generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Adjust all accesses to EVP_MD_CTX to use accessor functions.

Browse Source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Richard Levitte 2015-11-27 14:02:12 +01:00
parent 9b6c00707e
commit 6e59a892db
55 changed files with 749 additions and 577 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
apps/passwd.c
View File

@ -307,7 +307,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
char *salt_out; char *salt_out;
int n; int n;
unsigned int i; unsigned int i;
EVP_MD_CTX md, md2; EVP_MD_CTX *md, *md2;
size_t passwd_len, salt_len; size_t passwd_len, salt_len;
passwd_len = strlen(passwd); passwd_len = strlen(passwd);
@ -322,45 +322,50 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
salt_len = strlen(salt_out); salt_len = strlen(salt_out);
assert(salt_len <= 8); assert(salt_len <= 8);
EVP_MD_CTX_init(&md); md = EVP_MD_CTX_create();
EVP_DigestInit_ex(&md, EVP_md5(), NULL); if (md == NULL)
EVP_DigestUpdate(&md, passwd, passwd_len); return NULL;
EVP_DigestUpdate(&md, "$", 1); EVP_DigestInit_ex(md, EVP_md5(), NULL);
EVP_DigestUpdate(&md, magic, strlen(magic)); EVP_DigestUpdate(md, passwd, passwd_len);
EVP_DigestUpdate(&md, "$", 1); EVP_DigestUpdate(md, "$", 1);
EVP_DigestUpdate(&md, salt_out, salt_len); EVP_DigestUpdate(md, magic, strlen(magic));
EVP_DigestUpdate(md, "$", 1);
EVP_DigestUpdate(md, salt_out, salt_len);
EVP_MD_CTX_init(&md2); md2 = EVP_MD_CTX_create();
EVP_DigestInit_ex(&md2, EVP_md5(), NULL); if (md2 == NULL)
EVP_DigestUpdate(&md2, passwd, passwd_len); return NULL;
EVP_DigestUpdate(&md2, salt_out, salt_len); EVP_DigestInit_ex(md2, EVP_md5(), NULL);
EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(md2, passwd, passwd_len);
EVP_DigestFinal_ex(&md2, buf, NULL); EVP_DigestUpdate(md2, salt_out, salt_len);
EVP_DigestUpdate(md2, passwd, passwd_len);
EVP_DigestFinal_ex(md2, buf, NULL);
for (i = passwd_len; i > sizeof buf; i -= sizeof buf) for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
EVP_DigestUpdate(&md, buf, sizeof buf); EVP_DigestUpdate(md, buf, sizeof buf);
EVP_DigestUpdate(&md, buf, i); EVP_DigestUpdate(md, buf, i);
n = passwd_len; n = passwd_len;
while (n) { while (n) {
EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1); EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1);
n >>= 1; n >>= 1;
} }
EVP_DigestFinal_ex(&md, buf, NULL); EVP_DigestFinal_ex(md, buf, NULL);
for (i = 0; i < 1000; i++) { for (i = 0; i < 1000; i++) {
EVP_DigestInit_ex(&md2, EVP_md5(), NULL); EVP_DigestInit_ex(md2, EVP_md5(), NULL);
EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf, EVP_DigestUpdate(md2, (i & 1) ? (unsigned const char *)passwd : buf,
(i & 1) ? passwd_len : sizeof buf); (i & 1) ? passwd_len : sizeof buf);
if (i % 3) if (i % 3)
EVP_DigestUpdate(&md2, salt_out, salt_len); EVP_DigestUpdate(md2, salt_out, salt_len);
if (i % 7) if (i % 7)
EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(md2, passwd, passwd_len);
EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd, EVP_DigestUpdate(md2, (i & 1) ? buf : (unsigned const char *)passwd,
(i & 1) ? sizeof buf : passwd_len); (i & 1) ? sizeof buf : passwd_len);
EVP_DigestFinal_ex(&md2, buf, NULL); EVP_DigestFinal_ex(md2, buf, NULL);
} }
EVP_MD_CTX_cleanup(&md2); EVP_MD_CTX_destroy(md2);
EVP_MD_CTX_destroy(md);
{ {
/* transform buf into output string */ /* transform buf into output string */
@ -399,7 +404,6 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
*output = 0; *output = 0;
assert(strlen(out_buf) < sizeof(out_buf)); assert(strlen(out_buf) < sizeof(out_buf));
} }
EVP_MD_CTX_cleanup(&md);
return out_buf; return out_buf;
} }

44
apps/req.c
View File

@ -1492,7 +1492,8 @@ static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey,
EVP_PKEY_CTX *pkctx = NULL; EVP_PKEY_CTX *pkctx = NULL;
int i; int i;
EVP_MD_CTX_init(ctx); if (ctx == NULL)
return 0;
if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey)) if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey))
return 0; return 0;
for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) { for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
@ -1510,13 +1511,16 @@ int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts) STACK_OF(OPENSSL_STRING) *sigopts)
{ {
int rv; int rv;
EVP_MD_CTX mctx; EVP_MD_CTX *mctx = EVP_MD_CTX_create();
EVP_MD_CTX_init(&mctx); rv = do_sign_init(mctx, pkey, md, sigopts);
rv = do_sign_init(&mctx, pkey, md, sigopts); /* Note: X509_sign_ctx() calls ASN1_item_sign_ctx(), which destroys
* the EVP_MD_CTX we send it, so only destroy it here if the former
* isn't called */
if (rv > 0) if (rv > 0)
rv = X509_sign_ctx(x, &mctx); rv = X509_sign_ctx(x, mctx);
EVP_MD_CTX_cleanup(&mctx); else
EVP_MD_CTX_destroy(mctx);
return rv > 0 ? 1 : 0; return rv > 0 ? 1 : 0;
} }
@ -1524,13 +1528,15 @@ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts) STACK_OF(OPENSSL_STRING) *sigopts)
{ {
int rv; int rv;
EVP_MD_CTX mctx; EVP_MD_CTX *mctx = EVP_MD_CTX_create();
rv = do_sign_init(mctx, pkey, md, sigopts);
EVP_MD_CTX_init(&mctx); /* Note: X509_REQ_sign_ctx() calls ASN1_item_sign_ctx(), which destroys
rv = do_sign_init(&mctx, pkey, md, sigopts); * the EVP_MD_CTX we send it, so only destroy it here if the former
* isn't called */
if (rv > 0) if (rv > 0)
rv = X509_REQ_sign_ctx(x, &mctx); rv = X509_REQ_sign_ctx(x, mctx);
EVP_MD_CTX_cleanup(&mctx); else
EVP_MD_CTX_destroy(mctx);
return rv > 0 ? 1 : 0; return rv > 0 ? 1 : 0;
} }
@ -1538,12 +1544,14 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts) STACK_OF(OPENSSL_STRING) *sigopts)
{ {
int rv; int rv;
EVP_MD_CTX mctx; EVP_MD_CTX *mctx = EVP_MD_CTX_create();
rv = do_sign_init(mctx, pkey, md, sigopts);
EVP_MD_CTX_init(&mctx); /* Note: X509_CRL_sign_ctx() calls ASN1_item_sign_ctx(), which destroys
rv = do_sign_init(&mctx, pkey, md, sigopts); * the EVP_MD_CTX we send it, so only destroy it here if the former
* isn't called */
if (rv > 0) if (rv > 0)
rv = X509_CRL_sign_ctx(x, &mctx); rv = X509_CRL_sign_ctx(x, mctx);
EVP_MD_CTX_cleanup(&mctx); else
EVP_MD_CTX_destroy(mctx);
return rv > 0 ? 1 : 0; return rv > 0 ? 1 : 0;
} }

19
apps/ts.c
View File

@ -523,17 +523,22 @@ static int create_digest(BIO *input, char *digest, const EVP_MD *md,
return 0; return 0;
if (input) { if (input) {
EVP_MD_CTX md_ctx; EVP_MD_CTX *md_ctx = EVP_MD_CTX_create();
unsigned char buffer[4096]; unsigned char buffer[4096];
int length; int length;
*md_value = app_malloc(md_value_len, "digest buffer"); if (md_ctx == NULL)
EVP_DigestInit(&md_ctx, md);
while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) {
EVP_DigestUpdate(&md_ctx, buffer, length);
}
if (!EVP_DigestFinal(&md_ctx, *md_value, NULL))
return 0; return 0;
*md_value = app_malloc(md_value_len, "digest buffer");
EVP_DigestInit(md_ctx, md);
while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) {
EVP_DigestUpdate(md_ctx, buffer, length);
}
if (!EVP_DigestFinal(md_ctx, *md_value, NULL)) {
EVP_MD_CTX_destroy(md_ctx);
return 0;
}
EVP_MD_CTX_destroy(md_ctx);
} else { } else {
long digest_len; long digest_len;
*md_value = string_to_hex(digest, &digest_len); *md_value = string_to_hex(digest, &digest_len);

33
crypto/asn1/a_sign.c
View File

@ -131,12 +131,15 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
const EVP_MD *type) const EVP_MD *type)
{ {
EVP_MD_CTX ctx; EVP_MD_CTX *ctx = EVP_MD_CTX_create();
unsigned char *p, *buf_in = NULL, *buf_out = NULL; unsigned char *p, *buf_in = NULL, *buf_out = NULL;
int i, inl = 0, outl = 0, outll = 0; int i, inl = 0, outl = 0, outll = 0;
X509_ALGOR *a; X509_ALGOR *a;
EVP_MD_CTX_init(&ctx); if (ctx == NULL) {
ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
for (i = 0; i < 2; i++) { for (i = 0; i < 2; i++) {
if (i == 0) if (i == 0)
a = algor1; a = algor1;
@ -182,9 +185,9 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
p = buf_in; p = buf_in;
i2d(data, &p); i2d(data, &p);
if (!EVP_SignInit_ex(&ctx, type, NULL) if (!EVP_SignInit_ex(ctx, type, NULL)
|| !EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl) || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl)
|| !EVP_SignFinal(&ctx, (unsigned char *)buf_out, || !EVP_SignFinal(ctx, (unsigned char *)buf_out,
(unsigned int *)&outl, pkey)) { (unsigned int *)&outl, pkey)) {
outl = 0; outl = 0;
ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB); ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB);
@ -201,7 +204,7 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
err: err:
EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_destroy(ctx);
OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);
OPENSSL_clear_free((char *)buf_out, outll); OPENSSL_clear_free((char *)buf_out, outll);
return (outl); return (outl);
@ -213,13 +216,17 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn,
EVP_PKEY *pkey, const EVP_MD *type) EVP_PKEY *pkey, const EVP_MD *type)
{ {
EVP_MD_CTX ctx; EVP_MD_CTX *ctx = EVP_MD_CTX_create();
EVP_MD_CTX_init(&ctx);
if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) { if (ctx == NULL) {
EVP_MD_CTX_cleanup(&ctx); ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE);
return 0; return 0;
} }
return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx); if (!EVP_DigestSignInit(ctx, NULL, type, NULL, pkey)) {
EVP_MD_CTX_destroy(ctx);
return 0;
}
return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx);
} }
int ASN1_item_sign_ctx(const ASN1_ITEM *it, int ASN1_item_sign_ctx(const ASN1_ITEM *it,
@ -234,7 +241,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
int rv; int rv;
type = EVP_MD_CTX_md(ctx); type = EVP_MD_CTX_md(ctx);
pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
if (!type || !pkey) { if (!type || !pkey) {
ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
@ -307,7 +314,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
err: err:
EVP_MD_CTX_cleanup(ctx); EVP_MD_CTX_destroy(ctx);
OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);
OPENSSL_clear_free((char *)buf_out, outll); OPENSSL_clear_free((char *)buf_out, outll);
return (outl); return (outl);

33
crypto/asn1/a_verify.c
View File

@ -77,12 +77,15 @@
int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
char *data, EVP_PKEY *pkey) char *data, EVP_PKEY *pkey)
{ {
EVP_MD_CTX ctx; EVP_MD_CTX *ctx = EVP_MD_CTX_create();
const EVP_MD *type; const EVP_MD *type;
unsigned char *p, *buf_in = NULL; unsigned char *p, *buf_in = NULL;
int ret = -1, i, inl; int ret = -1, i, inl;
EVP_MD_CTX_init(&ctx); if (ctx == NULL) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
i = OBJ_obj2nid(a->algorithm); i = OBJ_obj2nid(a->algorithm);
type = EVP_get_digestbyname(OBJ_nid2sn(i)); type = EVP_get_digestbyname(OBJ_nid2sn(i));
if (type == NULL) { if (type == NULL) {
@ -104,8 +107,8 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
p = buf_in; p = buf_in;
i2d(data, &p); i2d(data, &p);
ret = EVP_VerifyInit_ex(&ctx, type, NULL) ret = EVP_VerifyInit_ex(ctx, type, NULL)
&& EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl); && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl);
OPENSSL_clear_free(buf_in, (unsigned int)inl); OPENSSL_clear_free(buf_in, (unsigned int)inl);
@ -115,7 +118,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
} }
ret = -1; ret = -1;
if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data, if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data,
(unsigned int)signature->length, pkey) <= 0) { (unsigned int)signature->length, pkey) <= 0) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
ret = 0; ret = 0;
@ -123,7 +126,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
} }
ret = 1; ret = 1;
err: err:
EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_destroy(ctx);
return (ret); return (ret);
} }
@ -132,7 +135,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
{ {
EVP_MD_CTX ctx; EVP_MD_CTX *ctx = NULL;
unsigned char *buf_in = NULL; unsigned char *buf_in = NULL;
int ret = -1, inl; int ret = -1, inl;
@ -148,7 +151,11 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
return -1; return -1;
} }
EVP_MD_CTX_init(&ctx); ctx = EVP_MD_CTX_create();
if (ctx == NULL) {
ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
/* Convert signature OID into digest and public key OIDs */ /* Convert signature OID into digest and public key OIDs */
if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) {
@ -161,7 +168,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
goto err; goto err;
} }
ret = pkey->ameth->item_verify(&ctx, it, asn, a, signature, pkey); ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey);
/* /*
* Return value of 2 means carry on, anything else means we exit * Return value of 2 means carry on, anything else means we exit
* straight away: either a fatal error of the underlying verification * straight away: either a fatal error of the underlying verification
@ -185,7 +192,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
goto err; goto err;
} }
if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) {
ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
ret = 0; ret = 0;
goto err; goto err;
@ -200,7 +207,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
goto err; goto err;
} }
ret = EVP_DigestVerifyUpdate(&ctx, buf_in, inl); ret = EVP_DigestVerifyUpdate(ctx, buf_in, inl);
OPENSSL_clear_free(buf_in, (unsigned int)inl); OPENSSL_clear_free(buf_in, (unsigned int)inl);
@ -210,7 +217,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
} }
ret = -1; ret = -1;
if (EVP_DigestVerifyFinal(&ctx, signature->data, if (EVP_DigestVerifyFinal(ctx, signature->data,
(size_t)signature->length) <= 0) { (size_t)signature->length) <= 0) {
ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
ret = 0; ret = 0;
@ -218,6 +225,6 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
} }
ret = 1; ret = 1;
err: err:
EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_destroy(ctx);
return (ret); return (ret);
} }

4
crypto/cmac/cm_pmeth.c
View File

@ -101,7 +101,7 @@ static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
{ {
if (!CMAC_Update(ctx->pctx->data, data, count)) if (!CMAC_Update(EVP_MD_CTX_pkey_ctx(ctx)->data, data, count))
return 0; return 0;
return 1; return 1;
} }
@ -109,7 +109,7 @@ static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
static int cmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) static int cmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
{ {
EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
mctx->update = int_update; EVP_MD_CTX_set_update_fn(mctx, int_update);
return 1; return 1;
} }

3
crypto/cms/cms_asn1.c
View File

@ -95,8 +95,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
EVP_PKEY_free(si->pkey); EVP_PKEY_free(si->pkey);
X509_free(si->signer); X509_free(si->signer);
if (si->pctx) EVP_MD_CTX_destroy(si->mctx);
EVP_MD_CTX_cleanup(&si->mctx);
} }
return 1; return 1;
} }

14
crypto/cms/cms_dd.c
View File

@ -99,19 +99,23 @@ BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms)
int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
{ {
EVP_MD_CTX mctx; EVP_MD_CTX *mctx = EVP_MD_CTX_create();
unsigned char md[EVP_MAX_MD_SIZE]; unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen; unsigned int mdlen;
int r = 0; int r = 0;
CMS_DigestedData *dd; CMS_DigestedData *dd;
EVP_MD_CTX_init(&mctx);
if (mctx == NULL) {
CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, ERR_R_MALLOC_FAILURE);
goto err;
}
dd = cms->d.digestedData; dd = cms->d.digestedData;
if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm)) if (!cms_DigestAlgorithm_find_ctx(mctx, chain, dd->digestAlgorithm))
goto err; goto err;
if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0) if (EVP_DigestFinal_ex(mctx, md, &mdlen) <= 0)
goto err; goto err;
if (verify) { if (verify) {
@ -133,7 +137,7 @@ int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
} }
err: err:
EVP_MD_CTX_cleanup(&mctx); EVP_MD_CTX_destroy(mctx);
return r; return r;

2
crypto/cms/cms_lcl.h
View File

@ -137,7 +137,7 @@ struct CMS_SignerInfo_st {
X509 *signer; X509 *signer;
EVP_PKEY *pkey; EVP_PKEY *pkey;
/* Digest and public key context for alternative parameters */ /* Digest and public key context for alternative parameters */
EVP_MD_CTX mctx; EVP_MD_CTX *mctx;
EVP_PKEY_CTX *pctx; EVP_PKEY_CTX *pctx;
}; };

53
crypto/cms/cms_sd.c
View File

@ -287,9 +287,14 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
si->pkey = pk; si->pkey = pk;
si->signer = signer; si->signer = signer;
EVP_MD_CTX_init(&si->mctx); si->mctx = EVP_MD_CTX_create();
si->pctx = NULL; si->pctx = NULL;
if (si->mctx == NULL) {
CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
goto err;
}
if (flags & CMS_USE_KEYID) { if (flags & CMS_USE_KEYID) {
si->version = 3; si->version = 3;
if (sd->version < 3) if (sd->version < 3)
@ -387,7 +392,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
goto err; goto err;
if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0) if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0)
goto err; goto err;
} else if (EVP_DigestSignInit(&si->mctx, &si->pctx, md, NULL, pk) <= } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <=
0) 0)
goto err; goto err;
} }
@ -444,7 +449,7 @@ EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si)
EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si) EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si)
{ {
return &si->mctx; return si->mctx;
} }
STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms) STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
@ -571,17 +576,21 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si)
static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
CMS_SignerInfo *si, BIO *chain) CMS_SignerInfo *si, BIO *chain)
{ {
EVP_MD_CTX mctx; EVP_MD_CTX *mctx = EVP_MD_CTX_create();
int r = 0; int r = 0;
EVP_PKEY_CTX *pctx = NULL; EVP_PKEY_CTX *pctx = NULL;
EVP_MD_CTX_init(&mctx);
if (mctx == NULL) {
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!si->pkey) { if (!si->pkey) {
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY); CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
return 0; return 0;
} }
if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
goto err; goto err;
/* Set SignerInfo algortihm details if we used custom parametsr */ /* Set SignerInfo algortihm details if we used custom parametsr */
if (si->pctx && !cms_sd_asn1_ctrl(si, 0)) if (si->pctx && !cms_sd_asn1_ctrl(si, 0))
@ -596,7 +605,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
cms->d.signedData->encapContentInfo->eContentType; cms->d.signedData->encapContentInfo->eContentType;
unsigned char md[EVP_MAX_MD_SIZE]; unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen; unsigned int mdlen;
if (!EVP_DigestFinal_ex(&mctx, md, &mdlen)) if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
goto err; goto err;
if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
V_ASN1_OCTET_STRING, md, mdlen)) V_ASN1_OCTET_STRING, md, mdlen))
@ -613,7 +622,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
unsigned char md[EVP_MAX_MD_SIZE]; unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen; unsigned int mdlen;
pctx = si->pctx; pctx = si->pctx;
if (!EVP_DigestFinal_ex(&mctx, md, &mdlen)) if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
goto err; goto err;
siglen = EVP_PKEY_size(si->pkey); siglen = EVP_PKEY_size(si->pkey);
sig = OPENSSL_malloc(siglen); sig = OPENSSL_malloc(siglen);
@ -634,7 +643,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) { if (!EVP_SignFinal(mctx, sig, &siglen, si->pkey)) {
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR); CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR);
OPENSSL_free(sig); OPENSSL_free(sig);
goto err; goto err;
@ -645,7 +654,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
r = 1; r = 1;
err: err:
EVP_MD_CTX_cleanup(&mctx); EVP_MD_CTX_destroy(mctx);
EVP_PKEY_CTX_free(pctx); EVP_PKEY_CTX_free(pctx);
return r; return r;
@ -668,7 +677,7 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
int CMS_SignerInfo_sign(CMS_SignerInfo *si) int CMS_SignerInfo_sign(CMS_SignerInfo *si)
{ {
EVP_MD_CTX *mctx = &si->mctx; EVP_MD_CTX *mctx = si->mctx;
EVP_PKEY_CTX *pctx; EVP_PKEY_CTX *pctx;
unsigned char *abuf = NULL; unsigned char *abuf = NULL;
int alen; int alen;
@ -734,7 +743,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
int CMS_SignerInfo_verify(CMS_SignerInfo *si) int CMS_SignerInfo_verify(CMS_SignerInfo *si)
{ {
EVP_MD_CTX *mctx = &si->mctx; EVP_MD_CTX *mctx = NULL;
unsigned char *abuf = NULL; unsigned char *abuf = NULL;
int alen, r = -1; int alen, r = -1;
const EVP_MD *md = NULL; const EVP_MD *md = NULL;
@ -747,7 +756,9 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
if (md == NULL) if (md == NULL)
return -1; return -1;
EVP_MD_CTX_init(mctx); if (si->mctx == NULL)
si->mctx = EVP_MD_CTX_create();
mctx = si->mctx;
if (EVP_DigestVerifyInit(mctx, &si->pctx, md, NULL, si->pkey) <= 0) if (EVP_DigestVerifyInit(mctx, &si->pctx, md, NULL, si->pkey) <= 0)
goto err; goto err;
@ -806,12 +817,16 @@ BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
{ {
ASN1_OCTET_STRING *os = NULL; ASN1_OCTET_STRING *os = NULL;
EVP_MD_CTX mctx; EVP_MD_CTX *mctx = EVP_MD_CTX_create();
EVP_PKEY_CTX *pkctx = NULL; EVP_PKEY_CTX *pkctx = NULL;
int r = -1; int r = -1;
unsigned char mval[EVP_MAX_MD_SIZE]; unsigned char mval[EVP_MAX_MD_SIZE];
unsigned int mlen; unsigned int mlen;
EVP_MD_CTX_init(&mctx);
if (mctx == NULL) {
CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, ERR_R_MALLOC_FAILURE);
goto err;
}
/* If we have any signed attributes look for messageDigest value */ /* If we have any signed attributes look for messageDigest value */
if (CMS_signed_get_attr_count(si) >= 0) { if (CMS_signed_get_attr_count(si) >= 0) {
os = CMS_signed_get0_data_by_OBJ(si, os = CMS_signed_get0_data_by_OBJ(si,
@ -824,10 +839,10 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
} }
} }
if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
goto err; goto err;
if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) { if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) {
CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
CMS_R_UNABLE_TO_FINALIZE_CONTEXT); CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
goto err; goto err;
@ -849,7 +864,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
} else } else
r = 1; r = 1;
} else { } else {
const EVP_MD *md = EVP_MD_CTX_md(&mctx); const EVP_MD *md = EVP_MD_CTX_md(mctx);
pkctx = EVP_PKEY_CTX_new(si->pkey, NULL); pkctx = EVP_PKEY_CTX_new(si->pkey, NULL);
if (pkctx == NULL) if (pkctx == NULL)
goto err; goto err;
@ -871,7 +886,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
err: err:
EVP_PKEY_CTX_free(pkctx); EVP_PKEY_CTX_free(pkctx);
EVP_MD_CTX_cleanup(&mctx); EVP_MD_CTX_destroy(mctx);
return r; return r;
} }

18
crypto/dh/dh_kdf.c
View File

@ -144,7 +144,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
ASN1_OBJECT *key_oid, ASN1_OBJECT *key_oid,
const unsigned char *ukm, size_t ukmlen, const EVP_MD *md) const unsigned char *ukm, size_t ukmlen, const EVP_MD *md)
{ {
EVP_MD_CTX mctx; EVP_MD_CTX *mctx = NULL;
int rv = 0; int rv = 0;
unsigned int i; unsigned int i;
size_t mdlen; size_t mdlen;
@ -152,31 +152,33 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
int derlen; int derlen;
if (Zlen > DH_KDF_MAX) if (Zlen > DH_KDF_MAX)
return 0; return 0;
mctx = EVP_MD_CTX_create();
if (mctx == NULL)
return 0;
mdlen = EVP_MD_size(md); mdlen = EVP_MD_size(md);
EVP_MD_CTX_init(&mctx);
derlen = dh_sharedinfo_encode(&der, &ctr, key_oid, outlen, ukm, ukmlen); derlen = dh_sharedinfo_encode(&der, &ctr, key_oid, outlen, ukm, ukmlen);
if (derlen == 0) if (derlen == 0)
goto err; goto err;
for (i = 1;; i++) { for (i = 1;; i++) {
unsigned char mtmp[EVP_MAX_MD_SIZE]; unsigned char mtmp[EVP_MAX_MD_SIZE];
EVP_DigestInit_ex(&mctx, md, NULL); EVP_DigestInit_ex(mctx, md, NULL);
if (!EVP_DigestUpdate(&mctx, Z, Zlen)) if (!EVP_DigestUpdate(mctx, Z, Zlen))
goto err; goto err;
ctr[3] = i & 0xFF; ctr[3] = i & 0xFF;
ctr[2] = (i >> 8) & 0xFF; ctr[2] = (i >> 8) & 0xFF;
ctr[1] = (i >> 16) & 0xFF; ctr[1] = (i >> 16) & 0xFF;
ctr[0] = (i >> 24) & 0xFF; ctr[0] = (i >> 24) & 0xFF;
if (!EVP_DigestUpdate(&mctx, der, derlen)) if (!EVP_DigestUpdate(mctx, der, derlen))
goto err; goto err;
if (outlen >= mdlen) { if (outlen >= mdlen) {
if (!EVP_DigestFinal(&mctx, out, NULL)) if (!EVP_DigestFinal(mctx, out, NULL))
goto err; goto err;
outlen -= mdlen; outlen -= mdlen;
if (outlen == 0) if (outlen == 0)
break; break;
out += mdlen; out += mdlen;
} else { } else {
if (!EVP_DigestFinal(&mctx, mtmp, NULL)) if (!EVP_DigestFinal(mctx, mtmp, NULL))
goto err; goto err;
memcpy(out, mtmp, outlen); memcpy(out, mtmp, outlen);
OPENSSL_cleanse(mtmp, mdlen); OPENSSL_cleanse(mtmp, mdlen);
@ -186,7 +188,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
rv = 1; rv = 1;
err: err:
OPENSSL_free(der); OPENSSL_free(der);
EVP_MD_CTX_cleanup(&mctx); EVP_MD_CTX_destroy(mctx);
return rv; return rv;
} }
#endif #endif

19
crypto/dsa/dsa_gen.c
View File

@ -360,10 +360,11 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
int counter = 0; int counter = 0;
int r = 0; int r = 0;
BN_CTX *ctx = NULL; BN_CTX *ctx = NULL;
EVP_MD_CTX mctx; EVP_MD_CTX *mctx = EVP_MD_CTX_create();
unsigned int h = 2; unsigned int h = 2;
EVP_MD_CTX_init(&mctx); if (mctx == NULL)
goto err;
if (evpmd == NULL) { if (evpmd == NULL) {
if (N == 160) if (N == 160)
@ -374,7 +375,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
evpmd = EVP_sha256(); evpmd = EVP_sha256();
} }
mdsize = M_EVP_MD_size(evpmd); mdsize = EVP_MD_size(evpmd);
/* If unverificable g generation only don't need seed */ /* If unverificable g generation only don't need seed */
if (!ret->p || !ret->q || idx >= 0) { if (!ret->p || !ret->q || idx >= 0) {
if (seed_len == 0) if (seed_len == 0)
@ -582,15 +583,15 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
md[0] = idx & 0xff; md[0] = idx & 0xff;
md[1] = (h >> 8) & 0xff; md[1] = (h >> 8) & 0xff;
md[2] = h & 0xff; md[2] = h & 0xff;
if (!EVP_DigestInit_ex(&mctx, evpmd, NULL)) if (!EVP_DigestInit_ex(mctx, evpmd, NULL))
goto err; goto err;
if (!EVP_DigestUpdate(&mctx, seed_tmp, seed_len)) if (!EVP_DigestUpdate(mctx, seed_tmp, seed_len))
goto err; goto err;
if (!EVP_DigestUpdate(&mctx, ggen, sizeof(ggen))) if (!EVP_DigestUpdate(mctx, ggen, sizeof(ggen)))
goto err; goto err;
if (!EVP_DigestUpdate(&mctx, md, 3)) if (!EVP_DigestUpdate(mctx, md, 3))
goto err; goto err;
if (!EVP_DigestFinal_ex(&mctx, md, NULL)) if (!EVP_DigestFinal_ex(mctx, md, NULL))
goto err; goto err;
if (!BN_bin2bn(md, mdsize, test)) if (!BN_bin2bn(md, mdsize, test))
goto err; goto err;
@ -639,7 +640,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
BN_CTX_end(ctx); BN_CTX_end(ctx);
BN_CTX_free(ctx); BN_CTX_free(ctx);
BN_MONT_CTX_free(mont); BN_MONT_CTX_free(mont);
EVP_MD_CTX_cleanup(&mctx); EVP_MD_CTX_destroy(mctx);
return ok; return ok;
} }

20
crypto/ecdh/ech_kdf.c
View File

@ -64,7 +64,7 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
const unsigned char *sinfo, size_t sinfolen, const unsigned char *sinfo, size_t sinfolen,
const EVP_MD *md) const EVP_MD *md)
{ {
EVP_MD_CTX mctx; EVP_MD_CTX *mctx = NULL;
int rv = 0; int rv = 0;
unsigned int i; unsigned int i;
size_t mdlen; size_t mdlen;
@ -72,30 +72,32 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX
|| Zlen > ECDH_KDF_MAX) || Zlen > ECDH_KDF_MAX)
return 0; return 0;
mctx = EVP_MD_CTX_create();
if (mctx == NULL)
return 0;
mdlen = EVP_MD_size(md); mdlen = EVP_MD_size(md);
EVP_MD_CTX_init(&mctx);
for (i = 1;; i++) { for (i = 1;; i++) {
unsigned char mtmp[EVP_MAX_MD_SIZE]; unsigned char mtmp[EVP_MAX_MD_SIZE];
EVP_DigestInit_ex(&mctx, md, NULL); EVP_DigestInit_ex(mctx, md, NULL);
ctr[3] = i & 0xFF; ctr[3] = i & 0xFF;
ctr[2] = (i >> 8) & 0xFF; ctr[2] = (i >> 8) & 0xFF;
ctr[1] = (i >> 16) & 0xFF; ctr[1] = (i >> 16) & 0xFF;
ctr[0] = (i >> 24) & 0xFF; ctr[0] = (i >> 24) & 0xFF;
if (!EVP_DigestUpdate(&mctx, Z, Zlen)) if (!EVP_DigestUpdate(mctx, Z, Zlen))
goto err; goto err;
if (!EVP_DigestUpdate(&mctx, ctr, sizeof(ctr))) if (!EVP_DigestUpdate(mctx, ctr, sizeof(ctr)))
goto err; goto err;
if (!EVP_DigestUpdate(&mctx, sinfo, sinfolen)) if (!EVP_DigestUpdate(mctx, sinfo, sinfolen))
goto err; goto err;
if (outlen >= mdlen) { if (outlen >= mdlen) {
if (!EVP_DigestFinal(&mctx, out, NULL)) if (!EVP_DigestFinal(mctx, out, NULL))
goto err; goto err;
outlen -= mdlen; outlen -= mdlen;
if (outlen == 0) if (outlen == 0)
break; break;
out += mdlen; out += mdlen;
} else { } else {
if (!EVP_DigestFinal(&mctx, mtmp, NULL)) if (!EVP_DigestFinal(mctx, mtmp, NULL))
goto err; goto err;
memcpy(out, mtmp, outlen); memcpy(out, mtmp, outlen);
OPENSSL_cleanse(mtmp, mdlen); OPENSSL_cleanse(mtmp, mdlen);
@ -104,6 +106,6 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
} }
rv = 1; rv = 1;
err: err:
EVP_MD_CTX_cleanup(&mctx); EVP_MD_CTX_destroy(mctx);
return rv; return rv;
} }

6
crypto/engine/eng_openssl.c
View File

@ -334,7 +334,7 @@ static int test_sha1_init(EVP_MD_CTX *ctx)
# ifdef TEST_ENG_OPENSSL_SHA_P_INIT # ifdef TEST_ENG_OPENSSL_SHA_P_INIT
fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n"); fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
# endif # endif
return SHA1_Init(ctx->md_data); return SHA1_Init(EVP_MD_CTX_md_data(ctx));
} }
static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
@ -342,7 +342,7 @@ static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
# ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE # ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n"); fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
# endif # endif
return SHA1_Update(ctx->md_data, data, count); return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
} }
static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
@ -350,7 +350,7 @@ static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
# ifdef TEST_ENG_OPENSSL_SHA_P_FINAL # ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n"); fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
# endif # endif
return SHA1_Final(md, ctx->md_data); return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
} }
static const EVP_MD test_sha_md = { static const EVP_MD test_sha_md = {

6
crypto/evp/m_md4.c
View File

@ -71,17 +71,17 @@
static int init(EVP_MD_CTX *ctx) static int init(EVP_MD_CTX *ctx)
{ {
return MD4_Init(ctx->md_data); return MD4_Init(EVP_MD_CTX_md_data(ctx));
} }
static int update(EVP_MD_CTX *ctx, const void *data, size_t count) static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
{ {
return MD4_Update(ctx->md_data, data, count); return MD4_Update(EVP_MD_CTX_md_data(ctx), data, count);
} }
static int final(EVP_MD_CTX *ctx, unsigned char *md) static int final(EVP_MD_CTX *ctx, unsigned char *md)
{ {
return MD4_Final(md, ctx->md_data); return MD4_Final(md, EVP_MD_CTX_md_data(ctx));
} }
static const EVP_MD md4_md = { static const EVP_MD md4_md = {

6
crypto/evp/m_md5.c
View File

@ -71,17 +71,17 @@
static int init(EVP_MD_CTX *ctx) static int init(EVP_MD_CTX *ctx)
{ {
return MD5_Init(ctx->md_data); return MD5_Init(EVP_MD_CTX_md_data(ctx));
} }
static int update(EVP_MD_CTX *ctx, const void *data, size_t count) static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
{ {
return MD5_Update(ctx->md_data, data, count); return MD5_Update(EVP_MD_CTX_md_data(ctx), data, count);
} }
static int final(EVP_MD_CTX *ctx, unsigned char *md) static int final(EVP_MD_CTX *ctx, unsigned char *md)
{ {
return MD5_Final(md, ctx->md_data); return MD5_Final(md, EVP_MD_CTX_md_data(ctx));
} }
static const EVP_MD md5_md = { static const EVP_MD md5_md = {

8
crypto/evp/m_md5_sha1.c
View File

@ -71,7 +71,7 @@ struct md5_sha1_ctx {
static int init(EVP_MD_CTX *ctx) static int init(EVP_MD_CTX *ctx)
{ {
struct md5_sha1_ctx *mctx = ctx->md_data; struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
if (!MD5_Init(&mctx->md5)) if (!MD5_Init(&mctx->md5))
return 0; return 0;
return SHA1_Init(&mctx->sha1); return SHA1_Init(&mctx->sha1);
@ -79,7 +79,7 @@ static int init(EVP_MD_CTX *ctx)
static int update(EVP_MD_CTX *ctx, const void *data, size_t count) static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
{ {
struct md5_sha1_ctx *mctx = ctx->md_data; struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
if (!MD5_Update(&mctx->md5, data, count)) if (!MD5_Update(&mctx->md5, data, count))
return 0; return 0;
return SHA1_Update(&mctx->sha1, data, count); return SHA1_Update(&mctx->sha1, data, count);
@ -87,7 +87,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
static int final(EVP_MD_CTX *ctx, unsigned char *md) static int final(EVP_MD_CTX *ctx, unsigned char *md)
{ {
struct md5_sha1_ctx *mctx = ctx->md_data; struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
if (!MD5_Final(md, &mctx->md5)) if (!MD5_Final(md, &mctx->md5))
return 0; return 0;
return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1); return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1);
@ -98,7 +98,7 @@ static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
unsigned char padtmp[48]; unsigned char padtmp[48];
unsigned char md5tmp[MD5_DIGEST_LENGTH]; unsigned char md5tmp[MD5_DIGEST_LENGTH];
unsigned char sha1tmp[SHA_DIGEST_LENGTH]; unsigned char sha1tmp[SHA_DIGEST_LENGTH];
struct md5_sha1_ctx *mctx = ctx->md_data; struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
if (cmd != EVP_CTRL_SSL3_MASTER_SECRET) if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
return 0; return 0;

6
crypto/evp/m_mdc2.c
View File

@ -71,17 +71,17 @@
static int init(EVP_MD_CTX *ctx) static int init(EVP_MD_CTX *ctx)
{ {
return MDC2_Init(ctx->md_data); return MDC2_Init(EVP_MD_CTX_md_data(ctx));
} }
static int update(EVP_MD_CTX *ctx, const void *data, size_t count) static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
{ {
return MDC2_Update(ctx->md_data, data, count); return MDC2_Update(EVP_MD_CTX_md_data(ctx), data, count);
} }
static int final(EVP_MD_CTX *ctx, unsigned char *md) static int final(EVP_MD_CTX *ctx, unsigned char *md)
{ {
return MDC2_Final(md, ctx->md_data); return MDC2_Final(md, EVP_MD_CTX_md_data(ctx));
} }
static const EVP_MD mdc2_md = { static const EVP_MD mdc2_md = {

6
crypto/evp/m_ripemd.c
View File

@ -71,17 +71,17 @@
static int init(EVP_MD_CTX *ctx) static int init(EVP_MD_CTX *ctx)
{ {
return RIPEMD160_Init(ctx->md_data); return RIPEMD160_Init(EVP_MD_CTX_md_data(ctx));
} }
static int update(EVP_MD_CTX *ctx, const void *data, size_t count) static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
{ {
return RIPEMD160_Update(ctx->md_data, data, count); return RIPEMD160_Update(EVP_MD_CTX_md_data(ctx), data, count);
} }
static int final(EVP_MD_CTX *ctx, unsigned char *md) static int final(EVP_MD_CTX *ctx, unsigned char *md)
{ {
return RIPEMD160_Final(md, ctx->md_data); return RIPEMD160_Final(md, EVP_MD_CTX_md_data(ctx));
} }
static const EVP_MD ripemd160_md = { static const EVP_MD ripemd160_md = {

24
crypto/evp/m_sha1.c
View File

@ -68,17 +68,17 @@
static int init(EVP_MD_CTX *ctx) static int init(EVP_MD_CTX *ctx)
{ {
return SHA1_Init(ctx->md_data); return SHA1_Init(EVP_MD_CTX_md_data(ctx));
} }
static int update(EVP_MD_CTX *ctx, const void *data, size_t count) static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
{ {
return SHA1_Update(ctx->md_data, data, count); return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
} }
static int final(EVP_MD_CTX *ctx, unsigned char *md) static int final(EVP_MD_CTX *ctx, unsigned char *md)
{ {
return SHA1_Final(md, ctx->md_data); return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
} }
static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
@ -86,7 +86,7 @@ static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
unsigned char padtmp[40]; unsigned char padtmp[40];
unsigned char sha1tmp[SHA_DIGEST_LENGTH]; unsigned char sha1tmp[SHA_DIGEST_LENGTH];
SHA_CTX *sha1 = ctx->md_data; SHA_CTX *sha1 = EVP_MD_CTX_md_data(ctx);
if (cmd != EVP_CTRL_SSL3_MASTER_SECRET) if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
return 0; return 0;
@ -157,12 +157,12 @@ const EVP_MD *EVP_sha1(void)
static int init224(EVP_MD_CTX *ctx) static int init224(EVP_MD_CTX *ctx)
{ {
return SHA224_Init(ctx->md_data); return SHA224_Init(EVP_MD_CTX_md_data(ctx));
} }
static int init256(EVP_MD_CTX *ctx) static int init256(EVP_MD_CTX *ctx)
{ {
return SHA256_Init(ctx->md_data); return SHA256_Init(EVP_MD_CTX_md_data(ctx));
} }
/* /*
@ -172,12 +172,12 @@ static int init256(EVP_MD_CTX *ctx)
*/ */
static int update256(EVP_MD_CTX *ctx, const void *data, size_t count) static int update256(EVP_MD_CTX *ctx, const void *data, size_t count)
{ {
return SHA256_Update(ctx->md_data, data, count); return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count);
} }
static int final256(EVP_MD_CTX *ctx, unsigned char *md) static int final256(EVP_MD_CTX *ctx, unsigned char *md)
{ {
return SHA256_Final(md, ctx->md_data); return SHA256_Final(md, EVP_MD_CTX_md_data(ctx));
} }
static const EVP_MD sha224_md = { static const EVP_MD sha224_md = {
@ -220,23 +220,23 @@ const EVP_MD *EVP_sha256(void)
static int init384(EVP_MD_CTX *ctx) static int init384(EVP_MD_CTX *ctx)
{ {
return SHA384_Init(ctx->md_data); return SHA384_Init(EVP_MD_CTX_md_data(ctx));
} }
static int init512(EVP_MD_CTX *ctx) static int init512(EVP_MD_CTX *ctx)
{ {
return SHA512_Init(ctx->md_data); return SHA512_Init(EVP_MD_CTX_md_data(ctx));
} }
/* See comment in SHA224/256 section */ /* See comment in SHA224/256 section */
static int update512(EVP_MD_CTX *ctx, const void *data, size_t count) static int update512(EVP_MD_CTX *ctx, const void *data, size_t count)
{ {
return SHA512_Update(ctx->md_data, data, count); return SHA512_Update(EVP_MD_CTX_md_data(ctx), data, count);
} }
static int final512(EVP_MD_CTX *ctx, unsigned char *md) static int final512(EVP_MD_CTX *ctx, unsigned char *md)
{ {
return SHA512_Final(md, ctx->md_data); return SHA512_Final(md, EVP_MD_CTX_md_data(ctx));
} }
static const EVP_MD sha384_md = { static const EVP_MD sha384_md = {

6
crypto/evp/m_wp.c
View File

@ -12,17 +12,17 @@
static int init(EVP_MD_CTX *ctx) static int init(EVP_MD_CTX *ctx)
{ {
return WHIRLPOOL_Init(ctx->md_data); return WHIRLPOOL_Init(EVP_MD_CTX_md_data(ctx));
} }
static int update(EVP_MD_CTX *ctx, const void *data, size_t count) static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
{ {
return WHIRLPOOL_Update(ctx->md_data, data, count); return WHIRLPOOL_Update(EVP_MD_CTX_md_data(ctx), data, count);
} }
static int final(EVP_MD_CTX *ctx, unsigned char *md) static int final(EVP_MD_CTX *ctx, unsigned char *md)
{ {
return WHIRLPOOL_Final(md, ctx->md_data); return WHIRLPOOL_Final(md, EVP_MD_CTX_md_data(ctx));
} }
static const EVP_MD whirlpool_md = { static const EVP_MD whirlpool_md = {

10
crypto/pem/pem_seal.c
View File

@ -93,8 +93,8 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
EVP_EncodeInit(&ctx->encode); EVP_EncodeInit(&ctx->encode);
EVP_MD_CTX_init(&ctx->md); ctx->md = EVP_MD_CTX_create();
if (!EVP_SignInit(&ctx->md, md_type)) if (!EVP_SignInit(ctx->md, md_type))
goto err; goto err;
EVP_CIPHER_CTX_init(&ctx->cipher); EVP_CIPHER_CTX_init(&ctx->cipher);
@ -124,7 +124,7 @@ int PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
int i, j; int i, j;
*outl = 0; *outl = 0;
if (!EVP_SignUpdate(&ctx->md, in, inl)) if (!EVP_SignUpdate(ctx->md, in, inl))
return 0; return 0;
for (;;) { for (;;) {
if (inl <= 0) if (inl <= 0)
@ -172,13 +172,13 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
EVP_EncodeFinal(&ctx->encode, out, &j); EVP_EncodeFinal(&ctx->encode, out, &j);
*outl += j; *outl += j;
if (!EVP_SignFinal(&ctx->md, s, &i, priv)) if (!EVP_SignFinal(ctx->md, s, &i, priv))
goto err; goto err;
*sigl = EVP_EncodeBlock(sig, s, i); *sigl = EVP_EncodeBlock(sig, s, i);
ret = 1; ret = 1;
err: err:
EVP_MD_CTX_cleanup(&ctx->md); EVP_MD_CTX_destroy(ctx->md);
EVP_CIPHER_CTX_cleanup(&ctx->cipher); EVP_CIPHER_CTX_cleanup(&ctx->cipher);
OPENSSL_free(s); OPENSSL_free(s);
return (ret); return (ret);

14
crypto/pem/pvkfmt.c
View File

@ -650,16 +650,16 @@ static int derive_pvk_key(unsigned char *key,
const unsigned char *salt, unsigned int saltlen, const unsigned char *salt, unsigned int saltlen,
const unsigned char *pass, int passlen) const unsigned char *pass, int passlen)
{ {
EVP_MD_CTX mctx; EVP_MD_CTX *mctx = EVP_MD_CTX_create();;
int rv = 1; int rv = 1;
EVP_MD_CTX_init(&mctx); if (mctx == NULL
if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL) || !EVP_DigestInit_ex(mctx, EVP_sha1(), NULL)
|| !EVP_DigestUpdate(&mctx, salt, saltlen) || !EVP_DigestUpdate(mctx, salt, saltlen)
|| !EVP_DigestUpdate(&mctx, pass, passlen) || !EVP_DigestUpdate(mctx, pass, passlen)
|| !EVP_DigestFinal_ex(&mctx, key, NULL)) || !EVP_DigestFinal_ex(mctx, key, NULL))
rv = 0; rv = 0;
EVP_MD_CTX_cleanup(&mctx); EVP_MD_CTX_destroy(mctx);
return rv; return rv;
} }

23
crypto/pkcs12/p12_key.c
View File

@ -109,13 +109,16 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
int i, j, u, v; int i, j, u, v;
int ret = 0; int ret = 0;
BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */
EVP_MD_CTX ctx; EVP_MD_CTX *ctx;
#ifdef DEBUG_KEYGEN #ifdef DEBUG_KEYGEN
unsigned char *tmpout = out; unsigned char *tmpout = out;
int tmpn = n; int tmpn = n;
#endif #endif
EVP_MD_CTX_init(&ctx); ctx = EVP_MD_CTX_create();
if (ctx == NULL)
goto err;
#ifdef DEBUG_KEYGEN #ifdef DEBUG_KEYGEN
fprintf(stderr, "KEYGEN DEBUG\n"); fprintf(stderr, "KEYGEN DEBUG\n");
fprintf(stderr, "ID %d, ITER %d\n", id, iter); fprintf(stderr, "ID %d, ITER %d\n", id, iter);
@ -151,15 +154,15 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
for (i = 0; i < Plen; i++) for (i = 0; i < Plen; i++)
*p++ = pass[i % passlen]; *p++ = pass[i % passlen];
for (;;) { for (;;) {
if (!EVP_DigestInit_ex(&ctx, md_type, NULL) if (!EVP_DigestInit_ex(ctx, md_type, NULL)
|| !EVP_DigestUpdate(&ctx, D, v) || !EVP_DigestUpdate(ctx, D, v)
|| !EVP_DigestUpdate(&ctx, I, Ilen) || !EVP_DigestUpdate(ctx, I, Ilen)
|| !EVP_DigestFinal_ex(&ctx, Ai, NULL)) || !EVP_DigestFinal_ex(ctx, Ai, NULL))
goto err; goto err;
for (j = 1; j < iter; j++) { for (j = 1; j < iter; j++) {
if (!EVP_DigestInit_ex(&ctx, md_type, NULL) if (!EVP_DigestInit_ex(ctx, md_type, NULL)
|| !EVP_DigestUpdate(&ctx, Ai, u) || !EVP_DigestUpdate(ctx, Ai, u)
|| !EVP_DigestFinal_ex(&ctx, Ai, NULL)) || !EVP_DigestFinal_ex(ctx, Ai, NULL))
goto err; goto err;
} }
memcpy(out, Ai, min(n, u)); memcpy(out, Ai, min(n, u));
@ -215,7 +218,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
OPENSSL_free(I); OPENSSL_free(I);
BN_free(Ij); BN_free(Ij);
BN_free(Bpl1); BN_free(Bpl1);
EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_destroy(ctx);
return ret; return ret;
} }

58
crypto/pkcs7/pk7_doit.c
View File

@ -692,7 +692,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
int i, j; int i, j;
BIO *btmp; BIO *btmp;
PKCS7_SIGNER_INFO *si; PKCS7_SIGNER_INFO *si;
EVP_MD_CTX *mdc, ctx_tmp; EVP_MD_CTX *mdc, *ctx_tmp;
STACK_OF(X509_ATTRIBUTE) *sk; STACK_OF(X509_ATTRIBUTE) *sk;
STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL; STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
ASN1_OCTET_STRING *os = NULL; ASN1_OCTET_STRING *os = NULL;
@ -707,7 +707,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
return 0; return 0;
} }
EVP_MD_CTX_init(&ctx_tmp); ctx_tmp = EVP_MD_CTX_create();
if (ctx_tmp == NULL) {
PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
return 0;
}
i = OBJ_obj2nid(p7->type); i = OBJ_obj2nid(p7->type);
p7->state = PKCS7_S_HEADER; p7->state = PKCS7_S_HEADER;
@ -784,7 +789,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
/* /*
* We now have the EVP_MD_CTX, lets do the signing. * We now have the EVP_MD_CTX, lets do the signing.
*/ */
if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc)) if (!EVP_MD_CTX_copy_ex(ctx_tmp, mdc))
goto err; goto err;
sk = si->auth_attr; sk = si->auth_attr;
@ -794,7 +799,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
* sign the attributes * sign the attributes
*/ */
if (sk_X509_ATTRIBUTE_num(sk) > 0) { if (sk_X509_ATTRIBUTE_num(sk) > 0) {
if (!do_pkcs7_signed_attrib(si, &ctx_tmp)) if (!do_pkcs7_signed_attrib(si, ctx_tmp))
goto err; goto err;
} else { } else {
unsigned char *abuf = NULL; unsigned char *abuf = NULL;
@ -804,7 +809,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
if (abuf == NULL) if (abuf == NULL)
goto err; goto err;
if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, si->pkey)) { if (!EVP_SignFinal(ctx_tmp, abuf, &abuflen, si->pkey)) {
PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB); PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB);
goto err; goto err;
} }
@ -849,13 +854,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
} }
ret = 1; ret = 1;
err: err:
EVP_MD_CTX_cleanup(&ctx_tmp); EVP_MD_CTX_destroy(ctx_tmp);
return (ret); return (ret);
} }
int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
{ {
EVP_MD_CTX mctx; EVP_MD_CTX *mctx;
EVP_PKEY_CTX *pctx; EVP_PKEY_CTX *pctx;
unsigned char *abuf = NULL; unsigned char *abuf = NULL;
int alen; int alen;
@ -866,8 +871,13 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
if (md == NULL) if (md == NULL)
return 0; return 0;
EVP_MD_CTX_init(&mctx); mctx = EVP_MD_CTX_create();
if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) if (mctx == NULL) {
PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0)
goto err; goto err;
if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
@ -880,16 +890,16 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
if (!abuf) if (!abuf)
goto err; goto err;
if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0) if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
goto err; goto err;
OPENSSL_free(abuf); OPENSSL_free(abuf);
abuf = NULL; abuf = NULL;
if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0)
goto err; goto err;
abuf = OPENSSL_malloc(siglen); abuf = OPENSSL_malloc(siglen);
if (abuf == NULL) if (abuf == NULL)
goto err; goto err;
if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
goto err; goto err;
if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
@ -898,7 +908,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
goto err; goto err;
} }
EVP_MD_CTX_cleanup(&mctx); EVP_MD_CTX_destroy(mctx);
ASN1_STRING_set0(si->enc_digest, abuf, siglen); ASN1_STRING_set0(si->enc_digest, abuf, siglen);
@ -906,7 +916,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
err: err:
OPENSSL_free(abuf); OPENSSL_free(abuf);
EVP_MD_CTX_cleanup(&mctx); EVP_MD_CTX_destroy(mctx);
return 0; return 0;
} }
@ -972,14 +982,18 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
X509 *x509) X509 *x509)
{ {
ASN1_OCTET_STRING *os; ASN1_OCTET_STRING *os;
EVP_MD_CTX mdc_tmp, *mdc; EVP_MD_CTX *mdc_tmp, *mdc;
int ret = 0, i; int ret = 0, i;
int md_type; int md_type;
STACK_OF(X509_ATTRIBUTE) *sk; STACK_OF(X509_ATTRIBUTE) *sk;
BIO *btmp; BIO *btmp;
EVP_PKEY *pkey; EVP_PKEY *pkey;
EVP_MD_CTX_init(&mdc_tmp); mdc_tmp = EVP_MD_CTX_create();
if (mdc_tmp == NULL) {
PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) { if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) {
PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE); PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
@ -1016,7 +1030,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
* mdc is the digest ctx that we want, unless there are attributes, in * mdc is the digest ctx that we want, unless there are attributes, in
* which case the digest is the signed attributes * which case the digest is the signed attributes
*/ */
if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc)) if (!EVP_MD_CTX_copy_ex(mdc_tmp, mdc))
goto err; goto err;
sk = si->auth_attr; sk = si->auth_attr;
@ -1026,7 +1040,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
int alen; int alen;
ASN1_OCTET_STRING *message_digest; ASN1_OCTET_STRING *message_digest;
if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len)) if (!EVP_DigestFinal_ex(mdc_tmp, md_dat, &md_len))
goto err; goto err;
message_digest = PKCS7_digest_from_attributes(sk); message_digest = PKCS7_digest_from_attributes(sk);
if (!message_digest) { if (!message_digest) {
@ -1041,7 +1055,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
goto err; goto err;
} }
if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), NULL)) if (!EVP_VerifyInit_ex(mdc_tmp, EVP_get_digestbynid(md_type), NULL))
goto err; goto err;
alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
@ -1051,7 +1065,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
ret = -1; ret = -1;
goto err; goto err;
} }
if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen)) if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen))
goto err; goto err;
OPENSSL_free(abuf); OPENSSL_free(abuf);
@ -1064,7 +1078,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
goto err; goto err;
} }
i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey); i = EVP_VerifyFinal(mdc_tmp, os->data, os->length, pkey);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
if (i <= 0) { if (i <= 0) {
PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE); PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE);
@ -1073,7 +1087,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
} }
ret = 1; ret = 1;
err: err:
EVP_MD_CTX_cleanup(&mdc_tmp); EVP_MD_CTX_destroy(mdc_tmp);
return (ret); return (ret);
} }

72
crypto/rand/md_rand.c
View File

@ -212,7 +212,7 @@ static int rand_add(const void *buf, int num, double add)
int i, j, k, st_idx; int i, j, k, st_idx;
long md_c[2]; long md_c[2];
unsigned char local_md[MD_DIGEST_LENGTH]; unsigned char local_md[MD_DIGEST_LENGTH];
EVP_MD_CTX m; EVP_MD_CTX *m;
int do_not_lock; int do_not_lock;
int rv = 0; int rv = 0;
@ -234,7 +234,10 @@ static int rand_add(const void *buf, int num, double add)
* hash function. * hash function.
*/ */
EVP_MD_CTX_init(&m); m = EVP_MD_CTX_create();
if (m == NULL)
goto err;
/* check if we already have the lock */ /* check if we already have the lock */
if (crypto_lock_rand) { if (crypto_lock_rand) {
CRYPTO_THREADID cur; CRYPTO_THREADID cur;
@ -284,21 +287,21 @@ static int rand_add(const void *buf, int num, double add)
j = (num - i); j = (num - i);
j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j; j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j;
if (!MD_Init(&m)) if (!MD_Init(m))
goto err; goto err;
if (!MD_Update(&m, local_md, MD_DIGEST_LENGTH)) if (!MD_Update(m, local_md, MD_DIGEST_LENGTH))
goto err; goto err;
k = (st_idx + j) - STATE_SIZE; k = (st_idx + j) - STATE_SIZE;
if (k > 0) { if (k > 0) {
if (!MD_Update(&m, &(state[st_idx]), j - k)) if (!MD_Update(m, &(state[st_idx]), j - k))
goto err; goto err;
if (!MD_Update(&m, &(state[0]), k)) if (!MD_Update(m, &(state[0]), k))
goto err; goto err;
} else if (!MD_Update(&m, &(state[st_idx]), j)) } else if (!MD_Update(m, &(state[st_idx]), j))
goto err; goto err;
/* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
if (!MD_Update(&m, buf, j)) if (!MD_Update(m, buf, j))
goto err; goto err;
/* /*
* We know that line may cause programs such as purify and valgrind * We know that line may cause programs such as purify and valgrind
@ -308,9 +311,9 @@ static int rand_add(const void *buf, int num, double add)
* insecure keys. * insecure keys.
*/ */
if (!MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c))) if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)))
goto err; goto err;
if (!MD_Final(&m, local_md)) if (!MD_Final(m, local_md))
goto err; goto err;
md_c[1]++; md_c[1]++;
@ -352,7 +355,7 @@ static int rand_add(const void *buf, int num, double add)
#endif #endif
rv = 1; rv = 1;
err: err:
EVP_MD_CTX_cleanup(&m); EVP_MD_CTX_destroy(m);
return rv; return rv;
} }
@ -369,7 +372,7 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
int ok; int ok;
long md_c[2]; long md_c[2];
unsigned char local_md[MD_DIGEST_LENGTH]; unsigned char local_md[MD_DIGEST_LENGTH];
EVP_MD_CTX m; EVP_MD_CTX *m;
#ifndef GETPID_IS_MEANINGLESS #ifndef GETPID_IS_MEANINGLESS
pid_t curr_pid = getpid(); pid_t curr_pid = getpid();
#endif #endif
@ -409,7 +412,10 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
if (num <= 0) if (num <= 0)
return 1; return 1;
EVP_MD_CTX_init(&m); m = EVP_MD_CTX_create();
if (m == NULL)
goto err_mem;
/* round upwards to multiple of MD_DIGEST_LENGTH/2 */ /* round upwards to multiple of MD_DIGEST_LENGTH/2 */
num_ceil = num_ceil =
(1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2); (1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2);
@ -523,26 +529,26 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
/* num_ceil -= MD_DIGEST_LENGTH/2 */ /* num_ceil -= MD_DIGEST_LENGTH/2 */
j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num; j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num;
num -= j; num -= j;
if (!MD_Init(&m)) if (!MD_Init(m))
goto err; goto err;
#ifndef GETPID_IS_MEANINGLESS #ifndef GETPID_IS_MEANINGLESS
if (curr_pid) { /* just in the first iteration to save time */ if (curr_pid) { /* just in the first iteration to save time */
if (!MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid)) if (!MD_Update(m, (unsigned char *)&curr_pid, sizeof curr_pid))
goto err; goto err;
curr_pid = 0; curr_pid = 0;
} }
#endif #endif
if (curr_time) { /* just in the first iteration to save time */ if (curr_time) { /* just in the first iteration to save time */
if (!MD_Update(&m, (unsigned char *)&curr_time, sizeof curr_time)) if (!MD_Update(m, (unsigned char *)&curr_time, sizeof curr_time))
goto err; goto err;
if (!MD_Update(&m, (unsigned char *)&tv, sizeof tv)) if (!MD_Update(m, (unsigned char *)&tv, sizeof tv))
goto err; goto err;
curr_time = 0; curr_time = 0;
rand_hw_seed(&m); rand_hw_seed(m);
} }
if (!MD_Update(&m, local_md, MD_DIGEST_LENGTH)) if (!MD_Update(m, local_md, MD_DIGEST_LENGTH))
goto err; goto err;
if (!MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c))) if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)))
goto err; goto err;
#ifndef PURIFY /* purify complains */ #ifndef PURIFY /* purify complains */
@ -553,19 +559,19 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
* builds it is not used: the removal of such a small source of * builds it is not used: the removal of such a small source of
* entropy has negligible impact on security. * entropy has negligible impact on security.
*/ */
if (!MD_Update(&m, buf, j)) if (!MD_Update(m, buf, j))
goto err; goto err;
#endif #endif
k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num; k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num;
if (k > 0) { if (k > 0) {
if (!MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k)) if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k))
goto err; goto err;
if (!MD_Update(&m, &(state[0]), k)) if (!MD_Update(m, &(state[0]), k))
goto err; goto err;
} else if (!MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2)) } else if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2))
goto err; goto err;
if (!MD_Final(&m, local_md)) if (!MD_Final(m, local_md))
goto err; goto err;
for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) { for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) {
@ -578,23 +584,23 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
} }
} }
if (!MD_Init(&m) if (!MD_Init(m)
|| !MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)) || !MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c))
|| !MD_Update(&m, local_md, MD_DIGEST_LENGTH)) || !MD_Update(m, local_md, MD_DIGEST_LENGTH))
goto err; goto err;
CRYPTO_w_lock(CRYPTO_LOCK_RAND); CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/* /*
* Prevent deadlocks if we end up in an async engine * Prevent deadlocks if we end up in an async engine
*/ */
ASYNC_block_pause(); ASYNC_block_pause();
if (!MD_Update(&m, md, MD_DIGEST_LENGTH) || !MD_Final(&m, md)) { if (!MD_Update(m, md, MD_DIGEST_LENGTH) || !MD_Final(m, md)) {
CRYPTO_w_unlock(CRYPTO_LOCK_RAND); CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
goto err; goto err;
} }
ASYNC_unblock_pause(); ASYNC_unblock_pause();
CRYPTO_w_unlock(CRYPTO_LOCK_RAND); CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
EVP_MD_CTX_cleanup(&m); EVP_MD_CTX_destroy(m);
if (ok) if (ok)
return (1); return (1);
else if (pseudo) else if (pseudo)
@ -606,8 +612,12 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
return (0); return (0);
} }
err: err:
EVP_MD_CTX_cleanup(&m);
RANDerr(RAND_F_RAND_BYTES, ERR_R_EVP_LIB); RANDerr(RAND_F_RAND_BYTES, ERR_R_EVP_LIB);
EVP_MD_CTX_destroy(m);
return 0;
err_mem:
RANDerr(RAND_F_RAND_BYTES, ERR_R_MALLOC_FAILURE);
EVP_MD_CTX_destroy(m);
return 0; return 0;
} }

2
crypto/rsa/rsa_ameth.c
View File

@ -729,7 +729,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
ASN1_BIT_STRING *sig) ASN1_BIT_STRING *sig)
{ {
int pad_mode; int pad_mode;
EVP_PKEY_CTX *pkctx = ctx->pctx; EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx);
if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
return 0; return 0;
if (pad_mode == RSA_PKCS1_PADDING) if (pad_mode == RSA_PKCS1_PADDING)

19
crypto/rsa/rsa_oaep.c
View File

@ -242,13 +242,14 @@ int PKCS1_MGF1(unsigned char *mask, long len,
{ {
long i, outlen = 0; long i, outlen = 0;
unsigned char cnt[4]; unsigned char cnt[4];
EVP_MD_CTX c; EVP_MD_CTX *c = EVP_MD_CTX_create();
unsigned char md[EVP_MAX_MD_SIZE]; unsigned char md[EVP_MAX_MD_SIZE];
int mdlen; int mdlen;
int rv = -1; int rv = -1;
EVP_MD_CTX_init(&c); if (c == NULL)
mdlen = M_EVP_MD_size(dgst); goto err;
mdlen = EVP_MD_size(dgst);
if (mdlen < 0) if (mdlen < 0)
goto err; goto err;
for (i = 0; outlen < len; i++) { for (i = 0; outlen < len; i++) {
@ -256,16 +257,16 @@ int PKCS1_MGF1(unsigned char *mask, long len,
cnt[1] = (unsigned char)((i >> 16) & 255); cnt[1] = (unsigned char)((i >> 16) & 255);
cnt[2] = (unsigned char)((i >> 8)) & 255; cnt[2] = (unsigned char)((i >> 8)) & 255;
cnt[3] = (unsigned char)(i & 255); cnt[3] = (unsigned char)(i & 255);
if (!EVP_DigestInit_ex(&c, dgst, NULL) if (!EVP_DigestInit_ex(c, dgst, NULL)
|| !EVP_DigestUpdate(&c, seed, seedlen) || !EVP_DigestUpdate(c, seed, seedlen)
|| !EVP_DigestUpdate(&c, cnt, 4)) || !EVP_DigestUpdate(c, cnt, 4))
goto err; goto err;
if (outlen + mdlen <= len) { if (outlen + mdlen <= len) {
if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL)) if (!EVP_DigestFinal_ex(c, mask + outlen, NULL))
goto err; goto err;
outlen += mdlen; outlen += mdlen;
} else { } else {
if (!EVP_DigestFinal_ex(&c, md, NULL)) if (!EVP_DigestFinal_ex(c, md, NULL))
goto err; goto err;
memcpy(mask + outlen, md, len - outlen); memcpy(mask + outlen, md, len - outlen);
outlen = len; outlen = len;
@ -273,6 +274,6 @@ int PKCS1_MGF1(unsigned char *mask, long len,
} }
rv = 0; rv = 0;
err: err:
EVP_MD_CTX_cleanup(&c); EVP_MD_CTX_destroy(c);
return rv; return rv;
} }

41
crypto/rsa/rsa_pss.c
View File

@ -88,14 +88,17 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
int hLen, maskedDBLen, MSBits, emLen; int hLen, maskedDBLen, MSBits, emLen;
const unsigned char *H; const unsigned char *H;
unsigned char *DB = NULL; unsigned char *DB = NULL;
EVP_MD_CTX ctx; EVP_MD_CTX *ctx = EVP_MD_CTX_create();
unsigned char H_[EVP_MAX_MD_SIZE]; unsigned char H_[EVP_MAX_MD_SIZE];
EVP_MD_CTX_init(&ctx);
if (ctx == NULL)
goto err;
if (mgf1Hash == NULL) if (mgf1Hash == NULL)
mgf1Hash = Hash; mgf1Hash = Hash;
hLen = M_EVP_MD_size(Hash); hLen = EVP_MD_size(Hash);
if (hLen < 0) if (hLen < 0)
goto err; goto err;
/*- /*-
@ -153,15 +156,15 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED); RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
goto err; goto err;
} }
if (!EVP_DigestInit_ex(&ctx, Hash, NULL) if (!EVP_DigestInit_ex(ctx, Hash, NULL)
|| !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes)
|| !EVP_DigestUpdate(&ctx, mHash, hLen)) || !EVP_DigestUpdate(ctx, mHash, hLen))
goto err; goto err;
if (maskedDBLen - i) { if (maskedDBLen - i) {
if (!EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i)) if (!EVP_DigestUpdate(ctx, DB + i, maskedDBLen - i))
goto err; goto err;
} }
if (!EVP_DigestFinal_ex(&ctx, H_, NULL)) if (!EVP_DigestFinal_ex(ctx, H_, NULL))
goto err; goto err;
if (memcmp(H_, H, hLen)) { if (memcmp(H_, H, hLen)) {
RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE); RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE);
@ -171,7 +174,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
err: err:
OPENSSL_free(DB); OPENSSL_free(DB);
EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_destroy(ctx);
return ret; return ret;
@ -193,12 +196,12 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
int ret = 0; int ret = 0;
int hLen, maskedDBLen, MSBits, emLen; int hLen, maskedDBLen, MSBits, emLen;
unsigned char *H, *salt = NULL, *p; unsigned char *H, *salt = NULL, *p;
EVP_MD_CTX ctx; EVP_MD_CTX *ctx = NULL;
if (mgf1Hash == NULL) if (mgf1Hash == NULL)
mgf1Hash = Hash; mgf1Hash = Hash;
hLen = M_EVP_MD_size(Hash); hLen = EVP_MD_size(Hash);
if (hLen < 0) if (hLen < 0)
goto err; goto err;
/*- /*-
@ -241,16 +244,17 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
} }
maskedDBLen = emLen - hLen - 1; maskedDBLen = emLen - hLen - 1;
H = EM + maskedDBLen; H = EM + maskedDBLen;
EVP_MD_CTX_init(&ctx); ctx = EVP_MD_CTX_create();
if (!EVP_DigestInit_ex(&ctx, Hash, NULL) if (ctx == NULL)
|| !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes)
|| !EVP_DigestUpdate(&ctx, mHash, hLen))
goto err; goto err;
if (sLen && !EVP_DigestUpdate(&ctx, salt, sLen)) if (!EVP_DigestInit_ex(ctx, Hash, NULL)
|| !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes)
|| !EVP_DigestUpdate(ctx, mHash, hLen))
goto err; goto err;
if (!EVP_DigestFinal_ex(&ctx, H, NULL)) if (sLen && !EVP_DigestUpdate(ctx, salt, sLen))
goto err;
if (!EVP_DigestFinal_ex(ctx, H, NULL))
goto err; goto err;
EVP_MD_CTX_cleanup(&ctx);
/* Generate dbMask in place then perform XOR on it */ /* Generate dbMask in place then perform XOR on it */
if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash)) if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash))
@ -278,6 +282,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
ret = 1; ret = 1;
err: err:
EVP_MD_CTX_destroy(ctx);
OPENSSL_free(salt); OPENSSL_free(salt);
return ret; return ret;

89
crypto/srp/srp_lib.c
View File

@ -70,31 +70,36 @@ static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g)
unsigned char digest[SHA_DIGEST_LENGTH]; unsigned char digest[SHA_DIGEST_LENGTH];
unsigned char *tmp; unsigned char *tmp;
EVP_MD_CTX ctxt; EVP_MD_CTX *ctxt = NULL;
int longg; int longg;
int longN = BN_num_bytes(N); int longN = BN_num_bytes(N);
BIGNUM *res = NULL;
if (BN_ucmp(g, N) >= 0) if (BN_ucmp(g, N) >= 0)
return NULL; return NULL;
if ((tmp = OPENSSL_malloc(longN)) == NULL) ctxt = EVP_MD_CTX_create();
if (ctxt == NULL)
return NULL; return NULL;
if ((tmp = OPENSSL_malloc(longN)) == NULL)
goto err;
BN_bn2bin(N, tmp); BN_bn2bin(N, tmp);
EVP_MD_CTX_init(&ctxt); EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); EVP_DigestUpdate(ctxt, tmp, longN);
EVP_DigestUpdate(&ctxt, tmp, longN);
memset(tmp, 0, longN); memset(tmp, 0, longN);
longg = BN_bn2bin(g, tmp); longg = BN_bn2bin(g, tmp);
/* use the zeros behind to pad on left */ /* use the zeros behind to pad on left */
EVP_DigestUpdate(&ctxt, tmp + longg, longN - longg); EVP_DigestUpdate(ctxt, tmp + longg, longN - longg);
EVP_DigestUpdate(&ctxt, tmp, longg); EVP_DigestUpdate(ctxt, tmp, longg);
OPENSSL_free(tmp); OPENSSL_free(tmp);
EVP_DigestFinal_ex(&ctxt, digest, NULL); EVP_DigestFinal_ex(ctxt, digest, NULL);
EVP_MD_CTX_cleanup(&ctxt); res = BN_bin2bn(digest, sizeof(digest), NULL);
return BN_bin2bn(digest, sizeof(digest), NULL); err:
EVP_MD_CTX_destroy(ctxt);
return res;
} }
BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
@ -104,7 +109,7 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
BIGNUM *u; BIGNUM *u;
unsigned char cu[SHA_DIGEST_LENGTH]; unsigned char cu[SHA_DIGEST_LENGTH];
unsigned char *cAB; unsigned char *cAB;
EVP_MD_CTX ctxt; EVP_MD_CTX *ctxt = NULL;
int longN; int longN;
if ((A == NULL) || (B == NULL) || (N == NULL)) if ((A == NULL) || (B == NULL) || (N == NULL))
return NULL; return NULL;
@ -114,25 +119,30 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
longN = BN_num_bytes(N); longN = BN_num_bytes(N);
if ((cAB = OPENSSL_malloc(2 * longN)) == NULL) ctxt = EVP_MD_CTX_create();
if (ctxt == NULL)
return NULL; return NULL;
if ((cAB = OPENSSL_malloc(2 * longN)) == NULL)
goto err;
memset(cAB, 0, longN); memset(cAB, 0, longN);
EVP_MD_CTX_init(&ctxt); EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(A, cAB + longN), longN);
EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(A, cAB + longN), longN); EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(B, cAB + longN), longN);
EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(B, cAB + longN), longN);
OPENSSL_free(cAB); OPENSSL_free(cAB);
EVP_DigestFinal_ex(&ctxt, cu, NULL); EVP_DigestFinal_ex(ctxt, cu, NULL);
EVP_MD_CTX_cleanup(&ctxt);
if ((u = BN_bin2bn(cu, sizeof(cu), NULL)) == NULL) if ((u = BN_bin2bn(cu, sizeof(cu), NULL)) == NULL)
return NULL; goto err;
if (!BN_is_zero(u)) if (BN_is_zero(u)) {
return u; BN_free(u);
BN_free(u); u = NULL;
return NULL; }
err:
EVP_MD_CTX_destroy(ctxt);
return u;
} }
BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
@ -196,31 +206,36 @@ BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v)
BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass) BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass)
{ {
unsigned char dig[SHA_DIGEST_LENGTH]; unsigned char dig[SHA_DIGEST_LENGTH];
EVP_MD_CTX ctxt; EVP_MD_CTX *ctxt;
unsigned char *cs; unsigned char *cs;
BIGNUM *res = NULL;
if ((s == NULL) || (user == NULL) || (pass == NULL)) if ((s == NULL) || (user == NULL) || (pass == NULL))
return NULL; return NULL;
if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL) ctxt = EVP_MD_CTX_create();
if (ctxt == NULL)
return NULL; return NULL;
if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
goto err;
EVP_MD_CTX_init(&ctxt); EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); EVP_DigestUpdate(ctxt, user, strlen(user));
EVP_DigestUpdate(&ctxt, user, strlen(user)); EVP_DigestUpdate(ctxt, ":", 1);
EVP_DigestUpdate(&ctxt, ":", 1); EVP_DigestUpdate(ctxt, pass, strlen(pass));
EVP_DigestUpdate(&ctxt, pass, strlen(pass)); EVP_DigestFinal_ex(ctxt, dig, NULL);
EVP_DigestFinal_ex(&ctxt, dig, NULL);
EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
BN_bn2bin(s, cs); BN_bn2bin(s, cs);
EVP_DigestUpdate(&ctxt, cs, BN_num_bytes(s)); EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s));
OPENSSL_free(cs); OPENSSL_free(cs);
EVP_DigestUpdate(&ctxt, dig, sizeof(dig)); EVP_DigestUpdate(ctxt, dig, sizeof(dig));
EVP_DigestFinal_ex(&ctxt, dig, NULL); EVP_DigestFinal_ex(ctxt, dig, NULL);
EVP_MD_CTX_cleanup(&ctxt);
return BN_bin2bn(dig, sizeof(dig), NULL); res = BN_bin2bn(dig, sizeof(dig), NULL);
err:
EVP_MD_CTX_destroy(ctxt);
return res;
} }
BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g) BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g)

22
crypto/srp/srp_vfy.c
View File

@ -474,7 +474,7 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
SRP_user_pwd *user; SRP_user_pwd *user;
unsigned char digv[SHA_DIGEST_LENGTH]; unsigned char digv[SHA_DIGEST_LENGTH];
unsigned char digs[SHA_DIGEST_LENGTH]; unsigned char digs[SHA_DIGEST_LENGTH];
EVP_MD_CTX ctxt; EVP_MD_CTX *ctxt = NULL;
if (vb == NULL) if (vb == NULL)
return NULL; return NULL;
@ -499,18 +499,20 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0) if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
goto err; goto err;
EVP_MD_CTX_init(&ctxt); ctxt = EVP_MD_CTX_create();
EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key)); EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key));
EVP_DigestUpdate(&ctxt, username, strlen(username)); EVP_DigestUpdate(ctxt, username, strlen(username));
EVP_DigestFinal_ex(&ctxt, digs, NULL); EVP_DigestFinal_ex(ctxt, digs, NULL);
EVP_MD_CTX_cleanup(&ctxt); EVP_MD_CTX_destroy(ctxt);
if (SRP_user_pwd_set_sv_BN ctxt = NULL;
(user, BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL), if (SRP_user_pwd_set_sv_BN(user,
BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL))) BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL),
BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL)))
return user; return user;
err: err:
EVP_MD_CTX_destroy(ctxt);
SRP_user_pwd_free(user); SRP_user_pwd_free(user);
return NULL; return NULL;
} }

15
crypto/ts/ts_rsp_verify.c
View File

@ -529,7 +529,7 @@ static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
TS_MSG_IMPRINT *msg_imprint = tst_info->msg_imprint; TS_MSG_IMPRINT *msg_imprint = tst_info->msg_imprint;
X509_ALGOR *md_alg_resp = msg_imprint->hash_algo; X509_ALGOR *md_alg_resp = msg_imprint->hash_algo;
const EVP_MD *md; const EVP_MD *md;
EVP_MD_CTX md_ctx; EVP_MD_CTX *md_ctx = NULL;
unsigned char buffer[4096]; unsigned char buffer[4096];
int length; int length;
@ -551,17 +551,24 @@ static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
goto err; goto err;
} }
if (!EVP_DigestInit(&md_ctx, md)) md_ctx = EVP_MD_CTX_create();
if (md_ctx == NULL) {
TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!EVP_DigestInit(md_ctx, md))
goto err; goto err;
while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) { while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) {
if (!EVP_DigestUpdate(&md_ctx, buffer, length)) if (!EVP_DigestUpdate(md_ctx, buffer, length))
goto err; goto err;
} }
if (!EVP_DigestFinal(&md_ctx, *imprint, NULL)) if (!EVP_DigestFinal(md_ctx, *imprint, NULL))
goto err; goto err;
EVP_MD_CTX_destroy(md_ctx);
return 1; return 1;
err: err:
EVP_MD_CTX_destroy(md_ctx);
X509_ALGOR_free(*md_alg); X509_ALGOR_free(*md_alg);
OPENSSL_free(*imprint); OPENSSL_free(*imprint);
*imprint_len = 0; *imprint_len = 0;

33
crypto/x509/x509_cmp.c
View File

@ -82,28 +82,29 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
unsigned long X509_issuer_and_serial_hash(X509 *a) unsigned long X509_issuer_and_serial_hash(X509 *a)
{ {
unsigned long ret = 0; unsigned long ret = 0;
EVP_MD_CTX ctx; EVP_MD_CTX *ctx = EVP_MD_CTX_create();
unsigned char md[16]; unsigned char md[16];
char *f; char *f;
EVP_MD_CTX_init(&ctx); if (ctx == NULL)
f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
goto err; goto err;
if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f))) f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
goto err;
if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f)))
goto err; goto err;
OPENSSL_free(f); OPENSSL_free(f);
if (!EVP_DigestUpdate if (!EVP_DigestUpdate
(&ctx, (unsigned char *)a->cert_info.serialNumber.data, (ctx, (unsigned char *)a->cert_info.serialNumber.data,
(unsigned long)a->cert_info.serialNumber.length)) (unsigned long)a->cert_info.serialNumber.length))
goto err; goto err;
if (!EVP_DigestFinal_ex(&ctx, &(md[0]), NULL)) if (!EVP_DigestFinal_ex(ctx, &(md[0]), NULL))
goto err; goto err;
ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
) & 0xffffffffL; ) & 0xffffffffL;
err: err:
EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_destroy(ctx);
return (ret); return (ret);
} }
#endif #endif
@ -248,21 +249,23 @@ unsigned long X509_NAME_hash(X509_NAME *x)
unsigned long X509_NAME_hash_old(X509_NAME *x) unsigned long X509_NAME_hash_old(X509_NAME *x)
{ {
EVP_MD_CTX md_ctx; EVP_MD_CTX *md_ctx = EVP_MD_CTX_create();
unsigned long ret = 0; unsigned long ret = 0;
unsigned char md[16]; unsigned char md[16];
if (md_ctx == NULL)
return ret;
/* Make sure X509_NAME structure contains valid cached encoding */ /* Make sure X509_NAME structure contains valid cached encoding */
i2d_X509_NAME(x, NULL); i2d_X509_NAME(x, NULL);
EVP_MD_CTX_init(&md_ctx); EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); if (EVP_DigestInit_ex(md_ctx, EVP_md5(), NULL)
if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) && EVP_DigestUpdate(md_ctx, x->bytes->data, x->bytes->length)
&& EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) && EVP_DigestFinal_ex(md_ctx, md, NULL))
&& EVP_DigestFinal_ex(&md_ctx, md, NULL))
ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
) & 0xffffffffL; ) & 0xffffffffL;
EVP_MD_CTX_cleanup(&md_ctx); EVP_MD_CTX_destroy(md_ctx);
return (ret); return (ret);
} }

15
engines/ccgost/gost_crypt.c
View File

@ -500,7 +500,7 @@ int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
int gost_imit_init_cpa(EVP_MD_CTX *ctx) int gost_imit_init_cpa(EVP_MD_CTX *ctx)
{ {
struct ossl_gost_imit_ctx *c = ctx->md_data; struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx);
memset(c->buffer, 0, sizeof(c->buffer)); memset(c->buffer, 0, sizeof(c->buffer));
memset(c->partial_block, 0, sizeof(c->partial_block)); memset(c->partial_block, 0, sizeof(c->partial_block));
c->count = 0; c->count = 0;
@ -529,7 +529,7 @@ static void mac_block_mesh(struct ossl_gost_imit_ctx *c,
int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count) int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count)
{ {
struct ossl_gost_imit_ctx *c = ctx->md_data; struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx);
const unsigned char *p = data; const unsigned char *p = data;
size_t bytes = count, i; size_t bytes = count, i;
if (!(c->key_set)) { if (!(c->key_set)) {
@ -561,7 +561,7 @@ int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count)
int gost_imit_final(EVP_MD_CTX *ctx, unsigned char *md) int gost_imit_final(EVP_MD_CTX *ctx, unsigned char *md)
{ {
struct ossl_gost_imit_ctx *c = ctx->md_data; struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx);
if (!c->key_set) { if (!c->key_set) {
GOSTerr(GOST_F_GOST_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET); GOSTerr(GOST_F_GOST_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET);
return 0; return 0;
@ -595,9 +595,9 @@ int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr)
return 0; return 0;
} }
gost_key(&(((struct ossl_gost_imit_ctx *)(ctx->md_data))->cctx), gost_key(&(((struct ossl_gost_imit_ctx *)(EVP_MD_CTX_md_data(ctx)))->cctx),
ptr); ptr);
((struct ossl_gost_imit_ctx *)(ctx->md_data))->key_set = 1; ((struct ossl_gost_imit_ctx *)(EVP_MD_CTX_md_data(ctx)))->key_set = 1;
return 1; return 1;
} }
@ -608,13 +608,14 @@ int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr)
int gost_imit_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) int gost_imit_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
{ {
memcpy(to->md_data, from->md_data, sizeof(struct ossl_gost_imit_ctx)); memcpy(EVP_MD_CTX_md_data(to), EVP_MD_CTX_md_data(from),
sizeof(struct ossl_gost_imit_ctx));
return 1; return 1;
} }
/* Clean up imit ctx */ /* Clean up imit ctx */
int gost_imit_cleanup(EVP_MD_CTX *ctx) int gost_imit_cleanup(EVP_MD_CTX *ctx)
{ {
memset(ctx->md_data, 0, sizeof(struct ossl_gost_imit_ctx)); memset(EVP_MD_CTX_md_data(ctx), 0, sizeof(struct ossl_gost_imit_ctx));
return 1; return 1;
} }

16
engines/ccgost/gost_md.c
View File

@ -36,7 +36,7 @@ EVP_MD digest_gost = {
int gost_digest_init(EVP_MD_CTX *ctx) int gost_digest_init(EVP_MD_CTX *ctx)
{ {
struct ossl_gost_digest_ctx *c = ctx->md_data; struct ossl_gost_digest_ctx *c = EVP_MD_CTX_md_data(ctx);
memset(&(c->dctx), 0, sizeof(gost_hash_ctx)); memset(&(c->dctx), 0, sizeof(gost_hash_ctx));
gost_init(&(c->cctx), &GostR3411_94_CryptoProParamSet); gost_init(&(c->cctx), &GostR3411_94_CryptoProParamSet);
c->dctx.cipher_ctx = &(c->cctx); c->dctx.cipher_ctx = &(c->cctx);
@ -45,20 +45,20 @@ int gost_digest_init(EVP_MD_CTX *ctx)
int gost_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) int gost_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
{ {
return hash_block((gost_hash_ctx *) ctx->md_data, data, count); return hash_block((gost_hash_ctx *) EVP_MD_CTX_md_data(ctx), data, count);
} }
int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md) int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
{ {
return finish_hash((gost_hash_ctx *) ctx->md_data, md); return finish_hash((gost_hash_ctx *) EVP_MD_CTX_md_data(ctx), md);
} }
int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
{ {
struct ossl_gost_digest_ctx *md_ctx = to->md_data; struct ossl_gost_digest_ctx *md_ctx = EVP_MD_CTX_md_data(to);
if (to->md_data && from->md_data) { if (EVP_MD_CTX_md_data(to) && EVP_MD_CTX_md_data(from)) {
memcpy(to->md_data, from->md_data, memcpy(EVP_MD_CTX_md_data(to), EVP_MD_CTX_md_data(from),
sizeof(struct ossl_gost_digest_ctx)); sizeof(struct ossl_gost_digest_ctx));
md_ctx->dctx.cipher_ctx = &(md_ctx->cctx); md_ctx->dctx.cipher_ctx = &(md_ctx->cctx);
} }
@ -67,7 +67,7 @@ int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
int gost_digest_cleanup(EVP_MD_CTX *ctx) int gost_digest_cleanup(EVP_MD_CTX *ctx)
{ {
if (ctx->md_data) if (EVP_MD_CTX_md_data(ctx))
memset(ctx->md_data, 0, sizeof(struct ossl_gost_digest_ctx)); memset(EVP_MD_CTX_md_data(ctx), 0, sizeof(struct ossl_gost_digest_ctx));
return 1; return 1;
} }

3
engines/ccgost/gost_pmeth.c
View File

@ -388,7 +388,8 @@ static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
} else { } else {
key = &(data->key); key = &(data->key);
} }
return mctx->digest->md_ctrl(mctx, EVP_MD_CTRL_SET_KEY, 32, key); return EVP_MD_CTX_md(mctx)->md_ctrl(mctx, EVP_MD_CTRL_SET_KEY,
32, key);
} }
} }
return -2; return -2;

2
engines/e_dasync.c
View File

@ -259,7 +259,7 @@ static void dummy_pause_job(void) {
* implementation * implementation
*/ */
#undef data #undef data
#define data(ctx) ((SHA_CTX *)(ctx)->md_data) #define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx))
static int dasync_sha1_init(EVP_MD_CTX *ctx) static int dasync_sha1_init(EVP_MD_CTX *ctx)
{ {
dummy_pause_job(); dummy_pause_job();

8
engines/e_ossltest.c
View File

@ -365,7 +365,7 @@ static void fill_known_data(unsigned char *md, unsigned int len)
* the same value. * the same value.
*/ */
#undef data #undef data
#define data(ctx) ((MD5_CTX *)(ctx)->md_data) #define data(ctx) ((MD5_CTX *)EVP_MD_CTX_md_data(ctx))
static int digest_md5_init(EVP_MD_CTX *ctx) static int digest_md5_init(EVP_MD_CTX *ctx)
{ {
return MD5_Init(data(ctx)); return MD5_Init(data(ctx));
@ -392,7 +392,7 @@ static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md)
* SHA1 implementation. * SHA1 implementation.
*/ */
#undef data #undef data
#define data(ctx) ((SHA_CTX *)(ctx)->md_data) #define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx))
static int digest_sha1_init(EVP_MD_CTX *ctx) static int digest_sha1_init(EVP_MD_CTX *ctx)
{ {
return SHA1_Init(data(ctx)); return SHA1_Init(data(ctx));
@ -419,7 +419,7 @@ static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
* SHA256 implementation. * SHA256 implementation.
*/ */
#undef data #undef data
#define data(ctx) ((SHA256_CTX *)(ctx)->md_data) #define data(ctx) ((SHA256_CTX *)EVP_MD_CTX_md_data(ctx))
static int digest_sha256_init(EVP_MD_CTX *ctx) static int digest_sha256_init(EVP_MD_CTX *ctx)
{ {
return SHA256_Init(data(ctx)); return SHA256_Init(data(ctx));
@ -446,7 +446,7 @@ static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md)
* SHA384/512 implementation. * SHA384/512 implementation.
*/ */
#undef data #undef data
#define data(ctx) ((SHA512_CTX *)(ctx)->md_data) #define data(ctx) ((SHA512_CTX *)EVP_MD_CTX_md_data(ctx))
static int digest_sha384_init(EVP_MD_CTX *ctx) static int digest_sha384_init(EVP_MD_CTX *ctx)
{ {
return SHA384_Init(data(ctx)); return SHA384_Init(data(ctx));

6
include/openssl/hmac.h
View File

@ -70,9 +70,9 @@ extern "C" {
typedef struct hmac_ctx_st { typedef struct hmac_ctx_st {
const EVP_MD *md; const EVP_MD *md;
EVP_MD_CTX md_ctx; EVP_MD_CTX *md_ctx;
EVP_MD_CTX i_ctx; EVP_MD_CTX *i_ctx;
EVP_MD_CTX o_ctx; EVP_MD_CTX *o_ctx;
unsigned int key_length; unsigned int key_length;
unsigned char key[HMAC_MAX_MD_CBLOCK]; unsigned char key[HMAC_MAX_MD_CBLOCK];
} HMAC_CTX; } HMAC_CTX;

2
include/openssl/pem.h
View File

@ -104,7 +104,7 @@ extern "C" {
*/ */
typedef struct PEM_Encode_Seal_st { typedef struct PEM_Encode_Seal_st {
EVP_ENCODE_CTX encode; EVP_ENCODE_CTX encode;
EVP_MD_CTX md; EVP_MD_CTX *md;
EVP_CIPHER_CTX cipher; EVP_CIPHER_CTX cipher;
} PEM_ENCODE_SEAL_CTX; } PEM_ENCODE_SEAL_CTX;

53
ssl/record/ssl3_record.c
View File

@ -791,7 +791,6 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
{ {
SSL3_RECORD *rec; SSL3_RECORD *rec;
unsigned char *mac_sec, *seq; unsigned char *mac_sec, *seq;
EVP_MD_CTX md_ctx;
const EVP_MD_CTX *hash; const EVP_MD_CTX *hash;
unsigned char *p, rec_char; unsigned char *p, rec_char;
size_t md_size; size_t md_size;
@ -855,30 +854,33 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
} else { } else {
unsigned int md_size_u; unsigned int md_size_u;
/* Chop the digest off the end :-) */ /* Chop the digest off the end :-) */
EVP_MD_CTX_init(&md_ctx); EVP_MD_CTX *md_ctx = EVP_MD_CTX_create();
if (md_ctx == NULL)
return -1;
rec_char = rec->type; rec_char = rec->type;
p = md; p = md;
s2n(rec->length, p); s2n(rec->length, p);
if (EVP_MD_CTX_copy_ex(&md_ctx, hash) <= 0 if (EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0
|| EVP_DigestUpdate(&md_ctx, mac_sec, md_size) <= 0 || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0
|| EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad) <= 0 || EVP_DigestUpdate(md_ctx, ssl3_pad_1, npad) <= 0
|| EVP_DigestUpdate(&md_ctx, seq, 8) <= 0 || EVP_DigestUpdate(md_ctx, seq, 8) <= 0
|| EVP_DigestUpdate(&md_ctx, &rec_char, 1) <= 0 || EVP_DigestUpdate(md_ctx, &rec_char, 1) <= 0
|| EVP_DigestUpdate(&md_ctx, md, 2) <= 0 || EVP_DigestUpdate(md_ctx, md, 2) <= 0
|| EVP_DigestUpdate(&md_ctx, rec->input, rec->length) <= 0 || EVP_DigestUpdate(md_ctx, rec->input, rec->length) <= 0
|| EVP_DigestFinal_ex(&md_ctx, md, NULL) <= 0 || EVP_DigestFinal_ex(md_ctx, md, NULL) <= 0
|| EVP_MD_CTX_copy_ex(&md_ctx, hash) <= 0 || EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0
|| EVP_DigestUpdate(&md_ctx, mac_sec, md_size) <= 0 || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0
|| EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad) <= 0 || EVP_DigestUpdate(md_ctx, ssl3_pad_2, npad) <= 0
|| EVP_DigestUpdate(&md_ctx, md, md_size) <= 0 || EVP_DigestUpdate(md_ctx, md, md_size) <= 0
|| EVP_DigestFinal_ex(&md_ctx, md, &md_size_u) <= 0) { || EVP_DigestFinal_ex(md_ctx, md, &md_size_u) <= 0) {
EVP_MD_CTX_cleanup(&md_ctx); EVP_MD_CTX_cleanup(md_ctx);
return -1; return -1;
} }
md_size = md_size_u; md_size = md_size_u;
EVP_MD_CTX_cleanup(&md_ctx); EVP_MD_CTX_destroy(md_ctx);
} }
ssl3_record_sequence_update(seq); ssl3_record_sequence_update(seq);
@ -892,7 +894,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
EVP_MD_CTX *hash; EVP_MD_CTX *hash;
size_t md_size; size_t md_size;
int i; int i;
EVP_MD_CTX hmac, *mac_ctx; EVP_MD_CTX *hmac = NULL, *mac_ctx;
unsigned char header[13]; unsigned char header[13];
int stream_mac = (send ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) int stream_mac = (send ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM)
: (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM)); : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));
@ -916,9 +918,11 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
if (stream_mac) { if (stream_mac) {
mac_ctx = hash; mac_ctx = hash;
} else { } else {
if (!EVP_MD_CTX_copy(&hmac, hash)) hmac = EVP_MD_CTX_create();
if (hmac == NULL
|| !EVP_MD_CTX_copy(hmac, hash))
return -1; return -1;
mac_ctx = &hmac; mac_ctx = hmac;
} }
if (SSL_IS_DTLS(ssl)) { if (SSL_IS_DTLS(ssl)) {
@ -953,16 +957,14 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
rec->length + md_size, rec->orig_len, rec->length + md_size, rec->orig_len,
ssl->s3->read_mac_secret, ssl->s3->read_mac_secret,
ssl->s3->read_mac_secret_size, 0) <= 0) { ssl->s3->read_mac_secret_size, 0) <= 0) {
if (!stream_mac) EVP_MD_CTX_destroy(hmac);
EVP_MD_CTX_cleanup(&hmac);
return -1; return -1;
} }
} else { } else {
if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0 if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
|| EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0 || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
|| EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) { || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
if (!stream_mac) EVP_MD_CTX_destroy(hmac);
EVP_MD_CTX_cleanup(&hmac);
return -1; return -1;
} }
if (!send && !SSL_USE_ETM(ssl) && FIPS_mode()) if (!send && !SSL_USE_ETM(ssl) && FIPS_mode())
@ -971,8 +973,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
rec->length, rec->orig_len); rec->length, rec->orig_len);
} }
if (!stream_mac) EVP_MD_CTX_destroy(hmac);
EVP_MD_CTX_cleanup(&hmac);
#ifdef TLS_DEBUG #ifdef TLS_DEBUG
fprintf(stderr, "seq="); fprintf(stderr, "seq=");

24
ssl/s3_cbc.c
View File

@ -201,7 +201,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
unsigned char first_block[MAX_HASH_BLOCK_SIZE]; unsigned char first_block[MAX_HASH_BLOCK_SIZE];
unsigned char mac_out[EVP_MAX_MD_SIZE]; unsigned char mac_out[EVP_MAX_MD_SIZE];
unsigned i, j, md_out_size_u; unsigned i, j, md_out_size_u;
EVP_MD_CTX md_ctx; EVP_MD_CTX *md_ctx = NULL;
/* /*
* mdLengthSize is the number of bytes in the length field that * mdLengthSize is the number of bytes in the length field that
* terminates * the hash. * terminates * the hash.
@ -497,34 +497,36 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
mac_out[j] |= block[j] & is_block_b; mac_out[j] |= block[j] & is_block_b;
} }
EVP_MD_CTX_init(&md_ctx); md_ctx = EVP_MD_CTX_create();
if (EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */ ) <= 0) if (md_ctx == NULL)
goto err;
if (EVP_DigestInit_ex(md_ctx, EVP_MD_CTX_md(ctx), NULL /* engine */ ) <= 0)
goto err; goto err;
if (is_sslv3) { if (is_sslv3) {
/* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */ /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
memset(hmac_pad, 0x5c, sslv3_pad_length); memset(hmac_pad, 0x5c, sslv3_pad_length);
if (EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length) <= 0 if (EVP_DigestUpdate(md_ctx, mac_secret, mac_secret_length) <= 0
|| EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length) <= 0 || EVP_DigestUpdate(md_ctx, hmac_pad, sslv3_pad_length) <= 0
|| EVP_DigestUpdate(&md_ctx, mac_out, md_size) <= 0) || EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0)
goto err; goto err;
} else { } else {
/* Complete the HMAC in the standard manner. */ /* Complete the HMAC in the standard manner. */
for (i = 0; i < md_block_size; i++) for (i = 0; i < md_block_size; i++)
hmac_pad[i] ^= 0x6a; hmac_pad[i] ^= 0x6a;
if (EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size) <= 0 if (EVP_DigestUpdate(md_ctx, hmac_pad, md_block_size) <= 0
|| EVP_DigestUpdate(&md_ctx, mac_out, md_size) <= 0) || EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0)
goto err; goto err;
} }
ret = EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u); ret = EVP_DigestFinal(md_ctx, md_out, &md_out_size_u);
if (ret && md_out_size) if (ret && md_out_size)
*md_out_size = md_out_size_u; *md_out_size = md_out_size_u;
EVP_MD_CTX_cleanup(&md_ctx); EVP_MD_CTX_destroy(md_ctx);
return 1; return 1;
err: err:
EVP_MD_CTX_cleanup(&md_ctx); EVP_MD_CTX_destroy(md_ctx);
return 0; return 0;
} }

96
ssl/s3_enc.c
View File

@ -142,19 +142,24 @@
static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
{ {
EVP_MD_CTX m5; EVP_MD_CTX *m5;
EVP_MD_CTX s1; EVP_MD_CTX *s1;
unsigned char buf[16], smd[SHA_DIGEST_LENGTH]; unsigned char buf[16], smd[SHA_DIGEST_LENGTH];
unsigned char c = 'A'; unsigned char c = 'A';
unsigned int i, j, k; unsigned int i, j, k;
int ret = 0;
#ifdef CHARSET_EBCDIC #ifdef CHARSET_EBCDIC
c = os_toascii[c]; /* 'A' in ASCII */ c = os_toascii[c]; /* 'A' in ASCII */
#endif #endif
k = 0; k = 0;
EVP_MD_CTX_init(&m5); m5 = EVP_MD_CTX_create();
EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); s1 = EVP_MD_CTX_create();
EVP_MD_CTX_init(&s1); if (m5 == NULL || s1 == NULL) {
SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
goto err;
}
EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) { for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
k++; k++;
if (k > sizeof buf) { if (k > sizeof buf) {
@ -166,30 +171,32 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
for (j = 0; j < k; j++) for (j = 0; j < k; j++)
buf[j] = c; buf[j] = c;
c++; c++;
EVP_DigestInit_ex(&s1, EVP_sha1(), NULL); EVP_DigestInit_ex(s1, EVP_sha1(), NULL);
EVP_DigestUpdate(&s1, buf, k); EVP_DigestUpdate(s1, buf, k);
EVP_DigestUpdate(&s1, s->session->master_key, EVP_DigestUpdate(s1, s->session->master_key,
s->session->master_key_length); s->session->master_key_length);
EVP_DigestUpdate(&s1, s->s3->server_random, SSL3_RANDOM_SIZE); EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE);
EVP_DigestUpdate(&s1, s->s3->client_random, SSL3_RANDOM_SIZE); EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE);
EVP_DigestFinal_ex(&s1, smd, NULL); EVP_DigestFinal_ex(s1, smd, NULL);
EVP_DigestInit_ex(&m5, EVP_md5(), NULL); EVP_DigestInit_ex(m5, EVP_md5(), NULL);
EVP_DigestUpdate(&m5, s->session->master_key, EVP_DigestUpdate(m5, s->session->master_key,
s->session->master_key_length); s->session->master_key_length);
EVP_DigestUpdate(&m5, smd, SHA_DIGEST_LENGTH); EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH);
if ((int)(i + MD5_DIGEST_LENGTH) > num) { if ((int)(i + MD5_DIGEST_LENGTH) > num) {
EVP_DigestFinal_ex(&m5, smd, NULL); EVP_DigestFinal_ex(m5, smd, NULL);
memcpy(km, smd, (num - i)); memcpy(km, smd, (num - i));
} else } else
EVP_DigestFinal_ex(&m5, km, NULL); EVP_DigestFinal_ex(m5, km, NULL);
km += MD5_DIGEST_LENGTH; km += MD5_DIGEST_LENGTH;
} }
OPENSSL_cleanse(smd, sizeof(smd)); OPENSSL_cleanse(smd, sizeof(smd));
EVP_MD_CTX_cleanup(&m5); ret = 1;
EVP_MD_CTX_cleanup(&s1); err:
return 1; EVP_MD_CTX_destroy(m5);
EVP_MD_CTX_destroy(s1);
return ret;
} }
int ssl3_change_cipher_state(SSL *s, int which) int ssl3_change_cipher_state(SSL *s, int which)
@ -492,7 +499,7 @@ int ssl3_digest_cached_records(SSL *s, int keep)
int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p) int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p)
{ {
int ret; int ret;
EVP_MD_CTX ctx; EVP_MD_CTX *ctx = NULL;
if (!ssl3_digest_cached_records(s, 0)) if (!ssl3_digest_cached_records(s, 0))
return 0; return 0;
@ -502,25 +509,29 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p)
return 0; return 0;
} }
EVP_MD_CTX_init(&ctx); ctx = EVP_MD_CTX_create();
EVP_MD_CTX_copy_ex(&ctx, s->s3->handshake_dgst); if (ctx == NULL) {
SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_MALLOC_FAILURE);
return 0;
}
EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst);
ret = EVP_MD_CTX_size(&ctx); ret = EVP_MD_CTX_size(ctx);
if (ret < 0) { if (ret < 0) {
EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_cleanup(ctx);
return 0; return 0;
} }
if ((sender != NULL && EVP_DigestUpdate(&ctx, sender, len) <= 0) if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0)
|| EVP_MD_CTX_ctrl(&ctx, EVP_CTRL_SSL3_MASTER_SECRET, || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET,
s->session->master_key_length, s->session->master_key_length,
s->session->master_key) <= 0 s->session->master_key) <= 0
|| EVP_DigestFinal_ex(&ctx, p, NULL) <= 0) { || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) {
SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR);
ret = 0; ret = 0;
} }
EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_destroy(ctx);
return ret; return ret;
} }
@ -540,29 +551,32 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
#endif #endif
}; };
unsigned char buf[EVP_MAX_MD_SIZE]; unsigned char buf[EVP_MAX_MD_SIZE];
EVP_MD_CTX ctx; EVP_MD_CTX *ctx = EVP_MD_CTX_create();
int i, ret = 0; int i, ret = 0;
unsigned int n; unsigned int n;
#ifdef OPENSSL_SSL_TRACE_CRYPTO #ifdef OPENSSL_SSL_TRACE_CRYPTO
unsigned char *tmpout = out; unsigned char *tmpout = out;
#endif #endif
EVP_MD_CTX_init(&ctx); if (ctx == NULL) {
SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_MALLOC_FAILURE);
return 0;
}
for (i = 0; i < 3; i++) { for (i = 0; i < 3; i++) {
if (EVP_DigestInit_ex(&ctx, s->ctx->sha1, NULL) <= 0 if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0
|| EVP_DigestUpdate(&ctx, salt[i], || EVP_DigestUpdate(ctx, salt[i],
strlen((const char *)salt[i])) <= 0 strlen((const char *)salt[i])) <= 0
|| EVP_DigestUpdate(&ctx, p, len) <= 0 || EVP_DigestUpdate(ctx, p, len) <= 0
|| EVP_DigestUpdate(&ctx, &(s->s3->client_random[0]), || EVP_DigestUpdate(ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestUpdate(&ctx, &(s->s3->server_random[0]), || EVP_DigestUpdate(ctx, &(s->s3->server_random[0]),
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestFinal_ex(&ctx, buf, &n) <= 0 || EVP_DigestFinal_ex(ctx, buf, &n) <= 0
|| EVP_DigestInit_ex(&ctx, s->ctx->md5, NULL) <= 0 || EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0
|| EVP_DigestUpdate(&ctx, p, len) <= 0 || EVP_DigestUpdate(ctx, p, len) <= 0
|| EVP_DigestUpdate(&ctx, buf, n) <= 0 || EVP_DigestUpdate(ctx, buf, n) <= 0
|| EVP_DigestFinal_ex(&ctx, out, &n) <= 0) { || EVP_DigestFinal_ex(ctx, out, &n) <= 0) {
SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
ret = 0; ret = 0;
break; break;
@ -570,7 +584,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
out += n; out += n;
ret += n; ret += n;
} }
EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_destroy(ctx);
#ifdef OPENSSL_SSL_TRACE_CRYPTO #ifdef OPENSSL_SSL_TRACE_CRYPTO
if (ret > 0 && s->msg_callback) { if (ret > 0 && s->msg_callback) {

14
ssl/ssl_lib.c
View File

@ -3197,19 +3197,23 @@ void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
/* Retrieve handshake hashes */ /* Retrieve handshake hashes */
int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen) int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen)
{ {
EVP_MD_CTX ctx; EVP_MD_CTX *ctx = NULL;
EVP_MD_CTX *hdgst = s->s3->handshake_dgst; EVP_MD_CTX *hdgst = s->s3->handshake_dgst;
int ret = EVP_MD_CTX_size(hdgst); int ret = EVP_MD_CTX_size(hdgst);
EVP_MD_CTX_init(&ctx);
if (ret < 0 || ret > outlen) { if (ret < 0 || ret > outlen) {
ret = 0; ret = 0;
goto err; goto err;
} }
if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ctx = EVP_MD_CTX_create();
|| EVP_DigestFinal_ex(&ctx, out, NULL) <= 0) if (ctx == NULL) {
ret = 0;
goto err;
}
if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
|| EVP_DigestFinal_ex(ctx, out, NULL) <= 0)
ret = 0; ret = 0;
err: err:
EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_destroy(ctx);
return ret; return ret;
} }

43
ssl/statem/statem_clnt.c
View File

@ -1573,7 +1573,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
{ {
EVP_MD_CTX md_ctx; EVP_MD_CTX *md_ctx;
int al, j; int al, j;
long alg_k, alg_a; long alg_k, alg_a;
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
@ -1592,7 +1592,12 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
#endif #endif
PACKET save_param_start, signature; PACKET save_param_start, signature;
EVP_MD_CTX_init(&md_ctx); md_ctx = EVP_MD_CTX_create();
if (md_ctx == NULL) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
goto f_err;
}
alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
@ -1882,18 +1887,18 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH); SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH);
goto f_err; goto f_err;
} }
if (EVP_VerifyInit_ex(&md_ctx, md, NULL) <= 0 if (EVP_VerifyInit_ex(md_ctx, md, NULL) <= 0
|| EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), || EVP_VerifyUpdate(md_ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]), || EVP_VerifyUpdate(md_ctx, &(s->s3->server_random[0]),
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_VerifyUpdate(&md_ctx, PACKET_data(&params), || EVP_VerifyUpdate(md_ctx, PACKET_data(&params),
PACKET_remaining(&params)) <= 0) { PACKET_remaining(&params)) <= 0) {
al = SSL_AD_INTERNAL_ERROR; al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB); SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
goto f_err; goto f_err;
} }
if (EVP_VerifyFinal(&md_ctx, PACKET_data(&signature), if (EVP_VerifyFinal(md_ctx, PACKET_data(&signature),
PACKET_remaining(&signature), pkey) <= 0) { PACKET_remaining(&signature), pkey) <= 0) {
/* bad signature */ /* bad signature */
al = SSL_AD_DECRYPT_ERROR; al = SSL_AD_DECRYPT_ERROR;
@ -1916,7 +1921,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
} }
} }
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
EVP_MD_CTX_cleanup(&md_ctx); EVP_MD_CTX_destroy(md_ctx);
return MSG_PROCESS_CONTINUE_READING; return MSG_PROCESS_CONTINUE_READING;
f_err: f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al); ssl3_send_alert(s, SSL3_AL_FATAL, al);
@ -1933,7 +1938,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
EC_POINT_free(srvr_ecpoint); EC_POINT_free(srvr_ecpoint);
EC_KEY_free(ecdh); EC_KEY_free(ecdh);
#endif #endif
EVP_MD_CTX_cleanup(&md_ctx); EVP_MD_CTX_destroy(md_ctx);
ossl_statem_set_error(s); ossl_statem_set_error(s);
return MSG_PROCESS_ERROR; return MSG_PROCESS_ERROR;
} }
@ -2894,13 +2899,17 @@ int tls_construct_client_verify(SSL *s)
unsigned char *p; unsigned char *p;
EVP_PKEY *pkey; EVP_PKEY *pkey;
const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys]; const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys];
EVP_MD_CTX mctx; EVP_MD_CTX *mctx;
unsigned u = 0; unsigned u = 0;
unsigned long n = 0; unsigned long n = 0;
long hdatalen = 0; long hdatalen = 0;
void *hdata; void *hdata;
EVP_MD_CTX_init(&mctx); mctx = EVP_MD_CTX_create();
if (mctx == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
p = ssl_handshake_start(s); p = ssl_handshake_start(s);
pkey = s->cert->key->privatekey; pkey = s->cert->key->privatekey;
@ -2921,13 +2930,13 @@ int tls_construct_client_verify(SSL *s)
#ifdef SSL_DEBUG #ifdef SSL_DEBUG
fprintf(stderr, "Using client alg %s\n", EVP_MD_name(md)); fprintf(stderr, "Using client alg %s\n", EVP_MD_name(md));
#endif #endif
if (!EVP_SignInit_ex(&mctx, md, NULL) if (!EVP_SignInit_ex(mctx, md, NULL)
|| !EVP_SignUpdate(&mctx, hdata, hdatalen) || !EVP_SignUpdate(mctx, hdata, hdatalen)
|| (s->version == SSL3_VERSION || (s->version == SSL3_VERSION
&& !EVP_MD_CTX_ctrl(&mctx, EVP_CTRL_SSL3_MASTER_SECRET, && !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
s->session->master_key_length, s->session->master_key_length,
s->session->master_key)) s->session->master_key))
|| !EVP_SignFinal(&mctx, p + 2, &u, pkey)) { || !EVP_SignFinal(mctx, p + 2, &u, pkey)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_EVP_LIB); SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_EVP_LIB);
goto err; goto err;
} }
@ -2949,10 +2958,10 @@ int tls_construct_client_verify(SSL *s)
goto err; goto err;
} }
EVP_MD_CTX_cleanup(&mctx); EVP_MD_CTX_destroy(mctx);
return 1; return 1;
err: err:
EVP_MD_CTX_cleanup(&mctx); EVP_MD_CTX_destroy(mctx);
return 0; return 0;
} }

41
ssl/statem/statem_srvr.c
View File

@ -1733,9 +1733,13 @@ int tls_construct_server_key_exchange(SSL *s)
BIGNUM *r[4]; BIGNUM *r[4];
int nr[4], kn; int nr[4], kn;
BUF_MEM *buf; BUF_MEM *buf;
EVP_MD_CTX md_ctx; EVP_MD_CTX *md_ctx = EVP_MD_CTX_create();
EVP_MD_CTX_init(&md_ctx); if (md_ctx == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
type = s->s3->tmp.new_cipher->algorithm_mkey; type = s->s3->tmp.new_cipher->algorithm_mkey;
cert = s->cert; cert = s->cert;
@ -2040,13 +2044,13 @@ int tls_construct_server_key_exchange(SSL *s)
#ifdef SSL_DEBUG #ifdef SSL_DEBUG
fprintf(stderr, "Using hash %s\n", EVP_MD_name(md)); fprintf(stderr, "Using hash %s\n", EVP_MD_name(md));
#endif #endif
if (EVP_SignInit_ex(&md_ctx, md, NULL) <= 0 if (EVP_SignInit_ex(md_ctx, md, NULL) <= 0
|| EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), || EVP_SignUpdate(md_ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), || EVP_SignUpdate(md_ctx, &(s->s3->server_random[0]),
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_SignUpdate(&md_ctx, d, n) <= 0 || EVP_SignUpdate(md_ctx, d, n) <= 0
|| EVP_SignFinal(&md_ctx, &(p[2]), || EVP_SignFinal(md_ctx, &(p[2]),
(unsigned int *)&i, pkey) <= 0) { (unsigned int *)&i, pkey) <= 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_LIB_EVP); SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_LIB_EVP);
al = SSL_AD_INTERNAL_ERROR; al = SSL_AD_INTERNAL_ERROR;
@ -2071,7 +2075,7 @@ int tls_construct_server_key_exchange(SSL *s)
goto f_err; goto f_err;
} }
EVP_MD_CTX_cleanup(&md_ctx); EVP_MD_CTX_destroy(md_ctx);
return 1; return 1;
f_err: f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al); ssl3_send_alert(s, SSL3_AL_FATAL, al);
@ -2080,7 +2084,7 @@ int tls_construct_server_key_exchange(SSL *s)
OPENSSL_free(encodedPoint); OPENSSL_free(encodedPoint);
BN_CTX_free(bn_ctx); BN_CTX_free(bn_ctx);
#endif #endif
EVP_MD_CTX_cleanup(&md_ctx); EVP_MD_CTX_destroy(md_ctx);
ossl_statem_set_error(s); ossl_statem_set_error(s);
return 0; return 0;
} }
@ -2884,8 +2888,13 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
long hdatalen = 0; long hdatalen = 0;
void *hdata; void *hdata;
EVP_MD_CTX mctx; EVP_MD_CTX *mctx = EVP_MD_CTX_create();
EVP_MD_CTX_init(&mctx);
if (mctx == NULL) {
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_MALLOC_FAILURE);
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
peer = s->session->peer; peer = s->session->peer;
pkey = X509_get_pubkey(peer); pkey = X509_get_pubkey(peer);
@ -2966,8 +2975,8 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
#ifdef SSL_DEBUG #ifdef SSL_DEBUG
fprintf(stderr, "Using client verify alg %s\n", EVP_MD_name(md)); fprintf(stderr, "Using client verify alg %s\n", EVP_MD_name(md));
#endif #endif
if (!EVP_VerifyInit_ex(&mctx, md, NULL) if (!EVP_VerifyInit_ex(mctx, md, NULL)
|| !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) { || !EVP_VerifyUpdate(mctx, hdata, hdatalen)) {
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB); SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB);
al = SSL_AD_INTERNAL_ERROR; al = SSL_AD_INTERNAL_ERROR;
goto f_err; goto f_err;
@ -2982,7 +2991,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
#endif #endif
if (s->version == SSL3_VERSION if (s->version == SSL3_VERSION
&& !EVP_MD_CTX_ctrl(&mctx, EVP_CTRL_SSL3_MASTER_SECRET, && !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
s->session->master_key_length, s->session->master_key_length,
s->session->master_key)) { s->session->master_key)) {
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB); SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB);
@ -2990,7 +2999,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
goto f_err; goto f_err;
} }
if (EVP_VerifyFinal(&mctx, data, len, pkey) <= 0) { if (EVP_VerifyFinal(mctx, data, len, pkey) <= 0) {
al = SSL_AD_DECRYPT_ERROR; al = SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_BAD_SIGNATURE); SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_BAD_SIGNATURE);
goto f_err; goto f_err;
@ -3004,7 +3013,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
} }
BIO_free(s->s3->handshake_buffer); BIO_free(s->s3->handshake_buffer);
s->s3->handshake_buffer = NULL; s->s3->handshake_buffer = NULL;
EVP_MD_CTX_cleanup(&mctx); EVP_MD_CTX_destroy(mctx);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
return ret; return ret;
} }

56
ssl/t1_enc.c
View File

@ -157,7 +157,7 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
{ {
int chunk; int chunk;
size_t j; size_t j;
EVP_MD_CTX ctx, ctx_tmp, ctx_init; EVP_MD_CTX *ctx, *ctx_tmp, *ctx_init;
EVP_PKEY *mac_key; EVP_PKEY *mac_key;
unsigned char A1[EVP_MAX_MD_SIZE]; unsigned char A1[EVP_MAX_MD_SIZE];
size_t A1_len; size_t A1_len;
@ -166,60 +166,62 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
chunk = EVP_MD_size(md); chunk = EVP_MD_size(md);
OPENSSL_assert(chunk >= 0); OPENSSL_assert(chunk >= 0);
EVP_MD_CTX_init(&ctx); ctx = EVP_MD_CTX_create();
EVP_MD_CTX_init(&ctx_tmp); ctx_tmp = EVP_MD_CTX_create();
EVP_MD_CTX_init(&ctx_init); ctx_init = EVP_MD_CTX_create();
EVP_MD_CTX_set_flags(&ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); if (ctx == NULL || ctx_tmp == NULL || ctx_init == NULL)
goto err;
EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len); mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
if (!mac_key) if (!mac_key)
goto err; goto err;
if (!EVP_DigestSignInit(&ctx_init, NULL, md, NULL, mac_key)) if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key))
goto err; goto err;
if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init)) if (!EVP_MD_CTX_copy_ex(ctx, ctx_init))
goto err; goto err;
if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len)) if (seed1 && !EVP_DigestSignUpdate(ctx, seed1, seed1_len))
goto err; goto err;
if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len)) if (seed2 && !EVP_DigestSignUpdate(ctx, seed2, seed2_len))
goto err; goto err;
if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len)) if (seed3 && !EVP_DigestSignUpdate(ctx, seed3, seed3_len))
goto err; goto err;
if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len)) if (seed4 && !EVP_DigestSignUpdate(ctx, seed4, seed4_len))
goto err; goto err;
if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len)) if (seed5 && !EVP_DigestSignUpdate(ctx, seed5, seed5_len))
goto err; goto err;
if (!EVP_DigestSignFinal(&ctx, A1, &A1_len)) if (!EVP_DigestSignFinal(ctx, A1, &A1_len))
goto err; goto err;
for (;;) { for (;;) {
/* Reinit mac contexts */ /* Reinit mac contexts */
if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init)) if (!EVP_MD_CTX_copy_ex(ctx, ctx_init))
goto err; goto err;
if (!EVP_DigestSignUpdate(&ctx, A1, A1_len)) if (!EVP_DigestSignUpdate(ctx, A1, A1_len))
goto err; goto err;
if (olen > chunk && !EVP_MD_CTX_copy_ex(&ctx_tmp, &ctx)) if (olen > chunk && !EVP_MD_CTX_copy_ex(ctx_tmp, ctx))
goto err; goto err;
if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len)) if (seed1 && !EVP_DigestSignUpdate(ctx, seed1, seed1_len))
goto err; goto err;
if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len)) if (seed2 && !EVP_DigestSignUpdate(ctx, seed2, seed2_len))
goto err; goto err;
if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len)) if (seed3 && !EVP_DigestSignUpdate(ctx, seed3, seed3_len))
goto err; goto err;
if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len)) if (seed4 && !EVP_DigestSignUpdate(ctx, seed4, seed4_len))
goto err; goto err;
if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len)) if (seed5 && !EVP_DigestSignUpdate(ctx, seed5, seed5_len))
goto err; goto err;
if (olen > chunk) { if (olen > chunk) {
if (!EVP_DigestSignFinal(&ctx, out, &j)) if (!EVP_DigestSignFinal(ctx, out, &j))
goto err; goto err;
out += j; out += j;
olen -= j; olen -= j;
/* calc the next A1 value */ /* calc the next A1 value */
if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len)) if (!EVP_DigestSignFinal(ctx_tmp, A1, &A1_len))
goto err; goto err;
} else { /* last one */ } else { /* last one */
if (!EVP_DigestSignFinal(&ctx, A1, &A1_len)) if (!EVP_DigestSignFinal(ctx, A1, &A1_len))
goto err; goto err;
memcpy(out, A1, olen); memcpy(out, A1, olen);
break; break;
@ -228,9 +230,9 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
ret = 1; ret = 1;
err: err:
EVP_PKEY_free(mac_key); EVP_PKEY_free(mac_key);
EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_destroy(ctx);
EVP_MD_CTX_cleanup(&ctx_tmp); EVP_MD_CTX_destroy(ctx_tmp);
EVP_MD_CTX_cleanup(&ctx_init); EVP_MD_CTX_destroy(ctx_init);
OPENSSL_cleanse(A1, sizeof(A1)); OPENSSL_cleanse(A1, sizeof(A1));
return ret; return ret;
} }

14
test/ecdsatest.c
View File

@ -188,17 +188,19 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
const char message[] = "abc"; const char message[] = "abc";
unsigned char digest[20]; unsigned char digest[20];
unsigned int dgst_len = 0; unsigned int dgst_len = 0;
EVP_MD_CTX md_ctx; EVP_MD_CTX *md_ctx = EVP_MD_CTX_create();
EC_KEY *key = NULL; EC_KEY *key = NULL;
ECDSA_SIG *signature = NULL; ECDSA_SIG *signature = NULL;
BIGNUM *r = NULL, *s = NULL; BIGNUM *r = NULL, *s = NULL;
BIGNUM *kinv = NULL, *rp = NULL; BIGNUM *kinv = NULL, *rp = NULL;
EVP_MD_CTX_init(&md_ctx); if (md_ctx == NULL)
goto x962_int_err;
/* get the message digest */ /* get the message digest */
if (!EVP_DigestInit(&md_ctx, EVP_sha1()) if (!EVP_DigestInit(md_ctx, EVP_sha1())
|| !EVP_DigestUpdate(&md_ctx, (const void *)message, 3) || !EVP_DigestUpdate(md_ctx, (const void *)message, 3)
|| !EVP_DigestFinal(&md_ctx, digest, &dgst_len)) || !EVP_DigestFinal(md_ctx, digest, &dgst_len))
goto x962_int_err; goto x962_int_err;
BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid)); BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));
@ -244,7 +246,7 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
ECDSA_SIG_free(signature); ECDSA_SIG_free(signature);
BN_free(r); BN_free(r);
BN_free(s); BN_free(s);
EVP_MD_CTX_cleanup(&md_ctx); EVP_MD_CTX_destroy(md_ctx);
BN_clear_free(kinv); BN_clear_free(kinv);
BN_clear_free(rp); BN_clear_free(rp);
return ret; return ret;

38
test/evp_extra_test.c
View File

@ -277,19 +277,21 @@ static int test_EVP_DigestSignInit(void)
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
unsigned char *sig = NULL; unsigned char *sig = NULL;
size_t sig_len = 0; size_t sig_len = 0;
EVP_MD_CTX md_ctx, md_ctx_verify; EVP_MD_CTX *md_ctx, *md_ctx_verify;
EVP_MD_CTX_init(&md_ctx); md_ctx = EVP_MD_CTX_create();
EVP_MD_CTX_init(&md_ctx_verify); md_ctx_verify = EVP_MD_CTX_create();
if (md_ctx == NULL || md_ctx_verify == NULL)
goto out;
pkey = load_example_rsa_key(); pkey = load_example_rsa_key();
if (pkey == NULL || if (pkey == NULL ||
!EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) || !EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) ||
!EVP_DigestSignUpdate(&md_ctx, kMsg, sizeof(kMsg))) { !EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))) {
goto out; goto out;
} }
/* Determine the size of the signature. */ /* Determine the size of the signature. */
if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len)) { if (!EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) {
goto out; goto out;
} }
/* Sanity check for testing. */ /* Sanity check for testing. */
@ -299,14 +301,14 @@ static int test_EVP_DigestSignInit(void)
} }
sig = OPENSSL_malloc(sig_len); sig = OPENSSL_malloc(sig_len);
if (sig == NULL || !EVP_DigestSignFinal(&md_ctx, sig, &sig_len)) { if (sig == NULL || !EVP_DigestSignFinal(md_ctx, sig, &sig_len)) {
goto out; goto out;
} }
/* Ensure that the signature round-trips. */ /* Ensure that the signature round-trips. */
if (!EVP_DigestVerifyInit(&md_ctx_verify, NULL, EVP_sha256(), NULL, pkey) if (!EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(), NULL, pkey)
|| !EVP_DigestVerifyUpdate(&md_ctx_verify, kMsg, sizeof(kMsg)) || !EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))
|| !EVP_DigestVerifyFinal(&md_ctx_verify, sig, sig_len)) { || !EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)) {
goto out; goto out;
} }
@ -317,8 +319,8 @@ static int test_EVP_DigestSignInit(void)
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stderr);
} }
EVP_MD_CTX_cleanup(&md_ctx); EVP_MD_CTX_destroy(md_ctx);
EVP_MD_CTX_cleanup(&md_ctx_verify); EVP_MD_CTX_destroy(md_ctx_verify);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
OPENSSL_free(sig); OPENSSL_free(sig);
@ -329,15 +331,15 @@ static int test_EVP_DigestVerifyInit(void)
{ {
int ret = 0; int ret = 0;
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
EVP_MD_CTX md_ctx; EVP_MD_CTX *md_ctx;
EVP_MD_CTX_init(&md_ctx); md_ctx = EVP_MD_CTX_create();
pkey = load_example_rsa_key(); pkey = load_example_rsa_key();
if (pkey == NULL || if (pkey == NULL ||
!EVP_DigestVerifyInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) || !EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) ||
!EVP_DigestVerifyUpdate(&md_ctx, kMsg, sizeof(kMsg)) || !EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)) ||
!EVP_DigestVerifyFinal(&md_ctx, kSignature, sizeof(kSignature))) { !EVP_DigestVerifyFinal(md_ctx, kSignature, sizeof(kSignature))) {
goto out; goto out;
} }
ret = 1; ret = 1;
@ -347,7 +349,7 @@ static int test_EVP_DigestVerifyInit(void)
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stderr);
} }
EVP_MD_CTX_cleanup(&md_ctx); EVP_MD_CTX_destroy(md_ctx);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
return ret; return ret;

6
test/evp_test.c
View File

@ -713,8 +713,7 @@ static int digest_test_run(struct evp_test *t)
goto err; goto err;
err = NULL; err = NULL;
err: err:
if (mctx) EVP_MD_CTX_destroy(mctx);
EVP_MD_CTX_destroy(mctx);
t->err = err; t->err = err;
return 1; return 1;
} }
@ -1129,8 +1128,7 @@ static int mac_test_run(struct evp_test *t)
goto err; goto err;
err = NULL; err = NULL;
err: err:
if (mctx) EVP_MD_CTX_destroy(mctx);
EVP_MD_CTX_destroy(mctx);
OPENSSL_free(mac); OPENSSL_free(mac);
EVP_PKEY_CTX_free(genctx); EVP_PKEY_CTX_free(genctx);
EVP_PKEY_free(key); EVP_PKEY_free(key);

21
test/gost2814789test.c
View File

@ -1207,7 +1207,7 @@ int main(int argc, char *argv[])
u64 ullMaxLen = 6 * 1000 * 1000; u64 ullMaxLen = 6 * 1000 * 1000;
int ignore = 0; int ignore = 0;
ENGINE *impl = NULL; ENGINE *impl = NULL;
EVP_MD_CTX mctx; EVP_MD_CTX *mctx;
EVP_CIPHER_CTX ectx; EVP_CIPHER_CTX ectx;
EVP_PKEY *mac_key; EVP_PKEY *mac_key;
byte bDerive[EVP_MAX_KEY_LENGTH]; byte bDerive[EVP_MAX_KEY_LENGTH];
@ -1391,28 +1391,33 @@ int main(int argc, char *argv[])
*/ */
continue; continue;
} }
EVP_MD_CTX_init(&mctx); mctx = EVP_MD_CTX_create();
if (mctx == NULL) {
fflush(NULL);
fprintf(stderr, "ENGINE_ctrl_cmd_string: malloc failure\n");
return 14;
}
mac_key = EVP_PKEY_new_mac_key(NID_id_Gost28147_89_MAC, NULL, mac_key = EVP_PKEY_new_mac_key(NID_id_Gost28147_89_MAC, NULL,
bDerive, mdl); bDerive, mdl);
EVP_DigestSignInit(&mctx, NULL, md_g89imit, impl, mac_key); EVP_DigestSignInit(mctx, NULL, md_g89imit, impl, mac_key);
if (G89_MAX_TC_LEN >= tcs[t].ullLen) { if (G89_MAX_TC_LEN >= tcs[t].ullLen) {
EVP_DigestSignUpdate(&mctx, tcs[t].bIn, EVP_DigestSignUpdate(mctx, tcs[t].bIn,
(unsigned int)tcs[t].ullLen); (unsigned int)tcs[t].ullLen);
} else { } else {
for (ullLeft = tcs[t].ullLen; for (ullLeft = tcs[t].ullLen;
ullLeft >= sizeof(bZB); ullLeft -= sizeof(bZB)) { ullLeft >= sizeof(bZB); ullLeft -= sizeof(bZB)) {
printf("B"); printf("B");
fflush(NULL); fflush(NULL);
EVP_DigestSignUpdate(&mctx, bZB, sizeof(bZB)); EVP_DigestSignUpdate(mctx, bZB, sizeof(bZB));
} }
printf("b" FMT64 "/" FMT64, ullLeft, tcs[t].ullLen); printf("b" FMT64 "/" FMT64, ullLeft, tcs[t].ullLen);
fflush(NULL); fflush(NULL);
EVP_DigestSignUpdate(&mctx, bZB, (unsigned int)ullLeft); EVP_DigestSignUpdate(mctx, bZB, (unsigned int)ullLeft);
} }
siglen = 4; siglen = 4;
OPENSSL_assert(EVP_DigestSignFinal(&mctx, bTest, &siglen)); OPENSSL_assert(EVP_DigestSignFinal(mctx, bTest, &siglen));
EVP_PKEY_free(mac_key); EVP_PKEY_free(mac_key);
EVP_MD_CTX_cleanup(&mctx); EVP_MD_CTX_destroy(mctx);
enlu = (int)tcs[t].ullLen; enlu = (int)tcs[t].ullLen;
enlf = 0; enlf = 0;
l = siglen; l = siglen;

20
test/mdc2test.c
View File

@ -95,17 +95,17 @@ int main(int argc, char *argv[])
int ret = 0; int ret = 0;
unsigned char md[MDC2_DIGEST_LENGTH]; unsigned char md[MDC2_DIGEST_LENGTH];
int i; int i;
EVP_MD_CTX c; EVP_MD_CTX *c;
static char *text = "Now is the time for all "; static char *text = "Now is the time for all ";
# ifdef CHARSET_EBCDIC # ifdef CHARSET_EBCDIC
ebcdic2ascii(text, text, strlen(text)); ebcdic2ascii(text, text, strlen(text));
# endif # endif
EVP_MD_CTX_init(&c); c = EVP_MD_CTX_create();
EVP_DigestInit_ex(&c, EVP_mdc2(), NULL); EVP_DigestInit_ex(c, EVP_mdc2(), NULL);
EVP_DigestUpdate(&c, (unsigned char *)text, strlen(text)); EVP_DigestUpdate(c, (unsigned char *)text, strlen(text));
EVP_DigestFinal_ex(&c, &(md[0]), NULL); EVP_DigestFinal_ex(c, &(md[0]), NULL);
if (memcmp(md, pad1, MDC2_DIGEST_LENGTH) != 0) { if (memcmp(md, pad1, MDC2_DIGEST_LENGTH) != 0) {
for (i = 0; i < MDC2_DIGEST_LENGTH; i++) for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
@ -118,11 +118,11 @@ int main(int argc, char *argv[])
} else } else
printf("pad1 - ok\n"); printf("pad1 - ok\n");
EVP_DigestInit_ex(&c, EVP_mdc2(), NULL); EVP_DigestInit_ex(c, EVP_mdc2(), NULL);
/* FIXME: use a ctl function? */ /* FIXME: use a ctl function? */
((MDC2_CTX *)c.md_data)->pad_type = 2; ((MDC2_CTX *)EVP_MD_CTX_md_data(c))->pad_type = 2;
EVP_DigestUpdate(&c, (unsigned char *)text, strlen(text)); EVP_DigestUpdate(c, (unsigned char *)text, strlen(text));
EVP_DigestFinal_ex(&c, &(md[0]), NULL); EVP_DigestFinal_ex(c, &(md[0]), NULL);
if (memcmp(md, pad2, MDC2_DIGEST_LENGTH) != 0) { if (memcmp(md, pad2, MDC2_DIGEST_LENGTH) != 0) {
for (i = 0; i < MDC2_DIGEST_LENGTH; i++) for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
@ -135,7 +135,7 @@ int main(int argc, char *argv[])
} else } else
printf("pad2 - ok\n"); printf("pad2 - ok\n");
EVP_MD_CTX_cleanup(&c); EVP_MD_CTX_destroy(c);
# ifdef OPENSSL_SYS_NETWARE # ifdef OPENSSL_SYS_NETWARE
if (ret) if (ret)
printf("ERROR: %d\n", ret); printf("ERROR: %d\n", ret);

12
test/sha1test.c
View File

@ -88,7 +88,7 @@ int main(int argc, char *argv[])
char **P, **R; char **P, **R;
static unsigned char buf[1000]; static unsigned char buf[1000];
char *p, *r; char *p, *r;
EVP_MD_CTX c; EVP_MD_CTX *c;
unsigned char md[SHA_DIGEST_LENGTH]; unsigned char md[SHA_DIGEST_LENGTH];
#ifdef CHARSET_EBCDIC #ifdef CHARSET_EBCDIC
@ -96,7 +96,7 @@ int main(int argc, char *argv[])
ebcdic2ascii(test[1], test[1], strlen(test[1])); ebcdic2ascii(test[1], test[1], strlen(test[1]));
#endif #endif
EVP_MD_CTX_init(&c); c = EVP_MD_CTX_create();
P = test; P = test;
R = ret; R = ret;
i = 1; i = 1;
@ -118,10 +118,10 @@ int main(int argc, char *argv[])
#ifdef CHARSET_EBCDIC #ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, 1000); ebcdic2ascii(buf, buf, 1000);
#endif /* CHARSET_EBCDIC */ #endif /* CHARSET_EBCDIC */
EVP_DigestInit_ex(&c, EVP_sha1(), NULL); EVP_DigestInit_ex(c, EVP_sha1(), NULL);
for (i = 0; i < 1000; i++) for (i = 0; i < 1000; i++)
EVP_DigestUpdate(&c, buf, 1000); EVP_DigestUpdate(c, buf, 1000);
EVP_DigestFinal_ex(&c, md, NULL); EVP_DigestFinal_ex(c, md, NULL);
p = pt(md); p = pt(md);
r = bigret; r = bigret;
@ -137,7 +137,7 @@ int main(int argc, char *argv[])
printf("ERROR: %d\n", err); printf("ERROR: %d\n", err);
#endif #endif
EXIT(err); EXIT(err);
EVP_MD_CTX_cleanup(&c); EVP_MD_CTX_destroy(c);
return (0); return (0);
} }

26
test/sha256t.c
View File

@ -56,7 +56,7 @@ int main(int argc, char **argv)
{ {
unsigned char md[SHA256_DIGEST_LENGTH]; unsigned char md[SHA256_DIGEST_LENGTH];
int i; int i;
EVP_MD_CTX evp; EVP_MD_CTX *evp;
fprintf(stdout, "Testing SHA-256 "); fprintf(stdout, "Testing SHA-256 ");
@ -80,10 +80,15 @@ int main(int argc, char **argv)
fprintf(stdout, "."); fprintf(stdout, ".");
fflush(stdout); fflush(stdout);
EVP_MD_CTX_init(&evp); evp = EVP_MD_CTX_create();
EVP_DigestInit_ex(&evp, EVP_sha256(), NULL); if (evp == NULL) {
fflush(stdout);
fprintf(stderr, "\nTEST 3 of 3 failed. (malloc failure)\n");
return 1;
}
EVP_DigestInit_ex(evp, EVP_sha256(), NULL);
for (i = 0; i < 1000000; i += 288) for (i = 0; i < 1000000; i += 288)
EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
@ -93,8 +98,7 @@ int main(int argc, char **argv)
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
(1000000 - i) < 288 ? 1000000 - i : 288); (1000000 - i) < 288 ? 1000000 - i : 288);
EVP_DigestFinal_ex(&evp, md, NULL); EVP_DigestFinal_ex(evp, md, NULL);
EVP_MD_CTX_cleanup(&evp);
if (memcmp(md, app_b3, sizeof(app_b3))) { if (memcmp(md, app_b3, sizeof(app_b3))) {
fflush(stdout); fflush(stdout);
@ -129,14 +133,14 @@ int main(int argc, char **argv)
fprintf(stdout, "."); fprintf(stdout, ".");
fflush(stdout); fflush(stdout);
EVP_MD_CTX_init(&evp); EVP_MD_CTX_init(evp);
EVP_DigestInit_ex(&evp, EVP_sha224(), NULL); EVP_DigestInit_ex(evp, EVP_sha224(), NULL);
for (i = 0; i < 1000000; i += 64) for (i = 0; i < 1000000; i += 64)
EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
(1000000 - i) < 64 ? 1000000 - i : 64); (1000000 - i) < 64 ? 1000000 - i : 64);
EVP_DigestFinal_ex(&evp, md, NULL); EVP_DigestFinal_ex(evp, md, NULL);
EVP_MD_CTX_cleanup(&evp); EVP_MD_CTX_destroy(evp);
if (memcmp(md, addenum_3, sizeof(addenum_3))) { if (memcmp(md, addenum_3, sizeof(addenum_3))) {
fflush(stdout); fflush(stdout);

26
test/sha512t.c
View File

@ -75,7 +75,7 @@ int main(int argc, char **argv)
{ {
unsigned char md[SHA512_DIGEST_LENGTH]; unsigned char md[SHA512_DIGEST_LENGTH];
int i; int i;
EVP_MD_CTX evp; EVP_MD_CTX *evp;
# ifdef OPENSSL_IA32_SSE2 # ifdef OPENSSL_IA32_SSE2
/* /*
@ -113,10 +113,15 @@ int main(int argc, char **argv)
fprintf(stdout, "."); fprintf(stdout, ".");
fflush(stdout); fflush(stdout);
EVP_MD_CTX_init(&evp); evp = EVP_MD_CTX_create();
EVP_DigestInit_ex(&evp, EVP_sha512(), NULL); if (evp == NULL) {
fflush(stdout);
fprintf(stderr, "\nTEST 3 of 3 failed. (malloc failure)\n");
return 1;
}
EVP_DigestInit_ex(evp, EVP_sha512(), NULL);
for (i = 0; i < 1000000; i += 288) for (i = 0; i < 1000000; i += 288)
EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
@ -126,8 +131,8 @@ int main(int argc, char **argv)
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
(1000000 - i) < 288 ? 1000000 - i : 288); (1000000 - i) < 288 ? 1000000 - i : 288);
EVP_DigestFinal_ex(&evp, md, NULL); EVP_DigestFinal_ex(evp, md, NULL);
EVP_MD_CTX_cleanup(&evp); EVP_MD_CTX_cleanup(evp);
if (memcmp(md, app_c3, sizeof(app_c3))) { if (memcmp(md, app_c3, sizeof(app_c3))) {
fflush(stdout); fflush(stdout);
@ -163,14 +168,13 @@ int main(int argc, char **argv)
fprintf(stdout, "."); fprintf(stdout, ".");
fflush(stdout); fflush(stdout);
EVP_MD_CTX_init(&evp); EVP_DigestInit_ex(evp, EVP_sha384(), NULL);
EVP_DigestInit_ex(&evp, EVP_sha384(), NULL);
for (i = 0; i < 1000000; i += 64) for (i = 0; i < 1000000; i += 64)
EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
(1000000 - i) < 64 ? 1000000 - i : 64); (1000000 - i) < 64 ? 1000000 - i : 64);
EVP_DigestFinal_ex(&evp, md, NULL); EVP_DigestFinal_ex(evp, md, NULL);
EVP_MD_CTX_cleanup(&evp); EVP_MD_CTX_destroy(evp);
if (memcmp(md, app_d3, sizeof(app_d3))) { if (memcmp(md, app_d3, sizeof(app_d3))) {
fflush(stdout); fflush(stdout);