summaryrefslogtreecommitdiffstats
path: root/ssl/statem
diff options
context:
space:
mode:
Diffstat (limited to 'ssl/statem')
-rw-r--r--ssl/statem/extensions.c4
-rw-r--r--ssl/statem/extensions_clnt.c6
-rw-r--r--ssl/statem/extensions_srvr.c5
-rw-r--r--ssl/statem/statem_clnt.c11
-rw-r--r--ssl/statem/statem_dtls.c8
-rw-r--r--ssl/statem/statem_lib.c17
-rw-r--r--ssl/statem/statem_srvr.c10
7 files changed, 32 insertions, 29 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 42d591e11e..d12e940704 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1453,7 +1453,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
#endif
const unsigned char *label;
size_t bindersize, labelsize, hashsize;
- int hashsizei = EVP_MD_size(md);
+ int hashsizei = EVP_MD_get_size(md);
int ret = -1;
int usepskfored = 0;
@@ -1587,7 +1587,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
binderout = tmpbinder;
bindersize = hashsize;
- if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_name(md), s->ctx->libctx,
+ if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_get0_name(md), s->ctx->libctx,
s->ctx->propq, mackey, NULL) <= 0
|| EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0
|| EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index fe9f8a9de6..545b2d034f 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -937,7 +937,7 @@ EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt,
* length.
*/
hlen += PSK_PRE_BINDER_OVERHEAD + s->session->ext.ticklen
- + EVP_MD_size(md);
+ + EVP_MD_get_size(md);
}
}
@@ -1068,7 +1068,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
*/
agems += s->session->ext.tick_age_add;
- reshashsize = EVP_MD_size(mdres);
+ reshashsize = EVP_MD_get_size(mdres);
s->ext.tick_identity++;
dores = 1;
}
@@ -1097,7 +1097,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
return EXT_RETURN_FAIL;
}
- pskhashsize = EVP_MD_size(mdpsk);
+ pskhashsize = EVP_MD_get_size(mdpsk);
}
/* Create the extension, but skip over the binder for now */
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 6b3b33e239..51c3251635 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1164,7 +1164,8 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
md = ssl_md(s->ctx, sess->cipher->algorithm2);
if (!EVP_MD_is_a(md,
- EVP_MD_name(ssl_md(s->ctx, s->s3.tmp.new_cipher->algorithm2)))) {
+ EVP_MD_get0_name(ssl_md(s->ctx,
+ s->s3.tmp.new_cipher->algorithm2)))) {
/* The ciphersuite is not compatible with this session. */
SSL_SESSION_free(sess);
sess = NULL;
@@ -1179,7 +1180,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 1;
binderoffset = PACKET_data(pkt) - (const unsigned char *)s->init_buf->data;
- hashsize = EVP_MD_size(md);
+ hashsize = EVP_MD_get_size(md);
if (!PACKET_get_length_prefixed_2(pkt, &binders)) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 82bb013865..88b34c6ad1 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2083,7 +2083,8 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
goto err;
}
- if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp),
+ if (!ssl_security(s, SSL_SECOP_TMP_DH,
+ EVP_PKEY_get_security_bits(peer_tmp),
0, peer_tmp)) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_DH_KEY_TOO_SMALL);
goto err;
@@ -2258,7 +2259,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
}
if (SSL_USE_SIGALGS(s))
OSSL_TRACE1(TLS, "USING TLSv1.2 HASH %s\n",
- md == NULL ? "n/a" : EVP_MD_name(md));
+ md == NULL ? "n/a" : EVP_MD_get0_name(md));
if (!PACKET_get_length_prefixed_2(pkt, &signature)
|| PACKET_remaining(pkt) != 0) {
@@ -2273,7 +2274,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
}
if (EVP_DigestVerifyInit_ex(md_ctx, &pctx,
- md == NULL ? NULL : EVP_MD_name(md),
+ md == NULL ? NULL : EVP_MD_get0_name(md),
s->ctx->libctx, s->ctx->propq, pkey,
NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
@@ -2589,7 +2590,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
/* This is a standalone message in TLSv1.3, so there is no more to read */
if (SSL_IS_TLS13(s)) {
const EVP_MD *md = ssl_handshake_md(s);
- int hashleni = EVP_MD_size(md);
+ int hashleni = EVP_MD_get_size(md);
size_t hashlen;
static const unsigned char nonce_label[] = "resumption";
@@ -2942,7 +2943,7 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
* stack, we need to zero pad the DHE pub key to the same length
* as the prime.
*/
- prime_len = EVP_PKEY_size(ckey);
+ prime_len = EVP_PKEY_get_size(ckey);
pad_len = prime_len - encoded_pub_len;
if (pad_len > 0) {
if (!WPACKET_sub_allocate_bytes_u16(pkt, pad_len, &keybytes)) {
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
index 1fcd064ea6..8c588fd590 100644
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -132,17 +132,17 @@ int dtls1_do_write(SSL *s, int type)
if (s->write_hash) {
if (s->enc_write_ctx
- && (EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) &
+ && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) &
EVP_CIPH_FLAG_AEAD_CIPHER) != 0)
mac_size = 0;
else
- mac_size = EVP_MD_CTX_size(s->write_hash);
+ mac_size = EVP_MD_CTX_get_size(s->write_hash);
} else
mac_size = 0;
if (s->enc_write_ctx &&
- (EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE))
- blocksize = 2 * EVP_CIPHER_CTX_block_size(s->enc_write_ctx);
+ (EVP_CIPHER_CTX_get_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE))
+ blocksize = 2 * EVP_CIPHER_CTX_get_block_size(s->enc_write_ctx);
else
blocksize = 0;
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 800a957ab2..eef2fe4367 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -309,7 +309,8 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
goto err;
}
- if (EVP_DigestSignInit_ex(mctx, &pctx, md == NULL ? NULL : EVP_MD_name(md),
+ if (EVP_DigestSignInit_ex(mctx, &pctx,
+ md == NULL ? NULL : EVP_MD_get0_name(md),
s->ctx->libctx, s->ctx->propq, pkey,
NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
@@ -451,7 +452,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
if (SSL_USE_SIGALGS(s))
OSSL_TRACE1(TLS, "USING TLSv1.2 HASH %s\n",
- md == NULL ? "n/a" : EVP_MD_name(md));
+ md == NULL ? "n/a" : EVP_MD_get0_name(md));
/* Check for broken implementations of GOST ciphersuites */
/*
@@ -461,10 +462,10 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
#ifndef OPENSSL_NO_GOST
if (!SSL_USE_SIGALGS(s)
&& ((PACKET_remaining(pkt) == 64
- && (EVP_PKEY_id(pkey) == NID_id_GostR3410_2001
- || EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_256))
+ && (EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2001
+ || EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2012_256))
|| (PACKET_remaining(pkt) == 128
- && EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_512))) {
+ && EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2012_512))) {
len = PACKET_remaining(pkt);
} else
#endif
@@ -484,10 +485,10 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
}
OSSL_TRACE1(TLS, "Using client verify alg %s\n",
- md == NULL ? "n/a" : EVP_MD_name(md));
+ md == NULL ? "n/a" : EVP_MD_get0_name(md));
if (EVP_DigestVerifyInit_ex(mctx, &pctx,
- md == NULL ? NULL : EVP_MD_name(md),
+ md == NULL ? NULL : EVP_MD_get0_name(md),
s->ctx->libctx, s->ctx->propq, pkey,
NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
@@ -495,7 +496,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
}
#ifndef OPENSSL_NO_GOST
{
- int pktype = EVP_PKEY_id(pkey);
+ int pktype = EVP_PKEY_get_id(pkey);
if (pktype == NID_id_GostR3410_2001
|| pktype == NID_id_GostR3410_2012_256
|| pktype == NID_id_GostR3410_2012_512) {
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 15bcdae387..a954097a39 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2480,7 +2480,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
goto err;
}
if (!ssl_security(s, SSL_SECOP_TMP_DH,
- EVP_PKEY_security_bits(pkdhp), 0, pkdhp)) {
+ EVP_PKEY_get_security_bits(pkdhp), 0, pkdhp)) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_DH_KEY_TOO_SMALL);
goto err;
}
@@ -2678,7 +2678,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
}
if (EVP_DigestSignInit_ex(md_ctx, &pctx,
- md == NULL ? NULL : EVP_MD_name(md),
+ md == NULL ? NULL : EVP_MD_get0_name(md),
s->ctx->libctx, s->ctx->propq, pkey,
NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@@ -3766,7 +3766,7 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add,
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CALLBACK_FAILED);
goto err;
}
- iv_len = EVP_CIPHER_CTX_iv_length(ctx);
+ iv_len = EVP_CIPHER_CTX_get_iv_length(ctx);
} else {
EVP_CIPHER *cipher = EVP_CIPHER_fetch(s->ctx->libctx, "AES-256-CBC",
s->ctx->propq);
@@ -3777,7 +3777,7 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add,
goto err;
}
- iv_len = EVP_CIPHER_iv_length(cipher);
+ iv_len = EVP_CIPHER_get_iv_length(cipher);
if (iv_len < 0
|| RAND_bytes_ex(s->ctx->libctx, iv, iv_len, 0) <= 0
|| !EVP_EncryptInit_ex(ctx, cipher, NULL,
@@ -3875,7 +3875,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
uint64_t nonce;
static const unsigned char nonce_label[] = "resumption";
const EVP_MD *md = ssl_handshake_md(s);
- int hashleni = EVP_MD_size(md);
+ int hashleni = EVP_MD_get_size(md);
/* Ensure cast to size_t is safe */
if (!ossl_assert(hashleni >= 0)) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 12:22:31 +0000