s->tmp_session_id_len = sess_id_len;
session_id = s->tmp_session_id;
if (s->hello_retry_request == SSL_HRR_NONE
- && RAND_bytes(s->tmp_session_id, sess_id_len) <= 0) {
+ && RAND_bytes_ex(s->ctx->libctx, s->tmp_session_id,
+ sess_id_len) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
ERR_R_INTERNAL_ERROR);
* In TLSv1.3 it is valid for the server to select a different
* ciphersuite as long as the hash is the same.
*/
- if (ssl_md(c->algorithm2)
- != ssl_md(s->session->cipher->algorithm2)) {
+ if (ssl_md(s->ctx, c->algorithm2)
+ != ssl_md(s->ctx, s->session->cipher->algorithm2)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
SSL_F_SET_CLIENT_CIPHERSUITE,
SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED);
}
bnpub_key = NULL;
- if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {
- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
- SSL_R_DH_KEY_TOO_SMALL);
- goto err;
- }
-
if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
ERR_R_EVP_LIB);
goto err;
}
+ dh = NULL;
+
+ if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp),
+ 0, EVP_PKEY_get0_DH(peer_tmp))) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
+ SSL_R_DH_KEY_TOO_SMALL);
+ goto err;
+ }
s->s3.peer_tmp = peer_tmp;
return 0;
}
- if ((s->s3.peer_tmp = ssl_generate_param_group(curve_id)) == NULL) {
+ if ((s->s3.peer_tmp = ssl_generate_param_group(s, curve_id)) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
return 0;
/* if it was signed, check the signature */
if (pkey != NULL) {
PACKET params;
- int maxsig;
const EVP_MD *md = NULL;
unsigned char *tbs;
size_t tbslen;
goto err;
}
- if (!tls1_lookup_md(s->s3.tmp.peer_sigalg, &md)) {
+ if (!tls1_lookup_md(s->ctx, s->s3.tmp.peer_sigalg, &md)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto err;
SSL_R_LENGTH_MISMATCH);
goto err;
}
- maxsig = EVP_PKEY_size(pkey);
- if (maxsig < 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
- ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- /*
- * Check signature length
- */
- if (PACKET_remaining(&signature) > (size_t)maxsig) {
- /* wrong packet length */
- SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
- SSL_R_WRONG_SIGNATURE_LENGTH);
- goto err;
- }
md_ctx = EVP_MD_CTX_new();
if (md_ctx == NULL) {
goto err;
}
- if (EVP_DigestVerifyInit(md_ctx, &pctx, md, NULL, pkey) <= 0) {
+ if (EVP_DigestVerifyInit_ex(md_ctx, &pctx,
+ md == NULL ? NULL : EVP_MD_name(md),
+ s->ctx->propq, pkey, s->ctx->libctx) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
ERR_R_EVP_LIB);
goto err;
unsigned int sess_len;
RAW_EXTENSION *exts = NULL;
PACKET nonce;
+ EVP_MD *sha256 = NULL;
PACKET_null_init(&nonce);
* other way is to set zero length session ID when the ticket is
* presented and rely on the handshake to determine session resumption.
* We choose the former approach because this fits in with assumptions
- * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
- * SHA256 is disabled) hash of the ticket.
+ * elsewhere in OpenSSL. The session ID is set to the SHA256 hash of the
+ * ticket.
*/
+ sha256 = EVP_MD_fetch(s->ctx->libctx, "SHA2-256", s->ctx->propq);
+ if (sha256 == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+ SSL_R_ALGORITHM_FETCH_FAILED);
+ goto err;
+ }
/*
* TODO(size_t): we use sess_len here because EVP_Digest expects an int
* but s->session->session_id_length is a size_t
*/
if (!EVP_Digest(s->session->ext.tick, ticklen,
s->session->session_id, &sess_len,
- EVP_sha256(), NULL)) {
+ sha256, NULL)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
ERR_R_EVP_LIB);
goto err;
}
+ EVP_MD_free(sha256);
+ sha256 = NULL;
s->session->session_id_length = sess_len;
s->session->not_resumable = 0;
return MSG_PROCESS_CONTINUE_READING;
err:
+ EVP_MD_free(sha256);
OPENSSL_free(exts);
return MSG_PROCESS_ERROR;
}
pms[0] = s->client_version >> 8;
pms[1] = s->client_version & 0xff;
/* TODO(size_t): Convert this function */
- if (RAND_bytes(pms + 2, (int)(pmslen - 2)) <= 0) {
+ if (RAND_bytes_ex(s->ctx->libctx, pms + 2, (int)(pmslen - 2)) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
ERR_R_MALLOC_FAILURE);
goto err;
ERR_R_INTERNAL_ERROR);
goto err;
}
- pctx = EVP_PKEY_CTX_new(pkey, NULL);
+
+ pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pkey, s->ctx->propq);
if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0
|| EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
goto err;
}
- ckey = ssl_generate_pkey(skey);
+ ckey = ssl_generate_pkey(s, skey);
if (ckey == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
ERR_R_INTERNAL_ERROR);
return 0;
}
- ckey = ssl_generate_pkey(skey);
+ ckey = ssl_generate_pkey(s, skey);
if (ckey == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,
ERR_R_MALLOC_FAILURE);
* Get server certificate PKEY and create ctx from it
*/
peer_cert = s->session->peer;
- if (!peer_cert) {
+ if (peer_cert == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_CONSTRUCT_CKE_GOST,
SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
return 0;
}
- pkey_ctx = EVP_PKEY_CTX_new(X509_get0_pubkey(peer_cert), NULL);
+ pkey_ctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx,
+ X509_get0_pubkey(peer_cert),
+ s->ctx->propq);
if (pkey_ctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
ERR_R_MALLOC_FAILURE);
/* Generate session key
* TODO(size_t): Convert this function
*/
- || RAND_bytes(pms, (int)pmslen) <= 0) {
+ || RAND_bytes_ex(s->ctx->libctx, pms, (int)pmslen) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
ERR_R_INTERNAL_ERROR);
goto err;