diff options
author | Bob Beck <beck@cvs.openbsd.org> | 2016-05-30 13:42:55 +0000 |
---|---|---|
committer | Bob Beck <beck@cvs.openbsd.org> | 2016-05-30 13:42:55 +0000 |
commit | 3609df57c2dabf2c1ad0313262296332169c5346 (patch) | |
tree | e5007b1715c8d5f5d0e8ee7fb4aa6fefa2ec7770 /lib | |
parent | 2b9b74cdf85d0ae1005ef61ca5bede7fbfcba050 (diff) |
deprecate internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.
14 years ago these were changed in OpenSSL to be the same
as the _ex functions. We use the _ex functions only internally
to ensure it is obvious the ctx must be cleared.
ok bcook@
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libcrypto/evp/evp.h | 14 | ||||
-rw-r--r-- | lib/libcrypto/evp/evp_enc.c | 10 | ||||
-rw-r--r-- | lib/libssl/s3_srvr.c | 4 | ||||
-rw-r--r-- | lib/libssl/t1_lib.c | 4 |
4 files changed, 20 insertions, 12 deletions
diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h index a0adbece014..75798dae8c8 100644 --- a/lib/libcrypto/evp/evp.h +++ b/lib/libcrypto/evp/evp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp.h,v 1.50 2016/04/28 16:06:53 jsing Exp $ */ +/* $OpenBSD: evp.h,v 1.51 2016/05/30 13:42:54 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -575,7 +575,9 @@ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +#ifndef LIBRESSL_INTERNAL int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +#endif int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv); @@ -583,8 +585,10 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv); int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); -int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +#ifndef LIBRESSL_INTERNAL +int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +#endif int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, int enc); @@ -592,9 +596,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); -int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); - +#ifndef LIBRESSL_INTERNAL +int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +#endif + int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, EVP_PKEY *pkey); diff --git a/lib/libcrypto/evp/evp_enc.c b/lib/libcrypto/evp/evp_enc.c index 556908fd106..f8d2cb78d4c 100644 --- a/lib/libcrypto/evp/evp_enc.c +++ b/lib/libcrypto/evp/evp_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_enc.c,v 1.30 2016/05/04 15:05:13 tedu Exp $ */ +/* $OpenBSD: evp_enc.c,v 1.31 2016/05/30 13:42:54 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -264,9 +264,9 @@ int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { if (ctx->encrypt) - return EVP_EncryptFinal(ctx, out, outl); + return EVP_EncryptFinal_ex(ctx, out, outl); else - return EVP_DecryptFinal(ctx, out, outl); + return EVP_DecryptFinal_ex(ctx, out, outl); } int @@ -371,6 +371,7 @@ EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int ret; ret = EVP_EncryptFinal_ex(ctx, out, outl); + (void) EVP_CIPHER_CTX_cleanup(ctx); return ret; } @@ -484,6 +485,7 @@ EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int ret; ret = EVP_DecryptFinal_ex(ctx, out, outl); + (void) EVP_CIPHER_CTX_cleanup(ctx); return ret; } @@ -571,7 +573,7 @@ EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) * functional reference we held for this reason. */ ENGINE_finish(c->engine); #endif - memset(c, 0, sizeof(EVP_CIPHER_CTX)); + explicit_bzero(c, sizeof(EVP_CIPHER_CTX)); return 1; } diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 10b6312834f..9fe96de53e1 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.125 2016/03/11 07:08:45 mmcc Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.126 2016/05/30 13:42:54 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2558,7 +2558,7 @@ ssl3_send_newsession_ticket(SSL *s) /* Encrypt session data */ EVP_EncryptUpdate(&ctx, p, &len, senc, slen); p += len; - EVP_EncryptFinal(&ctx, p, &len); + EVP_EncryptFinal_ex(&ctx, p, &len); p += len; EVP_CIPHER_CTX_cleanup(&ctx); diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 78553139141..7230dec6714 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.86 2016/03/10 23:21:46 mmcc Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.87 2016/05/30 13:42:54 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2199,7 +2199,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, return -1; } EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); - if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) { + if (EVP_DecryptFinal_ex(&ctx, sdec + slen, &mlen) <= 0) { free(sdec); EVP_CIPHER_CTX_cleanup(&ctx); return 2; |