diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/doc/EVP_EncryptInit.pod | 12 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/evp_enc.c | 18 | 
2 files changed, 23 insertions, 7 deletions
| diff --git a/src/lib/libcrypto/doc/EVP_EncryptInit.pod b/src/lib/libcrypto/doc/EVP_EncryptInit.pod index 02d02ba5f5..e72c101c94 100644 --- a/src/lib/libcrypto/doc/EVP_EncryptInit.pod +++ b/src/lib/libcrypto/doc/EVP_EncryptInit.pod | |||
| @@ -23,7 +23,7 @@ EVP_des_ede3_cfb, EVP_desx_cbc, EVP_rc4, EVP_rc4_40, EVP_idea_cbc, | |||
| 23 | EVP_idea_ecb, EVP_idea_cfb, EVP_idea_ofb, EVP_idea_cbc, EVP_rc2_cbc, | 23 | EVP_idea_ecb, EVP_idea_cfb, EVP_idea_ofb, EVP_idea_cbc, EVP_rc2_cbc, | 
| 24 | EVP_rc2_ecb, EVP_rc2_cfb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc, | 24 | EVP_rc2_ecb, EVP_rc2_cfb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc, | 
| 25 | EVP_bf_cbc, EVP_bf_ecb, EVP_bf_cfb, EVP_bf_ofb, EVP_cast5_cbc, | 25 | EVP_bf_cbc, EVP_bf_ecb, EVP_bf_cfb, EVP_bf_ofb, EVP_cast5_cbc, | 
| 26 | EVP_cast5_ecb, EVP_cast5_cfb, EVP_cast5_ofb, | 26 | EVP_cast5_ecb, EVP_cast5_cfb, EVP_cast5_ofb, | 
| 27 | EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ccm, | 27 | EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ccm, | 
| 28 | EVP_aes_192_ccm, EVP_aes_256_ccm, EVP_rc5_32_12_16_cbc, | 28 | EVP_aes_192_ccm, EVP_aes_256_ccm, EVP_rc5_32_12_16_cbc, | 
| 29 | EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_ofb | 29 | EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_ofb | 
| @@ -168,9 +168,13 @@ initialized and they always use the default cipher implementation. | |||
| 168 | 168 | ||
| 169 | EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() are | 169 | EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() are | 
| 170 | identical to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and | 170 | identical to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and | 
| 171 | EVP_CipherFinal_ex(). In previous releases they also used to clean up | 171 | EVP_CipherFinal_ex(). In previous releases of OpenSSL they also used to clean | 
| 172 | the B<ctx>, but this is no longer done and EVP_CIPHER_CTX_clean() | 172 | up the B<ctx>, but this is no longer done and EVP_CIPHER_CTX_clean() | 
| 173 | must be called to free any context resources. | 173 | must be called to free any context resources. As of LibreSSL 2.4, | 
| 174 | EVP_EncryptFinal() and EVP_DecryptFinal() will always clean up, and | ||
| 175 | EVP_CipherFinal() also cleans up as of LibreSSL 2.5. The use of | ||
| 176 | EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() is not | ||
| 177 | recommended. | ||
| 174 | 178 | ||
| 175 | EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() | 179 | EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() | 
| 176 | return an EVP_CIPHER structure when passed a cipher name, a NID or an | 180 | return an EVP_CIPHER structure when passed a cipher name, a NID or an | 
| diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index f8d2cb78d4..c89f69c9a2 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: evp_enc.c,v 1.31 2016/05/30 13:42:54 beck Exp $ */ | 1 | /* $OpenBSD: evp_enc.c,v 1.32 2016/09/03 14:54:25 bcook Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -260,13 +260,19 @@ EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
| 260 | return EVP_DecryptFinal_ex(ctx, out, outl); | 260 | return EVP_DecryptFinal_ex(ctx, out, outl); | 
| 261 | } | 261 | } | 
| 262 | 262 | ||
| 263 | __warn_references(EVP_CipherFinal, | ||
| 264 | "warning: EVP_CipherFinal is often misused, please use EVP_CipherFinal_ex and EVP_CIPHER_CTX_cleanup"); | ||
| 265 | |||
| 263 | int | 266 | int | 
| 264 | EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | 267 | EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | 
| 265 | { | 268 | { | 
| 269 | int ret; | ||
| 266 | if (ctx->encrypt) | 270 | if (ctx->encrypt) | 
| 267 | return EVP_EncryptFinal_ex(ctx, out, outl); | 271 | ret = EVP_EncryptFinal_ex(ctx, out, outl); | 
| 268 | else | 272 | else | 
| 269 | return EVP_DecryptFinal_ex(ctx, out, outl); | 273 | ret = EVP_DecryptFinal_ex(ctx, out, outl); | 
| 274 | (void) EVP_CIPHER_CTX_cleanup(ctx); | ||
| 275 | return ret; | ||
| 270 | } | 276 | } | 
| 271 | 277 | ||
| 272 | int | 278 | int | 
| @@ -365,6 +371,9 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, | |||
| 365 | return 1; | 371 | return 1; | 
| 366 | } | 372 | } | 
| 367 | 373 | ||
| 374 | __warn_references(EVP_EncryptFinal, | ||
| 375 | "warning: EVP_EncryptFinal is often misused, please use EVP_EncryptFinal_ex and EVP_CIPHER_CTX_cleanup"); | ||
| 376 | |||
| 368 | int | 377 | int | 
| 369 | EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | 378 | EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | 
| 370 | { | 379 | { | 
| @@ -479,6 +488,9 @@ EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, | |||
| 479 | return 1; | 488 | return 1; | 
| 480 | } | 489 | } | 
| 481 | 490 | ||
| 491 | __warn_references(EVP_DecryptFinal, | ||
| 492 | "warning: EVP_DecryptFinal is often misused, please use EVP_DecryptFinal_ex and EVP_CIPHER_CTX_cleanup"); | ||
| 493 | |||
| 482 | int | 494 | int | 
| 483 | EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | 495 | EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | 
| 484 | { | 496 | { | 
