Make EVP_MD_CTX_ctrl() work for legacy use cases (ssl3).
[openssl.git] / ssl / statem / statem_lib.c
index e59b49b..e6d2478 100644 (file)
@@ -285,11 +285,14 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
         }
     }
     if (s->version == SSL3_VERSION) {
-        OSSL_PARAM digest_cmd_params[3];
-
-        ssl3_digest_master_key_set_params(s->session, digest_cmd_params);
         if (EVP_DigestSignUpdate(mctx, hdata, hdatalen) <= 0
-            || EVP_MD_CTX_set_params(mctx, digest_cmd_params) <= 0
+            /*
+             * TODO(3.0) Replace this when EVP_MD_CTX_ctrl() is deprecated
+             * with a call to ssl3_digest_master_key_set_params()
+             */
+            || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
+                               (int)s->session->master_key_length,
+                               s->session->master_key) <= 0
             || EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) {
 
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
@@ -474,11 +477,14 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
         }
     }
     if (s->version == SSL3_VERSION) {
-        OSSL_PARAM digest_cmd_params[3];
-
-        ssl3_digest_master_key_set_params(s->session, digest_cmd_params);
+        /*
+         * TODO(3.0) Replace this when EVP_MD_CTX_ctrl() is deprecated
+         * with a call to ssl3_digest_master_key_set_params()
+         */
         if (EVP_DigestVerifyUpdate(mctx, hdata, hdatalen) <= 0
-                || EVP_MD_CTX_set_params(mctx, digest_cmd_params) <= 0) {
+                || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
+                                   (int)s->session->master_key_length,
+                                    s->session->master_key) <= 0) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
                      ERR_R_EVP_LIB);
             goto err;