diff options
| author | joshua <> | 2024-03-25 04:05:22 +0000 |
|---|---|---|
| committer | joshua <> | 2024-03-25 04:05:22 +0000 |
| commit | 9c07b7c88de341d4b4f706e5fc2fefaa45635d2c (patch) | |
| tree | 257f522ddb0c76cbc049e2586aa1ce07f676172a /src | |
| parent | 301420deac5a9ef4709389904229fe1661e98df4 (diff) | |
| download | openbsd-9c07b7c88de341d4b4f706e5fc2fefaa45635d2c.tar.gz openbsd-9c07b7c88de341d4b4f706e5fc2fefaa45635d2c.tar.bz2 openbsd-9c07b7c88de341d4b4f706e5fc2fefaa45635d2c.zip | |
Clean up EVP_CIPHER_CTX_{legacy_clear,cleanup} usage in evp/bio_enc.c
Additionally, this tidies up some surrounding code and replaces usage of
free with freezero and malloc with calloc.
ok tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/evp/bio_enc.c | 88 |
1 files changed, 49 insertions, 39 deletions
diff --git a/src/lib/libcrypto/evp/bio_enc.c b/src/lib/libcrypto/evp/bio_enc.c index dd3840074f..f9a95f53ec 100644 --- a/src/lib/libcrypto/evp/bio_enc.c +++ b/src/lib/libcrypto/evp/bio_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bio_enc.c,v 1.30 2024/02/18 15:44:10 tb Exp $ */ | 1 | /* $OpenBSD: bio_enc.c,v 1.31 2024/03/25 04:05:22 joshua Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -58,6 +58,7 @@ | |||
| 58 | 58 | ||
| 59 | #include <errno.h> | 59 | #include <errno.h> |
| 60 | #include <stdio.h> | 60 | #include <stdio.h> |
| 61 | #include <stdlib.h> | ||
| 61 | #include <string.h> | 62 | #include <string.h> |
| 62 | 63 | ||
| 63 | #include <openssl/buffer.h> | 64 | #include <openssl/buffer.h> |
| @@ -83,7 +84,7 @@ typedef struct enc_struct { | |||
| 83 | int cont; /* <= 0 when finished */ | 84 | int cont; /* <= 0 when finished */ |
| 84 | int finished; | 85 | int finished; |
| 85 | int ok; /* bad decrypt */ | 86 | int ok; /* bad decrypt */ |
| 86 | EVP_CIPHER_CTX cipher; | 87 | EVP_CIPHER_CTX *cipher_ctx; |
| 87 | /* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate | 88 | /* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate |
| 88 | * can return up to a block more data than is presented to it | 89 | * can return up to a block more data than is presented to it |
| 89 | */ | 90 | */ |
| @@ -107,42 +108,51 @@ BIO_f_cipher(void) | |||
| 107 | return (&methods_enc); | 108 | return (&methods_enc); |
| 108 | } | 109 | } |
| 109 | 110 | ||
| 111 | static void | ||
| 112 | bio_enc_ctx_free(BIO_ENC_CTX *ctx) | ||
| 113 | { | ||
| 114 | if (ctx == NULL) | ||
| 115 | return; | ||
| 116 | |||
| 117 | EVP_CIPHER_CTX_free(ctx->cipher_ctx); | ||
| 118 | freezero(ctx, sizeof(*ctx)); | ||
| 119 | } | ||
| 120 | |||
| 110 | static int | 121 | static int |
| 111 | enc_new(BIO *bi) | 122 | enc_new(BIO *bi) |
| 112 | { | 123 | { |
| 113 | BIO_ENC_CTX *ctx; | 124 | BIO_ENC_CTX *ctx; |
| 125 | int ret = 0; | ||
| 114 | 126 | ||
| 115 | ctx = malloc(sizeof(BIO_ENC_CTX)); | 127 | if ((ctx = calloc(1, sizeof(BIO_ENC_CTX))) == NULL) |
| 116 | if (ctx == NULL) | 128 | goto err; |
| 117 | return (0); | 129 | if ((ctx->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) |
| 118 | EVP_CIPHER_CTX_legacy_clear(&ctx->cipher); | 130 | goto err; |
| 119 | 131 | ||
| 120 | ctx->buf_len = 0; | ||
| 121 | ctx->buf_off = 0; | ||
| 122 | ctx->cont = 1; | 132 | ctx->cont = 1; |
| 123 | ctx->finished = 0; | ||
| 124 | ctx->ok = 1; | 133 | ctx->ok = 1; |
| 125 | 134 | ||
| 126 | bi->init = 0; | 135 | bi->ptr = ctx; |
| 127 | bi->ptr = (char *)ctx; | 136 | ctx = NULL; |
| 128 | bi->flags = 0; | 137 | |
| 129 | return (1); | 138 | ret = 1; |
| 139 | |||
| 140 | err: | ||
| 141 | bio_enc_ctx_free(ctx); | ||
| 142 | |||
| 143 | return ret; | ||
| 130 | } | 144 | } |
| 131 | 145 | ||
| 132 | static int | 146 | static int |
| 133 | enc_free(BIO *a) | 147 | enc_free(BIO *a) |
| 134 | { | 148 | { |
| 135 | BIO_ENC_CTX *b; | ||
| 136 | |||
| 137 | if (a == NULL) | 149 | if (a == NULL) |
| 138 | return (0); | 150 | return 0; |
| 139 | b = (BIO_ENC_CTX *)a->ptr; | 151 | |
| 140 | EVP_CIPHER_CTX_cleanup(&(b->cipher)); | 152 | bio_enc_ctx_free(a->ptr); |
| 141 | freezero(a->ptr, sizeof(BIO_ENC_CTX)); | 153 | explicit_bzero(a, sizeof(*a)); |
| 142 | a->ptr = NULL; | 154 | |
| 143 | a->init = 0; | 155 | return 1; |
| 144 | a->flags = 0; | ||
| 145 | return (1); | ||
| 146 | } | 156 | } |
| 147 | 157 | ||
| 148 | static int | 158 | static int |
| @@ -189,7 +199,7 @@ enc_read(BIO *b, char *out, int outl) | |||
| 189 | /* Should be continue next time we are called? */ | 199 | /* Should be continue next time we are called? */ |
| 190 | if (!BIO_should_retry(b->next_bio)) { | 200 | if (!BIO_should_retry(b->next_bio)) { |
| 191 | ctx->cont = i; | 201 | ctx->cont = i; |
| 192 | i = EVP_CipherFinal_ex(&(ctx->cipher), | 202 | i = EVP_CipherFinal_ex(ctx->cipher_ctx, |
| 193 | (unsigned char *)ctx->buf, | 203 | (unsigned char *)ctx->buf, |
| 194 | &(ctx->buf_len)); | 204 | &(ctx->buf_len)); |
| 195 | ctx->ok = i; | 205 | ctx->ok = i; |
| @@ -199,7 +209,7 @@ enc_read(BIO *b, char *out, int outl) | |||
| 199 | break; | 209 | break; |
| 200 | } | 210 | } |
| 201 | } else { | 211 | } else { |
| 202 | EVP_CipherUpdate(&(ctx->cipher), | 212 | EVP_CipherUpdate(ctx->cipher_ctx, |
| 203 | (unsigned char *)ctx->buf, &ctx->buf_len, | 213 | (unsigned char *)ctx->buf, &ctx->buf_len, |
| 204 | (unsigned char *)&(ctx->buf[BUF_OFFSET]), i); | 214 | (unsigned char *)&(ctx->buf[BUF_OFFSET]), i); |
| 205 | ctx->cont = 1; | 215 | ctx->cont = 1; |
| @@ -259,7 +269,7 @@ enc_write(BIO *b, const char *in, int inl) | |||
| 259 | ctx->buf_off = 0; | 269 | ctx->buf_off = 0; |
| 260 | while (inl > 0) { | 270 | while (inl > 0) { |
| 261 | n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl; | 271 | n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl; |
| 262 | EVP_CipherUpdate(&(ctx->cipher), | 272 | EVP_CipherUpdate(ctx->cipher_ctx, |
| 263 | (unsigned char *)ctx->buf, &ctx->buf_len, | 273 | (unsigned char *)ctx->buf, &ctx->buf_len, |
| 264 | (unsigned char *)in, n); | 274 | (unsigned char *)in, n); |
| 265 | inl -= n; | 275 | inl -= n; |
| @@ -292,14 +302,14 @@ enc_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 292 | int i; | 302 | int i; |
| 293 | EVP_CIPHER_CTX **c_ctx; | 303 | EVP_CIPHER_CTX **c_ctx; |
| 294 | 304 | ||
| 295 | ctx = (BIO_ENC_CTX *)b->ptr; | 305 | ctx = b->ptr; |
| 296 | 306 | ||
| 297 | switch (cmd) { | 307 | switch (cmd) { |
| 298 | case BIO_CTRL_RESET: | 308 | case BIO_CTRL_RESET: |
| 299 | ctx->ok = 1; | 309 | ctx->ok = 1; |
| 300 | ctx->finished = 0; | 310 | ctx->finished = 0; |
| 301 | EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL, | 311 | EVP_CipherInit_ex(ctx->cipher_ctx, NULL, NULL, NULL, NULL, |
| 302 | ctx->cipher.encrypt); | 312 | ctx->cipher_ctx->encrypt); |
| 303 | ret = BIO_ctrl(b->next_bio, cmd, num, ptr); | 313 | ret = BIO_ctrl(b->next_bio, cmd, num, ptr); |
| 304 | break; | 314 | break; |
| 305 | case BIO_CTRL_EOF: /* More to read */ | 315 | case BIO_CTRL_EOF: /* More to read */ |
| @@ -320,7 +330,7 @@ enc_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 320 | break; | 330 | break; |
| 321 | case BIO_CTRL_FLUSH: | 331 | case BIO_CTRL_FLUSH: |
| 322 | /* do a final write */ | 332 | /* do a final write */ |
| 323 | again: | 333 | again: |
| 324 | while (ctx->buf_len != ctx->buf_off) { | 334 | while (ctx->buf_len != ctx->buf_off) { |
| 325 | i = enc_write(b, NULL, 0); | 335 | i = enc_write(b, NULL, 0); |
| 326 | if (i < 0) | 336 | if (i < 0) |
| @@ -330,7 +340,7 @@ again: | |||
| 330 | if (!ctx->finished) { | 340 | if (!ctx->finished) { |
| 331 | ctx->finished = 1; | 341 | ctx->finished = 1; |
| 332 | ctx->buf_off = 0; | 342 | ctx->buf_off = 0; |
| 333 | ret = EVP_CipherFinal_ex(&(ctx->cipher), | 343 | ret = EVP_CipherFinal_ex(ctx->cipher_ctx, |
| 334 | (unsigned char *)ctx->buf, | 344 | (unsigned char *)ctx->buf, |
| 335 | &(ctx->buf_len)); | 345 | &(ctx->buf_len)); |
| 336 | ctx->ok = (int)ret; | 346 | ctx->ok = (int)ret; |
| @@ -353,15 +363,14 @@ again: | |||
| 353 | BIO_copy_next_retry(b); | 363 | BIO_copy_next_retry(b); |
| 354 | break; | 364 | break; |
| 355 | case BIO_C_GET_CIPHER_CTX: | 365 | case BIO_C_GET_CIPHER_CTX: |
| 356 | c_ctx = (EVP_CIPHER_CTX **)ptr; | 366 | c_ctx = ptr; |
| 357 | (*c_ctx) = &(ctx->cipher); | 367 | *c_ctx = ctx->cipher_ctx; |
| 358 | b->init = 1; | 368 | b->init = 1; |
| 359 | break; | 369 | break; |
| 360 | case BIO_CTRL_DUP: | 370 | case BIO_CTRL_DUP: |
| 361 | dbio = (BIO *)ptr; | 371 | dbio = ptr; |
| 362 | dctx = (BIO_ENC_CTX *)dbio->ptr; | 372 | dctx = dbio->ptr; |
| 363 | EVP_CIPHER_CTX_legacy_clear(&dctx->cipher); | 373 | ret = EVP_CIPHER_CTX_copy(dctx->cipher_ctx, ctx->cipher_ctx); |
| 364 | ret = EVP_CIPHER_CTX_copy(&dctx->cipher, &ctx->cipher); | ||
| 365 | if (ret) | 374 | if (ret) |
| 366 | dbio->init = 1; | 375 | dbio->init = 1; |
| 367 | break; | 376 | break; |
| @@ -369,7 +378,8 @@ again: | |||
| 369 | ret = BIO_ctrl(b->next_bio, cmd, num, ptr); | 378 | ret = BIO_ctrl(b->next_bio, cmd, num, ptr); |
| 370 | break; | 379 | break; |
| 371 | } | 380 | } |
| 372 | return (ret); | 381 | |
| 382 | return ret; | ||
| 373 | } | 383 | } |
| 374 | 384 | ||
| 375 | static long | 385 | static long |
| @@ -408,7 +418,7 @@ BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, | |||
| 408 | 418 | ||
| 409 | BIO_set_init(b, 1); | 419 | BIO_set_init(b, 1); |
| 410 | 420 | ||
| 411 | if (!EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e)) | 421 | if (!EVP_CipherInit_ex(ctx->cipher_ctx, c, NULL, k, i, e)) |
| 412 | return 0; | 422 | return 0; |
| 413 | 423 | ||
| 414 | if (cb != NULL) | 424 | if (cb != NULL) |