Better invalid SNI name error handling

[openssl.git] / crypto / cms / cms_asn1.c

diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
index 2bd3954e1fd2f43b041412d6361e44ed10fe9f00..017f55c5899ac699731d3a0b00aa81b7662fcccc 100644 (file)
--- a/crypto/cms/cms_asn1.c
+++ b/crypto/cms/cms_asn1.c
@@ -95,8 +95,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
         EVP_PKEY_free(si->pkey);
         X509_free(si->signer);
-        if (si->pctx)
-            EVP_MD_CTX_cleanup(&si->mctx);
+        EVP_MD_CTX_free(si->mctx);
     }
     return 1;
 }
@@ -195,12 +194,14 @@ static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 {
     CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval;
     if (operation == ASN1_OP_NEW_POST) {
-        EVP_CIPHER_CTX_init(&kari->ctx);
-        EVP_CIPHER_CTX_set_flags(&kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
+        kari->ctx = EVP_CIPHER_CTX_new();
+        if (kari->ctx == NULL)
+            return 0;
+        EVP_CIPHER_CTX_set_flags(kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
         kari->pctx = NULL;
     } else if (operation == ASN1_OP_FREE_POST) {
         EVP_PKEY_CTX_free(kari->pctx);
-        EVP_CIPHER_CTX_cleanup(&kari->ctx);
+        EVP_CIPHER_CTX_free(kari->ctx);
     }
     return 1;
 }
@@ -305,7 +306,7 @@ ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
         ASN1_SIMPLE(CMS_CompressedData, version, LONG),
         ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
         ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
-} static_ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
+} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
 
 /* This is the ANY DEFINED BY table for the top level ContentInfo structure */