[openssl] master update

beldmit at gmail.com beldmit at gmail.com
Tue Apr 20 08:13:48 UTC 2021


The branch master has been updated
       via  a78c7c0bfe56d67022ca18cfabefc73926dde0ae (commit)
       via  99adfa455ccd1abb73e264224c33c09e586776d2 (commit)
       via  606a417fb2b6ce5d1d112f2f3f710c8085744627 (commit)
      from  c39352e4e4952a9f4b2171134af0e015a4d40768 (commit)


- Log -----------------------------------------------------------------
commit a78c7c0bfe56d67022ca18cfabefc73926dde0ae
Author: Rich Salz <rsalz at akamai.com>
Date:   Fri Apr 16 11:29:35 2021 -0400

    Flip ordering back
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/14219)

commit 99adfa455ccd1abb73e264224c33c09e586776d2
Author: Rich Salz <rsalz at akamai.com>
Date:   Thu Apr 15 17:00:57 2021 -0400

    Fetch before get-by-name
    
    This causes tests to break.  Pushing it to help others debug.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/14219)

commit 606a417fb2b6ce5d1d112f2f3f710c8085744627
Author: Rich Salz <rsalz at akamai.com>
Date:   Wed Feb 17 16:15:27 2021 -0500

    Fetch and free cipher and md's
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/14219)

-----------------------------------------------------------------------

Summary of changes:
 apps/ca.c          |  5 +++--
 apps/cms.c         | 17 ++++++++++-------
 apps/crl.c         |  3 ++-
 apps/dgst.c        | 10 ++++++----
 apps/dsa.c         |  3 ++-
 apps/ec.c          |  3 ++-
 apps/enc.c         |  8 +++++---
 apps/gendsa.c      |  3 ++-
 apps/genpkey.c     |  3 ++-
 apps/genrsa.c      |  3 ++-
 apps/include/opt.h |  4 ++--
 apps/lib/opt.c     | 14 ++++++++++----
 apps/ocsp.c        | 14 ++++++++------
 apps/pkcs12.c      |  9 +++++----
 apps/pkcs8.c       |  9 +++++----
 apps/pkey.c        |  3 ++-
 apps/pkeyutl.c     |  2 ++
 apps/req.c         |  8 +++++---
 apps/rsa.c         |  3 ++-
 apps/smime.c       |  8 +++++---
 apps/storeutl.c    |  3 ++-
 apps/ts.c          |  3 ++-
 apps/x509.c        |  3 ++-
 23 files changed, 88 insertions(+), 53 deletions(-)

diff --git a/apps/ca.c b/apps/ca.c
index cec5c8f1ac..6c1df8d2e3 100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -270,7 +270,7 @@ int ca_main(int argc, char **argv)
     STACK_OF(OPENSSL_STRING) *sigopts = NULL, *vfyopts = NULL;
     STACK_OF(X509) *cert_sk = NULL;
     X509_CRL *crl = NULL;
-    const EVP_MD *dgst = NULL;
+    EVP_MD *dgst = NULL;
     char *configfile = default_config_file, *section = NULL;
     char *md = NULL, *policy = NULL, *keyfile = NULL;
     char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL;
@@ -795,7 +795,7 @@ end_of_options:
      */
     if (def_ret == 2 && def_nid == NID_undef) {
         /* The signing algorithm requires there to be no digest */
-        dgst = EVP_md_null();
+        dgst = (EVP_MD *)EVP_md_null();
     } else if (md == NULL
                && (md = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL) {
         goto end;
@@ -1330,6 +1330,7 @@ end_of_options:
     sk_OPENSSL_STRING_free(sigopts);
     sk_OPENSSL_STRING_free(vfyopts);
     EVP_PKEY_free(pkey);
+    EVP_MD_free(dgst);
     X509_free(x509);
     X509_CRL_free(crl);
     NCONF_free(conf);
diff --git a/apps/cms.c b/apps/cms.c
index 56f0b37bbf..b55e0063dd 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -276,8 +276,8 @@ int cms_main(int argc, char **argv)
     CMS_ReceiptRequest *rr = NULL;
     ENGINE *e = NULL;
     EVP_PKEY *key = NULL;
-    const EVP_CIPHER *cipher = NULL, *wrap_cipher = NULL;
-    const EVP_MD *sign_md = NULL;
+    EVP_CIPHER *cipher = NULL, *wrap_cipher = NULL;
+    EVP_MD *sign_md = NULL;
     STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
     STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
     STACK_OF(X509) *encerts = NULL, *other = NULL;
@@ -679,17 +679,17 @@ int cms_main(int argc, char **argv)
             break;
         case OPT_3DES_WRAP:
 # ifndef OPENSSL_NO_DES
-            wrap_cipher = EVP_des_ede3_wrap();
+            wrap_cipher = (EVP_CIPHER *)EVP_des_ede3_wrap();
 # endif
             break;
         case OPT_AES128_WRAP:
-            wrap_cipher = EVP_aes_128_wrap();
+            wrap_cipher = (EVP_CIPHER *)EVP_aes_128_wrap();
             break;
         case OPT_AES192_WRAP:
-            wrap_cipher = EVP_aes_192_wrap();
+            wrap_cipher = (EVP_CIPHER *)EVP_aes_192_wrap();
             break;
         case OPT_AES256_WRAP:
-            wrap_cipher = EVP_aes_256_wrap();
+            wrap_cipher = (EVP_CIPHER *)EVP_aes_256_wrap();
             break;
         case OPT_WRAP:
             if (!opt_cipher(opt_unknown(), &wrap_cipher))
@@ -803,7 +803,7 @@ int cms_main(int argc, char **argv)
     if (operation == SMIME_ENCRYPT) {
         if (!cipher) {
 # ifndef OPENSSL_NO_DES
-            cipher = EVP_des_ede3_cbc();
+            cipher = (EVP_CIPHER *)EVP_des_ede3_cbc();
 # else
             BIO_printf(bio_err, "No cipher selected\n");
             goto end;
@@ -1249,6 +1249,9 @@ int cms_main(int argc, char **argv)
     X509_free(recip);
     X509_free(signer);
     EVP_PKEY_free(key);
+    EVP_CIPHER_free(cipher);
+    EVP_CIPHER_free(wrap_cipher);
+    EVP_MD_free(sign_md);
     CMS_ContentInfo_free(cms);
     CMS_ContentInfo_free(rcms);
     release_engine(e);
diff --git a/apps/crl.c b/apps/crl.c
index e8b501a8af..7f09d476c1 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -82,7 +82,7 @@ int crl_main(int argc, char **argv)
     X509_LOOKUP *lookup = NULL;
     X509_OBJECT *xobj = NULL;
     EVP_PKEY *pkey;
-    const EVP_MD *digest = EVP_sha1();
+    EVP_MD *digest = (EVP_MD *)EVP_sha1();
     char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
     char *digestname = NULL;
     const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL, *prog;
@@ -381,6 +381,7 @@ int crl_main(int argc, char **argv)
     if (ret != 0)
         ERR_print_errors(bio_err);
     BIO_free_all(out);
+    EVP_MD_free(digest);
     X509_CRL_free(x);
     X509_STORE_CTX_free(ctx);
     X509_STORE_free(store);
diff --git a/apps/dgst.c b/apps/dgst.c
index 5ddbef8bcc..13a4e0773b 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -99,7 +99,7 @@ int dgst_main(int argc, char **argv)
     char *hmac_key = NULL;
     char *mac_name = NULL, *digestname = NULL;
     char *passinarg = NULL, *passin = NULL;
-    const EVP_MD *md = NULL;
+    EVP_MD *md = NULL;
     const char *outfile = NULL, *keyfile = NULL, *prog = NULL;
     const char *sigfile = NULL;
     const char *md_name = NULL;
@@ -112,7 +112,7 @@ int dgst_main(int argc, char **argv)
     struct doall_dgst_digests dec;
 
     buf = app_malloc(BUFSIZE, "I/O buffer");
-    md = EVP_get_digestbyname(argv[0]);
+    md = (EVP_MD *)EVP_get_digestbyname(argv[0]);
 
     prog = opt_init(argc, argv, dgst_options);
     while ((o = opt_next()) != OPT_EOF) {
@@ -375,7 +375,7 @@ int dgst_main(int argc, char **argv)
             goto end;
         }
         if (md == NULL)
-            md = EVP_sha256();
+            md = (EVP_MD *)EVP_sha256();
         if (!EVP_DigestInit_ex(mctx, md, impl)) {
             BIO_printf(bio_err, "Error setting digest\n");
             ERR_print_errors(bio_err);
@@ -404,8 +404,9 @@ int dgst_main(int argc, char **argv)
 
     if (md == NULL) {
         EVP_MD_CTX *tctx;
+
         BIO_get_md_ctx(bmd, &tctx);
-        md = EVP_MD_CTX_get0_md(tctx);
+        md = EVP_MD_CTX_get1_md(tctx);
     }
     if (md != NULL)
         md_name = EVP_MD_name(md);
@@ -452,6 +453,7 @@ int dgst_main(int argc, char **argv)
     BIO_free(in);
     OPENSSL_free(passin);
     BIO_free_all(out);
+    EVP_MD_free(md);
     EVP_PKEY_free(sigkey);
     sk_OPENSSL_STRING_free(sigopts);
     sk_OPENSSL_STRING_free(macopts);
diff --git a/apps/dsa.c b/apps/dsa.c
index 3a799ea17f..9ea1098514 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -79,7 +79,7 @@ int dsa_main(int argc, char **argv)
     BIO *out = NULL;
     ENGINE *e = NULL;
     EVP_PKEY *pkey = NULL;
-    const EVP_CIPHER *enc = NULL;
+    EVP_CIPHER *enc = NULL;
     char *infile = NULL, *outfile = NULL, *prog;
     char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
     OPTION_CHOICE o;
@@ -289,6 +289,7 @@ int dsa_main(int argc, char **argv)
     OSSL_ENCODER_CTX_free(ectx);
     BIO_free_all(out);
     EVP_PKEY_free(pkey);
+    EVP_CIPHER_free(enc);
     release_engine(e);
     OPENSSL_free(passin);
     OPENSSL_free(passout);
diff --git a/apps/ec.c b/apps/ec.c
index 490a64122b..3d5371ccdc 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -69,7 +69,7 @@ int ec_main(int argc, char **argv)
     EVP_PKEY *eckey = NULL;
     BIO *in = NULL, *out = NULL;
     ENGINE *e = NULL;
-    const EVP_CIPHER *enc = NULL;
+    EVP_CIPHER *enc = NULL;
     char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog;
     char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
     OPTION_CHOICE o;
@@ -279,6 +279,7 @@ end:
     BIO_free(in);
     BIO_free_all(out);
     EVP_PKEY_free(eckey);
+    EVP_CIPHER_free(enc);
     OSSL_ENCODER_CTX_free(ectx);
     OSSL_DECODER_CTX_free(dctx);
     EVP_PKEY_CTX_free(pctx);
diff --git a/apps/enc.c b/apps/enc.c
index 3647a1ce61..242d3ef0aa 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -109,8 +109,8 @@ int enc_main(int argc, char **argv)
     BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
         NULL, *wbio = NULL;
     EVP_CIPHER_CTX *ctx = NULL;
-    const EVP_CIPHER *cipher = NULL;
-    const EVP_MD *dgst = NULL;
+    EVP_CIPHER *cipher = NULL;
+    EVP_MD *dgst = NULL;
     const char *digestname = NULL;
     char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p;
     char *infile = NULL, *outfile = NULL, *prog;
@@ -314,7 +314,7 @@ int enc_main(int argc, char **argv)
             goto opthelp;
     }
     if (dgst == NULL)
-        dgst = EVP_sha256();
+        dgst = (EVP_MD *)EVP_sha256();
 
     if (iter == 0)
         iter = 1;
@@ -633,6 +633,8 @@ int enc_main(int argc, char **argv)
     BIO_free_all(out);
     BIO_free(benc);
     BIO_free(b64);
+    EVP_MD_free(dgst);
+    EVP_CIPHER_free(cipher);
 #ifdef ZLIB
     BIO_free(bzl);
 #endif
diff --git a/apps/gendsa.c b/apps/gendsa.c
index 97904d2c82..38d7b4a3eb 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -56,7 +56,7 @@ int gendsa_main(int argc, char **argv)
     BIO *out = NULL, *in = NULL;
     EVP_PKEY *pkey = NULL;
     EVP_PKEY_CTX *ctx = NULL;
-    const EVP_CIPHER *enc = NULL;
+    EVP_CIPHER *enc = NULL;
     char *dsaparams = NULL, *ciphername = NULL;
     char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog;
     OPTION_CHOICE o;
@@ -166,6 +166,7 @@ int gendsa_main(int argc, char **argv)
     BIO_free_all(out);
     EVP_PKEY_free(pkey);
     EVP_PKEY_CTX_free(ctx);
+    EVP_CIPHER_free(enc);
     release_engine(e);
     OPENSSL_free(passout);
     return ret;
diff --git a/apps/genpkey.c b/apps/genpkey.c
index 4d28b4ecc2..746cd5902f 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -64,7 +64,7 @@ int genpkey_main(int argc, char **argv)
     EVP_PKEY_CTX *ctx = NULL;
     char *outfile = NULL, *passarg = NULL, *pass = NULL, *prog, *p;
     const char *ciphername = NULL, *paramfile = NULL, *algname = NULL;
-    const EVP_CIPHER *cipher = NULL;
+    EVP_CIPHER *cipher = NULL;
     OPTION_CHOICE o;
     int outformat = FORMAT_PEM, text = 0, ret = 1, rv, do_param = 0;
     int private = 0, i, m;
@@ -234,6 +234,7 @@ int genpkey_main(int argc, char **argv)
     sk_OPENSSL_STRING_free(keyopt);
     EVP_PKEY_free(pkey);
     EVP_PKEY_CTX_free(ctx);
+    EVP_CIPHER_free(cipher);
     BIO_free_all(out);
     BIO_free(in);
     release_engine(e);
diff --git a/apps/genrsa.c b/apps/genrsa.c
index ab991d2385..ee68d67043 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -82,7 +82,7 @@ int genrsa_main(int argc, char **argv)
     BIO *out = NULL;
     EVP_PKEY *pkey = NULL;
     EVP_PKEY_CTX *ctx = NULL;
-    const EVP_CIPHER *enc = NULL;
+    EVP_CIPHER *enc = NULL;
     int ret = 1, num = DEFBITS, private = 0, primes = DEFPRIMES;
     unsigned long f4 = RSA_F4;
     char *outfile = NULL, *passoutarg = NULL, *passout = NULL;
@@ -243,6 +243,7 @@ opthelp:
     BN_GENCB_free(cb);
     EVP_PKEY_CTX_free(ctx);
     EVP_PKEY_free(pkey);
+    EVP_CIPHER_free(enc);
     BIO_free_all(out);
     release_engine(eng);
     OPENSSL_free(passout);
diff --git a/apps/include/opt.h b/apps/include/opt.h
index 3d79224d04..79018c8cb8 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -366,8 +366,8 @@ int opt_umax(const char *arg, uintmax_t *result);
 #endif
 int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
 int opt_string(const char *name, const char **options);
-int opt_cipher(const char *name, const EVP_CIPHER **cipherp);
-int opt_md(const char *name, const EVP_MD **mdp);
+int opt_cipher(const char *name, EVP_CIPHER **cipherp);
+int opt_md(const char *name, EVP_MD **mdp);
 char *opt_arg(void);
 char *opt_flag(void);
 char *opt_unknown(void);
diff --git a/apps/lib/opt.c b/apps/lib/opt.c
index 4077cf2936..d22a884e67 100644
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@@ -356,9 +356,12 @@ void print_format_error(int format, unsigned long flags)
 }
 
 /* Parse a cipher name, put it in *EVP_CIPHER; return 0 on failure, else 1. */
-int opt_cipher(const char *name, const EVP_CIPHER **cipherp)
+int opt_cipher(const char *name, EVP_CIPHER **cipherp)
 {
-    *cipherp = EVP_get_cipherbyname(name);
+    *cipherp = EVP_CIPHER_fetch(NULL, name, NULL);
+    if (*cipherp != NULL)
+        return 1;
+    *cipherp = (EVP_CIPHER *)EVP_get_cipherbyname(name);
     if (*cipherp != NULL)
         return 1;
     opt_printf_stderr("%s: Unknown cipher: %s\n", prog, name);
@@ -368,9 +371,12 @@ int opt_cipher(const char *name, const EVP_CIPHER **cipherp)
 /*
  * Parse message digest name, put it in *EVP_MD; return 0 on failure, else 1.
  */
-int opt_md(const char *name, const EVP_MD **mdp)
+int opt_md(const char *name, EVP_MD **mdp)
 {
-    *mdp = EVP_get_digestbyname(name);
+    *mdp = (EVP_MD *)EVP_get_digestbyname(name);
+    if (*mdp != NULL)
+        return 1;
+    *mdp = EVP_MD_fetch(NULL, name, NULL);
     if (*mdp != NULL)
         return 1;
     opt_printf_stderr("%s: Unknown option or message digest: %s\n", prog,
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 7d64ee2d02..a4d2e63654 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -203,7 +203,7 @@ const OPTIONS ocsp_options[] = {
 int ocsp_main(int argc, char **argv)
 {
     BIO *acbio = NULL, *cbio = NULL, *derbio = NULL, *out = NULL;
-    const EVP_MD *cert_id_md = NULL, *rsign_md = NULL;
+    EVP_MD *cert_id_md = NULL, *rsign_md = NULL;
     STACK_OF(OPENSSL_STRING) *rsign_sigopts = NULL;
     int trailing_md = 0;
     CA_DB *rdb = NULL;
@@ -218,7 +218,7 @@ int ocsp_main(int argc, char **argv)
     STACK_OF(X509) *issuers = NULL;
     X509 *issuer = NULL, *cert = NULL;
     STACK_OF(X509) *rca_cert = NULL;
-    const EVP_MD *resp_certid_md = NULL;
+    EVP_MD *resp_certid_md = NULL;
     X509 *signer = NULL, *rsigner = NULL;
     X509_STORE *store = NULL;
     X509_VERIFY_PARAM *vpm = NULL;
@@ -418,7 +418,7 @@ int ocsp_main(int argc, char **argv)
             if (cert == NULL)
                 goto end;
             if (cert_id_md == NULL)
-                cert_id_md = EVP_sha1();
+                cert_id_md = (EVP_MD *)EVP_sha1();
             if (!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids))
                 goto end;
             if (!sk_OPENSSL_STRING_push(reqnames, opt_arg()))
@@ -427,7 +427,7 @@ int ocsp_main(int argc, char **argv)
             break;
         case OPT_SERIAL:
             if (cert_id_md == NULL)
-                cert_id_md = EVP_sha1();
+                cert_id_md = (EVP_MD *)EVP_sha1();
             if (!add_ocsp_serial(&req, opt_arg(), cert_id_md, issuer, ids))
                 goto end;
             if (!sk_OPENSSL_STRING_push(reqnames, opt_arg()))
@@ -485,8 +485,7 @@ int ocsp_main(int argc, char **argv)
                 goto end;
             break;
         case OPT_RCID:
-            resp_certid_md = EVP_get_digestbyname(opt_arg());
-            if (resp_certid_md == NULL)
+            if (!opt_md(opt_arg(), &resp_certid_md))
                 goto opthelp;
             break;
         case OPT_MD:
@@ -827,6 +826,9 @@ redo_accept:
     sk_OPENSSL_STRING_free(rsign_sigopts);
     EVP_PKEY_free(key);
     EVP_PKEY_free(rkey);
+    EVP_MD_free(cert_id_md);
+    EVP_MD_free(rsign_md);
+    EVP_MD_free(resp_certid_md);
     X509_free(cert);
     sk_X509_pop_free(issuers, X509_free);
     X509_free(rsigner);
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 8c515870de..e8adeccb5c 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -165,8 +165,8 @@ int pkcs12_main(int argc, char **argv)
     BIO *in = NULL, *out = NULL;
     PKCS12 *p12 = NULL;
     STACK_OF(OPENSSL_STRING) *canames = NULL;
-    const EVP_CIPHER *const default_enc = EVP_aes_256_cbc();
-    const EVP_CIPHER *enc = default_enc;
+    EVP_CIPHER *default_enc = (EVP_CIPHER *)EVP_aes_256_cbc();
+    EVP_CIPHER *enc = (EVP_CIPHER *)default_enc;
     OPTION_CHOICE o;
 
     prog = opt_init(argc, argv, pkcs12_options);
@@ -433,7 +433,7 @@ int pkcs12_main(int argc, char **argv)
         if (key_pbe == NID_undef)
             key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
         if (enc == default_enc)
-            enc = EVP_des_ede3_cbc();
+            enc = (EVP_CIPHER *)EVP_des_ede3_cbc();
         if (macalg == NULL)
             macalg = "sha1";
     }
@@ -501,7 +501,7 @@ int pkcs12_main(int argc, char **argv)
         X509 *ee_cert = NULL, *x = NULL;
         STACK_OF(X509) *certs = NULL;
         STACK_OF(X509) *untrusted_certs = NULL;
-        const EVP_MD *macmd = NULL;
+        EVP_MD *macmd = NULL;
         unsigned char *catmp = NULL;
         int i;
 
@@ -679,6 +679,7 @@ int pkcs12_main(int argc, char **argv)
  export_end:
 
         EVP_PKEY_free(key);
+        EVP_MD_free(macmd);
         sk_X509_pop_free(certs, X509_free);
         sk_X509_pop_free(untrusted_certs, X509_free);
         X509_free(ee_cert);
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index cfcb341787..653cb45faa 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -74,7 +74,7 @@ int pkcs8_main(int argc, char **argv)
     EVP_PKEY *pkey = NULL;
     PKCS8_PRIV_KEY_INFO *p8inf = NULL;
     X509_SIG *p8 = NULL;
-    const EVP_CIPHER *cipher = NULL;
+    EVP_CIPHER *cipher = NULL;
     char *infile = NULL, *outfile = NULL, *ciphername = NULL;
     char *passinarg = NULL, *passoutarg = NULL, *prog;
 #ifndef OPENSSL_NO_UI_CONSOLE
@@ -154,7 +154,7 @@ int pkcs8_main(int argc, char **argv)
                 goto opthelp;
             }
             if (cipher == NULL)
-                cipher = EVP_aes_256_cbc();
+                cipher = (EVP_CIPHER *)EVP_aes_256_cbc();
             break;
         case OPT_ITER:
             if (!opt_int(opt_arg(), &iter))
@@ -175,7 +175,7 @@ int pkcs8_main(int argc, char **argv)
             scrypt_r = 8;
             scrypt_p = 1;
             if (cipher == NULL)
-                cipher = EVP_aes_256_cbc();
+                cipher = (EVP_CIPHER *)EVP_aes_256_cbc();
             break;
         case OPT_SCRYPT_N:
             if (!opt_long(opt_arg(), &scrypt_N) || scrypt_N <= 0)
@@ -213,7 +213,7 @@ int pkcs8_main(int argc, char **argv)
     }
 
     if ((pbe_nid == -1) && cipher == NULL)
-        cipher = EVP_aes_256_cbc();
+        cipher = (EVP_CIPHER *)EVP_aes_256_cbc();
 
     in = bio_open_default(infile, 'r', informat);
     if (in == NULL)
@@ -370,6 +370,7 @@ int pkcs8_main(int argc, char **argv)
     X509_SIG_free(p8);
     PKCS8_PRIV_KEY_INFO_free(p8inf);
     EVP_PKEY_free(pkey);
+    EVP_CIPHER_free(cipher);
     release_engine(e);
     BIO_free_all(out);
     BIO_free(in);
diff --git a/apps/pkey.c b/apps/pkey.c
index 5cf0abe04b..0587aacc30 100644
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -71,7 +71,7 @@ int pkey_main(int argc, char **argv)
     ENGINE *e = NULL;
     EVP_PKEY *pkey = NULL;
     EVP_PKEY_CTX *ctx = NULL;
-    const EVP_CIPHER *cipher = NULL;
+    EVP_CIPHER *cipher = NULL;
     char *infile = NULL, *outfile = NULL, *passin = NULL, *passout = NULL;
     char *passinarg = NULL, *passoutarg = NULL, *ciphername = NULL, *prog;
     OPTION_CHOICE o;
@@ -318,6 +318,7 @@ int pkey_main(int argc, char **argv)
         ERR_print_errors(bio_err);
     EVP_PKEY_CTX_free(ctx);
     EVP_PKEY_free(pkey);
+    EVP_CIPHER_free(cipher);
     release_engine(e);
     BIO_free_all(out);
     BIO_free(in);
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index fd1cdf8f4b..a9571b5f63 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -124,6 +124,7 @@ int pkeyutl_main(int argc, char **argv)
     STACK_OF(OPENSSL_STRING) *pkeyopts_passin = NULL;
     int rawin = 0;
     EVP_MD_CTX *mctx = NULL;
+    EVP_MD *md = NULL;
     int filesize = -1;
     OSSL_LIB_CTX *libctx = app_get0_libctx();
 
@@ -507,6 +508,7 @@ int pkeyutl_main(int argc, char **argv)
  end:
     EVP_MD_CTX_free(mctx);
     EVP_PKEY_CTX_free(ctx);
+    EVP_MD_free(md);
     release_engine(e);
     BIO_free(in);
     BIO_free_all(out);
diff --git a/apps/req.c b/apps/req.c
index 1b17adb6f4..4e1cae6ba6 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -239,8 +239,8 @@ int req_main(int argc, char **argv)
     LHASH_OF(OPENSSL_STRING) *addexts = NULL;
     X509 *new_x509 = NULL, *CAcert = NULL;
     X509_REQ *req = NULL;
-    const EVP_CIPHER *cipher = NULL;
-    const EVP_MD *md_alg = NULL, *digest = NULL;
+    EVP_CIPHER *cipher = NULL;
+    EVP_MD *md_alg = NULL, *digest = NULL;
     int ext_copy = EXT_COPY_UNSET;
     BIO *addext_bio = NULL;
     char *extensions = NULL;
@@ -264,7 +264,7 @@ int req_main(int argc, char **argv)
     unsigned long chtype = MBSTRING_ASC, reqflag = 0;
 
 #ifndef OPENSSL_NO_DES
-    cipher = EVP_des_ede3_cbc();
+    cipher = (EVP_CIPHER *)EVP_des_ede3_cbc();
 #endif
 
     prog = opt_init(argc, argv, req_options);
@@ -1058,6 +1058,8 @@ int req_main(int argc, char **argv)
     BIO_free(addext_bio);
     BIO_free_all(out);
     EVP_PKEY_free(pkey);
+    EVP_MD_free(md_alg);
+    EVP_MD_free(digest);
     EVP_PKEY_CTX_free(genctx);
     sk_OPENSSL_STRING_free(pkeyopts);
     sk_OPENSSL_STRING_free(sigopts);
diff --git a/apps/rsa.c b/apps/rsa.c
index 251f84f210..fc1db506d7 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -92,7 +92,7 @@ int rsa_main(int argc, char **argv)
     BIO *out = NULL;
     EVP_PKEY *pkey = NULL;
     EVP_PKEY_CTX *pctx;
-    const EVP_CIPHER *enc = NULL;
+    EVP_CIPHER *enc = NULL;
     char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog;
     char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
     int private = 0;
@@ -357,6 +357,7 @@ int rsa_main(int argc, char **argv)
     release_engine(e);
     BIO_free_all(out);
     EVP_PKEY_free(pkey);
+    EVP_CIPHER_free(enc);
     OPENSSL_free(passin);
     OPENSSL_free(passout);
     return ret;
diff --git a/apps/smime.c b/apps/smime.c
index 98a2f32b4a..ed12b92193 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -140,8 +140,8 @@ int smime_main(int argc, char **argv)
     X509 *cert = NULL, *recip = NULL, *signer = NULL;
     X509_STORE *store = NULL;
     X509_VERIFY_PARAM *vpm = NULL;
-    const EVP_CIPHER *cipher = NULL;
-    const EVP_MD *sign_md = NULL;
+    EVP_CIPHER *cipher = NULL;
+    EVP_MD *sign_md = NULL;
     const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL, *prog = NULL;
     char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
     char *infile = NULL, *outfile = NULL, *signerfile = NULL, *recipfile = NULL;
@@ -439,7 +439,7 @@ int smime_main(int argc, char **argv)
     if (operation == SMIME_ENCRYPT) {
         if (cipher == NULL) {
 #ifndef OPENSSL_NO_DES
-            cipher = EVP_des_ede3_cbc();
+            cipher = (EVP_CIPHER *)EVP_des_ede3_cbc();
 #else
             BIO_printf(bio_err, "No cipher selected\n");
             goto end;
@@ -662,6 +662,8 @@ int smime_main(int argc, char **argv)
     X509_free(recip);
     X509_free(signer);
     EVP_PKEY_free(key);
+    EVP_MD_free(sign_md);
+    EVP_CIPHER_free(cipher);
     PKCS7_free(p7);
     release_engine(e);
     BIO_free(in);
diff --git a/apps/storeutl.c b/apps/storeutl.c
index 618b6b480e..7fec56c9ea 100644
--- a/apps/storeutl.c
+++ b/apps/storeutl.c
@@ -83,7 +83,7 @@ int storeutl_main(int argc, char *argv[])
     size_t fingerprintlen = 0;
     char *alias = NULL, *digestname = NULL;
     OSSL_STORE_SEARCH *search = NULL;
-    const EVP_MD *digest = NULL;
+    EVP_MD *digest = NULL;
     OSSL_LIB_CTX *libctx = app_get0_libctx();
 
     while ((o = opt_next()) != OPT_EOF) {
@@ -322,6 +322,7 @@ int storeutl_main(int argc, char *argv[])
                   text, noout, recursive, 0, out, prog, libctx);
 
  end:
+    EVP_MD_free(digest);
     OPENSSL_free(fingerprint);
     OPENSSL_free(alias);
     ASN1_INTEGER_free(serial);
diff --git a/apps/ts.c b/apps/ts.c
index b4a5e85fea..ad6a3d382b 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -168,7 +168,7 @@ int ts_main(int argc, char **argv)
     char *in = NULL, *out = NULL, *queryfile = NULL, *passin = NULL;
     char *inkey = NULL, *signer = NULL, *chain = NULL, *CApath = NULL;
     char *CAstore = NULL;
-    const EVP_MD *md = NULL;
+    EVP_MD *md = NULL;
     OPTION_CHOICE o, mode = OPT_ERR;
     int ret = 1, no_nonce = 0, cert = 0, text = 0;
     int vpmtouched = 0;
@@ -343,6 +343,7 @@ int ts_main(int argc, char **argv)
 
  end:
     X509_VERIFY_PARAM_free(vpm);
+    EVP_MD_free(md);
     NCONF_free(conf);
     OPENSSL_free(password);
     return ret;
diff --git a/apps/x509.c b/apps/x509.c
index 18c0ce90d8..3c67855e6a 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -258,7 +258,7 @@ int x509_main(int argc, char **argv)
     X509 *x = NULL, *xca = NULL, *issuer_cert;
     X509_REQ *req = NULL, *rq = NULL;
     X509_STORE *ctx = NULL;
-    const EVP_MD *digest = NULL;
+    EVP_MD *digest = NULL;
     char *CAkeyfile = NULL, *CAserial = NULL, *pubkeyfile = NULL, *alias = NULL;
     char *checkhost = NULL, *checkemail = NULL, *checkip = NULL;
     char *ext_names = NULL;
@@ -1038,6 +1038,7 @@ int x509_main(int argc, char **argv)
     EVP_PKEY_free(privkey);
     EVP_PKEY_free(CAkey);
     EVP_PKEY_free(pubkey);
+    EVP_MD_free(digest);
     sk_OPENSSL_STRING_free(sigopts);
     sk_OPENSSL_STRING_free(vfyopts);
     X509_REQ_free(rq);


More information about the openssl-commits mailing list