From 3ffd50d46144ae89cb26a04218127b0cf3038673 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sun, 10 Sep 2023 16:53:56 +0000
Subject: EVP_CipherInit(): use EVP_CIPHER_CTX_cleanup()

Before EVP_CIPHER_CTX was opaque, callers could pass an uninitialized
ctx into EVP_CipherInit() and calling EVP_CIPHER_CTX_cleanup() on such
a ctx would end in tears.

The only way to initialize a ctx is by way of EVP_CIPHER_CTX_new(), on
which we can call EVP_CIPHER_CTX_cleanup() and avoid silly leaks on ctx
reuse. This also allows some simplifications in the documentation.

There are more changes of this kind that should be done all over libcrypto.
They will be tackled in subsequent commits.

"makes a lot of sense" schwarze
ok jsing
---
 src/lib/libcrypto/evp/evp_enc.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index 27f753baa0..7534b4c9d2 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_enc.c,v 1.52 2023/07/07 19:37:53 beck Exp $ */
+/* $OpenBSD: evp_enc.c,v 1.53 2023/09/10 16:53:56 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -78,8 +78,8 @@ int
 EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
     const unsigned char *key, const unsigned char *iv, int enc)
 {
-	if (cipher)
-		EVP_CIPHER_CTX_init(ctx);
+	if (cipher != NULL)
+		EVP_CIPHER_CTX_cleanup(ctx);
 	return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
 }
 
-- 
cgit v1.2.3-55-g6feb