1/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */
2/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */
3/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */
4/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */
5/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */
6/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */
7/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
8 * All rights reserved.
9 *
10 * This package is an SSL implementation written
11 * by Eric Young (eay@cryptsoft.com).
12 * The implementation was written so as to conform with Netscapes SSL.
13 *
14 * This library is free for commercial and non-commercial use as long as
15 * the following conditions are aheared to.  The following conditions
16 * apply to all code found in this distribution, be it the RC4, RSA,
17 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
18 * included with this distribution is covered by the same copyright terms
19 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
20 *
21 * Copyright remains Eric Young's, and as such any Copyright notices in
22 * the code are not to be removed.
23 * If this package is used in a product, Eric Young should be given attribution
24 * as the author of the parts of the library used.
25 * This can be in the form of a textual message at program startup or
26 * in documentation (online or textual) provided with the package.
27 *
28 * Redistribution and use in source and binary forms, with or without
29 * modification, are permitted provided that the following conditions
30 * are met:
31 * 1. Redistributions of source code must retain the copyright
32 *    notice, this list of conditions and the following disclaimer.
33 * 2. Redistributions in binary form must reproduce the above copyright
34 *    notice, this list of conditions and the following disclaimer in the
35 *    documentation and/or other materials provided with the distribution.
36 * 3. All advertising materials mentioning features or use of this software
37 *    must display the following acknowledgement:
38 *    "This product includes cryptographic software written by
39 *     Eric Young (eay@cryptsoft.com)"
40 *    The word 'cryptographic' can be left out if the rouines from the library
41 *    being used are not cryptographic related :-).
42 * 4. If you include any Windows specific code (or a derivative thereof) from
43 *    the apps directory (application code) you must include an acknowledgement:
44 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
45 *
46 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
47 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
48 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
49 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
50 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
51 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
52 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
53 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
54 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
55 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
56 * SUCH DAMAGE.
57 *
58 * The licence and distribution terms for any publically available version or
59 * derivative of this code cannot be changed.  i.e. this code cannot simply be
60 * copied and put under another distribution licence
61 * [including the GNU Public Licence.]
62 */
63
64/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */
65/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */
66/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */
67/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
68 * project 2000.
69 */
70/* ====================================================================
71 * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
72 *
73 * Redistribution and use in source and binary forms, with or without
74 * modification, are permitted provided that the following conditions
75 * are met:
76 *
77 * 1. Redistributions of source code must retain the above copyright
78 *    notice, this list of conditions and the following disclaimer.
79 *
80 * 2. Redistributions in binary form must reproduce the above copyright
81 *    notice, this list of conditions and the following disclaimer in
82 *    the documentation and/or other materials provided with the
83 *    distribution.
84 *
85 * 3. All advertising materials mentioning features or use of this
86 *    software must display the following acknowledgment:
87 *    "This product includes software developed by the OpenSSL Project
88 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
89 *
90 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
91 *    endorse or promote products derived from this software without
92 *    prior written permission. For written permission, please contact
93 *    licensing@OpenSSL.org.
94 *
95 * 5. Products derived from this software may not be called "OpenSSL"
96 *    nor may "OpenSSL" appear in their names without prior written
97 *    permission of the OpenSSL Project.
98 *
99 * 6. Redistributions of any form whatsoever must retain the following
100 *    acknowledgment:
101 *    "This product includes software developed by the OpenSSL Project
102 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
103 *
104 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
105 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
106 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
107 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
108 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
109 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
110 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
111 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
112 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
113 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
114 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
115 * OF THE POSSIBILITY OF SUCH DAMAGE.
116 * ====================================================================
117 *
118 * This product includes cryptographic software written by Eric Young
119 * (eay@cryptsoft.com).  This product includes software written by Tim
120 * Hudson (tjh@cryptsoft.com).
121 *
122 */
123
124/*	$OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $	*/
125/*
126 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
127 *
128 * Permission to use, copy, modify, and distribute this software for any
129 * purpose with or without fee is hereby granted, provided that the above
130 * copyright notice and this permission notice appear in all copies.
131 *
132 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
133 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
134 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
135 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
136 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
137 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
138 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
139 */
140
141#include "includes.h"
142
143#ifdef WITH_OPENSSL
144
145#include <sys/types.h>
146
147#include <stdlib.h>
148#include <string.h>
149
150#include <openssl/err.h>
151#include <openssl/bn.h>
152#include <openssl/dsa.h>
153#include <openssl/rsa.h>
154#include <openssl/evp.h>
155#include <openssl/ecdsa.h>
156#include <openssl/dh.h>
157
158#ifndef HAVE_DSA_GET0_PQG
159void
160DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
161{
162	if (p != NULL)
163		*p = d->p;
164	if (q != NULL)
165		*q = d->q;
166	if (g != NULL)
167		*g = d->g;
168}
169#endif /* HAVE_DSA_GET0_PQG */
170
171#ifndef HAVE_DSA_SET0_PQG
172int
173DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
174{
175	if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) ||
176	    (d->g == NULL && g == NULL))
177		return 0;
178
179	if (p != NULL) {
180		BN_free(d->p);
181		d->p = p;
182	}
183	if (q != NULL) {
184		BN_free(d->q);
185		d->q = q;
186	}
187	if (g != NULL) {
188		BN_free(d->g);
189		d->g = g;
190	}
191
192	return 1;
193}
194#endif /* HAVE_DSA_SET0_PQG */
195
196#ifndef HAVE_DSA_GET0_KEY
197void
198DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key)
199{
200	if (pub_key != NULL)
201		*pub_key = d->pub_key;
202	if (priv_key != NULL)
203		*priv_key = d->priv_key;
204}
205#endif /* HAVE_DSA_GET0_KEY */
206
207#ifndef HAVE_DSA_SET0_KEY
208int
209DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
210{
211	if (d->pub_key == NULL && pub_key == NULL)
212		return 0;
213
214	if (pub_key != NULL) {
215		BN_free(d->pub_key);
216		d->pub_key = pub_key;
217	}
218	if (priv_key != NULL) {
219		BN_free(d->priv_key);
220		d->priv_key = priv_key;
221	}
222
223	return 1;
224}
225#endif /* HAVE_DSA_SET0_KEY */
226
227#ifndef HAVE_RSA_GET0_KEY
228void
229RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
230{
231	if (n != NULL)
232		*n = r->n;
233	if (e != NULL)
234		*e = r->e;
235	if (d != NULL)
236		*d = r->d;
237}
238#endif /* HAVE_RSA_GET0_KEY */
239
240#ifndef HAVE_RSA_SET0_KEY
241int
242RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
243{
244	if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL))
245		return 0;
246
247	if (n != NULL) {
248		BN_free(r->n);
249		r->n = n;
250	}
251	if (e != NULL) {
252		BN_free(r->e);
253		r->e = e;
254	}
255	if (d != NULL) {
256		BN_free(r->d);
257		r->d = d;
258	}
259
260	return 1;
261}
262#endif /* HAVE_RSA_SET0_KEY */
263
264#ifndef HAVE_RSA_GET0_CRT_PARAMS
265void
266RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
267    const BIGNUM **iqmp)
268{
269	if (dmp1 != NULL)
270		*dmp1 = r->dmp1;
271	if (dmq1 != NULL)
272		*dmq1 = r->dmq1;
273	if (iqmp != NULL)
274		*iqmp = r->iqmp;
275}
276#endif /* HAVE_RSA_GET0_CRT_PARAMS */
277
278#ifndef HAVE_RSA_SET0_CRT_PARAMS
279int
280RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
281{
282	if ((r->dmp1 == NULL && dmp1 == NULL) ||
283	    (r->dmq1 == NULL && dmq1 == NULL) ||
284	    (r->iqmp == NULL && iqmp == NULL))
285	       	return 0;
286
287	if (dmp1 != NULL) {
288		BN_free(r->dmp1);
289		r->dmp1 = dmp1;
290	}
291	if (dmq1 != NULL) {
292		BN_free(r->dmq1);
293		r->dmq1 = dmq1;
294	}
295	if (iqmp != NULL) {
296		BN_free(r->iqmp);
297		r->iqmp = iqmp;
298	}
299
300	return 1;
301}
302#endif /* HAVE_RSA_SET0_CRT_PARAMS */
303
304#ifndef HAVE_RSA_GET0_FACTORS
305void
306RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
307{
308	if (p != NULL)
309		*p = r->p;
310	if (q != NULL)
311		*q = r->q;
312}
313#endif /* HAVE_RSA_GET0_FACTORS */
314
315#ifndef HAVE_RSA_SET0_FACTORS
316int
317RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
318{
319	if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL))
320		return 0;
321
322	if (p != NULL) {
323		BN_free(r->p);
324		r->p = p;
325	}
326	if (q != NULL) {
327		BN_free(r->q);
328		r->q = q;
329	}
330
331	return 1;
332}
333#endif /* HAVE_RSA_SET0_FACTORS */
334
335#ifndef HAVE_EVP_CIPHER_CTX_GET_IV
336int
337EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len)
338{
339	if (ctx == NULL)
340		return 0;
341	if (EVP_CIPHER_CTX_iv_length(ctx) < 0)
342		return 0;
343	if (len != (size_t)EVP_CIPHER_CTX_iv_length(ctx))
344		return 0;
345	if (len > EVP_MAX_IV_LENGTH)
346		return 0; /* sanity check; shouldn't happen */
347	/*
348	 * Skip the memcpy entirely when the requested IV length is zero,
349	 * since the iv pointer may be NULL or invalid.
350	 */
351	if (len != 0) {
352		if (iv == NULL)
353			return 0;
354# ifdef HAVE_EVP_CIPHER_CTX_IV
355		memcpy(iv, EVP_CIPHER_CTX_iv(ctx), len);
356# else
357		memcpy(iv, ctx->iv, len);
358# endif /* HAVE_EVP_CIPHER_CTX_IV */
359	}
360	return 1;
361}
362#endif /* HAVE_EVP_CIPHER_CTX_GET_IV */
363
364#ifndef HAVE_EVP_CIPHER_CTX_SET_IV
365int
366EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len)
367{
368	if (ctx == NULL)
369		return 0;
370	if (EVP_CIPHER_CTX_iv_length(ctx) < 0)
371		return 0;
372	if (len != (size_t)EVP_CIPHER_CTX_iv_length(ctx))
373		return 0;
374	if (len > EVP_MAX_IV_LENGTH)
375		return 0; /* sanity check; shouldn't happen */
376	/*
377	 * Skip the memcpy entirely when the requested IV length is zero,
378	 * since the iv pointer may be NULL or invalid.
379	 */
380	if (len != 0) {
381		if (iv == NULL)
382			return 0;
383# ifdef HAVE_EVP_CIPHER_CTX_IV_NOCONST
384		memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, len);
385# else
386		memcpy(ctx->iv, iv, len);
387# endif /* HAVE_EVP_CIPHER_CTX_IV_NOCONST */
388	}
389	return 1;
390}
391#endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
392
393#ifndef HAVE_DSA_SIG_GET0
394void
395DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
396{
397	if (pr != NULL)
398		*pr = sig->r;
399	if (ps != NULL)
400		*ps = sig->s;
401}
402#endif /* HAVE_DSA_SIG_GET0 */
403
404#ifndef HAVE_DSA_SIG_SET0
405int
406DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
407{
408	if (r == NULL || s == NULL)
409		return 0;
410
411	BN_clear_free(sig->r);
412	sig->r = r;
413	BN_clear_free(sig->s);
414	sig->s = s;
415
416	return 1;
417}
418#endif /* HAVE_DSA_SIG_SET0 */
419
420#ifndef HAVE_ECDSA_SIG_GET0
421void
422ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
423{
424	if (pr != NULL)
425		*pr = sig->r;
426	if (ps != NULL)
427		*ps = sig->s;
428}
429#endif /* HAVE_ECDSA_SIG_GET0 */
430
431#ifndef HAVE_ECDSA_SIG_SET0
432int
433ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
434{
435	if (r == NULL || s == NULL)
436		return 0;
437
438	BN_clear_free(sig->r);
439	BN_clear_free(sig->s);
440	sig->r = r;
441	sig->s = s;
442	return 1;
443}
444#endif /* HAVE_ECDSA_SIG_SET0 */
445
446#ifndef HAVE_DH_GET0_PQG
447void
448DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
449{
450	if (p != NULL)
451		*p = dh->p;
452	if (q != NULL)
453		*q = dh->q;
454	if (g != NULL)
455		*g = dh->g;
456}
457#endif /* HAVE_DH_GET0_PQG */
458
459#ifndef HAVE_DH_SET0_PQG
460int
461DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
462{
463	if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL))
464		return 0;
465
466	if (p != NULL) {
467		BN_free(dh->p);
468		dh->p = p;
469	}
470	if (q != NULL) {
471		BN_free(dh->q);
472		dh->q = q;
473	}
474	if (g != NULL) {
475		BN_free(dh->g);
476		dh->g = g;
477	}
478
479	return 1;
480}
481#endif /* HAVE_DH_SET0_PQG */
482
483#ifndef HAVE_DH_GET0_KEY
484void
485DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
486{
487	if (pub_key != NULL)
488		*pub_key = dh->pub_key;
489	if (priv_key != NULL)
490		*priv_key = dh->priv_key;
491}
492#endif /* HAVE_DH_GET0_KEY */
493
494#ifndef HAVE_DH_SET0_KEY
495int
496DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
497{
498	if (pub_key != NULL) {
499		BN_free(dh->pub_key);
500		dh->pub_key = pub_key;
501	}
502	if (priv_key != NULL) {
503		BN_free(dh->priv_key);
504		dh->priv_key = priv_key;
505	}
506
507	return 1;
508}
509#endif /* HAVE_DH_SET0_KEY */
510
511#ifndef HAVE_DH_SET_LENGTH
512int
513DH_set_length(DH *dh, long length)
514{
515	if (length < 0 || length > INT_MAX)
516		return 0;
517
518	dh->length = length;
519	return 1;
520}
521#endif /* HAVE_DH_SET_LENGTH */
522
523#ifndef HAVE_RSA_METH_FREE
524void
525RSA_meth_free(RSA_METHOD *meth)
526{
527	if (meth != NULL) {
528		free((char *)meth->name);
529		free(meth);
530	}
531}
532#endif /* HAVE_RSA_METH_FREE */
533
534#ifndef HAVE_RSA_METH_DUP
535RSA_METHOD *
536RSA_meth_dup(const RSA_METHOD *meth)
537{
538	RSA_METHOD *copy;
539
540	if ((copy = calloc(1, sizeof(*copy))) == NULL)
541		return NULL;
542	memcpy(copy, meth, sizeof(*copy));
543	if ((copy->name = strdup(meth->name)) == NULL) {
544		free(copy);
545		return NULL;
546	}
547
548	return copy;
549}
550#endif /* HAVE_RSA_METH_DUP */
551
552#ifndef HAVE_RSA_METH_SET1_NAME
553int
554RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
555{
556	char *copy;
557
558	if ((copy = strdup(name)) == NULL)
559		return 0;
560	free((char *)meth->name);
561	meth->name = copy;
562	return 1;
563}
564#endif /* HAVE_RSA_METH_SET1_NAME */
565
566#ifndef HAVE_RSA_METH_GET_FINISH
567int
568(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa)
569{
570	return meth->finish;
571}
572#endif /* HAVE_RSA_METH_GET_FINISH */
573
574#ifndef HAVE_RSA_METH_SET_PRIV_ENC
575int
576RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
577    const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
578{
579	meth->rsa_priv_enc = priv_enc;
580	return 1;
581}
582#endif /* HAVE_RSA_METH_SET_PRIV_ENC */
583
584#ifndef HAVE_RSA_METH_SET_PRIV_DEC
585int
586RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
587    const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
588{
589	meth->rsa_priv_dec = priv_dec;
590	return 1;
591}
592#endif /* HAVE_RSA_METH_SET_PRIV_DEC */
593
594#ifndef HAVE_RSA_METH_SET_FINISH
595int
596RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa))
597{
598	meth->finish = finish;
599	return 1;
600}
601#endif /* HAVE_RSA_METH_SET_FINISH */
602
603#ifndef HAVE_EVP_PKEY_GET0_RSA
604RSA *
605EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
606{
607	if (pkey->type != EVP_PKEY_RSA) {
608		/* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */
609		return NULL;
610	}
611	return pkey->pkey.rsa;
612}
613#endif /* HAVE_EVP_PKEY_GET0_RSA */
614
615#ifndef HAVE_EVP_MD_CTX_NEW
616EVP_MD_CTX *
617EVP_MD_CTX_new(void)
618{
619	return calloc(1, sizeof(EVP_MD_CTX));
620}
621#endif /* HAVE_EVP_MD_CTX_NEW */
622
623#ifndef HAVE_EVP_MD_CTX_FREE
624void
625EVP_MD_CTX_free(EVP_MD_CTX *ctx)
626{
627	if (ctx == NULL)
628		return;
629
630	EVP_MD_CTX_cleanup(ctx);
631
632	free(ctx);
633}
634#endif /* HAVE_EVP_MD_CTX_FREE */
635
636#endif /* WITH_OPENSSL */
637