aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'crypto')
-rw-r--r--crypto/asn1/a_sign.c33
-rw-r--r--crypto/asn1/a_verify.c33
-rw-r--r--crypto/cmac/cm_pmeth.c4
-rw-r--r--crypto/cms/cms_asn1.c3
-rw-r--r--crypto/cms/cms_dd.c14
-rw-r--r--crypto/cms/cms_lcl.h2
-rw-r--r--crypto/cms/cms_sd.c53
-rw-r--r--crypto/dh/dh_kdf.c18
-rw-r--r--crypto/dsa/dsa_gen.c19
-rw-r--r--crypto/ecdh/ech_kdf.c20
-rw-r--r--crypto/engine/eng_openssl.c6
-rw-r--r--crypto/evp/m_md4.c6
-rw-r--r--crypto/evp/m_md5.c6
-rw-r--r--crypto/evp/m_md5_sha1.c8
-rw-r--r--crypto/evp/m_mdc2.c6
-rw-r--r--crypto/evp/m_ripemd.c6
-rw-r--r--crypto/evp/m_sha1.c24
-rw-r--r--crypto/evp/m_wp.c6
-rw-r--r--crypto/pem/pem_seal.c10
-rw-r--r--crypto/pem/pvkfmt.c14
-rw-r--r--crypto/pkcs12/p12_key.c23
-rw-r--r--crypto/pkcs7/pk7_doit.c58
-rw-r--r--crypto/rand/md_rand.c72
-rw-r--r--crypto/rsa/rsa_ameth.c2
-rw-r--r--crypto/rsa/rsa_oaep.c19
-rw-r--r--crypto/rsa/rsa_pss.c41
-rw-r--r--crypto/srp/srp_lib.c89
-rw-r--r--crypto/srp/srp_vfy.c22
-rw-r--r--crypto/ts/ts_rsp_verify.c15
-rw-r--r--crypto/x509/x509_cmp.c31
30 files changed, 380 insertions, 283 deletions
diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c
index 18923b153e..a3abdc47fc 100644
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -131,12 +131,15 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
const EVP_MD *type)
{
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = EVP_MD_CTX_create();
unsigned char *p, *buf_in = NULL, *buf_out = NULL;
int i, inl = 0, outl = 0, outll = 0;
X509_ALGOR *a;
- EVP_MD_CTX_init(&ctx);
+ if (ctx == NULL) {
+ ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
for (i = 0; i < 2; i++) {
if (i == 0)
a = algor1;
@@ -182,9 +185,9 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
p = buf_in;
i2d(data, &p);
- if (!EVP_SignInit_ex(&ctx, type, NULL)
- || !EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl)
- || !EVP_SignFinal(&ctx, (unsigned char *)buf_out,
+ if (!EVP_SignInit_ex(ctx, type, NULL)
+ || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl)
+ || !EVP_SignFinal(ctx, (unsigned char *)buf_out,
(unsigned int *)&outl, pkey)) {
outl = 0;
ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB);
@@ -201,7 +204,7 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
err:
- EVP_MD_CTX_cleanup(&ctx);
+ EVP_MD_CTX_destroy(ctx);
OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);
OPENSSL_clear_free((char *)buf_out, outll);
return (outl);
@@ -213,13 +216,17 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn,
EVP_PKEY *pkey, const EVP_MD *type)
{
- EVP_MD_CTX ctx;
- EVP_MD_CTX_init(&ctx);
- if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) {
- EVP_MD_CTX_cleanup(&ctx);
+ EVP_MD_CTX *ctx = EVP_MD_CTX_create();
+
+ if (ctx == NULL) {
+ ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (!EVP_DigestSignInit(ctx, NULL, type, NULL, pkey)) {
+ EVP_MD_CTX_destroy(ctx);
return 0;
}
- return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx);
+ return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx);
}
int ASN1_item_sign_ctx(const ASN1_ITEM *it,
@@ -234,7 +241,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
int rv;
type = EVP_MD_CTX_md(ctx);
- pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
+ pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
if (!type || !pkey) {
ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
@@ -307,7 +314,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
err:
- EVP_MD_CTX_cleanup(ctx);
+ EVP_MD_CTX_destroy(ctx);
OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);
OPENSSL_clear_free((char *)buf_out, outll);
return (outl);
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index 540b71c4d4..e958cdec87 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -77,12 +77,15 @@
int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
char *data, EVP_PKEY *pkey)
{
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = EVP_MD_CTX_create();
const EVP_MD *type;
unsigned char *p, *buf_in = NULL;
int ret = -1, i, inl;
- EVP_MD_CTX_init(&ctx);
+ if (ctx == NULL) {
+ ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
i = OBJ_obj2nid(a->algorithm);
type = EVP_get_digestbyname(OBJ_nid2sn(i));
if (type == NULL) {
@@ -104,8 +107,8 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
p = buf_in;
i2d(data, &p);
- ret = EVP_VerifyInit_ex(&ctx, type, NULL)
- && EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl);
+ ret = EVP_VerifyInit_ex(ctx, type, NULL)
+ && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl);
OPENSSL_clear_free(buf_in, (unsigned int)inl);
@@ -115,7 +118,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
}
ret = -1;
- if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data,
+ if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data,
(unsigned int)signature->length, pkey) <= 0) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
ret = 0;
@@ -123,7 +126,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
}
ret = 1;
err:
- EVP_MD_CTX_cleanup(&ctx);
+ EVP_MD_CTX_destroy(ctx);
return (ret);
}
@@ -132,7 +135,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
{
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = NULL;
unsigned char *buf_in = NULL;
int ret = -1, inl;
@@ -148,7 +151,11 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
return -1;
}
- EVP_MD_CTX_init(&ctx);
+ ctx = EVP_MD_CTX_create();
+ if (ctx == NULL) {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
/* Convert signature OID into digest and public key OIDs */
if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) {
@@ -161,7 +168,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
goto err;
}
- ret = pkey->ameth->item_verify(&ctx, it, asn, a, signature, pkey);
+ ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey);
/*
* Return value of 2 means carry on, anything else means we exit
* straight away: either a fatal error of the underlying verification
@@ -185,7 +192,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
goto err;
}
- if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) {
+ if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) {
ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
ret = 0;
goto err;
@@ -200,7 +207,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
goto err;
}
- ret = EVP_DigestVerifyUpdate(&ctx, buf_in, inl);
+ ret = EVP_DigestVerifyUpdate(ctx, buf_in, inl);
OPENSSL_clear_free(buf_in, (unsigned int)inl);
@@ -210,7 +217,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
}
ret = -1;
- if (EVP_DigestVerifyFinal(&ctx, signature->data,
+ if (EVP_DigestVerifyFinal(ctx, signature->data,
(size_t)signature->length) <= 0) {
ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
ret = 0;
@@ -218,6 +225,6 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
}
ret = 1;
err:
- EVP_MD_CTX_cleanup(&ctx);
+ EVP_MD_CTX_destroy(ctx);
return (ret);
}
diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c
index 080db6329e..4e060f32e4 100644
--- a/crypto/cmac/cm_pmeth.c
+++ b/crypto/cmac/cm_pmeth.c
@@ -101,7 +101,7 @@ static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
{
- if (!CMAC_Update(ctx->pctx->data, data, count))
+ if (!CMAC_Update(EVP_MD_CTX_pkey_ctx(ctx)->data, data, count))
return 0;
return 1;
}
@@ -109,7 +109,7 @@ static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
static int cmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
{
EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
- mctx->update = int_update;
+ EVP_MD_CTX_set_update_fn(mctx, int_update);
return 1;
}
diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
index e044cf519b..7aafc8dab0 100644
--- a/crypto/cms/cms_asn1.c
+++ b/crypto/cms/cms_asn1.c
@@ -95,8 +95,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
EVP_PKEY_free(si->pkey);
X509_free(si->signer);
- if (si->pctx)
- EVP_MD_CTX_cleanup(&si->mctx);
+ EVP_MD_CTX_destroy(si->mctx);
}
return 1;
}
diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c
index 426f8cd74c..dcbd5788fa 100644
--- a/crypto/cms/cms_dd.c
+++ b/crypto/cms/cms_dd.c
@@ -99,19 +99,23 @@ BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms)
int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
{
- EVP_MD_CTX mctx;
+ EVP_MD_CTX *mctx = EVP_MD_CTX_create();
unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen;
int r = 0;
CMS_DigestedData *dd;
- EVP_MD_CTX_init(&mctx);
+
+ if (mctx == NULL) {
+ CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
dd = cms->d.digestedData;
- if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm))
+ if (!cms_DigestAlgorithm_find_ctx(mctx, chain, dd->digestAlgorithm))
goto err;
- if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0)
+ if (EVP_DigestFinal_ex(mctx, md, &mdlen) <= 0)
goto err;
if (verify) {
@@ -133,7 +137,7 @@ int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
}
err:
- EVP_MD_CTX_cleanup(&mctx);
+ EVP_MD_CTX_destroy(mctx);
return r;
diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h
index 227356b265..3d41d4f634 100644
--- a/crypto/cms/cms_lcl.h
+++ b/crypto/cms/cms_lcl.h
@@ -137,7 +137,7 @@ struct CMS_SignerInfo_st {
X509 *signer;
EVP_PKEY *pkey;
/* Digest and public key context for alternative parameters */
- EVP_MD_CTX mctx;
+ EVP_MD_CTX *mctx;
EVP_PKEY_CTX *pctx;
};
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 1720bcd870..46a7876d94 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -287,9 +287,14 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
si->pkey = pk;
si->signer = signer;
- EVP_MD_CTX_init(&si->mctx);
+ si->mctx = EVP_MD_CTX_create();
si->pctx = NULL;
+ if (si->mctx == NULL) {
+ CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
if (flags & CMS_USE_KEYID) {
si->version = 3;
if (sd->version < 3)
@@ -387,7 +392,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
goto err;
if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0)
goto err;
- } else if (EVP_DigestSignInit(&si->mctx, &si->pctx, md, NULL, pk) <=
+ } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <=
0)
goto err;
}
@@ -444,7 +449,7 @@ EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si)
EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si)
{
- return &si->mctx;
+ return si->mctx;
}
STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
@@ -571,17 +576,21 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si)
static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
CMS_SignerInfo *si, BIO *chain)
{
- EVP_MD_CTX mctx;
+ EVP_MD_CTX *mctx = EVP_MD_CTX_create();
int r = 0;
EVP_PKEY_CTX *pctx = NULL;
- EVP_MD_CTX_init(&mctx);
+
+ if (mctx == NULL) {
+ CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
if (!si->pkey) {
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
return 0;
}
- if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
+ if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
goto err;
/* Set SignerInfo algortihm details if we used custom parametsr */
if (si->pctx && !cms_sd_asn1_ctrl(si, 0))
@@ -596,7 +605,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
cms->d.signedData->encapContentInfo->eContentType;
unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen;
- if (!EVP_DigestFinal_ex(&mctx, md, &mdlen))
+ if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
goto err;
if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
V_ASN1_OCTET_STRING, md, mdlen))
@@ -613,7 +622,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen;
pctx = si->pctx;
- if (!EVP_DigestFinal_ex(&mctx, md, &mdlen))
+ if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
goto err;
siglen = EVP_PKEY_size(si->pkey);
sig = OPENSSL_malloc(siglen);
@@ -634,7 +643,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) {
+ if (!EVP_SignFinal(mctx, sig, &siglen, si->pkey)) {
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR);
OPENSSL_free(sig);
goto err;
@@ -645,7 +654,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
r = 1;
err:
- EVP_MD_CTX_cleanup(&mctx);
+ EVP_MD_CTX_destroy(mctx);
EVP_PKEY_CTX_free(pctx);
return r;
@@ -668,7 +677,7 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
int CMS_SignerInfo_sign(CMS_SignerInfo *si)
{
- EVP_MD_CTX *mctx = &si->mctx;
+ EVP_MD_CTX *mctx = si->mctx;
EVP_PKEY_CTX *pctx;
unsigned char *abuf = NULL;
int alen;
@@ -734,7 +743,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
int CMS_SignerInfo_verify(CMS_SignerInfo *si)
{
- EVP_MD_CTX *mctx = &si->mctx;
+ EVP_MD_CTX *mctx = NULL;
unsigned char *abuf = NULL;
int alen, r = -1;
const EVP_MD *md = NULL;
@@ -747,7 +756,9 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
if (md == NULL)
return -1;
- EVP_MD_CTX_init(mctx);
+ if (si->mctx == NULL)
+ si->mctx = EVP_MD_CTX_create();
+ mctx = si->mctx;
if (EVP_DigestVerifyInit(mctx, &si->pctx, md, NULL, si->pkey) <= 0)
goto err;
@@ -806,12 +817,16 @@ BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
{
ASN1_OCTET_STRING *os = NULL;
- EVP_MD_CTX mctx;
+ EVP_MD_CTX *mctx = EVP_MD_CTX_create();
EVP_PKEY_CTX *pkctx = NULL;
int r = -1;
unsigned char mval[EVP_MAX_MD_SIZE];
unsigned int mlen;
- EVP_MD_CTX_init(&mctx);
+
+ if (mctx == NULL) {
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
/* If we have any signed attributes look for messageDigest value */
if (CMS_signed_get_attr_count(si) >= 0) {
os = CMS_signed_get0_data_by_OBJ(si,
@@ -824,10 +839,10 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
}
}
- if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
+ if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
goto err;
- if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) {
+ if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) {
CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
goto err;
@@ -849,7 +864,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
} else
r = 1;
} else {
- const EVP_MD *md = EVP_MD_CTX_md(&mctx);
+ const EVP_MD *md = EVP_MD_CTX_md(mctx);
pkctx = EVP_PKEY_CTX_new(si->pkey, NULL);
if (pkctx == NULL)
goto err;
@@ -871,7 +886,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
err:
EVP_PKEY_CTX_free(pkctx);
- EVP_MD_CTX_cleanup(&mctx);
+ EVP_MD_CTX_destroy(mctx);
return r;
}
diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
index 55979600e1..35a40bd759 100644
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -144,7 +144,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
ASN1_OBJECT *key_oid,
const unsigned char *ukm, size_t ukmlen, const EVP_MD *md)
{
- EVP_MD_CTX mctx;
+ EVP_MD_CTX *mctx = NULL;
int rv = 0;
unsigned int i;
size_t mdlen;
@@ -152,31 +152,33 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
int derlen;
if (Zlen > DH_KDF_MAX)
return 0;
+ mctx = EVP_MD_CTX_create();
+ if (mctx == NULL)
+ return 0;
mdlen = EVP_MD_size(md);
- EVP_MD_CTX_init(&mctx);
derlen = dh_sharedinfo_encode(&der, &ctr, key_oid, outlen, ukm, ukmlen);
if (derlen == 0)
goto err;
for (i = 1;; i++) {
unsigned char mtmp[EVP_MAX_MD_SIZE];
- EVP_DigestInit_ex(&mctx, md, NULL);
- if (!EVP_DigestUpdate(&mctx, Z, Zlen))
+ EVP_DigestInit_ex(mctx, md, NULL);
+ if (!EVP_DigestUpdate(mctx, Z, Zlen))
goto err;
ctr[3] = i & 0xFF;
ctr[2] = (i >> 8) & 0xFF;
ctr[1] = (i >> 16) & 0xFF;
ctr[0] = (i >> 24) & 0xFF;
- if (!EVP_DigestUpdate(&mctx, der, derlen))
+ if (!EVP_DigestUpdate(mctx, der, derlen))
goto err;
if (outlen >= mdlen) {
- if (!EVP_DigestFinal(&mctx, out, NULL))
+ if (!EVP_DigestFinal(mctx, out, NULL))
goto err;
outlen -= mdlen;
if (outlen == 0)
break;
out += mdlen;
} else {
- if (!EVP_DigestFinal(&mctx, mtmp, NULL))
+ if (!EVP_DigestFinal(mctx, mtmp, NULL))
goto err;
memcpy(out, mtmp, outlen);
OPENSSL_cleanse(mtmp, mdlen);
@@ -186,7 +188,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
rv = 1;
err:
OPENSSL_free(der);
- EVP_MD_CTX_cleanup(&mctx);
+ EVP_MD_CTX_destroy(mctx);
return rv;
}
#endif
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 106ec3cb5f..f659d081db 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -360,10 +360,11 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
int counter = 0;
int r = 0;
BN_CTX *ctx = NULL;
- EVP_MD_CTX mctx;
+ EVP_MD_CTX *mctx = EVP_MD_CTX_create();
unsigned int h = 2;
- EVP_MD_CTX_init(&mctx);
+ if (mctx == NULL)
+ goto err;
if (evpmd == NULL) {
if (N == 160)
@@ -374,7 +375,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
evpmd = EVP_sha256();
}
- mdsize = M_EVP_MD_size(evpmd);
+ mdsize = EVP_MD_size(evpmd);
/* If unverificable g generation only don't need seed */
if (!ret->p || !ret->q || idx >= 0) {
if (seed_len == 0)
@@ -582,15 +583,15 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
md[0] = idx & 0xff;
md[1] = (h >> 8) & 0xff;
md[2] = h & 0xff;
- if (!EVP_DigestInit_ex(&mctx, evpmd, NULL))
+ if (!EVP_DigestInit_ex(mctx, evpmd, NULL))
goto err;
- if (!EVP_DigestUpdate(&mctx, seed_tmp, seed_len))
+ if (!EVP_DigestUpdate(mctx, seed_tmp, seed_len))
goto err;
- if (!EVP_DigestUpdate(&mctx, ggen, sizeof(ggen)))
+ if (!EVP_DigestUpdate(mctx, ggen, sizeof(ggen)))
goto err;
- if (!EVP_DigestUpdate(&mctx, md, 3))
+ if (!EVP_DigestUpdate(mctx, md, 3))
goto err;
- if (!EVP_DigestFinal_ex(&mctx, md, NULL))
+ if (!EVP_DigestFinal_ex(mctx, md, NULL))
goto err;
if (!BN_bin2bn(md, mdsize, test))
goto err;
@@ -639,7 +640,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
BN_CTX_end(ctx);
BN_CTX_free(ctx);
BN_MONT_CTX_free(mont);
- EVP_MD_CTX_cleanup(&mctx);
+ EVP_MD_CTX_destroy(mctx);
return ok;
}
diff --git a/crypto/ecdh/ech_kdf.c b/crypto/ecdh/ech_kdf.c
index 1e77c6f519..d856b7f5ed 100644
--- a/crypto/ecdh/ech_kdf.c
+++ b/crypto/ecdh/ech_kdf.c
@@ -64,7 +64,7 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
const unsigned char *sinfo, size_t sinfolen,
const EVP_MD *md)
{
- EVP_MD_CTX mctx;
+ EVP_MD_CTX *mctx = NULL;
int rv = 0;
unsigned int i;
size_t mdlen;
@@ -72,30 +72,32 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX
|| Zlen > ECDH_KDF_MAX)
return 0;
+ mctx = EVP_MD_CTX_create();
+ if (mctx == NULL)
+ return 0;
mdlen = EVP_MD_size(md);
- EVP_MD_CTX_init(&mctx);
for (i = 1;; i++) {
unsigned char mtmp[EVP_MAX_MD_SIZE];
- EVP_DigestInit_ex(&mctx, md, NULL);
+ EVP_DigestInit_ex(mctx, md, NULL);
ctr[3] = i & 0xFF;
ctr[2] = (i >> 8) & 0xFF;
ctr[1] = (i >> 16) & 0xFF;
ctr[0] = (i >> 24) & 0xFF;
- if (!EVP_DigestUpdate(&mctx, Z, Zlen))
+ if (!EVP_DigestUpdate(mctx, Z, Zlen))
goto err;
- if (!EVP_DigestUpdate(&mctx, ctr, sizeof(ctr)))
+ if (!EVP_DigestUpdate(mctx, ctr, sizeof(ctr)))
goto err;
- if (!EVP_DigestUpdate(&mctx, sinfo, sinfolen))
+ if (!EVP_DigestUpdate(mctx, sinfo, sinfolen))
goto err;
if (outlen >= mdlen) {
- if (!EVP_DigestFinal(&mctx, out, NULL))
+ if (!EVP_DigestFinal(mctx, out, NULL))
goto err;
outlen -= mdlen;
if (outlen == 0)
break;
out += mdlen;
} else {
- if (!EVP_DigestFinal(&mctx, mtmp, NULL))
+ if (!EVP_DigestFinal(mctx, mtmp, NULL))
goto err;
memcpy(out, mtmp, outlen);
OPENSSL_cleanse(mtmp, mdlen);
@@ -104,6 +106,6 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
}
rv = 1;
err:
- EVP_MD_CTX_cleanup(&mctx);
+ EVP_MD_CTX_destroy(mctx);
return rv;
}
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
index 8927ee190f..3c046f28ea 100644
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -334,7 +334,7 @@ static int test_sha1_init(EVP_MD_CTX *ctx)
# ifdef TEST_ENG_OPENSSL_SHA_P_INIT
fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
# endif
- return SHA1_Init(ctx->md_data);
+ return SHA1_Init(EVP_MD_CTX_md_data(ctx));
}
static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
@@ -342,7 +342,7 @@ static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
# ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
# endif
- return SHA1_Update(ctx->md_data, data, count);
+ return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
}
static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
@@ -350,7 +350,7 @@ static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
# ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
# endif
- return SHA1_Final(md, ctx->md_data);
+ return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
}
static const EVP_MD test_sha_md = {
diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c
index 80021b662b..94310b41d3 100644
--- a/crypto/evp/m_md4.c
+++ b/crypto/evp/m_md4.c
@@ -71,17 +71,17 @@
static int init(EVP_MD_CTX *ctx)
{
- return MD4_Init(ctx->md_data);
+ return MD4_Init(EVP_MD_CTX_md_data(ctx));
}
static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
{
- return MD4_Update(ctx->md_data, data, count);
+ return MD4_Update(EVP_MD_CTX_md_data(ctx), data, count);
}
static int final(EVP_MD_CTX *ctx, unsigned char *md)
{
- return MD4_Final(md, ctx->md_data);
+ return MD4_Final(md, EVP_MD_CTX_md_data(ctx));
}
static const EVP_MD md4_md = {
diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c
index 4ada7d16ce..b8f7a4a41d 100644
--- a/crypto/evp/m_md5.c
+++ b/crypto/evp/m_md5.c
@@ -71,17 +71,17 @@
static int init(EVP_MD_CTX *ctx)
{
- return MD5_Init(ctx->md_data);
+ return MD5_Init(EVP_MD_CTX_md_data(ctx));
}
static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
{
- return MD5_Update(ctx->md_data, data, count);
+ return MD5_Update(EVP_MD_CTX_md_data(ctx), data, count);
}
static int final(EVP_MD_CTX *ctx, unsigned char *md)
{
- return MD5_Final(md, ctx->md_data);
+ return MD5_Final(md, EVP_MD_CTX_md_data(ctx));
}
static const EVP_MD md5_md = {
diff --git a/crypto/evp/m_md5_sha1.c b/crypto/evp/m_md5_sha1.c
index 22cd7ce733..dadb6c26b8 100644
--- a/crypto/evp/m_md5_sha1.c
+++ b/crypto/evp/m_md5_sha1.c
@@ -71,7 +71,7 @@ struct md5_sha1_ctx {
static int init(EVP_MD_CTX *ctx)
{
- struct md5_sha1_ctx *mctx = ctx->md_data;
+ struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
if (!MD5_Init(&mctx->md5))
return 0;
return SHA1_Init(&mctx->sha1);
@@ -79,7 +79,7 @@ static int init(EVP_MD_CTX *ctx)
static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
{
- struct md5_sha1_ctx *mctx = ctx->md_data;
+ struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
if (!MD5_Update(&mctx->md5, data, count))
return 0;
return SHA1_Update(&mctx->sha1, data, count);
@@ -87,7 +87,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
static int final(EVP_MD_CTX *ctx, unsigned char *md)
{
- struct md5_sha1_ctx *mctx = ctx->md_data;
+ struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
if (!MD5_Final(md, &mctx->md5))
return 0;
return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1);
@@ -98,7 +98,7 @@ static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
unsigned char padtmp[48];
unsigned char md5tmp[MD5_DIGEST_LENGTH];
unsigned char sha1tmp[SHA_DIGEST_LENGTH];
- struct md5_sha1_ctx *mctx = ctx->md_data;
+ struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
return 0;
diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c
index ffd1b0effa..8184cbc56a 100644
--- a/crypto/evp/m_mdc2.c
+++ b/crypto/evp/m_mdc2.c
@@ -71,17 +71,17 @@
static int init(EVP_MD_CTX *ctx)
{
- return MDC2_Init(ctx->md_data);
+ return MDC2_Init(EVP_MD_CTX_md_data(ctx));
}
static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
{
- return MDC2_Update(ctx->md_data, data, count);
+ return MDC2_Update(EVP_MD_CTX_md_data(ctx), data, count);
}
static int final(EVP_MD_CTX *ctx, unsigned char *md)
{
- return MDC2_Final(md, ctx->md_data);
+ return MDC2_Final(md, EVP_MD_CTX_md_data(ctx));
}
static const EVP_MD mdc2_md = {
diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c
index f1c745c03e..a8a35af434 100644
--- a/crypto/evp/m_ripemd.c
+++ b/crypto/evp/m_ripemd.c
@@ -71,17 +71,17 @@
static int init(EVP_MD_CTX *ctx)
{
- return RIPEMD160_Init(ctx->md_data);
+ return RIPEMD160_Init(EVP_MD_CTX_md_data(ctx));
}
static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
{
- return RIPEMD160_Update(ctx->md_data, data, count);
+ return RIPEMD160_Update(EVP_MD_CTX_md_data(ctx), data, count);
}
static int final(EVP_MD_CTX *ctx, unsigned char *md)
{
- return RIPEMD160_Final(md, ctx->md_data);
+ return RIPEMD160_Final(md, EVP_MD_CTX_md_data(ctx));
}
static const EVP_MD ripemd160_md = {
diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c
index c913cae86c..c40849bd52 100644
--- a/crypto/evp/m_sha1.c
+++ b/crypto/evp/m_sha1.c
@@ -68,17 +68,17 @@
static int init(EVP_MD_CTX *ctx)
{
- return SHA1_Init(ctx->md_data);
+ return SHA1_Init(EVP_MD_CTX_md_data(ctx));
}
static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
{
- return SHA1_Update(ctx->md_data, data, count);
+ return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
}
static int final(EVP_MD_CTX *ctx, unsigned char *md)
{
- return SHA1_Final(md, ctx->md_data);
+ return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
}
static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
@@ -86,7 +86,7 @@ static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
unsigned char padtmp[40];
unsigned char sha1tmp[SHA_DIGEST_LENGTH];
- SHA_CTX *sha1 = ctx->md_data;
+ SHA_CTX *sha1 = EVP_MD_CTX_md_data(ctx);
if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
return 0;
@@ -157,12 +157,12 @@ const EVP_MD *EVP_sha1(void)
static int init224(EVP_MD_CTX *ctx)
{
- return SHA224_Init(ctx->md_data);
+ return SHA224_Init(EVP_MD_CTX_md_data(ctx));
}
static int init256(EVP_MD_CTX *ctx)
{
- return SHA256_Init(ctx->md_data);
+ return SHA256_Init(EVP_MD_CTX_md_data(ctx));
}
/*
@@ -172,12 +172,12 @@ static int init256(EVP_MD_CTX *ctx)
*/
static int update256(EVP_MD_CTX *ctx, const void *data, size_t count)
{
- return SHA256_Update(ctx->md_data, data, count);
+ return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count);
}
static int final256(EVP_MD_CTX *ctx, unsigned char *md)
{
- return SHA256_Final(md, ctx->md_data);
+ return SHA256_Final(md, EVP_MD_CTX_md_data(ctx));
}
static const EVP_MD sha224_md = {
@@ -220,23 +220,23 @@ const EVP_MD *EVP_sha256(void)
static int init384(EVP_MD_CTX *ctx)
{
- return SHA384_Init(ctx->md_data);
+ return SHA384_Init(EVP_MD_CTX_md_data(ctx));
}
static int init512(EVP_MD_CTX *ctx)
{
- return SHA512_Init(ctx->md_data);
+ return SHA512_Init(EVP_MD_CTX_md_data(ctx));
}
/* See comment in SHA224/256 section */
static int update512(EVP_MD_CTX *ctx, const void *data, size_t count)
{
- return SHA512_Update(ctx->md_data, data, count);
+ return SHA512_Update(EVP_MD_CTX_md_data(ctx), data, count);
}
static int final512(EVP_MD_CTX *ctx, unsigned char *md)
{
- return SHA512_Final(md, ctx->md_data);
+ return SHA512_Final(md, EVP_MD_CTX_md_data(ctx));
}
static const EVP_MD sha384_md = {
diff --git a/crypto/evp/m_wp.c b/crypto/evp/m_wp.c
index 9ab3c62fe9..47c4ceb2cf 100644
--- a/crypto/evp/m_wp.c
+++ b/crypto/evp/m_wp.c
@@ -12,17 +12,17 @@
static int init(EVP_MD_CTX *ctx)
{
- return WHIRLPOOL_Init(ctx->md_data);
+ return WHIRLPOOL_Init(EVP_MD_CTX_md_data(ctx));
}
static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
{
- return WHIRLPOOL_Update(ctx->md_data, data, count);
+ return WHIRLPOOL_Update(EVP_MD_CTX_md_data(ctx), data, count);
}
static int final(EVP_MD_CTX *ctx, unsigned char *md)
{
- return WHIRLPOOL_Final(md, ctx->md_data);
+ return WHIRLPOOL_Final(md, EVP_MD_CTX_md_data(ctx));
}
static const EVP_MD whirlpool_md = {
diff --git a/crypto/pem/pem_seal.c b/crypto/pem/pem_seal.c
index e8ea1b0a13..5d9c5975fe 100644
--- a/crypto/pem/pem_seal.c
+++ b/crypto/pem/pem_seal.c
@@ -93,8 +93,8 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
EVP_EncodeInit(&ctx->encode);
- EVP_MD_CTX_init(&ctx->md);
- if (!EVP_SignInit(&ctx->md, md_type))
+ ctx->md = EVP_MD_CTX_create();
+ if (!EVP_SignInit(ctx->md, md_type))
goto err;
EVP_CIPHER_CTX_init(&ctx->cipher);
@@ -124,7 +124,7 @@ int PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
int i, j;
*outl = 0;
- if (!EVP_SignUpdate(&ctx->md, in, inl))
+ if (!EVP_SignUpdate(ctx->md, in, inl))
return 0;
for (;;) {
if (inl <= 0)
@@ -172,13 +172,13 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
EVP_EncodeFinal(&ctx->encode, out, &j);
*outl += j;
- if (!EVP_SignFinal(&ctx->md, s, &i, priv))
+ if (!EVP_SignFinal(ctx->md, s, &i, priv))
goto err;
*sigl = EVP_EncodeBlock(sig, s, i);
ret = 1;
err:
- EVP_MD_CTX_cleanup(&ctx->md);
+ EVP_MD_CTX_destroy(ctx->md);
EVP_CIPHER_CTX_cleanup(&ctx->cipher);
OPENSSL_free(s);
return (ret);
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 50f19f3068..f062728932 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -650,16 +650,16 @@ static int derive_pvk_key(unsigned char *key,
const unsigned char *salt, unsigned int saltlen,
const unsigned char *pass, int passlen)
{
- EVP_MD_CTX mctx;
+ EVP_MD_CTX *mctx = EVP_MD_CTX_create();;
int rv = 1;
- EVP_MD_CTX_init(&mctx);
- if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)
- || !EVP_DigestUpdate(&mctx, salt, saltlen)
- || !EVP_DigestUpdate(&mctx, pass, passlen)
- || !EVP_DigestFinal_ex(&mctx, key, NULL))
+ if (mctx == NULL
+ || !EVP_DigestInit_ex(mctx, EVP_sha1(), NULL)
+ || !EVP_DigestUpdate(mctx, salt, saltlen)
+ || !EVP_DigestUpdate(mctx, pass, passlen)
+ || !EVP_DigestFinal_ex(mctx, key, NULL))
rv = 0;
- EVP_MD_CTX_cleanup(&mctx);
+ EVP_MD_CTX_destroy(mctx);
return rv;
}
diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c
index fe378d765f..a561d16198 100644
--- a/crypto/pkcs12/p12_key.c
+++ b/crypto/pkcs12/p12_key.c
@@ -109,13 +109,16 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
int i, j, u, v;
int ret = 0;
BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx;
#ifdef DEBUG_KEYGEN
unsigned char *tmpout = out;
int tmpn = n;
#endif
- EVP_MD_CTX_init(&ctx);
+ ctx = EVP_MD_CTX_create();
+ if (ctx == NULL)
+ goto err;
+
#ifdef DEBUG_KEYGEN
fprintf(stderr, "KEYGEN DEBUG\n");
fprintf(stderr, "ID %d, ITER %d\n", id, iter);
@@ -151,15 +154,15 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
for (i = 0; i < Plen; i++)
*p++ = pass[i % passlen];
for (;;) {
- if (!EVP_DigestInit_ex(&ctx, md_type, NULL)
- || !EVP_DigestUpdate(&ctx, D, v)
- || !EVP_DigestUpdate(&ctx, I, Ilen)
- || !EVP_DigestFinal_ex(&ctx, Ai, NULL))
+ if (!EVP_DigestInit_ex(ctx, md_type, NULL)
+ || !EVP_DigestUpdate(ctx, D, v)
+ || !EVP_DigestUpdate(ctx, I, Ilen)
+ || !EVP_DigestFinal_ex(ctx, Ai, NULL))
goto err;
for (j = 1; j < iter; j++) {
- if (!EVP_DigestInit_ex(&ctx, md_type, NULL)
- || !EVP_DigestUpdate(&ctx, Ai, u)
- || !EVP_DigestFinal_ex(&ctx, Ai, NULL))
+ if (!EVP_DigestInit_ex(ctx, md_type, NULL)
+ || !EVP_DigestUpdate(ctx, Ai, u)
+ || !EVP_DigestFinal_ex(ctx, Ai, NULL))
goto err;
}
memcpy(out, Ai, min(n, u));
@@ -215,7 +218,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
OPENSSL_free(I);
BN_free(Ij);
BN_free(Bpl1);
- EVP_MD_CTX_cleanup(&ctx);
+ EVP_MD_CTX_destroy(ctx);
return ret;
}
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index df8329419d..c5ac2fac90 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -692,7 +692,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
int i, j;
BIO *btmp;
PKCS7_SIGNER_INFO *si;
- EVP_MD_CTX *mdc, ctx_tmp;
+ EVP_MD_CTX *mdc, *ctx_tmp;
STACK_OF(X509_ATTRIBUTE) *sk;
STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
ASN1_OCTET_STRING *os = NULL;
@@ -707,7 +707,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
return 0;
}
- EVP_MD_CTX_init(&ctx_tmp);
+ ctx_tmp = EVP_MD_CTX_create();
+ if (ctx_tmp == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
i = OBJ_obj2nid(p7->type);
p7->state = PKCS7_S_HEADER;
@@ -784,7 +789,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
/*
* We now have the EVP_MD_CTX, lets do the signing.
*/
- if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc))
+ if (!EVP_MD_CTX_copy_ex(ctx_tmp, mdc))
goto err;
sk = si->auth_attr;
@@ -794,7 +799,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
* sign the attributes
*/
if (sk_X509_ATTRIBUTE_num(sk) > 0) {
- if (!do_pkcs7_signed_attrib(si, &ctx_tmp))
+ if (!do_pkcs7_signed_attrib(si, ctx_tmp))
goto err;
} else {
unsigned char *abuf = NULL;
@@ -804,7 +809,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
if (abuf == NULL)
goto err;
- if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, si->pkey)) {
+ if (!EVP_SignFinal(ctx_tmp, abuf, &abuflen, si->pkey)) {
PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB);
goto err;
}
@@ -849,13 +854,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
}
ret = 1;
err:
- EVP_MD_CTX_cleanup(&ctx_tmp);
+ EVP_MD_CTX_destroy(ctx_tmp);
return (ret);
}
int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
{
- EVP_MD_CTX mctx;
+ EVP_MD_CTX *mctx;
EVP_PKEY_CTX *pctx;
unsigned char *abuf = NULL;
int alen;
@@ -866,8 +871,13 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
if (md == NULL)
return 0;
- EVP_MD_CTX_init(&mctx);
- if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
+ mctx = EVP_MD_CTX_create();
+ if (mctx == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0)
goto err;
if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
@@ -880,16 +890,16 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
if (!abuf)
goto err;
- if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
+ if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
goto err;
OPENSSL_free(abuf);
abuf = NULL;
- if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
+ if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0)
goto err;
abuf = OPENSSL_malloc(siglen);
if (abuf == NULL)
goto err;
- if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
+ if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
goto err;
if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
@@ -898,7 +908,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
goto err;
}
- EVP_MD_CTX_cleanup(&mctx);
+ EVP_MD_CTX_destroy(mctx);
ASN1_STRING_set0(si->enc_digest, abuf, siglen);
@@ -906,7 +916,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
err:
OPENSSL_free(abuf);
- EVP_MD_CTX_cleanup(&mctx);
+ EVP_MD_CTX_destroy(mctx);
return 0;
}
@@ -972,14 +982,18 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
X509 *x509)
{
ASN1_OCTET_STRING *os;
- EVP_MD_CTX mdc_tmp, *mdc;
+ EVP_MD_CTX *mdc_tmp, *mdc;
int ret = 0, i;
int md_type;
STACK_OF(X509_ATTRIBUTE) *sk;
BIO *btmp;
EVP_PKEY *pkey;
- EVP_MD_CTX_init(&mdc_tmp);
+ mdc_tmp = EVP_MD_CTX_create();
+ if (mdc_tmp == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) {
PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
@@ -1016,7 +1030,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
* mdc is the digest ctx that we want, unless there are attributes, in
* which case the digest is the signed attributes
*/
- if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc))
+ if (!EVP_MD_CTX_copy_ex(mdc_tmp, mdc))
goto err;
sk = si->auth_attr;
@@ -1026,7 +1040,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
int alen;
ASN1_OCTET_STRING *message_digest;
- if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len))
+ if (!EVP_DigestFinal_ex(mdc_tmp, md_dat, &md_len))
goto err;
message_digest = PKCS7_digest_from_attributes(sk);
if (!message_digest) {
@@ -1041,7 +1055,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
goto err;
}
- if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), NULL))
+ if (!EVP_VerifyInit_ex(mdc_tmp, EVP_get_digestbynid(md_type), NULL))
goto err;
alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
@@ -1051,7 +1065,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
ret = -1;
goto err;
}
- if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen))
+ if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen))
goto err;
OPENSSL_free(abuf);
@@ -1064,7 +1078,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
goto err;
}
- i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey);
+ i = EVP_VerifyFinal(mdc_tmp, os->data, os->length, pkey);
EVP_PKEY_free(pkey);
if (i <= 0) {
PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE);
@@ -1073,7 +1087,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
}
ret = 1;
err:
- EVP_MD_CTX_cleanup(&mdc_tmp);
+ EVP_MD_CTX_destroy(mdc_tmp);
return (ret);
}
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 698a63892e..ec42fc29f0 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -212,7 +212,7 @@ static int rand_add(const void *buf, int num, double add)
int i, j, k, st_idx;
long md_c[2];
unsigned char local_md[MD_DIGEST_LENGTH];
- EVP_MD_CTX m;
+ EVP_MD_CTX *m;
int do_not_lock;
int rv = 0;
@@ -234,7 +234,10 @@ static int rand_add(const void *buf, int num, double add)
* hash function.
*/
- EVP_MD_CTX_init(&m);
+ m = EVP_MD_CTX_create();
+ if (m == NULL)
+ goto err;
+
/* check if we already have the lock */
if (crypto_lock_rand) {
CRYPTO_THREADID cur;
@@ -284,21 +287,21 @@ static int rand_add(const void *buf, int num, double add)
j = (num - i);
j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j;
- if (!MD_Init(&m))
+ if (!MD_Init(m))
goto err;
- if (!MD_Update(&m, local_md, MD_DIGEST_LENGTH))
+ if (!MD_Update(m, local_md, MD_DIGEST_LENGTH))
goto err;
k = (st_idx + j) - STATE_SIZE;
if (k > 0) {
- if (!MD_Update(&m, &(state[st_idx]), j - k))
+ if (!MD_Update(m, &(state[st_idx]), j - k))
goto err;
- if (!MD_Update(&m, &(state[0]), k))
+ if (!MD_Update(m, &(state[0]), k))
goto err;
- } else if (!MD_Update(&m, &(state[st_idx]), j))
+ } else if (!MD_Update(m, &(state[st_idx]), j))
goto err;
/* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
- if (!MD_Update(&m, buf, j))
+ if (!MD_Update(m, buf, j))
goto err;
/*
* We know that line may cause programs such as purify and valgrind
@@ -308,9 +311,9 @@ static int rand_add(const void *buf, int num, double add)
* insecure keys.
*/
- if (!MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)))
+ if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)))
goto err;
- if (!MD_Final(&m, local_md))
+ if (!MD_Final(m, local_md))
goto err;
md_c[1]++;
@@ -352,7 +355,7 @@ static int rand_add(const void *buf, int num, double add)
#endif
rv = 1;
err:
- EVP_MD_CTX_cleanup(&m);
+ EVP_MD_CTX_destroy(m);
return rv;
}
@@ -369,7 +372,7 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
int ok;
long md_c[2];
unsigned char local_md[MD_DIGEST_LENGTH];
- EVP_MD_CTX m;
+ EVP_MD_CTX *m;
#ifndef GETPID_IS_MEANINGLESS
pid_t curr_pid = getpid();
#endif
@@ -409,7 +412,10 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
if (num <= 0)
return 1;
- EVP_MD_CTX_init(&m);
+ m = EVP_MD_CTX_create();
+ if (m == NULL)
+ goto err_mem;
+
/* round upwards to multiple of MD_DIGEST_LENGTH/2 */
num_ceil =
(1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2);
@@ -523,26 +529,26 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
/* num_ceil -= MD_DIGEST_LENGTH/2 */
j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num;
num -= j;
- if (!MD_Init(&m))
+ if (!MD_Init(m))
goto err;
#ifndef GETPID_IS_MEANINGLESS
if (curr_pid) { /* just in the first iteration to save time */
- if (!MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid))
+ if (!MD_Update(m, (unsigned char *)&curr_pid, sizeof curr_pid))
goto err;
curr_pid = 0;
}
#endif
if (curr_time) { /* just in the first iteration to save time */
- if (!MD_Update(&m, (unsigned char *)&curr_time, sizeof curr_time))
+ if (!MD_Update(m, (unsigned char *)&curr_time, sizeof curr_time))
goto err;
- if (!MD_Update(&m, (unsigned char *)&tv, sizeof tv))
+ if (!MD_Update(m, (unsigned char *)&tv, sizeof tv))
goto err;
curr_time = 0;
- rand_hw_seed(&m);
+ rand_hw_seed(m);
}
- if (!MD_Update(&m, local_md, MD_DIGEST_LENGTH))
+ if (!MD_Update(m, local_md, MD_DIGEST_LENGTH))
goto err;
- if (!MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)))
+ if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)))
goto err;
#ifndef PURIFY /* purify complains */
@@ -553,19 +559,19 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
* builds it is not used: the removal of such a small source of
* entropy has negligible impact on security.
*/
- if (!MD_Update(&m, buf, j))
+ if (!MD_Update(m, buf, j))
goto err;
#endif
k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num;
if (k > 0) {
- if (!MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k))
+ if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k))
goto err;
- if (!MD_Update(&m, &(state[0]), k))
+ if (!MD_Update(m, &(state[0]), k))
goto err;
- } else if (!MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2))
+ } else if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2))
goto err;
- if (!MD_Final(&m, local_md))
+ if (!MD_Final(m, local_md))
goto err;
for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) {
@@ -578,23 +584,23 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
}
}
- if (!MD_Init(&m)
- || !MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c))
- || !MD_Update(&m, local_md, MD_DIGEST_LENGTH))
+ if (!MD_Init(m)
+ || !MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c))
+ || !MD_Update(m, local_md, MD_DIGEST_LENGTH))
goto err;
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/*
* Prevent deadlocks if we end up in an async engine
*/
ASYNC_block_pause();
- if (!MD_Update(&m, md, MD_DIGEST_LENGTH) || !MD_Final(&m, md)) {
+ if (!MD_Update(m, md, MD_DIGEST_LENGTH) || !MD_Final(m, md)) {
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
goto err;
}
ASYNC_unblock_pause();
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- EVP_MD_CTX_cleanup(&m);
+ EVP_MD_CTX_destroy(m);
if (ok)
return (1);
else if (pseudo)
@@ -606,8 +612,12 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
return (0);
}
err:
- EVP_MD_CTX_cleanup(&m);
RANDerr(RAND_F_RAND_BYTES, ERR_R_EVP_LIB);
+ EVP_MD_CTX_destroy(m);
+ return 0;
+ err_mem:
+ RANDerr(RAND_F_RAND_BYTES, ERR_R_MALLOC_FAILURE);
+ EVP_MD_CTX_destroy(m);
return 0;
}
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index bae43f23bf..68b268ecb7 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -729,7 +729,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
ASN1_BIT_STRING *sig)
{
int pad_mode;
- EVP_PKEY_CTX *pkctx = ctx->pctx;
+ EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx);
if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
return 0;
if (pad_mode == RSA_PKCS1_PADDING)
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index ff551f220c..0f742f9969 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -242,13 +242,14 @@ int PKCS1_MGF1(unsigned char *mask, long len,
{
long i, outlen = 0;
unsigned char cnt[4];
- EVP_MD_CTX c;
+ EVP_MD_CTX *c = EVP_MD_CTX_create();
unsigned char md[EVP_MAX_MD_SIZE];
int mdlen;
int rv = -1;
- EVP_MD_CTX_init(&c);
- mdlen = M_EVP_MD_size(dgst);
+ if (c == NULL)
+ goto err;
+ mdlen = EVP_MD_size(dgst);
if (mdlen < 0)
goto err;
for (i = 0; outlen < len; i++) {
@@ -256,16 +257,16 @@ int PKCS1_MGF1(unsigned char *mask, long len,
cnt[1] = (unsigned char)((i >> 16) & 255);
cnt[2] = (unsigned char)((i >> 8)) & 255;
cnt[3] = (unsigned char)(i & 255);
- if (!EVP_DigestInit_ex(&c, dgst, NULL)
- || !EVP_DigestUpdate(&c, seed, seedlen)
- || !EVP_DigestUpdate(&c, cnt, 4))
+ if (!EVP_DigestInit_ex(c, dgst, NULL)
+ || !EVP_DigestUpdate(c, seed, seedlen)
+ || !EVP_DigestUpdate(c, cnt, 4))
goto err;
if (outlen + mdlen <= len) {
- if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL))
+ if (!EVP_DigestFinal_ex(c, mask + outlen, NULL))
goto err;
outlen += mdlen;
} else {
- if (!EVP_DigestFinal_ex(&c, md, NULL))
+ if (!EVP_DigestFinal_ex(c, md, NULL))
goto err;
memcpy(mask + outlen, md, len - outlen);
outlen = len;
@@ -273,6 +274,6 @@ int PKCS1_MGF1(unsigned char *mask, long len,
}
rv = 0;
err:
- EVP_MD_CTX_cleanup(&c);
+ EVP_MD_CTX_destroy(c);
return rv;
}
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
index 95bf6b0d8c..0a41ae99b1 100644
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -88,14 +88,17 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
int hLen, maskedDBLen, MSBits, emLen;
const unsigned char *H;
unsigned char *DB = NULL;
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = EVP_MD_CTX_create();
unsigned char H_[EVP_MAX_MD_SIZE];
- EVP_MD_CTX_init(&ctx);
+
+
+ if (ctx == NULL)
+ goto err;
if (mgf1Hash == NULL)
mgf1Hash = Hash;
- hLen = M_EVP_MD_size(Hash);
+ hLen = EVP_MD_size(Hash);
if (hLen < 0)
goto err;
/*-
@@ -153,15 +156,15 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
goto err;
}
- if (!EVP_DigestInit_ex(&ctx, Hash, NULL)
- || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes)
- || !EVP_DigestUpdate(&ctx, mHash, hLen))
+ if (!EVP_DigestInit_ex(ctx, Hash, NULL)
+ || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes)
+ || !EVP_DigestUpdate(ctx, mHash, hLen))
goto err;
if (maskedDBLen - i) {
- if (!EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i))
+ if (!EVP_DigestUpdate(ctx, DB + i, maskedDBLen - i))
goto err;
}
- if (!EVP_DigestFinal_ex(&ctx, H_, NULL))
+ if (!EVP_DigestFinal_ex(ctx, H_, NULL))
goto err;
if (memcmp(H_, H, hLen)) {
RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE);
@@ -171,7 +174,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
err:
OPENSSL_free(DB);
- EVP_MD_CTX_cleanup(&ctx);
+ EVP_MD_CTX_destroy(ctx);
return ret;
@@ -193,12 +196,12 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
int ret = 0;
int hLen, maskedDBLen, MSBits, emLen;
unsigned char *H, *salt = NULL, *p;
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = NULL;
if (mgf1Hash == NULL)
mgf1Hash = Hash;
- hLen = M_EVP_MD_size(Hash);
+ hLen = EVP_MD_size(Hash);
if (hLen < 0)
goto err;
/*-
@@ -241,16 +244,17 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
}
maskedDBLen = emLen - hLen - 1;
H = EM + maskedDBLen;
- EVP_MD_CTX_init(&ctx);
- if (!EVP_DigestInit_ex(&ctx, Hash, NULL)
- || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes)
- || !EVP_DigestUpdate(&ctx, mHash, hLen))
+ ctx = EVP_MD_CTX_create();
+ if (ctx == NULL)
+ goto err;
+ if (!EVP_DigestInit_ex(ctx, Hash, NULL)
+ || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes)
+ || !EVP_DigestUpdate(ctx, mHash, hLen))
goto err;
- if (sLen && !EVP_DigestUpdate(&ctx, salt, sLen))
+ if (sLen && !EVP_DigestUpdate(ctx, salt, sLen))
goto err;
- if (!EVP_DigestFinal_ex(&ctx, H, NULL))
+ if (!EVP_DigestFinal_ex(ctx, H, NULL))
goto err;
- EVP_MD_CTX_cleanup(&ctx);
/* Generate dbMask in place then perform XOR on it */
if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash))
@@ -278,6 +282,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
ret = 1;
err:
+ EVP_MD_CTX_destroy(ctx);
OPENSSL_free(salt);
return ret;
diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c
index 850ec2ce64..649d2b5a66 100644
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@@ -70,31 +70,36 @@ static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g)
unsigned char digest[SHA_DIGEST_LENGTH];
unsigned char *tmp;
- EVP_MD_CTX ctxt;
+ EVP_MD_CTX *ctxt = NULL;
int longg;
int longN = BN_num_bytes(N);
+ BIGNUM *res = NULL;
if (BN_ucmp(g, N) >= 0)
return NULL;
- if ((tmp = OPENSSL_malloc(longN)) == NULL)
+ ctxt = EVP_MD_CTX_create();
+ if (ctxt == NULL)
return NULL;
+ if ((tmp = OPENSSL_malloc(longN)) == NULL)
+ goto err;
BN_bn2bin(N, tmp);
- EVP_MD_CTX_init(&ctxt);
- EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
- EVP_DigestUpdate(&ctxt, tmp, longN);
+ EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
+ EVP_DigestUpdate(ctxt, tmp, longN);
memset(tmp, 0, longN);
longg = BN_bn2bin(g, tmp);
/* use the zeros behind to pad on left */
- EVP_DigestUpdate(&ctxt, tmp + longg, longN - longg);
- EVP_DigestUpdate(&ctxt, tmp, longg);
+ EVP_DigestUpdate(ctxt, tmp + longg, longN - longg);
+ EVP_DigestUpdate(ctxt, tmp, longg);
OPENSSL_free(tmp);
- EVP_DigestFinal_ex(&ctxt, digest, NULL);
- EVP_MD_CTX_cleanup(&ctxt);
- return BN_bin2bn(digest, sizeof(digest), NULL);
+ EVP_DigestFinal_ex(ctxt, digest, NULL);
+ res = BN_bin2bn(digest, sizeof(digest), NULL);
+ err:
+ EVP_MD_CTX_destroy(ctxt);
+ return res;
}
BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
@@ -104,7 +109,7 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
BIGNUM *u;
unsigned char cu[SHA_DIGEST_LENGTH];
unsigned char *cAB;
- EVP_MD_CTX ctxt;
+ EVP_MD_CTX *ctxt = NULL;
int longN;
if ((A == NULL) || (B == NULL) || (N == NULL))
return NULL;
@@ -114,25 +119,30 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
longN = BN_num_bytes(N);
- if ((cAB = OPENSSL_malloc(2 * longN)) == NULL)
+ ctxt = EVP_MD_CTX_create();
+ if (ctxt == NULL)
return NULL;
+ if ((cAB = OPENSSL_malloc(2 * longN)) == NULL)
+ goto err;
memset(cAB, 0, longN);
- EVP_MD_CTX_init(&ctxt);
- EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
- EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(A, cAB + longN), longN);
- EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(B, cAB + longN), longN);
+ EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
+ EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(A, cAB + longN), longN);
+ EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(B, cAB + longN), longN);
OPENSSL_free(cAB);
- EVP_DigestFinal_ex(&ctxt, cu, NULL);
- EVP_MD_CTX_cleanup(&ctxt);
+ EVP_DigestFinal_ex(ctxt, cu, NULL);
if ((u = BN_bin2bn(cu, sizeof(cu), NULL)) == NULL)
- return NULL;
- if (!BN_is_zero(u))
- return u;
- BN_free(u);
- return NULL;
+ goto err;
+ if (BN_is_zero(u)) {
+ BN_free(u);
+ u = NULL;
+ }
+ err:
+ EVP_MD_CTX_destroy(ctxt);
+
+ return u;
}
BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
@@ -196,31 +206,36 @@ BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v)
BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass)
{
unsigned char dig[SHA_DIGEST_LENGTH];
- EVP_MD_CTX ctxt;
+ EVP_MD_CTX *ctxt;
unsigned char *cs;
+ BIGNUM *res = NULL;
if ((s == NULL) || (user == NULL) || (pass == NULL))
return NULL;
- if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
+ ctxt = EVP_MD_CTX_create();
+ if (ctxt == NULL)
return NULL;
+ if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
+ goto err;
- EVP_MD_CTX_init(&ctxt);
- EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
- EVP_DigestUpdate(&ctxt, user, strlen(user));
- EVP_DigestUpdate(&ctxt, ":", 1);
- EVP_DigestUpdate(&ctxt, pass, strlen(pass));
- EVP_DigestFinal_ex(&ctxt, dig, NULL);
+ EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
+ EVP_DigestUpdate(ctxt, user, strlen(user));
+ EVP_DigestUpdate(ctxt, ":", 1);
+ EVP_DigestUpdate(ctxt, pass, strlen(pass));
+ EVP_DigestFinal_ex(ctxt, dig, NULL);
- EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
+ EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
BN_bn2bin(s, cs);
- EVP_DigestUpdate(&ctxt, cs, BN_num_bytes(s));
+ EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s));
OPENSSL_free(cs);
- EVP_DigestUpdate(&ctxt, dig, sizeof(dig));
- EVP_DigestFinal_ex(&ctxt, dig, NULL);
- EVP_MD_CTX_cleanup(&ctxt);
+ EVP_DigestUpdate(ctxt, dig, sizeof(dig));
+ EVP_DigestFinal_ex(ctxt, dig, NULL);
- return BN_bin2bn(dig, sizeof(dig), NULL);
+ res = BN_bin2bn(dig, sizeof(dig), NULL);
+ err:
+ EVP_MD_CTX_destroy(ctxt);
+ return res;
}
BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g)
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index b271c9904c..24fe437e9b 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -474,7 +474,7 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
SRP_user_pwd *user;
unsigned char digv[SHA_DIGEST_LENGTH];
unsigned char digs[SHA_DIGEST_LENGTH];
- EVP_MD_CTX ctxt;
+ EVP_MD_CTX *ctxt = NULL;
if (vb == NULL)
return NULL;
@@ -499,18 +499,20 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
goto err;
- EVP_MD_CTX_init(&ctxt);
- EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
- EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key));
- EVP_DigestUpdate(&ctxt, username, strlen(username));
- EVP_DigestFinal_ex(&ctxt, digs, NULL);
- EVP_MD_CTX_cleanup(&ctxt);
- if (SRP_user_pwd_set_sv_BN
- (user, BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL),
- BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL)))
+ ctxt = EVP_MD_CTX_create();
+ EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
+ EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key));
+ EVP_DigestUpdate(ctxt, username, strlen(username));
+ EVP_DigestFinal_ex(ctxt, digs, NULL);
+ EVP_MD_CTX_destroy(ctxt);
+ ctxt = NULL;
+ if (SRP_user_pwd_set_sv_BN(user,
+ BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL),
+ BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL)))
return user;
err:
+ EVP_MD_CTX_destroy(ctxt);
SRP_user_pwd_free(user);
return NULL;
}
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index 5a69a94807..24c81ee241 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -529,7 +529,7 @@ static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
TS_MSG_IMPRINT *msg_imprint = tst_info->msg_imprint;
X509_ALGOR *md_alg_resp = msg_imprint->hash_algo;
const EVP_MD *md;
- EVP_MD_CTX md_ctx;
+ EVP_MD_CTX *md_ctx = NULL;
unsigned char buffer[4096];
int length;
@@ -551,17 +551,24 @@ static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
goto err;
}
- if (!EVP_DigestInit(&md_ctx, md))
+ md_ctx = EVP_MD_CTX_create();
+ if (md_ctx == NULL) {
+ TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!EVP_DigestInit(md_ctx, md))
goto err;
while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) {
- if (!EVP_DigestUpdate(&md_ctx, buffer, length))
+ if (!EVP_DigestUpdate(md_ctx, buffer, length))
goto err;
}
- if (!EVP_DigestFinal(&md_ctx, *imprint, NULL))
+ if (!EVP_DigestFinal(md_ctx, *imprint, NULL))
goto err;
+ EVP_MD_CTX_destroy(md_ctx);
return 1;
err:
+ EVP_MD_CTX_destroy(md_ctx);
X509_ALGOR_free(*md_alg);
OPENSSL_free(*imprint);
*imprint_len = 0;
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 4017545b64..8ea70ace66 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -82,28 +82,29 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
unsigned long X509_issuer_and_serial_hash(X509 *a)
{
unsigned long ret = 0;
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx = EVP_MD_CTX_create();
unsigned char md[16];
char *f;
- EVP_MD_CTX_init(&ctx);
+ if (ctx == NULL)
+ goto err;
f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
- if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
+ if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
goto err;
- if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f)))
+ if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f)))
goto err;
OPENSSL_free(f);
if (!EVP_DigestUpdate
- (&ctx, (unsigned char *)a->cert_info.serialNumber.data,
+ (ctx, (unsigned char *)a->cert_info.serialNumber.data,
(unsigned long)a->cert_info.serialNumber.length))
goto err;
- if (!EVP_DigestFinal_ex(&ctx, &(md[0]), NULL))
+ if (!EVP_DigestFinal_ex(ctx, &(md[0]), NULL))
goto err;
ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
) & 0xffffffffL;
err:
- EVP_MD_CTX_cleanup(&ctx);
+ EVP_MD_CTX_destroy(ctx);
return (ret);
}
#endif
@@ -248,21 +249,23 @@ unsigned long X509_NAME_hash(X509_NAME *x)
unsigned long X509_NAME_hash_old(X509_NAME *x)
{
- EVP_MD_CTX md_ctx;
+ EVP_MD_CTX *md_ctx = EVP_MD_CTX_create();
unsigned long ret = 0;
unsigned char md[16];
+ if (md_ctx == NULL)
+ return ret;
+
/* Make sure X509_NAME structure contains valid cached encoding */
i2d_X509_NAME(x, NULL);
- EVP_MD_CTX_init(&md_ctx);
- EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL)
- && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length)
- && EVP_DigestFinal_ex(&md_ctx, md, NULL))
+ EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ if (EVP_DigestInit_ex(md_ctx, EVP_md5(), NULL)
+ && EVP_DigestUpdate(md_ctx, x->bytes->data, x->bytes->length)
+ && EVP_DigestFinal_ex(md_ctx, md, NULL))
ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
) & 0xffffffffL;
- EVP_MD_CTX_cleanup(&md_ctx);
+ EVP_MD_CTX_destroy(md_ctx);
return (ret);
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-12 13:49:16 +0000