Adapt all EVP_CIPHER_CTX users for it becoming opaque

Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Richard Levitte <levitte@openssl.org> 2015-12-13 22:08:41 +0100
committer: Richard Levitte <levitte@openssl.org> 2016-01-12 13:52:22 +0100
commit: 846ec07d904f9cc81d486db0db14fb84f61ff6e5 (patch)
tree: 95f8e06e1e66296e20ade5ce79e098216ddbdf99 /crypto/pem
parent: Adapt cipher implementations to opaque EVP_CIPHER_CTX (diff)
download: openssl-846ec07d904f9cc81d486db0db14fb84f61ff6e5.tar.xz
openssl-846ec07d904f9cc81d486db0db14fb84f61ff6e5.zip
3 files changed, 28 insertions, 31 deletions
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index 0cbd081b38..89321e8990 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -301,7 +301,6 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
                             unsigned char *kstr, int klen,
                             pem_password_cb *cb, void *u)
 {
-    EVP_CIPHER_CTX ctx;
     int i, ret = 0;
     unsigned char *data = NULL;
     const char *objstr = NULL;
@@ -381,7 +380,6 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
     ret = 1;
 
  err:
-    OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
     OPENSSL_cleanse(buf, PEM_BUFSIZE);
     return (ret);
 }
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 465e2eec8f..29b391f6ac 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -340,7 +340,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
                        void *x, const EVP_CIPHER *enc, unsigned char *kstr,
                        int klen, pem_password_cb *callback, void *u)
 {
-    EVP_CIPHER_CTX ctx;
+    EVP_CIPHER_CTX *ctx = NULL;
     int dsize = 0, i = 0, j = 0, ret = 0;
     unsigned char *p, *data = NULL;
     const char *objstr = NULL;
@@ -409,13 +409,12 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
         PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
         /* k=strlen(buf); */
 
-        EVP_CIPHER_CTX_init(&ctx);
         ret = 1;
-        if (!EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv)
-            || !EVP_EncryptUpdate(&ctx, data, &j, data, i)
-            || !EVP_EncryptFinal_ex(&ctx, &(data[j]), &i))
+        if ((ctx = EVP_CIPHER_CTX_new()) == NULL
+            || !EVP_EncryptInit_ex(ctx, enc, NULL, key, iv)
+            || !EVP_EncryptUpdate(ctx, data, &j, data, i)
+            || !EVP_EncryptFinal_ex(ctx, &(data[j]), &i))
             ret = 0;
-        EVP_CIPHER_CTX_cleanup(&ctx);
         if (ret == 0)
             goto err;
         i += j;
@@ -429,7 +428,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
  err:
     OPENSSL_cleanse(key, sizeof(key));
     OPENSSL_cleanse(iv, sizeof(iv));
-    OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
+    EVP_CIPHER_CTX_free(ctx);
     OPENSSL_cleanse(buf, PEM_BUFSIZE);
     OPENSSL_clear_free(data, (unsigned int)dsize);
     return (ret);
@@ -440,7 +439,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
 {
     int i = 0, j, o, klen;
     long len;
-    EVP_CIPHER_CTX ctx;
+    EVP_CIPHER_CTX *ctx;
     unsigned char key[EVP_MAX_KEY_LENGTH];
     char buf[PEM_BUFSIZE];
 
@@ -466,13 +465,15 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
         return 0;
 
     j = (int)len;
-    EVP_CIPHER_CTX_init(&ctx);
-    o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        return 0;
+    o = EVP_DecryptInit_ex(ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
     if (o)
-        o = EVP_DecryptUpdate(&ctx, data, &i, data, j);
+        o = EVP_DecryptUpdate(ctx, data, &i, data, j);
     if (o)
-        o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j);
-    EVP_CIPHER_CTX_cleanup(&ctx);
+        o = EVP_DecryptFinal_ex(ctx, &(data[i]), &j);
+    EVP_CIPHER_CTX_free(ctx);
     OPENSSL_cleanse((char *)buf, sizeof(buf));
     OPENSSL_cleanse((char *)key, sizeof(key));
     if (o)
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 58cbd07475..8aceb2bc03 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -672,8 +672,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
     unsigned int magic;
     unsigned char *enctmp = NULL, *q;
 
-    EVP_CIPHER_CTX cctx;
-    EVP_CIPHER_CTX_init(&cctx);
+    EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
     if (saltlen) {
         char psbuf[PEM_BUFSIZE];
         unsigned char keybuf[20];
@@ -704,22 +703,22 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
         }
         inlen = keylen - 8;
         q = enctmp + 8;
-        if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
+        if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
             goto err;
-        if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
+        if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
             goto err;
-        if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
+        if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
             goto err;
         magic = read_ledword((const unsigned char **)&q);
         if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
             q = enctmp + 8;
             memset(keybuf + 5, 0, 11);
-            if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
+            if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
                 goto err;
             OPENSSL_cleanse(keybuf, 20);
-            if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
+            if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
                 goto err;
-            if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
+            if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
                 goto err;
             magic = read_ledword((const unsigned char **)&q);
             if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
@@ -733,7 +732,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
 
     ret = b2i_PrivateKey(&p, keylen);
  err:
-    EVP_CIPHER_CTX_cleanup(&cctx);
+    EVP_CIPHER_CTX_free(cctx);
     OPENSSL_free(enctmp);
     return ret;
 }
@@ -776,8 +775,7 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
 {
     int outlen = 24, pklen;
     unsigned char *p, *salt = NULL;
-    EVP_CIPHER_CTX cctx;
-    EVP_CIPHER_CTX_init(&cctx);
+    EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
     if (enclevel)
         outlen += PVK_SALTLEN;
     pklen = do_i2b(NULL, pk, 0);
@@ -833,19 +831,19 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
         if (enclevel == 1)
             memset(keybuf + 5, 0, 11);
         p = salt + PVK_SALTLEN + 8;
-        if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
+        if (!EVP_EncryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
             goto error;
         OPENSSL_cleanse(keybuf, 20);
-        if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8))
+        if (!EVP_DecryptUpdate(cctx, p, &enctmplen, p, pklen - 8))
             goto error;
-        if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen))
+        if (!EVP_DecryptFinal_ex(cctx, p + enctmplen, &enctmplen))
             goto error;
     }
-    EVP_CIPHER_CTX_cleanup(&cctx);
+    EVP_CIPHER_CTX_free(cctx);
     return outlen;
 
  error:
-    EVP_CIPHER_CTX_cleanup(&cctx);
+    EVP_CIPHER_CTX_free(cctx);
     return -1;
 }
author	Richard Levitte <levitte@openssl.org>	2015-12-13 22:08:41 +0100
committer	Richard Levitte <levitte@openssl.org>	2016-01-12 13:52:22 +0100
commit	846ec07d904f9cc81d486db0db14fb84f61ff6e5 (patch)
tree	95f8e06e1e66296e20ade5ce79e098216ddbdf99 /crypto/pem
parent	Adapt cipher implementations to opaque EVP_CIPHER_CTX (diff)
download	openssl-846ec07d904f9cc81d486db0db14fb84f61ff6e5.tar.xz openssl-846ec07d904f9cc81d486db0db14fb84f61ff6e5.zip