summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp/evp_enc.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/evp/evp_enc.c')
-rw-r--r--src/lib/libcrypto/evp/evp_enc.c30
1 files changed, 14 insertions, 16 deletions
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index d28a7d266e..32a1c7a2e9 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -102,11 +102,13 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
102 goto skip_to_init; 102 goto skip_to_init;
103 if (cipher) 103 if (cipher)
104 { 104 {
105 /* Ensure an ENGINE left lying around from last time is cleared 105 /* Ensure a context left lying around from last time is cleared
106 * (the previous check attempted to avoid this if the same 106 * (the previous check attempted to avoid this if the same
107 * ENGINE and EVP_CIPHER could be used). */ 107 * ENGINE and EVP_CIPHER could be used). */
108 if(ctx->engine) 108 EVP_CIPHER_CTX_cleanup(ctx);
109 ENGINE_finish(ctx->engine); 109
110 /* Restore encrypt field: it is zeroed by cleanup */
111 ctx->encrypt = enc;
110 if(impl) 112 if(impl)
111 { 113 {
112 if (!ENGINE_init(impl)) 114 if (!ENGINE_init(impl))
@@ -140,6 +142,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
140 } 142 }
141 else 143 else
142 ctx->engine = NULL; 144 ctx->engine = NULL;
145
143 ctx->cipher=cipher; 146 ctx->cipher=cipher;
144 ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); 147 ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
145 ctx->key_len = cipher->key_len; 148 ctx->key_len = cipher->key_len;
@@ -303,7 +306,6 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
303 { 306 {
304 int ret; 307 int ret;
305 ret = EVP_EncryptFinal_ex(ctx, out, outl); 308 ret = EVP_EncryptFinal_ex(ctx, out, outl);
306 EVP_CIPHER_CTX_cleanup(ctx);
307 return ret; 309 return ret;
308 } 310 }
309 311
@@ -314,14 +316,12 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
314 b=ctx->cipher->block_size; 316 b=ctx->cipher->block_size;
315 if (b == 1) 317 if (b == 1)
316 { 318 {
317 EVP_CIPHER_CTX_cleanup(ctx);
318 *outl=0; 319 *outl=0;
319 return 1; 320 return 1;
320 } 321 }
321 bl=ctx->buf_len; 322 bl=ctx->buf_len;
322 if (ctx->flags & EVP_CIPH_NO_PADDING) 323 if (ctx->flags & EVP_CIPH_NO_PADDING)
323 { 324 {
324 EVP_CIPHER_CTX_cleanup(ctx);
325 if(bl) 325 if(bl)
326 { 326 {
327 EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); 327 EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
@@ -336,7 +336,6 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
336 ctx->buf[i]=n; 336 ctx->buf[i]=n;
337 ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b); 337 ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
338 338
339 EVP_CIPHER_CTX_cleanup(ctx);
340 339
341 if(ret) 340 if(ret)
342 *outl=b; 341 *outl=b;
@@ -394,7 +393,6 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
394 { 393 {
395 int ret; 394 int ret;
396 ret = EVP_DecryptFinal_ex(ctx, out, outl); 395 ret = EVP_DecryptFinal_ex(ctx, out, outl);
397 EVP_CIPHER_CTX_cleanup(ctx);
398 return ret; 396 return ret;
399 } 397 }
400 398
@@ -407,7 +405,6 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
407 b=ctx->cipher->block_size; 405 b=ctx->cipher->block_size;
408 if (ctx->flags & EVP_CIPH_NO_PADDING) 406 if (ctx->flags & EVP_CIPH_NO_PADDING)
409 { 407 {
410 EVP_CIPHER_CTX_cleanup(ctx);
411 if(ctx->buf_len) 408 if(ctx->buf_len)
412 { 409 {
413 EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); 410 EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
@@ -420,14 +417,12 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
420 { 417 {
421 if (ctx->buf_len || !ctx->final_used) 418 if (ctx->buf_len || !ctx->final_used)
422 { 419 {
423 EVP_CIPHER_CTX_cleanup(ctx);
424 EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); 420 EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
425 return(0); 421 return(0);
426 } 422 }
427 n=ctx->final[b-1]; 423 n=ctx->final[b-1];
428 if (n > b) 424 if (n > b)
429 { 425 {
430 EVP_CIPHER_CTX_cleanup(ctx);
431 EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); 426 EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
432 return(0); 427 return(0);
433 } 428 }
@@ -435,7 +430,6 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
435 { 430 {
436 if (ctx->final[--b] != n) 431 if (ctx->final[--b] != n)
437 { 432 {
438 EVP_CIPHER_CTX_cleanup(ctx);
439 EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); 433 EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
440 return(0); 434 return(0);
441 } 435 }
@@ -447,17 +441,21 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
447 } 441 }
448 else 442 else
449 *outl=0; 443 *outl=0;
450 EVP_CIPHER_CTX_cleanup(ctx);
451 return(1); 444 return(1);
452 } 445 }
453 446
454int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) 447int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
455 { 448 {
456 if ((c->cipher != NULL) && (c->cipher->cleanup != NULL)) 449 if (c->cipher != NULL)
457 { 450 {
458 if(!c->cipher->cleanup(c)) return 0; 451 if(c->cipher->cleanup && !c->cipher->cleanup(c))
452 return 0;
453 /* Zero cipher context data */
454 if (c->cipher_data)
455 memset(c->cipher_data, 0, c->cipher->ctx_size);
459 } 456 }
460 OPENSSL_free(c->cipher_data); 457 if (c->cipher_data)
458 OPENSSL_free(c->cipher_data);
461 if (c->engine) 459 if (c->engine)
462 /* The EVP_CIPHER we used belongs to an ENGINE, release the 460 /* The EVP_CIPHER we used belongs to an ENGINE, release the
463 * functional reference we held for this reason. */ 461 * functional reference we held for this reason. */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 07:29:35 +0000