projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
EVP & TLS: Add necessary EC_KEY data extraction functions, and use them
[openssl.git]
/
ssl
/
statem
/
statem_lib.c
diff --git
a/ssl/statem/statem_lib.c
b/ssl/statem/statem_lib.c
index 812dabe860ced46c4e43ddbda975c71e00973ce8..71a259e8f04d3842045b36e81c64a3616c9d0217 100644
(file)
--- a/
ssl/statem/statem_lib.c
+++ b/
ssl/statem/statem_lib.c
@@
-14,6
+14,7
@@
#include "../ssl_local.h"
#include "statem_local.h"
#include "internal/cryptlib.h"
#include "../ssl_local.h"
#include "statem_local.h"
#include "internal/cryptlib.h"
+#include "internal/evp.h"
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
@@
-272,7
+273,9
@@
int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
goto err;
}
goto err;
}
- if (EVP_DigestSignInit(mctx, &pctx, md, NULL, pkey) <= 0) {
+ if (EVP_DigestSignInit_ex(mctx, &pctx,
+ md == NULL ? NULL : EVP_MD_name(md),
+ s->ctx->propq, pkey, s->ctx->libctx) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
ERR_R_EVP_LIB);
goto err;
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
ERR_R_EVP_LIB);
goto err;
@@
-465,7
+468,9
@@
MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
OSSL_TRACE1(TLS, "Using client verify alg %s\n",
md == NULL ? "n/a" : EVP_MD_name(md));
OSSL_TRACE1(TLS, "Using client verify alg %s\n",
md == NULL ? "n/a" : EVP_MD_name(md));
- if (EVP_DigestVerifyInit(mctx, &pctx, md, NULL, pkey) <= 0) {
+ if (EVP_DigestVerifyInit_ex(mctx, &pctx,
+ md == NULL ? NULL : EVP_MD_name(md),
+ s->ctx->propq, pkey, s->ctx->libctx) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
ERR_R_EVP_LIB);
goto err;
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
ERR_R_EVP_LIB);
goto err;
@@
-1527,7
+1532,6
@@
static int is_tls13_capable(const SSL *s)
int i;
#ifndef OPENSSL_NO_EC
int curve;
int i;
#ifndef OPENSSL_NO_EC
int curve;
- EC_KEY *eckey;
#endif
#ifndef OPENSSL_NO_PSK
#endif
#ifndef OPENSSL_NO_PSK
@@
-1559,10
+1563,8
@@
static int is_tls13_capable(const SSL *s)
* more restrictive so check that our sig algs are consistent with this
* EC cert. See section 4.2.3 of RFC8446.
*/
* more restrictive so check that our sig algs are consistent with this
* EC cert. See section 4.2.3 of RFC8446.
*/
- eckey = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
- if (eckey == NULL)
- continue;
- curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey));
+ curve = evp_pkey_get_EC_KEY_curve_nid(s->cert->pkeys[SSL_PKEY_ECC]
+ .privatekey);
if (tls_check_sigalg_curve(s, curve))
return 1;
#else
if (tls_check_sigalg_curve(s, curve))
return 1;
#else