summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2021-12-09 17:50:49 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2021-12-09 17:50:49 +0000
commita52bd01d577aa34048213a4bf80218fdd9825fce (patch)
tree7d7c8c8143b15f05af97439e90dd6713f710fc26 /lib
parentd4a1741980180dbb41e5f1204df90be658261861 (diff)
Convert ssl_clnt.c to opaque EVP_MD_CTX
ok inoguchi jsing
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/ssl_clnt.c55
1 files changed, 29 insertions, 26 deletions
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index a3c78096f78..1242796f58c 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.122 2021/12/04 13:50:35 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.123 2021/12/09 17:50:48 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1407,14 +1407,12 @@ ssl3_get_server_key_exchange(SSL *s)
{
CBS cbs, signature;
EVP_PKEY *pkey = NULL;
- EVP_MD_CTX md_ctx;
+ EVP_MD_CTX *md_ctx;
const unsigned char *param;
size_t param_len;
long alg_k, alg_a;
int al, ret;
- EVP_MD_CTX_init(&md_ctx);
-
alg_k = S3I(s)->hs.cipher->algorithm_mkey;
alg_a = S3I(s)->hs.cipher->algorithm_auth;
@@ -1426,6 +1424,9 @@ ssl3_get_server_key_exchange(SSL *s)
SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list)) <= 0)
return ret;
+ if ((md_ctx = EVP_MD_CTX_new()) == NULL)
+ goto err;
+
if (s->internal->init_num < 0)
goto err;
@@ -1443,7 +1444,7 @@ ssl3_get_server_key_exchange(SSL *s)
}
S3I(s)->hs.tls12.reuse_message = 1;
- EVP_MD_CTX_cleanup(&md_ctx);
+ EVP_MD_CTX_free(md_ctx);
return (1);
}
@@ -1504,10 +1505,10 @@ ssl3_get_server_key_exchange(SSL *s)
}
S3I(s)->hs.peer_sigalg = sigalg;
- if (!EVP_DigestVerifyInit(&md_ctx, &pctx, sigalg->md(),
+ if (!EVP_DigestVerifyInit(md_ctx, &pctx, sigalg->md(),
NULL, pkey))
goto err;
- if (!EVP_DigestVerifyUpdate(&md_ctx, s->s3->client_random,
+ if (!EVP_DigestVerifyUpdate(md_ctx, s->s3->client_random,
SSL3_RANDOM_SIZE))
goto err;
if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
@@ -1515,12 +1516,12 @@ ssl3_get_server_key_exchange(SSL *s)
RSA_PKCS1_PSS_PADDING) ||
!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)))
goto err;
- if (!EVP_DigestVerifyUpdate(&md_ctx, s->s3->server_random,
+ if (!EVP_DigestVerifyUpdate(md_ctx, s->s3->server_random,
SSL3_RANDOM_SIZE))
goto err;
- if (!EVP_DigestVerifyUpdate(&md_ctx, param, param_len))
+ if (!EVP_DigestVerifyUpdate(md_ctx, param, param_len))
goto err;
- if (EVP_DigestVerifyFinal(&md_ctx, CBS_data(&signature),
+ if (EVP_DigestVerifyFinal(md_ctx, CBS_data(&signature),
CBS_len(&signature)) <= 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerror(s, SSL_R_BAD_SIGNATURE);
@@ -1541,7 +1542,7 @@ ssl3_get_server_key_exchange(SSL *s)
}
EVP_PKEY_free(pkey);
- EVP_MD_CTX_cleanup(&md_ctx);
+ EVP_MD_CTX_free(md_ctx);
return (1);
@@ -1554,7 +1555,7 @@ ssl3_get_server_key_exchange(SSL *s)
err:
EVP_PKEY_free(pkey);
- EVP_MD_CTX_cleanup(&md_ctx);
+ EVP_MD_CTX_free(md_ctx);
return (-1);
}
@@ -2277,19 +2278,20 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey,
{
CBB cbb_signature;
EVP_PKEY_CTX *pctx = NULL;
- EVP_MD_CTX mctx;
+ EVP_MD_CTX *mctx = NULL;
const unsigned char *hdata;
unsigned char *signature = NULL;
size_t signature_len, hdata_len;
int ret = 0;
- EVP_MD_CTX_init(&mctx);
+ if ((mctx = EVP_MD_CTX_new()) == NULL)
+ goto err;
if (!tls1_transcript_data(s, &hdata, &hdata_len)) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
goto err;
}
- if (!EVP_DigestSignInit(&mctx, &pctx, sigalg->md(), NULL, pkey)) {
+ if (!EVP_DigestSignInit(mctx, &pctx, sigalg->md(), NULL, pkey)) {
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
@@ -2305,11 +2307,11 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey,
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
- if (!EVP_DigestSignUpdate(&mctx, hdata, hdata_len)) {
+ if (!EVP_DigestSignUpdate(mctx, hdata, hdata_len)) {
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
- if (!EVP_DigestSignFinal(&mctx, NULL, &signature_len) ||
+ if (!EVP_DigestSignFinal(mctx, NULL, &signature_len) ||
signature_len == 0) {
SSLerror(s, ERR_R_EVP_LIB);
goto err;
@@ -2318,7 +2320,7 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey,
SSLerror(s, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (!EVP_DigestSignFinal(&mctx, signature, &signature_len)) {
+ if (!EVP_DigestSignFinal(mctx, signature, &signature_len)) {
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
@@ -2335,7 +2337,7 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey,
ret = 1;
err:
- EVP_MD_CTX_cleanup(&mctx);
+ EVP_MD_CTX_free(mctx);
free(signature);
return ret;
}
@@ -2416,7 +2418,7 @@ static int
ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
{
CBB cbb_signature;
- EVP_MD_CTX mctx;
+ EVP_MD_CTX *mctx;
EVP_PKEY_CTX *pctx;
const EVP_MD *md;
const unsigned char *hdata;
@@ -2426,7 +2428,8 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
int nid;
int ret = 0;
- EVP_MD_CTX_init(&mctx);
+ if ((mctx = EVP_MD_CTX_new()) == NULL)
+ goto err;
if (!tls1_transcript_data(s, &hdata, &hdata_len)) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
@@ -2437,7 +2440,7 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
- if (!EVP_DigestSignInit(&mctx, &pctx, md, NULL, pkey)) {
+ if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, pkey)) {
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
@@ -2446,11 +2449,11 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
- if (!EVP_DigestSignUpdate(&mctx, hdata, hdata_len)) {
+ if (!EVP_DigestSignUpdate(mctx, hdata, hdata_len)) {
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
- if (!EVP_DigestSignFinal(&mctx, NULL, &signature_len) ||
+ if (!EVP_DigestSignFinal(mctx, NULL, &signature_len) ||
signature_len == 0) {
SSLerror(s, ERR_R_EVP_LIB);
goto err;
@@ -2459,7 +2462,7 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
SSLerror(s, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (!EVP_DigestSignFinal(&mctx, signature, &signature_len)) {
+ if (!EVP_DigestSignFinal(mctx, signature, &signature_len)) {
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
@@ -2473,7 +2476,7 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
ret = 1;
err:
- EVP_MD_CTX_cleanup(&mctx);
+ EVP_MD_CTX_free(mctx);
free(signature);
return ret;
}