wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Adapt all EVP_CIPHER_CTX users for it becoming opaque

Browse source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Richard Levitte 2015-12-13 22:08:41 +01:00
parent 936166aff2
commit 846ec07d90
24 changed files with 211 additions and 194 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
apps/speed.c
View file

@ -1654,7 +1654,7 @@ int speed_main(int argc, char **argv)
#endif
for (j = 0; j < SIZE_NUM; j++) {
if (evp_cipher) {
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx;
int outl;
names[D_EVP] = OBJ_nid2ln(evp_cipher->nid);
@ -1664,30 +1664,30 @@ int speed_main(int argc, char **argv)
*/
print_message(names[D_EVP], save_count, lengths[j]);
EVP_CIPHER_CTX_init(&ctx);
ctx = EVP_CIPHER_CTX_new();
if (decrypt)
EVP_DecryptInit_ex(&ctx, evp_cipher, NULL, key16, iv);
EVP_DecryptInit_ex(ctx, evp_cipher, NULL, key16, iv);
else
EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, key16, iv);
EVP_CIPHER_CTX_set_padding(&ctx, 0);
EVP_EncryptInit_ex(ctx, evp_cipher, NULL, key16, iv);
EVP_CIPHER_CTX_set_padding(ctx, 0);
Time_F(START);
if (decrypt)
for (count = 0, run = 1;
COND(save_count * 4 * lengths[0] / lengths[j]);
count++)
EVP_DecryptUpdate(&ctx, buf, &outl, buf, lengths[j]);
EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[j]);
else
for (count = 0, run = 1;
COND(save_count * 4 * lengths[0] / lengths[j]);
count++)
EVP_EncryptUpdate(&ctx, buf, &outl, buf, lengths[j]);
EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[j]);
if (decrypt)
EVP_DecryptFinal_ex(&ctx, buf, &outl);
EVP_DecryptFinal_ex(ctx, buf, &outl);
else
EVP_EncryptFinal_ex(&ctx, buf, &outl);
EVP_EncryptFinal_ex(ctx, buf, &outl);
d = Time_F(STOP);
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
}
if (evp_md) {
names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md));
@ -2438,14 +2438,14 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher)
int j, count, num = OSSL_NELEM(lengths);
const char *alg_name;
unsigned char *inp, *out, no_key[32], no_iv[16];
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx;
double d = 0.0;
inp = app_malloc(mblengths[num - 1], "multiblock input buffer");
out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer");
EVP_CIPHER_CTX_init(&ctx);
EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, no_key, no_iv);
EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key),
ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(ctx, evp_cipher, NULL, no_key, no_iv);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key),
no_key);
alg_name = OBJ_nid2ln(evp_cipher->nid);
@ -2469,16 +2469,14 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher)
mb_param.len = len;
mb_param.interleave = 8;
packlen = EVP_CIPHER_CTX_ctrl(&ctx,
EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
sizeof(mb_param), &mb_param);
if (packlen > 0) {
mb_param.out = out;
mb_param.inp = inp;
mb_param.len = len;
EVP_CIPHER_CTX_ctrl(&ctx,
EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
sizeof(mb_param), &mb_param);
} else {
int pad;
@ -2487,10 +2485,9 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher)
len += 16;
aad[11] = len >> 8;
aad[12] = len;
pad = EVP_CIPHER_CTX_ctrl(&ctx,
EVP_CTRL_AEAD_TLS1_AAD,
pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD,
EVP_AEAD_TLS1_AAD_LEN, aad);
EVP_Cipher(&ctx, out, inp, len + pad);
EVP_Cipher(ctx, out, inp, len + pad);
}
}
d = Time_F(STOP);
@ -2528,4 +2525,5 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher)
OPENSSL_free(inp);
OPENSSL_free(out);
EVP_CIPHER_CTX_free(ctx);
}

17
crypto/asn1/p5_pbev2.c
View file

@ -93,7 +93,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
{
X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
int alg_nid, keylen;
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
PBE2PARAM *pbe2 = NULL;
ASN1_OBJECT *obj;
@ -123,14 +123,15 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
goto err;
}
EVP_CIPHER_CTX_init(&ctx);
ctx = EVP_CIPHER_CTX_new();
if (ctx == NULL)
goto merr;
/* Dummy cipherinit to just setup the IV, and PRF */
if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0))
goto err;
if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) {
ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
EVP_CIPHER_CTX_cleanup(&ctx);
goto err;
}
/*
@ -138,11 +139,12 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
* here: just means use default PRF.
*/
if ((prf_nid == -1) &&
EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
ERR_clear_error();
prf_nid = NID_hmacWithSHA1;
}
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
ctx = NULL;
/* If its RC2 then we'd better setup the key length */
@ -182,6 +184,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE);
err:
EVP_CIPHER_CTX_free(ctx);
PBE2PARAM_free(pbe2);
/* Note 'scheme' is freed as part of pbe2 */
X509_ALGOR_free(kalg);

15
crypto/asn1/p5_scrypt.c
View file

@ -103,7 +103,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
int alg_nid;
size_t keylen = 0;
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
PBE2PARAM *pbe2 = NULL;
ASN1_OBJECT *obj;
@ -146,18 +146,20 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
goto err;
}
EVP_CIPHER_CTX_init(&ctx);
ctx = EVP_CIPHER_CTX_new();
if (ctx == NULL)
goto merr;
/* Dummy cipherinit to just setup the IV */
if (EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0) == 0)
if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0) == 0)
goto err;
if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) {
ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,
ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
EVP_CIPHER_CTX_cleanup(&ctx);
goto err;
}
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
ctx = NULL;
/* If its RC2 then we'd better setup the key length */
@ -199,6 +201,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
PBE2PARAM_free(pbe2);
X509_ALGOR_free(kalg);
X509_ALGOR_free(ret);
EVP_CIPHER_CTX_free(ctx);
return NULL;

46
crypto/cmac/cmac.c
View file

@ -60,7 +60,7 @@
struct CMAC_CTX_st {
/* Cipher context to use */
EVP_CIPHER_CTX cctx;
EVP_CIPHER_CTX *cctx;
/* Keys k1 and k2 */
unsigned char k1[EVP_MAX_BLOCK_LENGTH];
unsigned char k2[EVP_MAX_BLOCK_LENGTH];
@ -94,14 +94,18 @@ CMAC_CTX *CMAC_CTX_new(void)
ctx = OPENSSL_malloc(sizeof(*ctx));
if (ctx == NULL)
return NULL;
EVP_CIPHER_CTX_init(&ctx->cctx);
ctx->cctx = EVP_CIPHER_CTX_new();
if (ctx->cctx == NULL) {
OPENSSL_free(ctx);
return NULL;
}
ctx->nlast_block = -1;
return ctx;
}
void CMAC_CTX_cleanup(CMAC_CTX *ctx)
{
EVP_CIPHER_CTX_cleanup(&ctx->cctx);
EVP_CIPHER_CTX_free(ctx->cctx);
OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
OPENSSL_cleanse(ctx->k2, EVP_MAX_BLOCK_LENGTH);
@ -111,7 +115,7 @@ void CMAC_CTX_cleanup(CMAC_CTX *ctx)
EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx)
{
return &ctx->cctx;
return ctx->cctx;
}
void CMAC_CTX_free(CMAC_CTX *ctx)
@ -127,9 +131,9 @@ int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in)
int bl;
if (in->nlast_block == -1)
return 0;
if (!EVP_CIPHER_CTX_copy(&out->cctx, &in->cctx))
if (!EVP_CIPHER_CTX_copy(out->cctx, in->cctx))
return 0;
bl = M_EVP_CIPHER_CTX_block_size(&in->cctx);
bl = EVP_CIPHER_CTX_block_size(in->cctx);
memcpy(out->k1, in->k1, bl);
memcpy(out->k2, in->k2, bl);
memcpy(out->tbl, in->tbl, bl);
@ -147,32 +151,32 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
/* Not initialised */
if (ctx->nlast_block == -1)
return 0;
if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv))
return 0;
memset(ctx->tbl, 0, M_EVP_CIPHER_CTX_block_size(&ctx->cctx));
memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(ctx->cctx));
ctx->nlast_block = 0;
return 1;
}
/* Initialiase context */
if (cipher && !M_EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL))
if (cipher && !EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL))
return 0;
/* Non-NULL key means initialisation complete */
if (key) {
int bl;
if (!M_EVP_CIPHER_CTX_cipher(&ctx->cctx))
if (!EVP_CIPHER_CTX_cipher(ctx->cctx))
return 0;
if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen))
if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen))
return 0;
if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv))
if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv))
return 0;
bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx);
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl))
bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
if (!EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl))
return 0;
make_kn(ctx->k1, ctx->tbl, bl);
make_kn(ctx->k2, ctx->k1, bl);
OPENSSL_cleanse(ctx->tbl, bl);
/* Reset context again ready for first data block */
if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv))
return 0;
/* Zero tbl so resume works */
memset(ctx->tbl, 0, bl);
@ -189,7 +193,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
return 0;
if (dlen == 0)
return 1;
bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx);
bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
/* Copy into partial block if we need to */
if (ctx->nlast_block > 0) {
size_t nleft;
@ -204,12 +208,12 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
return 1;
data += nleft;
/* Else not final block so encrypt it */
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, ctx->last_block, bl))
if (!EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl))
return 0;
}
/* Encrypt all but one of the complete blocks left */
while (dlen > bl) {
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, data, bl))
if (!EVP_Cipher(ctx->cctx, ctx->tbl, data, bl))
return 0;
dlen -= bl;
data += bl;
@ -226,7 +230,7 @@ int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
int i, bl, lb;
if (ctx->nlast_block == -1)
return 0;
bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx);
bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
*poutlen = (size_t)bl;
if (!out)
return 1;
@ -242,7 +246,7 @@ int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
for (i = 0; i < bl; i++)
out[i] = ctx->last_block[i] ^ ctx->k2[i];
}
if (!EVP_Cipher(&ctx->cctx, out, out, bl)) {
if (!EVP_Cipher(ctx->cctx, out, out, bl)) {
OPENSSL_cleanse(out, bl);
return 0;
}
@ -260,5 +264,5 @@ int CMAC_resume(CMAC_CTX *ctx)
* decrypted block will allow CMAC to continue after calling
* CMAC_Final().
*/
return M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl);
return M_EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, ctx->tbl);
}

8
crypto/cms/cms_asn1.c
View file

@ -194,12 +194,14 @@ static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
{
CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval;
if (operation == ASN1_OP_NEW_POST) {
EVP_CIPHER_CTX_init(&kari->ctx);
EVP_CIPHER_CTX_set_flags(&kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
kari->ctx = EVP_CIPHER_CTX_new();
if (kari->ctx == NULL)
return 0;
EVP_CIPHER_CTX_set_flags(kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
kari->pctx = NULL;
} else if (operation == ASN1_OP_FREE_POST) {
EVP_PKEY_CTX_free(kari->pctx);
EVP_CIPHER_CTX_cleanup(&kari->ctx);
EVP_CIPHER_CTX_free(kari->ctx);
}
return 1;
}

15
crypto/cms/cms_kari.c
View file

@ -220,7 +220,7 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri)
{
if (ri->type == CMS_RECIPINFO_AGREE)
return &ri->d.kari->ctx;
return ri->d.kari->ctx;
return NULL;
}
@ -239,22 +239,22 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
int rv = 0;
unsigned char *out = NULL;
int outlen;
keklen = EVP_CIPHER_CTX_key_length(&kari->ctx);
keklen = EVP_CIPHER_CTX_key_length(kari->ctx);
if (keklen > EVP_MAX_KEY_LENGTH)
return 0;
/* Derive KEK */
if (EVP_PKEY_derive(kari->pctx, kek, &keklen) <= 0)
goto err;
/* Set KEK in context */
if (!EVP_CipherInit_ex(&kari->ctx, NULL, NULL, kek, NULL, enc))
if (!EVP_CipherInit_ex(kari->ctx, NULL, NULL, kek, NULL, enc))
goto err;
/* obtain output length of ciphered key */
if (!EVP_CipherUpdate(&kari->ctx, NULL, &outlen, in, inlen))
if (!EVP_CipherUpdate(kari->ctx, NULL, &outlen, in, inlen))
goto err;
out = OPENSSL_malloc(outlen);
if (out == NULL)
goto err;
if (!EVP_CipherUpdate(&kari->ctx, out, &outlen, in, inlen))
if (!EVP_CipherUpdate(kari->ctx, out, &outlen, in, inlen))
goto err;
*pout = out;
*poutlen = (size_t)outlen;
@ -264,7 +264,8 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
OPENSSL_cleanse(kek, keklen);
if (!rv)
OPENSSL_free(out);
EVP_CIPHER_CTX_cleanup(&kari->ctx);
EVP_CIPHER_CTX_reset(kari->ctx);
/* FIXME: WHY IS kari->pctx freed here? /RL */
EVP_PKEY_CTX_free(kari->pctx);
kari->pctx = NULL;
return rv;
@ -374,7 +375,7 @@ int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
const EVP_CIPHER *cipher)
{
EVP_CIPHER_CTX *ctx = &kari->ctx;
EVP_CIPHER_CTX *ctx = kari->ctx;
const EVP_CIPHER *kekcipher;
int keylen = EVP_CIPHER_key_length(cipher);
/* If a suitable wrap algorithm is already set nothing to do */

2
crypto/cms/cms_lcl.h
View file

@ -210,7 +210,7 @@ struct CMS_KeyAgreeRecipientInfo_st {
/* Public key context associated with current operation */
EVP_PKEY_CTX *pctx;
/* Cipher context for CEK wrapping */
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx;
};
struct CMS_OriginatorIdentifierOrKey_st {

39
crypto/cms/cms_pwri.c
View file

@ -90,7 +90,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
CMS_RecipientInfo *ri = NULL;
CMS_EnvelopedData *env;
CMS_PasswordRecipientInfo *pwri;
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx = NULL;
X509_ALGOR *encalg = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
int ivlen;
@ -124,19 +124,19 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
if (encalg == NULL) {
goto merr;
}
EVP_CIPHER_CTX_init(&ctx);
ctx = EVP_CIPHER_CTX_new();
if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) {
if (EVP_EncryptInit_ex(ctx, kekciph, NULL, NULL, NULL) <= 0) {
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
goto err;
}
ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
ivlen = EVP_CIPHER_CTX_iv_length(ctx);
if (ivlen > 0) {
if (RAND_bytes(iv, ivlen) <= 0)
goto err;
if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) {
if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) {
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
goto err;
}
@ -145,16 +145,17 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_CIPHER_param_to_asn1(&ctx, encalg->parameter) <= 0) {
if (EVP_CIPHER_param_to_asn1(ctx, encalg->parameter) <= 0) {
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err;
}
}
encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(&ctx));
encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
ctx = NULL;
/* Initialize recipient info */
ri = M_ASN1_new_of(CMS_RecipientInfo);
@ -204,7 +205,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
merr:
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
err:
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
if (ri)
M_ASN1_free_of(ri, CMS_RecipientInfo);
X509_ALGOR_free(encalg);
@ -323,7 +324,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
CMS_PasswordRecipientInfo *pwri;
int r = 0;
X509_ALGOR *algtmp, *kekalg = NULL;
EVP_CIPHER_CTX kekctx;
EVP_CIPHER_CTX *kekctx;
const EVP_CIPHER *kekcipher;
unsigned char *key = NULL;
size_t keylen;
@ -331,7 +332,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
ec = cms->d.envelopedData->encryptedContentInfo;
pwri = ri->d.pwri;
EVP_CIPHER_CTX_init(&kekctx);
kekctx = EVP_CIPHER_CTX_new();
if (!pwri->pass) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
@ -362,10 +363,10 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
}
/* Fixup cipher based on AlgorithmIdentifier to set IV etc */
if (!EVP_CipherInit_ex(&kekctx, kekcipher, NULL, NULL, NULL, en_de))
if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))
goto err;
EVP_CIPHER_CTX_set_padding(&kekctx, 0);
if (EVP_CIPHER_asn1_to_param(&kekctx, kekalg->parameter) < 0) {
EVP_CIPHER_CTX_set_padding(kekctx, 0);
if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) < 0) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err;
@ -377,7 +378,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
if (EVP_PBE_CipherInit(algtmp->algorithm,
(char *)pwri->pass, pwri->passlen,
algtmp->parameter, &kekctx, en_de) < 0) {
algtmp->parameter, kekctx, en_de) < 0) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB);
goto err;
}
@ -386,7 +387,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
if (en_de) {
if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, &kekctx))
if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, kekctx))
goto err;
key = OPENSSL_malloc(keylen);
@ -394,7 +395,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
if (key == NULL)
goto err;
if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, &kekctx))
if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, kekctx))
goto err;
pwri->encryptedKey->data = key;
pwri->encryptedKey->length = keylen;
@ -407,7 +408,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
}
if (!kek_unwrap_key(key, &keylen,
pwri->encryptedKey->data,
pwri->encryptedKey->length, &kekctx)) {
pwri->encryptedKey->length, kekctx)) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNWRAP_FAILURE);
goto err;
}
@ -421,7 +422,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
err:
EVP_CIPHER_CTX_cleanup(&kekctx);
EVP_CIPHER_CTX_free(kekctx);
if (!r)
OPENSSL_free(key);

36
crypto/evp/bio_enc.c
View file

@ -83,7 +83,7 @@ typedef struct enc_struct {
int cont; /* <= 0 when finished */
int finished;
int ok; /* bad decrypt */
EVP_CIPHER_CTX cipher;
EVP_CIPHER_CTX *cipher;
/*
* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return
* up to a block more data than is presented to it
@ -114,15 +114,19 @@ static int enc_new(BIO *bi)
ctx = OPENSSL_zalloc(sizeof(*ctx));
if (ctx == NULL)
return (0);
return 0;
EVP_CIPHER_CTX_init(&ctx->cipher);
ctx->cipher = EVP_CIPHER_CTX_new();
if (ctx->cipher == NULL) {
OPENSSL_free(ctx);
return 0;
}
ctx->cont = 1;
ctx->ok = 1;
bi->init = 0;
bi->ptr = (char *)ctx;
bi->flags = 0;
return (1);
return 1;
}
static int enc_free(BIO *a)
@ -132,7 +136,7 @@ static int enc_free(BIO *a)
if (a == NULL)
return (0);
b = (BIO_ENC_CTX *)a->ptr;
EVP_CIPHER_CTX_cleanup(&(b->cipher));
EVP_CIPHER_CTX_free(b->cipher);
OPENSSL_clear_free(a->ptr, sizeof(BIO_ENC_CTX));
a->ptr = NULL;
a->init = 0;
@ -186,7 +190,7 @@ static int enc_read(BIO *b, char *out, int outl)
/* Should be continue next time we are called? */
if (!BIO_should_retry(b->next_bio)) {
ctx->cont = i;
i = EVP_CipherFinal_ex(&(ctx->cipher),
i = EVP_CipherFinal_ex(ctx->cipher,
(unsigned char *)ctx->buf,
&(ctx->buf_len));
ctx->ok = i;
@ -196,7 +200,7 @@ static int enc_read(BIO *b, char *out, int outl)
break;
}
} else {
if (!EVP_CipherUpdate(&(ctx->cipher),
if (!EVP_CipherUpdate(ctx->cipher,
(unsigned char *)ctx->buf, &ctx->buf_len,
(unsigned char *)&(ctx->buf[BUF_OFFSET]),
i)) {
@ -259,7 +263,7 @@ static int enc_write(BIO *b, const char *in, int inl)
ctx->buf_off = 0;
while (inl > 0) {
n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl;
if (!EVP_CipherUpdate(&(ctx->cipher),
if (!EVP_CipherUpdate(ctx->cipher,
(unsigned char *)ctx->buf, &ctx->buf_len,
(unsigned char *)in, n)) {
BIO_clear_retry_flags(b);
@ -300,8 +304,8 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_CTRL_RESET:
ctx->ok = 1;
ctx->finished = 0;
if (!EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL,
ctx->cipher.encrypt))
if (!EVP_CipherInit_ex(ctx->cipher, NULL, NULL, NULL, NULL,
EVP_CIPHER_CTX_encrypting(ctx->cipher)))
return 0;
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
break;
@ -333,7 +337,7 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
if (!ctx->finished) {
ctx->finished = 1;
ctx->buf_off = 0;
ret = EVP_CipherFinal_ex(&(ctx->cipher),
ret = EVP_CipherFinal_ex(ctx->cipher,
(unsigned char *)ctx->buf,
&(ctx->buf_len));
ctx->ok = (int)ret;
@ -357,14 +361,16 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
break;
case BIO_C_GET_CIPHER_CTX:
c_ctx = (EVP_CIPHER_CTX **)ptr;
(*c_ctx) = &(ctx->cipher);
*c_ctx = ctx->cipher;
b->init = 1;
break;
case BIO_CTRL_DUP:
dbio = (BIO *)ptr;
dctx = (BIO_ENC_CTX *)dbio->ptr;
EVP_CIPHER_CTX_init(&dctx->cipher);
ret = EVP_CIPHER_CTX_copy(&dctx->cipher, &ctx->cipher);
dctx->cipher = EVP_CIPHER_CTX_new();
if (dctx->cipher == NULL)
return 0;
ret = EVP_CIPHER_CTX_copy(dctx->cipher, ctx->cipher);
if (ret)
dbio->init = 1;
break;
@ -424,7 +430,7 @@ int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
b->init = 1;
ctx = (BIO_ENC_CTX *)b->ptr;
if (!EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e))
if (!EVP_CipherInit_ex(ctx->cipher, c, NULL, k, i, e))
return 0;
if (b->callback != NULL)

2
crypto/evp/p_open.c
View file

@ -74,7 +74,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
int i, size = 0, ret = 0;
if (type) {
EVP_CIPHER_CTX_init(ctx);
EVP_CIPHER_CTX_reset(ctx);
if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL))
return 0;
}

2
crypto/evp/p_seal.c
View file

@ -74,7 +74,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
int i;
if (type) {
EVP_CIPHER_CTX_init(ctx);
EVP_CIPHER_CTX_reset(ctx);
if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
return 0;
}

2
crypto/pem/pem_info.c
View file

@ -301,7 +301,6 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
unsigned char *kstr, int klen,
pem_password_cb *cb, void *u)
{
EVP_CIPHER_CTX ctx;
int i, ret = 0;
unsigned char *data = NULL;
const char *objstr = NULL;
@ -381,7 +380,6 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
ret = 1;
err:
OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
OPENSSL_cleanse(buf, PEM_BUFSIZE);
return (ret);
}

27
crypto/pem/pem_lib.c
View file

@ -340,7 +340,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
void *x, const EVP_CIPHER *enc, unsigned char *kstr,
int klen, pem_password_cb *callback, void *u)
{
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx = NULL;
int dsize = 0, i = 0, j = 0, ret = 0;
unsigned char *p, *data = NULL;
const char *objstr = NULL;
@ -409,13 +409,12 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
/* k=strlen(buf); */
EVP_CIPHER_CTX_init(&ctx);
ret = 1;
if (!EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv)
|| !EVP_EncryptUpdate(&ctx, data, &j, data, i)
|| !EVP_EncryptFinal_ex(&ctx, &(data[j]), &i))
if ((ctx = EVP_CIPHER_CTX_new()) == NULL
|| !EVP_EncryptInit_ex(ctx, enc, NULL, key, iv)
|| !EVP_EncryptUpdate(ctx, data, &j, data, i)
|| !EVP_EncryptFinal_ex(ctx, &(data[j]), &i))
ret = 0;
EVP_CIPHER_CTX_cleanup(&ctx);
if (ret == 0)
goto err;
i += j;
@ -429,7 +428,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
err:
OPENSSL_cleanse(key, sizeof(key));
OPENSSL_cleanse(iv, sizeof(iv));
OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
EVP_CIPHER_CTX_free(ctx);
OPENSSL_cleanse(buf, PEM_BUFSIZE);
OPENSSL_clear_free(data, (unsigned int)dsize);
return (ret);
@ -440,7 +439,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
{
int i = 0, j, o, klen;
long len;
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx;
unsigned char key[EVP_MAX_KEY_LENGTH];
char buf[PEM_BUFSIZE];
@ -466,13 +465,15 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
return 0;
j = (int)len;
EVP_CIPHER_CTX_init(&ctx);
o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
ctx = EVP_CIPHER_CTX_new();
if (ctx == NULL)
return 0;
o = EVP_DecryptInit_ex(ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
if (o)
o = EVP_DecryptUpdate(&ctx, data, &i, data, j);
o = EVP_DecryptUpdate(ctx, data, &i, data, j);
if (o)
o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j);
EVP_CIPHER_CTX_cleanup(&ctx);
o = EVP_DecryptFinal_ex(ctx, &(data[i]), &j);
EVP_CIPHER_CTX_free(ctx);
OPENSSL_cleanse((char *)buf, sizeof(buf));
OPENSSL_cleanse((char *)key, sizeof(key));
if (o)

30
crypto/pem/pvkfmt.c
View file

@ -672,8 +672,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
unsigned int magic;
unsigned char *enctmp = NULL, *q;
EVP_CIPHER_CTX cctx;
EVP_CIPHER_CTX_init(&cctx);
EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
if (saltlen) {
char psbuf[PEM_BUFSIZE];
unsigned char keybuf[20];
@ -704,22 +703,22 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
}
inlen = keylen - 8;
q = enctmp + 8;
if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
goto err;
if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
goto err;
if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
goto err;
magic = read_ledword((const unsigned char **)&q);
if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
q = enctmp + 8;
memset(keybuf + 5, 0, 11);
if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
goto err;
OPENSSL_cleanse(keybuf, 20);
if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
goto err;
if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
goto err;
magic = read_ledword((const unsigned char **)&q);
if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
@ -733,7 +732,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
ret = b2i_PrivateKey(&p, keylen);
err:
EVP_CIPHER_CTX_cleanup(&cctx);
EVP_CIPHER_CTX_free(cctx);
OPENSSL_free(enctmp);
return ret;
}
@ -776,8 +775,7 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
{
int outlen = 24, pklen;
unsigned char *p, *salt = NULL;
EVP_CIPHER_CTX cctx;
EVP_CIPHER_CTX_init(&cctx);
EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
if (enclevel)
outlen += PVK_SALTLEN;
pklen = do_i2b(NULL, pk, 0);
@ -833,19 +831,19 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
if (enclevel == 1)
memset(keybuf + 5, 0, 11);
p = salt + PVK_SALTLEN + 8;
if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
if (!EVP_EncryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
goto error;
OPENSSL_cleanse(keybuf, 20);
if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8))
if (!EVP_DecryptUpdate(cctx, p, &enctmplen, p, pklen - 8))
goto error;
if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen))
if (!EVP_DecryptFinal_ex(cctx, p + enctmplen, &enctmplen))
goto error;
}
EVP_CIPHER_CTX_cleanup(&cctx);
EVP_CIPHER_CTX_free(cctx);
return outlen;
error:
EVP_CIPHER_CTX_cleanup(&cctx);
EVP_CIPHER_CTX_free(cctx);
return -1;
}

18
crypto/pkcs12/p12_decr.c
View file

@ -77,24 +77,28 @@ unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
{
unsigned char *out = NULL;
int outlen, i;
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
if (ctx == NULL) {
PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
EVP_CIPHER_CTX_init(&ctx);
/* Decrypt data */
if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
algor->parameter, &ctx, en_de)) {
algor->parameter, ctx, en_de)) {
PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
goto err;
}
if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))
if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(ctx)))
== NULL) {
PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) {
if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) {
OPENSSL_free(out);
out = NULL;
PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB);
@ -102,7 +106,7 @@ unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
}
outlen = i;
if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
if (!EVP_CipherFinal_ex(ctx, out + i, &i)) {
OPENSSL_free(out);
out = NULL;
PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
@ -115,7 +119,7 @@ unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
if (data)
*data = out;
err:
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
return out;
}

2
ssl/record/rec_layer_s3.c
View file

@ -498,7 +498,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
u_len >= 4 * (max_send_fragment = s->max_send_fragment) &&
s->compress == NULL && s->msg_callback == NULL &&
!SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
EVP_CIPHER_flags(s->enc_write_ctx->cipher) &
EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) &
EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) {
unsigned char aad[13];
EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;

10
ssl/record/ssl3_record.c
View file

@ -587,7 +587,7 @@ int ssl3_enc(SSL *s, int send)
rec->input = rec->data;
} else {
l = rec->length;
bs = EVP_CIPHER_block_size(ds->cipher);
bs = EVP_CIPHER_CTX_block_size(ds);
/* COMPRESS */
@ -690,9 +690,9 @@ int tls1_enc(SSL *s, int send)
ret = 1;
} else {
l = rec->length;
bs = EVP_CIPHER_block_size(ds->cipher);
bs = EVP_CIPHER_CTX_block_size(ds);
if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds)) & EVP_CIPH_FLAG_AEAD_CIPHER) {
unsigned char buf[EVP_AEAD_TLS1_AAD_LEN], *seq;
seq = send ? RECORD_LAYER_get_write_sequence(&s->rlayer)
@ -746,7 +746,7 @@ int tls1_enc(SSL *s, int send)
}
i = EVP_Cipher(ds, rec->data, rec->input, l);
if ((EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_CUSTOM_CIPHER)
if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds)) & EVP_CIPH_FLAG_CUSTOM_CIPHER)
? (i < 0)
: (i == 0))
return -1; /* AEAD can fail to verify MAC */
@ -1064,7 +1064,7 @@ int tls1_cbc_remove_padding(const SSL *s,
padding_length = rec->data[rec->length - 1];
if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) {
/* padding is already verified */
rec->length -= padding_length + 1;
return 1;

12
ssl/s3_enc.c
View file

@ -228,14 +228,13 @@ int ssl3_change_cipher_state(SSL *s, int which)
if (which & SSL3_CC_READ) {
if (s->enc_read_ctx != NULL)
reuse_dd = 1;
else if ((s->enc_read_ctx =
OPENSSL_malloc(sizeof(*s->enc_read_ctx))) == NULL)
else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL)
goto err;
else
/*
* make sure it's intialized in case we exit later with an error
*/
EVP_CIPHER_CTX_init(s->enc_read_ctx);
EVP_CIPHER_CTX_reset(s->enc_read_ctx);
dd = s->enc_read_ctx;
if (ssl_replace_hash(&s->read_hash, m) == NULL) {
@ -262,14 +261,13 @@ int ssl3_change_cipher_state(SSL *s, int which)
} else {
if (s->enc_write_ctx != NULL)
reuse_dd = 1;
else if ((s->enc_write_ctx =
OPENSSL_malloc(sizeof(*s->enc_write_ctx))) == NULL)
else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL)
goto err;
else
/*
* make sure it's intialized in case we exit later with an error
*/
EVP_CIPHER_CTX_init(s->enc_write_ctx);
EVP_CIPHER_CTX_reset(s->enc_write_ctx);
dd = s->enc_write_ctx;
if (ssl_replace_hash(&s->write_hash, m) == NULL) {
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
@ -293,7 +291,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
}
if (reuse_dd)
EVP_CIPHER_CTX_cleanup(dd);
EVP_CIPHER_CTX_reset(dd);
p = s->s3->tmp.key_block;
i = EVP_MD_size(m);

6
ssl/ssl_lib.c
View file

@ -3119,13 +3119,11 @@ SSL *SSL_dup(SSL *s)
void ssl_clear_cipher_ctx(SSL *s)
{
if (s->enc_read_ctx != NULL) {
EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
OPENSSL_free(s->enc_read_ctx);
EVP_CIPHER_CTX_free(s->enc_read_ctx);
s->enc_read_ctx = NULL;
}
if (s->enc_write_ctx != NULL) {
EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
OPENSSL_free(s->enc_write_ctx);
EVP_CIPHER_CTX_free(s->enc_write_ctx);
s->enc_write_ctx = NULL;
}
#ifndef OPENSSL_NO_COMP

4
ssl/statem/statem_dtls.c
View file

@ -235,7 +235,7 @@ int dtls1_do_write(SSL *s, int type)
if (s->write_hash) {
if (s->enc_write_ctx
&& (EVP_CIPHER_CTX_flags(s->enc_write_ctx) &
&& (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) &
EVP_CIPH_FLAG_AEAD_CIPHER) != 0)
mac_size = 0;
else
@ -245,7 +245,7 @@ int dtls1_do_write(SSL *s, int type)
if (s->enc_write_ctx &&
(EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE))
blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
blocksize = 2 * EVP_CIPHER_CTX_block_size(s->enc_write_ctx);
else
blocksize = 0;

22
ssl/statem/statem_srvr.c
View file

@ -2926,7 +2926,7 @@ int tls_construct_server_certificate(SSL *s)
int tls_construct_new_session_ticket(SSL *s)
{
unsigned char *senc = NULL;
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx;
HMAC_CTX *hctx = NULL;
unsigned char *p, *macstart;
const unsigned char *const_p;
@ -2953,7 +2953,7 @@ int tls_construct_new_session_ticket(SSL *s)
return 0;
}
EVP_CIPHER_CTX_init(&ctx);
ctx = EVP_CIPHER_CTX_new();
hctx = HMAC_CTX_new();
p = senc;
@ -3000,12 +3000,12 @@ int tls_construct_new_session_ticket(SSL *s)
* all the work otherwise use generated values from parent ctx.
*/
if (tctx->tlsext_ticket_key_cb) {
if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, hctx, 1) < 0)
if (tctx->tlsext_ticket_key_cb(s, key_name, iv, ctx, hctx, 1) < 0)
goto err;
} else {
if (RAND_bytes(iv, 16) <= 0)
goto err;
if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
if (!EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
tctx->tlsext_tick_aes_key, iv))
goto err;
if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16,
@ -3028,13 +3028,13 @@ int tls_construct_new_session_ticket(SSL *s)
memcpy(p, key_name, 16);
p += 16;
/* output IV */
memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
p += EVP_CIPHER_CTX_iv_length(&ctx);
memcpy(p, iv, EVP_CIPHER_CTX_iv_length(ctx));
p += EVP_CIPHER_CTX_iv_length(ctx);
/* Encrypt session data */
if (!EVP_EncryptUpdate(&ctx, p, &len, senc, slen))
if (!EVP_EncryptUpdate(ctx, p, &len, senc, slen))
goto err;
p += len;
if (!EVP_EncryptFinal(&ctx, p, &len))
if (!EVP_EncryptFinal(ctx, p, &len))
goto err;
p += len;
@ -3043,8 +3043,10 @@ int tls_construct_new_session_ticket(SSL *s)
if (!HMAC_Final(hctx, p, &hlen))
goto err;
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
HMAC_CTX_free(hctx);
ctx = NULL;
hctx = NULL;
p += hlen;
/* Now write out lengths: p points to end of data written */
@ -3060,7 +3062,7 @@ int tls_construct_new_session_ticket(SSL *s)
return 1;
err:
OPENSSL_free(senc);
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
HMAC_CTX_free(hctx);
ossl_statem_set_error(s);
return 0;

7
ssl/t1_enc.c
View file

@ -330,14 +330,13 @@ int tls1_change_cipher_state(SSL *s, int which)
if (s->enc_read_ctx != NULL)
reuse_dd = 1;
else if ((s->enc_read_ctx =
OPENSSL_malloc(sizeof(*s->enc_read_ctx))) == NULL)
else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL)
goto err;
else
/*
* make sure it's intialized in case we exit later with an error
*/
EVP_CIPHER_CTX_init(s->enc_read_ctx);
EVP_CIPHER_CTX_reset(s->enc_read_ctx);
dd = s->enc_read_ctx;
mac_ctx = ssl_replace_hash(&s->read_hash, NULL);
if (mac_ctx == NULL)
@ -405,7 +404,7 @@ int tls1_change_cipher_state(SSL *s, int which)
}
if (reuse_dd)
EVP_CIPHER_CTX_cleanup(dd);
EVP_CIPHER_CTX_reset(dd);
p = s->s3->tmp.key_block;
i = *mac_secret_size = s->s3->tmp.new_mac_secret_size;

27
ssl/t1_lib.c
View file

@ -3060,7 +3060,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
int slen, mlen, renew_ticket = 0;
unsigned char tick_hmac[EVP_MAX_MD_SIZE];
HMAC_CTX *hctx = NULL;
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx;
SSL_CTX *tctx = s->initial_ctx;
/* Need at least keyname + iv + some encrypted data */
if (eticklen < 48)
@ -3069,11 +3069,11 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
hctx = HMAC_CTX_new();
if (hctx == NULL)
return -2;
EVP_CIPHER_CTX_init(&ctx);
ctx = EVP_CIPHER_CTX_new();
if (tctx->tlsext_ticket_key_cb) {
unsigned char *nctick = (unsigned char *)etick;
int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
&ctx, hctx, 0);
ctx, hctx, 0);
if (rv < 0)
return -1;
if (rv == 0)
@ -3086,7 +3086,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
return 2;
if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16,
EVP_sha256(), NULL) <= 0
|| EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
|| EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
tctx->tlsext_tick_aes_key,
etick + 16) <= 0) {
goto err;
@ -3108,26 +3108,27 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
}
HMAC_CTX_free(hctx);
if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) {
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
return 2;
}
/* Attempt to decrypt session data */
/* Move p after IV to start of encrypted ticket, update length */
p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
p = etick + 16 + EVP_CIPHER_CTX_iv_length(ctx);
eticklen -= 16 + EVP_CIPHER_CTX_iv_length(ctx);
sdec = OPENSSL_malloc(eticklen);
if (sdec == NULL
|| EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) {
EVP_CIPHER_CTX_cleanup(&ctx);
|| EVP_DecryptUpdate(ctx, sdec, &slen, p, eticklen) <= 0) {
EVP_CIPHER_CTX_free(ctx);
return -1;
}
if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) {
EVP_CIPHER_CTX_cleanup(&ctx);
if (EVP_DecryptFinal(ctx, sdec + slen, &mlen) <= 0) {
EVP_CIPHER_CTX_free(ctx);
OPENSSL_free(sdec);
return 2;
}
slen += mlen;
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
ctx = NULL;
p = sdec;
sess = d2i_SSL_SESSION(NULL, &p, slen);
@ -3154,7 +3155,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
*/
return 2;
err:
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
HMAC_CTX_free(hctx);
return -1;
}

16
test/gost2814789test.c
View file

@ -1208,7 +1208,7 @@ int main(int argc, char *argv[])
int ignore = 0;
ENGINE *impl = NULL;
EVP_MD_CTX *mctx;
EVP_CIPHER_CTX ectx;
EVP_CIPHER_CTX *ectx;
EVP_PKEY *mac_key;
byte bDerive[EVP_MAX_KEY_LENGTH];
byte bTest[G89_MAX_TC_LEN];
@ -1357,11 +1357,11 @@ int main(int argc, char *argv[])
}
ctype = cp_g89cnt;
engine_cipher_check:
EVP_CIPHER_CTX_init(&ectx);
EVP_EncryptInit_ex(&ectx, ctype, impl, bDerive, tcs[t].bIV);
ectx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(ectx, ctype, impl, bDerive, tcs[t].bIV);
if (G89_MAX_TC_LEN >= tcs[t].ullLen) {
enlu = sizeof(bTest);
EVP_EncryptUpdate(&ectx, bTest, &enlu,
EVP_EncryptUpdate(ectx, bTest, &enlu,
tcs[t].bIn, (int)tcs[t].ullLen);
l = (size_t)tcs[t].ullLen;
} else {
@ -1370,18 +1370,18 @@ int main(int argc, char *argv[])
printf("B");
fflush(NULL);
enlu = sizeof(bTS);
EVP_EncryptUpdate(&ectx, bTS, &enlu, bZB, sizeof(bZB));
EVP_EncryptUpdate(ectx, bTS, &enlu, bZB, sizeof(bZB));
}
printf("b" FMT64 "/" FMT64, ullLeft, tcs[t].ullLen);
fflush(NULL);
EVP_EncryptUpdate(&ectx, bTS, &enlu, bZB, (int)ullLeft);
EVP_EncryptUpdate(ectx, bTS, &enlu, bZB, (int)ullLeft);
memcpy(bTest, &bTS[enlu - 16], 16);
enlu = (int)tcs[t].ullLen;
l = 16;
}
enlf = sizeof(bTest1);
EVP_EncryptFinal_ex(&ectx, bTest1, &enlf);
EVP_CIPHER_CTX_cleanup(&ectx);
EVP_EncryptFinal_ex(ectx, bTest1, &enlf);
EVP_CIPHER_CTX_free(ectx);
break;
case G89_IMIT:
if (0 != strcmp("id-Gost28147-89-CryptoPro-A-ParamSet",