From: Richard Levitte Date: Fri, 27 Nov 2015 13:02:12 +0000 (+0100) Subject: Adjust all accesses to EVP_MD_CTX to use accessor functions. X-Git-Tag: OpenSSL_1_1_0-pre1~116 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6e59a892db781658c050e5217127c4147c116ac9;p=openssl Adjust all accesses to EVP_MD_CTX to use accessor functions. Reviewed-by: Rich Salz --- diff --git a/apps/passwd.c b/apps/passwd.c index 372e0e804e..70ecb874ef 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -307,7 +307,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) char *salt_out; int n; unsigned int i; - EVP_MD_CTX md, md2; + EVP_MD_CTX *md, *md2; size_t passwd_len, salt_len; passwd_len = strlen(passwd); @@ -322,45 +322,50 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) salt_len = strlen(salt_out); assert(salt_len <= 8); - EVP_MD_CTX_init(&md); - EVP_DigestInit_ex(&md, EVP_md5(), NULL); - EVP_DigestUpdate(&md, passwd, passwd_len); - EVP_DigestUpdate(&md, "$", 1); - EVP_DigestUpdate(&md, magic, strlen(magic)); - EVP_DigestUpdate(&md, "$", 1); - EVP_DigestUpdate(&md, salt_out, salt_len); - - EVP_MD_CTX_init(&md2); - EVP_DigestInit_ex(&md2, EVP_md5(), NULL); - EVP_DigestUpdate(&md2, passwd, passwd_len); - EVP_DigestUpdate(&md2, salt_out, salt_len); - EVP_DigestUpdate(&md2, passwd, passwd_len); - EVP_DigestFinal_ex(&md2, buf, NULL); + md = EVP_MD_CTX_create(); + if (md == NULL) + return NULL; + EVP_DigestInit_ex(md, EVP_md5(), NULL); + EVP_DigestUpdate(md, passwd, passwd_len); + EVP_DigestUpdate(md, "$", 1); + EVP_DigestUpdate(md, magic, strlen(magic)); + EVP_DigestUpdate(md, "$", 1); + EVP_DigestUpdate(md, salt_out, salt_len); + + md2 = EVP_MD_CTX_create(); + if (md2 == NULL) + return NULL; + EVP_DigestInit_ex(md2, EVP_md5(), NULL); + EVP_DigestUpdate(md2, passwd, passwd_len); + EVP_DigestUpdate(md2, salt_out, salt_len); + EVP_DigestUpdate(md2, passwd, passwd_len); + EVP_DigestFinal_ex(md2, buf, NULL); for (i = passwd_len; i > sizeof buf; i -= sizeof buf) - EVP_DigestUpdate(&md, buf, sizeof buf); - EVP_DigestUpdate(&md, buf, i); + EVP_DigestUpdate(md, buf, sizeof buf); + EVP_DigestUpdate(md, buf, i); n = passwd_len; while (n) { - EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1); + EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1); n >>= 1; } - EVP_DigestFinal_ex(&md, buf, NULL); + EVP_DigestFinal_ex(md, buf, NULL); for (i = 0; i < 1000; i++) { - EVP_DigestInit_ex(&md2, EVP_md5(), NULL); - EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf, + EVP_DigestInit_ex(md2, EVP_md5(), NULL); + EVP_DigestUpdate(md2, (i & 1) ? (unsigned const char *)passwd : buf, (i & 1) ? passwd_len : sizeof buf); if (i % 3) - EVP_DigestUpdate(&md2, salt_out, salt_len); + EVP_DigestUpdate(md2, salt_out, salt_len); if (i % 7) - EVP_DigestUpdate(&md2, passwd, passwd_len); - EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd, + EVP_DigestUpdate(md2, passwd, passwd_len); + EVP_DigestUpdate(md2, (i & 1) ? buf : (unsigned const char *)passwd, (i & 1) ? sizeof buf : passwd_len); - EVP_DigestFinal_ex(&md2, buf, NULL); + EVP_DigestFinal_ex(md2, buf, NULL); } - EVP_MD_CTX_cleanup(&md2); + EVP_MD_CTX_destroy(md2); + EVP_MD_CTX_destroy(md); { /* transform buf into output string */ @@ -399,7 +404,6 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) *output = 0; assert(strlen(out_buf) < sizeof(out_buf)); } - EVP_MD_CTX_cleanup(&md); return out_buf; } diff --git a/apps/req.c b/apps/req.c index 5d9231c4ce..267a0a025a 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1492,7 +1492,8 @@ static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey, EVP_PKEY_CTX *pkctx = NULL; int i; - EVP_MD_CTX_init(ctx); + if (ctx == NULL) + return 0; if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey)) return 0; for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) { @@ -1510,13 +1511,16 @@ int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) { int rv; - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); - EVP_MD_CTX_init(&mctx); - rv = do_sign_init(&mctx, pkey, md, sigopts); + rv = do_sign_init(mctx, pkey, md, sigopts); + /* Note: X509_sign_ctx() calls ASN1_item_sign_ctx(), which destroys + * the EVP_MD_CTX we send it, so only destroy it here if the former + * isn't called */ if (rv > 0) - rv = X509_sign_ctx(x, &mctx); - EVP_MD_CTX_cleanup(&mctx); + rv = X509_sign_ctx(x, mctx); + else + EVP_MD_CTX_destroy(mctx); return rv > 0 ? 1 : 0; } @@ -1524,13 +1528,15 @@ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) { int rv; - EVP_MD_CTX mctx; - - EVP_MD_CTX_init(&mctx); - rv = do_sign_init(&mctx, pkey, md, sigopts); + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); + rv = do_sign_init(mctx, pkey, md, sigopts); + /* Note: X509_REQ_sign_ctx() calls ASN1_item_sign_ctx(), which destroys + * the EVP_MD_CTX we send it, so only destroy it here if the former + * isn't called */ if (rv > 0) - rv = X509_REQ_sign_ctx(x, &mctx); - EVP_MD_CTX_cleanup(&mctx); + rv = X509_REQ_sign_ctx(x, mctx); + else + EVP_MD_CTX_destroy(mctx); return rv > 0 ? 1 : 0; } @@ -1538,12 +1544,14 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) { int rv; - EVP_MD_CTX mctx; - - EVP_MD_CTX_init(&mctx); - rv = do_sign_init(&mctx, pkey, md, sigopts); + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); + rv = do_sign_init(mctx, pkey, md, sigopts); + /* Note: X509_CRL_sign_ctx() calls ASN1_item_sign_ctx(), which destroys + * the EVP_MD_CTX we send it, so only destroy it here if the former + * isn't called */ if (rv > 0) - rv = X509_CRL_sign_ctx(x, &mctx); - EVP_MD_CTX_cleanup(&mctx); + rv = X509_CRL_sign_ctx(x, mctx); + else + EVP_MD_CTX_destroy(mctx); return rv > 0 ? 1 : 0; } diff --git a/apps/ts.c b/apps/ts.c index ac91323ac6..4da61d422c 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -523,17 +523,22 @@ static int create_digest(BIO *input, char *digest, const EVP_MD *md, return 0; if (input) { - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx = EVP_MD_CTX_create(); unsigned char buffer[4096]; int length; + if (md_ctx == NULL) + return 0; *md_value = app_malloc(md_value_len, "digest buffer"); - EVP_DigestInit(&md_ctx, md); + EVP_DigestInit(md_ctx, md); while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) { - EVP_DigestUpdate(&md_ctx, buffer, length); + EVP_DigestUpdate(md_ctx, buffer, length); } - if (!EVP_DigestFinal(&md_ctx, *md_value, NULL)) + if (!EVP_DigestFinal(md_ctx, *md_value, NULL)) { + EVP_MD_CTX_destroy(md_ctx); return 0; + } + EVP_MD_CTX_destroy(md_ctx); } else { long digest_len; *md_value = string_to_hex(digest, &digest_len); diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 18923b153e..a3abdc47fc 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -131,12 +131,15 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, const EVP_MD *type) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); unsigned char *p, *buf_in = NULL, *buf_out = NULL; int i, inl = 0, outl = 0, outll = 0; X509_ALGOR *a; - EVP_MD_CTX_init(&ctx); + if (ctx == NULL) { + ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } for (i = 0; i < 2; i++) { if (i == 0) a = algor1; @@ -182,9 +185,9 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, p = buf_in; i2d(data, &p); - if (!EVP_SignInit_ex(&ctx, type, NULL) - || !EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl) - || !EVP_SignFinal(&ctx, (unsigned char *)buf_out, + if (!EVP_SignInit_ex(ctx, type, NULL) + || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl) + || !EVP_SignFinal(ctx, (unsigned char *)buf_out, (unsigned int *)&outl, pkey)) { outl = 0; ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB); @@ -201,7 +204,7 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); OPENSSL_clear_free((char *)buf_out, outll); return (outl); @@ -213,13 +216,17 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, const EVP_MD *type) { - EVP_MD_CTX ctx; - EVP_MD_CTX_init(&ctx); - if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) { - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); + + if (ctx == NULL) { + ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE); + return 0; + } + if (!EVP_DigestSignInit(ctx, NULL, type, NULL, pkey)) { + EVP_MD_CTX_destroy(ctx); return 0; } - return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx); + return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx); } int ASN1_item_sign_ctx(const ASN1_ITEM *it, @@ -234,7 +241,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, int rv; type = EVP_MD_CTX_md(ctx); - pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); + pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); if (!type || !pkey) { ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); @@ -307,7 +314,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err: - EVP_MD_CTX_cleanup(ctx); + EVP_MD_CTX_destroy(ctx); OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); OPENSSL_clear_free((char *)buf_out, outll); return (outl); diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 540b71c4d4..e958cdec87 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -77,12 +77,15 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *type; unsigned char *p, *buf_in = NULL; int ret = -1, i, inl; - EVP_MD_CTX_init(&ctx); + if (ctx == NULL) { + ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } i = OBJ_obj2nid(a->algorithm); type = EVP_get_digestbyname(OBJ_nid2sn(i)); if (type == NULL) { @@ -104,8 +107,8 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, p = buf_in; i2d(data, &p); - ret = EVP_VerifyInit_ex(&ctx, type, NULL) - && EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl); + ret = EVP_VerifyInit_ex(ctx, type, NULL) + && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl); OPENSSL_clear_free(buf_in, (unsigned int)inl); @@ -115,7 +118,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, } ret = -1; - if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data, + if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data, (unsigned int)signature->length, pkey) <= 0) { ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); ret = 0; @@ -123,7 +126,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, } ret = 1; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); return (ret); } @@ -132,7 +135,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = NULL; unsigned char *buf_in = NULL; int ret = -1, inl; @@ -148,7 +151,11 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, return -1; } - EVP_MD_CTX_init(&ctx); + ctx = EVP_MD_CTX_create(); + if (ctx == NULL) { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } /* Convert signature OID into digest and public key OIDs */ if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { @@ -161,7 +168,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } - ret = pkey->ameth->item_verify(&ctx, it, asn, a, signature, pkey); + ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey); /* * Return value of 2 means carry on, anything else means we exit * straight away: either a fatal error of the underlying verification @@ -185,7 +192,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } - if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { + if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ret = 0; goto err; @@ -200,7 +207,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } - ret = EVP_DigestVerifyUpdate(&ctx, buf_in, inl); + ret = EVP_DigestVerifyUpdate(ctx, buf_in, inl); OPENSSL_clear_free(buf_in, (unsigned int)inl); @@ -210,7 +217,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, } ret = -1; - if (EVP_DigestVerifyFinal(&ctx, signature->data, + if (EVP_DigestVerifyFinal(ctx, signature->data, (size_t)signature->length) <= 0) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ret = 0; @@ -218,6 +225,6 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, } ret = 1; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); return (ret); } diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c index 080db6329e..4e060f32e4 100644 --- a/crypto/cmac/cm_pmeth.c +++ b/crypto/cmac/cm_pmeth.c @@ -101,7 +101,7 @@ static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - if (!CMAC_Update(ctx->pctx->data, data, count)) + if (!CMAC_Update(EVP_MD_CTX_pkey_ctx(ctx)->data, data, count)) return 0; return 1; } @@ -109,7 +109,7 @@ static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) static int cmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) { EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); - mctx->update = int_update; + EVP_MD_CTX_set_update_fn(mctx, int_update); return 1; } diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c index e044cf519b..7aafc8dab0 100644 --- a/crypto/cms/cms_asn1.c +++ b/crypto/cms/cms_asn1.c @@ -95,8 +95,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; EVP_PKEY_free(si->pkey); X509_free(si->signer); - if (si->pctx) - EVP_MD_CTX_cleanup(&si->mctx); + EVP_MD_CTX_destroy(si->mctx); } return 1; } diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c index 426f8cd74c..dcbd5788fa 100644 --- a/crypto/cms/cms_dd.c +++ b/crypto/cms/cms_dd.c @@ -99,19 +99,23 @@ BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms) int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; int r = 0; CMS_DigestedData *dd; - EVP_MD_CTX_init(&mctx); + + if (mctx == NULL) { + CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, ERR_R_MALLOC_FAILURE); + goto err; + } dd = cms->d.digestedData; - if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm)) + if (!cms_DigestAlgorithm_find_ctx(mctx, chain, dd->digestAlgorithm)) goto err; - if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0) + if (EVP_DigestFinal_ex(mctx, md, &mdlen) <= 0) goto err; if (verify) { @@ -133,7 +137,7 @@ int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) } err: - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return r; diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h index 227356b265..3d41d4f634 100644 --- a/crypto/cms/cms_lcl.h +++ b/crypto/cms/cms_lcl.h @@ -137,7 +137,7 @@ struct CMS_SignerInfo_st { X509 *signer; EVP_PKEY *pkey; /* Digest and public key context for alternative parameters */ - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx; EVP_PKEY_CTX *pctx; }; diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 1720bcd870..46a7876d94 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -287,9 +287,14 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, si->pkey = pk; si->signer = signer; - EVP_MD_CTX_init(&si->mctx); + si->mctx = EVP_MD_CTX_create(); si->pctx = NULL; + if (si->mctx == NULL) { + CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); + goto err; + } + if (flags & CMS_USE_KEYID) { si->version = 3; if (sd->version < 3) @@ -387,7 +392,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, goto err; if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0) goto err; - } else if (EVP_DigestSignInit(&si->mctx, &si->pctx, md, NULL, pk) <= + } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <= 0) goto err; } @@ -444,7 +449,7 @@ EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si) EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si) { - return &si->mctx; + return si->mctx; } STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms) @@ -571,17 +576,21 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si) static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMS_SignerInfo *si, BIO *chain) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); int r = 0; EVP_PKEY_CTX *pctx = NULL; - EVP_MD_CTX_init(&mctx); + + if (mctx == NULL) { + CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); + return 0; + } if (!si->pkey) { CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY); return 0; } - if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) + if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) goto err; /* Set SignerInfo algortihm details if we used custom parametsr */ if (si->pctx && !cms_sd_asn1_ctrl(si, 0)) @@ -596,7 +605,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, cms->d.signedData->encapContentInfo->eContentType; unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; - if (!EVP_DigestFinal_ex(&mctx, md, &mdlen)) + if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) goto err; if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, V_ASN1_OCTET_STRING, md, mdlen)) @@ -613,7 +622,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; pctx = si->pctx; - if (!EVP_DigestFinal_ex(&mctx, md, &mdlen)) + if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) goto err; siglen = EVP_PKEY_size(si->pkey); sig = OPENSSL_malloc(siglen); @@ -634,7 +643,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); goto err; } - if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) { + if (!EVP_SignFinal(mctx, sig, &siglen, si->pkey)) { CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR); OPENSSL_free(sig); goto err; @@ -645,7 +654,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, r = 1; err: - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); EVP_PKEY_CTX_free(pctx); return r; @@ -668,7 +677,7 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) int CMS_SignerInfo_sign(CMS_SignerInfo *si) { - EVP_MD_CTX *mctx = &si->mctx; + EVP_MD_CTX *mctx = si->mctx; EVP_PKEY_CTX *pctx; unsigned char *abuf = NULL; int alen; @@ -734,7 +743,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) int CMS_SignerInfo_verify(CMS_SignerInfo *si) { - EVP_MD_CTX *mctx = &si->mctx; + EVP_MD_CTX *mctx = NULL; unsigned char *abuf = NULL; int alen, r = -1; const EVP_MD *md = NULL; @@ -747,7 +756,9 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); if (md == NULL) return -1; - EVP_MD_CTX_init(mctx); + if (si->mctx == NULL) + si->mctx = EVP_MD_CTX_create(); + mctx = si->mctx; if (EVP_DigestVerifyInit(mctx, &si->pctx, md, NULL, si->pkey) <= 0) goto err; @@ -806,12 +817,16 @@ BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms) int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) { ASN1_OCTET_STRING *os = NULL; - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); EVP_PKEY_CTX *pkctx = NULL; int r = -1; unsigned char mval[EVP_MAX_MD_SIZE]; unsigned int mlen; - EVP_MD_CTX_init(&mctx); + + if (mctx == NULL) { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, ERR_R_MALLOC_FAILURE); + goto err; + } /* If we have any signed attributes look for messageDigest value */ if (CMS_signed_get_attr_count(si) >= 0) { os = CMS_signed_get0_data_by_OBJ(si, @@ -824,10 +839,10 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) } } - if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) + if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) goto err; - if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) { + if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) { CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, CMS_R_UNABLE_TO_FINALIZE_CONTEXT); goto err; @@ -849,7 +864,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) } else r = 1; } else { - const EVP_MD *md = EVP_MD_CTX_md(&mctx); + const EVP_MD *md = EVP_MD_CTX_md(mctx); pkctx = EVP_PKEY_CTX_new(si->pkey, NULL); if (pkctx == NULL) goto err; @@ -871,7 +886,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) err: EVP_PKEY_CTX_free(pkctx); - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return r; } diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index 55979600e1..35a40bd759 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -144,7 +144,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, ASN1_OBJECT *key_oid, const unsigned char *ukm, size_t ukmlen, const EVP_MD *md) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = NULL; int rv = 0; unsigned int i; size_t mdlen; @@ -152,31 +152,33 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, int derlen; if (Zlen > DH_KDF_MAX) return 0; + mctx = EVP_MD_CTX_create(); + if (mctx == NULL) + return 0; mdlen = EVP_MD_size(md); - EVP_MD_CTX_init(&mctx); derlen = dh_sharedinfo_encode(&der, &ctr, key_oid, outlen, ukm, ukmlen); if (derlen == 0) goto err; for (i = 1;; i++) { unsigned char mtmp[EVP_MAX_MD_SIZE]; - EVP_DigestInit_ex(&mctx, md, NULL); - if (!EVP_DigestUpdate(&mctx, Z, Zlen)) + EVP_DigestInit_ex(mctx, md, NULL); + if (!EVP_DigestUpdate(mctx, Z, Zlen)) goto err; ctr[3] = i & 0xFF; ctr[2] = (i >> 8) & 0xFF; ctr[1] = (i >> 16) & 0xFF; ctr[0] = (i >> 24) & 0xFF; - if (!EVP_DigestUpdate(&mctx, der, derlen)) + if (!EVP_DigestUpdate(mctx, der, derlen)) goto err; if (outlen >= mdlen) { - if (!EVP_DigestFinal(&mctx, out, NULL)) + if (!EVP_DigestFinal(mctx, out, NULL)) goto err; outlen -= mdlen; if (outlen == 0) break; out += mdlen; } else { - if (!EVP_DigestFinal(&mctx, mtmp, NULL)) + if (!EVP_DigestFinal(mctx, mtmp, NULL)) goto err; memcpy(out, mtmp, outlen); OPENSSL_cleanse(mtmp, mdlen); @@ -186,7 +188,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, rv = 1; err: OPENSSL_free(der); - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return rv; } #endif diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 106ec3cb5f..f659d081db 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -360,10 +360,11 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, int counter = 0; int r = 0; BN_CTX *ctx = NULL; - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); unsigned int h = 2; - EVP_MD_CTX_init(&mctx); + if (mctx == NULL) + goto err; if (evpmd == NULL) { if (N == 160) @@ -374,7 +375,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, evpmd = EVP_sha256(); } - mdsize = M_EVP_MD_size(evpmd); + mdsize = EVP_MD_size(evpmd); /* If unverificable g generation only don't need seed */ if (!ret->p || !ret->q || idx >= 0) { if (seed_len == 0) @@ -582,15 +583,15 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, md[0] = idx & 0xff; md[1] = (h >> 8) & 0xff; md[2] = h & 0xff; - if (!EVP_DigestInit_ex(&mctx, evpmd, NULL)) + if (!EVP_DigestInit_ex(mctx, evpmd, NULL)) goto err; - if (!EVP_DigestUpdate(&mctx, seed_tmp, seed_len)) + if (!EVP_DigestUpdate(mctx, seed_tmp, seed_len)) goto err; - if (!EVP_DigestUpdate(&mctx, ggen, sizeof(ggen))) + if (!EVP_DigestUpdate(mctx, ggen, sizeof(ggen))) goto err; - if (!EVP_DigestUpdate(&mctx, md, 3)) + if (!EVP_DigestUpdate(mctx, md, 3)) goto err; - if (!EVP_DigestFinal_ex(&mctx, md, NULL)) + if (!EVP_DigestFinal_ex(mctx, md, NULL)) goto err; if (!BN_bin2bn(md, mdsize, test)) goto err; @@ -639,7 +640,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, BN_CTX_end(ctx); BN_CTX_free(ctx); BN_MONT_CTX_free(mont); - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return ok; } diff --git a/crypto/ecdh/ech_kdf.c b/crypto/ecdh/ech_kdf.c index 1e77c6f519..d856b7f5ed 100644 --- a/crypto/ecdh/ech_kdf.c +++ b/crypto/ecdh/ech_kdf.c @@ -64,7 +64,7 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, const unsigned char *sinfo, size_t sinfolen, const EVP_MD *md) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = NULL; int rv = 0; unsigned int i; size_t mdlen; @@ -72,30 +72,32 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX || Zlen > ECDH_KDF_MAX) return 0; + mctx = EVP_MD_CTX_create(); + if (mctx == NULL) + return 0; mdlen = EVP_MD_size(md); - EVP_MD_CTX_init(&mctx); for (i = 1;; i++) { unsigned char mtmp[EVP_MAX_MD_SIZE]; - EVP_DigestInit_ex(&mctx, md, NULL); + EVP_DigestInit_ex(mctx, md, NULL); ctr[3] = i & 0xFF; ctr[2] = (i >> 8) & 0xFF; ctr[1] = (i >> 16) & 0xFF; ctr[0] = (i >> 24) & 0xFF; - if (!EVP_DigestUpdate(&mctx, Z, Zlen)) + if (!EVP_DigestUpdate(mctx, Z, Zlen)) goto err; - if (!EVP_DigestUpdate(&mctx, ctr, sizeof(ctr))) + if (!EVP_DigestUpdate(mctx, ctr, sizeof(ctr))) goto err; - if (!EVP_DigestUpdate(&mctx, sinfo, sinfolen)) + if (!EVP_DigestUpdate(mctx, sinfo, sinfolen)) goto err; if (outlen >= mdlen) { - if (!EVP_DigestFinal(&mctx, out, NULL)) + if (!EVP_DigestFinal(mctx, out, NULL)) goto err; outlen -= mdlen; if (outlen == 0) break; out += mdlen; } else { - if (!EVP_DigestFinal(&mctx, mtmp, NULL)) + if (!EVP_DigestFinal(mctx, mtmp, NULL)) goto err; memcpy(out, mtmp, outlen); OPENSSL_cleanse(mtmp, mdlen); @@ -104,6 +106,6 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, } rv = 1; err: - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return rv; } diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 8927ee190f..3c046f28ea 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -334,7 +334,7 @@ static int test_sha1_init(EVP_MD_CTX *ctx) # ifdef TEST_ENG_OPENSSL_SHA_P_INIT fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n"); # endif - return SHA1_Init(ctx->md_data); + return SHA1_Init(EVP_MD_CTX_md_data(ctx)); } static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) @@ -342,7 +342,7 @@ static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) # ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n"); # endif - return SHA1_Update(ctx->md_data, data, count); + return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) @@ -350,7 +350,7 @@ static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) # ifdef TEST_ENG_OPENSSL_SHA_P_FINAL fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n"); # endif - return SHA1_Final(md, ctx->md_data); + return SHA1_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD test_sha_md = { diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c index 80021b662b..94310b41d3 100644 --- a/crypto/evp/m_md4.c +++ b/crypto/evp/m_md4.c @@ -71,17 +71,17 @@ static int init(EVP_MD_CTX *ctx) { - return MD4_Init(ctx->md_data); + return MD4_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return MD4_Update(ctx->md_data, data, count); + return MD4_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return MD4_Final(md, ctx->md_data); + return MD4_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD md4_md = { diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c index 4ada7d16ce..b8f7a4a41d 100644 --- a/crypto/evp/m_md5.c +++ b/crypto/evp/m_md5.c @@ -71,17 +71,17 @@ static int init(EVP_MD_CTX *ctx) { - return MD5_Init(ctx->md_data); + return MD5_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return MD5_Update(ctx->md_data, data, count); + return MD5_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return MD5_Final(md, ctx->md_data); + return MD5_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD md5_md = { diff --git a/crypto/evp/m_md5_sha1.c b/crypto/evp/m_md5_sha1.c index 22cd7ce733..dadb6c26b8 100644 --- a/crypto/evp/m_md5_sha1.c +++ b/crypto/evp/m_md5_sha1.c @@ -71,7 +71,7 @@ struct md5_sha1_ctx { static int init(EVP_MD_CTX *ctx) { - struct md5_sha1_ctx *mctx = ctx->md_data; + struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); if (!MD5_Init(&mctx->md5)) return 0; return SHA1_Init(&mctx->sha1); @@ -79,7 +79,7 @@ static int init(EVP_MD_CTX *ctx) static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - struct md5_sha1_ctx *mctx = ctx->md_data; + struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); if (!MD5_Update(&mctx->md5, data, count)) return 0; return SHA1_Update(&mctx->sha1, data, count); @@ -87,7 +87,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t count) static int final(EVP_MD_CTX *ctx, unsigned char *md) { - struct md5_sha1_ctx *mctx = ctx->md_data; + struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); if (!MD5_Final(md, &mctx->md5)) return 0; return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1); @@ -98,7 +98,7 @@ static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) unsigned char padtmp[48]; unsigned char md5tmp[MD5_DIGEST_LENGTH]; unsigned char sha1tmp[SHA_DIGEST_LENGTH]; - struct md5_sha1_ctx *mctx = ctx->md_data; + struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); if (cmd != EVP_CTRL_SSL3_MASTER_SECRET) return 0; diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c index ffd1b0effa..8184cbc56a 100644 --- a/crypto/evp/m_mdc2.c +++ b/crypto/evp/m_mdc2.c @@ -71,17 +71,17 @@ static int init(EVP_MD_CTX *ctx) { - return MDC2_Init(ctx->md_data); + return MDC2_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return MDC2_Update(ctx->md_data, data, count); + return MDC2_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return MDC2_Final(md, ctx->md_data); + return MDC2_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD mdc2_md = { diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c index f1c745c03e..a8a35af434 100644 --- a/crypto/evp/m_ripemd.c +++ b/crypto/evp/m_ripemd.c @@ -71,17 +71,17 @@ static int init(EVP_MD_CTX *ctx) { - return RIPEMD160_Init(ctx->md_data); + return RIPEMD160_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return RIPEMD160_Update(ctx->md_data, data, count); + return RIPEMD160_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return RIPEMD160_Final(md, ctx->md_data); + return RIPEMD160_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD ripemd160_md = { diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index c913cae86c..c40849bd52 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -68,17 +68,17 @@ static int init(EVP_MD_CTX *ctx) { - return SHA1_Init(ctx->md_data); + return SHA1_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return SHA1_Update(ctx->md_data, data, count); + return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return SHA1_Final(md, ctx->md_data); + return SHA1_Final(md, EVP_MD_CTX_md_data(ctx)); } static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) @@ -86,7 +86,7 @@ static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) unsigned char padtmp[40]; unsigned char sha1tmp[SHA_DIGEST_LENGTH]; - SHA_CTX *sha1 = ctx->md_data; + SHA_CTX *sha1 = EVP_MD_CTX_md_data(ctx); if (cmd != EVP_CTRL_SSL3_MASTER_SECRET) return 0; @@ -157,12 +157,12 @@ const EVP_MD *EVP_sha1(void) static int init224(EVP_MD_CTX *ctx) { - return SHA224_Init(ctx->md_data); + return SHA224_Init(EVP_MD_CTX_md_data(ctx)); } static int init256(EVP_MD_CTX *ctx) { - return SHA256_Init(ctx->md_data); + return SHA256_Init(EVP_MD_CTX_md_data(ctx)); } /* @@ -172,12 +172,12 @@ static int init256(EVP_MD_CTX *ctx) */ static int update256(EVP_MD_CTX *ctx, const void *data, size_t count) { - return SHA256_Update(ctx->md_data, data, count); + return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final256(EVP_MD_CTX *ctx, unsigned char *md) { - return SHA256_Final(md, ctx->md_data); + return SHA256_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD sha224_md = { @@ -220,23 +220,23 @@ const EVP_MD *EVP_sha256(void) static int init384(EVP_MD_CTX *ctx) { - return SHA384_Init(ctx->md_data); + return SHA384_Init(EVP_MD_CTX_md_data(ctx)); } static int init512(EVP_MD_CTX *ctx) { - return SHA512_Init(ctx->md_data); + return SHA512_Init(EVP_MD_CTX_md_data(ctx)); } /* See comment in SHA224/256 section */ static int update512(EVP_MD_CTX *ctx, const void *data, size_t count) { - return SHA512_Update(ctx->md_data, data, count); + return SHA512_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final512(EVP_MD_CTX *ctx, unsigned char *md) { - return SHA512_Final(md, ctx->md_data); + return SHA512_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD sha384_md = { diff --git a/crypto/evp/m_wp.c b/crypto/evp/m_wp.c index 9ab3c62fe9..47c4ceb2cf 100644 --- a/crypto/evp/m_wp.c +++ b/crypto/evp/m_wp.c @@ -12,17 +12,17 @@ static int init(EVP_MD_CTX *ctx) { - return WHIRLPOOL_Init(ctx->md_data); + return WHIRLPOOL_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return WHIRLPOOL_Update(ctx->md_data, data, count); + return WHIRLPOOL_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return WHIRLPOOL_Final(md, ctx->md_data); + return WHIRLPOOL_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD whirlpool_md = { diff --git a/crypto/pem/pem_seal.c b/crypto/pem/pem_seal.c index e8ea1b0a13..5d9c5975fe 100644 --- a/crypto/pem/pem_seal.c +++ b/crypto/pem/pem_seal.c @@ -93,8 +93,8 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, EVP_EncodeInit(&ctx->encode); - EVP_MD_CTX_init(&ctx->md); - if (!EVP_SignInit(&ctx->md, md_type)) + ctx->md = EVP_MD_CTX_create(); + if (!EVP_SignInit(ctx->md, md_type)) goto err; EVP_CIPHER_CTX_init(&ctx->cipher); @@ -124,7 +124,7 @@ int PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, int i, j; *outl = 0; - if (!EVP_SignUpdate(&ctx->md, in, inl)) + if (!EVP_SignUpdate(ctx->md, in, inl)) return 0; for (;;) { if (inl <= 0) @@ -172,13 +172,13 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, EVP_EncodeFinal(&ctx->encode, out, &j); *outl += j; - if (!EVP_SignFinal(&ctx->md, s, &i, priv)) + if (!EVP_SignFinal(ctx->md, s, &i, priv)) goto err; *sigl = EVP_EncodeBlock(sig, s, i); ret = 1; err: - EVP_MD_CTX_cleanup(&ctx->md); + EVP_MD_CTX_destroy(ctx->md); EVP_CIPHER_CTX_cleanup(&ctx->cipher); OPENSSL_free(s); return (ret); diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 50f19f3068..f062728932 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -650,16 +650,16 @@ static int derive_pvk_key(unsigned char *key, const unsigned char *salt, unsigned int saltlen, const unsigned char *pass, int passlen) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_create();; int rv = 1; - EVP_MD_CTX_init(&mctx); - if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL) - || !EVP_DigestUpdate(&mctx, salt, saltlen) - || !EVP_DigestUpdate(&mctx, pass, passlen) - || !EVP_DigestFinal_ex(&mctx, key, NULL)) + if (mctx == NULL + || !EVP_DigestInit_ex(mctx, EVP_sha1(), NULL) + || !EVP_DigestUpdate(mctx, salt, saltlen) + || !EVP_DigestUpdate(mctx, pass, passlen) + || !EVP_DigestFinal_ex(mctx, key, NULL)) rv = 0; - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return rv; } diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c index fe378d765f..a561d16198 100644 --- a/crypto/pkcs12/p12_key.c +++ b/crypto/pkcs12/p12_key.c @@ -109,13 +109,16 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int i, j, u, v; int ret = 0; BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx; #ifdef DEBUG_KEYGEN unsigned char *tmpout = out; int tmpn = n; #endif - EVP_MD_CTX_init(&ctx); + ctx = EVP_MD_CTX_create(); + if (ctx == NULL) + goto err; + #ifdef DEBUG_KEYGEN fprintf(stderr, "KEYGEN DEBUG\n"); fprintf(stderr, "ID %d, ITER %d\n", id, iter); @@ -151,15 +154,15 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, for (i = 0; i < Plen; i++) *p++ = pass[i % passlen]; for (;;) { - if (!EVP_DigestInit_ex(&ctx, md_type, NULL) - || !EVP_DigestUpdate(&ctx, D, v) - || !EVP_DigestUpdate(&ctx, I, Ilen) - || !EVP_DigestFinal_ex(&ctx, Ai, NULL)) + if (!EVP_DigestInit_ex(ctx, md_type, NULL) + || !EVP_DigestUpdate(ctx, D, v) + || !EVP_DigestUpdate(ctx, I, Ilen) + || !EVP_DigestFinal_ex(ctx, Ai, NULL)) goto err; for (j = 1; j < iter; j++) { - if (!EVP_DigestInit_ex(&ctx, md_type, NULL) - || !EVP_DigestUpdate(&ctx, Ai, u) - || !EVP_DigestFinal_ex(&ctx, Ai, NULL)) + if (!EVP_DigestInit_ex(ctx, md_type, NULL) + || !EVP_DigestUpdate(ctx, Ai, u) + || !EVP_DigestFinal_ex(ctx, Ai, NULL)) goto err; } memcpy(out, Ai, min(n, u)); @@ -215,7 +218,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, OPENSSL_free(I); BN_free(Ij); BN_free(Bpl1); - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); return ret; } diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index df8329419d..c5ac2fac90 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -692,7 +692,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) int i, j; BIO *btmp; PKCS7_SIGNER_INFO *si; - EVP_MD_CTX *mdc, ctx_tmp; + EVP_MD_CTX *mdc, *ctx_tmp; STACK_OF(X509_ATTRIBUTE) *sk; STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL; ASN1_OCTET_STRING *os = NULL; @@ -707,7 +707,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) return 0; } - EVP_MD_CTX_init(&ctx_tmp); + ctx_tmp = EVP_MD_CTX_create(); + if (ctx_tmp == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); + return 0; + } + i = OBJ_obj2nid(p7->type); p7->state = PKCS7_S_HEADER; @@ -784,7 +789,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* * We now have the EVP_MD_CTX, lets do the signing. */ - if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc)) + if (!EVP_MD_CTX_copy_ex(ctx_tmp, mdc)) goto err; sk = si->auth_attr; @@ -794,7 +799,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) * sign the attributes */ if (sk_X509_ATTRIBUTE_num(sk) > 0) { - if (!do_pkcs7_signed_attrib(si, &ctx_tmp)) + if (!do_pkcs7_signed_attrib(si, ctx_tmp)) goto err; } else { unsigned char *abuf = NULL; @@ -804,7 +809,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) if (abuf == NULL) goto err; - if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, si->pkey)) { + if (!EVP_SignFinal(ctx_tmp, abuf, &abuflen, si->pkey)) { PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB); goto err; } @@ -849,13 +854,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) } ret = 1; err: - EVP_MD_CTX_cleanup(&ctx_tmp); + EVP_MD_CTX_destroy(ctx_tmp); return (ret); } int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx; EVP_PKEY_CTX *pctx; unsigned char *abuf = NULL; int alen; @@ -866,8 +871,13 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) if (md == NULL) return 0; - EVP_MD_CTX_init(&mctx); - if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) + mctx = EVP_MD_CTX_create(); + if (mctx == NULL) { + PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0) goto err; if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, @@ -880,16 +890,16 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); if (!abuf) goto err; - if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0) + if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) goto err; OPENSSL_free(abuf); abuf = NULL; - if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) + if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) goto err; abuf = OPENSSL_malloc(siglen); if (abuf == NULL) goto err; - if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) + if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) goto err; if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, @@ -898,7 +908,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) goto err; } - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); ASN1_STRING_set0(si->enc_digest, abuf, siglen); @@ -906,7 +916,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) err: OPENSSL_free(abuf); - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return 0; } @@ -972,14 +982,18 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509) { ASN1_OCTET_STRING *os; - EVP_MD_CTX mdc_tmp, *mdc; + EVP_MD_CTX *mdc_tmp, *mdc; int ret = 0, i; int md_type; STACK_OF(X509_ATTRIBUTE) *sk; BIO *btmp; EVP_PKEY *pkey; - EVP_MD_CTX_init(&mdc_tmp); + mdc_tmp = EVP_MD_CTX_create(); + if (mdc_tmp == NULL) { + PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) { PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE); @@ -1016,7 +1030,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, * mdc is the digest ctx that we want, unless there are attributes, in * which case the digest is the signed attributes */ - if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc)) + if (!EVP_MD_CTX_copy_ex(mdc_tmp, mdc)) goto err; sk = si->auth_attr; @@ -1026,7 +1040,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, int alen; ASN1_OCTET_STRING *message_digest; - if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len)) + if (!EVP_DigestFinal_ex(mdc_tmp, md_dat, &md_len)) goto err; message_digest = PKCS7_digest_from_attributes(sk); if (!message_digest) { @@ -1041,7 +1055,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, goto err; } - if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), NULL)) + if (!EVP_VerifyInit_ex(mdc_tmp, EVP_get_digestbynid(md_type), NULL)) goto err; alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, @@ -1051,7 +1065,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, ret = -1; goto err; } - if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen)) + if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen)) goto err; OPENSSL_free(abuf); @@ -1064,7 +1078,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, goto err; } - i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey); + i = EVP_VerifyFinal(mdc_tmp, os->data, os->length, pkey); EVP_PKEY_free(pkey); if (i <= 0) { PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE); @@ -1073,7 +1087,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, } ret = 1; err: - EVP_MD_CTX_cleanup(&mdc_tmp); + EVP_MD_CTX_destroy(mdc_tmp); return (ret); } diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index 698a63892e..ec42fc29f0 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -212,7 +212,7 @@ static int rand_add(const void *buf, int num, double add) int i, j, k, st_idx; long md_c[2]; unsigned char local_md[MD_DIGEST_LENGTH]; - EVP_MD_CTX m; + EVP_MD_CTX *m; int do_not_lock; int rv = 0; @@ -234,7 +234,10 @@ static int rand_add(const void *buf, int num, double add) * hash function. */ - EVP_MD_CTX_init(&m); + m = EVP_MD_CTX_create(); + if (m == NULL) + goto err; + /* check if we already have the lock */ if (crypto_lock_rand) { CRYPTO_THREADID cur; @@ -284,21 +287,21 @@ static int rand_add(const void *buf, int num, double add) j = (num - i); j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j; - if (!MD_Init(&m)) + if (!MD_Init(m)) goto err; - if (!MD_Update(&m, local_md, MD_DIGEST_LENGTH)) + if (!MD_Update(m, local_md, MD_DIGEST_LENGTH)) goto err; k = (st_idx + j) - STATE_SIZE; if (k > 0) { - if (!MD_Update(&m, &(state[st_idx]), j - k)) + if (!MD_Update(m, &(state[st_idx]), j - k)) goto err; - if (!MD_Update(&m, &(state[0]), k)) + if (!MD_Update(m, &(state[0]), k)) goto err; - } else if (!MD_Update(&m, &(state[st_idx]), j)) + } else if (!MD_Update(m, &(state[st_idx]), j)) goto err; /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ - if (!MD_Update(&m, buf, j)) + if (!MD_Update(m, buf, j)) goto err; /* * We know that line may cause programs such as purify and valgrind @@ -308,9 +311,9 @@ static int rand_add(const void *buf, int num, double add) * insecure keys. */ - if (!MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c))) + if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c))) goto err; - if (!MD_Final(&m, local_md)) + if (!MD_Final(m, local_md)) goto err; md_c[1]++; @@ -352,7 +355,7 @@ static int rand_add(const void *buf, int num, double add) #endif rv = 1; err: - EVP_MD_CTX_cleanup(&m); + EVP_MD_CTX_destroy(m); return rv; } @@ -369,7 +372,7 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) int ok; long md_c[2]; unsigned char local_md[MD_DIGEST_LENGTH]; - EVP_MD_CTX m; + EVP_MD_CTX *m; #ifndef GETPID_IS_MEANINGLESS pid_t curr_pid = getpid(); #endif @@ -409,7 +412,10 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) if (num <= 0) return 1; - EVP_MD_CTX_init(&m); + m = EVP_MD_CTX_create(); + if (m == NULL) + goto err_mem; + /* round upwards to multiple of MD_DIGEST_LENGTH/2 */ num_ceil = (1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2); @@ -523,26 +529,26 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) /* num_ceil -= MD_DIGEST_LENGTH/2 */ j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num; num -= j; - if (!MD_Init(&m)) + if (!MD_Init(m)) goto err; #ifndef GETPID_IS_MEANINGLESS if (curr_pid) { /* just in the first iteration to save time */ - if (!MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid)) + if (!MD_Update(m, (unsigned char *)&curr_pid, sizeof curr_pid)) goto err; curr_pid = 0; } #endif if (curr_time) { /* just in the first iteration to save time */ - if (!MD_Update(&m, (unsigned char *)&curr_time, sizeof curr_time)) + if (!MD_Update(m, (unsigned char *)&curr_time, sizeof curr_time)) goto err; - if (!MD_Update(&m, (unsigned char *)&tv, sizeof tv)) + if (!MD_Update(m, (unsigned char *)&tv, sizeof tv)) goto err; curr_time = 0; - rand_hw_seed(&m); + rand_hw_seed(m); } - if (!MD_Update(&m, local_md, MD_DIGEST_LENGTH)) + if (!MD_Update(m, local_md, MD_DIGEST_LENGTH)) goto err; - if (!MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c))) + if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c))) goto err; #ifndef PURIFY /* purify complains */ @@ -553,19 +559,19 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) * builds it is not used: the removal of such a small source of * entropy has negligible impact on security. */ - if (!MD_Update(&m, buf, j)) + if (!MD_Update(m, buf, j)) goto err; #endif k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num; if (k > 0) { - if (!MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k)) + if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k)) goto err; - if (!MD_Update(&m, &(state[0]), k)) + if (!MD_Update(m, &(state[0]), k)) goto err; - } else if (!MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2)) + } else if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2)) goto err; - if (!MD_Final(&m, local_md)) + if (!MD_Final(m, local_md)) goto err; for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) { @@ -578,23 +584,23 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) } } - if (!MD_Init(&m) - || !MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)) - || !MD_Update(&m, local_md, MD_DIGEST_LENGTH)) + if (!MD_Init(m) + || !MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)) + || !MD_Update(m, local_md, MD_DIGEST_LENGTH)) goto err; CRYPTO_w_lock(CRYPTO_LOCK_RAND); /* * Prevent deadlocks if we end up in an async engine */ ASYNC_block_pause(); - if (!MD_Update(&m, md, MD_DIGEST_LENGTH) || !MD_Final(&m, md)) { + if (!MD_Update(m, md, MD_DIGEST_LENGTH) || !MD_Final(m, md)) { CRYPTO_w_unlock(CRYPTO_LOCK_RAND); goto err; } ASYNC_unblock_pause(); CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - EVP_MD_CTX_cleanup(&m); + EVP_MD_CTX_destroy(m); if (ok) return (1); else if (pseudo) @@ -606,8 +612,12 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) return (0); } err: - EVP_MD_CTX_cleanup(&m); RANDerr(RAND_F_RAND_BYTES, ERR_R_EVP_LIB); + EVP_MD_CTX_destroy(m); + return 0; + err_mem: + RANDerr(RAND_F_RAND_BYTES, ERR_R_MALLOC_FAILURE); + EVP_MD_CTX_destroy(m); return 0; } diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index bae43f23bf..68b268ecb7 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -729,7 +729,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, ASN1_BIT_STRING *sig) { int pad_mode; - EVP_PKEY_CTX *pkctx = ctx->pctx; + EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx); if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) return 0; if (pad_mode == RSA_PKCS1_PADDING) diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index ff551f220c..0f742f9969 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -242,13 +242,14 @@ int PKCS1_MGF1(unsigned char *mask, long len, { long i, outlen = 0; unsigned char cnt[4]; - EVP_MD_CTX c; + EVP_MD_CTX *c = EVP_MD_CTX_create(); unsigned char md[EVP_MAX_MD_SIZE]; int mdlen; int rv = -1; - EVP_MD_CTX_init(&c); - mdlen = M_EVP_MD_size(dgst); + if (c == NULL) + goto err; + mdlen = EVP_MD_size(dgst); if (mdlen < 0) goto err; for (i = 0; outlen < len; i++) { @@ -256,16 +257,16 @@ int PKCS1_MGF1(unsigned char *mask, long len, cnt[1] = (unsigned char)((i >> 16) & 255); cnt[2] = (unsigned char)((i >> 8)) & 255; cnt[3] = (unsigned char)(i & 255); - if (!EVP_DigestInit_ex(&c, dgst, NULL) - || !EVP_DigestUpdate(&c, seed, seedlen) - || !EVP_DigestUpdate(&c, cnt, 4)) + if (!EVP_DigestInit_ex(c, dgst, NULL) + || !EVP_DigestUpdate(c, seed, seedlen) + || !EVP_DigestUpdate(c, cnt, 4)) goto err; if (outlen + mdlen <= len) { - if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL)) + if (!EVP_DigestFinal_ex(c, mask + outlen, NULL)) goto err; outlen += mdlen; } else { - if (!EVP_DigestFinal_ex(&c, md, NULL)) + if (!EVP_DigestFinal_ex(c, md, NULL)) goto err; memcpy(mask + outlen, md, len - outlen); outlen = len; @@ -273,6 +274,6 @@ int PKCS1_MGF1(unsigned char *mask, long len, } rv = 0; err: - EVP_MD_CTX_cleanup(&c); + EVP_MD_CTX_destroy(c); return rv; } diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index 95bf6b0d8c..0a41ae99b1 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -88,14 +88,17 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, int hLen, maskedDBLen, MSBits, emLen; const unsigned char *H; unsigned char *DB = NULL; - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); unsigned char H_[EVP_MAX_MD_SIZE]; - EVP_MD_CTX_init(&ctx); + + + if (ctx == NULL) + goto err; if (mgf1Hash == NULL) mgf1Hash = Hash; - hLen = M_EVP_MD_size(Hash); + hLen = EVP_MD_size(Hash); if (hLen < 0) goto err; /*- @@ -153,15 +156,15 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED); goto err; } - if (!EVP_DigestInit_ex(&ctx, Hash, NULL) - || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) - || !EVP_DigestUpdate(&ctx, mHash, hLen)) + if (!EVP_DigestInit_ex(ctx, Hash, NULL) + || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes) + || !EVP_DigestUpdate(ctx, mHash, hLen)) goto err; if (maskedDBLen - i) { - if (!EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i)) + if (!EVP_DigestUpdate(ctx, DB + i, maskedDBLen - i)) goto err; } - if (!EVP_DigestFinal_ex(&ctx, H_, NULL)) + if (!EVP_DigestFinal_ex(ctx, H_, NULL)) goto err; if (memcmp(H_, H, hLen)) { RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE); @@ -171,7 +174,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, err: OPENSSL_free(DB); - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); return ret; @@ -193,12 +196,12 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, int ret = 0; int hLen, maskedDBLen, MSBits, emLen; unsigned char *H, *salt = NULL, *p; - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = NULL; if (mgf1Hash == NULL) mgf1Hash = Hash; - hLen = M_EVP_MD_size(Hash); + hLen = EVP_MD_size(Hash); if (hLen < 0) goto err; /*- @@ -241,16 +244,17 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, } maskedDBLen = emLen - hLen - 1; H = EM + maskedDBLen; - EVP_MD_CTX_init(&ctx); - if (!EVP_DigestInit_ex(&ctx, Hash, NULL) - || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) - || !EVP_DigestUpdate(&ctx, mHash, hLen)) + ctx = EVP_MD_CTX_create(); + if (ctx == NULL) + goto err; + if (!EVP_DigestInit_ex(ctx, Hash, NULL) + || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes) + || !EVP_DigestUpdate(ctx, mHash, hLen)) goto err; - if (sLen && !EVP_DigestUpdate(&ctx, salt, sLen)) + if (sLen && !EVP_DigestUpdate(ctx, salt, sLen)) goto err; - if (!EVP_DigestFinal_ex(&ctx, H, NULL)) + if (!EVP_DigestFinal_ex(ctx, H, NULL)) goto err; - EVP_MD_CTX_cleanup(&ctx); /* Generate dbMask in place then perform XOR on it */ if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash)) @@ -278,6 +282,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, ret = 1; err: + EVP_MD_CTX_destroy(ctx); OPENSSL_free(salt); return ret; diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c index 850ec2ce64..649d2b5a66 100644 --- a/crypto/srp/srp_lib.c +++ b/crypto/srp/srp_lib.c @@ -70,31 +70,36 @@ static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g) unsigned char digest[SHA_DIGEST_LENGTH]; unsigned char *tmp; - EVP_MD_CTX ctxt; + EVP_MD_CTX *ctxt = NULL; int longg; int longN = BN_num_bytes(N); + BIGNUM *res = NULL; if (BN_ucmp(g, N) >= 0) return NULL; - if ((tmp = OPENSSL_malloc(longN)) == NULL) + ctxt = EVP_MD_CTX_create(); + if (ctxt == NULL) return NULL; + if ((tmp = OPENSSL_malloc(longN)) == NULL) + goto err; BN_bn2bin(N, tmp); - EVP_MD_CTX_init(&ctxt); - EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); - EVP_DigestUpdate(&ctxt, tmp, longN); + EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL); + EVP_DigestUpdate(ctxt, tmp, longN); memset(tmp, 0, longN); longg = BN_bn2bin(g, tmp); /* use the zeros behind to pad on left */ - EVP_DigestUpdate(&ctxt, tmp + longg, longN - longg); - EVP_DigestUpdate(&ctxt, tmp, longg); + EVP_DigestUpdate(ctxt, tmp + longg, longN - longg); + EVP_DigestUpdate(ctxt, tmp, longg); OPENSSL_free(tmp); - EVP_DigestFinal_ex(&ctxt, digest, NULL); - EVP_MD_CTX_cleanup(&ctxt); - return BN_bin2bn(digest, sizeof(digest), NULL); + EVP_DigestFinal_ex(ctxt, digest, NULL); + res = BN_bin2bn(digest, sizeof(digest), NULL); + err: + EVP_MD_CTX_destroy(ctxt); + return res; } BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) @@ -104,7 +109,7 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) BIGNUM *u; unsigned char cu[SHA_DIGEST_LENGTH]; unsigned char *cAB; - EVP_MD_CTX ctxt; + EVP_MD_CTX *ctxt = NULL; int longN; if ((A == NULL) || (B == NULL) || (N == NULL)) return NULL; @@ -114,25 +119,30 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) longN = BN_num_bytes(N); - if ((cAB = OPENSSL_malloc(2 * longN)) == NULL) + ctxt = EVP_MD_CTX_create(); + if (ctxt == NULL) return NULL; + if ((cAB = OPENSSL_malloc(2 * longN)) == NULL) + goto err; memset(cAB, 0, longN); - EVP_MD_CTX_init(&ctxt); - EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); - EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(A, cAB + longN), longN); - EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(B, cAB + longN), longN); + EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL); + EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(A, cAB + longN), longN); + EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(B, cAB + longN), longN); OPENSSL_free(cAB); - EVP_DigestFinal_ex(&ctxt, cu, NULL); - EVP_MD_CTX_cleanup(&ctxt); + EVP_DigestFinal_ex(ctxt, cu, NULL); if ((u = BN_bin2bn(cu, sizeof(cu), NULL)) == NULL) - return NULL; - if (!BN_is_zero(u)) - return u; - BN_free(u); - return NULL; + goto err; + if (BN_is_zero(u)) { + BN_free(u); + u = NULL; + } + err: + EVP_MD_CTX_destroy(ctxt); + + return u; } BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, @@ -196,31 +206,36 @@ BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v) BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass) { unsigned char dig[SHA_DIGEST_LENGTH]; - EVP_MD_CTX ctxt; + EVP_MD_CTX *ctxt; unsigned char *cs; + BIGNUM *res = NULL; if ((s == NULL) || (user == NULL) || (pass == NULL)) return NULL; - if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL) + ctxt = EVP_MD_CTX_create(); + if (ctxt == NULL) return NULL; + if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL) + goto err; - EVP_MD_CTX_init(&ctxt); - EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); - EVP_DigestUpdate(&ctxt, user, strlen(user)); - EVP_DigestUpdate(&ctxt, ":", 1); - EVP_DigestUpdate(&ctxt, pass, strlen(pass)); - EVP_DigestFinal_ex(&ctxt, dig, NULL); + EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL); + EVP_DigestUpdate(ctxt, user, strlen(user)); + EVP_DigestUpdate(ctxt, ":", 1); + EVP_DigestUpdate(ctxt, pass, strlen(pass)); + EVP_DigestFinal_ex(ctxt, dig, NULL); - EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); + EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL); BN_bn2bin(s, cs); - EVP_DigestUpdate(&ctxt, cs, BN_num_bytes(s)); + EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s)); OPENSSL_free(cs); - EVP_DigestUpdate(&ctxt, dig, sizeof(dig)); - EVP_DigestFinal_ex(&ctxt, dig, NULL); - EVP_MD_CTX_cleanup(&ctxt); + EVP_DigestUpdate(ctxt, dig, sizeof(dig)); + EVP_DigestFinal_ex(ctxt, dig, NULL); - return BN_bin2bn(dig, sizeof(dig), NULL); + res = BN_bin2bn(dig, sizeof(dig), NULL); + err: + EVP_MD_CTX_destroy(ctxt); + return res; } BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g) diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index b271c9904c..24fe437e9b 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -474,7 +474,7 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) SRP_user_pwd *user; unsigned char digv[SHA_DIGEST_LENGTH]; unsigned char digs[SHA_DIGEST_LENGTH]; - EVP_MD_CTX ctxt; + EVP_MD_CTX *ctxt = NULL; if (vb == NULL) return NULL; @@ -499,18 +499,20 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0) goto err; - EVP_MD_CTX_init(&ctxt); - EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); - EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key)); - EVP_DigestUpdate(&ctxt, username, strlen(username)); - EVP_DigestFinal_ex(&ctxt, digs, NULL); - EVP_MD_CTX_cleanup(&ctxt); - if (SRP_user_pwd_set_sv_BN - (user, BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL), - BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL))) + ctxt = EVP_MD_CTX_create(); + EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL); + EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key)); + EVP_DigestUpdate(ctxt, username, strlen(username)); + EVP_DigestFinal_ex(ctxt, digs, NULL); + EVP_MD_CTX_destroy(ctxt); + ctxt = NULL; + if (SRP_user_pwd_set_sv_BN(user, + BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL), + BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL))) return user; err: + EVP_MD_CTX_destroy(ctxt); SRP_user_pwd_free(user); return NULL; } diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 5a69a94807..24c81ee241 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -529,7 +529,7 @@ static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info, TS_MSG_IMPRINT *msg_imprint = tst_info->msg_imprint; X509_ALGOR *md_alg_resp = msg_imprint->hash_algo; const EVP_MD *md; - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx = NULL; unsigned char buffer[4096]; int length; @@ -551,17 +551,24 @@ static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info, goto err; } - if (!EVP_DigestInit(&md_ctx, md)) + md_ctx = EVP_MD_CTX_create(); + if (md_ctx == NULL) { + TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!EVP_DigestInit(md_ctx, md)) goto err; while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) { - if (!EVP_DigestUpdate(&md_ctx, buffer, length)) + if (!EVP_DigestUpdate(md_ctx, buffer, length)) goto err; } - if (!EVP_DigestFinal(&md_ctx, *imprint, NULL)) + if (!EVP_DigestFinal(md_ctx, *imprint, NULL)) goto err; + EVP_MD_CTX_destroy(md_ctx); return 1; err: + EVP_MD_CTX_destroy(md_ctx); X509_ALGOR_free(*md_alg); OPENSSL_free(*imprint); *imprint_len = 0; diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 4017545b64..8ea70ace66 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -82,28 +82,29 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) unsigned long X509_issuer_and_serial_hash(X509 *a) { unsigned long ret = 0; - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); unsigned char md[16]; char *f; - EVP_MD_CTX_init(&ctx); + if (ctx == NULL) + goto err; f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0); - if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) + if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) goto err; - if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f))) + if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f))) goto err; OPENSSL_free(f); if (!EVP_DigestUpdate - (&ctx, (unsigned char *)a->cert_info.serialNumber.data, + (ctx, (unsigned char *)a->cert_info.serialNumber.data, (unsigned long)a->cert_info.serialNumber.length)) goto err; - if (!EVP_DigestFinal_ex(&ctx, &(md[0]), NULL)) + if (!EVP_DigestFinal_ex(ctx, &(md[0]), NULL)) goto err; ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) ) & 0xffffffffL; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); return (ret); } #endif @@ -248,21 +249,23 @@ unsigned long X509_NAME_hash(X509_NAME *x) unsigned long X509_NAME_hash_old(X509_NAME *x) { - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx = EVP_MD_CTX_create(); unsigned long ret = 0; unsigned char md[16]; + if (md_ctx == NULL) + return ret; + /* Make sure X509_NAME structure contains valid cached encoding */ i2d_X509_NAME(x, NULL); - EVP_MD_CTX_init(&md_ctx); - EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) - && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) - && EVP_DigestFinal_ex(&md_ctx, md, NULL)) + EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + if (EVP_DigestInit_ex(md_ctx, EVP_md5(), NULL) + && EVP_DigestUpdate(md_ctx, x->bytes->data, x->bytes->length) + && EVP_DigestFinal_ex(md_ctx, md, NULL)) ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) ) & 0xffffffffL; - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_destroy(md_ctx); return (ret); } diff --git a/engines/ccgost/gost_crypt.c b/engines/ccgost/gost_crypt.c index fb066d9534..9483fa3b64 100644 --- a/engines/ccgost/gost_crypt.c +++ b/engines/ccgost/gost_crypt.c @@ -500,7 +500,7 @@ int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) int gost_imit_init_cpa(EVP_MD_CTX *ctx) { - struct ossl_gost_imit_ctx *c = ctx->md_data; + struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx); memset(c->buffer, 0, sizeof(c->buffer)); memset(c->partial_block, 0, sizeof(c->partial_block)); c->count = 0; @@ -529,7 +529,7 @@ static void mac_block_mesh(struct ossl_gost_imit_ctx *c, int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - struct ossl_gost_imit_ctx *c = ctx->md_data; + struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx); const unsigned char *p = data; size_t bytes = count, i; if (!(c->key_set)) { @@ -561,7 +561,7 @@ int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count) int gost_imit_final(EVP_MD_CTX *ctx, unsigned char *md) { - struct ossl_gost_imit_ctx *c = ctx->md_data; + struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx); if (!c->key_set) { GOSTerr(GOST_F_GOST_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET); return 0; @@ -595,9 +595,9 @@ int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr) return 0; } - gost_key(&(((struct ossl_gost_imit_ctx *)(ctx->md_data))->cctx), + gost_key(&(((struct ossl_gost_imit_ctx *)(EVP_MD_CTX_md_data(ctx)))->cctx), ptr); - ((struct ossl_gost_imit_ctx *)(ctx->md_data))->key_set = 1; + ((struct ossl_gost_imit_ctx *)(EVP_MD_CTX_md_data(ctx)))->key_set = 1; return 1; } @@ -608,13 +608,14 @@ int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr) int gost_imit_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) { - memcpy(to->md_data, from->md_data, sizeof(struct ossl_gost_imit_ctx)); + memcpy(EVP_MD_CTX_md_data(to), EVP_MD_CTX_md_data(from), + sizeof(struct ossl_gost_imit_ctx)); return 1; } /* Clean up imit ctx */ int gost_imit_cleanup(EVP_MD_CTX *ctx) { - memset(ctx->md_data, 0, sizeof(struct ossl_gost_imit_ctx)); + memset(EVP_MD_CTX_md_data(ctx), 0, sizeof(struct ossl_gost_imit_ctx)); return 1; } diff --git a/engines/ccgost/gost_md.c b/engines/ccgost/gost_md.c index 6c96a1bd24..7b780772b2 100644 --- a/engines/ccgost/gost_md.c +++ b/engines/ccgost/gost_md.c @@ -36,7 +36,7 @@ EVP_MD digest_gost = { int gost_digest_init(EVP_MD_CTX *ctx) { - struct ossl_gost_digest_ctx *c = ctx->md_data; + struct ossl_gost_digest_ctx *c = EVP_MD_CTX_md_data(ctx); memset(&(c->dctx), 0, sizeof(gost_hash_ctx)); gost_init(&(c->cctx), &GostR3411_94_CryptoProParamSet); c->dctx.cipher_ctx = &(c->cctx); @@ -45,20 +45,20 @@ int gost_digest_init(EVP_MD_CTX *ctx) int gost_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return hash_block((gost_hash_ctx *) ctx->md_data, data, count); + return hash_block((gost_hash_ctx *) EVP_MD_CTX_md_data(ctx), data, count); } int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md) { - return finish_hash((gost_hash_ctx *) ctx->md_data, md); + return finish_hash((gost_hash_ctx *) EVP_MD_CTX_md_data(ctx), md); } int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) { - struct ossl_gost_digest_ctx *md_ctx = to->md_data; - if (to->md_data && from->md_data) { - memcpy(to->md_data, from->md_data, + struct ossl_gost_digest_ctx *md_ctx = EVP_MD_CTX_md_data(to); + if (EVP_MD_CTX_md_data(to) && EVP_MD_CTX_md_data(from)) { + memcpy(EVP_MD_CTX_md_data(to), EVP_MD_CTX_md_data(from), sizeof(struct ossl_gost_digest_ctx)); md_ctx->dctx.cipher_ctx = &(md_ctx->cctx); } @@ -67,7 +67,7 @@ int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) int gost_digest_cleanup(EVP_MD_CTX *ctx) { - if (ctx->md_data) - memset(ctx->md_data, 0, sizeof(struct ossl_gost_digest_ctx)); + if (EVP_MD_CTX_md_data(ctx)) + memset(EVP_MD_CTX_md_data(ctx), 0, sizeof(struct ossl_gost_digest_ctx)); return 1; } diff --git a/engines/ccgost/gost_pmeth.c b/engines/ccgost/gost_pmeth.c index e70e2979db..f0f331e5cc 100644 --- a/engines/ccgost/gost_pmeth.c +++ b/engines/ccgost/gost_pmeth.c @@ -388,7 +388,8 @@ static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) } else { key = &(data->key); } - return mctx->digest->md_ctrl(mctx, EVP_MD_CTRL_SET_KEY, 32, key); + return EVP_MD_CTX_md(mctx)->md_ctrl(mctx, EVP_MD_CTRL_SET_KEY, + 32, key); } } return -2; diff --git a/engines/e_dasync.c b/engines/e_dasync.c index c31b43a36d..7f6aa7568d 100644 --- a/engines/e_dasync.c +++ b/engines/e_dasync.c @@ -259,7 +259,7 @@ static void dummy_pause_job(void) { * implementation */ #undef data -#define data(ctx) ((SHA_CTX *)(ctx)->md_data) +#define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx)) static int dasync_sha1_init(EVP_MD_CTX *ctx) { dummy_pause_job(); diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c index 94e53cd0ca..02c3c58570 100644 --- a/engines/e_ossltest.c +++ b/engines/e_ossltest.c @@ -365,7 +365,7 @@ static void fill_known_data(unsigned char *md, unsigned int len) * the same value. */ #undef data -#define data(ctx) ((MD5_CTX *)(ctx)->md_data) +#define data(ctx) ((MD5_CTX *)EVP_MD_CTX_md_data(ctx)) static int digest_md5_init(EVP_MD_CTX *ctx) { return MD5_Init(data(ctx)); @@ -392,7 +392,7 @@ static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md) * SHA1 implementation. */ #undef data -#define data(ctx) ((SHA_CTX *)(ctx)->md_data) +#define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx)) static int digest_sha1_init(EVP_MD_CTX *ctx) { return SHA1_Init(data(ctx)); @@ -419,7 +419,7 @@ static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) * SHA256 implementation. */ #undef data -#define data(ctx) ((SHA256_CTX *)(ctx)->md_data) +#define data(ctx) ((SHA256_CTX *)EVP_MD_CTX_md_data(ctx)) static int digest_sha256_init(EVP_MD_CTX *ctx) { return SHA256_Init(data(ctx)); @@ -446,7 +446,7 @@ static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md) * SHA384/512 implementation. */ #undef data -#define data(ctx) ((SHA512_CTX *)(ctx)->md_data) +#define data(ctx) ((SHA512_CTX *)EVP_MD_CTX_md_data(ctx)) static int digest_sha384_init(EVP_MD_CTX *ctx) { return SHA384_Init(data(ctx)); diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h index 7962087ec6..47aa1e6fa8 100644 --- a/include/openssl/hmac.h +++ b/include/openssl/hmac.h @@ -70,9 +70,9 @@ extern "C" { typedef struct hmac_ctx_st { const EVP_MD *md; - EVP_MD_CTX md_ctx; - EVP_MD_CTX i_ctx; - EVP_MD_CTX o_ctx; + EVP_MD_CTX *md_ctx; + EVP_MD_CTX *i_ctx; + EVP_MD_CTX *o_ctx; unsigned int key_length; unsigned char key[HMAC_MAX_MD_CBLOCK]; } HMAC_CTX; diff --git a/include/openssl/pem.h b/include/openssl/pem.h index f9e23d295c..2746e0eb2e 100644 --- a/include/openssl/pem.h +++ b/include/openssl/pem.h @@ -104,7 +104,7 @@ extern "C" { */ typedef struct PEM_Encode_Seal_st { EVP_ENCODE_CTX encode; - EVP_MD_CTX md; + EVP_MD_CTX *md; EVP_CIPHER_CTX cipher; } PEM_ENCODE_SEAL_CTX; diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 381872df9f..04b6aaed8a 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -791,7 +791,6 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) { SSL3_RECORD *rec; unsigned char *mac_sec, *seq; - EVP_MD_CTX md_ctx; const EVP_MD_CTX *hash; unsigned char *p, rec_char; size_t md_size; @@ -855,30 +854,33 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) } else { unsigned int md_size_u; /* Chop the digest off the end :-) */ - EVP_MD_CTX_init(&md_ctx); + EVP_MD_CTX *md_ctx = EVP_MD_CTX_create(); + + if (md_ctx == NULL) + return -1; rec_char = rec->type; p = md; s2n(rec->length, p); - if (EVP_MD_CTX_copy_ex(&md_ctx, hash) <= 0 - || EVP_DigestUpdate(&md_ctx, mac_sec, md_size) <= 0 - || EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad) <= 0 - || EVP_DigestUpdate(&md_ctx, seq, 8) <= 0 - || EVP_DigestUpdate(&md_ctx, &rec_char, 1) <= 0 - || EVP_DigestUpdate(&md_ctx, md, 2) <= 0 - || EVP_DigestUpdate(&md_ctx, rec->input, rec->length) <= 0 - || EVP_DigestFinal_ex(&md_ctx, md, NULL) <= 0 - || EVP_MD_CTX_copy_ex(&md_ctx, hash) <= 0 - || EVP_DigestUpdate(&md_ctx, mac_sec, md_size) <= 0 - || EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad) <= 0 - || EVP_DigestUpdate(&md_ctx, md, md_size) <= 0 - || EVP_DigestFinal_ex(&md_ctx, md, &md_size_u) <= 0) { - EVP_MD_CTX_cleanup(&md_ctx); + if (EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0 + || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0 + || EVP_DigestUpdate(md_ctx, ssl3_pad_1, npad) <= 0 + || EVP_DigestUpdate(md_ctx, seq, 8) <= 0 + || EVP_DigestUpdate(md_ctx, &rec_char, 1) <= 0 + || EVP_DigestUpdate(md_ctx, md, 2) <= 0 + || EVP_DigestUpdate(md_ctx, rec->input, rec->length) <= 0 + || EVP_DigestFinal_ex(md_ctx, md, NULL) <= 0 + || EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0 + || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0 + || EVP_DigestUpdate(md_ctx, ssl3_pad_2, npad) <= 0 + || EVP_DigestUpdate(md_ctx, md, md_size) <= 0 + || EVP_DigestFinal_ex(md_ctx, md, &md_size_u) <= 0) { + EVP_MD_CTX_cleanup(md_ctx); return -1; } md_size = md_size_u; - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_destroy(md_ctx); } ssl3_record_sequence_update(seq); @@ -892,7 +894,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) EVP_MD_CTX *hash; size_t md_size; int i; - EVP_MD_CTX hmac, *mac_ctx; + EVP_MD_CTX *hmac = NULL, *mac_ctx; unsigned char header[13]; int stream_mac = (send ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM)); @@ -916,9 +918,11 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) if (stream_mac) { mac_ctx = hash; } else { - if (!EVP_MD_CTX_copy(&hmac, hash)) + hmac = EVP_MD_CTX_create(); + if (hmac == NULL + || !EVP_MD_CTX_copy(hmac, hash)) return -1; - mac_ctx = &hmac; + mac_ctx = hmac; } if (SSL_IS_DTLS(ssl)) { @@ -953,16 +957,14 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) rec->length + md_size, rec->orig_len, ssl->s3->read_mac_secret, ssl->s3->read_mac_secret_size, 0) <= 0) { - if (!stream_mac) - EVP_MD_CTX_cleanup(&hmac); + EVP_MD_CTX_destroy(hmac); return -1; } } else { if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0 || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0 || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) { - if (!stream_mac) - EVP_MD_CTX_cleanup(&hmac); + EVP_MD_CTX_destroy(hmac); return -1; } if (!send && !SSL_USE_ETM(ssl) && FIPS_mode()) @@ -971,8 +973,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) rec->length, rec->orig_len); } - if (!stream_mac) - EVP_MD_CTX_cleanup(&hmac); + EVP_MD_CTX_destroy(hmac); #ifdef TLS_DEBUG fprintf(stderr, "seq="); diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 177f6d736f..1e46c6692e 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -201,7 +201,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char first_block[MAX_HASH_BLOCK_SIZE]; unsigned char mac_out[EVP_MAX_MD_SIZE]; unsigned i, j, md_out_size_u; - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx = NULL; /* * mdLengthSize is the number of bytes in the length field that * terminates * the hash. @@ -497,34 +497,36 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, mac_out[j] |= block[j] & is_block_b; } - EVP_MD_CTX_init(&md_ctx); - if (EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */ ) <= 0) + md_ctx = EVP_MD_CTX_create(); + if (md_ctx == NULL) + goto err; + if (EVP_DigestInit_ex(md_ctx, EVP_MD_CTX_md(ctx), NULL /* engine */ ) <= 0) goto err; if (is_sslv3) { /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */ memset(hmac_pad, 0x5c, sslv3_pad_length); - if (EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length) <= 0 - || EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length) <= 0 - || EVP_DigestUpdate(&md_ctx, mac_out, md_size) <= 0) + if (EVP_DigestUpdate(md_ctx, mac_secret, mac_secret_length) <= 0 + || EVP_DigestUpdate(md_ctx, hmac_pad, sslv3_pad_length) <= 0 + || EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0) goto err; } else { /* Complete the HMAC in the standard manner. */ for (i = 0; i < md_block_size; i++) hmac_pad[i] ^= 0x6a; - if (EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size) <= 0 - || EVP_DigestUpdate(&md_ctx, mac_out, md_size) <= 0) + if (EVP_DigestUpdate(md_ctx, hmac_pad, md_block_size) <= 0 + || EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0) goto err; } - ret = EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u); + ret = EVP_DigestFinal(md_ctx, md_out, &md_out_size_u); if (ret && md_out_size) *md_out_size = md_out_size_u; - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_destroy(md_ctx); return 1; err: - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_destroy(md_ctx); return 0; } diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 31c89182e7..dc884c5466 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -142,19 +142,24 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) { - EVP_MD_CTX m5; - EVP_MD_CTX s1; + EVP_MD_CTX *m5; + EVP_MD_CTX *s1; unsigned char buf[16], smd[SHA_DIGEST_LENGTH]; unsigned char c = 'A'; unsigned int i, j, k; + int ret = 0; #ifdef CHARSET_EBCDIC c = os_toascii[c]; /* 'A' in ASCII */ #endif k = 0; - EVP_MD_CTX_init(&m5); - EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_MD_CTX_init(&s1); + m5 = EVP_MD_CTX_create(); + s1 = EVP_MD_CTX_create(); + if (m5 == NULL || s1 == NULL) { + SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_MALLOC_FAILURE); + goto err; + } + EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) { k++; if (k > sizeof buf) { @@ -166,30 +171,32 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) for (j = 0; j < k; j++) buf[j] = c; c++; - EVP_DigestInit_ex(&s1, EVP_sha1(), NULL); - EVP_DigestUpdate(&s1, buf, k); - EVP_DigestUpdate(&s1, s->session->master_key, + EVP_DigestInit_ex(s1, EVP_sha1(), NULL); + EVP_DigestUpdate(s1, buf, k); + EVP_DigestUpdate(s1, s->session->master_key, s->session->master_key_length); - EVP_DigestUpdate(&s1, s->s3->server_random, SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&s1, s->s3->client_random, SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&s1, smd, NULL); + EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE); + EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE); + EVP_DigestFinal_ex(s1, smd, NULL); - EVP_DigestInit_ex(&m5, EVP_md5(), NULL); - EVP_DigestUpdate(&m5, s->session->master_key, + EVP_DigestInit_ex(m5, EVP_md5(), NULL); + EVP_DigestUpdate(m5, s->session->master_key, s->session->master_key_length); - EVP_DigestUpdate(&m5, smd, SHA_DIGEST_LENGTH); + EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH); if ((int)(i + MD5_DIGEST_LENGTH) > num) { - EVP_DigestFinal_ex(&m5, smd, NULL); + EVP_DigestFinal_ex(m5, smd, NULL); memcpy(km, smd, (num - i)); } else - EVP_DigestFinal_ex(&m5, km, NULL); + EVP_DigestFinal_ex(m5, km, NULL); km += MD5_DIGEST_LENGTH; } OPENSSL_cleanse(smd, sizeof(smd)); - EVP_MD_CTX_cleanup(&m5); - EVP_MD_CTX_cleanup(&s1); - return 1; + ret = 1; + err: + EVP_MD_CTX_destroy(m5); + EVP_MD_CTX_destroy(s1); + return ret; } int ssl3_change_cipher_state(SSL *s, int which) @@ -492,7 +499,7 @@ int ssl3_digest_cached_records(SSL *s, int keep) int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p) { int ret; - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = NULL; if (!ssl3_digest_cached_records(s, 0)) return 0; @@ -502,25 +509,29 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p) return 0; } - EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_copy_ex(&ctx, s->s3->handshake_dgst); + ctx = EVP_MD_CTX_create(); + if (ctx == NULL) { + SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_MALLOC_FAILURE); + return 0; + } + EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst); - ret = EVP_MD_CTX_size(&ctx); + ret = EVP_MD_CTX_size(ctx); if (ret < 0) { - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_cleanup(ctx); return 0; } - if ((sender != NULL && EVP_DigestUpdate(&ctx, sender, len) <= 0) - || EVP_MD_CTX_ctrl(&ctx, EVP_CTRL_SSL3_MASTER_SECRET, + if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0) + || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET, s->session->master_key_length, s->session->master_key) <= 0 - || EVP_DigestFinal_ex(&ctx, p, NULL) <= 0) { + || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR); ret = 0; } - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); return ret; } @@ -540,29 +551,32 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, #endif }; unsigned char buf[EVP_MAX_MD_SIZE]; - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); int i, ret = 0; unsigned int n; #ifdef OPENSSL_SSL_TRACE_CRYPTO unsigned char *tmpout = out; #endif - EVP_MD_CTX_init(&ctx); + if (ctx == NULL) { + SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_MALLOC_FAILURE); + return 0; + } for (i = 0; i < 3; i++) { - if (EVP_DigestInit_ex(&ctx, s->ctx->sha1, NULL) <= 0 - || EVP_DigestUpdate(&ctx, salt[i], + if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0 + || EVP_DigestUpdate(ctx, salt[i], strlen((const char *)salt[i])) <= 0 - || EVP_DigestUpdate(&ctx, p, len) <= 0 - || EVP_DigestUpdate(&ctx, &(s->s3->client_random[0]), + || EVP_DigestUpdate(ctx, p, len) <= 0 + || EVP_DigestUpdate(ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE) <= 0 - || EVP_DigestUpdate(&ctx, &(s->s3->server_random[0]), + || EVP_DigestUpdate(ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE) <= 0 - || EVP_DigestFinal_ex(&ctx, buf, &n) <= 0 + || EVP_DigestFinal_ex(ctx, buf, &n) <= 0 - || EVP_DigestInit_ex(&ctx, s->ctx->md5, NULL) <= 0 - || EVP_DigestUpdate(&ctx, p, len) <= 0 - || EVP_DigestUpdate(&ctx, buf, n) <= 0 - || EVP_DigestFinal_ex(&ctx, out, &n) <= 0) { + || EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0 + || EVP_DigestUpdate(ctx, p, len) <= 0 + || EVP_DigestUpdate(ctx, buf, n) <= 0 + || EVP_DigestFinal_ex(ctx, out, &n) <= 0) { SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR); ret = 0; break; @@ -570,7 +584,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, out += n; ret += n; } - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); #ifdef OPENSSL_SSL_TRACE_CRYPTO if (ret > 0 && s->msg_callback) { diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index d51c6b7850..adbb7bb95a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3197,19 +3197,23 @@ void ssl_clear_hash_ctx(EVP_MD_CTX **hash) /* Retrieve handshake hashes */ int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = NULL; EVP_MD_CTX *hdgst = s->s3->handshake_dgst; int ret = EVP_MD_CTX_size(hdgst); - EVP_MD_CTX_init(&ctx); if (ret < 0 || ret > outlen) { ret = 0; goto err; } - if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) - || EVP_DigestFinal_ex(&ctx, out, NULL) <= 0) + ctx = EVP_MD_CTX_create(); + if (ctx == NULL) { + ret = 0; + goto err; + } + if (!EVP_MD_CTX_copy_ex(ctx, hdgst) + || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) ret = 0; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); return ret; } diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 9ac992197f..f19ac8e38a 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1573,7 +1573,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) { - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx; int al, j; long alg_k, alg_a; EVP_PKEY *pkey = NULL; @@ -1592,7 +1592,12 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) #endif PACKET save_param_start, signature; - EVP_MD_CTX_init(&md_ctx); + md_ctx = EVP_MD_CTX_create(); + if (md_ctx == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + goto f_err; + } alg_k = s->s3->tmp.new_cipher->algorithm_mkey; @@ -1882,18 +1887,18 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH); goto f_err; } - if (EVP_VerifyInit_ex(&md_ctx, md, NULL) <= 0 - || EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), + if (EVP_VerifyInit_ex(md_ctx, md, NULL) <= 0 + || EVP_VerifyUpdate(md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE) <= 0 - || EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]), + || EVP_VerifyUpdate(md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE) <= 0 - || EVP_VerifyUpdate(&md_ctx, PACKET_data(¶ms), + || EVP_VerifyUpdate(md_ctx, PACKET_data(¶ms), PACKET_remaining(¶ms)) <= 0) { al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB); goto f_err; } - if (EVP_VerifyFinal(&md_ctx, PACKET_data(&signature), + if (EVP_VerifyFinal(md_ctx, PACKET_data(&signature), PACKET_remaining(&signature), pkey) <= 0) { /* bad signature */ al = SSL_AD_DECRYPT_ERROR; @@ -1916,7 +1921,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) } } EVP_PKEY_free(pkey); - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_destroy(md_ctx); return MSG_PROCESS_CONTINUE_READING; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -1933,7 +1938,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) EC_POINT_free(srvr_ecpoint); EC_KEY_free(ecdh); #endif - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_destroy(md_ctx); ossl_statem_set_error(s); return MSG_PROCESS_ERROR; } @@ -2894,13 +2899,17 @@ int tls_construct_client_verify(SSL *s) unsigned char *p; EVP_PKEY *pkey; const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys]; - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx; unsigned u = 0; unsigned long n = 0; long hdatalen = 0; void *hdata; - EVP_MD_CTX_init(&mctx); + mctx = EVP_MD_CTX_create(); + if (mctx == NULL) { + SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } p = ssl_handshake_start(s); pkey = s->cert->key->privatekey; @@ -2921,13 +2930,13 @@ int tls_construct_client_verify(SSL *s) #ifdef SSL_DEBUG fprintf(stderr, "Using client alg %s\n", EVP_MD_name(md)); #endif - if (!EVP_SignInit_ex(&mctx, md, NULL) - || !EVP_SignUpdate(&mctx, hdata, hdatalen) + if (!EVP_SignInit_ex(mctx, md, NULL) + || !EVP_SignUpdate(mctx, hdata, hdatalen) || (s->version == SSL3_VERSION - && !EVP_MD_CTX_ctrl(&mctx, EVP_CTRL_SSL3_MASTER_SECRET, + && !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, s->session->master_key_length, s->session->master_key)) - || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) { + || !EVP_SignFinal(mctx, p + 2, &u, pkey)) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_EVP_LIB); goto err; } @@ -2949,10 +2958,10 @@ int tls_construct_client_verify(SSL *s) goto err; } - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return 1; err: - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return 0; } diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 09718c5080..687191d23d 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1733,9 +1733,13 @@ int tls_construct_server_key_exchange(SSL *s) BIGNUM *r[4]; int nr[4], kn; BUF_MEM *buf; - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx = EVP_MD_CTX_create(); - EVP_MD_CTX_init(&md_ctx); + if (md_ctx == NULL) { + SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + al = SSL_AD_INTERNAL_ERROR; + goto f_err; + } type = s->s3->tmp.new_cipher->algorithm_mkey; cert = s->cert; @@ -2040,13 +2044,13 @@ int tls_construct_server_key_exchange(SSL *s) #ifdef SSL_DEBUG fprintf(stderr, "Using hash %s\n", EVP_MD_name(md)); #endif - if (EVP_SignInit_ex(&md_ctx, md, NULL) <= 0 - || EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), + if (EVP_SignInit_ex(md_ctx, md, NULL) <= 0 + || EVP_SignUpdate(md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE) <= 0 - || EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), + || EVP_SignUpdate(md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE) <= 0 - || EVP_SignUpdate(&md_ctx, d, n) <= 0 - || EVP_SignFinal(&md_ctx, &(p[2]), + || EVP_SignUpdate(md_ctx, d, n) <= 0 + || EVP_SignFinal(md_ctx, &(p[2]), (unsigned int *)&i, pkey) <= 0) { SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_LIB_EVP); al = SSL_AD_INTERNAL_ERROR; @@ -2071,7 +2075,7 @@ int tls_construct_server_key_exchange(SSL *s) goto f_err; } - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_destroy(md_ctx); return 1; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -2080,7 +2084,7 @@ int tls_construct_server_key_exchange(SSL *s) OPENSSL_free(encodedPoint); BN_CTX_free(bn_ctx); #endif - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_destroy(md_ctx); ossl_statem_set_error(s); return 0; } @@ -2884,8 +2888,13 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) long hdatalen = 0; void *hdata; - EVP_MD_CTX mctx; - EVP_MD_CTX_init(&mctx); + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); + + if (mctx == NULL) { + SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_MALLOC_FAILURE); + al = SSL_AD_INTERNAL_ERROR; + goto f_err; + } peer = s->session->peer; pkey = X509_get_pubkey(peer); @@ -2966,8 +2975,8 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) #ifdef SSL_DEBUG fprintf(stderr, "Using client verify alg %s\n", EVP_MD_name(md)); #endif - if (!EVP_VerifyInit_ex(&mctx, md, NULL) - || !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) { + if (!EVP_VerifyInit_ex(mctx, md, NULL) + || !EVP_VerifyUpdate(mctx, hdata, hdatalen)) { SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB); al = SSL_AD_INTERNAL_ERROR; goto f_err; @@ -2982,7 +2991,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) #endif if (s->version == SSL3_VERSION - && !EVP_MD_CTX_ctrl(&mctx, EVP_CTRL_SSL3_MASTER_SECRET, + && !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, s->session->master_key_length, s->session->master_key)) { SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB); @@ -2990,7 +2999,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) goto f_err; } - if (EVP_VerifyFinal(&mctx, data, len, pkey) <= 0) { + if (EVP_VerifyFinal(mctx, data, len, pkey) <= 0) { al = SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_BAD_SIGNATURE); goto f_err; @@ -3004,7 +3013,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) } BIO_free(s->s3->handshake_buffer); s->s3->handshake_buffer = NULL; - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); EVP_PKEY_free(pkey); return ret; } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index ccf933e90a..05a0ec7caa 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -157,7 +157,7 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, { int chunk; size_t j; - EVP_MD_CTX ctx, ctx_tmp, ctx_init; + EVP_MD_CTX *ctx, *ctx_tmp, *ctx_init; EVP_PKEY *mac_key; unsigned char A1[EVP_MAX_MD_SIZE]; size_t A1_len; @@ -166,60 +166,62 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, chunk = EVP_MD_size(md); OPENSSL_assert(chunk >= 0); - EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_init(&ctx_tmp); - EVP_MD_CTX_init(&ctx_init); - EVP_MD_CTX_set_flags(&ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + ctx = EVP_MD_CTX_create(); + ctx_tmp = EVP_MD_CTX_create(); + ctx_init = EVP_MD_CTX_create(); + if (ctx == NULL || ctx_tmp == NULL || ctx_init == NULL) + goto err; + EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len); if (!mac_key) goto err; - if (!EVP_DigestSignInit(&ctx_init, NULL, md, NULL, mac_key)) + if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key)) goto err; - if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init)) + if (!EVP_MD_CTX_copy_ex(ctx, ctx_init)) goto err; - if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len)) + if (seed1 && !EVP_DigestSignUpdate(ctx, seed1, seed1_len)) goto err; - if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len)) + if (seed2 && !EVP_DigestSignUpdate(ctx, seed2, seed2_len)) goto err; - if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len)) + if (seed3 && !EVP_DigestSignUpdate(ctx, seed3, seed3_len)) goto err; - if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len)) + if (seed4 && !EVP_DigestSignUpdate(ctx, seed4, seed4_len)) goto err; - if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len)) + if (seed5 && !EVP_DigestSignUpdate(ctx, seed5, seed5_len)) goto err; - if (!EVP_DigestSignFinal(&ctx, A1, &A1_len)) + if (!EVP_DigestSignFinal(ctx, A1, &A1_len)) goto err; for (;;) { /* Reinit mac contexts */ - if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init)) + if (!EVP_MD_CTX_copy_ex(ctx, ctx_init)) goto err; - if (!EVP_DigestSignUpdate(&ctx, A1, A1_len)) + if (!EVP_DigestSignUpdate(ctx, A1, A1_len)) goto err; - if (olen > chunk && !EVP_MD_CTX_copy_ex(&ctx_tmp, &ctx)) + if (olen > chunk && !EVP_MD_CTX_copy_ex(ctx_tmp, ctx)) goto err; - if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len)) + if (seed1 && !EVP_DigestSignUpdate(ctx, seed1, seed1_len)) goto err; - if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len)) + if (seed2 && !EVP_DigestSignUpdate(ctx, seed2, seed2_len)) goto err; - if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len)) + if (seed3 && !EVP_DigestSignUpdate(ctx, seed3, seed3_len)) goto err; - if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len)) + if (seed4 && !EVP_DigestSignUpdate(ctx, seed4, seed4_len)) goto err; - if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len)) + if (seed5 && !EVP_DigestSignUpdate(ctx, seed5, seed5_len)) goto err; if (olen > chunk) { - if (!EVP_DigestSignFinal(&ctx, out, &j)) + if (!EVP_DigestSignFinal(ctx, out, &j)) goto err; out += j; olen -= j; /* calc the next A1 value */ - if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len)) + if (!EVP_DigestSignFinal(ctx_tmp, A1, &A1_len)) goto err; } else { /* last one */ - if (!EVP_DigestSignFinal(&ctx, A1, &A1_len)) + if (!EVP_DigestSignFinal(ctx, A1, &A1_len)) goto err; memcpy(out, A1, olen); break; @@ -228,9 +230,9 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, ret = 1; err: EVP_PKEY_free(mac_key); - EVP_MD_CTX_cleanup(&ctx); - EVP_MD_CTX_cleanup(&ctx_tmp); - EVP_MD_CTX_cleanup(&ctx_init); + EVP_MD_CTX_destroy(ctx); + EVP_MD_CTX_destroy(ctx_tmp); + EVP_MD_CTX_destroy(ctx_init); OPENSSL_cleanse(A1, sizeof(A1)); return ret; } diff --git a/test/ecdsatest.c b/test/ecdsatest.c index d56836f40d..dcd9ba0a55 100644 --- a/test/ecdsatest.c +++ b/test/ecdsatest.c @@ -188,17 +188,19 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) const char message[] = "abc"; unsigned char digest[20]; unsigned int dgst_len = 0; - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx = EVP_MD_CTX_create(); EC_KEY *key = NULL; ECDSA_SIG *signature = NULL; BIGNUM *r = NULL, *s = NULL; BIGNUM *kinv = NULL, *rp = NULL; - EVP_MD_CTX_init(&md_ctx); + if (md_ctx == NULL) + goto x962_int_err; + /* get the message digest */ - if (!EVP_DigestInit(&md_ctx, EVP_sha1()) - || !EVP_DigestUpdate(&md_ctx, (const void *)message, 3) - || !EVP_DigestFinal(&md_ctx, digest, &dgst_len)) + if (!EVP_DigestInit(md_ctx, EVP_sha1()) + || !EVP_DigestUpdate(md_ctx, (const void *)message, 3) + || !EVP_DigestFinal(md_ctx, digest, &dgst_len)) goto x962_int_err; BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid)); @@ -244,7 +246,7 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) ECDSA_SIG_free(signature); BN_free(r); BN_free(s); - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_destroy(md_ctx); BN_clear_free(kinv); BN_clear_free(rp); return ret; diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index ac79388fad..50c9e918f2 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -277,19 +277,21 @@ static int test_EVP_DigestSignInit(void) EVP_PKEY *pkey = NULL; unsigned char *sig = NULL; size_t sig_len = 0; - EVP_MD_CTX md_ctx, md_ctx_verify; + EVP_MD_CTX *md_ctx, *md_ctx_verify; - EVP_MD_CTX_init(&md_ctx); - EVP_MD_CTX_init(&md_ctx_verify); + md_ctx = EVP_MD_CTX_create(); + md_ctx_verify = EVP_MD_CTX_create(); + if (md_ctx == NULL || md_ctx_verify == NULL) + goto out; pkey = load_example_rsa_key(); if (pkey == NULL || - !EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) || - !EVP_DigestSignUpdate(&md_ctx, kMsg, sizeof(kMsg))) { + !EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) || + !EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))) { goto out; } /* Determine the size of the signature. */ - if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len)) { + if (!EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) { goto out; } /* Sanity check for testing. */ @@ -299,14 +301,14 @@ static int test_EVP_DigestSignInit(void) } sig = OPENSSL_malloc(sig_len); - if (sig == NULL || !EVP_DigestSignFinal(&md_ctx, sig, &sig_len)) { + if (sig == NULL || !EVP_DigestSignFinal(md_ctx, sig, &sig_len)) { goto out; } /* Ensure that the signature round-trips. */ - if (!EVP_DigestVerifyInit(&md_ctx_verify, NULL, EVP_sha256(), NULL, pkey) - || !EVP_DigestVerifyUpdate(&md_ctx_verify, kMsg, sizeof(kMsg)) - || !EVP_DigestVerifyFinal(&md_ctx_verify, sig, sig_len)) { + if (!EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(), NULL, pkey) + || !EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)) + || !EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)) { goto out; } @@ -317,8 +319,8 @@ static int test_EVP_DigestSignInit(void) ERR_print_errors_fp(stderr); } - EVP_MD_CTX_cleanup(&md_ctx); - EVP_MD_CTX_cleanup(&md_ctx_verify); + EVP_MD_CTX_destroy(md_ctx); + EVP_MD_CTX_destroy(md_ctx_verify); EVP_PKEY_free(pkey); OPENSSL_free(sig); @@ -329,15 +331,15 @@ static int test_EVP_DigestVerifyInit(void) { int ret = 0; EVP_PKEY *pkey = NULL; - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx; - EVP_MD_CTX_init(&md_ctx); + md_ctx = EVP_MD_CTX_create(); pkey = load_example_rsa_key(); if (pkey == NULL || - !EVP_DigestVerifyInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) || - !EVP_DigestVerifyUpdate(&md_ctx, kMsg, sizeof(kMsg)) || - !EVP_DigestVerifyFinal(&md_ctx, kSignature, sizeof(kSignature))) { + !EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) || + !EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)) || + !EVP_DigestVerifyFinal(md_ctx, kSignature, sizeof(kSignature))) { goto out; } ret = 1; @@ -347,7 +349,7 @@ static int test_EVP_DigestVerifyInit(void) ERR_print_errors_fp(stderr); } - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_destroy(md_ctx); EVP_PKEY_free(pkey); return ret; diff --git a/test/evp_test.c b/test/evp_test.c index 83d1749418..92e153f2d3 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -713,8 +713,7 @@ static int digest_test_run(struct evp_test *t) goto err; err = NULL; err: - if (mctx) - EVP_MD_CTX_destroy(mctx); + EVP_MD_CTX_destroy(mctx); t->err = err; return 1; } @@ -1129,8 +1128,7 @@ static int mac_test_run(struct evp_test *t) goto err; err = NULL; err: - if (mctx) - EVP_MD_CTX_destroy(mctx); + EVP_MD_CTX_destroy(mctx); OPENSSL_free(mac); EVP_PKEY_CTX_free(genctx); EVP_PKEY_free(key); diff --git a/test/gost2814789test.c b/test/gost2814789test.c index 56a8ae3054..486326cefe 100644 --- a/test/gost2814789test.c +++ b/test/gost2814789test.c @@ -1207,7 +1207,7 @@ int main(int argc, char *argv[]) u64 ullMaxLen = 6 * 1000 * 1000; int ignore = 0; ENGINE *impl = NULL; - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx; EVP_CIPHER_CTX ectx; EVP_PKEY *mac_key; byte bDerive[EVP_MAX_KEY_LENGTH]; @@ -1391,28 +1391,33 @@ int main(int argc, char *argv[]) */ continue; } - EVP_MD_CTX_init(&mctx); + mctx = EVP_MD_CTX_create(); + if (mctx == NULL) { + fflush(NULL); + fprintf(stderr, "ENGINE_ctrl_cmd_string: malloc failure\n"); + return 14; + } mac_key = EVP_PKEY_new_mac_key(NID_id_Gost28147_89_MAC, NULL, bDerive, mdl); - EVP_DigestSignInit(&mctx, NULL, md_g89imit, impl, mac_key); + EVP_DigestSignInit(mctx, NULL, md_g89imit, impl, mac_key); if (G89_MAX_TC_LEN >= tcs[t].ullLen) { - EVP_DigestSignUpdate(&mctx, tcs[t].bIn, + EVP_DigestSignUpdate(mctx, tcs[t].bIn, (unsigned int)tcs[t].ullLen); } else { for (ullLeft = tcs[t].ullLen; ullLeft >= sizeof(bZB); ullLeft -= sizeof(bZB)) { printf("B"); fflush(NULL); - EVP_DigestSignUpdate(&mctx, bZB, sizeof(bZB)); + EVP_DigestSignUpdate(mctx, bZB, sizeof(bZB)); } printf("b" FMT64 "/" FMT64, ullLeft, tcs[t].ullLen); fflush(NULL); - EVP_DigestSignUpdate(&mctx, bZB, (unsigned int)ullLeft); + EVP_DigestSignUpdate(mctx, bZB, (unsigned int)ullLeft); } siglen = 4; - OPENSSL_assert(EVP_DigestSignFinal(&mctx, bTest, &siglen)); + OPENSSL_assert(EVP_DigestSignFinal(mctx, bTest, &siglen)); EVP_PKEY_free(mac_key); - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); enlu = (int)tcs[t].ullLen; enlf = 0; l = siglen; diff --git a/test/mdc2test.c b/test/mdc2test.c index a0d77a30ec..4cf952c3f5 100644 --- a/test/mdc2test.c +++ b/test/mdc2test.c @@ -95,17 +95,17 @@ int main(int argc, char *argv[]) int ret = 0; unsigned char md[MDC2_DIGEST_LENGTH]; int i; - EVP_MD_CTX c; + EVP_MD_CTX *c; static char *text = "Now is the time for all "; # ifdef CHARSET_EBCDIC ebcdic2ascii(text, text, strlen(text)); # endif - EVP_MD_CTX_init(&c); - EVP_DigestInit_ex(&c, EVP_mdc2(), NULL); - EVP_DigestUpdate(&c, (unsigned char *)text, strlen(text)); - EVP_DigestFinal_ex(&c, &(md[0]), NULL); + c = EVP_MD_CTX_create(); + EVP_DigestInit_ex(c, EVP_mdc2(), NULL); + EVP_DigestUpdate(c, (unsigned char *)text, strlen(text)); + EVP_DigestFinal_ex(c, &(md[0]), NULL); if (memcmp(md, pad1, MDC2_DIGEST_LENGTH) != 0) { for (i = 0; i < MDC2_DIGEST_LENGTH; i++) @@ -118,11 +118,11 @@ int main(int argc, char *argv[]) } else printf("pad1 - ok\n"); - EVP_DigestInit_ex(&c, EVP_mdc2(), NULL); + EVP_DigestInit_ex(c, EVP_mdc2(), NULL); /* FIXME: use a ctl function? */ - ((MDC2_CTX *)c.md_data)->pad_type = 2; - EVP_DigestUpdate(&c, (unsigned char *)text, strlen(text)); - EVP_DigestFinal_ex(&c, &(md[0]), NULL); + ((MDC2_CTX *)EVP_MD_CTX_md_data(c))->pad_type = 2; + EVP_DigestUpdate(c, (unsigned char *)text, strlen(text)); + EVP_DigestFinal_ex(c, &(md[0]), NULL); if (memcmp(md, pad2, MDC2_DIGEST_LENGTH) != 0) { for (i = 0; i < MDC2_DIGEST_LENGTH; i++) @@ -135,7 +135,7 @@ int main(int argc, char *argv[]) } else printf("pad2 - ok\n"); - EVP_MD_CTX_cleanup(&c); + EVP_MD_CTX_destroy(c); # ifdef OPENSSL_SYS_NETWARE if (ret) printf("ERROR: %d\n", ret); diff --git a/test/sha1test.c b/test/sha1test.c index cc3633dc68..6b8ad42141 100644 --- a/test/sha1test.c +++ b/test/sha1test.c @@ -88,7 +88,7 @@ int main(int argc, char *argv[]) char **P, **R; static unsigned char buf[1000]; char *p, *r; - EVP_MD_CTX c; + EVP_MD_CTX *c; unsigned char md[SHA_DIGEST_LENGTH]; #ifdef CHARSET_EBCDIC @@ -96,7 +96,7 @@ int main(int argc, char *argv[]) ebcdic2ascii(test[1], test[1], strlen(test[1])); #endif - EVP_MD_CTX_init(&c); + c = EVP_MD_CTX_create(); P = test; R = ret; i = 1; @@ -118,10 +118,10 @@ int main(int argc, char *argv[]) #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, 1000); #endif /* CHARSET_EBCDIC */ - EVP_DigestInit_ex(&c, EVP_sha1(), NULL); + EVP_DigestInit_ex(c, EVP_sha1(), NULL); for (i = 0; i < 1000; i++) - EVP_DigestUpdate(&c, buf, 1000); - EVP_DigestFinal_ex(&c, md, NULL); + EVP_DigestUpdate(c, buf, 1000); + EVP_DigestFinal_ex(c, md, NULL); p = pt(md); r = bigret; @@ -137,7 +137,7 @@ int main(int argc, char *argv[]) printf("ERROR: %d\n", err); #endif EXIT(err); - EVP_MD_CTX_cleanup(&c); + EVP_MD_CTX_destroy(c); return (0); } diff --git a/test/sha256t.c b/test/sha256t.c index 11f3684a74..25f762f82b 100644 --- a/test/sha256t.c +++ b/test/sha256t.c @@ -56,7 +56,7 @@ int main(int argc, char **argv) { unsigned char md[SHA256_DIGEST_LENGTH]; int i; - EVP_MD_CTX evp; + EVP_MD_CTX *evp; fprintf(stdout, "Testing SHA-256 "); @@ -80,10 +80,15 @@ int main(int argc, char **argv) fprintf(stdout, "."); fflush(stdout); - EVP_MD_CTX_init(&evp); - EVP_DigestInit_ex(&evp, EVP_sha256(), NULL); + evp = EVP_MD_CTX_create(); + if (evp == NULL) { + fflush(stdout); + fprintf(stderr, "\nTEST 3 of 3 failed. (malloc failure)\n"); + return 1; + } + EVP_DigestInit_ex(evp, EVP_sha256(), NULL); for (i = 0; i < 1000000; i += 288) - EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" @@ -93,8 +98,7 @@ int main(int argc, char **argv) "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", (1000000 - i) < 288 ? 1000000 - i : 288); - EVP_DigestFinal_ex(&evp, md, NULL); - EVP_MD_CTX_cleanup(&evp); + EVP_DigestFinal_ex(evp, md, NULL); if (memcmp(md, app_b3, sizeof(app_b3))) { fflush(stdout); @@ -129,14 +133,14 @@ int main(int argc, char **argv) fprintf(stdout, "."); fflush(stdout); - EVP_MD_CTX_init(&evp); - EVP_DigestInit_ex(&evp, EVP_sha224(), NULL); + EVP_MD_CTX_init(evp); + EVP_DigestInit_ex(evp, EVP_sha224(), NULL); for (i = 0; i < 1000000; i += 64) - EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", (1000000 - i) < 64 ? 1000000 - i : 64); - EVP_DigestFinal_ex(&evp, md, NULL); - EVP_MD_CTX_cleanup(&evp); + EVP_DigestFinal_ex(evp, md, NULL); + EVP_MD_CTX_destroy(evp); if (memcmp(md, addenum_3, sizeof(addenum_3))) { fflush(stdout); diff --git a/test/sha512t.c b/test/sha512t.c index f60d319028..215a71fd0f 100644 --- a/test/sha512t.c +++ b/test/sha512t.c @@ -75,7 +75,7 @@ int main(int argc, char **argv) { unsigned char md[SHA512_DIGEST_LENGTH]; int i; - EVP_MD_CTX evp; + EVP_MD_CTX *evp; # ifdef OPENSSL_IA32_SSE2 /* @@ -113,10 +113,15 @@ int main(int argc, char **argv) fprintf(stdout, "."); fflush(stdout); - EVP_MD_CTX_init(&evp); - EVP_DigestInit_ex(&evp, EVP_sha512(), NULL); + evp = EVP_MD_CTX_create(); + if (evp == NULL) { + fflush(stdout); + fprintf(stderr, "\nTEST 3 of 3 failed. (malloc failure)\n"); + return 1; + } + EVP_DigestInit_ex(evp, EVP_sha512(), NULL); for (i = 0; i < 1000000; i += 288) - EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" @@ -126,8 +131,8 @@ int main(int argc, char **argv) "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", (1000000 - i) < 288 ? 1000000 - i : 288); - EVP_DigestFinal_ex(&evp, md, NULL); - EVP_MD_CTX_cleanup(&evp); + EVP_DigestFinal_ex(evp, md, NULL); + EVP_MD_CTX_cleanup(evp); if (memcmp(md, app_c3, sizeof(app_c3))) { fflush(stdout); @@ -163,14 +168,13 @@ int main(int argc, char **argv) fprintf(stdout, "."); fflush(stdout); - EVP_MD_CTX_init(&evp); - EVP_DigestInit_ex(&evp, EVP_sha384(), NULL); + EVP_DigestInit_ex(evp, EVP_sha384(), NULL); for (i = 0; i < 1000000; i += 64) - EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", (1000000 - i) < 64 ? 1000000 - i : 64); - EVP_DigestFinal_ex(&evp, md, NULL); - EVP_MD_CTX_cleanup(&evp); + EVP_DigestFinal_ex(evp, md, NULL); + EVP_MD_CTX_destroy(evp); if (memcmp(md, app_d3, sizeof(app_d3))) { fflush(stdout);