summaryrefslogtreecommitdiffstats
path: root/test/ossl_shim
diff options
context:
space:
mode:
authorPauli <paul.dale@oracle.com>2020-05-26 23:26:46 +0200
committerPauli <paul.dale@oracle.com>2020-05-28 05:54:33 +0200
commitbac8d066a595454e3f4a75e6e155a9d5b99ce4ea (patch)
tree8e79945aea88f7339559ee61cc7f7262f43cc844 /test/ossl_shim
parentfips: add AES OFB mode ciphers to FIPS provider. (diff)
downloadopenssl-bac8d066a595454e3f4a75e6e155a9d5b99ce4ea.tar.xz
openssl-bac8d066a595454e3f4a75e6e155a9d5b99ce4ea.zip
ossl_shim: use the correct ticket key call back.
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11966)
Diffstat (limited to 'test/ossl_shim')
-rw-r--r--test/ossl_shim/ossl_shim.cc25
-rw-r--r--test/ossl_shim/test_config.cc2
-rw-r--r--test/ossl_shim/test_config.h2
3 files changed, 12 insertions, 17 deletions
diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc
index 0bdf5dd451..3ebe31b7dd 100644
--- a/test/ossl_shim/ossl_shim.cc
+++ b/test/ossl_shim/ossl_shim.cc
@@ -7,11 +7,6 @@
* https://www.openssl.org/source/license.html
*/
-/*
- * HMAC low level APIs are deprecated for public use but might be used here.
- */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
#if !defined(__STDC_FORMAT_MACROS)
#define __STDC_FORMAT_MACROS
#endif
@@ -374,10 +369,11 @@ static int NewSessionCallback(SSL *ssl, SSL_SESSION *session) {
return 1;
}
-#ifndef OPENSSL_NO_DEPRECATED_3_0
static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
- EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
+ EVP_CIPHER_CTX *ctx, EVP_MAC_CTX *hmac_ctx,
int encrypt) {
+ OSSL_PARAM params[3], *p = params;
+
if (!encrypt) {
if (GetTestState(ssl)->ticket_decrypt_done) {
fprintf(stderr, "TicketKeyCallback called after completion.\n");
@@ -397,8 +393,14 @@ static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
return 0;
}
- if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) ||
- !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) {
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "SHA256", 0);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, kZeros,
+ sizeof(kZeros));
+ *p = OSSL_PARAM_construct_end();
+
+ if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)
+ || !EVP_MAC_init(hmac_ctx)
+ || !EVP_MAC_CTX_set_params(hmac_ctx, params)) {
return -1;
}
@@ -407,7 +409,6 @@ static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
}
return 1;
}
-#endif
// kCustomExtensionValue is the extension value that the custom extension
// callbacks will add.
@@ -631,11 +632,9 @@ static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) {
SSL_CTX_set_info_callback(ssl_ctx.get(), InfoCallback);
SSL_CTX_sess_set_new_cb(ssl_ctx.get(), NewSessionCallback);
-#ifndef OPENSSL_NO_DEPRECATED_3_0
if (config->use_ticket_callback) {
- SSL_CTX_set_tlsext_ticket_key_cb(ssl_ctx.get(), TicketKeyCallback);
+ SSL_CTX_set_tlsext_ticket_key_evp_cb(ssl_ctx.get(), TicketKeyCallback);
}
-#endif
if (config->enable_client_custom_extension &&
!SSL_CTX_add_client_custom_ext(
diff --git a/test/ossl_shim/test_config.cc b/test/ossl_shim/test_config.cc
index b1a3fa3920..a37d010d7a 100644
--- a/test/ossl_shim/test_config.cc
+++ b/test/ossl_shim/test_config.cc
@@ -63,9 +63,7 @@ const Flag<bool> kBoolFlags[] = {
{ "-use-export-context", &TestConfig::use_export_context },
{ "-expect-ticket-renewal", &TestConfig::expect_ticket_renewal },
{ "-expect-no-session", &TestConfig::expect_no_session },
-#ifndef OPENSSL_NO_DEPRECATED_3_0
{ "-use-ticket-callback", &TestConfig::use_ticket_callback },
-#endif
{ "-renew-ticket", &TestConfig::renew_ticket },
{ "-enable-client-custom-extension",
&TestConfig::enable_client_custom_extension },
diff --git a/test/ossl_shim/test_config.h b/test/ossl_shim/test_config.h
index 653554d995..6968a128ca 100644
--- a/test/ossl_shim/test_config.h
+++ b/test/ossl_shim/test_config.h
@@ -62,9 +62,7 @@ struct TestConfig {
bool use_export_context = false;
bool expect_ticket_renewal = false;
bool expect_no_session = false;
-#ifndef OPENSSL_NO_DEPRECATED_3_0
bool use_ticket_callback = false;
-#endif
bool renew_ticket = false;
bool enable_client_custom_extension = false;
bool enable_server_custom_extension = false;