From d38b6ae96fa810891e38d2f952ff7fe857be80c9 Mon Sep 17 00:00:00 2001 From: Pauli Date: Tue, 2 Mar 2021 22:41:10 +1000 Subject: [PATCH] ssl: support params arguments to init functions Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) --- ssl/s3_lib.c | 4 ++-- ssl/statem/extensions.c | 2 +- ssl/statem/extensions_srvr.c | 4 ++-- ssl/statem/statem_clnt.c | 3 ++- ssl/statem/statem_lib.c | 6 ++++-- ssl/statem/statem_srvr.c | 3 ++- ssl/t1_enc.c | 3 ++- 7 files changed, 15 insertions(+), 10 deletions(-) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 8eb0f7c864..19ae6d9a28 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4827,7 +4827,7 @@ int ssl_decapsulate(SSL *s, EVP_PKEY *privkey, pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq); - if (EVP_PKEY_decapsulate_init(pctx) <= 0 + if (EVP_PKEY_decapsulate_init(pctx, NULL) <= 0 || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -4877,7 +4877,7 @@ int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey, pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pubkey, s->ctx->propq); - if (EVP_PKEY_encapsulate_init(pctx) <= 0 + if (EVP_PKEY_encapsulate_init(pctx, NULL) <= 0 || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0 || pmslen == 0 || ctlen == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 13e5f5a8e5..5e21ff8593 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1570,7 +1570,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, bindersize = hashsize; if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_name(md), s->ctx->libctx, - s->ctx->propq, mackey) <= 0 + s->ctx->propq, mackey, NULL) <= 0 || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0 || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0 || bindersize != hashsize) { diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 28fb039424..8462a67c1a 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -734,7 +734,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, hmaclen = SHA256_DIGEST_LENGTH; if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->libctx, - s->ctx->propq, pkey) <= 0 + s->ctx->propq, pkey, NULL) <= 0 || EVP_DigestSign(hctx, hmac, &hmaclen, data, rawlen - SHA256_DIGEST_LENGTH) <= 0 || hmaclen != SHA256_DIGEST_LENGTH) { @@ -1796,7 +1796,7 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, } if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->libctx, - s->ctx->propq, pkey) <= 0 + s->ctx->propq, pkey, NULL) <= 0 || EVP_DigestSign(hctx, hmac, &hmaclen, cookie, totcookielen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index e5a255d75d..c60b259e1f 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2272,7 +2272,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) if (EVP_DigestVerifyInit_ex(md_ctx, &pctx, md == NULL ? NULL : EVP_MD_name(md), - s->ctx->libctx, s->ctx->propq, pkey) <= 0) { + s->ctx->libctx, s->ctx->propq, pkey, + NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index a7ed843aa4..800a957ab2 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -310,7 +310,8 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) } if (EVP_DigestSignInit_ex(mctx, &pctx, md == NULL ? NULL : EVP_MD_name(md), - s->ctx->libctx, s->ctx->propq, pkey) <= 0) { + s->ctx->libctx, s->ctx->propq, pkey, + NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -487,7 +488,8 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) if (EVP_DigestVerifyInit_ex(mctx, &pctx, md == NULL ? NULL : EVP_MD_name(md), - s->ctx->libctx, s->ctx->propq, pkey) <= 0) { + s->ctx->libctx, s->ctx->propq, pkey, + NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index d1138e45d5..4c2ca4e6e5 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2672,7 +2672,8 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) if (EVP_DigestSignInit_ex(md_ctx, &pctx, md == NULL ? NULL : EVP_MD_name(md), - s->ctx->libctx, s->ctx->propq, pkey) <= 0) { + s->ctx->libctx, s->ctx->propq, pkey, + NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index bb0ee0c5d4..e45fdea0cb 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -378,7 +378,8 @@ int tls1_change_cipher_state(SSL *s, int which) } if (mac_key == NULL || EVP_DigestSignInit_ex(mac_ctx, NULL, EVP_MD_name(m), - s->ctx->libctx, s->ctx->propq, mac_key) <= 0) { + s->ctx->libctx, s->ctx->propq, mac_key, + NULL) <= 0) { EVP_PKEY_free(mac_key); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; -- 2.39.5