From 9154e84667bc426874bac49d55743f07fd005bc2 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sat, 2 Mar 2024 09:55:30 +0000
Subject: Fix signature and semantics of EVP_{CIPHER,MD}_CTX_init()

When the EVP_CIPHER_CTX and the EVP_MD_CTX were still expected to live
on the stack, these initialization APIs were wrappers around memset.
In OpenSSL 1.1, somebody removed them and carelessly made _init() an
alias of _reset() aka _cleanup(). As a consequence, both signature and
semantics changed.

Unsurprisingly, there is now code out there that actually uses the new
semantics, which causes leaks on LibreSSL and older OpenSSL. This aligns
our _init() with OpenSSL 1.1 semantics.

ok jsing
---
 src/lib/libcrypto/evp/evp_digest.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'src/lib/libcrypto/evp/evp_digest.c')

diff --git a/src/lib/libcrypto/evp/evp_digest.c b/src/lib/libcrypto/evp/evp_digest.c
index 3a349ad0e6..b8eedd429d 100644
--- a/src/lib/libcrypto/evp/evp_digest.c
+++ b/src/lib/libcrypto/evp/evp_digest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_digest.c,v 1.10 2024/02/18 15:45:42 tb Exp $ */
+/* $OpenBSD: evp_digest.c,v 1.11 2024/03/02 09:55:30 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -247,15 +247,15 @@ EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
 }
 
 void
-EVP_MD_CTX_init(EVP_MD_CTX *ctx)
+EVP_MD_CTX_legacy_clear(EVP_MD_CTX *ctx)
 {
 	memset(ctx, 0, sizeof(*ctx));
 }
 
-void
-EVP_MD_CTX_legacy_clear(EVP_MD_CTX *ctx)
+int
+EVP_MD_CTX_init(EVP_MD_CTX *ctx)
 {
-	memset(ctx, 0, sizeof(*ctx));
+	return EVP_MD_CTX_cleanup(ctx);
 }
 
 int
-- 
cgit v1.2.3-55-g6feb