X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fdh%2Fdh_kdf.c;h=8ce849896cea44c8f2d7c33bb870719e57a2457f;hp=55979600e1a67ffaba067b090fcf6e95dfefc013;hb=bfb0641f932490c2e7fb5f9f7cb4a88017a5abfa;hpb=e968561d5e762e6c05e74541137916b4f20a144b diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index 55979600e1..8ce849896c 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -144,7 +144,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, ASN1_OBJECT *key_oid, const unsigned char *ukm, size_t ukmlen, const EVP_MD *md) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = NULL; int rv = 0; unsigned int i; size_t mdlen; @@ -152,31 +152,33 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, int derlen; if (Zlen > DH_KDF_MAX) return 0; + mctx = EVP_MD_CTX_new(); + if (mctx == NULL) + return 0; mdlen = EVP_MD_size(md); - EVP_MD_CTX_init(&mctx); derlen = dh_sharedinfo_encode(&der, &ctr, key_oid, outlen, ukm, ukmlen); if (derlen == 0) goto err; for (i = 1;; i++) { unsigned char mtmp[EVP_MAX_MD_SIZE]; - EVP_DigestInit_ex(&mctx, md, NULL); - if (!EVP_DigestUpdate(&mctx, Z, Zlen)) + EVP_DigestInit_ex(mctx, md, NULL); + if (!EVP_DigestUpdate(mctx, Z, Zlen)) goto err; ctr[3] = i & 0xFF; ctr[2] = (i >> 8) & 0xFF; ctr[1] = (i >> 16) & 0xFF; ctr[0] = (i >> 24) & 0xFF; - if (!EVP_DigestUpdate(&mctx, der, derlen)) + if (!EVP_DigestUpdate(mctx, der, derlen)) goto err; if (outlen >= mdlen) { - if (!EVP_DigestFinal(&mctx, out, NULL)) + if (!EVP_DigestFinal(mctx, out, NULL)) goto err; outlen -= mdlen; if (outlen == 0) break; out += mdlen; } else { - if (!EVP_DigestFinal(&mctx, mtmp, NULL)) + if (!EVP_DigestFinal(mctx, mtmp, NULL)) goto err; memcpy(out, mtmp, outlen); OPENSSL_cleanse(mtmp, mdlen); @@ -186,7 +188,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, rv = 1; err: OPENSSL_free(der); - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_free(mctx); return rv; } #endif