From 62ba834554d8795cb247a3a6fd630b56f1716709 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 20 Apr 2020 17:04:57 +0100 Subject: [PATCH] Fix test_ssl_new test failure A couple of fetches of the MD5 and SHA1 digests were not using the libctx in libssl and causing test_ssl_new to fail in travis. This only occurs on builds with SSLv3 enabled (its disabled by default). [extended tests] Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11586) --- ssl/s3_enc.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 76bea32dbd..f67f47a933 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -17,7 +17,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) { - EVP_MD *md5; + const EVP_MD *md5 = NULL, *sha1 = NULL; EVP_MD_CTX *m5; EVP_MD_CTX *s1; unsigned char buf[16], smd[SHA_DIGEST_LENGTH]; @@ -29,10 +29,11 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) c = os_toascii[c]; /* 'A' in ASCII */ #endif k = 0; - md5 = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_MD5, "-fips"); + md5 = ssl_evp_md_fetch(s->ctx->libctx, NID_md5, s->ctx->propq); + sha1 = ssl_evp_md_fetch(s->ctx->libctx, NID_sha1, s->ctx->propq); m5 = EVP_MD_CTX_new(); s1 = EVP_MD_CTX_new(); - if (md5 == NULL || m5 == NULL || s1 == NULL) { + if (md5 == NULL || sha1 == NULL || m5 == NULL || s1 == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_MALLOC_FAILURE); goto err; @@ -49,7 +50,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) for (j = 0; j < k; j++) buf[j] = c; c++; - if (!EVP_DigestInit_ex(s1, EVP_sha1(), NULL) + if (!EVP_DigestInit_ex(s1, sha1, NULL) || !EVP_DigestUpdate(s1, buf, k) || !EVP_DigestUpdate(s1, s->session->master_key, s->session->master_key_length) @@ -87,6 +88,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) EVP_MD_CTX_free(m5); EVP_MD_CTX_free(s1); ssl_evp_md_free(md5); + ssl_evp_md_free(sha1); return ret; } -- 2.25.1