use EVP_MD_CTX_create

lib/gssapi/krb5/8003.c

@@ -74,35 +74,35 @@ hash_input_chan_bindings (const gss_channel_bindings_t b,
 			  u_char *p)
 {
   u_char num[4];
-  EVP_MD_CTX ctx;
+  EVP_MD_CTX *ctx;
 
-  EVP_MD_CTX_init(&ctx);
-  EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
+  ctx = EVP_MD_CTX_create();
+  EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
 
   _gsskrb5_encode_om_uint32 (b->initiator_addrtype, num);
-  EVP_DigestUpdate(&ctx, num, sizeof(num));
+  EVP_DigestUpdate(ctx, num, sizeof(num));
   _gsskrb5_encode_om_uint32 (b->initiator_address.length, num);
-  EVP_DigestUpdate(&ctx, num, sizeof(num));
+  EVP_DigestUpdate(ctx, num, sizeof(num));
   if (b->initiator_address.length)
-      EVP_DigestUpdate(&ctx,
+      EVP_DigestUpdate(ctx,
 		       b->initiator_address.value,
 		       b->initiator_address.length);
   _gsskrb5_encode_om_uint32 (b->acceptor_addrtype, num);
-  EVP_DigestUpdate(&ctx, num, sizeof(num));
+  EVP_DigestUpdate(ctx, num, sizeof(num));
   _gsskrb5_encode_om_uint32 (b->acceptor_address.length, num);
-  EVP_DigestUpdate(&ctx, num, sizeof(num));
+  EVP_DigestUpdate(ctx, num, sizeof(num));
   if (b->acceptor_address.length)
-      EVP_DigestUpdate(&ctx, 
+      EVP_DigestUpdate(ctx, 
 		       b->acceptor_address.value,
 		       b->acceptor_address.length);
   _gsskrb5_encode_om_uint32 (b->application_data.length, num);
-  EVP_DigestUpdate(&ctx, num, sizeof(num));
+  EVP_DigestUpdate(ctx, num, sizeof(num));
   if (b->application_data.length)
-      EVP_DigestUpdate(&ctx,
+      EVP_DigestUpdate(ctx,
 		       b->application_data.value,
 		       b->application_data.length);
-  EVP_DigestFinal_ex(&ctx, p, NULL);
-  EVP_MD_CTX_cleanup(&ctx);
+  EVP_DigestFinal_ex(ctx, p, NULL);
+  EVP_MD_CTX_destroy(ctx);
 
   return 0;
 }

lib/gssapi/ntlm/crypto.c

@@ -80,7 +80,7 @@ _gss_ntlm_set_key(struct ntlmv2_key *key, int acceptor, int sealsign,
 		  unsigned char *data, size_t len)
 {
     unsigned char out[16];
-    EVP_MD_CTX ctx;
+    EVP_MD_CTX *ctx;
     const char *signmagic;
     const char *sealmagic;
 
@@ -94,19 +94,17 @@ _gss_ntlm_set_key(struct ntlmv2_key *key, int acceptor, int sealsign,
 
     key->seq = 0;
 
-    EVP_MD_CTX_init(&ctx);
-    EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
-    EVP_DigestUpdate(&ctx, data, len);
-    EVP_DigestUpdate(&ctx, signmagic, strlen(signmagic) + 1);
-    EVP_DigestFinal_ex(&ctx, key->signkey, NULL);
-    EVP_MD_CTX_cleanup(&ctx);
+    ctx = EVP_MD_CTX_create();
+    EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+    EVP_DigestUpdate(ctx, data, len);
+    EVP_DigestUpdate(ctx, signmagic, strlen(signmagic) + 1);
+    EVP_DigestFinal_ex(ctx, key->signkey, NULL);
 
-    EVP_MD_CTX_init(&ctx);
-    EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
-    EVP_DigestUpdate(&ctx, data, len);
-    EVP_DigestUpdate(&ctx, sealmagic, strlen(sealmagic) + 1);
-    EVP_DigestFinal_ex(&ctx, out, NULL);
-    EVP_MD_CTX_cleanup(&ctx);
+    EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+    EVP_DigestUpdate(ctx, data, len);
+    EVP_DigestUpdate(ctx, sealmagic, strlen(sealmagic) + 1);
+    EVP_DigestFinal_ex(ctx, out, NULL);
+    EVP_MD_CTX_destroy(ctx);
 
     RC4_set_key(&key->sealkey, 16, out);
     if (sealsign)

lib/hx509/ca.c

@@ -1193,14 +1193,14 @@ ca_sign(hx509_context context,
 	unsigned char hash[SHA_DIGEST_LENGTH];
 
 	{
-	    EVP_MD_CTX ctx;
+	    EVP_MD_CTX *ctx;
 
-	    EVP_MD_CTX_init(&ctx);
-	    EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL);
-	    EVP_DigestUpdate(&ctx, tbs->spki.subjectPublicKey.data,
+	    ctx = EVP_MD_CTX_create();
+	    EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
+	    EVP_DigestUpdate(ctx, tbs->spki.subjectPublicKey.data,
 			     tbs->spki.subjectPublicKey.length / 8);
-	    EVP_DigestFinal_ex(&ctx, hash, NULL);
-	    EVP_MD_CTX_cleanup(&ctx);
+	    EVP_DigestFinal_ex(ctx, hash, NULL);
+	    EVP_MD_CTX_destroy(ctx);
 	}
 
 	si.data = hash;

lib/hx509/crypto.c

@@ -1141,7 +1141,7 @@ evp_md_create_signature(hx509_context context,
 			heim_octet_string *sig)
 {
     size_t sigsize = EVP_MD_size(sig_alg->evp_md());
-    EVP_MD_CTX ctx;
+    EVP_MD_CTX *ctx;
 
     memset(sig, 0, sizeof(*sig));
 
@@ -1161,11 +1161,11 @@ evp_md_create_signature(hx509_context context,
     }
     sig->length = sigsize;
 
-    EVP_MD_CTX_init(&ctx);
-    EVP_DigestInit_ex(&ctx, sig_alg->evp_md(), NULL);
-    EVP_DigestUpdate(&ctx, data->data, data->length);
-    EVP_DigestFinal_ex(&ctx, sig->data, NULL);
-    EVP_MD_CTX_cleanup(&ctx);
+    ctx = EVP_MD_CTX_create();
+    EVP_DigestInit_ex(ctx, sig_alg->evp_md(), NULL);
+    EVP_DigestUpdate(ctx, data->data, data->length);
+    EVP_DigestFinal_ex(ctx, sig->data, NULL);
+    EVP_MD_CTX_destroy(ctx);
 
 
     return 0;
@@ -1180,7 +1180,7 @@ evp_md_verify_signature(hx509_context context,
 			const heim_octet_string *sig)
 {
     unsigned char digest[EVP_MAX_MD_SIZE];
-    EVP_MD_CTX ctx;
+    EVP_MD_CTX *ctx;
     size_t sigsize = EVP_MD_size(sig_alg->evp_md());
 
     if (sig->length != sigsize || sigsize > sizeof(digest)) {
@@ -1189,11 +1189,11 @@ evp_md_verify_signature(hx509_context context,
 	return HX509_CRYPTO_SIG_INVALID_FORMAT;
     }
 
-    EVP_MD_CTX_init(&ctx);
-    EVP_DigestInit_ex(&ctx, sig_alg->evp_md(), NULL);
-    EVP_DigestUpdate(&ctx, data->data, data->length);
-    EVP_DigestFinal_ex(&ctx, digest, NULL);
-    EVP_MD_CTX_cleanup(&ctx);
+    ctx = EVP_MD_CTX_create();
+    EVP_DigestInit_ex(ctx, sig_alg->evp_md(), NULL);
+    EVP_DigestUpdate(ctx, data->data, data->length);
+    EVP_DigestFinal_ex(ctx, digest, NULL);
+    EVP_MD_CTX_destroy(ctx);
 
     if (ct_memcmp(digest, sig->data, sigsize) != 0) {
 	hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,

lib/hx509/hxtool-commands.in

@@ -156,9 +156,9 @@ command = {
 		type = "string"
 		help = "file containing content"
 	}
-	min_args="2"
+	min_args="1"
 	max_args="2"
-	argument="in-file out-file"
+	argument="in-file [out-file]"
 	help = "Verify a file within a SignedData object"
 }
 command = {