Fix signature and semantics of EVP_{CIPHER,MD}_CTX_init()

When the EVP_CIPHER_CTX and the EVP_MD_CTX were still expected to live on the stack, these initialization APIs were wrappers around memset. In OpenSSL 1.1, somebody removed them and carelessly made _init() an alias of _reset() aka _cleanup(). As a consequence, both signature and semantics changed. Unsurprisingly, there is now code out there that actually uses the new semantics, which causes leaks on LibreSSL and older OpenSSL. This aligns our _init() with OpenSSL 1.1 semantics. ok jsing
author: tb <> 2024-03-02 09:55:30 +0000
committer: tb <> 2024-03-02 09:55:30 +0000
commit: 9154e84667bc426874bac49d55743f07fd005bc2 (patch)
tree: 1a29aa5a7674f289db524ae2d0ca6b1ffb7043b3 /src
parent: d904a8f9d2ba21b2cd6d4e74ec8cd68927c5e6f9 (diff)
download: openbsd-9154e84667bc426874bac49d55743f07fd005bc2.tar.gz
openbsd-9154e84667bc426874bac49d55743f07fd005bc2.tar.bz2
openbsd-9154e84667bc426874bac49d55743f07fd005bc2.zip
3 files changed, 13 insertions, 13 deletions
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 1d867671e4..36de06f49b 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.123 2024/03/02 09:39:02 tb Exp $ */
+/* $OpenBSD: evp.h,v 1.124 2024/03/02 09:55:30 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -464,7 +464,7 @@ int EVP_Cipher(EVP_CIPHER_CTX *c, unsigned char *out, const unsigned char *in,
 EVP_MD_CTX *EVP_MD_CTX_new(void);
 void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
 #ifndef LIBRESSL_INTERNAL
-void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
+int EVP_MD_CTX_init(EVP_MD_CTX *ctx);
 #endif
 int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
 EVP_MD_CTX *EVP_MD_CTX_create(void);
@@ -578,7 +578,7 @@ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
 int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
 #ifndef LIBRESSL_INTERNAL
-void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
+int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
 #endif
 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
diff --git a/src/lib/libcrypto/evp/evp_cipher.c b/src/lib/libcrypto/evp/evp_cipher.c
index c2a88a5591..48aaea0f1b 100644
--- a/src/lib/libcrypto/evp/evp_cipher.c
+++ b/src/lib/libcrypto/evp/evp_cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_cipher.c,v 1.20 2024/02/24 08:00:37 tb Exp $ */
+/* $OpenBSD: evp_cipher.c,v 1.21 2024/03/02 09:55:30 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -613,15 +613,15 @@ EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
 }
 void
-EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
+EVP_CIPHER_CTX_legacy_clear(EVP_CIPHER_CTX *ctx)
 {
        memset(ctx, 0, sizeof(*ctx));
 }
-void
+int
-EVP_CIPHER_CTX_legacy_clear(EVP_CIPHER_CTX *ctx)
+EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
 {
-        memset(ctx, 0, sizeof(*ctx));
+        return EVP_CIPHER_CTX_cleanup(ctx);
 }
 int
diff --git a/src/lib/libcrypto/evp/evp_digest.c b/src/lib/libcrypto/evp/evp_digest.c
index 3a349ad0e6..b8eedd429d 100644
--- a/src/lib/libcrypto/evp/evp_digest.c
+++ b/src/lib/libcrypto/evp/evp_digest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_digest.c,v 1.10 2024/02/18 15:45:42 tb Exp $ */
+/* $OpenBSD: evp_digest.c,v 1.11 2024/03/02 09:55:30 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -247,15 +247,15 @@ EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
 }
 void
-EVP_MD_CTX_init(EVP_MD_CTX *ctx)
+EVP_MD_CTX_legacy_clear(EVP_MD_CTX *ctx)
 {
        memset(ctx, 0, sizeof(*ctx));
 }
-void
+int
-EVP_MD_CTX_legacy_clear(EVP_MD_CTX *ctx)
+EVP_MD_CTX_init(EVP_MD_CTX *ctx)
 {
-        memset(ctx, 0, sizeof(*ctx));
+        return EVP_MD_CTX_cleanup(ctx);
 }
 int
author	tb <>	2024-03-02 09:55:30 +0000
committer	tb <>	2024-03-02 09:55:30 +0000
commit	9154e84667bc426874bac49d55743f07fd005bc2 (patch)
tree	1a29aa5a7674f289db524ae2d0ca6b1ffb7043b3 /src
parent	d904a8f9d2ba21b2cd6d4e74ec8cd68927c5e6f9 (diff)
download	openbsd-9154e84667bc426874bac49d55743f07fd005bc2.tar.gz openbsd-9154e84667bc426874bac49d55743f07fd005bc2.tar.bz2 openbsd-9154e84667bc426874bac49d55743f07fd005bc2.zip

diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index 1d867671e4..36de06f49b 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp.h,v 1.123 2024/03/02 09:39:02 tb Exp $ */	1	/* $OpenBSD: evp.h,v 1.124 2024/03/02 09:55:30 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -464,7 +464,7 @@ int EVP_Cipher(EVP_CIPHER_CTX c, unsigned char out, const unsigned char *in,
464	EVP_MD_CTX *EVP_MD_CTX_new(void);	464	EVP_MD_CTX *EVP_MD_CTX_new(void);
465	void EVP_MD_CTX_free(EVP_MD_CTX *ctx);	465	void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
466	#ifndef LIBRESSL_INTERNAL	466	#ifndef LIBRESSL_INTERNAL
467	void EVP_MD_CTX_init(EVP_MD_CTX *ctx);	467	int EVP_MD_CTX_init(EVP_MD_CTX *ctx);
468	#endif	468	#endif
469	int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);	469	int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
470	EVP_MD_CTX *EVP_MD_CTX_create(void);	470	EVP_MD_CTX *EVP_MD_CTX_create(void);
@@ -578,7 +578,7 @@ int EVP_DecodeFinal(EVP_ENCODE_CTX ctx, unsigned char out, int *outl);
578	int EVP_DecodeBlock(unsigned char t, const unsigned char f, int n);	578	int EVP_DecodeBlock(unsigned char t, const unsigned char f, int n);
579		579
580	#ifndef LIBRESSL_INTERNAL	580	#ifndef LIBRESSL_INTERNAL
581	void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);	581	int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
582	#endif	582	#endif
583	int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);	583	int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
584	EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);	584	EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);


diff --git a/src/lib/libcrypto/evp/evp_cipher.c b/src/lib/libcrypto/evp/evp_cipher.c index c2a88a5591..48aaea0f1b 100644 --- a/src/lib/libcrypto/evp/evp_cipher.c +++ b/src/lib/libcrypto/evp/evp_cipher.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp_cipher.c,v 1.20 2024/02/24 08:00:37 tb Exp $ */	1	/* $OpenBSD: evp_cipher.c,v 1.21 2024/03/02 09:55:30 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -613,15 +613,15 @@ EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
613	}	613	}
614		614
615	void	615	void
616	EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)	616	EVP_CIPHER_CTX_legacy_clear(EVP_CIPHER_CTX *ctx)
617	{	617	{
618	memset(ctx, 0, sizeof(*ctx));	618	memset(ctx, 0, sizeof(*ctx));
619	}	619	}
620		620
621	void	621	int
622	EVP_CIPHER_CTX_legacy_clear(EVP_CIPHER_CTX *ctx)	622	EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
623	{	623	{
624	memset(ctx, 0, sizeof(*ctx));	624	return EVP_CIPHER_CTX_cleanup(ctx);
625	}	625	}
626		626
627	int	627	int


diff --git a/src/lib/libcrypto/evp/evp_digest.c b/src/lib/libcrypto/evp/evp_digest.c index 3a349ad0e6..b8eedd429d 100644 --- a/src/lib/libcrypto/evp/evp_digest.c +++ b/src/lib/libcrypto/evp/evp_digest.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp_digest.c,v 1.10 2024/02/18 15:45:42 tb Exp $ */	1	/* $OpenBSD: evp_digest.c,v 1.11 2024/03/02 09:55:30 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -247,15 +247,15 @@ EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
247	}	247	}
248		248
249	void	249	void
250	EVP_MD_CTX_init(EVP_MD_CTX *ctx)	250	EVP_MD_CTX_legacy_clear(EVP_MD_CTX *ctx)
251	{	251	{
252	memset(ctx, 0, sizeof(*ctx));	252	memset(ctx, 0, sizeof(*ctx));
253	}	253	}
254		254
255	void	255	int
256	EVP_MD_CTX_legacy_clear(EVP_MD_CTX *ctx)	256	EVP_MD_CTX_init(EVP_MD_CTX *ctx)
257	{	257	{
258	memset(ctx, 0, sizeof(*ctx));	258	return EVP_MD_CTX_cleanup(ctx);
259	}	259	}
260		260
261	int	261	int