ssl: support params arguments to init functions

Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14383)
2024-11-27 05:21:51 +08:00 · 2021-03-02 22:41:10 +10:00 · 2021-03-02 22:41:10 +10:00 · d38b6ae96f
commit d38b6ae96f
parent ebbf3563bd
7 changed files with 15 additions and 10 deletions
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@ -4827,7 +4827,7 @@ int ssl_decapsulate(SSL *s, EVP_PKEY *privkey,

    pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq);

-    if (EVP_PKEY_decapsulate_init(pctx) <= 0
+    if (EVP_PKEY_decapsulate_init(pctx, NULL) <= 0
            || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) {
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
        goto err;
@ -4877,7 +4877,7 @@ int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey,

    pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pubkey, s->ctx->propq);

-    if (EVP_PKEY_encapsulate_init(pctx) <= 0
+    if (EVP_PKEY_encapsulate_init(pctx, NULL) <= 0
            || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0
            || pmslen == 0 || ctlen == 0) {
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@ -1570,7 +1570,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,

    bindersize = hashsize;
    if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_name(md), s->ctx->libctx,
-                              s->ctx->propq, mackey) <= 0
+                              s->ctx->propq, mackey, NULL) <= 0
            || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0
            || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0
            || bindersize != hashsize) {
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@ -734,7 +734,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,

    hmaclen = SHA256_DIGEST_LENGTH;
    if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->libctx,
-                              s->ctx->propq, pkey) <= 0
+                              s->ctx->propq, pkey, NULL) <= 0
            || EVP_DigestSign(hctx, hmac, &hmaclen, data,
                              rawlen - SHA256_DIGEST_LENGTH) <= 0
            || hmaclen != SHA256_DIGEST_LENGTH) {
@ -1796,7 +1796,7 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
    }

    if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->libctx,
-                              s->ctx->propq, pkey) <= 0
+                              s->ctx->propq, pkey, NULL) <= 0
            || EVP_DigestSign(hctx, hmac, &hmaclen, cookie,
                              totcookielen) <= 0) {
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@ -2272,7 +2272,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)

        if (EVP_DigestVerifyInit_ex(md_ctx, &pctx,
                                    md == NULL ? NULL : EVP_MD_name(md),
-                                    s->ctx->libctx, s->ctx->propq, pkey) <= 0) {
+                                    s->ctx->libctx, s->ctx->propq, pkey,
+                                    NULL) <= 0) {
            SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
            goto err;
        }
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@ -310,7 +310,8 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
    }

    if (EVP_DigestSignInit_ex(mctx, &pctx, md == NULL ? NULL : EVP_MD_name(md),
-                              s->ctx->libctx, s->ctx->propq, pkey) <= 0) {
+                              s->ctx->libctx, s->ctx->propq, pkey,
+                              NULL) <= 0) {
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
        goto err;
    }
@ -487,7 +488,8 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)

    if (EVP_DigestVerifyInit_ex(mctx, &pctx,
                                md == NULL ? NULL : EVP_MD_name(md),
-                                s->ctx->libctx, s->ctx->propq, pkey) <= 0) {
+                                s->ctx->libctx, s->ctx->propq, pkey,
+                                NULL) <= 0) {
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
        goto err;
    }
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@ -2672,7 +2672,8 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)

        if (EVP_DigestSignInit_ex(md_ctx, &pctx,
                                  md == NULL ? NULL : EVP_MD_name(md),
-                                  s->ctx->libctx, s->ctx->propq, pkey) <= 0) {
+                                  s->ctx->libctx, s->ctx->propq, pkey,
+                                  NULL) <= 0) {
            SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
            goto err;
        }
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@ -378,7 +378,8 @@ int tls1_change_cipher_state(SSL *s, int which)
        }
        if (mac_key == NULL
            || EVP_DigestSignInit_ex(mac_ctx, NULL, EVP_MD_name(m),
-                                     s->ctx->libctx, s->ctx->propq, mac_key) <= 0) {
+                                     s->ctx->libctx, s->ctx->propq, mac_key,
+                                     NULL) <= 0) {
            EVP_PKEY_free(mac_key);
            SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
            goto err;