Make the cleanup() method return an int again

This partially reverts jsing's OpenBSD commit b8185953, but without adding
back the error check that potentialy results in dumb leaks. No cleanup()
method in the wild returns anything but 1. Since that's the signature in
the EVP_CIPHER_meth_* API, we have no choice...

ok jsing

4 files changed, 12 insertions, 7 deletions

diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 0d7daf43e3..790b26384d 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.50 2022/11/26 16:08:52 tb Exp $ */
+/* $OpenBSD: e_aes.c,v 1.51 2023/03/01 11:16:06 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -1255,7 +1255,7 @@ EVP_aes_256_ctr(void)
 #endif
 }
 
-static void
+static int
 aes_gcm_cleanup(EVP_CIPHER_CTX *c)
 {
         EVP_AES_GCM_CTX *gctx = c->cipher_data;
@@ -1264,6 +1264,8 @@ aes_gcm_cleanup(EVP_CIPHER_CTX *c)
                 free(gctx->iv);
 
         explicit_bzero(gctx, sizeof(*gctx));
+
+        return 1;
 }
 
 /* increment counter (64-bit int) by 1 */
diff --git a/src/lib/libcrypto/evp/e_chacha20poly1305.c b/src/lib/libcrypto/evp/e_chacha20poly1305.c
index 2635b6f675..1bd04c1f1f 100644
--- a/src/lib/libcrypto/evp/e_chacha20poly1305.c
+++ b/src/lib/libcrypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_chacha20poly1305.c,v 1.27 2022/11/26 16:08:52 tb Exp $ */
+/* $OpenBSD: e_chacha20poly1305.c,v 1.28 2023/03/01 11:16:06 tb Exp $ */
 
 /*
  * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
@@ -530,12 +530,14 @@ chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         return len;
 }
 
-static void
+static int
 chacha20_poly1305_cleanup(EVP_CIPHER_CTX *ctx)
 {
         struct chacha20_poly1305_ctx *cpx = ctx->cipher_data;
 
         explicit_bzero(cpx, sizeof(*cpx));
+
+        return 1;
 }
 
 static int
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index c64390d599..df818e3a62 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_enc.c,v 1.49 2022/12/26 07:18:52 jmc Exp $ */
+/* $OpenBSD: evp_enc.c,v 1.50 2023/03/01 11:16:06 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -601,6 +601,7 @@ int
 EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
 {
         if (c->cipher != NULL) {
+                /* XXX - Avoid leaks, so ignore return value of cleanup()... */
                 if (c->cipher->cleanup != NULL)
                         c->cipher->cleanup(c);
                 if (c->cipher_data != NULL)
diff --git a/src/lib/libcrypto/evp/evp_local.h b/src/lib/libcrypto/evp/evp_local.h
index 3ffaf555ba..9905b82dd5 100644
--- a/src/lib/libcrypto/evp/evp_local.h
+++ b/src/lib/libcrypto/evp/evp_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_local.h,v 1.2 2022/11/26 17:23:17 tb Exp $ */
+/* $OpenBSD: evp_local.h,v 1.3 2023/03/01 11:16:06 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -153,7 +153,7 @@ struct evp_cipher_st {
             const unsigned char *iv, int enc);  /* init key */
         int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
             const unsigned char *in, size_t inl);/* encrypt/decrypt data */
-        void (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
+        int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
         int ctx_size;           /* how big ctx->cipher_data needs to be */
         int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */
         int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */