Loading apps/passwd.c +31 −27 Original line number Diff line number Diff line Loading @@ -307,7 +307,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) char *salt_out; int n; unsigned int i; EVP_MD_CTX md, md2; EVP_MD_CTX *md, *md2; size_t passwd_len, salt_len; passwd_len = strlen(passwd); Loading @@ -322,45 +322,50 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) salt_len = strlen(salt_out); assert(salt_len <= 8); EVP_MD_CTX_init(&md); EVP_DigestInit_ex(&md, EVP_md5(), NULL); EVP_DigestUpdate(&md, passwd, passwd_len); EVP_DigestUpdate(&md, "$", 1); EVP_DigestUpdate(&md, magic, strlen(magic)); EVP_DigestUpdate(&md, "$", 1); EVP_DigestUpdate(&md, salt_out, salt_len); EVP_MD_CTX_init(&md2); EVP_DigestInit_ex(&md2, EVP_md5(), NULL); EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(&md2, salt_out, salt_len); EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestFinal_ex(&md2, buf, NULL); md = EVP_MD_CTX_create(); if (md == NULL) return NULL; EVP_DigestInit_ex(md, EVP_md5(), NULL); EVP_DigestUpdate(md, passwd, passwd_len); EVP_DigestUpdate(md, "$", 1); EVP_DigestUpdate(md, magic, strlen(magic)); EVP_DigestUpdate(md, "$", 1); EVP_DigestUpdate(md, salt_out, salt_len); md2 = EVP_MD_CTX_create(); if (md2 == NULL) return NULL; EVP_DigestInit_ex(md2, EVP_md5(), NULL); EVP_DigestUpdate(md2, passwd, passwd_len); EVP_DigestUpdate(md2, salt_out, salt_len); EVP_DigestUpdate(md2, passwd, passwd_len); EVP_DigestFinal_ex(md2, buf, NULL); for (i = passwd_len; i > sizeof buf; i -= sizeof buf) EVP_DigestUpdate(&md, buf, sizeof buf); EVP_DigestUpdate(&md, buf, i); EVP_DigestUpdate(md, buf, sizeof buf); EVP_DigestUpdate(md, buf, i); n = passwd_len; while (n) { EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1); EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1); n >>= 1; } EVP_DigestFinal_ex(&md, buf, NULL); EVP_DigestFinal_ex(md, buf, NULL); for (i = 0; i < 1000; i++) { EVP_DigestInit_ex(&md2, EVP_md5(), NULL); EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf, EVP_DigestInit_ex(md2, EVP_md5(), NULL); EVP_DigestUpdate(md2, (i & 1) ? (unsigned const char *)passwd : buf, (i & 1) ? passwd_len : sizeof buf); if (i % 3) EVP_DigestUpdate(&md2, salt_out, salt_len); EVP_DigestUpdate(md2, salt_out, salt_len); if (i % 7) EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd, EVP_DigestUpdate(md2, passwd, passwd_len); EVP_DigestUpdate(md2, (i & 1) ? buf : (unsigned const char *)passwd, (i & 1) ? sizeof buf : passwd_len); EVP_DigestFinal_ex(&md2, buf, NULL); EVP_DigestFinal_ex(md2, buf, NULL); } EVP_MD_CTX_cleanup(&md2); EVP_MD_CTX_destroy(md2); EVP_MD_CTX_destroy(md); { /* transform buf into output string */ Loading Loading @@ -399,7 +404,6 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) *output = 0; assert(strlen(out_buf) < sizeof(out_buf)); } EVP_MD_CTX_cleanup(&md); return out_buf; } Loading apps/req.c +26 −18 Original line number Diff line number Diff line Loading @@ -1492,7 +1492,8 @@ static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey, EVP_PKEY_CTX *pkctx = NULL; int i; EVP_MD_CTX_init(ctx); if (ctx == NULL) return 0; if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey)) return 0; for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) { Loading @@ -1510,13 +1511,16 @@ int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) { int rv; EVP_MD_CTX mctx; EVP_MD_CTX *mctx = EVP_MD_CTX_create(); EVP_MD_CTX_init(&mctx); rv = do_sign_init(&mctx, pkey, md, sigopts); rv = do_sign_init(mctx, pkey, md, sigopts); /* Note: X509_sign_ctx() calls ASN1_item_sign_ctx(), which destroys * the EVP_MD_CTX we send it, so only destroy it here if the former * isn't called */ if (rv > 0) rv = X509_sign_ctx(x, &mctx); EVP_MD_CTX_cleanup(&mctx); rv = X509_sign_ctx(x, mctx); else EVP_MD_CTX_destroy(mctx); return rv > 0 ? 1 : 0; } Loading @@ -1524,13 +1528,15 @@ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) { int rv; EVP_MD_CTX mctx; EVP_MD_CTX_init(&mctx); rv = do_sign_init(&mctx, pkey, md, sigopts); EVP_MD_CTX *mctx = EVP_MD_CTX_create(); rv = do_sign_init(mctx, pkey, md, sigopts); /* Note: X509_REQ_sign_ctx() calls ASN1_item_sign_ctx(), which destroys * the EVP_MD_CTX we send it, so only destroy it here if the former * isn't called */ if (rv > 0) rv = X509_REQ_sign_ctx(x, &mctx); EVP_MD_CTX_cleanup(&mctx); rv = X509_REQ_sign_ctx(x, mctx); else EVP_MD_CTX_destroy(mctx); return rv > 0 ? 1 : 0; } Loading @@ -1538,12 +1544,14 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) { int rv; EVP_MD_CTX mctx; EVP_MD_CTX_init(&mctx); rv = do_sign_init(&mctx, pkey, md, sigopts); EVP_MD_CTX *mctx = EVP_MD_CTX_create(); rv = do_sign_init(mctx, pkey, md, sigopts); /* Note: X509_CRL_sign_ctx() calls ASN1_item_sign_ctx(), which destroys * the EVP_MD_CTX we send it, so only destroy it here if the former * isn't called */ if (rv > 0) rv = X509_CRL_sign_ctx(x, &mctx); EVP_MD_CTX_cleanup(&mctx); rv = X509_CRL_sign_ctx(x, mctx); else EVP_MD_CTX_destroy(mctx); return rv > 0 ? 1 : 0; } apps/ts.c +9 −4 Original line number Diff line number Diff line Loading @@ -523,17 +523,22 @@ static int create_digest(BIO *input, char *digest, const EVP_MD *md, return 0; if (input) { EVP_MD_CTX md_ctx; EVP_MD_CTX *md_ctx = EVP_MD_CTX_create(); unsigned char buffer[4096]; int length; if (md_ctx == NULL) return 0; *md_value = app_malloc(md_value_len, "digest buffer"); EVP_DigestInit(&md_ctx, md); EVP_DigestInit(md_ctx, md); while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) { EVP_DigestUpdate(&md_ctx, buffer, length); EVP_DigestUpdate(md_ctx, buffer, length); } if (!EVP_DigestFinal(&md_ctx, *md_value, NULL)) if (!EVP_DigestFinal(md_ctx, *md_value, NULL)) { EVP_MD_CTX_destroy(md_ctx); return 0; } EVP_MD_CTX_destroy(md_ctx); } else { long digest_len; *md_value = string_to_hex(digest, &digest_len); Loading crypto/asn1/a_sign.c +20 −13 Original line number Diff line number Diff line Loading @@ -131,12 +131,15 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, const EVP_MD *type) { EVP_MD_CTX ctx; EVP_MD_CTX *ctx = EVP_MD_CTX_create(); unsigned char *p, *buf_in = NULL, *buf_out = NULL; int i, inl = 0, outl = 0, outll = 0; X509_ALGOR *a; EVP_MD_CTX_init(&ctx); if (ctx == NULL) { ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); goto err; } for (i = 0; i < 2; i++) { if (i == 0) a = algor1; Loading Loading @@ -182,9 +185,9 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, p = buf_in; i2d(data, &p); if (!EVP_SignInit_ex(&ctx, type, NULL) || !EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl) || !EVP_SignFinal(&ctx, (unsigned char *)buf_out, if (!EVP_SignInit_ex(ctx, type, NULL) || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl) || !EVP_SignFinal(ctx, (unsigned char *)buf_out, (unsigned int *)&outl, pkey)) { outl = 0; ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB); Loading @@ -201,7 +204,7 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err: EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_destroy(ctx); OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); OPENSSL_clear_free((char *)buf_out, outll); return (outl); Loading @@ -213,13 +216,17 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, const EVP_MD *type) { EVP_MD_CTX ctx; EVP_MD_CTX_init(&ctx); if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) { EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX *ctx = EVP_MD_CTX_create(); if (ctx == NULL) { ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE); return 0; } if (!EVP_DigestSignInit(ctx, NULL, type, NULL, pkey)) { EVP_MD_CTX_destroy(ctx); return 0; } return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx); return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx); } int ASN1_item_sign_ctx(const ASN1_ITEM *it, Loading @@ -234,7 +241,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, int rv; type = EVP_MD_CTX_md(ctx); pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); if (!type || !pkey) { ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); Loading Loading @@ -307,7 +314,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err: EVP_MD_CTX_cleanup(ctx); EVP_MD_CTX_destroy(ctx); OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); OPENSSL_clear_free((char *)buf_out, outll); return (outl); Loading crypto/asn1/a_verify.c +20 −13 Original line number Diff line number Diff line Loading @@ -77,12 +77,15 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey) { EVP_MD_CTX ctx; EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *type; unsigned char *p, *buf_in = NULL; int ret = -1, i, inl; EVP_MD_CTX_init(&ctx); if (ctx == NULL) { ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); goto err; } i = OBJ_obj2nid(a->algorithm); type = EVP_get_digestbyname(OBJ_nid2sn(i)); if (type == NULL) { Loading @@ -104,8 +107,8 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, p = buf_in; i2d(data, &p); ret = EVP_VerifyInit_ex(&ctx, type, NULL) && EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl); ret = EVP_VerifyInit_ex(ctx, type, NULL) && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl); OPENSSL_clear_free(buf_in, (unsigned int)inl); Loading @@ -115,7 +118,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, } ret = -1; if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data, if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data, (unsigned int)signature->length, pkey) <= 0) { ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); ret = 0; Loading @@ -123,7 +126,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, } ret = 1; err: EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_destroy(ctx); return (ret); } Loading @@ -132,7 +135,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) { EVP_MD_CTX ctx; EVP_MD_CTX *ctx = NULL; unsigned char *buf_in = NULL; int ret = -1, inl; Loading @@ -148,7 +151,11 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, return -1; } EVP_MD_CTX_init(&ctx); ctx = EVP_MD_CTX_create(); if (ctx == NULL) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE); goto err; } /* Convert signature OID into digest and public key OIDs */ if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { Loading @@ -161,7 +168,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } ret = pkey->ameth->item_verify(&ctx, it, asn, a, signature, pkey); ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey); /* * Return value of 2 means carry on, anything else means we exit * straight away: either a fatal error of the underlying verification Loading @@ -185,7 +192,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ret = 0; goto err; Loading @@ -200,7 +207,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } ret = EVP_DigestVerifyUpdate(&ctx, buf_in, inl); ret = EVP_DigestVerifyUpdate(ctx, buf_in, inl); OPENSSL_clear_free(buf_in, (unsigned int)inl); Loading @@ -210,7 +217,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, } ret = -1; if (EVP_DigestVerifyFinal(&ctx, signature->data, if (EVP_DigestVerifyFinal(ctx, signature->data, (size_t)signature->length) <= 0) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ret = 0; Loading @@ -218,6 +225,6 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, } ret = 1; err: EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_destroy(ctx); return (ret); } Loading
apps/passwd.c +31 −27 Original line number Diff line number Diff line Loading @@ -307,7 +307,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) char *salt_out; int n; unsigned int i; EVP_MD_CTX md, md2; EVP_MD_CTX *md, *md2; size_t passwd_len, salt_len; passwd_len = strlen(passwd); Loading @@ -322,45 +322,50 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) salt_len = strlen(salt_out); assert(salt_len <= 8); EVP_MD_CTX_init(&md); EVP_DigestInit_ex(&md, EVP_md5(), NULL); EVP_DigestUpdate(&md, passwd, passwd_len); EVP_DigestUpdate(&md, "$", 1); EVP_DigestUpdate(&md, magic, strlen(magic)); EVP_DigestUpdate(&md, "$", 1); EVP_DigestUpdate(&md, salt_out, salt_len); EVP_MD_CTX_init(&md2); EVP_DigestInit_ex(&md2, EVP_md5(), NULL); EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(&md2, salt_out, salt_len); EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestFinal_ex(&md2, buf, NULL); md = EVP_MD_CTX_create(); if (md == NULL) return NULL; EVP_DigestInit_ex(md, EVP_md5(), NULL); EVP_DigestUpdate(md, passwd, passwd_len); EVP_DigestUpdate(md, "$", 1); EVP_DigestUpdate(md, magic, strlen(magic)); EVP_DigestUpdate(md, "$", 1); EVP_DigestUpdate(md, salt_out, salt_len); md2 = EVP_MD_CTX_create(); if (md2 == NULL) return NULL; EVP_DigestInit_ex(md2, EVP_md5(), NULL); EVP_DigestUpdate(md2, passwd, passwd_len); EVP_DigestUpdate(md2, salt_out, salt_len); EVP_DigestUpdate(md2, passwd, passwd_len); EVP_DigestFinal_ex(md2, buf, NULL); for (i = passwd_len; i > sizeof buf; i -= sizeof buf) EVP_DigestUpdate(&md, buf, sizeof buf); EVP_DigestUpdate(&md, buf, i); EVP_DigestUpdate(md, buf, sizeof buf); EVP_DigestUpdate(md, buf, i); n = passwd_len; while (n) { EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1); EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1); n >>= 1; } EVP_DigestFinal_ex(&md, buf, NULL); EVP_DigestFinal_ex(md, buf, NULL); for (i = 0; i < 1000; i++) { EVP_DigestInit_ex(&md2, EVP_md5(), NULL); EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf, EVP_DigestInit_ex(md2, EVP_md5(), NULL); EVP_DigestUpdate(md2, (i & 1) ? (unsigned const char *)passwd : buf, (i & 1) ? passwd_len : sizeof buf); if (i % 3) EVP_DigestUpdate(&md2, salt_out, salt_len); EVP_DigestUpdate(md2, salt_out, salt_len); if (i % 7) EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd, EVP_DigestUpdate(md2, passwd, passwd_len); EVP_DigestUpdate(md2, (i & 1) ? buf : (unsigned const char *)passwd, (i & 1) ? sizeof buf : passwd_len); EVP_DigestFinal_ex(&md2, buf, NULL); EVP_DigestFinal_ex(md2, buf, NULL); } EVP_MD_CTX_cleanup(&md2); EVP_MD_CTX_destroy(md2); EVP_MD_CTX_destroy(md); { /* transform buf into output string */ Loading Loading @@ -399,7 +404,6 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) *output = 0; assert(strlen(out_buf) < sizeof(out_buf)); } EVP_MD_CTX_cleanup(&md); return out_buf; } Loading
apps/req.c +26 −18 Original line number Diff line number Diff line Loading @@ -1492,7 +1492,8 @@ static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey, EVP_PKEY_CTX *pkctx = NULL; int i; EVP_MD_CTX_init(ctx); if (ctx == NULL) return 0; if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey)) return 0; for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) { Loading @@ -1510,13 +1511,16 @@ int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) { int rv; EVP_MD_CTX mctx; EVP_MD_CTX *mctx = EVP_MD_CTX_create(); EVP_MD_CTX_init(&mctx); rv = do_sign_init(&mctx, pkey, md, sigopts); rv = do_sign_init(mctx, pkey, md, sigopts); /* Note: X509_sign_ctx() calls ASN1_item_sign_ctx(), which destroys * the EVP_MD_CTX we send it, so only destroy it here if the former * isn't called */ if (rv > 0) rv = X509_sign_ctx(x, &mctx); EVP_MD_CTX_cleanup(&mctx); rv = X509_sign_ctx(x, mctx); else EVP_MD_CTX_destroy(mctx); return rv > 0 ? 1 : 0; } Loading @@ -1524,13 +1528,15 @@ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) { int rv; EVP_MD_CTX mctx; EVP_MD_CTX_init(&mctx); rv = do_sign_init(&mctx, pkey, md, sigopts); EVP_MD_CTX *mctx = EVP_MD_CTX_create(); rv = do_sign_init(mctx, pkey, md, sigopts); /* Note: X509_REQ_sign_ctx() calls ASN1_item_sign_ctx(), which destroys * the EVP_MD_CTX we send it, so only destroy it here if the former * isn't called */ if (rv > 0) rv = X509_REQ_sign_ctx(x, &mctx); EVP_MD_CTX_cleanup(&mctx); rv = X509_REQ_sign_ctx(x, mctx); else EVP_MD_CTX_destroy(mctx); return rv > 0 ? 1 : 0; } Loading @@ -1538,12 +1544,14 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) { int rv; EVP_MD_CTX mctx; EVP_MD_CTX_init(&mctx); rv = do_sign_init(&mctx, pkey, md, sigopts); EVP_MD_CTX *mctx = EVP_MD_CTX_create(); rv = do_sign_init(mctx, pkey, md, sigopts); /* Note: X509_CRL_sign_ctx() calls ASN1_item_sign_ctx(), which destroys * the EVP_MD_CTX we send it, so only destroy it here if the former * isn't called */ if (rv > 0) rv = X509_CRL_sign_ctx(x, &mctx); EVP_MD_CTX_cleanup(&mctx); rv = X509_CRL_sign_ctx(x, mctx); else EVP_MD_CTX_destroy(mctx); return rv > 0 ? 1 : 0; }
apps/ts.c +9 −4 Original line number Diff line number Diff line Loading @@ -523,17 +523,22 @@ static int create_digest(BIO *input, char *digest, const EVP_MD *md, return 0; if (input) { EVP_MD_CTX md_ctx; EVP_MD_CTX *md_ctx = EVP_MD_CTX_create(); unsigned char buffer[4096]; int length; if (md_ctx == NULL) return 0; *md_value = app_malloc(md_value_len, "digest buffer"); EVP_DigestInit(&md_ctx, md); EVP_DigestInit(md_ctx, md); while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) { EVP_DigestUpdate(&md_ctx, buffer, length); EVP_DigestUpdate(md_ctx, buffer, length); } if (!EVP_DigestFinal(&md_ctx, *md_value, NULL)) if (!EVP_DigestFinal(md_ctx, *md_value, NULL)) { EVP_MD_CTX_destroy(md_ctx); return 0; } EVP_MD_CTX_destroy(md_ctx); } else { long digest_len; *md_value = string_to_hex(digest, &digest_len); Loading
crypto/asn1/a_sign.c +20 −13 Original line number Diff line number Diff line Loading @@ -131,12 +131,15 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, const EVP_MD *type) { EVP_MD_CTX ctx; EVP_MD_CTX *ctx = EVP_MD_CTX_create(); unsigned char *p, *buf_in = NULL, *buf_out = NULL; int i, inl = 0, outl = 0, outll = 0; X509_ALGOR *a; EVP_MD_CTX_init(&ctx); if (ctx == NULL) { ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); goto err; } for (i = 0; i < 2; i++) { if (i == 0) a = algor1; Loading Loading @@ -182,9 +185,9 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, p = buf_in; i2d(data, &p); if (!EVP_SignInit_ex(&ctx, type, NULL) || !EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl) || !EVP_SignFinal(&ctx, (unsigned char *)buf_out, if (!EVP_SignInit_ex(ctx, type, NULL) || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl) || !EVP_SignFinal(ctx, (unsigned char *)buf_out, (unsigned int *)&outl, pkey)) { outl = 0; ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB); Loading @@ -201,7 +204,7 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err: EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_destroy(ctx); OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); OPENSSL_clear_free((char *)buf_out, outll); return (outl); Loading @@ -213,13 +216,17 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, const EVP_MD *type) { EVP_MD_CTX ctx; EVP_MD_CTX_init(&ctx); if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) { EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX *ctx = EVP_MD_CTX_create(); if (ctx == NULL) { ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE); return 0; } if (!EVP_DigestSignInit(ctx, NULL, type, NULL, pkey)) { EVP_MD_CTX_destroy(ctx); return 0; } return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx); return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx); } int ASN1_item_sign_ctx(const ASN1_ITEM *it, Loading @@ -234,7 +241,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, int rv; type = EVP_MD_CTX_md(ctx); pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); if (!type || !pkey) { ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); Loading Loading @@ -307,7 +314,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err: EVP_MD_CTX_cleanup(ctx); EVP_MD_CTX_destroy(ctx); OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); OPENSSL_clear_free((char *)buf_out, outll); return (outl); Loading
crypto/asn1/a_verify.c +20 −13 Original line number Diff line number Diff line Loading @@ -77,12 +77,15 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey) { EVP_MD_CTX ctx; EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *type; unsigned char *p, *buf_in = NULL; int ret = -1, i, inl; EVP_MD_CTX_init(&ctx); if (ctx == NULL) { ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); goto err; } i = OBJ_obj2nid(a->algorithm); type = EVP_get_digestbyname(OBJ_nid2sn(i)); if (type == NULL) { Loading @@ -104,8 +107,8 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, p = buf_in; i2d(data, &p); ret = EVP_VerifyInit_ex(&ctx, type, NULL) && EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl); ret = EVP_VerifyInit_ex(ctx, type, NULL) && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl); OPENSSL_clear_free(buf_in, (unsigned int)inl); Loading @@ -115,7 +118,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, } ret = -1; if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data, if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data, (unsigned int)signature->length, pkey) <= 0) { ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); ret = 0; Loading @@ -123,7 +126,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, } ret = 1; err: EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_destroy(ctx); return (ret); } Loading @@ -132,7 +135,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) { EVP_MD_CTX ctx; EVP_MD_CTX *ctx = NULL; unsigned char *buf_in = NULL; int ret = -1, inl; Loading @@ -148,7 +151,11 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, return -1; } EVP_MD_CTX_init(&ctx); ctx = EVP_MD_CTX_create(); if (ctx == NULL) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE); goto err; } /* Convert signature OID into digest and public key OIDs */ if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { Loading @@ -161,7 +168,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } ret = pkey->ameth->item_verify(&ctx, it, asn, a, signature, pkey); ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey); /* * Return value of 2 means carry on, anything else means we exit * straight away: either a fatal error of the underlying verification Loading @@ -185,7 +192,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ret = 0; goto err; Loading @@ -200,7 +207,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } ret = EVP_DigestVerifyUpdate(&ctx, buf_in, inl); ret = EVP_DigestVerifyUpdate(ctx, buf_in, inl); OPENSSL_clear_free(buf_in, (unsigned int)inl); Loading @@ -210,7 +217,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, } ret = -1; if (EVP_DigestVerifyFinal(&ctx, signature->data, if (EVP_DigestVerifyFinal(ctx, signature->data, (size_t)signature->length) <= 0) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ret = 0; Loading @@ -218,6 +225,6 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, } ret = 1; err: EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_destroy(ctx); return (ret); }
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>