#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
-#include <openssl/hmac.h>
#include <openssl/x509.h>
#include <openssl/dh.h>
#include <openssl/bn.h>
goto err;
}
- s->s3.tmp.pkey = ssl_generate_pkey(pkdhp);
+ s->s3.tmp.pkey = ssl_generate_pkey(s, pkdhp);
if (s->s3.tmp.pkey == NULL) {
/* SSLfatal() already called */
goto err;
EVP_PKEY *pkey = s->s3.tmp.cert->privatekey;
const EVP_MD *md;
unsigned char *sigbytes1, *sigbytes2, *tbs;
- size_t siglen, tbslen;
- int rv;
+ size_t siglen = 0, tbslen;
- if (pkey == NULL || !tls1_lookup_md(lu, &md)) {
+ if (pkey == NULL || !tls1_lookup_md(s->ctx, lu, &md)) {
/* Should never happen */
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto err;
}
- /*
- * Create the signature. We don't know the actual length of the sig
- * until after we've created it, so we reserve enough bytes for it
- * up front, and then properly allocate them in the WPACKET
- * afterwards.
- */
- siglen = EVP_PKEY_size(pkey);
- if (!WPACKET_sub_reserve_bytes_u16(pkt, siglen, &sigbytes1)
- || EVP_DigestSignInit(md_ctx, &pctx, md, NULL, pkey) <= 0) {
+
+ if (EVP_DigestSignInit(md_ctx, &pctx, md, NULL, pkey) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
/* SSLfatal() already called */
goto err;
}
- rv = EVP_DigestSign(md_ctx, sigbytes1, &siglen, tbs, tbslen);
- OPENSSL_free(tbs);
- if (rv <= 0 || !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2)
- || sigbytes1 != sigbytes2) {
+
+ if (EVP_DigestSign(md_ctx, NULL, &siglen, tbs, tbslen) <=0
+ || !WPACKET_sub_reserve_bytes_u16(pkt, siglen, &sigbytes1)
+ || EVP_DigestSign(md_ctx, sigbytes1, &siglen, tbs, tbslen) <= 0
+ || !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2)
+ || sigbytes1 != sigbytes2) {
+ OPENSSL_free(tbs);
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto err;
}
+ OPENSSL_free(tbs);
}
EVP_MD_CTX_free(md_ctx);
OPENSSL_free(s->pha_context);
s->pha_context_len = 32;
if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL
- || RAND_bytes(s->pha_context, s->pha_context_len) <= 0
+ || RAND_bytes_ex(s->ctx->libctx, s->pha_context,
+ s->pha_context_len) <= 0
|| !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
}
}
- /*
- * We want to be sure that the plaintext buffer size makes it safe to
- * iterate over the entire size of a premaster secret
- * (SSL_MAX_MASTER_KEY_LENGTH). Reject overly short RSA keys because
- * their ciphertext cannot accommodate a premaster secret anyway.
- */
- if (EVP_PKEY_size(rsa) < RSA_PKCS1_PADDING_SIZE
- + SSL_MAX_MASTER_KEY_LENGTH) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
- RSA_R_KEY_SIZE_TOO_SMALL);
- return 0;
- }
-
outlen = SSL_MAX_MASTER_KEY_LENGTH;
rsa_decrypt = OPENSSL_malloc(outlen);
if (rsa_decrypt == NULL) {
return 0;
}
- ctx = EVP_PKEY_CTX_new(rsa, NULL);
+ ctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, rsa, s->ctx->propq);
if (ctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
ERR_R_MALLOC_FAILURE);
pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
}
- pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
+ pkey_ctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pk, s->ctx->propq);
if (pkey_ctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
ERR_R_MALLOC_FAILURE);
{
unsigned char *senc = NULL;
EVP_CIPHER_CTX *ctx = NULL;
- HMAC_CTX *hctx = NULL;
+ SSL_HMAC *hctx = NULL;
unsigned char *p, *encdata1, *encdata2, *macdata1, *macdata2;
const unsigned char *const_p;
int len, slen_full, slen, lenfinal;
SSL_SESSION *sess;
- unsigned int hlen;
+ size_t hlen;
SSL_CTX *tctx = s->session_ctx;
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char key_name[TLSEXT_KEYNAME_LENGTH];
}
ctx = EVP_CIPHER_CTX_new();
- hctx = HMAC_CTX_new();
+ hctx = ssl_hmac_new(tctx);
if (ctx == NULL || hctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
ERR_R_MALLOC_FAILURE);
* Initialize HMAC and cipher contexts. If callback present it does
* all the work otherwise use generated values from parent ctx.
*/
- if (tctx->ext.ticket_key_cb) {
- /* if 0 is returned, write an empty ticket */
- int ret = tctx->ext.ticket_key_cb(s, key_name, iv, ctx,
- hctx, 1);
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+ if (tctx->ext.ticket_key_evp_cb != NULL || tctx->ext.ticket_key_cb != NULL)
+#else
+ if (tctx->ext.ticket_key_evp_cb != NULL)
+#endif
+ {
+ int ret = 0;
+
+ if (tctx->ext.ticket_key_evp_cb != NULL)
+ ret = tctx->ext.ticket_key_evp_cb(s, key_name, iv, ctx,
+ ssl_hmac_get0_EVP_MAC_CTX(hctx),
+ 1);
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+ else if (tctx->ext.ticket_key_cb != NULL)
+ /* if 0 is returned, write an empty ticket */
+ ret = tctx->ext.ticket_key_cb(s, key_name, iv, ctx,
+ ssl_hmac_get0_HMAC_CTX(hctx), 1);
+#endif
if (ret == 0) {
}
OPENSSL_free(senc);
EVP_CIPHER_CTX_free(ctx);
- HMAC_CTX_free(hctx);
+ ssl_hmac_free(hctx);
return 1;
}
if (ret < 0) {
const EVP_CIPHER *cipher = EVP_aes_256_cbc();
iv_len = EVP_CIPHER_iv_length(cipher);
- if (RAND_bytes(iv, iv_len) <= 0
+ if (RAND_bytes_ex(s->ctx->libctx, iv, iv_len) <= 0
|| !EVP_EncryptInit_ex(ctx, cipher, NULL,
tctx->ext.secure->tick_aes_key, iv)
- || !HMAC_Init_ex(hctx, tctx->ext.secure->tick_hmac_key,
- sizeof(tctx->ext.secure->tick_hmac_key),
- EVP_sha256(), NULL)) {
+ || !ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key,
+ sizeof(tctx->ext.secure->tick_hmac_key),
+ "SHA256")) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
ERR_R_INTERNAL_ERROR);
goto err;
|| encdata1 + len != encdata2
|| len + lenfinal > slen + EVP_MAX_BLOCK_LENGTH
|| !WPACKET_get_total_written(pkt, &macendoffset)
- || !HMAC_Update(hctx,
- (unsigned char *)s->init_buf->data + macoffset,
- macendoffset - macoffset)
+ || !ssl_hmac_update(hctx,
+ (unsigned char *)s->init_buf->data + macoffset,
+ macendoffset - macoffset)
|| !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &macdata1)
- || !HMAC_Final(hctx, macdata1, &hlen)
+ || !ssl_hmac_final(hctx, macdata1, &hlen, EVP_MAX_MD_SIZE)
|| hlen > EVP_MAX_MD_SIZE
|| !WPACKET_allocate_bytes(pkt, hlen, &macdata2)
|| macdata1 != macdata2) {
err:
OPENSSL_free(senc);
EVP_CIPHER_CTX_free(ctx);
- HMAC_CTX_free(hctx);
+ ssl_hmac_free(hctx);
return ok;
}
/* SSLfatal() already called */
goto err;
}
- if (RAND_bytes(age_add_u.age_add_c, sizeof(age_add_u)) <= 0) {
+ if (RAND_bytes_ex(s->ctx->libctx, age_add_u.age_add_c,
+ sizeof(age_add_u)) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
ERR_R_INTERNAL_ERROR);