* https://www.openssl.org/source/license.html
*/
-#include "internal/constant_time_locl.h"
-#include "ssl_locl.h"
+/*
+ * MD5 and SHA-1 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
+#include "internal/constant_time.h"
+#include "ssl_local.h"
#include "internal/cryptlib.h"
#include <openssl/md5.h>
* padding too. )
* Returns 1 on success or 0 on error
*/
-int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
+int ssl3_cbc_digest_record(SSL *s,
+ const EVP_MD_CTX *ctx,
unsigned char *md_out,
size_t *md_out_size,
const unsigned char header[13],
*/
size_t md_length_size = 8;
char length_is_big_endian = 1;
- int ret;
+ int ret = 0;
+ const EVP_MD *md = NULL;
/*
* This is a, hopefully redundant, check that allows us to forget about
md_ctx = EVP_MD_CTX_new();
if (md_ctx == NULL)
goto err;
- if (EVP_DigestInit_ex(md_ctx, EVP_MD_CTX_md(ctx), NULL /* engine */ ) <= 0)
+ md = ssl_evp_md_fetch(s->ctx->libctx, EVP_MD_type(EVP_MD_CTX_md(ctx)),
+ s->ctx->propq);
+ if (md == NULL)
+ goto err;
+ if (EVP_DigestInit_ex(md_ctx, md, NULL /* engine */ ) <= 0)
goto err;
if (is_sslv3) {
/* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
ret = EVP_DigestFinal(md_ctx, md_out, &md_out_size_u);
if (ret && md_out_size)
*md_out_size = md_out_size_u;
- EVP_MD_CTX_free(md_ctx);
- return 1;
+ ret = 1;
err:
EVP_MD_CTX_free(md_ctx);
- return 0;
+ ssl_evp_md_free(md);
+ return ret;
}