diff options
author | Pauli <paul.dale@oracle.com> | 2020-05-26 23:26:46 +0200 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-05-28 05:54:33 +0200 |
commit | bac8d066a595454e3f4a75e6e155a9d5b99ce4ea (patch) | |
tree | 8e79945aea88f7339559ee61cc7f7262f43cc844 /test/ossl_shim | |
parent | fips: add AES OFB mode ciphers to FIPS provider. (diff) | |
download | openssl-bac8d066a595454e3f4a75e6e155a9d5b99ce4ea.tar.xz openssl-bac8d066a595454e3f4a75e6e155a9d5b99ce4ea.zip |
ossl_shim: use the correct ticket key call back.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11966)
Diffstat (limited to 'test/ossl_shim')
-rw-r--r-- | test/ossl_shim/ossl_shim.cc | 25 | ||||
-rw-r--r-- | test/ossl_shim/test_config.cc | 2 | ||||
-rw-r--r-- | test/ossl_shim/test_config.h | 2 |
3 files changed, 12 insertions, 17 deletions
diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc index 0bdf5dd451..3ebe31b7dd 100644 --- a/test/ossl_shim/ossl_shim.cc +++ b/test/ossl_shim/ossl_shim.cc @@ -7,11 +7,6 @@ * https://www.openssl.org/source/license.html */ -/* - * HMAC low level APIs are deprecated for public use but might be used here. - */ -#define OPENSSL_SUPPRESS_DEPRECATED - #if !defined(__STDC_FORMAT_MACROS) #define __STDC_FORMAT_MACROS #endif @@ -374,10 +369,11 @@ static int NewSessionCallback(SSL *ssl, SSL_SESSION *session) { return 1; } -#ifndef OPENSSL_NO_DEPRECATED_3_0 static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv, - EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, + EVP_CIPHER_CTX *ctx, EVP_MAC_CTX *hmac_ctx, int encrypt) { + OSSL_PARAM params[3], *p = params; + if (!encrypt) { if (GetTestState(ssl)->ticket_decrypt_done) { fprintf(stderr, "TicketKeyCallback called after completion.\n"); @@ -397,8 +393,14 @@ static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv, return 0; } - if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) || - !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) { + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "SHA256", 0); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, kZeros, + sizeof(kZeros)); + *p = OSSL_PARAM_construct_end(); + + if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt) + || !EVP_MAC_init(hmac_ctx) + || !EVP_MAC_CTX_set_params(hmac_ctx, params)) { return -1; } @@ -407,7 +409,6 @@ static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv, } return 1; } -#endif // kCustomExtensionValue is the extension value that the custom extension // callbacks will add. @@ -631,11 +632,9 @@ static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) { SSL_CTX_set_info_callback(ssl_ctx.get(), InfoCallback); SSL_CTX_sess_set_new_cb(ssl_ctx.get(), NewSessionCallback); -#ifndef OPENSSL_NO_DEPRECATED_3_0 if (config->use_ticket_callback) { - SSL_CTX_set_tlsext_ticket_key_cb(ssl_ctx.get(), TicketKeyCallback); + SSL_CTX_set_tlsext_ticket_key_evp_cb(ssl_ctx.get(), TicketKeyCallback); } -#endif if (config->enable_client_custom_extension && !SSL_CTX_add_client_custom_ext( diff --git a/test/ossl_shim/test_config.cc b/test/ossl_shim/test_config.cc index b1a3fa3920..a37d010d7a 100644 --- a/test/ossl_shim/test_config.cc +++ b/test/ossl_shim/test_config.cc @@ -63,9 +63,7 @@ const Flag<bool> kBoolFlags[] = { { "-use-export-context", &TestConfig::use_export_context }, { "-expect-ticket-renewal", &TestConfig::expect_ticket_renewal }, { "-expect-no-session", &TestConfig::expect_no_session }, -#ifndef OPENSSL_NO_DEPRECATED_3_0 { "-use-ticket-callback", &TestConfig::use_ticket_callback }, -#endif { "-renew-ticket", &TestConfig::renew_ticket }, { "-enable-client-custom-extension", &TestConfig::enable_client_custom_extension }, diff --git a/test/ossl_shim/test_config.h b/test/ossl_shim/test_config.h index 653554d995..6968a128ca 100644 --- a/test/ossl_shim/test_config.h +++ b/test/ossl_shim/test_config.h @@ -62,9 +62,7 @@ struct TestConfig { bool use_export_context = false; bool expect_ticket_renewal = false; bool expect_no_session = false; -#ifndef OPENSSL_NO_DEPRECATED_3_0 bool use_ticket_callback = false; -#endif bool renew_ticket = false; bool enable_client_custom_extension = false; bool enable_server_custom_extension = false; |