diff options
| author | tb <> | 2024-02-18 15:41:50 +0000 |
|---|---|---|
| committer | tb <> | 2024-02-18 15:41:50 +0000 |
| commit | 8649ab60e71ce1289b2311ce03e64455620cb86b (patch) | |
| tree | 0795181fb795082de7682d5b584a19be8615bed5 /src | |
| parent | 8b5c8b457a257ae2930ac247453e99a1dee9a693 (diff) | |
| download | openbsd-8649ab60e71ce1289b2311ce03e64455620cb86b.tar.gz openbsd-8649ab60e71ce1289b2311ce03e64455620cb86b.tar.bz2 openbsd-8649ab60e71ce1289b2311ce03e64455620cb86b.zip | |
Add EVP_CIPHER_CTX_legacy_clear()
OpenSSL 1.1 made EVP_CIPHER_CTX_init() an alias of EVP_CIPHER_CTX_reset().
In particular, it changed signature and it would no longer leak internal
state if used on an already used ctx. On the other hand, it can't be used
for ctx on the stack.
libcrypto still has a few ctx on the stack which will be converted to heap
allocated contexts at some point. Until this is completed, we will use
EVP_CIPHER_CTX_legacy_clear() internally, so that the public API can be
changed to match OpenSSL 1.1.
ok jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/evp/evp_cipher.c | 8 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/evp_local.h | 4 |
2 files changed, 10 insertions, 2 deletions
diff --git a/src/lib/libcrypto/evp/evp_cipher.c b/src/lib/libcrypto/evp/evp_cipher.c index abdc33eace..94eb42a807 100644 --- a/src/lib/libcrypto/evp/evp_cipher.c +++ b/src/lib/libcrypto/evp/evp_cipher.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: evp_cipher.c,v 1.17 2024/01/30 17:41:01 tb Exp $ */ | 1 | /* $OpenBSD: evp_cipher.c,v 1.18 2024/02/18 15:41:50 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -618,6 +618,12 @@ EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) | |||
| 618 | memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); | 618 | memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); |
| 619 | } | 619 | } |
| 620 | 620 | ||
| 621 | void | ||
| 622 | EVP_CIPHER_CTX_legacy_clear(EVP_CIPHER_CTX *ctx) | ||
| 623 | { | ||
| 624 | memset(ctx, 0, sizeof(*ctx)); | ||
| 625 | } | ||
| 626 | |||
| 621 | int | 627 | int |
| 622 | EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) | 628 | EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) |
| 623 | { | 629 | { |
diff --git a/src/lib/libcrypto/evp/evp_local.h b/src/lib/libcrypto/evp/evp_local.h index f81a8d6080..8b24be6039 100644 --- a/src/lib/libcrypto/evp/evp_local.h +++ b/src/lib/libcrypto/evp/evp_local.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: evp_local.h,v 1.14 2024/01/27 23:34:18 tb Exp $ */ | 1 | /* $OpenBSD: evp_local.h,v 1.15 2024/02/18 15:41:50 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -377,6 +377,8 @@ int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str); | |||
| 377 | int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex); | 377 | int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex); |
| 378 | int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md_name); | 378 | int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md_name); |
| 379 | 379 | ||
| 380 | void EVP_CIPHER_CTX_legacy_clear(EVP_CIPHER_CTX *ctx); | ||
| 381 | |||
| 380 | __END_HIDDEN_DECLS | 382 | __END_HIDDEN_DECLS |
| 381 | 383 | ||
| 382 | #endif /* !HEADER_EVP_LOCAL_H */ | 384 | #endif /* !HEADER_EVP_LOCAL_H */ |