diff options
| author | Richard Levitte <levitte@openssl.org> | 2015-11-27 14:02:12 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2015-12-07 17:39:23 +0100 |
| commit | 6e59a892db781658c050e5217127c4147c116ac9 (patch) | |
| tree | eec9e79e1c71f9c2897f49b29084bf42a66e96db | |
| parent | 9b6c00707eae2cbce79479f4b1a5dc11019abca0 (diff) | |
Adjust all accesses to EVP_MD_CTX to use accessor functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
55 files changed, 746 insertions, 574 deletions
diff --git a/apps/passwd.c b/apps/passwd.c index 372e0e804e..70ecb874ef 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -307,7 +307,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) char *salt_out; int n; unsigned int i; - EVP_MD_CTX md, md2; + EVP_MD_CTX *md, *md2; size_t passwd_len, salt_len; passwd_len = strlen(passwd); @@ -322,45 +322,50 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) salt_len = strlen(salt_out); assert(salt_len <= 8); - EVP_MD_CTX_init(&md); - EVP_DigestInit_ex(&md, EVP_md5(), NULL); - EVP_DigestUpdate(&md, passwd, passwd_len); - EVP_DigestUpdate(&md, "$", 1); - EVP_DigestUpdate(&md, magic, strlen(magic)); - EVP_DigestUpdate(&md, "$", 1); - EVP_DigestUpdate(&md, salt_out, salt_len); - - EVP_MD_CTX_init(&md2); - EVP_DigestInit_ex(&md2, EVP_md5(), NULL); - EVP_DigestUpdate(&md2, passwd, passwd_len); - EVP_DigestUpdate(&md2, salt_out, salt_len); - EVP_DigestUpdate(&md2, passwd, passwd_len); - EVP_DigestFinal_ex(&md2, buf, NULL); + md = EVP_MD_CTX_create(); + if (md == NULL) + return NULL; + EVP_DigestInit_ex(md, EVP_md5(), NULL); + EVP_DigestUpdate(md, passwd, passwd_len); + EVP_DigestUpdate(md, "$", 1); + EVP_DigestUpdate(md, magic, strlen(magic)); + EVP_DigestUpdate(md, "$", 1); + EVP_DigestUpdate(md, salt_out, salt_len); + + md2 = EVP_MD_CTX_create(); + if (md2 == NULL) + return NULL; + EVP_DigestInit_ex(md2, EVP_md5(), NULL); + EVP_DigestUpdate(md2, passwd, passwd_len); + EVP_DigestUpdate(md2, salt_out, salt_len); + EVP_DigestUpdate(md2, passwd, passwd_len); + EVP_DigestFinal_ex(md2, buf, NULL); for (i = passwd_len; i > sizeof buf; i -= sizeof buf) - EVP_DigestUpdate(&md, buf, sizeof buf); - EVP_DigestUpdate(&md, buf, i); + EVP_DigestUpdate(md, buf, sizeof buf); + EVP_DigestUpdate(md, buf, i); n = passwd_len; while (n) { - EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1); + EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1); n >>= 1; } - EVP_DigestFinal_ex(&md, buf, NULL); + EVP_DigestFinal_ex(md, buf, NULL); for (i = 0; i < 1000; i++) { - EVP_DigestInit_ex(&md2, EVP_md5(), NULL); - EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf, + EVP_DigestInit_ex(md2, EVP_md5(), NULL); + EVP_DigestUpdate(md2, (i & 1) ? (unsigned const char *)passwd : buf, (i & 1) ? passwd_len : sizeof buf); if (i % 3) - EVP_DigestUpdate(&md2, salt_out, salt_len); + EVP_DigestUpdate(md2, salt_out, salt_len); if (i % 7) - EVP_DigestUpdate(&md2, passwd, passwd_len); - EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd, + EVP_DigestUpdate(md2, passwd, passwd_len); + EVP_DigestUpdate(md2, (i & 1) ? buf : (unsigned const char *)passwd, (i & 1) ? sizeof buf : passwd_len); - EVP_DigestFinal_ex(&md2, buf, NULL); + EVP_DigestFinal_ex(md2, buf, NULL); } - EVP_MD_CTX_cleanup(&md2); + EVP_MD_CTX_destroy(md2); + EVP_MD_CTX_destroy(md); { /* transform buf into output string */ @@ -399,7 +404,6 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) *output = 0; assert(strlen(out_buf) < sizeof(out_buf)); } - EVP_MD_CTX_cleanup(&md); return out_buf; } diff --git a/apps/req.c b/apps/req.c index 5d9231c4ce..267a0a025a 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1492,7 +1492,8 @@ static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey, EVP_PKEY_CTX *pkctx = NULL; int i; - EVP_MD_CTX_init(ctx); + if (ctx == NULL) + return 0; if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey)) return 0; for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) { @@ -1510,13 +1511,16 @@ int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) { int rv; - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); - EVP_MD_CTX_init(&mctx); - rv = do_sign_init(&mctx, pkey, md, sigopts); + rv = do_sign_init(mctx, pkey, md, sigopts); + /* Note: X509_sign_ctx() calls ASN1_item_sign_ctx(), which destroys + * the EVP_MD_CTX we send it, so only destroy it here if the former + * isn't called */ if (rv > 0) - rv = X509_sign_ctx(x, &mctx); - EVP_MD_CTX_cleanup(&mctx); + rv = X509_sign_ctx(x, mctx); + else + EVP_MD_CTX_destroy(mctx); return rv > 0 ? 1 : 0; } @@ -1524,13 +1528,15 @@ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) { int rv; - EVP_MD_CTX mctx; - - EVP_MD_CTX_init(&mctx); - rv = do_sign_init(&mctx, pkey, md, sigopts); + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); + rv = do_sign_init(mctx, pkey, md, sigopts); + /* Note: X509_REQ_sign_ctx() calls ASN1_item_sign_ctx(), which destroys + * the EVP_MD_CTX we send it, so only destroy it here if the former + * isn't called */ if (rv > 0) - rv = X509_REQ_sign_ctx(x, &mctx); - EVP_MD_CTX_cleanup(&mctx); + rv = X509_REQ_sign_ctx(x, mctx); + else + EVP_MD_CTX_destroy(mctx); return rv > 0 ? 1 : 0; } @@ -1538,12 +1544,14 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) { int rv; - EVP_MD_CTX mctx; - - EVP_MD_CTX_init(&mctx); - rv = do_sign_init(&mctx, pkey, md, sigopts); + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); + rv = do_sign_init(mctx, pkey, md, sigopts); + /* Note: X509_CRL_sign_ctx() calls ASN1_item_sign_ctx(), which destroys + * the EVP_MD_CTX we send it, so only destroy it here if the former + * isn't called */ if (rv > 0) - rv = X509_CRL_sign_ctx(x, &mctx); - EVP_MD_CTX_cleanup(&mctx); + rv = X509_CRL_sign_ctx(x, mctx); + else + EVP_MD_CTX_destroy(mctx); return rv > 0 ? 1 : 0; } @@ -523,17 +523,22 @@ static int create_digest(BIO *input, char *digest, const EVP_MD *md, return 0; if (input) { - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx = EVP_MD_CTX_create(); unsigned char buffer[4096]; int length; + if (md_ctx == NULL) + return 0; *md_value = app_malloc(md_value_len, "digest buffer"); - EVP_DigestInit(&md_ctx, md); + EVP_DigestInit(md_ctx, md); while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) { - EVP_DigestUpdate(&md_ctx, buffer, length); + EVP_DigestUpdate(md_ctx, buffer, length); } - if (!EVP_DigestFinal(&md_ctx, *md_value, NULL)) + if (!EVP_DigestFinal(md_ctx, *md_value, NULL)) { + EVP_MD_CTX_destroy(md_ctx); return 0; + } + EVP_MD_CTX_destroy(md_ctx); } else { long digest_len; *md_value = string_to_hex(digest, &digest_len); diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 18923b153e..a3abdc47fc 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -131,12 +131,15 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, const EVP_MD *type) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); unsigned char *p, *buf_in = NULL, *buf_out = NULL; int i, inl = 0, outl = 0, outll = 0; X509_ALGOR *a; - EVP_MD_CTX_init(&ctx); + if (ctx == NULL) { + ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } for (i = 0; i < 2; i++) { if (i == 0) a = algor1; @@ -182,9 +185,9 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, p = buf_in; i2d(data, &p); - if (!EVP_SignInit_ex(&ctx, type, NULL) - || !EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl) - || !EVP_SignFinal(&ctx, (unsigned char *)buf_out, + if (!EVP_SignInit_ex(ctx, type, NULL) + || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl) + || !EVP_SignFinal(ctx, (unsigned char *)buf_out, (unsigned int *)&outl, pkey)) { outl = 0; ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB); @@ -201,7 +204,7 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); OPENSSL_clear_free((char *)buf_out, outll); return (outl); @@ -213,13 +216,17 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, const EVP_MD *type) { - EVP_MD_CTX ctx; - EVP_MD_CTX_init(&ctx); - if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) { - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); + + if (ctx == NULL) { + ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE); + return 0; + } + if (!EVP_DigestSignInit(ctx, NULL, type, NULL, pkey)) { + EVP_MD_CTX_destroy(ctx); return 0; } - return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx); + return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx); } int ASN1_item_sign_ctx(const ASN1_ITEM *it, @@ -234,7 +241,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, int rv; type = EVP_MD_CTX_md(ctx); - pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); + pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); if (!type || !pkey) { ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); @@ -307,7 +314,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err: - EVP_MD_CTX_cleanup(ctx); + EVP_MD_CTX_destroy(ctx); OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); OPENSSL_clear_free((char *)buf_out, outll); return (outl); diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 540b71c4d4..e958cdec87 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -77,12 +77,15 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *type; unsigned char *p, *buf_in = NULL; int ret = -1, i, inl; - EVP_MD_CTX_init(&ctx); + if (ctx == NULL) { + ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } i = OBJ_obj2nid(a->algorithm); type = EVP_get_digestbyname(OBJ_nid2sn(i)); if (type == NULL) { @@ -104,8 +107,8 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, p = buf_in; i2d(data, &p); - ret = EVP_VerifyInit_ex(&ctx, type, NULL) - && EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl); + ret = EVP_VerifyInit_ex(ctx, type, NULL) + && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl); OPENSSL_clear_free(buf_in, (unsigned int)inl); @@ -115,7 +118,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, } ret = -1; - if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data, + if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data, (unsigned int)signature->length, pkey) <= 0) { ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); ret = 0; @@ -123,7 +126,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, } ret = 1; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); return (ret); } @@ -132,7 +135,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = NULL; unsigned char *buf_in = NULL; int ret = -1, inl; @@ -148,7 +151,11 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, return -1; } - EVP_MD_CTX_init(&ctx); + ctx = EVP_MD_CTX_create(); + if (ctx == NULL) { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } /* Convert signature OID into digest and public key OIDs */ if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { @@ -161,7 +168,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } - ret = pkey->ameth->item_verify(&ctx, it, asn, a, signature, pkey); + ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey); /* * Return value of 2 means carry on, anything else means we exit * straight away: either a fatal error of the underlying verification @@ -185,7 +192,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } - if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { + if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ret = 0; goto err; @@ -200,7 +207,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } - ret = EVP_DigestVerifyUpdate(&ctx, buf_in, inl); + ret = EVP_DigestVerifyUpdate(ctx, buf_in, inl); OPENSSL_clear_free(buf_in, (unsigned int)inl); @@ -210,7 +217,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, } ret = -1; - if (EVP_DigestVerifyFinal(&ctx, signature->data, + if (EVP_DigestVerifyFinal(ctx, signature->data, (size_t)signature->length) <= 0) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ret = 0; @@ -218,6 +225,6 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, } ret = 1; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); return (ret); } diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c index 080db6329e..4e060f32e4 100644 --- a/crypto/cmac/cm_pmeth.c +++ b/crypto/cmac/cm_pmeth.c @@ -101,7 +101,7 @@ static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - if (!CMAC_Update(ctx->pctx->data, data, count)) + if (!CMAC_Update(EVP_MD_CTX_pkey_ctx(ctx)->data, data, count)) return 0; return 1; } @@ -109,7 +109,7 @@ static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) static int cmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) { EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); - mctx->update = int_update; + EVP_MD_CTX_set_update_fn(mctx, int_update); return 1; } diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c index e044cf519b..7aafc8dab0 100644 --- a/crypto/cms/cms_asn1.c +++ b/crypto/cms/cms_asn1.c @@ -95,8 +95,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; EVP_PKEY_free(si->pkey); X509_free(si->signer); - if (si->pctx) - EVP_MD_CTX_cleanup(&si->mctx); + EVP_MD_CTX_destroy(si->mctx); } return 1; } diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c index 426f8cd74c..dcbd5788fa 100644 --- a/crypto/cms/cms_dd.c +++ b/crypto/cms/cms_dd.c @@ -99,19 +99,23 @@ BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms) int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; int r = 0; CMS_DigestedData *dd; - EVP_MD_CTX_init(&mctx); + + if (mctx == NULL) { + CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, ERR_R_MALLOC_FAILURE); + goto err; + } dd = cms->d.digestedData; - if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm)) + if (!cms_DigestAlgorithm_find_ctx(mctx, chain, dd->digestAlgorithm)) goto err; - if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0) + if (EVP_DigestFinal_ex(mctx, md, &mdlen) <= 0) goto err; if (verify) { @@ -133,7 +137,7 @@ int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) } err: - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return r; diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h index 227356b265..3d41d4f634 100644 --- a/crypto/cms/cms_lcl.h +++ b/crypto/cms/cms_lcl.h @@ -137,7 +137,7 @@ struct CMS_SignerInfo_st { X509 *signer; EVP_PKEY *pkey; /* Digest and public key context for alternative parameters */ - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx; EVP_PKEY_CTX *pctx; }; diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 1720bcd870..46a7876d94 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -287,9 +287,14 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, si->pkey = pk; si->signer = signer; - EVP_MD_CTX_init(&si->mctx); + si->mctx = EVP_MD_CTX_create(); si->pctx = NULL; + if (si->mctx == NULL) { + CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); + goto err; + } + if (flags & CMS_USE_KEYID) { si->version = 3; if (sd->version < 3) @@ -387,7 +392,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, goto err; if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0) goto err; - } else if (EVP_DigestSignInit(&si->mctx, &si->pctx, md, NULL, pk) <= + } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <= 0) goto err; } @@ -444,7 +449,7 @@ EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si) EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si) { - return &si->mctx; + return si->mctx; } STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms) @@ -571,17 +576,21 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si) static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMS_SignerInfo *si, BIO *chain) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); int r = 0; EVP_PKEY_CTX *pctx = NULL; - EVP_MD_CTX_init(&mctx); + + if (mctx == NULL) { + CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); + return 0; + } if (!si->pkey) { CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY); return 0; } - if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) + if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) goto err; /* Set SignerInfo algortihm details if we used custom parametsr */ if (si->pctx && !cms_sd_asn1_ctrl(si, 0)) @@ -596,7 +605,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, cms->d.signedData->encapContentInfo->eContentType; unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; - if (!EVP_DigestFinal_ex(&mctx, md, &mdlen)) + if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) goto err; |