#include "../ssl_local.h"
#include "statem_local.h"
#include "internal/cryptlib.h"
+#include "internal/evp.h"
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
goto err;
}
- if (EVP_DigestSignInit(mctx, &pctx, md, NULL, pkey) <= 0) {
+ if (EVP_DigestSignInit_ex(mctx, &pctx,
+ md == NULL ? NULL : EVP_MD_name(md),
+ s->ctx->propq, pkey, s->ctx->libctx) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
ERR_R_EVP_LIB);
goto err;
OSSL_TRACE1(TLS, "Using client verify alg %s\n",
md == NULL ? "n/a" : EVP_MD_name(md));
- if (EVP_DigestVerifyInit(mctx, &pctx, md, NULL, pkey) <= 0) {
+ if (EVP_DigestVerifyInit_ex(mctx, &pctx,
+ md == NULL ? NULL : EVP_MD_name(md),
+ s->ctx->propq, pkey, s->ctx->libctx) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
ERR_R_EVP_LIB);
goto err;
int i;
#ifndef OPENSSL_NO_EC
int curve;
- EC_KEY *eckey;
#endif
#ifndef OPENSSL_NO_PSK
* more restrictive so check that our sig algs are consistent with this
* EC cert. See section 4.2.3 of RFC8446.
*/
- eckey = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
- if (eckey == NULL)
- continue;
- curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey));
+ curve = evp_pkey_get_EC_KEY_curve_nid(s->cert->pkeys[SSL_PKEY_ECC]
+ .privatekey);
if (tls_check_sigalg_curve(s, curve))
return 1;
#else