summaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'ssl')
-rw-r--r--ssl/record/ssl3_record.c14
-rw-r--r--ssl/s3_cbc.c6
-rw-r--r--ssl/s3_enc.c22
-rw-r--r--ssl/ssl_lib.c10
-rw-r--r--ssl/statem/statem_clnt.c18
-rw-r--r--ssl/statem/statem_dtls.c3
-rw-r--r--ssl/statem/statem_srvr.c10
-rw-r--r--ssl/t1_enc.c14
8 files changed, 48 insertions, 49 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 02424f1f68..99c655e65b 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -854,7 +854,7 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
} else {
unsigned int md_size_u;
/* Chop the digest off the end :-) */
- EVP_MD_CTX *md_ctx = EVP_MD_CTX_create();
+ EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
if (md_ctx == NULL)
return -1;
@@ -875,12 +875,12 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
|| EVP_DigestUpdate(md_ctx, ssl3_pad_2, npad) <= 0
|| EVP_DigestUpdate(md_ctx, md, md_size) <= 0
|| EVP_DigestFinal_ex(md_ctx, md, &md_size_u) <= 0) {
- EVP_MD_CTX_init(md_ctx);
+ EVP_MD_CTX_reset(md_ctx);
return -1;
}
md_size = md_size_u;
- EVP_MD_CTX_destroy(md_ctx);
+ EVP_MD_CTX_free(md_ctx);
}
ssl3_record_sequence_update(seq);
@@ -918,7 +918,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
if (stream_mac) {
mac_ctx = hash;
} else {
- hmac = EVP_MD_CTX_create();
+ hmac = EVP_MD_CTX_new();
if (hmac == NULL
|| !EVP_MD_CTX_copy(hmac, hash))
return -1;
@@ -957,14 +957,14 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
rec->length + md_size, rec->orig_len,
ssl->s3->read_mac_secret,
ssl->s3->read_mac_secret_size, 0) <= 0) {
- EVP_MD_CTX_destroy(hmac);
+ EVP_MD_CTX_free(hmac);
return -1;
}
} else {
if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
|| EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
|| EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
- EVP_MD_CTX_destroy(hmac);
+ EVP_MD_CTX_free(hmac);
return -1;
}
if (!send && !SSL_USE_ETM(ssl) && FIPS_mode())
@@ -973,7 +973,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
rec->length, rec->orig_len);
}
- EVP_MD_CTX_destroy(hmac);
+ EVP_MD_CTX_free(hmac);
#ifdef TLS_DEBUG
fprintf(stderr, "seq=");
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 1e46c6692e..f07a0451a0 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -497,7 +497,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
mac_out[j] |= block[j] & is_block_b;
}
- md_ctx = EVP_MD_CTX_create();
+ md_ctx = EVP_MD_CTX_new();
if (md_ctx == NULL)
goto err;
if (EVP_DigestInit_ex(md_ctx, EVP_MD_CTX_md(ctx), NULL /* engine */ ) <= 0)
@@ -522,11 +522,11 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
ret = EVP_DigestFinal(md_ctx, md_out, &md_out_size_u);
if (ret && md_out_size)
*md_out_size = md_out_size_u;
- EVP_MD_CTX_destroy(md_ctx);
+ EVP_MD_CTX_free(md_ctx);
return 1;
err:
- EVP_MD_CTX_destroy(md_ctx);
+ EVP_MD_CTX_free(md_ctx);
return 0;
}
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 026f2c8395..c20bff2e75 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -153,8 +153,8 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
c = os_toascii[c]; /* 'A' in ASCII */
#endif
k = 0;
- m5 = EVP_MD_CTX_create();
- s1 = EVP_MD_CTX_create();
+ m5 = EVP_MD_CTX_new();
+ s1 = EVP_MD_CTX_new();
if (m5 == NULL || s1 == NULL) {
SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
goto err;
@@ -194,8 +194,8 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
OPENSSL_cleanse(smd, sizeof(smd));
ret = 1;
err:
- EVP_MD_CTX_destroy(m5);
- EVP_MD_CTX_destroy(s1);
+ EVP_MD_CTX_free(m5);
+ EVP_MD_CTX_free(s1);
return ret;
}
@@ -447,7 +447,7 @@ void ssl3_free_digest_list(SSL *s)
{
BIO_free(s->s3->handshake_buffer);
s->s3->handshake_buffer = NULL;
- EVP_MD_CTX_destroy(s->s3->handshake_dgst);
+ EVP_MD_CTX_free(s->s3->handshake_dgst);
s->s3->handshake_dgst = NULL;
}
@@ -472,7 +472,7 @@ int ssl3_digest_cached_records(SSL *s, int keep)
return 0;
}
- s->s3->handshake_dgst = EVP_MD_CTX_create();
+ s->s3->handshake_dgst = EVP_MD_CTX_new();
if (s->s3->handshake_dgst == NULL) {
SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);
return 0;
@@ -509,7 +509,7 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p)
return 0;
}
- ctx = EVP_MD_CTX_create();
+ ctx = EVP_MD_CTX_new();
if (ctx == NULL) {
SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_MALLOC_FAILURE);
return 0;
@@ -518,7 +518,7 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p)
ret = EVP_MD_CTX_size(ctx);
if (ret < 0) {
- EVP_MD_CTX_init(ctx);
+ EVP_MD_CTX_reset(ctx);
return 0;
}
@@ -531,7 +531,7 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p)
ret = 0;
}
- EVP_MD_CTX_destroy(ctx);
+ EVP_MD_CTX_free(ctx);
return ret;
}
@@ -551,7 +551,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
#endif
};
unsigned char buf[EVP_MAX_MD_SIZE];
- EVP_MD_CTX *ctx = EVP_MD_CTX_create();
+ EVP_MD_CTX *ctx = EVP_MD_CTX_new();
int i, ret = 0;
unsigned int n;
#ifdef OPENSSL_SSL_TRACE_CRYPTO
@@ -584,7 +584,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
out += n;
ret += n;
}
- EVP_MD_CTX_destroy(ctx);
+ EVP_MD_CTX_free(ctx);
#ifdef OPENSSL_SSL_TRACE_CRYPTO
if (ret > 0 && s->msg_callback) {
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index adbb7bb95a..3ca7c3ffa6 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3177,9 +3177,9 @@ void SSL_set_not_resumable_session_callback(SSL *ssl,
EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
{
ssl_clear_hash_ctx(hash);
- *hash = EVP_MD_CTX_create();
+ *hash = EVP_MD_CTX_new();
if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {
- EVP_MD_CTX_destroy(*hash);
+ EVP_MD_CTX_free(*hash);
*hash = NULL;
return NULL;
}
@@ -3190,7 +3190,7 @@ void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
{
if (*hash)
- EVP_MD_CTX_destroy(*hash);
+ EVP_MD_CTX_free(*hash);
*hash = NULL;
}
@@ -3204,7 +3204,7 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen)
ret = 0;
goto err;
}
- ctx = EVP_MD_CTX_create();
+ ctx = EVP_MD_CTX_new();
if (ctx == NULL) {
ret = 0;
goto err;
@@ -3213,7 +3213,7 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen)
|| EVP_DigestFinal_ex(ctx, out, NULL) <= 0)
ret = 0;
err:
- EVP_MD_CTX_destroy(ctx);
+ EVP_MD_CTX_free(ctx);
return ret;
}
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index f19ac8e38a..60c0983def 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1592,7 +1592,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
#endif
PACKET save_param_start, signature;
- md_ctx = EVP_MD_CTX_create();
+ md_ctx = EVP_MD_CTX_new();
if (md_ctx == NULL) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
@@ -1921,7 +1921,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
}
}
EVP_PKEY_free(pkey);
- EVP_MD_CTX_destroy(md_ctx);
+ EVP_MD_CTX_free(md_ctx);
return MSG_PROCESS_CONTINUE_READING;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -1938,7 +1938,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
EC_POINT_free(srvr_ecpoint);
EC_KEY_free(ecdh);
#endif
- EVP_MD_CTX_destroy(md_ctx);
+ EVP_MD_CTX_free(md_ctx);
ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}
@@ -2721,7 +2721,7 @@ psk_err:
* Compute shared IV and store it in algorithm-specific context
* data
*/
- ukm_hash = EVP_MD_CTX_create();
+ ukm_hash = EVP_MD_CTX_new();
if (EVP_DigestInit(ukm_hash,
EVP_get_digestbynid(dgst_nid)) <= 0
|| EVP_DigestUpdate(ukm_hash, s->s3->client_random,
@@ -2729,12 +2729,12 @@ psk_err:
|| EVP_DigestUpdate(ukm_hash, s->s3->server_random,
SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {
- EVP_MD_CTX_destroy(ukm_hash);
+ EVP_MD_CTX_free(ukm_hash);
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto err;
}
- EVP_MD_CTX_destroy(ukm_hash);
+ EVP_MD_CTX_free(ukm_hash);
if (EVP_PKEY_CTX_ctrl
(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, 8,
shared_ukm) < 0) {
@@ -2905,7 +2905,7 @@ int tls_construct_client_verify(SSL *s)
long hdatalen = 0;
void *hdata;
- mctx = EVP_MD_CTX_create();
+ mctx = EVP_MD_CTX_new();
if (mctx == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
@@ -2958,10 +2958,10 @@ int tls_construct_client_verify(SSL *s)
goto err;
}
- EVP_MD_CTX_destroy(mctx);
+ EVP_MD_CTX_free(mctx);
return 1;
err:
- EVP_MD_CTX_destroy(mctx);
+ EVP_MD_CTX_free(mctx);
return 0;
}
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
index aafd28f8de..6d73659df6 100644
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -204,8 +204,7 @@ void dtls1_hm_fragment_free(hm_fragment *frag)
if (frag->msg_header.is_ccs) {
EVP_CIPHER_CTX_free(frag->msg_header.
saved_retransmit_state.enc_write_ctx);
- EVP_MD_CTX_destroy(frag->msg_header.
- saved_retransmit_state.write_hash);
+ EVP_MD_CTX_free(frag->msg_header.saved_retransmit_state.write_hash);
}
OPENSSL_free(frag->fragment);
OPENSSL_free(frag->reassembly);
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index f1d1796d1e..3ccb28777e 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1733,7 +1733,7 @@ int tls_construct_server_key_exchange(SSL *s)
BIGNUM *r[4];
int nr[4], kn;
BUF_MEM *buf;
- EVP_MD_CTX *md_ctx = EVP_MD_CTX_create();
+ EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
if (md_ctx == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
@@ -2075,7 +2075,7 @@ int tls_construct_server_key_exchange(SSL *s)
goto f_err;
}
- EVP_MD_CTX_destroy(md_ctx);
+ EVP_MD_CTX_free(md_ctx);
return 1;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -2084,7 +2084,7 @@ int tls_construct_server_key_exchange(SSL *s)
OPENSSL_free(encodedPoint);
BN_CTX_free(bn_ctx);
#endif
- EVP_MD_CTX_destroy(md_ctx);
+ EVP_MD_CTX_free(md_ctx);
ossl_statem_set_error(s);
return 0;
}
@@ -2888,7 +2888,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
long hdatalen = 0;
void *hdata;
- EVP_MD_CTX *mctx = EVP_MD_CTX_create();
+ EVP_MD_CTX *mctx = EVP_MD_CTX_new();
if (mctx == NULL) {
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_MALLOC_FAILURE);
@@ -3013,7 +3013,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
}
BIO_free(s->s3->handshake_buffer);
s->s3->handshake_buffer = NULL;
- EVP_MD_CTX_destroy(mctx);
+ EVP_MD_CTX_free(mctx);
EVP_PKEY_free(pkey);
return ret;
}
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 05a0ec7caa..5889558d7e 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -166,9 +166,9 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
chunk = EVP_MD_size(md);
OPENSSL_assert(chunk >= 0);
- ctx = EVP_MD_CTX_create();
- ctx_tmp = EVP_MD_CTX_create();
- ctx_init = EVP_MD_CTX_create();
+ ctx = EVP_MD_CTX_new();
+ ctx_tmp = EVP_MD_CTX_new();
+ ctx_init = EVP_MD_CTX_new();
if (ctx == NULL || ctx_tmp == NULL || ctx_init == NULL)
goto err;
EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
@@ -230,9 +230,9 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
ret = 1;
err:
EVP_PKEY_free(mac_key);
- EVP_MD_CTX_destroy(ctx);
- EVP_MD_CTX_destroy(ctx_tmp);
- EVP_MD_CTX_destroy(ctx_init);
+ EVP_MD_CTX_free(ctx);
+ EVP_MD_CTX_free(ctx_tmp);
+ EVP_MD_CTX_free(ctx_init);
OPENSSL_cleanse(A1, sizeof(A1));
return ret;
}
@@ -374,7 +374,7 @@ int tls1_change_cipher_state(SSL *s, int which)
goto err;
dd = s->enc_write_ctx;
if (SSL_IS_DTLS(s)) {
- mac_ctx = EVP_MD_CTX_create();
+ mac_ctx = EVP_MD_CTX_new();
if (mac_ctx == NULL)
goto err;
s->write_hash = mac_ctx;
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-11 23:42:53 +0000