Explicitly fetch ciphers and digests in libssl

We modify libssl to use explicitly fetched ciphers, digests and other algorithms as required based on the configured library context and property query string for the SSL_CTX that is being used. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10854)
author: Matt Caswell <matt@openssl.org> 2020-01-16 12:14:27 +0000
committer: Matt Caswell <matt@openssl.org> 2020-02-06 11:59:07 +0000
commit: c8f6c28a938fc887ee3d2337f09db453e7fb0369 (patch)
tree: 80fab6c444adfb668fa03edc2297b729757b53c9 /ssl/s3_enc.c
parent: 8b6ffd40401bd3b78538cb8d496db0c6926185b0 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index ea0fb750f1..76bea32dbd 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -86,7 +86,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
  err:
     EVP_MD_CTX_free(m5);
     EVP_MD_CTX_free(s1);
-    EVP_MD_free(md5);
+    ssl_evp_md_free(md5);
     return ret;
 }
 
@@ -257,13 +257,16 @@ int ssl3_setup_key_block(SSL *s)
     if (s->s3.tmp.key_block_length != 0)
         return 1;
 
-    if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) {
+    if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, &comp,
+                            0)) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK,
                  SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
         return 0;
     }
 
+    ssl_evp_cipher_free(s->s3.tmp.new_sym_enc);
     s->s3.tmp.new_sym_enc = c;
+    ssl_evp_md_free(s->s3.tmp.new_hash);
     s->s3.tmp.new_hash = hash;
 #ifdef OPENSSL_NO_COMP
     s->s3.tmp.new_compression = NULL;
author	Matt Caswell <matt@openssl.org>	2020-01-16 12:14:27 +0000
committer	Matt Caswell <matt@openssl.org>	2020-02-06 11:59:07 +0000
commit	c8f6c28a938fc887ee3d2337f09db453e7fb0369 (patch)
tree	80fab6c444adfb668fa03edc2297b729757b53c9 /ssl/s3_enc.c
parent	8b6ffd40401bd3b78538cb8d496db0c6926185b0 (diff)