From 0ab18e7924727f7b613edc187f3a5074d0ce9bc6 Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Sun, 26 Jul 2020 17:32:05 +1000 Subject: Add EVP signature with libctx methods. -Added EVP_SignFinal_with_libctx() and EVP_VerifyFinal_with_libctx() -Renamed EVP_DigestSignInit_ex() and EVP_DigestVerifyInit_with_libctx() to EVP_DigestSignInit_with_libctx() and EVP_DigestVerifyInit_with_libctx() Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11884) --- ssl/statem/extensions.c | 5 +++-- ssl/statem/extensions_srvr.c | 9 +++++---- ssl/statem/statem_clnt.c | 7 ++++--- ssl/statem/statem_lib.c | 14 ++++++++------ ssl/statem/statem_srvr.c | 7 ++++--- 5 files changed, 24 insertions(+), 18 deletions(-) (limited to 'ssl/statem') diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 9086348618..1a8e3cf829 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1610,8 +1610,9 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, binderout = tmpbinder; bindersize = hashsize; - if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_name(md), s->ctx->propq, - mackey, s->ctx->libctx) <= 0 + if (EVP_DigestSignInit_with_libctx(mctx, NULL, EVP_MD_name(md), + s->ctx->libctx, s->ctx->propq, + mackey) <= 0 || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0 || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0 || bindersize != hashsize) { diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 27ddef9aaf..3eeafef828 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -784,8 +784,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } hmaclen = SHA256_DIGEST_LENGTH; - if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->propq, pkey, - s->ctx->libctx) <= 0 + if (EVP_DigestSignInit_with_libctx(hctx, NULL, "SHA2-256", + s->ctx->libctx, s->ctx->propq, pkey) <= 0 || EVP_DigestSign(hctx, hmac, &hmaclen, data, rawlen - SHA256_DIGEST_LENGTH) <= 0 || hmaclen != SHA256_DIGEST_LENGTH) { @@ -1873,8 +1873,9 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, goto err; } - if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->propq, pkey, - s->ctx->libctx) <= 0 + if (EVP_DigestSignInit_with_libctx(hctx, NULL, "SHA2-256", + s->ctx->libctx, s->ctx->propq, + pkey) <= 0 || EVP_DigestSign(hctx, hmac, &hmaclen, cookie, totcookielen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE, diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 4cd85ef609..ff48759436 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2377,9 +2377,10 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) goto err; } - if (EVP_DigestVerifyInit_ex(md_ctx, &pctx, - md == NULL ? NULL : EVP_MD_name(md), - s->ctx->propq, pkey, s->ctx->libctx) <= 0) { + if (EVP_DigestVerifyInit_with_libctx(md_ctx, &pctx, + md == NULL ? NULL : EVP_MD_name(md), + s->ctx->libctx, s->ctx->propq, + pkey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB); goto err; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index d8aab20e92..39ec4a92fd 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -277,9 +277,10 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) goto err; } - if (EVP_DigestSignInit_ex(mctx, &pctx, - md == NULL ? NULL : EVP_MD_name(md), - s->ctx->propq, pkey, s->ctx->libctx) <= 0) { + if (EVP_DigestSignInit_with_libctx(mctx, &pctx, + md == NULL ? NULL : EVP_MD_name(md), + s->ctx->libctx, s->ctx->propq, + pkey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, ERR_R_EVP_LIB); goto err; @@ -472,9 +473,10 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) OSSL_TRACE1(TLS, "Using client verify alg %s\n", md == NULL ? "n/a" : EVP_MD_name(md)); - if (EVP_DigestVerifyInit_ex(mctx, &pctx, - md == NULL ? NULL : EVP_MD_name(md), - s->ctx->propq, pkey, s->ctx->libctx) <= 0) { + if (EVP_DigestVerifyInit_with_libctx(mctx, &pctx, + md == NULL ? NULL : EVP_MD_name(md), + s->ctx->libctx, s->ctx->propq, + pkey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB); goto err; diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index b329e89379..c46254c858 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2807,9 +2807,10 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) goto err; } - if (EVP_DigestSignInit_ex(md_ctx, &pctx, - md == NULL ? NULL : EVP_MD_name(md), - s->ctx->propq, pkey, s->ctx->libctx) <= 0) { + if (EVP_DigestSignInit_with_libctx(md_ctx, &pctx, + md == NULL ? NULL : EVP_MD_name(md), + s->ctx->libctx, s->ctx->propq, + pkey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); -- cgit v1.2.3