From be5fc053ed40bb714944f93e2d35265d2096f71f Mon Sep 17 00:00:00 2001
From: Kurt Roeckx <kurt@roeckx.be>
Date: Sun, 4 Nov 2018 19:16:20 +0100
Subject: Replace EVP_MAC_CTX_copy() by EVP_MAC_CTX_dup()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
GH: #7651
---
 crypto/kdf/sskdf.c    |  8 +++++---
 crypto/kdf/tls1_prf.c | 21 ++++++++++++++-------
 2 files changed, 19 insertions(+), 10 deletions(-)

(limited to 'crypto/kdf')

diff --git a/crypto/kdf/sskdf.c b/crypto/kdf/sskdf.c
index 92bf995425..31a1c1044e 100644
--- a/crypto/kdf/sskdf.c
+++ b/crypto/kdf/sskdf.c
@@ -202,9 +202,8 @@ static int SSKDF_mac_kdm(const EVP_MAC *kdf_mac, const EVP_MD *hmac_md,
             || derived_key_len == 0)
         return 0;
 
-    ctx = EVP_MAC_CTX_new(kdf_mac);
     ctx_init = EVP_MAC_CTX_new(kdf_mac);
-    if (ctx == NULL || ctx_init == NULL)
+    if (ctx_init == NULL)
         goto end;
     if (hmac_md != NULL &&
             EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_MD, hmac_md) <= 0)
@@ -233,7 +232,8 @@ static int SSKDF_mac_kdm(const EVP_MAC *kdf_mac, const EVP_MD *hmac_md,
         c[2] = (unsigned char)((counter >> 8) & 0xff);
         c[3] = (unsigned char)(counter & 0xff);
 
-        if (!(EVP_MAC_CTX_copy(ctx, ctx_init)
+        ctx = EVP_MAC_CTX_dup(ctx_init);
+        if (!(ctx != NULL
                 && EVP_MAC_update(ctx, c, sizeof(c))
                 && EVP_MAC_update(ctx, z, z_len)
                 && EVP_MAC_update(ctx, info, info_len)))
@@ -251,6 +251,8 @@ static int SSKDF_mac_kdm(const EVP_MAC *kdf_mac, const EVP_MD *hmac_md,
             memcpy(out, mac, len);
             break;
         }
+        EVP_MAC_CTX_free(ctx);
+        ctx = NULL;
     }
     ret = 1;
 end:
diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c
index c39cf204f7..b14ae6fee1 100644
--- a/crypto/kdf/tls1_prf.c
+++ b/crypto/kdf/tls1_prf.c
@@ -237,10 +237,8 @@ static int tls1_prf_P_hash(const EVP_MD *md,
     size_t Ai_len;
     int ret = 0;
 
-    ctx = EVP_MAC_CTX_new_id(EVP_MAC_HMAC);
-    ctx_Ai = EVP_MAC_CTX_new_id(EVP_MAC_HMAC);
     ctx_init = EVP_MAC_CTX_new_id(EVP_MAC_HMAC);
-    if (ctx == NULL || ctx_Ai == NULL || ctx_init == NULL)
+    if (ctx_init == NULL)
         goto err;
     if (EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_FLAGS, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) != 1)
         goto err;
@@ -254,7 +252,8 @@ static int tls1_prf_P_hash(const EVP_MD *md,
     if (chunk == 0)
         goto err;
     /* A(0) = seed */
-    if (!EVP_MAC_CTX_copy(ctx_Ai, ctx_init))
+    ctx_Ai = EVP_MAC_CTX_dup(ctx_init);
+    if (ctx_Ai == NULL)
         goto err;
     if (seed != NULL && !EVP_MAC_update(ctx_Ai, seed, seed_len))
         goto err;
@@ -263,15 +262,21 @@ static int tls1_prf_P_hash(const EVP_MD *md,
         /* calc: A(i) = HMAC_<hash>(secret, A(i-1)) */
         if (!EVP_MAC_final(ctx_Ai, Ai, &Ai_len))
             goto err;
+        EVP_MAC_CTX_free(ctx_Ai);
+        ctx_Ai = NULL;
 
         /* calc next chunk: HMAC_<hash>(secret, A(i) + seed) */
-        if (!EVP_MAC_CTX_copy(ctx, ctx_init))
+        ctx = EVP_MAC_CTX_dup(ctx_init);
+        if (ctx == NULL)
             goto err;
         if (!EVP_MAC_update(ctx, Ai, Ai_len))
             goto err;
         /* save state for calculating next A(i) value */
-        if (olen > chunk && !EVP_MAC_CTX_copy(ctx_Ai, ctx))
-            goto err;
+        if (olen > chunk) {
+            ctx_Ai = EVP_MAC_CTX_dup(ctx);
+            if (ctx_Ai == NULL)
+                goto err;
+        }
         if (seed != NULL && !EVP_MAC_update(ctx, seed, seed_len))
             goto err;
         if (olen <= chunk) {
@@ -283,6 +288,8 @@ static int tls1_prf_P_hash(const EVP_MD *md,
         }
         if (!EVP_MAC_final(ctx, out, NULL))
             goto err;
+        EVP_MAC_CTX_free(ctx);
+        ctx = NULL;
         out += chunk;
         olen -= chunk;
     }
-- 
cgit v1.2.3