Simplify some logic in EVP_EncryptInit_ex()

Pull up the EVP_R_NO_CIPHER_SET check that was hidden somewhere down in the middle of the function. Handle the reuse case outside of the big non-NULL cipher case for now. This looks a bit odd but relies on the invariant that cipher_data is only set if the cipher is set. It will be reworked in a subsequent commit. ok jsing
author: tb <> 2023-12-22 12:35:22 +0000
committer: tb <> 2023-12-22 12:35:22 +0000
commit: ceaa3ee99a03ab6937cc307a1b6bb2a60d08c2fa (patch)
tree: dc5712bc527a6c0d2066ea53c4f13ae78d88a778 /src/lib
parent: f9a4150fae4744c1c4b3102e66a62a26ad7b9108 (diff)
download: openbsd-ceaa3ee99a03ab6937cc307a1b6bb2a60d08c2fa.tar.gz
openbsd-ceaa3ee99a03ab6937cc307a1b6bb2a60d08c2fa.tar.bz2
openbsd-ceaa3ee99a03ab6937cc307a1b6bb2a60d08c2fa.zip
1 files changed, 28 insertions, 24 deletions
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index d0cd301e52..6817bbc595 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_enc.c,v 1.75 2023/12/22 10:20:33 tb Exp $ */
+/* $OpenBSD: evp_enc.c,v 1.76 2023/12/22 12:35:22 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -83,44 +83,48 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *engine,
 {
        if (enc == -1)
                enc = ctx->encrypt;
-        else {
+        if (enc != 0)
-                if (enc)
+                enc = 1;
-                        enc = 1;
+        ctx->encrypt = enc;
+        if (cipher == NULL && ctx->cipher == NULL) {
+                EVPerror(EVP_R_NO_CIPHER_SET);
+                return 0;
+        }
+        /*
+         * If the ctx is reused and a cipher is passed in, reset the ctx but
+         * remember enc and whether key wrap was enabled.
+         */
+        if (cipher != NULL && ctx->cipher != NULL) {
+                unsigned long flags = ctx->flags;
+                EVP_CIPHER_CTX_cleanup(ctx);
                ctx->encrypt = enc;
+                ctx->flags = flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
        }
-        if (cipher) {
-                /* Ensure a context left lying around from last time is cleared
-                 * (the previous check attempted to avoid this if the same
-                 * EVP_CIPHER could be used). */
-                if (ctx->cipher) {
-                        unsigned long flags = ctx->flags;
-                        EVP_CIPHER_CTX_cleanup(ctx);
-                        /* Restore encrypt and flags */
-                        ctx->encrypt = enc;
-                        ctx->flags = flags;
-                }
+        /* Set up cipher. Allocate cipher data and initialize if necessary. */
+        if (cipher != NULL) {
                ctx->cipher = cipher;
-                if (ctx->cipher->ctx_size) {
+                ctx->key_len = cipher->key_len;
+                ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
+                if (ctx->cipher->ctx_size != 0) {
                        ctx->cipher_data = calloc(1, ctx->cipher->ctx_size);
                        if (ctx->cipher_data == NULL) {
                                EVPerror(ERR_R_MALLOC_FAILURE);
                                return 0;
                        }
-                } else {
-                        ctx->cipher_data = NULL;
                }
-                ctx->key_len = cipher->key_len;
-                ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
+                if ((ctx->cipher->flags & EVP_CIPH_CTRL_INIT) != 0) {
-                if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
                        if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
                                EVPerror(EVP_R_INITIALIZATION_ERROR);
                                return 0;
                        }
                }
-        } else if (!ctx->cipher) {
-                EVPerror(EVP_R_NO_CIPHER_SET);
-                return 0;
        }
        /* Block sizes must be a power of 2 due to the use of block_mask. */
author	tb <>	2023-12-22 12:35:22 +0000
committer	tb <>	2023-12-22 12:35:22 +0000
commit	ceaa3ee99a03ab6937cc307a1b6bb2a60d08c2fa (patch)
tree	dc5712bc527a6c0d2066ea53c4f13ae78d88a778 /src/lib
parent	f9a4150fae4744c1c4b3102e66a62a26ad7b9108 (diff)
download	openbsd-ceaa3ee99a03ab6937cc307a1b6bb2a60d08c2fa.tar.gz openbsd-ceaa3ee99a03ab6937cc307a1b6bb2a60d08c2fa.tar.bz2 openbsd-ceaa3ee99a03ab6937cc307a1b6bb2a60d08c2fa.zip

diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index d0cd301e52..6817bbc595 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp_enc.c,v 1.75 2023/12/22 10:20:33 tb Exp $ */	1	/* $OpenBSD: evp_enc.c,v 1.76 2023/12/22 12:35:22 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -83,44 +83,48 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *engine,
83	{	83	{
84	if (enc == -1)	84	if (enc == -1)
85	enc = ctx->encrypt;	85	enc = ctx->encrypt;
86	else {	86	if (enc != 0)
87	if (enc)	87	enc = 1;
88	enc = 1;	88	ctx->encrypt = enc;
		89
		90	if (cipher == NULL && ctx->cipher == NULL) {
		91	EVPerror(EVP_R_NO_CIPHER_SET);
		92	return 0;
		93	}
		94
		95	/*
		96	* If the ctx is reused and a cipher is passed in, reset the ctx but
		97	* remember enc and whether key wrap was enabled.
		98	*/
		99	if (cipher != NULL && ctx->cipher != NULL) {
		100	unsigned long flags = ctx->flags;
		101
		102	EVP_CIPHER_CTX_cleanup(ctx);
		103
89	ctx->encrypt = enc;	104	ctx->encrypt = enc;
		105	ctx->flags = flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
90	}	106	}
91	if (cipher) {
92	/* Ensure a context left lying around from last time is cleared
93	* (the previous check attempted to avoid this if the same
94	* EVP_CIPHER could be used). */
95	if (ctx->cipher) {
96	unsigned long flags = ctx->flags;
97	EVP_CIPHER_CTX_cleanup(ctx);
98	/* Restore encrypt and flags */
99	ctx->encrypt = enc;
100	ctx->flags = flags;
101	}
102		107
		108	/* Set up cipher. Allocate cipher data and initialize if necessary. */
		109	if (cipher != NULL) {
103	ctx->cipher = cipher;	110	ctx->cipher = cipher;
104	if (ctx->cipher->ctx_size) {	111	ctx->key_len = cipher->key_len;
		112	ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
		113
		114	if (ctx->cipher->ctx_size != 0) {
105	ctx->cipher_data = calloc(1, ctx->cipher->ctx_size);	115	ctx->cipher_data = calloc(1, ctx->cipher->ctx_size);
106	if (ctx->cipher_data == NULL) {	116	if (ctx->cipher_data == NULL) {
107	EVPerror(ERR_R_MALLOC_FAILURE);	117	EVPerror(ERR_R_MALLOC_FAILURE);
108	return 0;	118	return 0;
109	}	119	}
110	} else {
111	ctx->cipher_data = NULL;
112	}	120	}
113	ctx->key_len = cipher->key_len;	121
114	ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;	122	if ((ctx->cipher->flags & EVP_CIPH_CTRL_INIT) != 0) {
115	if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
116	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {	123	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
117	EVPerror(EVP_R_INITIALIZATION_ERROR);	124	EVPerror(EVP_R_INITIALIZATION_ERROR);
118	return 0;	125	return 0;
119	}	126	}
120	}	127	}
121	} else if (!ctx->cipher) {
122	EVPerror(EVP_R_NO_CIPHER_SET);
123	return 0;
124	}	128	}
125		129
126	/* Block sizes must be a power of 2 due to the use of block_mask. */	130	/* Block sizes must be a power of 2 due to the use of block_mask. */