*/
#include <stdio.h>
-#include "ssl_locl.h"
+#include "ssl_local.h"
#include <openssl/evp.h>
#include <openssl/md5.h>
+#include <openssl/core_names.h>
#include "internal/cryptlib.h"
static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
{
+ EVP_MD *md5;
EVP_MD_CTX *m5;
EVP_MD_CTX *s1;
unsigned char buf[16], smd[SHA_DIGEST_LENGTH];
c = os_toascii[c]; /* 'A' in ASCII */
#endif
k = 0;
+ md5 = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_MD5, "-fips");
m5 = EVP_MD_CTX_new();
s1 = EVP_MD_CTX_new();
- if (m5 == NULL || s1 == NULL) {
+ if (md5 == NULL || m5 == NULL || s1 == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK,
ERR_R_MALLOC_FAILURE);
goto err;
}
- EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
k++;
if (k > sizeof(buf)) {
|| !EVP_DigestUpdate(s1, s->s3.server_random, SSL3_RANDOM_SIZE)
|| !EVP_DigestUpdate(s1, s->s3.client_random, SSL3_RANDOM_SIZE)
|| !EVP_DigestFinal_ex(s1, smd, NULL)
- || !EVP_DigestInit_ex(m5, EVP_md5(), NULL)
+ || !EVP_DigestInit_ex(m5, md5, NULL)
|| !EVP_DigestUpdate(m5, s->session->master_key,
s->session->master_key_length)
|| !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) {
err:
EVP_MD_CTX_free(m5);
EVP_MD_CTX_free(s1);
+ ssl_evp_md_free(md5);
return ret;
}
if (s->s3.tmp.key_block_length != 0)
return 1;
- if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) {
+ if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, &comp,
+ 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK,
SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
return 0;
}
+ ssl_evp_cipher_free(s->s3.tmp.new_sym_enc);
s->s3.tmp.new_sym_enc = c;
+ ssl_evp_md_free(s->s3.tmp.new_hash);
s->s3.tmp.new_hash = hash;
#ifdef OPENSSL_NO_COMP
s->s3.tmp.new_compression = NULL;
return 1;
}
+void ssl3_digest_master_key_set_params(const SSL_SESSION *session,
+ OSSL_PARAM params[])
+{
+ int n = 0;
+ params[n++] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
+ (void *)session->master_key,
+ session->master_key_length);
+ params[n++] = OSSL_PARAM_construct_end();
+}
+
size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
unsigned char *p)
{
goto err;
}
- if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0)
- || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET,
- (int)s->session->master_key_length,
- s->session->master_key) <= 0
- || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
- ERR_R_INTERNAL_ERROR);
- ret = 0;
+ if (sender != NULL) {
+ OSSL_PARAM digest_cmd_params[3];
+
+ ssl3_digest_master_key_set_params(s->session, digest_cmd_params);
+
+ if (EVP_DigestUpdate(ctx, sender, len) <= 0
+ || EVP_MD_CTX_set_params(ctx, digest_cmd_params) <= 0
+ || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
+ ERR_R_INTERNAL_ERROR);
+ ret = 0;
+ }
}
err: