diff options
| author | bcook <> | 2016-09-03 14:54:25 +0000 |
|---|---|---|
| committer | bcook <> | 2016-09-03 14:54:25 +0000 |
| commit | 40f86ac072d3c93d1158f96a747042c4e32ca6a2 (patch) | |
| tree | 7db452907fc08cb3776749169b2f238fa070ae20 /src/lib/libcrypto/evp | |
| parent | e5cd7ad2410b187a41e6ac216c000a85d90f9dcd (diff) | |
| download | openbsd-40f86ac072d3c93d1158f96a747042c4e32ca6a2.tar.gz openbsd-40f86ac072d3c93d1158f96a747042c4e32ca6a2.tar.bz2 openbsd-40f86ac072d3c93d1158f96a747042c4e32ca6a2.zip | |
deprecate EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal()
This switches EVP_CipherFinal() to work as EVP_EncryptFinal() and
EVP_DecryptFinal() do, always clearing the cipher context on completion.
Indicate that, since it is not possible to tell whether this function will
clear the context (the API has changed over time in OpenSSL), it is better to
use the _ex() variants and explicitly clear instead.
ok beck@
Diffstat (limited to 'src/lib/libcrypto/evp')
| -rw-r--r-- | src/lib/libcrypto/evp/evp_enc.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index f8d2cb78d4..c89f69c9a2 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: evp_enc.c,v 1.31 2016/05/30 13:42:54 beck Exp $ */ | 1 | /* $OpenBSD: evp_enc.c,v 1.32 2016/09/03 14:54:25 bcook Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -260,13 +260,19 @@ EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
| 260 | return EVP_DecryptFinal_ex(ctx, out, outl); | 260 | return EVP_DecryptFinal_ex(ctx, out, outl); |
| 261 | } | 261 | } |
| 262 | 262 | ||
| 263 | __warn_references(EVP_CipherFinal, | ||
| 264 | "warning: EVP_CipherFinal is often misused, please use EVP_CipherFinal_ex and EVP_CIPHER_CTX_cleanup"); | ||
| 265 | |||
| 263 | int | 266 | int |
| 264 | EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | 267 | EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
| 265 | { | 268 | { |
| 269 | int ret; | ||
| 266 | if (ctx->encrypt) | 270 | if (ctx->encrypt) |
| 267 | return EVP_EncryptFinal_ex(ctx, out, outl); | 271 | ret = EVP_EncryptFinal_ex(ctx, out, outl); |
| 268 | else | 272 | else |
| 269 | return EVP_DecryptFinal_ex(ctx, out, outl); | 273 | ret = EVP_DecryptFinal_ex(ctx, out, outl); |
| 274 | (void) EVP_CIPHER_CTX_cleanup(ctx); | ||
| 275 | return ret; | ||
| 270 | } | 276 | } |
| 271 | 277 | ||
| 272 | int | 278 | int |
| @@ -365,6 +371,9 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, | |||
| 365 | return 1; | 371 | return 1; |
| 366 | } | 372 | } |
| 367 | 373 | ||
| 374 | __warn_references(EVP_EncryptFinal, | ||
| 375 | "warning: EVP_EncryptFinal is often misused, please use EVP_EncryptFinal_ex and EVP_CIPHER_CTX_cleanup"); | ||
| 376 | |||
| 368 | int | 377 | int |
| 369 | EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | 378 | EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
| 370 | { | 379 | { |
| @@ -479,6 +488,9 @@ EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, | |||
| 479 | return 1; | 488 | return 1; |
| 480 | } | 489 | } |
| 481 | 490 | ||
| 491 | __warn_references(EVP_DecryptFinal, | ||
| 492 | "warning: EVP_DecryptFinal is often misused, please use EVP_DecryptFinal_ex and EVP_CIPHER_CTX_cleanup"); | ||
| 493 | |||
| 482 | int | 494 | int |
| 483 | EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | 495 | EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
| 484 | { | 496 | { |