int al, i;
unsigned long type;
int n;
- CERT *cert;
BIGNUM *r[4];
int nr[4], kn;
BUF_MEM *buf;
- EVP_MD_CTX md_ctx;
+ EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
- EVP_MD_CTX_init(&md_ctx);
+ if (md_ctx == NULL) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ al = SSL_AD_INTERNAL_ERROR;
+ goto f_err;
+ }
type = s->s3->tmp.new_cipher->algorithm_mkey;
- cert = s->cert;
buf = s->init_buf;
#endif /* !OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_DH
if (type & (SSL_kDHE | SSL_kDHEPSK)) {
+ CERT *cert = s->cert;
+
if (s->cert->dh_tmp_auto) {
dhp = ssl_get_auto_dh(s);
if (dhp == NULL) {
#ifdef SSL_DEBUG
fprintf(stderr, "Using hash %s\n", EVP_MD_name(md));
#endif
- if (EVP_SignInit_ex(&md_ctx, md, NULL) <= 0
- || EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]),
+ if (EVP_SignInit_ex(md_ctx, md, NULL) <= 0
+ || EVP_SignUpdate(md_ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0
- || EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]),
+ || EVP_SignUpdate(md_ctx, &(s->s3->server_random[0]),
SSL3_RANDOM_SIZE) <= 0
- || EVP_SignUpdate(&md_ctx, d, n) <= 0
- || EVP_SignFinal(&md_ctx, &(p[2]),
+ || EVP_SignUpdate(md_ctx, d, n) <= 0
+ || EVP_SignFinal(md_ctx, &(p[2]),
(unsigned int *)&i, pkey) <= 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_LIB_EVP);
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
- EVP_MD_CTX_cleanup(&md_ctx);
+ EVP_MD_CTX_free(md_ctx);
return 1;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
OPENSSL_free(encodedPoint);
BN_CTX_free(bn_ctx);
#endif
- EVP_MD_CTX_cleanup(&md_ctx);
+ EVP_MD_CTX_free(md_ctx);
ossl_statem_set_error(s);
return 0;
}
i = 0;
}
if (PACKET_remaining(pkt) != i) {
- if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
- SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
- goto err;
- } else {
- *pkt = bookmark;
- i = PACKET_remaining(pkt);
- }
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+ SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+ goto err;
}
if (alg_k & SSL_kDHr)
idx = SSL_PKEY_DH_RSA;
long hdatalen = 0;
void *hdata;
- EVP_MD_CTX mctx;
- EVP_MD_CTX_init(&mctx);
+ EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+
+ if (mctx == NULL) {
+ SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_MALLOC_FAILURE);
+ al = SSL_AD_INTERNAL_ERROR;
+ goto f_err;
+ }
peer = s->session->peer;
pkey = X509_get_pubkey(peer);
#ifdef SSL_DEBUG
fprintf(stderr, "Using client verify alg %s\n", EVP_MD_name(md));
#endif
- if (!EVP_VerifyInit_ex(&mctx, md, NULL)
- || !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) {
+ if (!EVP_VerifyInit_ex(mctx, md, NULL)
+ || !EVP_VerifyUpdate(mctx, hdata, hdatalen)) {
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB);
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
#endif
if (s->version == SSL3_VERSION
- && !EVP_MD_CTX_ctrl(&mctx, EVP_CTRL_SSL3_MASTER_SECRET,
+ && !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
s->session->master_key_length,
s->session->master_key)) {
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB);
goto f_err;
}
- if (EVP_VerifyFinal(&mctx, data, len, pkey) <= 0) {
+ if (EVP_VerifyFinal(mctx, data, len, pkey) <= 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_BAD_SIGNATURE);
goto f_err;
}
BIO_free(s->s3->handshake_buffer);
s->s3->handshake_buffer = NULL;
- EVP_MD_CTX_cleanup(&mctx);
+ EVP_MD_CTX_free(mctx);
EVP_PKEY_free(pkey);
return ret;
}
{
unsigned char *senc = NULL;
EVP_CIPHER_CTX ctx;
- HMAC_CTX hctx = HMAC_CTX_EMPTY;
+ HMAC_CTX *hctx = NULL;
unsigned char *p, *macstart;
const unsigned char *const_p;
int len, slen_full, slen;
}
EVP_CIPHER_CTX_init(&ctx);
- HMAC_CTX_init(&hctx);
+ hctx = HMAC_CTX_new();
p = senc;
if (!i2d_SSL_SESSION(s->session, &p))
* all the work otherwise use generated values from parent ctx.
*/
if (tctx->tlsext_ticket_key_cb) {
- if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
- &hctx, 1) < 0)
+ if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, hctx, 1) < 0)
goto err;
} else {
if (RAND_bytes(iv, 16) <= 0)
if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
tctx->tlsext_tick_aes_key, iv))
goto err;
- if (!HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
+ if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16,
EVP_sha256(), NULL))
goto err;
memcpy(key_name, tctx->tlsext_tick_key_name, 16);
goto err;
p += len;
- if (!HMAC_Update(&hctx, macstart, p - macstart))
+ if (!HMAC_Update(hctx, macstart, p - macstart))
goto err;
- if (!HMAC_Final(&hctx, p, &hlen))
+ if (!HMAC_Final(hctx, p, &hlen))
goto err;
EVP_CIPHER_CTX_cleanup(&ctx);
- HMAC_CTX_cleanup(&hctx);
+ HMAC_CTX_free(hctx);
p += hlen;
/* Now write out lengths: p points to end of data written */
err:
OPENSSL_free(senc);
EVP_CIPHER_CTX_cleanup(&ctx);
- HMAC_CTX_cleanup(&hctx);
+ HMAC_CTX_free(hctx);
ossl_statem_set_error(s);
return 0;
}