if (c->algorithm_mac == SSL_AEAD)
mac_pkey_type = NULL;
} else {
- if (!ssl_evp_md_up_ref(ctx->ssl_digest_methods[i])) {
+ const EVP_MD *digest = ctx->ssl_digest_methods[i];
+
+ if (digest == NULL
+ || !ssl_evp_md_up_ref(digest)) {
ssl_evp_cipher_free(*enc);
return 0;
}
- *md = ctx->ssl_digest_methods[i];
+ *md = digest;
if (mac_pkey_type != NULL)
*mac_pkey_type = ctx->ssl_mac_pkey_id[i];
if (mac_secret_size != NULL)
s->session->cipher_id = s->session->cipher->id;
if (s->hit && (s->session->cipher_id != c->id)) {
if (SSL_IS_TLS13(s)) {
+ const EVP_MD *md = ssl_md(s->ctx, c->algorithm2);
+
/*
* In TLSv1.3 it is valid for the server to select a different
* ciphersuite as long as the hash is the same.
*/
- if (ssl_md(s->ctx, c->algorithm2)
- != ssl_md(s->ctx, s->session->cipher->algorithm2)) {
+ if (md == NULL
+ || md != ssl_md(s->ctx, s->session->cipher->algorithm2)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED);
return 0;
size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
unsigned char *out)
{
- const char *mdname = EVP_MD_get0_name(ssl_handshake_md(s));
+ const EVP_MD *md = ssl_handshake_md(s);
+ const char *mdname = EVP_MD_get0_name(md);
unsigned char hash[EVP_MAX_MD_SIZE];
unsigned char finsecret[EVP_MAX_MD_SIZE];
unsigned char *key = NULL;
size_t len = 0, hashlen;
OSSL_PARAM params[2], *p = params;
+ if (md == NULL)
+ return 0;
+
/* Safe to cast away const here since we're not "getting" any data */
if (s->ctx->propq != NULL)
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_PROPERTIES,
} else if (SSL_IS_FIRST_HANDSHAKE(s)) {
key = s->client_finished_secret;
} else {
- if (!tls13_derive_finishedkey(s, ssl_handshake_md(s),
+ if (!tls13_derive_finishedkey(s, md,
s->client_app_traffic_secret,
finsecret, hashlen))
goto err;
RECORD_LAYER_reset_read_sequence(&s->rlayer);
}
- if (!derive_secret_key_and_iv(s, sending, ssl_handshake_md(s),
+ if (!derive_secret_key_and_iv(s, sending, md,
s->s3.tmp.new_sym_enc, insecret, NULL,
application_traffic,
sizeof(application_traffic) - 1, secret, key,
unsigned int hashsize, datalen;
int ret = 0;
- if (ctx == NULL || !ossl_statem_export_allowed(s))
+ if (ctx == NULL || md == NULL || !ossl_statem_export_allowed(s))
goto err;
if (!use_context)
*
* Here Transcript-Hash is the cipher suite hash algorithm.
*/
- if (EVP_DigestInit_ex(ctx, md, NULL) <= 0
+ if (md == NULL
+ || EVP_DigestInit_ex(ctx, md, NULL) <= 0
|| EVP_DigestUpdate(ctx, context, contextlen) <= 0
|| EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0
|| EVP_DigestInit_ex(ctx, md, NULL) <= 0