_CBC_MODE) { /* TODO(size_t): Convert me */ - eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); + eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx); if (eivlen <= 1) eivlen = 0; } else if (mode == EVP_CIPH_GCM_MODE) { diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 8788d49e4c..8c4ff01dd1 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -480,7 +480,7 @@ int ssl3_get_record(SSL *s) && thisrr->type == SSL3_RT_APPLICATION_DATA && SSL_USE_EXPLICIT_IV(s) && s->enc_read_ctx != NULL - && (EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_read_ctx)) + && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_read_ctx)) & EVP_CIPH_FLAG_PIPELINE) != 0 && ssl3_record_app_data_waiting(s)); @@ -526,7 +526,7 @@ int ssl3_get_record(SSL *s) const EVP_MD *tmpmd = EVP_MD_CTX_get0_md(s->read_hash); if (tmpmd != NULL) { - imac_size = EVP_MD_size(tmpmd); + imac_size = EVP_MD_get_size(tmpmd); if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); return -1; @@ -855,11 +855,11 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, memmove(rec->data, rec->input, rec->length); rec->input = rec->data; } else { - int provided = (EVP_CIPHER_provider(enc) != NULL); + int provided = (EVP_CIPHER_get0_provider(enc) != NULL); l = rec->length; /* TODO(size_t): Convert this call */ - bs = EVP_CIPHER_CTX_block_size(ds); + bs = EVP_CIPHER_CTX_get_block_size(ds); /* COMPRESS */ @@ -889,7 +889,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, /* otherwise, rec->length >= bs */ } - if (EVP_CIPHER_provider(enc) != NULL) { + if (EVP_CIPHER_get0_provider(enc) != NULL) { int outlen; if (!EVP_CipherUpdate(ds, rec->data, &outlen, rec->input, @@ -968,7 +968,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, if (sending) { if (EVP_MD_CTX_get0_md(s->write_hash)) { - int n = EVP_MD_CTX_size(s->write_hash); + int n = EVP_MD_CTX_get_size(s->write_hash); if (!ossl_assert(n >= 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -983,8 +983,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, enc = EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx); /* For TLSv1.1 and later explicit IV */ if (SSL_USE_EXPLICIT_IV(s) - && EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE) - ivlen = EVP_CIPHER_iv_length(enc); + && EVP_CIPHER_get_mode(enc) == EVP_CIPH_CBC_MODE) + ivlen = EVP_CIPHER_get_iv_length(enc); else ivlen = 0; if (ivlen > 1) { @@ -1006,7 +1006,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, } } else { if (EVP_MD_CTX_get0_md(s->read_hash)) { - int n = EVP_MD_CTX_size(s->read_hash); + int n = EVP_MD_CTX_get_size(s->read_hash); if (!ossl_assert(n >= 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -1025,12 +1025,12 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, recs[ctr].input = recs[ctr].data; } } else { - int provided = (EVP_CIPHER_provider(enc) != NULL); + int provided = (EVP_CIPHER_get0_provider(enc) != NULL); - bs = EVP_CIPHER_block_size(EVP_CIPHER_CTX_get0_cipher(ds)); + bs = EVP_CIPHER_get_block_size(EVP_CIPHER_CTX_get0_cipher(ds)); if (n_recs > 1) { - if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ds)) + if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds)) & EVP_CIPH_FLAG_PIPELINE) == 0) { /* * We shouldn't have been called with pipeline data if the @@ -1043,7 +1043,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, for (ctr = 0; ctr < n_recs; ctr++) { reclen[ctr] = recs[ctr].length; - if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ds)) + if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds)) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { unsigned char *seq; @@ -1177,10 +1177,10 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, * any explicit IV */ if (!sending) { - if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) { + if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_GCM_MODE) { recs[0].data += EVP_GCM_TLS_EXPLICIT_IV_LEN; recs[0].input += EVP_GCM_TLS_EXPLICIT_IV_LEN; - } else if (EVP_CIPHER_mode(enc) == EVP_CIPH_CCM_MODE) { + } else if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_CCM_MODE) { recs[0].data += EVP_CCM_TLS_EXPLICIT_IV_LEN; recs[0].input += EVP_CCM_TLS_EXPLICIT_IV_LEN; } else if (bs != 1 && SSL_USE_EXPLICIT_IV(s)) { @@ -1215,7 +1215,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, /* TODO(size_t): Convert this call */ tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input, (unsigned int)reclen[0]); - if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ds)) + if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds)) & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0 ? (tmpr < 0) : (tmpr == 0)) { @@ -1225,13 +1225,13 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, if (!sending) { /* Adjust the record to remove the explicit IV/MAC/Tag */ - if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) { + if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_GCM_MODE) { for (ctr = 0; ctr < n_recs; ctr++) { recs[ctr].data += EVP_GCM_TLS_EXPLICIT_IV_LEN; recs[ctr].input += EVP_GCM_TLS_EXPLICIT_IV_LEN; recs[ctr].length -= EVP_GCM_TLS_EXPLICIT_IV_LEN; } - } else if (EVP_CIPHER_mode(enc) == EVP_CIPH_CCM_MODE) { + } else if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_CCM_MODE) { for (ctr = 0; ctr < n_recs; ctr++) { recs[ctr].data += EVP_CCM_TLS_EXPLICIT_IV_LEN; recs[ctr].input += EVP_CCM_TLS_EXPLICIT_IV_LEN; @@ -1261,7 +1261,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, : NULL, bs, macsize, - (EVP_CIPHER_flags(enc) + (EVP_CIPHER_get_flags(enc) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0, s->ctx->libctx)) return 0; @@ -1283,7 +1283,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, */ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) { - switch (EVP_MD_CTX_type(ctx)) { + switch (EVP_MD_CTX_get_type(ctx)) { case NID_md5: case NID_sha1: case NID_sha224: @@ -1315,15 +1315,15 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) hash = ssl->read_hash; } - t = EVP_MD_CTX_size(hash); + t = EVP_MD_CTX_get_size(hash); if (t < 0) return 0; md_size = t; npad = (48 / md_size) * md_size; - if (!sending && - EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && - ssl3_cbc_record_digest_supported(hash)) { + if (!sending + && EVP_CIPHER_CTX_get_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE + && ssl3_cbc_record_digest_supported(hash)) { #ifdef OPENSSL_NO_DEPRECATED_3_0 return 0; #else @@ -1418,7 +1418,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) hash = ssl->read_hash; } - t = EVP_MD_CTX_size(hash); + t = EVP_MD_CTX_get_size(hash); if (!ossl_assert(t >= 0)) return 0; md_size = t; @@ -1457,16 +1457,16 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) header[11] = (unsigned char)(rec->length >> 8); header[12] = (unsigned char)(rec->length & 0xff); - if (!sending && !SSL_READ_ETM(ssl) && - EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && - ssl3_cbc_record_digest_supported(mac_ctx)) { + if (!sending && !SSL_READ_ETM(ssl) + && EVP_CIPHER_CTX_get_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE + && ssl3_cbc_record_digest_supported(mac_ctx)) { OSSL_PARAM tls_hmac_params[2], *p = tls_hmac_params; *p++ = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_TLS_DATA_SIZE, &rec->orig_len); *p++ = OSSL_PARAM_construct_end(); - if (!EVP_PKEY_CTX_set_params(EVP_MD_CTX_pkey_ctx(mac_ctx), + if (!EVP_PKEY_CTX_set_params(EVP_MD_CTX_get_pkey_ctx(mac_ctx), tls_hmac_params)) return 0; } @@ -1551,7 +1551,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) const EVP_MD *tmpmd = EVP_MD_CTX_get0_md(s->read_hash); if (tmpmd != NULL) { - imac_size = EVP_MD_size(tmpmd); + imac_size = EVP_MD_get_size(tmpmd); if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); return -1; diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c index 0e4b310148..13c007ae23 100644 --- a/ssl/record/ssl3_record_tls13.c +++ b/ssl/record/ssl3_record_tls13.c @@ -62,7 +62,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, return 1; } - ivlen = EVP_CIPHER_CTX_iv_length(ctx); + ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); if (s->early_data_state == SSL_EARLY_DATA_WRITING || s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) { diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 88ac6e4205..64b246eb65 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -186,15 +186,15 @@ int ssl3_change_cipher_state(SSL *s, int which) EVP_CIPHER_CTX_reset(dd); p = s->s3.tmp.key_block; - mdi = EVP_MD_size(m); + mdi = EVP_MD_get_size(m); if (mdi < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } i = mdi; - cl = EVP_CIPHER_key_length(c); + cl = EVP_CIPHER_get_key_length(c); j = cl; - k = EVP_CIPHER_iv_length(c); + k = EVP_CIPHER_get_iv_length(c); if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { ms = &(p[0]); @@ -225,7 +225,7 @@ int ssl3_change_cipher_state(SSL *s, int which) goto err; } - if (EVP_CIPHER_provider(c) != NULL + if (EVP_CIPHER_get0_provider(c) != NULL && !tls_provider_set_tls_params(s, dd, c, m)) { /* SSLfatal already called */ goto err; @@ -266,11 +266,11 @@ int ssl3_setup_key_block(SSL *s) s->s3.tmp.new_compression = comp; #endif - num = EVP_MD_size(hash); + num = EVP_MD_get_size(hash); if (num < 0) return 0; - num = EVP_CIPHER_key_length(c) + num + EVP_CIPHER_iv_length(c); + num = EVP_CIPHER_get_key_length(c) + num + EVP_CIPHER_get_iv_length(c); num *= 2; ssl3_cleanup_key_block(s); @@ -424,7 +424,7 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, return 0; } - if (EVP_MD_CTX_type(s->s3.handshake_dgst) != NID_md5_sha1) { + if (EVP_MD_CTX_get_type(s->s3.handshake_dgst) != NID_md5_sha1) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_REQUIRED_DIGEST); return 0; } @@ -440,7 +440,7 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, goto err; } - ret = EVP_MD_CTX_size(ctx); + ret = EVP_MD_CTX_get_size(ctx); if (ret < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); ret = 0; diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 582124aa1f..d7c19feedf 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -346,7 +346,7 @@ int ssl_load_ciphers(SSL_CTX *ctx) if (md == NULL) { ctx->disabled_mac_mask |= t->mask; } else { - int tmpsize = EVP_MD_size(md); + int tmpsize = EVP_MD_get_size(md); if (!ossl_assert(tmpsize >= 0)) return 0; ctx->ssl_mac_secret_size[i] = tmpsize; @@ -566,8 +566,9 @@ int ssl_cipher_get_evp(SSL_CTX *ctx, const SSL_SESSION *s, *mac_secret_size = ctx->ssl_mac_secret_size[i]; } - if ((*enc != NULL) && - (*md != NULL || (EVP_CIPHER_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER)) + if ((*enc != NULL) + && (*md != NULL + || (EVP_CIPHER_get_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER)) && (!mac_pkey_type || *mac_pkey_type != NID_undef)) { const EVP_CIPHER *evp = NULL; @@ -2172,7 +2173,7 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, if (e_md == NULL) return 0; - mac = EVP_MD_size(e_md); + mac = EVP_MD_get_size(e_md); if (c->algorithm_enc != SSL_eNULL) { int cipher_nid = SSL_CIPHER_get_cipher_nid(c); const EVP_CIPHER *e_ciph = EVP_get_cipherbynid(cipher_nid); @@ -2180,12 +2181,12 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, /* If it wasn't AEAD or SSL_eNULL, we expect it to be a known CBC cipher. */ if (e_ciph == NULL || - EVP_CIPHER_mode(e_ciph) != EVP_CIPH_CBC_MODE) + EVP_CIPHER_get_mode(e_ciph) != EVP_CIPH_CBC_MODE) return 0; in = 1; /* padding length byte */ - out = EVP_CIPHER_iv_length(e_ciph); - blk = EVP_CIPHER_block_size(e_ciph); + out = EVP_CIPHER_get_iv_length(e_ciph); + blk = EVP_CIPHER_get_block_size(e_ciph); } } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index af95f2e056..c8ab4a66a0 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -305,7 +305,7 @@ static int dane_tlsa_add(SSL_DANE *dane, } } - if (md != NULL && dlen != (size_t)EVP_MD_size(md)) { + if (md != NULL && dlen != (size_t)EVP_MD_get_size(md)) { ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH); return 0; } @@ -4764,7 +4764,7 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, { EVP_MD_CTX *ctx = NULL; EVP_MD_CTX *hdgst = s->s3.handshake_dgst; - int hashleni = EVP_MD_CTX_size(hdgst); + int hashleni = EVP_MD_CTX_get_size(hdgst); int ret = 0; if (hashleni < 0 || (size_t)hashleni > outlen) { @@ -5898,7 +5898,7 @@ const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx, int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher) { /* Don't up-ref an implicit EVP_CIPHER */ - if (EVP_CIPHER_provider(cipher) == NULL) + if (EVP_CIPHER_get0_provider(cipher) == NULL) return 1; /* @@ -5913,7 +5913,7 @@ void ssl_evp_cipher_free(const EVP_CIPHER *cipher) if (cipher == NULL) return; - if (EVP_CIPHER_provider(cipher) != NULL) { + if (EVP_CIPHER_get0_provider(cipher) != NULL) { /* * The cipher was explicitly fetched and therefore it is safe to cast * away the const @@ -5942,7 +5942,7 @@ const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx, int ssl_evp_md_up_ref(const EVP_MD *md) { /* Don't up-ref an implicit EVP_MD */ - if (EVP_MD_provider(md) == NULL) + if (EVP_MD_get0_provider(md) == NULL) return 1; /* @@ -5957,7 +5957,7 @@ void ssl_evp_md_free(const EVP_MD *md) if (md == NULL) return; - if (EVP_MD_provider(md) != NULL) { + if (EVP_MD_get0_provider(md) != NULL) { /* * The digest was explicitly fetched and therefore it is safe to cast * away the const @@ -5969,7 +5969,7 @@ void ssl_evp_md_free(const EVP_MD *md) int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey) { if (!ssl_security(s, SSL_SECOP_TMP_DH, - EVP_PKEY_security_bits(dhpkey), 0, dhpkey)) { + EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) { ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL); EVP_PKEY_free(dhpkey); return 0; @@ -5982,7 +5982,7 @@ int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey) int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey) { if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, - EVP_PKEY_security_bits(dhpkey), 0, dhpkey)) { + EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) { ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL); EVP_PKEY_free(dhpkey); return 0; diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 42d591e11e..d12e940704 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1453,7 +1453,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, #endif const unsigned char *label; size_t bindersize, labelsize, hashsize; - int hashsizei = EVP_MD_size(md); + int hashsizei = EVP_MD_get_size(md); int ret = -1; int usepskfored = 0; @@ -1587,7 +1587,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, binderout = tmpbinder; bindersize = hashsize; - if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_name(md), s->ctx->libctx, + if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_get0_name(md), s->ctx->libctx, s->ctx->propq, mackey, NULL) <= 0 || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0 || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0 diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index fe9f8a9de6..545b2d034f 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -937,7 +937,7 @@ EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt, * length. */ hlen += PSK_PRE_BINDER_OVERHEAD + s->session->ext.ticklen - + EVP_MD_size(md); + + EVP_MD_get_size(md); } } @@ -1068,7 +1068,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, */ agems += s->session->ext.tick_age_add; - reshashsize = EVP_MD_size(mdres); + reshashsize = EVP_MD_get_size(mdres); s->ext.tick_identity++; dores = 1; } @@ -1097,7 +1097,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, return EXT_RETURN_FAIL; } - pskhashsize = EVP_MD_size(mdpsk); + pskhashsize = EVP_MD_get_size(mdpsk); } /* Create the extension, but skip over the binder for now */ diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 6b3b33e239..51c3251635 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -1164,7 +1164,8 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, md = ssl_md(s->ctx, sess->cipher->algorithm2); if (!EVP_MD_is_a(md, - EVP_MD_name(ssl_md(s->ctx, s->s3.tmp.new_cipher->algorithm2)))) { + EVP_MD_get0_name(ssl_md(s->ctx, + s->s3.tmp.new_cipher->algorithm2)))) { /* The ciphersuite is not compatible with this session. */ SSL_SESSION_free(sess); sess = NULL; @@ -1179,7 +1180,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 1; binderoffset = PACKET_data(pkt) - (const unsigned char *)s->init_buf->data; - hashsize = EVP_MD_size(md); + hashsize = EVP_MD_get_size(md); if (!PACKET_get_length_prefixed_2(pkt, &binders)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 82bb013865..88b34c6ad1 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2083,7 +2083,8 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) goto err; } - if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp), + if (!ssl_security(s, SSL_SECOP_TMP_DH, + EVP_PKEY_get_security_bits(peer_tmp), 0, peer_tmp)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_DH_KEY_TOO_SMALL); goto err; @@ -2258,7 +2259,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) } if (SSL_USE_SIGALGS(s)) OSSL_TRACE1(TLS, "USING TLSv1.2 HASH %s\n", - md == NULL ? "n/a" : EVP_MD_name(md)); + md == NULL ? "n/a" : EVP_MD_get0_name(md)); if (!PACKET_get_length_prefixed_2(pkt, &signature) || PACKET_remaining(pkt) != 0) { @@ -2273,7 +2274,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) } if (EVP_DigestVerifyInit_ex(md_ctx, &pctx, - md == NULL ? NULL : EVP_MD_name(md), + md == NULL ? NULL : EVP_MD_get0_name(md), s->ctx->libctx, s->ctx->propq, pkey, NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); @@ -2589,7 +2590,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) /* This is a standalone message in TLSv1.3, so there is no more to read */ if (SSL_IS_TLS13(s)) { const EVP_MD *md = ssl_handshake_md(s); - int hashleni = EVP_MD_size(md); + int hashleni = EVP_MD_get_size(md); size_t hashlen; static const unsigned char nonce_label[] = "resumption"; @@ -2942,7 +2943,7 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt) |