diff options
| author | Richard Levitte <levitte@openssl.org> | 2015-11-27 14:02:12 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2015-12-07 17:39:23 +0100 |
| commit | 6e59a892db781658c050e5217127c4147c116ac9 (patch) | |
| tree | eec9e79e1c71f9c2897f49b29084bf42a66e96db /crypto | |
| parent | 9b6c00707eae2cbce79479f4b1a5dc11019abca0 (diff) | |
Adjust all accesses to EVP_MD_CTX to use accessor functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/asn1/a_sign.c | 33 | ||||
| -rw-r--r-- | crypto/asn1/a_verify.c | 33 | ||||
| -rw-r--r-- | crypto/cmac/cm_pmeth.c | 4 | ||||
| -rw-r--r-- | crypto/cms/cms_asn1.c | 3 | ||||
| -rw-r--r-- | crypto/cms/cms_dd.c | 14 | ||||
| -rw-r--r-- | crypto/cms/cms_lcl.h | 2 | ||||
| -rw-r--r-- | crypto/cms/cms_sd.c | 53 | ||||
| -rw-r--r-- | crypto/dh/dh_kdf.c | 18 | ||||
| -rw-r--r-- | crypto/dsa/dsa_gen.c | 19 | ||||
| -rw-r--r-- | crypto/ecdh/ech_kdf.c | 20 | ||||
| -rw-r--r-- | crypto/engine/eng_openssl.c | 6 | ||||
| -rw-r--r-- | crypto/evp/m_md4.c | 6 | ||||
| -rw-r--r-- | crypto/evp/m_md5.c | 6 | ||||
| -rw-r--r-- | crypto/evp/m_md5_sha1.c | 8 | ||||
| -rw-r--r-- | crypto/evp/m_mdc2.c | 6 | ||||
| -rw-r--r-- | crypto/evp/m_ripemd.c | 6 | ||||
| -rw-r--r-- | crypto/evp/m_sha1.c | 24 | ||||
| -rw-r--r-- | crypto/evp/m_wp.c | 6 | ||||
| -rw-r--r-- | crypto/pem/pem_seal.c | 10 | ||||
| -rw-r--r-- | crypto/pem/pvkfmt.c | 14 | ||||
| -rw-r--r-- | crypto/pkcs12/p12_key.c | 23 | ||||
| -rw-r--r-- | crypto/pkcs7/pk7_doit.c | 58 | ||||
| -rw-r--r-- | crypto/rand/md_rand.c | 72 | ||||
| -rw-r--r-- | crypto/rsa/rsa_ameth.c | 2 | ||||
| -rw-r--r-- | crypto/rsa/rsa_oaep.c | 19 | ||||
| -rw-r--r-- | crypto/rsa/rsa_pss.c | 41 | ||||
| -rw-r--r-- | crypto/srp/srp_lib.c | 89 | ||||
| -rw-r--r-- | crypto/srp/srp_vfy.c | 22 | ||||
| -rw-r--r-- | crypto/ts/ts_rsp_verify.c | 15 | ||||
| -rw-r--r-- | crypto/x509/x509_cmp.c | 31 |
30 files changed, 380 insertions, 283 deletions
diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 18923b153e..a3abdc47fc 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -131,12 +131,15 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, const EVP_MD *type) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); unsigned char *p, *buf_in = NULL, *buf_out = NULL; int i, inl = 0, outl = 0, outll = 0; X509_ALGOR *a; - EVP_MD_CTX_init(&ctx); + if (ctx == NULL) { + ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } for (i = 0; i < 2; i++) { if (i == 0) a = algor1; @@ -182,9 +185,9 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, p = buf_in; i2d(data, &p); - if (!EVP_SignInit_ex(&ctx, type, NULL) - || !EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl) - || !EVP_SignFinal(&ctx, (unsigned char *)buf_out, + if (!EVP_SignInit_ex(ctx, type, NULL) + || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl) + || !EVP_SignFinal(ctx, (unsigned char *)buf_out, (unsigned int *)&outl, pkey)) { outl = 0; ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB); @@ -201,7 +204,7 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); OPENSSL_clear_free((char *)buf_out, outll); return (outl); @@ -213,13 +216,17 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, const EVP_MD *type) { - EVP_MD_CTX ctx; - EVP_MD_CTX_init(&ctx); - if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) { - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); + + if (ctx == NULL) { + ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE); + return 0; + } + if (!EVP_DigestSignInit(ctx, NULL, type, NULL, pkey)) { + EVP_MD_CTX_destroy(ctx); return 0; } - return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx); + return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx); } int ASN1_item_sign_ctx(const ASN1_ITEM *it, @@ -234,7 +241,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, int rv; type = EVP_MD_CTX_md(ctx); - pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); + pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); if (!type || !pkey) { ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); @@ -307,7 +314,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err: - EVP_MD_CTX_cleanup(ctx); + EVP_MD_CTX_destroy(ctx); OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); OPENSSL_clear_free((char *)buf_out, outll); return (outl); diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 540b71c4d4..e958cdec87 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -77,12 +77,15 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *type; unsigned char *p, *buf_in = NULL; int ret = -1, i, inl; - EVP_MD_CTX_init(&ctx); + if (ctx == NULL) { + ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } i = OBJ_obj2nid(a->algorithm); type = EVP_get_digestbyname(OBJ_nid2sn(i)); if (type == NULL) { @@ -104,8 +107,8 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, p = buf_in; i2d(data, &p); - ret = EVP_VerifyInit_ex(&ctx, type, NULL) - && EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl); + ret = EVP_VerifyInit_ex(ctx, type, NULL) + && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl); OPENSSL_clear_free(buf_in, (unsigned int)inl); @@ -115,7 +118,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, } ret = -1; - if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data, + if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data, (unsigned int)signature->length, pkey) <= 0) { ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); ret = 0; @@ -123,7 +126,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, } ret = 1; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); return (ret); } @@ -132,7 +135,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = NULL; unsigned char *buf_in = NULL; int ret = -1, inl; @@ -148,7 +151,11 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, return -1; } - EVP_MD_CTX_init(&ctx); + ctx = EVP_MD_CTX_create(); + if (ctx == NULL) { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } /* Convert signature OID into digest and public key OIDs */ if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { @@ -161,7 +168,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } - ret = pkey->ameth->item_verify(&ctx, it, asn, a, signature, pkey); + ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey); /* * Return value of 2 means carry on, anything else means we exit * straight away: either a fatal error of the underlying verification @@ -185,7 +192,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } - if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { + if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ret = 0; goto err; @@ -200,7 +207,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } - ret = EVP_DigestVerifyUpdate(&ctx, buf_in, inl); + ret = EVP_DigestVerifyUpdate(ctx, buf_in, inl); OPENSSL_clear_free(buf_in, (unsigned int)inl); @@ -210,7 +217,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, } ret = -1; - if (EVP_DigestVerifyFinal(&ctx, signature->data, + if (EVP_DigestVerifyFinal(ctx, signature->data, (size_t)signature->length) <= 0) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ret = 0; @@ -218,6 +225,6 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, } ret = 1; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); return (ret); } diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c index 080db6329e..4e060f32e4 100644 --- a/crypto/cmac/cm_pmeth.c +++ b/crypto/cmac/cm_pmeth.c @@ -101,7 +101,7 @@ static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - if (!CMAC_Update(ctx->pctx->data, data, count)) + if (!CMAC_Update(EVP_MD_CTX_pkey_ctx(ctx)->data, data, count)) return 0; return 1; } @@ -109,7 +109,7 @@ static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) static int cmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) { EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); - mctx->update = int_update; + EVP_MD_CTX_set_update_fn(mctx, int_update); return 1; } diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c index e044cf519b..7aafc8dab0 100644 --- a/crypto/cms/cms_asn1.c +++ b/crypto/cms/cms_asn1.c @@ -95,8 +95,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; EVP_PKEY_free(si->pkey); X509_free(si->signer); - if (si->pctx) - EVP_MD_CTX_cleanup(&si->mctx); + EVP_MD_CTX_destroy(si->mctx); } return 1; } diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c index 426f8cd74c..dcbd5788fa 100644 --- a/crypto/cms/cms_dd.c +++ b/crypto/cms/cms_dd.c @@ -99,19 +99,23 @@ BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms) int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; int r = 0; CMS_DigestedData *dd; - EVP_MD_CTX_init(&mctx); + + if (mctx == NULL) { + CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, ERR_R_MALLOC_FAILURE); + goto err; + } dd = cms->d.digestedData; - if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm)) + if (!cms_DigestAlgorithm_find_ctx(mctx, chain, dd->digestAlgorithm)) goto err; - if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0) + if (EVP_DigestFinal_ex(mctx, md, &mdlen) <= 0) goto err; if (verify) { @@ -133,7 +137,7 @@ int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) } err: - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return r; diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h index 227356b265..3d41d4f634 100644 --- a/crypto/cms/cms_lcl.h +++ b/crypto/cms/cms_lcl.h @@ -137,7 +137,7 @@ struct CMS_SignerInfo_st { X509 *signer; EVP_PKEY *pkey; /* Digest and public key context for alternative parameters */ - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx; EVP_PKEY_CTX *pctx; }; diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 1720bcd870..46a7876d94 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -287,9 +287,14 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, si->pkey = pk; si->signer = signer; - EVP_MD_CTX_init(&si->mctx); + si->mctx = EVP_MD_CTX_create(); si->pctx = NULL; + if (si->mctx == NULL) { + CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); + goto err; + } + if (flags & CMS_USE_KEYID) { si->version = 3; if (sd->version < 3) @@ -387,7 +392,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, goto err; if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0) goto err; - } else if (EVP_DigestSignInit(&si->mctx, &si->pctx, md, NULL, pk) <= + } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <= 0) goto err; } @@ -444,7 +449,7 @@ EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si) EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si) { - return &si->mctx; + return si->mctx; } STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms) @@ -571,17 +576,21 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si) static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMS_SignerInfo *si, BIO *chain) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); int r = 0; EVP_PKEY_CTX *pctx = NULL; - EVP_MD_CTX_init(&mctx); + + if (mctx == NULL) { + CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); + return 0; + } if (!si->pkey) { CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY); return 0; } - if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) + if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) goto err; /* Set SignerInfo algortihm details if we used custom parametsr */ if (si->pctx && !cms_sd_asn1_ctrl(si, 0)) @@ -596,7 +605,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, cms->d.signedData->encapContentInfo->eContentType; unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; - if (!EVP_DigestFinal_ex(&mctx, md, &mdlen)) + if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) goto err; if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, V_ASN1_OCTET_STRING, md, mdlen)) @@ -613,7 +622,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; pctx = si->pctx; - if (!EVP_DigestFinal_ex(&mctx, md, &mdlen)) + if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) goto err; siglen = EVP_PKEY_size(si->pkey); sig = OPENSSL_malloc(siglen); @@ -634,7 +643,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); goto err; } - if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) { + if (!EVP_SignFinal(mctx, sig, &siglen, si->pkey)) { CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR); OPENSSL_free(sig); goto err; @@ -645,7 +654,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, r = 1; err: - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); EVP_PKEY_CTX_free(pctx); return r; @@ -668,7 +677,7 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) int CMS_SignerInfo_sign(CMS_SignerInfo *si) { - EVP_MD_CTX *mctx = &si->mctx; + EVP_MD_CTX *mctx = si->mctx; EVP_PKEY_CTX *pctx; unsigned char *abuf = NULL; int alen; @@ -734,7 +743,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) int CMS_SignerInfo_verify(CMS_SignerInfo *si) { - EVP_MD_CTX *mctx = &si->mctx; + EVP_MD_CTX *mctx = NULL; unsigned char *abuf = NULL; int alen, r = -1; const EVP_MD *md = NULL; @@ -747,7 +756,9 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); if (md == NULL) return -1; - EVP_MD_CTX_init(mctx); + if (si->mctx == NULL) + si->mctx = EVP_MD_CTX_create(); + mctx = si->mctx; if (EVP_DigestVerifyInit(mctx, &si->pctx, md, NULL, si->pkey) <= 0) goto err; @@ -806,12 +817,16 @@ BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms) int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) { ASN1_OCTET_STRING *os = NULL; - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); EVP_PKEY_CTX *pkctx = NULL; int r = -1; unsigned char mval[EVP_MAX_MD_SIZE]; unsigned int mlen; - EVP_MD_CTX_init(&mctx); + + if (mctx == NULL) { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, ERR_R_MALLOC_FAILURE); + goto err; + } /* If we have any signed attributes look for messageDigest value */ if (CMS_signed_get_attr_count(si) >= 0) { os = CMS_signed_get0_data_by_OBJ(si, @@ -824,10 +839,10 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) } } - if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) + if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) goto err; - if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) { + if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) { CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, CMS_R_UNABLE_TO_FINALIZE_CONTEXT); goto err; @@ -849,7 +864,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) } else r = 1; } else { - const EVP_MD *md = EVP_MD_CTX_md(&mctx); + const EVP_MD *md = EVP_MD_CTX_md(mctx); pkctx = EVP_PKEY_CTX_new(si->pkey, NULL); if (pkctx == NULL) goto err; @@ -871,7 +886,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) err: EVP_PKEY_CTX_free(pkctx); - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return r; } diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index 55979600e1..35a40bd759 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -144,7 +144,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, ASN1_OBJECT *key_oid, const unsigned char *ukm, size_t ukmlen, const EVP_MD *md) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = NULL; int rv = 0; unsigned int i; size_t mdlen; @@ -152,31 +152,33 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, int derlen; if (Zlen > DH_KDF_MAX) return 0; + mctx = EVP_MD_CTX_create(); + if (mctx == NULL) + return 0; mdlen = EVP_MD_size(md); - EVP_MD_CTX_init(&mctx); derlen = dh_sharedinfo_encode(&der, &ctr, key_oid, outlen, ukm, ukmlen); if (derlen == 0) goto err; for (i = 1;; i++) { unsigned char mtmp[EVP_MAX_MD_SIZE]; - EVP_DigestInit_ex(&mctx, md, NULL); - if (!EVP_DigestUpdate(&mctx, Z, Zlen)) + EVP_DigestInit_ex(mctx, md, NULL); + if (!EVP_DigestUpdate(mctx, Z, Zlen)) goto err; ctr[3] = i & 0xFF; ctr[2] = (i >> 8) & 0xFF; ctr[1] = (i >> 16) & 0xFF; ctr[0] = (i >> 24) & 0xFF; - if (!EVP_DigestUpdate(&mctx, der, derlen)) + if (!EVP_DigestUpdate(mctx, der, derlen)) goto err; if (outlen >= mdlen) { - if (!EVP_DigestFinal(&mctx, out, NULL)) + if (!EVP_DigestFinal(mctx, out, NULL)) goto err; outlen -= mdlen; if (outlen == 0) break; out += mdlen; } else { - if (!EVP_DigestFinal(&mctx, mtmp, NULL)) + if (!EVP_DigestFinal(mctx, mtmp, NULL)) goto err; memcpy(out, mtmp, outlen); OPENSSL_cleanse(mtmp, mdlen); @@ -186,7 +188,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, rv = 1; err: OPENSSL_free(der); - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return rv; } #endif diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 106ec3cb5f..f659d081db 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -360,10 +360,11 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, int counter = 0; int r = 0; BN_CTX *ctx = NULL; - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_create(); unsigned int h = 2; - EVP_MD_CTX_init(&mctx); + if (mctx == NULL) + goto err; if (evpmd == NULL) { if (N == 160) @@ -374,7 +375,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, evpmd = EVP_sha256(); } - mdsize = M_EVP_MD_size(evpmd); + mdsize = EVP_MD_size(evpmd); /* If unverificable g generation only don't need seed */ if (!ret->p || !ret->q || idx >= 0) { if (seed_len == 0) @@ -582,15 +583,15 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, md[0] = idx & 0xff; md[1] = (h >> 8) & 0xff; md[2] = h & 0xff; - if (!EVP_DigestInit_ex(&mctx, evpmd, NULL)) + if (!EVP_DigestInit_ex(mctx, evpmd, NULL)) goto err; - if (!EVP_DigestUpdate(&mctx, seed_tmp, seed_len)) + if (!EVP_DigestUpdate(mctx, seed_tmp, seed_len)) goto err; - if (!EVP_DigestUpdate(&mctx, ggen, sizeof(ggen))) + if (!EVP_DigestUpdate(mctx, ggen, sizeof(ggen))) goto err; - if (!EVP_DigestUpdate(&mctx, md, 3)) + if (!EVP_DigestUpdate(mctx, md, 3)) goto err; - if (!EVP_DigestFinal_ex(&mctx, md, NULL)) + if (!EVP_DigestFinal_ex(mctx, md, NULL)) goto err; if (!BN_bin2bn(md, mdsize, test)) goto err; @@ -639,7 +640,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, BN_CTX_end(ctx); BN_CTX_free(ctx); BN_MONT_CTX_free(mont); - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return ok; } diff --git a/crypto/ecdh/ech_kdf.c b/crypto/ecdh/ech_kdf.c index 1e77c6f519..d856b7f5ed 100644 --- a/crypto/ecdh/ech_kdf.c +++ b/crypto/ecdh/ech_kdf.c @@ -64,7 +64,7 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, const unsigned char *sinfo, size_t sinfolen, const EVP_MD *md) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = NULL; int rv = 0; unsigned int i; size_t mdlen; @@ -72,30 +72,32 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX || Zlen > ECDH_KDF_MAX) return 0; + mctx = EVP_MD_CTX_create(); + if (mctx == NULL) + return 0; mdlen = EVP_MD_size(md); - EVP_MD_CTX_init(&mctx); for (i = 1;; i++) { unsigned char mtmp[EVP_MAX_MD_SIZE]; - EVP_DigestInit_ex(&mctx, md, NULL); + EVP_DigestInit_ex(mctx, md, NULL); ctr[3] = i & 0xFF; ctr[2] = (i >> 8) & 0xFF; ctr[1] = (i >> 16) & 0xFF; ctr[0] = (i >> 24) & 0xFF; - if (!EVP_DigestUpdate(&mctx, Z, Zlen)) + if (!EVP_DigestUpdate(mctx, Z, Zlen)) goto err; - if (!EVP_DigestUpdate(&mctx, ctr, sizeof(ctr))) + if (!EVP_DigestUpdate(mctx, ctr, sizeof(ctr))) goto err; - if (!EVP_DigestUpdate(&mctx, sinfo, sinfolen)) + if (!EVP_DigestUpdate(mctx, sinfo, sinfolen)) goto err; if (outlen >= mdlen) { - if (!EVP_DigestFinal(&mctx, out, NULL)) + if (!EVP_DigestFinal(mctx, out, NULL)) goto err; outlen -= mdlen; if (outlen == 0) break; out += mdlen; } else { - if (!EVP_DigestFinal(&mctx, mtmp, NULL)) + if (!EVP_DigestFinal(mctx, mtmp, NULL)) goto err; memcpy(out, mtmp, outlen); OPENSSL_cleanse(mtmp, mdlen); @@ -104,6 +106,6 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, } rv = 1; err: - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_destroy(mctx); return rv; } diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 8927ee190f..3c046f28ea 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -334,7 +334,7 @@ static int test_sha1_init(EVP_MD_CTX *ctx) # ifdef TEST_ENG_OPENSSL_SHA_P_INIT fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n"); # endif - return SHA1_Init(ctx->md_data); + return SHA1_Init(EVP_MD_CTX_md_data(ctx)); } static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) @@ -342,7 +342,7 @@ static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) # ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n"); # endif - return SHA1_Update(ctx->md_data, data, count); + return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) @@ -350,7 +350,7 @@ static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) # ifdef TEST_ENG_OPENSSL_SHA_P_FINAL fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n"); # endif - return SHA1_Final(md, ctx->md_data); + return SHA1_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD test_sha_md = { diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c index 80021b662b..94310b41d3 100644 --- a/crypto/evp/m_md4.c +++ b/crypto/evp/m_md4.c @@ -71,17 +71,17 @@ static int init(EVP_MD_CTX *ctx) { - return MD4_Init(ctx->md_data); + return MD4_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return MD4_Update(ctx->md_data, data, count); + return MD4_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return MD4_Final(md, ctx->md_data); + return MD4_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD md4_md = { diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c index 4ada7d16ce..b8f7a4a41d 100644 --- a/crypto/evp/m_md5.c +++ b/crypto/evp/m_md5.c @@ -71,17 +71,17 @@ static int init(EVP_MD_CTX *ctx) { - return MD5_Init(ctx->md_data); + return MD5_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return MD5_Update(ctx->md_data, data, count); + return MD5_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return MD5_Final(md, ctx->md_data); + return MD5_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD md5_md = { diff --git a/crypto/evp/m_md5_sha1.c b/crypto/evp/m_md5_sha1.c index 22cd7ce733..dadb6c26b8 100644 --- a/crypto/evp/m_md5_sha1.c +++ b/ |