Commit 3e268d27 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files 

Ensure EVP_CipherInit() uses the correct encode/decode parameter if
enc == -1

[Reported by Markus Friedl <markus@openbsd.org>]

Fix typo in dh_lib.c (use of DSAerr instead of DHerr).
parent c46acbac

crypto/dh/dh_lib.c

+1 −1
Original line number Diff line number Diff line
@@ -116,7 +116,7 @@ DH *DH_new_method(ENGINE *engine) 
		{

		if (!ENGINE_init(engine))

			{

			DSAerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);

			DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);

			OPENSSL_free(ret);

			return NULL;

			}

crypto/evp/evp_enc.c

+8 −2
Original line number Diff line number Diff line
@@ -85,7 +85,14 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 
int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,

	     const unsigned char *key, const unsigned char *iv, int enc)

	{

	if(enc && (enc != -1)) enc = 1;

	if (enc == -1)

		enc = ctx->encrypt;

	else

		{

		if (enc)

			enc = 1;

		ctx->encrypt = enc;

		}

	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts

	 * so this context may already have an ENGINE! Try to avoid releasing

	 * the previous handle, re-querying for an ENGINE, and having a
@@ -184,7 +191,6 @@ skip_to_init: 
	if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {

		if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;

	}

	if(enc != -1) ctx->encrypt=enc;

	ctx->buf_len=0;

	ctx->final_used=0;

	ctx->block_mask=ctx->cipher->block_size-1;