diff options
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/asn1/a_sign.c | 33 | ||||
-rw-r--r-- | crypto/asn1/a_verify.c | 33 | ||||
-rw-r--r-- | crypto/cmac/cm_pmeth.c | 4 | ||||
-rw-r--r-- | crypto/cms/cms_asn1.c | 3 | ||||
-rw-r--r-- | crypto/cms/cms_dd.c | 14 | ||||
-rw-r--r-- | crypto/cms/cms_lcl.h | 2 | ||||
-rw-r--r-- | crypto/cms/cms_sd.c | 53 | ||||
-rw-r--r-- | crypto/dh/dh_kdf.c | 18 | ||||
-rw-r--r-- | crypto/dsa/dsa_gen.c | 19 | ||||
-rw-r--r-- | crypto/ecdh/ech_kdf.c | 20 | ||||
-rw-r--r-- | crypto/engine/eng_openssl.c | 6 | ||||
-rw-r--r-- | crypto/evp/m_md4.c | 6 | ||||
-rw-r--r-- | crypto/evp/m_md5.c | 6 | ||||
-rw-r--r-- | crypto/evp/m_md5_sha1.c | 8 | ||||
-rw-r--r-- | crypto/evp/m_mdc2.c | 6 | ||||
-rw-r--r-- | crypto/evp/m_ripemd.c | 6 | ||||
-rw-r--r-- | crypto/evp/m_sha1.c | 24 | ||||
-rw-r--r-- | crypto/evp/m_wp.c | 6 | ||||
-rw-r--r-- | crypto/pem/pem_seal.c | 10 | ||||
-rw-r--r-- | crypto/pem/pvkfmt.c | 14 | ||||
-rw-r--r-- | crypto/pkcs12/p12_key.c | 23 | ||||
-rw-r--r-- | crypto/pkcs7/pk7_doit.c | 58 | ||||
-rw-r--r-- | crypto/rand/md_rand.c | 72 | ||||
-rw-r--r-- | crypto/rsa/rsa_ameth.c | 2 | ||||
-rw-r--r-- | crypto/rsa/rsa_oaep.c | 19 | ||||
-rw-r--r-- | crypto/rsa/rsa_pss.c | 41 | ||||
-rw-r--r-- | crypto/srp/srp_lib.c | 89 | ||||
-rw-r--r-- | crypto/srp/srp_vfy.c | 22 | ||||
-rw-r--r-- | crypto/ts/ts_rsp_verify.c | 15 | ||||
-rw-r--r-- | crypto/x509/x509_cmp.c | 31 |
30 files changed, 380 insertions, 283 deletions
diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 18923b153e..a3abdc47fc 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -131,12 +131,15 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, const EVP_MD *type) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); unsigned char *p, *buf_in = NULL, *buf_out = NULL; int i, inl = 0, outl = 0, outll = 0; X509_ALGOR *a; - EVP_MD_CTX_init(&ctx); + if (ctx == NULL) { + ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } for (i = 0; i < 2; i++) { if (i == 0) a = algor1; @@ -182,9 +185,9 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, p = buf_in; i2d(data, &p); - if (!EVP_SignInit_ex(&ctx, type, NULL) - || !EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl) - || !EVP_SignFinal(&ctx, (unsigned char *)buf_out, + if (!EVP_SignInit_ex(ctx, type, NULL) + || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl) + || !EVP_SignFinal(ctx, (unsigned char *)buf_out, (unsigned int *)&outl, pkey)) { outl = 0; ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB); @@ -201,7 +204,7 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); OPENSSL_clear_free((char *)buf_out, outll); return (outl); @@ -213,13 +216,17 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, const EVP_MD *type) { - EVP_MD_CTX ctx; - EVP_MD_CTX_init(&ctx); - if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) { - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); + + if (ctx == NULL) { + ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE); + return 0; + } + if (!EVP_DigestSignInit(ctx, NULL, type, NULL, pkey)) { + EVP_MD_CTX_destroy(ctx); return 0; } - return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx); + return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx); } int ASN1_item_sign_ctx(const ASN1_ITEM *it, @@ -234,7 +241,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, int rv; type = EVP_MD_CTX_md(ctx); - pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); + pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); if (!type || !pkey) { ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); @@ -307,7 +314,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err: - EVP_MD_CTX_cleanup(ctx); + EVP_MD_CTX_destroy(ctx); OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); OPENSSL_clear_free((char *)buf_out, outll); return (outl); diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 540b71c4d4..e958cdec87 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -77,12 +77,15 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *type; unsigned char *p, *buf_in = NULL; int ret = -1, i, inl; - EVP_MD_CTX_init(&ctx); + if (ctx == NULL) { + ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } i = OBJ_obj2nid(a->algorithm); type = EVP_get_digestbyname(OBJ_nid2sn(i)); if (type == NULL) { @@ -104,8 +107,8 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, p = buf_in; i2d(data, &p); - ret = EVP_VerifyInit_ex(&ctx, type, NULL) - && EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl); + ret = EVP_VerifyInit_ex(ctx, type, NULL) + && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl); OPENSSL_clear_free(buf_in, (unsigned int)inl); @@ -115,7 +118,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, } ret = -1; - if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data, + if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data, (unsigned int)signature->length, pkey) <= 0) { ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); ret = 0; @@ -123,7 +126,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, } ret = 1; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); return (ret); } @@ -132,7 +135,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = NULL; unsigned char *buf_in = NULL; int ret = -1, inl; @@ -148,7 +151,11 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, return -1; } - EVP_MD_CTX_init(&ctx); + ctx = EVP_MD_CTX_create(); + if (ctx == NULL) { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } /* Convert signature OID into digest and public key OIDs */ if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { @@ -161,7 +168,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } - ret = pkey->ameth->item_verify(&ctx, it, asn, a, signature, pkey); + ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey); /* * Return value of 2 means carry on, anything else means we exit * straight away: either a fatal error of the underlying verification @@ -185,7 +192,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } - if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { + if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ret = 0; goto err; @@ -200,7 +207,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } - ret = EVP_DigestVerifyUpdate(&ctx, buf_in, inl); + ret = EVP_DigestVerifyUpdate(ctx, buf_in, inl); OPENSSL_clear_free(buf_in, (unsigned int)inl); @@ -210,7 +217,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, } ret = -1; - if (EVP_DigestVerifyFinal(&ctx, signature->data, + if (EVP_DigestVerifyFinal(ctx, signature->data, (size_t)signature->length) <= 0) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ret = 0; @@ -218,6 +225,6 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, } ret = 1; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); return (ret); } diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c index 080db6329e..4e060f32e4 100644 --- a/crypto/cmac/cm_pmeth.c +++ b/crypto/cmac/cm_pmeth.c @@ -101,7 +101,7 @@ static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - if (!CMAC_Update(ctx->pctx->data, data, count)) + if (!CMAC_Update(EVP_MD_CTX_pkey_ctx(ctx)->data, data, count)) return 0; return 1; } @@ -109,7 +109,7 @@ static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) static int cmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) { EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); - mctx->update = int_update; + EVP_MD_CTX_set_update_fn(mctx, int_update); return 1; } diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c index e044cf519b..7aafc8dab0 100644 --- a/crypto/cms/cms_asn1.c +++ b/crypto/cms/cms_asn1.c @@ -95,8 +95,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; EVP_PKEY_free(si->pkey); X509_free(si->signer); - if (si->pctx) - EVP_MD_CTX_cleanup(&si->mctx); + EVP_MD_CTX_destroy(si->mctx); } return 1; } diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c index 426f8cd74c..dcbd5788fa 100644 --- a/crypto/cms/cms_dd.c +++ b/crypto/cms/cms_dd.c @@ -99,19 +99,23 @@ BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms) int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; int r = 0; CMS_DigestedData *dd; - EVP_MD_CTX_init(&mctx); + + if (mctx == NULL) { + CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, ERR_R_MALLOC_FAILURE); + goto err; + } dd = cms->d.digestedData; - if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm)) + if (!cms_DigestAlgorithm_find_ctx(mctx, chain, dd->digestAlgorithm)) goto err; - if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0) + if (EVP_DigestFinal_ex(mctx, md, &mdlen) <= 0) goto err; if (verify) { @@ -133,7 +137,7 @@ int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) } err: - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return r; diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h index 227356b265..3d41d4f634 100644 --- a/crypto/cms/cms_lcl.h +++ b/crypto/cms/cms_lcl.h @@ -137,7 +137,7 @@ struct CMS_SignerInfo_st { X509 *signer; EVP_PKEY *pkey; /* Digest and public key context for alternative parameters */ - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx; EVP_PKEY_CTX *pctx; }; diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 1720bcd870..46a7876d94 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -287,9 +287,14 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, si->pkey = pk; si->signer = signer; - EVP_MD_CTX_init(&si->mctx); + si->mctx = EVP_MD_CTX_create(); si->pctx = NULL; + if (si->mctx == NULL) { + CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); + goto err; + } + if (flags & CMS_USE_KEYID) { si->version = 3; if (sd->version < 3) @@ -387,7 +392,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, goto err; if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0) goto err; - } else if (EVP_DigestSignInit(&si->mctx, &si->pctx, md, NULL, pk) <= + } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <= 0) goto err; } @@ -444,7 +449,7 @@ EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si) EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si) { - return &si->mctx; + return si->mctx; } STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms) @@ -571,17 +576,21 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si) static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMS_SignerInfo *si, BIO *chain) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); int r = 0; EVP_PKEY_CTX *pctx = NULL; - EVP_MD_CTX_init(&mctx); + + if (mctx == NULL) { + CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); + return 0; + } if (!si->pkey) { CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY); return 0; } - if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) + if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) goto err; /* Set SignerInfo algortihm details if we used custom parametsr */ if (si->pctx && !cms_sd_asn1_ctrl(si, 0)) @@ -596,7 +605,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, cms->d.signedData->encapContentInfo->eContentType; unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; - if (!EVP_DigestFinal_ex(&mctx, md, &mdlen)) + if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) goto err; if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, V_ASN1_OCTET_STRING, md, mdlen)) @@ -613,7 +622,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; pctx = si->pctx; - if (!EVP_DigestFinal_ex(&mctx, md, &mdlen)) + if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) goto err; siglen = EVP_PKEY_size(si->pkey); sig = OPENSSL_malloc(siglen); @@ -634,7 +643,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); goto err; } - if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) { + if (!EVP_SignFinal(mctx, sig, &siglen, si->pkey)) { CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR); OPENSSL_free(sig); goto err; @@ -645,7 +654,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, r = 1; err: - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); EVP_PKEY_CTX_free(pctx); return r; @@ -668,7 +677,7 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) int CMS_SignerInfo_sign(CMS_SignerInfo *si) { - EVP_MD_CTX *mctx = &si->mctx; + EVP_MD_CTX *mctx = si->mctx; EVP_PKEY_CTX *pctx; unsigned char *abuf = NULL; int alen; @@ -734,7 +743,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) int CMS_SignerInfo_verify(CMS_SignerInfo *si) { - EVP_MD_CTX *mctx = &si->mctx; + EVP_MD_CTX *mctx = NULL; unsigned char *abuf = NULL; int alen, r = -1; const EVP_MD *md = NULL; @@ -747,7 +756,9 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); if (md == NULL) return -1; - EVP_MD_CTX_init(mctx); + if (si->mctx == NULL) + si->mctx = EVP_MD_CTX_create(); + mctx = si->mctx; if (EVP_DigestVerifyInit(mctx, &si->pctx, md, NULL, si->pkey) <= 0) goto err; @@ -806,12 +817,16 @@ BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms) int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) { ASN1_OCTET_STRING *os = NULL; - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); EVP_PKEY_CTX *pkctx = NULL; int r = -1; unsigned char mval[EVP_MAX_MD_SIZE]; unsigned int mlen; - EVP_MD_CTX_init(&mctx); + + if (mctx == NULL) { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, ERR_R_MALLOC_FAILURE); + goto err; + } /* If we have any signed attributes look for messageDigest value */ if (CMS_signed_get_attr_count(si) >= 0) { os = CMS_signed_get0_data_by_OBJ(si, @@ -824,10 +839,10 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) } } - if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) + if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) goto err; - if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) { + if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) { CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, CMS_R_UNABLE_TO_FINALIZE_CONTEXT); goto err; @@ -849,7 +864,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) } else r = 1; } else { - const EVP_MD *md = EVP_MD_CTX_md(&mctx); + const EVP_MD *md = EVP_MD_CTX_md(mctx); pkctx = EVP_PKEY_CTX_new(si->pkey, NULL); if (pkctx == NULL) goto err; @@ -871,7 +886,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) err: EVP_PKEY_CTX_free(pkctx); - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return r; } diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index 55979600e1..35a40bd759 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -144,7 +144,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, ASN1_OBJECT *key_oid, const unsigned char *ukm, size_t ukmlen, const EVP_MD *md) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = NULL; int rv = 0; unsigned int i; size_t mdlen; @@ -152,31 +152,33 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, int derlen; if (Zlen > DH_KDF_MAX) return 0; + mctx = EVP_MD_CTX_create(); + if (mctx == NULL) + return 0; mdlen = EVP_MD_size(md); - EVP_MD_CTX_init(&mctx); derlen = dh_sharedinfo_encode(&der, &ctr, key_oid, outlen, ukm, ukmlen); if (derlen == 0) goto err; for (i = 1;; i++) { unsigned char mtmp[EVP_MAX_MD_SIZE]; - EVP_DigestInit_ex(&mctx, md, NULL); - if (!EVP_DigestUpdate(&mctx, Z, Zlen)) + EVP_DigestInit_ex(mctx, md, NULL); + if (!EVP_DigestUpdate(mctx, Z, Zlen)) goto err; ctr[3] = i & 0xFF; ctr[2] = (i >> 8) & 0xFF; ctr[1] = (i >> 16) & 0xFF; ctr[0] = (i >> 24) & 0xFF; - if (!EVP_DigestUpdate(&mctx, der, derlen)) + if (!EVP_DigestUpdate(mctx, der, derlen)) goto err; if (outlen >= mdlen) { - if (!EVP_DigestFinal(&mctx, out, NULL)) + if (!EVP_DigestFinal(mctx, out, NULL)) goto err; outlen -= mdlen; if (outlen == 0) break; out += mdlen; } else { - if (!EVP_DigestFinal(&mctx, mtmp, NULL)) + if (!EVP_DigestFinal(mctx, mtmp, NULL)) goto err; memcpy(out, mtmp, outlen); OPENSSL_cleanse(mtmp, mdlen); @@ -186,7 +188,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, rv = 1; err: OPENSSL_free(der); - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return rv; } #endif diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 106ec3cb5f..f659d081db 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -360,10 +360,11 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, int counter = 0; int r = 0; BN_CTX *ctx = NULL; - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); unsigned int h = 2; - EVP_MD_CTX_init(&mctx); + if (mctx == NULL) + goto err; if (evpmd == NULL) { if (N == 160) @@ -374,7 +375,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, evpmd = EVP_sha256(); } - mdsize = M_EVP_MD_size(evpmd); + mdsize = EVP_MD_size(evpmd); /* If unverificable g generation only don't need seed */ if (!ret->p || !ret->q || idx >= 0) { if (seed_len == 0) @@ -582,15 +583,15 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, md[0] = idx & 0xff; md[1] = (h >> 8) & 0xff; md[2] = h & 0xff; - if (!EVP_DigestInit_ex(&mctx, evpmd, NULL)) + if (!EVP_DigestInit_ex(mctx, evpmd, NULL)) goto err; - if (!EVP_DigestUpdate(&mctx, seed_tmp, seed_len)) + if (!EVP_DigestUpdate(mctx, seed_tmp, seed_len)) goto err; - if (!EVP_DigestUpdate(&mctx, ggen, sizeof(ggen))) + if (!EVP_DigestUpdate(mctx, ggen, sizeof(ggen))) goto err; - if (!EVP_DigestUpdate(&mctx, md, 3)) + if (!EVP_DigestUpdate(mctx, md, 3)) goto err; - if (!EVP_DigestFinal_ex(&mctx, md, NULL)) + if (!EVP_DigestFinal_ex(mctx, md, NULL)) goto err; if (!BN_bin2bn(md, mdsize, test)) goto err; @@ -639,7 +640,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, BN_CTX_end(ctx); BN_CTX_free(ctx); BN_MONT_CTX_free(mont); - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return ok; } diff --git a/crypto/ecdh/ech_kdf.c b/crypto/ecdh/ech_kdf.c index 1e77c6f519..d856b7f5ed 100644 --- a/crypto/ecdh/ech_kdf.c +++ b/crypto/ecdh/ech_kdf.c @@ -64,7 +64,7 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, const unsigned char *sinfo, size_t sinfolen, const EVP_MD *md) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = NULL; int rv = 0; unsigned int i; size_t mdlen; @@ -72,30 +72,32 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX || Zlen > ECDH_KDF_MAX) return 0; + mctx = EVP_MD_CTX_create(); + if (mctx == NULL) + return 0; mdlen = EVP_MD_size(md); - EVP_MD_CTX_init(&mctx); for (i = 1;; i++) { unsigned char mtmp[EVP_MAX_MD_SIZE]; - EVP_DigestInit_ex(&mctx, md, NULL); + EVP_DigestInit_ex(mctx, md, NULL); ctr[3] = i & 0xFF; ctr[2] = (i >> 8) & 0xFF; ctr[1] = (i >> 16) & 0xFF; ctr[0] = (i >> 24) & 0xFF; - if (!EVP_DigestUpdate(&mctx, Z, Zlen)) + if (!EVP_DigestUpdate(mctx, Z, Zlen)) goto err; - if (!EVP_DigestUpdate(&mctx, ctr, sizeof(ctr))) + if (!EVP_DigestUpdate(mctx, ctr, sizeof(ctr))) goto err; - if (!EVP_DigestUpdate(&mctx, sinfo, sinfolen)) + if (!EVP_DigestUpdate(mctx, sinfo, sinfolen)) goto err; if (outlen >= mdlen) { - if (!EVP_DigestFinal(&mctx, out, NULL)) + if (!EVP_DigestFinal(mctx, out, NULL)) goto err; outlen -= mdlen; if (outlen == 0) break; out += mdlen; } else { - if (!EVP_DigestFinal(&mctx, mtmp, NULL)) + if (!EVP_DigestFinal(mctx, mtmp, NULL)) goto err; memcpy(out, mtmp, outlen); OPENSSL_cleanse(mtmp, mdlen); @@ -104,6 +106,6 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, } rv = 1; err: - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return rv; } diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 8927ee190f..3c046f28ea 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -334,7 +334,7 @@ static int test_sha1_init(EVP_MD_CTX *ctx) # ifdef TEST_ENG_OPENSSL_SHA_P_INIT fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n"); # endif - return SHA1_Init(ctx->md_data); + return SHA1_Init(EVP_MD_CTX_md_data(ctx)); } static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) @@ -342,7 +342,7 @@ static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) # ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n"); # endif - return SHA1_Update(ctx->md_data, data, count); + return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) @@ -350,7 +350,7 @@ static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) # ifdef TEST_ENG_OPENSSL_SHA_P_FINAL fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n"); # endif - return SHA1_Final(md, ctx->md_data); + return SHA1_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD test_sha_md = { diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c index 80021b662b..94310b41d3 100644 --- a/crypto/evp/m_md4.c +++ b/crypto/evp/m_md4.c @@ -71,17 +71,17 @@ static int init(EVP_MD_CTX *ctx) { - return MD4_Init(ctx->md_data); + return MD4_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return MD4_Update(ctx->md_data, data, count); + return MD4_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return MD4_Final(md, ctx->md_data); + return MD4_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD md4_md = { diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c index 4ada7d16ce..b8f7a4a41d 100644 --- a/crypto/evp/m_md5.c +++ b/crypto/evp/m_md5.c @@ -71,17 +71,17 @@ static int init(EVP_MD_CTX *ctx) { - return MD5_Init(ctx->md_data); + return MD5_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return MD5_Update(ctx->md_data, data, count); + return MD5_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return MD5_Final(md, ctx->md_data); + return MD5_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD md5_md = { diff --git a/crypto/evp/m_md5_sha1.c b/crypto/evp/m_md5_sha1.c index 22cd7ce733..dadb6c26b8 100644 --- a/crypto/evp/m_md5_sha1.c +++ b/crypto/evp/m_md5_sha1.c @@ -71,7 +71,7 @@ struct md5_sha1_ctx { static int init(EVP_MD_CTX *ctx) { - struct md5_sha1_ctx *mctx = ctx->md_data; + struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); if (!MD5_Init(&mctx->md5)) return 0; return SHA1_Init(&mctx->sha1); @@ -79,7 +79,7 @@ static int init(EVP_MD_CTX *ctx) static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - struct md5_sha1_ctx *mctx = ctx->md_data; + struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); if (!MD5_Update(&mctx->md5, data, count)) return 0; return SHA1_Update(&mctx->sha1, data, count); @@ -87,7 +87,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t count) static int final(EVP_MD_CTX *ctx, unsigned char *md) { - struct md5_sha1_ctx *mctx = ctx->md_data; + struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); if (!MD5_Final(md, &mctx->md5)) return 0; return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1); @@ -98,7 +98,7 @@ static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) unsigned char padtmp[48]; unsigned char md5tmp[MD5_DIGEST_LENGTH]; unsigned char sha1tmp[SHA_DIGEST_LENGTH]; - struct md5_sha1_ctx *mctx = ctx->md_data; + struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); if (cmd != EVP_CTRL_SSL3_MASTER_SECRET) return 0; diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c index ffd1b0effa..8184cbc56a 100644 --- a/crypto/evp/m_mdc2.c +++ b/crypto/evp/m_mdc2.c @@ -71,17 +71,17 @@ static int init(EVP_MD_CTX *ctx) { - return MDC2_Init(ctx->md_data); + return MDC2_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return MDC2_Update(ctx->md_data, data, count); + return MDC2_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return MDC2_Final(md, ctx->md_data); + return MDC2_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD mdc2_md = { diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c index f1c745c03e..a8a35af434 100644 --- a/crypto/evp/m_ripemd.c +++ b/crypto/evp/m_ripemd.c @@ -71,17 +71,17 @@ static int init(EVP_MD_CTX *ctx) { - return RIPEMD160_Init(ctx->md_data); + return RIPEMD160_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return RIPEMD160_Update(ctx->md_data, data, count); + return RIPEMD160_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return RIPEMD160_Final(md, ctx->md_data); + return RIPEMD160_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD ripemd160_md = { diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index c913cae86c..c40849bd52 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -68,17 +68,17 @@ static int init(EVP_MD_CTX *ctx) { - return SHA1_Init(ctx->md_data); + return SHA1_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return SHA1_Update(ctx->md_data, data, count); + return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return SHA1_Final(md, ctx->md_data); + return SHA1_Final(md, EVP_MD_CTX_md_data(ctx)); } static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) @@ -86,7 +86,7 @@ static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) unsigned char padtmp[40]; unsigned char sha1tmp[SHA_DIGEST_LENGTH]; - SHA_CTX *sha1 = ctx->md_data; + SHA_CTX *sha1 = EVP_MD_CTX_md_data(ctx); if (cmd != EVP_CTRL_SSL3_MASTER_SECRET) return 0; @@ -157,12 +157,12 @@ const EVP_MD *EVP_sha1(void) static int init224(EVP_MD_CTX *ctx) { - return SHA224_Init(ctx->md_data); + return SHA224_Init(EVP_MD_CTX_md_data(ctx)); } static int init256(EVP_MD_CTX *ctx) { - return SHA256_Init(ctx->md_data); + return SHA256_Init(EVP_MD_CTX_md_data(ctx)); } /* @@ -172,12 +172,12 @@ static int init256(EVP_MD_CTX *ctx) */ static int update256(EVP_MD_CTX *ctx, const void *data, size_t count) { - return SHA256_Update(ctx->md_data, data, count); + return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final256(EVP_MD_CTX *ctx, unsigned char *md) { - return SHA256_Final(md, ctx->md_data); + return SHA256_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD sha224_md = { @@ -220,23 +220,23 @@ const EVP_MD *EVP_sha256(void) static int init384(EVP_MD_CTX *ctx) { - return SHA384_Init(ctx->md_data); + return SHA384_Init(EVP_MD_CTX_md_data(ctx)); } static int init512(EVP_MD_CTX *ctx) { - return SHA512_Init(ctx->md_data); + return SHA512_Init(EVP_MD_CTX_md_data(ctx)); } /* See comment in SHA224/256 section */ static int update512(EVP_MD_CTX *ctx, const void *data, size_t count) { - return SHA512_Update(ctx->md_data, data, count); + return SHA512_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final512(EVP_MD_CTX *ctx, unsigned char *md) { - return SHA512_Final(md, ctx->md_data); + return SHA512_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD sha384_md = { diff --git a/crypto/evp/m_wp.c b/crypto/evp/m_wp.c index 9ab3c62fe9..47c4ceb2cf 100644 --- a/crypto/evp/m_wp.c +++ b/crypto/evp/m_wp.c @@ -12,17 +12,17 @@ static int init(EVP_MD_CTX *ctx) { - return WHIRLPOOL_Init(ctx->md_data); + return WHIRLPOOL_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return WHIRLPOOL_Update(ctx->md_data, data, count); + return WHIRLPOOL_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return WHIRLPOOL_Final(md, ctx->md_data); + return WHIRLPOOL_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD whirlpool_md = { diff --git a/crypto/pem/pem_seal.c b/crypto/pem/pem_seal.c index e8ea1b0a13..5d9c5975fe 100644 --- a/crypto/pem/pem_seal.c +++ b/crypto/pem/pem_seal.c @@ -93,8 +93,8 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, EVP_EncodeInit(&ctx->encode); - EVP_MD_CTX_init(&ctx->md); - if (!EVP_SignInit(&ctx->md, md_type)) + ctx->md = EVP_MD_CTX_create(); + if (!EVP_SignInit(ctx->md, md_type)) goto err; EVP_CIPHER_CTX_init(&ctx->cipher); @@ -124,7 +124,7 @@ int PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, int i, j; *outl = 0; - if (!EVP_SignUpdate(&ctx->md, in, inl)) + if (!EVP_SignUpdate(ctx->md, in, inl)) return 0; for (;;) { if (inl <= 0) @@ -172,13 +172,13 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, EVP_EncodeFinal(&ctx->encode, out, &j); *outl += j; - if (!EVP_SignFinal(&ctx->md, s, &i, priv)) + if (!EVP_SignFinal(ctx->md, s, &i, priv)) goto err; *sigl = EVP_EncodeBlock(sig, s, i); ret = 1; err: - EVP_MD_CTX_cleanup(&ctx->md); + EVP_MD_CTX_destroy(ctx->md); EVP_CIPHER_CTX_cleanup(&ctx->cipher); OPENSSL_free(s); return (ret); diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 50f19f3068..f062728932 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -650,16 +650,16 @@ static int derive_pvk_key(unsigned char *key, const unsigned char *salt, unsigned int saltlen, const unsigned char *pass, int passlen) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_create();; int rv = 1; - EVP_MD_CTX_init(&mctx); - if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL) - || !EVP_DigestUpdate(&mctx, salt, saltlen) - || !EVP_DigestUpdate(&mctx, pass, passlen) - || !EVP_DigestFinal_ex(&mctx, key, NULL)) + if (mctx == NULL + || !EVP_DigestInit_ex(mctx, EVP_sha1(), NULL) + || !EVP_DigestUpdate(mctx, salt, saltlen) + || !EVP_DigestUpdate(mctx, pass, passlen) + || !EVP_DigestFinal_ex(mctx, key, NULL)) rv = 0; - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return rv; } diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c index fe378d765f..a561d16198 100644 --- a/crypto/pkcs12/p12_key.c +++ b/crypto/pkcs12/p12_key.c @@ -109,13 +109,16 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int i, j, u, v; int ret = 0; BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx; #ifdef DEBUG_KEYGEN unsigned char *tmpout = out; int tmpn = n; #endif - EVP_MD_CTX_init(&ctx); + ctx = EVP_MD_CTX_create(); + if (ctx == NULL) + goto err; + #ifdef DEBUG_KEYGEN fprintf(stderr, "KEYGEN DEBUG\n"); fprintf(stderr, "ID %d, ITER %d\n", id, iter); @@ -151,15 +154,15 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, for (i = 0; i < Plen; i++) *p++ = pass[i % passlen]; for (;;) { - if (!EVP_DigestInit_ex(&ctx, md_type, NULL) - || !EVP_DigestUpdate(&ctx, D, v) - || !EVP_DigestUpdate(&ctx, I, Ilen) - || !EVP_DigestFinal_ex(&ctx, Ai, NULL)) + if (!EVP_DigestInit_ex(ctx, md_type, NULL) + || !EVP_DigestUpdate(ctx, D, v) + || !EVP_DigestUpdate(ctx, I, Ilen) + || !EVP_DigestFinal_ex(ctx, Ai, NULL)) goto err; for (j = 1; j < iter; j++) { - if (!EVP_DigestInit_ex(&ctx, md_type, NULL) - || !EVP_DigestUpdate(&ctx, Ai, u) - || !EVP_DigestFinal_ex(&ctx, Ai, NULL)) + if (!EVP_DigestInit_ex(ctx, md_type, NULL) + || !EVP_DigestUpdate(ctx, Ai, u) + || !EVP_DigestFinal_ex(ctx, Ai, NULL)) goto err; } memcpy(out, Ai, min(n, u)); @@ -215,7 +218,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, OPENSSL_free(I); BN_free(Ij); BN_free(Bpl1); - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); return ret; } diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index df8329419d..c5ac2fac90 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -692,7 +692,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) int i, j; BIO *btmp; PKCS7_SIGNER_INFO *si; - EVP_MD_CTX *mdc, ctx_tmp; + EVP_MD_CTX *mdc, *ctx_tmp; STACK_OF(X509_ATTRIBUTE) *sk; STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL; ASN1_OCTET_STRING *os = NULL; @@ -707,7 +707,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) return 0; } - EVP_MD_CTX_init(&ctx_tmp); + ctx_tmp = EVP_MD_CTX_create(); + if (ctx_tmp == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); + return 0; + } + i = OBJ_obj2nid(p7->type); p7->state = PKCS7_S_HEADER; @@ -784,7 +789,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* * We now have the EVP_MD_CTX, lets do the signing. */ - if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc)) + if (!EVP_MD_CTX_copy_ex(ctx_tmp, mdc)) goto err; sk = si->auth_attr; @@ -794,7 +799,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) * sign the attributes */ if (sk_X509_ATTRIBUTE_num(sk) > 0) { - if (!do_pkcs7_signed_attrib(si, &ctx_tmp)) + if (!do_pkcs7_signed_attrib(si, ctx_tmp)) goto err; } else { unsigned char *abuf = NULL; @@ -804,7 +809,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) if (abuf == NULL) goto err; - if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, si->pkey)) { + if (!EVP_SignFinal(ctx_tmp, abuf, &abuflen, si->pkey)) { PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB); goto err; } @@ -849,13 +854,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) } ret = 1; err: - EVP_MD_CTX_cleanup(&ctx_tmp); + EVP_MD_CTX_destroy(ctx_tmp); return (ret); } int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx; EVP_PKEY_CTX *pctx; unsigned char *abuf = NULL; int alen; @@ -866,8 +871,13 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) if (md == NULL) return 0; - EVP_MD_CTX_init(&mctx); - if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) + mctx = EVP_MD_CTX_create(); + if (mctx == NULL) { + PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0) goto err; if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, @@ -880,16 +890,16 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); if (!abuf) goto err; - if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0) + if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) goto err; OPENSSL_free(abuf); abuf = NULL; - if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) + if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) goto err; abuf = OPENSSL_malloc(siglen); if (abuf == NULL) goto err; - if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) + if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) goto err; if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, @@ -898,7 +908,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) goto err; } - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); ASN1_STRING_set0(si->enc_digest, abuf, siglen); @@ -906,7 +916,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) err: OPENSSL_free(abuf); - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return 0; } @@ -972,14 +982,18 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509) { ASN1_OCTET_STRING *os; - EVP_MD_CTX mdc_tmp, *mdc; + EVP_MD_CTX *mdc_tmp, *mdc; int ret = 0, i; int md_type; STACK_OF(X509_ATTRIBUTE) *sk; BIO *btmp; EVP_PKEY *pkey; - EVP_MD_CTX_init(&mdc_tmp); + mdc_tmp = EVP_MD_CTX_create(); + if (mdc_tmp == NULL) { + PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) { PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE); @@ -1016,7 +1030,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, * mdc is the digest ctx that we want, unless there are attributes, in * which case the digest is the signed attributes */ - if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc)) + if (!EVP_MD_CTX_copy_ex(mdc_tmp, mdc)) goto err; sk = si->auth_attr; @@ -1026,7 +1040,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, int alen; ASN1_OCTET_STRING *message_digest; - if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len)) + if (!EVP_DigestFinal_ex(mdc_tmp, md_dat, &md_len)) goto err; message_digest = PKCS7_digest_from_attributes(sk); if (!message_digest) { @@ -1041,7 +1055,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, goto err; } - if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), NULL)) + if (!EVP_VerifyInit_ex(mdc_tmp, EVP_get_digestbynid(md_type), NULL)) goto err; alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, @@ -1051,7 +1065,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, ret = -1; goto err; } - if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen)) + if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen)) goto err; OPENSSL_free(abuf); @@ -1064,7 +1078,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, goto err; } - i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey); + i = EVP_VerifyFinal(mdc_tmp, os->data, os->length, pkey); EVP_PKEY_free(pkey); if (i <= 0) { PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE); @@ -1073,7 +1087,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, } ret = 1; err: - EVP_MD_CTX_cleanup(&mdc_tmp); + EVP_MD_CTX_destroy(mdc_tmp); return (ret); } diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index 698a63892e..ec42fc29f0 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -212,7 +212,7 @@ static int rand_add(const void *buf, int num, double add) int i, j, k, st_idx; long md_c[2]; unsigned char local_md[MD_DIGEST_LENGTH]; - EVP_MD_CTX m; + EVP_MD_CTX *m; int do_not_lock; int rv = 0; @@ -234,7 +234,10 @@ static int rand_add(const void *buf, int num, double add) * hash function. */ - EVP_MD_CTX_init(&m); + m = EVP_MD_CTX_create(); + if (m == NULL) + goto err; + /* check if we already have the lock */ if (crypto_lock_rand) { CRYPTO_THREADID cur; @@ -284,21 +287,21 @@ static int rand_add(const void *buf, int num, double add) j = (num - i); j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j; - if (!MD_Init(&m)) + if (!MD_Init(m)) goto err; - if (!MD_Update(&m, local_md, MD_DIGEST_LENGTH)) + if (!MD_Update(m, local_md, MD_DIGEST_LENGTH)) goto err; k = (st_idx + j) - STATE_SIZE; if (k > 0) { - if (!MD_Update(&m, &(state[st_idx]), j - k)) + if (!MD_Update(m, &(state[st_idx]), j - k)) goto err; - if (!MD_Update(&m, &(state[0]), k)) + if (!MD_Update(m, &(state[0]), k)) goto err; - } else if (!MD_Update(&m, &(state[st_idx]), j)) + } else if (!MD_Update(m, &(state[st_idx]), j)) goto err; /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ - if (!MD_Update(&m, buf, j)) + if (!MD_Update(m, buf, j)) goto err; /* * We know that line may cause programs such as purify and valgrind @@ -308,9 +311,9 @@ static int rand_add(const void *buf, int num, double add) * insecure keys. */ - if (!MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c))) + if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c))) goto err; - if (!MD_Final(&m, local_md)) + if (!MD_Final(m, local_md)) goto err; md_c[1]++; @@ -352,7 +355,7 @@ static int rand_add(const void *buf, int num, double add) #endif rv = 1; err: - EVP_MD_CTX_cleanup(&m); + EVP_MD_CTX_destroy(m); return rv; } @@ -369,7 +372,7 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) int ok; long md_c[2]; unsigned char local_md[MD_DIGEST_LENGTH]; - EVP_MD_CTX m; + EVP_MD_CTX *m; #ifndef GETPID_IS_MEANINGLESS pid_t curr_pid = getpid(); #endif @@ -409,7 +412,10 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) if (num <= 0) return 1; - EVP_MD_CTX_init(&m); + m = EVP_MD_CTX_create(); + if (m == NULL) + goto err_mem; + /* round upwards to multiple of MD_DIGEST_LENGTH/2 */ num_ceil = (1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2); @@ -523,26 +529,26 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) /* num_ceil -= MD_DIGEST_LENGTH/2 */ j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num; num -= j; - if (!MD_Init(&m)) + if (!MD_Init(m)) goto err; #ifndef GETPID_IS_MEANINGLESS if (curr_pid) { /* just in the first iteration to save time */ - if (!MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid)) + if (!MD_Update(m, (unsigned char *)&curr_pid, sizeof curr_pid)) goto err; curr_pid = 0; } #endif if (curr_time) { /* just in the first iteration to save time */ - if (!MD_Update(&m, (unsigned char *)&curr_time, sizeof curr_time)) + if (!MD_Update(m, (unsigned char *)&curr_time, sizeof curr_time)) goto err; - if (!MD_Update(&m, (unsigned char *)&tv, sizeof tv)) + if (!MD_Update(m, (unsigned char *)&tv, sizeof tv)) goto err; curr_time = 0; - rand_hw_seed(&m); + rand_hw_seed(m); } - if (!MD_Update(&m, local_md, MD_DIGEST_LENGTH)) + if (!MD_Update(m, local_md, MD_DIGEST_LENGTH)) goto err; - if (!MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c))) + if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c))) goto err; #ifndef PURIFY /* purify complains */ @@ -553,19 +559,19 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) * builds it is not used: the removal of such a small source of * entropy has negligible impact on security. */ - if (!MD_Update(&m, buf, j)) + if (!MD_Update(m, buf, j)) goto err; #endif k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num; if (k > 0) { - if (!MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k)) + if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k)) goto err; - if (!MD_Update(&m, &(state[0]), k)) + if (!MD_Update(m, &(state[0]), k)) goto err; - } else if (!MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2)) + } else if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2)) goto err; - if (!MD_Final(&m, local_md)) + if (!MD_Final(m, local_md)) goto err; for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) { @@ -578,23 +584,23 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) } } - if (!MD_Init(&m) - || !MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)) - || !MD_Update(&m, local_md, MD_DIGEST_LENGTH)) + if (!MD_Init(m) + || !MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)) + || !MD_Update(m, local_md, MD_DIGEST_LENGTH)) goto err; CRYPTO_w_lock(CRYPTO_LOCK_RAND); /* * Prevent deadlocks if we end up in an async engine */ ASYNC_block_pause(); - if (!MD_Update(&m, md, MD_DIGEST_LENGTH) || !MD_Final(&m, md)) { + if (!MD_Update(m, md, MD_DIGEST_LENGTH) || !MD_Final(m, md)) { CRYPTO_w_unlock(CRYPTO_LOCK_RAND); goto err; } ASYNC_unblock_pause(); CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - EVP_MD_CTX_cleanup(&m); + EVP_MD_CTX_destroy(m); if (ok) return (1); else if (pseudo) @@ -606,8 +612,12 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) return (0); } err: - EVP_MD_CTX_cleanup(&m); RANDerr(RAND_F_RAND_BYTES, ERR_R_EVP_LIB); + EVP_MD_CTX_destroy(m); + return 0; + err_mem: + RANDerr(RAND_F_RAND_BYTES, ERR_R_MALLOC_FAILURE); + EVP_MD_CTX_destroy(m); return 0; } diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index bae43f23bf..68b268ecb7 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -729,7 +729,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, ASN1_BIT_STRING *sig) { int pad_mode; - EVP_PKEY_CTX *pkctx = ctx->pctx; + EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx); if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) return 0; if (pad_mode == RSA_PKCS1_PADDING) diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index ff551f220c..0f742f9969 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -242,13 +242,14 @@ int PKCS1_MGF1(unsigned char *mask, long len, { long i, outlen = 0; unsigned char cnt[4]; - EVP_MD_CTX c; + EVP_MD_CTX *c = EVP_MD_CTX_create(); unsigned char md[EVP_MAX_MD_SIZE]; int mdlen; int rv = -1; - EVP_MD_CTX_init(&c); - mdlen = M_EVP_MD_size(dgst); + if (c == NULL) + goto err; + mdlen = EVP_MD_size(dgst); if (mdlen < 0) goto err; for (i = 0; outlen < len; i++) { @@ -256,16 +257,16 @@ int PKCS1_MGF1(unsigned char *mask, long len, cnt[1] = (unsigned char)((i >> 16) & 255); cnt[2] = (unsigned char)((i >> 8)) & 255; cnt[3] = (unsigned char)(i & 255); - if (!EVP_DigestInit_ex(&c, dgst, NULL) - || !EVP_DigestUpdate(&c, seed, seedlen) - || !EVP_DigestUpdate(&c, cnt, 4)) + if (!EVP_DigestInit_ex(c, dgst, NULL) + || !EVP_DigestUpdate(c, seed, seedlen) + || !EVP_DigestUpdate(c, cnt, 4)) goto err; if (outlen + mdlen <= len) { - if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL)) + if (!EVP_DigestFinal_ex(c, mask + outlen, NULL)) goto err; outlen += mdlen; } else { - if (!EVP_DigestFinal_ex(&c, md, NULL)) + if (!EVP_DigestFinal_ex(c, md, NULL)) goto err; memcpy(mask + outlen, md, len - outlen); outlen = len; @@ -273,6 +274,6 @@ int PKCS1_MGF1(unsigned char *mask, long len, } rv = 0; err: - EVP_MD_CTX_cleanup(&c); + EVP_MD_CTX_destroy(c); return rv; } diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index 95bf6b0d8c..0a41ae99b1 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -88,14 +88,17 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, int hLen, maskedDBLen, MSBits, emLen; const unsigned char *H; unsigned char *DB = NULL; - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); unsigned char H_[EVP_MAX_MD_SIZE]; - EVP_MD_CTX_init(&ctx); + + + if (ctx == NULL) + goto err; if (mgf1Hash == NULL) mgf1Hash = Hash; - hLen = M_EVP_MD_size(Hash); + hLen = EVP_MD_size(Hash); if (hLen < 0) goto err; /*- @@ -153,15 +156,15 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED); goto err; } - if (!EVP_DigestInit_ex(&ctx, Hash, NULL) - || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) - || !EVP_DigestUpdate(&ctx, mHash, hLen)) + if (!EVP_DigestInit_ex(ctx, Hash, NULL) + || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes) + || !EVP_DigestUpdate(ctx, mHash, hLen)) goto err; if (maskedDBLen - i) { - if (!EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i)) + if (!EVP_DigestUpdate(ctx, DB + i, maskedDBLen - i)) goto err; } - if (!EVP_DigestFinal_ex(&ctx, H_, NULL)) + if (!EVP_DigestFinal_ex(ctx, H_, NULL)) goto err; if (memcmp(H_, H, hLen)) { RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE); @@ -171,7 +174,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, err: OPENSSL_free(DB); - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); return ret; @@ -193,12 +196,12 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, int ret = 0; int hLen, maskedDBLen, MSBits, emLen; unsigned char *H, *salt = NULL, *p; - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = NULL; if (mgf1Hash == NULL) mgf1Hash = Hash; - hLen = M_EVP_MD_size(Hash); + hLen = EVP_MD_size(Hash); if (hLen < 0) goto err; /*- @@ -241,16 +244,17 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, } maskedDBLen = emLen - hLen - 1; H = EM + maskedDBLen; - EVP_MD_CTX_init(&ctx); - if (!EVP_DigestInit_ex(&ctx, Hash, NULL) - || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) - || !EVP_DigestUpdate(&ctx, mHash, hLen)) + ctx = EVP_MD_CTX_create(); + if (ctx == NULL) + goto err; + if (!EVP_DigestInit_ex(ctx, Hash, NULL) + || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes) + || !EVP_DigestUpdate(ctx, mHash, hLen)) goto err; - if (sLen && !EVP_DigestUpdate(&ctx, salt, sLen)) + if (sLen && !EVP_DigestUpdate(ctx, salt, sLen)) goto err; - if (!EVP_DigestFinal_ex(&ctx, H, NULL)) + if (!EVP_DigestFinal_ex(ctx, H, NULL)) goto err; - EVP_MD_CTX_cleanup(&ctx); /* Generate dbMask in place then perform XOR on it */ if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash)) @@ -278,6 +282,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, ret = 1; err: + EVP_MD_CTX_destroy(ctx); OPENSSL_free(salt); return ret; diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c index 850ec2ce64..649d2b5a66 100644 --- a/crypto/srp/srp_lib.c +++ b/crypto/srp/srp_lib.c @@ -70,31 +70,36 @@ static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g) unsigned char digest[SHA_DIGEST_LENGTH]; unsigned char *tmp; - EVP_MD_CTX ctxt; + EVP_MD_CTX *ctxt = NULL; int longg; int longN = BN_num_bytes(N); + BIGNUM *res = NULL; if (BN_ucmp(g, N) >= 0) return NULL; - if ((tmp = OPENSSL_malloc(longN)) == NULL) + ctxt = EVP_MD_CTX_create(); + if (ctxt == NULL) return NULL; + if ((tmp = OPENSSL_malloc(longN)) == NULL) + goto err; BN_bn2bin(N, tmp); - EVP_MD_CTX_init(&ctxt); - EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); - EVP_DigestUpdate(&ctxt, tmp, longN); + EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL); + EVP_DigestUpdate(ctxt, tmp, longN); memset(tmp, 0, longN); longg = BN_bn2bin(g, tmp); /* use the zeros behind to pad on left */ - EVP_DigestUpdate(&ctxt, tmp + longg, longN - longg); - EVP_DigestUpdate(&ctxt, tmp, longg); + EVP_DigestUpdate(ctxt, tmp + longg, longN - longg); + EVP_DigestUpdate(ctxt, tmp, longg); OPENSSL_free(tmp); - EVP_DigestFinal_ex(&ctxt, digest, NULL); - EVP_MD_CTX_cleanup(&ctxt); - return BN_bin2bn(digest, sizeof(digest), NULL); + EVP_DigestFinal_ex(ctxt, digest, NULL); + res = BN_bin2bn(digest, sizeof(digest), NULL); + err: + EVP_MD_CTX_destroy(ctxt); + return res; } BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) @@ -104,7 +109,7 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) BIGNUM *u; unsigned char cu[SHA_DIGEST_LENGTH]; unsigned char *cAB; - EVP_MD_CTX ctxt; + EVP_MD_CTX *ctxt = NULL; int longN; if ((A == NULL) || (B == NULL) || (N == NULL)) return NULL; @@ -114,25 +119,30 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) longN = BN_num_bytes(N); - if ((cAB = OPENSSL_malloc(2 * longN)) == NULL) + ctxt = EVP_MD_CTX_create(); + if (ctxt == NULL) return NULL; + if ((cAB = OPENSSL_malloc(2 * longN)) == NULL) + goto err; memset(cAB, 0, longN); - EVP_MD_CTX_init(&ctxt); - EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); - EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(A, cAB + longN), longN); - EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(B, cAB + longN), longN); + EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL); + EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(A, cAB + longN), longN); + EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(B, cAB + longN), longN); OPENSSL_free(cAB); - EVP_DigestFinal_ex(&ctxt, cu, NULL); - EVP_MD_CTX_cleanup(&ctxt); + EVP_DigestFinal_ex(ctxt, cu, NULL); if ((u = BN_bin2bn(cu, sizeof(cu), NULL)) == NULL) - return NULL; - if (!BN_is_zero(u)) - return u; - BN_free(u); - return NULL; + goto err; + if (BN_is_zero(u)) { + BN_free(u); + u = NULL; + } + err: + EVP_MD_CTX_destroy(ctxt); + + return u; } BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, @@ -196,31 +206,36 @@ BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v) BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass) { unsigned char dig[SHA_DIGEST_LENGTH]; - EVP_MD_CTX ctxt; + EVP_MD_CTX *ctxt; unsigned char *cs; + BIGNUM *res = NULL; if ((s == NULL) || (user == NULL) || (pass == NULL)) return NULL; - if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL) + ctxt = EVP_MD_CTX_create(); + if (ctxt == NULL) return NULL; + if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL) + goto err; - EVP_MD_CTX_init(&ctxt); - EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); - EVP_DigestUpdate(&ctxt, user, strlen(user)); - EVP_DigestUpdate(&ctxt, ":", 1); - EVP_DigestUpdate(&ctxt, pass, strlen(pass)); - EVP_DigestFinal_ex(&ctxt, dig, NULL); + EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL); + EVP_DigestUpdate(ctxt, user, strlen(user)); + EVP_DigestUpdate(ctxt, ":", 1); + EVP_DigestUpdate(ctxt, pass, strlen(pass)); + EVP_DigestFinal_ex(ctxt, dig, NULL); - EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); + EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL); BN_bn2bin(s, cs); - EVP_DigestUpdate(&ctxt, cs, BN_num_bytes(s)); + EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s)); OPENSSL_free(cs); - EVP_DigestUpdate(&ctxt, dig, sizeof(dig)); - EVP_DigestFinal_ex(&ctxt, dig, NULL); - EVP_MD_CTX_cleanup(&ctxt); + EVP_DigestUpdate(ctxt, dig, sizeof(dig)); + EVP_DigestFinal_ex(ctxt, dig, NULL); - return BN_bin2bn(dig, sizeof(dig), NULL); + res = BN_bin2bn(dig, sizeof(dig), NULL); + err: + EVP_MD_CTX_destroy(ctxt); + return res; } BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g) diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index b271c9904c..24fe437e9b 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -474,7 +474,7 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) SRP_user_pwd *user; unsigned char digv[SHA_DIGEST_LENGTH]; unsigned char digs[SHA_DIGEST_LENGTH]; - EVP_MD_CTX ctxt; + EVP_MD_CTX *ctxt = NULL; if (vb == NULL) return NULL; @@ -499,18 +499,20 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0) goto err; - EVP_MD_CTX_init(&ctxt); - EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); - EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key)); - EVP_DigestUpdate(&ctxt, username, strlen(username)); - EVP_DigestFinal_ex(&ctxt, digs, NULL); - EVP_MD_CTX_cleanup(&ctxt); - if (SRP_user_pwd_set_sv_BN - (user, BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL), - BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL))) + ctxt = EVP_MD_CTX_create(); + EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL); + EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key)); + EVP_DigestUpdate(ctxt, username, strlen(username)); + EVP_DigestFinal_ex(ctxt, digs, NULL); + EVP_MD_CTX_destroy(ctxt); + ctxt = NULL; + if (SRP_user_pwd_set_sv_BN(user, + BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL), + BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL))) return user; err: + EVP_MD_CTX_destroy(ctxt); SRP_user_pwd_free(user); return NULL; } diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 5a69a94807..24c81ee241 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -529,7 +529,7 @@ static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info, TS_MSG_IMPRINT *msg_imprint = tst_info->msg_imprint; X509_ALGOR *md_alg_resp = msg_imprint->hash_algo; const EVP_MD *md; - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx = NULL; unsigned char buffer[4096]; int length; @@ -551,17 +551,24 @@ static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info, goto err; } - if (!EVP_DigestInit(&md_ctx, md)) + md_ctx = EVP_MD_CTX_create(); + if (md_ctx == NULL) { + TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!EVP_DigestInit(md_ctx, md)) goto err; while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) { - if (!EVP_DigestUpdate(&md_ctx, buffer, length)) + if (!EVP_DigestUpdate(md_ctx, buffer, length)) goto err; } - if (!EVP_DigestFinal(&md_ctx, *imprint, NULL)) + if (!EVP_DigestFinal(md_ctx, *imprint, NULL)) goto err; + EVP_MD_CTX_destroy(md_ctx); return 1; err: + EVP_MD_CTX_destroy(md_ctx); X509_ALGOR_free(*md_alg); OPENSSL_free(*imprint); *imprint_len = 0; diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 4017545b64..8ea70ace66 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -82,28 +82,29 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) unsigned long X509_issuer_and_serial_hash(X509 *a) { unsigned long ret = 0; - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); unsigned char md[16]; char *f; - EVP_MD_CTX_init(&ctx); + if (ctx == NULL) + goto err; f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0); - if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) + if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) goto err; - if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f))) + if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f))) goto err; OPENSSL_free(f); if (!EVP_DigestUpdate - (&ctx, (unsigned char *)a->cert_info.serialNumber.data, + (ctx, (unsigned char *)a->cert_info.serialNumber.data, (unsigned long)a->cert_info.serialNumber.length)) goto err; - if (!EVP_DigestFinal_ex(&ctx, &(md[0]), NULL)) + if (!EVP_DigestFinal_ex(ctx, &(md[0]), NULL)) goto err; ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) ) & 0xffffffffL; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); return (ret); } #endif @@ -248,21 +249,23 @@ unsigned long X509_NAME_hash(X509_NAME *x) unsigned long X509_NAME_hash_old(X509_NAME *x) { - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx = EVP_MD_CTX_create(); unsigned long ret = 0; unsigned char md[16]; + if (md_ctx == NULL) + return ret; + /* Make sure X509_NAME structure contains valid cached encoding */ i2d_X509_NAME(x, NULL); - EVP_MD_CTX_init(&md_ctx); - EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) - && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) - && EVP_DigestFinal_ex(&md_ctx, md, NULL)) + EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + if (EVP_DigestInit_ex(md_ctx, EVP_md5(), NULL) + && EVP_DigestUpdate(md_ctx, x->bytes->data, x->bytes->length) + && EVP_DigestFinal_ex(md_ctx, md, NULL)) ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) ) & 0xffffffffL; - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_destroy(md_ctx); return (ret); } |