diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c index 6afaf9a54f5e8e8fdd1359ccf0066902e7a6d954..60e38fa15dde7365c5f7340ab1da6b31c9a835f0 100644 --- a/crypto/evp/bio_md.c +++ b/crypto/evp/bio_md.c @@ -61,6 +61,7 @@ #include "internal/cryptlib.h" #include #include +#include "evp_locl.h" /* * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 8658f88a0599c6588b8aa335a3386735c0500b01..a2a66235bd03044d3ea1d851926012ef1919dbc2 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -149,7 +149,7 @@ typedef struct ok_struct { size_t buf_off_save; int cont; /* <= 0 when finished */ int finished; - EVP_MD_CTX md; + EVP_MD_CTX *md; int blockout; /* output block is ready */ int sigio; /* must process signature */ unsigned char buf[IOBS]; @@ -182,7 +182,7 @@ static int ok_new(BIO *bi) ctx->cont = 1; ctx->sigio = 1; - EVP_MD_CTX_init(&ctx->md); + ctx->md = EVP_MD_CTX_create(); bi->init = 0; bi->ptr = (char *)ctx; bi->flags = 0; @@ -193,7 +193,7 @@ static int ok_free(BIO *a) { if (a == NULL) return (0); - EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md); + EVP_MD_CTX_destroy(((BIO_OK_CTX *)a->ptr)->md); OPENSSL_clear_free(a->ptr, sizeof(BIO_OK_CTX)); a->ptr = NULL; a->init = 0; @@ -412,14 +412,14 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_C_SET_MD: md = ptr; - if (!EVP_DigestInit_ex(&ctx->md, md, NULL)) + if (!EVP_DigestInit_ex(ctx->md, md, NULL)) return 0; b->init = 1; break; case BIO_C_GET_MD: if (b->init) { ppmd = ptr; - *ppmd = ctx->md.digest; + *ppmd = EVP_MD_CTX_md(ctx->md); } else ret = 0; break; @@ -468,30 +468,36 @@ static int sig_out(BIO *b) { BIO_OK_CTX *ctx; EVP_MD_CTX *md; + const EVP_MD *digest; + int md_size; + void *md_data; ctx = b->ptr; - md = &ctx->md; + md = ctx->md; + digest = EVP_MD_CTX_md(md); + md_size = EVP_MD_size(digest); + md_data = EVP_MD_CTX_md_data(md); - if (ctx->buf_len + 2 * md->digest->md_size > OK_BLOCK_SIZE) + if (ctx->buf_len + 2 * md_size > OK_BLOCK_SIZE) return 1; - if (!EVP_DigestInit_ex(md, md->digest, NULL)) + if (!EVP_DigestInit_ex(md, digest, NULL)) goto berr; /* * FIXME: there's absolutely no guarantee this makes any sense at all, * particularly now EVP_MD_CTX has been restructured. */ - if (RAND_bytes(md->md_data, md->digest->md_size) <= 0) + if (RAND_bytes(md_data, md_size) <= 0) goto berr; - memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size); - longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); - ctx->buf_len += md->digest->md_size; + memcpy(&(ctx->buf[ctx->buf_len]), md_data, md_size); + longswap(&(ctx->buf[ctx->buf_len]), md_size); + ctx->buf_len += md_size; if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN))) goto berr; if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL)) goto berr; - ctx->buf_len += md->digest->md_size; + ctx->buf_len += md_size; ctx->blockout = 1; ctx->sigio = 0; return 1; @@ -506,25 +512,31 @@ static int sig_in(BIO *b) EVP_MD_CTX *md; unsigned char tmp[EVP_MAX_MD_SIZE]; int ret = 0; + const EVP_MD *digest; + int md_size; + void *md_data; ctx = b->ptr; - md = &ctx->md; + md = ctx->md; + digest = EVP_MD_CTX_md(md); + md_size = EVP_MD_size(digest); + md_data = EVP_MD_CTX_md_data(md); - if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md->digest->md_size) + if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md_size) return 1; - if (!EVP_DigestInit_ex(md, md->digest, NULL)) + if (!EVP_DigestInit_ex(md, digest, NULL)) goto berr; - memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size); - longswap(md->md_data, md->digest->md_size); - ctx->buf_off += md->digest->md_size; + memcpy(md_data, &(ctx->buf[ctx->buf_off]), md_size); + longswap(md_data, md_size); + ctx->buf_off += md_size; if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN))) goto berr; if (!EVP_DigestFinal_ex(md, tmp, NULL)) goto berr; - ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0; - ctx->buf_off += md->digest->md_size; + ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md_size) == 0; + ctx->buf_off += md_size; if (ret == 1) { ctx->sigio = 0; if (ctx->buf_len != ctx->buf_off) { @@ -547,9 +559,13 @@ static int block_out(BIO *b) BIO_OK_CTX *ctx; EVP_MD_CTX *md; unsigned long tl; + const EVP_MD *digest; + int md_size; ctx = b->ptr; - md = &ctx->md; + md = ctx->md; + digest = EVP_MD_CTX_md(md); + md_size = EVP_MD_size(digest); tl = ctx->buf_len - OK_BLOCK_BLOCK; ctx->buf[0] = (unsigned char)(tl >> 24); @@ -561,7 +577,7 @@ static int block_out(BIO *b) goto berr; if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL)) goto berr; - ctx->buf_len += md->digest->md_size; + ctx->buf_len += md_size; ctx->blockout = 1; return 1; berr: @@ -575,9 +591,11 @@ static int block_in(BIO *b) EVP_MD_CTX *md; unsigned long tl = 0; unsigned char tmp[EVP_MAX_MD_SIZE]; + int md_size; ctx = b->ptr; - md = &ctx->md; + md = ctx->md; + md_size = EVP_MD_size(EVP_MD_CTX_md(md)); assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */ tl = ctx->buf[0]; @@ -588,7 +606,7 @@ static int block_in(BIO *b) tl <<= 8; tl |= ctx->buf[3]; - if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md->digest->md_size) + if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md_size) return 1; if (!EVP_DigestUpdate(md, @@ -596,10 +614,9 @@ static int block_in(BIO *b) goto berr; if (!EVP_DigestFinal_ex(md, tmp, NULL)) goto berr; - if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == - 0) { + if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md_size) == 0) { /* there might be parts from next block lurking around ! */ - ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md->digest->md_size; + ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md_size; ctx->buf_len_save = ctx->buf_len; ctx->buf_off = OK_BLOCK_BLOCK; ctx->buf_len = tl + OK_BLOCK_BLOCK; diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 32a87f627d727fbff0d47ce73d5611245fa60d74..49048e271e82f3563e2790e63d2c89c9fed25288 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -116,6 +116,7 @@ #ifndef OPENSSL_NO_ENGINE # include #endif +#include "evp_locl.h" void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 3e2c989954e76fc813eb45e8c5831dd334b0f003..231c06b86e4204671f202e54b6171e311e7bcce3 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -123,7 +123,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, int datal, int count, unsigned char *key, unsigned char *iv) { - EVP_MD_CTX c; + EVP_MD_CTX *c; unsigned char md_buf[EVP_MAX_MD_SIZE]; int niv, nkey, addmd = 0; unsigned int mds = 0, i; @@ -136,27 +136,29 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, if (data == NULL) return (nkey); - EVP_MD_CTX_init(&c); + c = EVP_MD_CTX_create(); + if (c == NULL) + goto err; for (;;) { - if (!EVP_DigestInit_ex(&c, md, NULL)) + if (!EVP_DigestInit_ex(c, md, NULL)) goto err; if (addmd++) - if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds)) + if (!EVP_DigestUpdate(c, &(md_buf[0]), mds)) goto err; - if (!EVP_DigestUpdate(&c, data, datal)) + if (!EVP_DigestUpdate(c, data, datal)) goto err; if (salt != NULL) - if (!EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN)) + if (!EVP_DigestUpdate(c, salt, PKCS5_SALT_LEN)) goto err; - if (!EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds)) + if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds)) goto err; for (i = 1; i < (unsigned int)count; i++) { - if (!EVP_DigestInit_ex(&c, md, NULL)) + if (!EVP_DigestInit_ex(c, md, NULL)) goto err; - if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds)) + if (!EVP_DigestUpdate(c, &(md_buf[0]), mds)) goto err; - if (!EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds)) + if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds)) goto err; } i = 0; @@ -189,7 +191,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, } rv = type->key_len; err: - EVP_MD_CTX_cleanup(&c); + EVP_MD_CTX_destroy(c); OPENSSL_cleanse(md_buf, sizeof(md_buf)); return rv; } diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 258fd91ced251015ae10365c2a86557bfb623228..b21000f864601898363e219ce42bd52b0b97a310 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -63,6 +63,7 @@ #include #include #include "internal/evp_int.h" +#include "evp_locl.h" static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey, @@ -157,16 +158,15 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, else r = EVP_DigestFinal_ex(ctx, md, &mdlen); } else { - EVP_MD_CTX tmp_ctx; - EVP_MD_CTX_init(&tmp_ctx); - if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) + EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_create(); + if (tmp_ctx == NULL || !EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) return 0; if (sctx) - r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx, - sigret, siglen, &tmp_ctx); + r = tmp_ctx->pctx->pmeth->signctx(tmp_ctx->pctx, + sigret, siglen, tmp_ctx); else - r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); - EVP_MD_CTX_cleanup(&tmp_ctx); + r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen); + EVP_MD_CTX_destroy(tmp_ctx); } if (sctx || !r) return r; @@ -203,16 +203,15 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, } else r = EVP_DigestFinal_ex(ctx, md, &mdlen); } else { - EVP_MD_CTX tmp_ctx; - EVP_MD_CTX_init(&tmp_ctx); - if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) + EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_create(); + if (tmp_ctx == NULL || !EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) return -1; if (vctx) { - r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx, - sig, siglen, &tmp_ctx); + r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx, + sig, siglen, tmp_ctx); } else - r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); - EVP_MD_CTX_cleanup(&tmp_ctx); + r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen); + EVP_MD_CTX_destroy(tmp_ctx); } if (vctx || !r) return r; diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index 2d37d08f98bcdbb42f65469aff1da7f068060eb8..26bf048989ab9554ce2aecb8db1032b58817624c 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -75,7 +75,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx; unsigned char md_tmp[EVP_MAX_MD_SIZE]; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; int i; @@ -84,7 +84,6 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, unsigned char *salt; int mdsize; int rv = 0; - EVP_MD_CTX_init(&ctx); /* Extract useful info from parameter */ if (param == NULL || param->type != V_ASN1_SEQUENCE || @@ -111,24 +110,30 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, else if (passlen == -1) passlen = strlen(pass); - if (!EVP_DigestInit_ex(&ctx, md, NULL)) + ctx = EVP_MD_CTX_create(); + if (ctx == NULL) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, ERR_R_MALLOC_FAILURE); goto err; - if (!EVP_DigestUpdate(&ctx, pass, passlen)) + } + + if (!EVP_DigestInit_ex(ctx, md, NULL)) + goto err; + if (!EVP_DigestUpdate(ctx, pass, passlen)) goto err; - if (!EVP_DigestUpdate(&ctx, salt, saltlen)) + if (!EVP_DigestUpdate(ctx, salt, saltlen)) goto err; PBEPARAM_free(pbe); - if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) + if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) goto err; mdsize = EVP_MD_size(md); if (mdsize < 0) return 0; for (i = 1; i < iter; i++) { - if (!EVP_DigestInit_ex(&ctx, md, NULL)) + if (!EVP_DigestInit_ex(ctx, md, NULL)) goto err; - if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize)) + if (!EVP_DigestUpdate(ctx, md_tmp, mdsize)) goto err; - if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) + if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) goto err; } OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); @@ -143,6 +148,6 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); rv = 1; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); return rv; } diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c index 808d0de013ded258eb001ba2edcaec1cd5fe0e54..da17514df0b635d4dc61b06b8c6ae2fe855d3dd3 100644 --- a/crypto/evp/p_sign.c +++ b/crypto/evp/p_sign.c @@ -72,17 +72,20 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, EVP_PKEY_CTX *pkctx = NULL; *siglen = 0; - if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { + if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) { if (!EVP_DigestFinal_ex(ctx, m, &m_len)) goto err; } else { int rv = 0; - EVP_MD_CTX tmp_ctx; - EVP_MD_CTX_init(&tmp_ctx); - rv = EVP_MD_CTX_copy_ex(&tmp_ctx, ctx); + EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_create(); + if (tmp_ctx == NULL) { + EVPerr(EVP_F_EVP_SIGNFINAL, ERR_R_MALLOC_FAILURE); + return 0; + } + rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx); if (rv) - rv = EVP_DigestFinal_ex(&tmp_ctx, m, &m_len); - EVP_MD_CTX_cleanup(&tmp_ctx); + rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len); + EVP_MD_CTX_destroy(tmp_ctx); if (!rv) return 0; } @@ -101,6 +104,6 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, *siglen = sltmp; i = 1; err: - EVP_PKEY_CTX_free(pkctx); - return i; + EVP_PKEY_CTX_free(pkctx); + return i; } diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c index 9802dccbaecb208eb34fd1af0b076cad7969a33b..02c26631f0d8f054a03d3e958683c7623f3594da 100644 --- a/crypto/evp/p_verify.c +++ b/crypto/evp/p_verify.c @@ -70,17 +70,20 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, int i = 0; EVP_PKEY_CTX *pkctx = NULL; - if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { + if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) { if (!EVP_DigestFinal_ex(ctx, m, &m_len)) goto err; } else { int rv = 0; - EVP_MD_CTX tmp_ctx; - EVP_MD_CTX_init(&tmp_ctx); - rv = EVP_MD_CTX_copy_ex(&tmp_ctx, ctx); + EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_create(); + if (tmp_ctx == NULL) { + EVPerr(EVP_F_EVP_VERIFYFINAL, ERR_R_MALLOC_FAILURE); + return 0; + } + rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx); if (rv) - rv = EVP_DigestFinal_ex(&tmp_ctx, m, &m_len); - EVP_MD_CTX_cleanup(&tmp_ctx); + rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len); + EVP_MD_CTX_destroy(tmp_ctx); if (!rv) return 0; }