/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
return ret ? 1 : 0;
err:
+ evp_pkey_ctx_free_old_ops(ctx);
ctx->operation = EVP_PKEY_OP_UNDEFINED;
return 0;
*/
ERR_pop_to_mark();
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
return 0;
#else
if (ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
return ctx->op.kex.exchange->set_peer(ctx->op.kex.exchprovctx, provkey);
legacy:
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
return ret;
#else
/*
/*
* For clarity. The error is if parameters in peer are
- * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return
+ * present (!missing) but don't match. EVP_PKEY_parameters_eq may return
* 1 (match), 0 (don't match) and -2 (comparison is not defined). -1
* (different key types) is impossible here because it is checked earlier.
* -2 is OK for us here, as well as 1, so we can check for 0 only.
*/
if (!EVP_PKEY_missing_parameters(peer) &&
- !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) {
+ !EVP_PKEY_parameters_eq(ctx->pkey, peer)) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS);
return -1;
}