int ssl_evp_md_up_ref(const EVP_MD *md);
void ssl_evp_md_free(const EVP_MD *md);
-int tls_provider_set_tls_params(SSL_CONNECTION *s, EVP_CIPHER_CTX *ctx,
- const EVP_CIPHER *ciph,
- const EVP_MD *md);
-
void tls_engine_finish(ENGINE *e);
const EVP_CIPHER *tls_get_cipher_from_engine(int nid);
const EVP_MD *tls_get_digest_from_engine(int nid);
return ret;
}
-int tls_provider_set_tls_params(SSL_CONNECTION *s, EVP_CIPHER_CTX *ctx,
- const EVP_CIPHER *ciph,
- const EVP_MD *md)
-{
- /*
- * Provided cipher, the TLS padding/MAC removal is performed provider
- * side so we need to tell the ctx about our TLS version and mac size
- */
- OSSL_PARAM params[3], *pprm = params;
- size_t macsize = 0;
- int imacsize = -1;
-
- if ((EVP_CIPHER_get_flags(ciph) & EVP_CIPH_FLAG_AEAD_CIPHER) == 0
- /*
- * We look at s->ext.use_etm instead of SSL_READ_ETM() or
- * SSL_WRITE_ETM() because this test applies to both reading
- * and writing.
- */
- && !s->ext.use_etm)
- imacsize = EVP_MD_get_size(md);
- if (imacsize >= 0)
- macsize = (size_t)imacsize;
-
- *pprm++ = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION,
- &s->version);
- *pprm++ = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE,
- &macsize);
- *pprm = OSSL_PARAM_construct_end();
-
- if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- return 1;
-}
-
-
static int tls_iv_length_within_key_block(const EVP_CIPHER *c)
{
/* If GCM/CCM mode only part of IV comes from PRF */