Loading apps/speed.c +19 −21 Original line number Diff line number Diff line Loading @@ -1654,7 +1654,7 @@ int speed_main(int argc, char **argv) #endif for (j = 0; j < SIZE_NUM; j++) { if (evp_cipher) { EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX *ctx; int outl; names[D_EVP] = OBJ_nid2ln(evp_cipher->nid); Loading @@ -1664,30 +1664,30 @@ int speed_main(int argc, char **argv) */ print_message(names[D_EVP], save_count, lengths[j]); EVP_CIPHER_CTX_init(&ctx); ctx = EVP_CIPHER_CTX_new(); if (decrypt) EVP_DecryptInit_ex(&ctx, evp_cipher, NULL, key16, iv); EVP_DecryptInit_ex(ctx, evp_cipher, NULL, key16, iv); else EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, key16, iv); EVP_CIPHER_CTX_set_padding(&ctx, 0); EVP_EncryptInit_ex(ctx, evp_cipher, NULL, key16, iv); EVP_CIPHER_CTX_set_padding(ctx, 0); Time_F(START); if (decrypt) for (count = 0, run = 1; COND(save_count * 4 * lengths[0] / lengths[j]); count++) EVP_DecryptUpdate(&ctx, buf, &outl, buf, lengths[j]); EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[j]); else for (count = 0, run = 1; COND(save_count * 4 * lengths[0] / lengths[j]); count++) EVP_EncryptUpdate(&ctx, buf, &outl, buf, lengths[j]); EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[j]); if (decrypt) EVP_DecryptFinal_ex(&ctx, buf, &outl); EVP_DecryptFinal_ex(ctx, buf, &outl); else EVP_EncryptFinal_ex(&ctx, buf, &outl); EVP_EncryptFinal_ex(ctx, buf, &outl); d = Time_F(STOP); EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_free(ctx); } if (evp_md) { names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md)); Loading Loading @@ -2438,14 +2438,14 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) int j, count, num = OSSL_NELEM(lengths); const char *alg_name; unsigned char *inp, *out, no_key[32], no_iv[16]; EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX *ctx; double d = 0.0; inp = app_malloc(mblengths[num - 1], "multiblock input buffer"); out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer"); EVP_CIPHER_CTX_init(&ctx); EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, no_key, no_iv); EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key), ctx = EVP_CIPHER_CTX_new(); EVP_EncryptInit_ex(ctx, evp_cipher, NULL, no_key, no_iv); EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key), no_key); alg_name = OBJ_nid2ln(evp_cipher->nid); Loading @@ -2469,16 +2469,14 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) mb_param.len = len; mb_param.interleave = 8; packlen = EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD, packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD, sizeof(mb_param), &mb_param); if (packlen > 0) { mb_param.out = out; mb_param.inp = inp; mb_param.len = len; EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT, EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT, sizeof(mb_param), &mb_param); } else { int pad; Loading @@ -2487,10 +2485,9 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) len += 16; aad[11] = len >> 8; aad[12] = len; pad = EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_AEAD_TLS1_AAD, pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, EVP_AEAD_TLS1_AAD_LEN, aad); EVP_Cipher(&ctx, out, inp, len + pad); EVP_Cipher(ctx, out, inp, len + pad); } } d = Time_F(STOP); Loading Loading @@ -2528,4 +2525,5 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) OPENSSL_free(inp); OPENSSL_free(out); EVP_CIPHER_CTX_free(ctx); } crypto/asn1/p5_pbev2.c +10 −7 Original line number Diff line number Diff line Loading @@ -93,7 +93,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, { X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; int alg_nid, keylen; EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX *ctx = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; PBE2PARAM *pbe2 = NULL; ASN1_OBJECT *obj; Loading Loading @@ -123,14 +123,15 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, goto err; } EVP_CIPHER_CTX_init(&ctx); ctx = EVP_CIPHER_CTX_new(); if (ctx == NULL) goto merr; /* Dummy cipherinit to just setup the IV, and PRF */ if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0)) if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0)) goto err; if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) { ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); EVP_CIPHER_CTX_cleanup(&ctx); goto err; } /* Loading @@ -138,11 +139,12 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, * here: just means use default PRF. */ if ((prf_nid == -1) && EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { ERR_clear_error(); prf_nid = NID_hmacWithSHA1; } EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_free(ctx); ctx = NULL; /* If its RC2 then we'd better setup the key length */ Loading Loading @@ -182,6 +184,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE); err: EVP_CIPHER_CTX_free(ctx); PBE2PARAM_free(pbe2); /* Note 'scheme' is freed as part of pbe2 */ X509_ALGOR_free(kalg); Loading crypto/asn1/p5_scrypt.c +9 −6 Original line number Diff line number Diff line Loading @@ -103,7 +103,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; int alg_nid; size_t keylen = 0; EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX *ctx = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; PBE2PARAM *pbe2 = NULL; ASN1_OBJECT *obj; Loading Loading @@ -146,18 +146,20 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, goto err; } EVP_CIPHER_CTX_init(&ctx); ctx = EVP_CIPHER_CTX_new(); if (ctx == NULL) goto merr; /* Dummy cipherinit to just setup the IV */ if (EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0) == 0) if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0) == 0) goto err; if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) { ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); EVP_CIPHER_CTX_cleanup(&ctx); goto err; } EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_free(ctx); ctx = NULL; /* If its RC2 then we'd better setup the key length */ Loading Loading @@ -199,6 +201,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, PBE2PARAM_free(pbe2); X509_ALGOR_free(kalg); X509_ALGOR_free(ret); EVP_CIPHER_CTX_free(ctx); return NULL; Loading crypto/cmac/cmac.c +25 −21 Original line number Diff line number Diff line Loading @@ -60,7 +60,7 @@ struct CMAC_CTX_st { /* Cipher context to use */ EVP_CIPHER_CTX cctx; EVP_CIPHER_CTX *cctx; /* Keys k1 and k2 */ unsigned char k1[EVP_MAX_BLOCK_LENGTH]; unsigned char k2[EVP_MAX_BLOCK_LENGTH]; Loading Loading @@ -94,14 +94,18 @@ CMAC_CTX *CMAC_CTX_new(void) ctx = OPENSSL_malloc(sizeof(*ctx)); if (ctx == NULL) return NULL; EVP_CIPHER_CTX_init(&ctx->cctx); ctx->cctx = EVP_CIPHER_CTX_new(); if (ctx->cctx == NULL) { OPENSSL_free(ctx); return NULL; } ctx->nlast_block = -1; return ctx; } void CMAC_CTX_cleanup(CMAC_CTX *ctx) { EVP_CIPHER_CTX_cleanup(&ctx->cctx); EVP_CIPHER_CTX_free(ctx->cctx); OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH); OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH); OPENSSL_cleanse(ctx->k2, EVP_MAX_BLOCK_LENGTH); Loading @@ -111,7 +115,7 @@ void CMAC_CTX_cleanup(CMAC_CTX *ctx) EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) { return &ctx->cctx; return ctx->cctx; } void CMAC_CTX_free(CMAC_CTX *ctx) Loading @@ -127,9 +131,9 @@ int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) int bl; if (in->nlast_block == -1) return 0; if (!EVP_CIPHER_CTX_copy(&out->cctx, &in->cctx)) if (!EVP_CIPHER_CTX_copy(out->cctx, in->cctx)) return 0; bl = M_EVP_CIPHER_CTX_block_size(&in->cctx); bl = EVP_CIPHER_CTX_block_size(in->cctx); memcpy(out->k1, in->k1, bl); memcpy(out->k2, in->k2, bl); memcpy(out->tbl, in->tbl, bl); Loading @@ -147,32 +151,32 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, /* Not initialised */ if (ctx->nlast_block == -1) return 0; if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv)) return 0; memset(ctx->tbl, 0, M_EVP_CIPHER_CTX_block_size(&ctx->cctx)); memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(ctx->cctx)); ctx->nlast_block = 0; return 1; } /* Initialiase context */ if (cipher && !M_EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL)) if (cipher && !EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL)) return 0; /* Non-NULL key means initialisation complete */ if (key) { int bl; if (!M_EVP_CIPHER_CTX_cipher(&ctx->cctx)) if (!EVP_CIPHER_CTX_cipher(ctx->cctx)) return 0; if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen)) if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen)) return 0; if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv)) if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv)) return 0; bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx); if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl)) bl = EVP_CIPHER_CTX_block_size(ctx->cctx); if (!EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl)) return 0; make_kn(ctx->k1, ctx->tbl, bl); make_kn(ctx->k2, ctx->k1, bl); OPENSSL_cleanse(ctx->tbl, bl); /* Reset context again ready for first data block */ if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv)) return 0; /* Zero tbl so resume works */ memset(ctx->tbl, 0, bl); Loading @@ -189,7 +193,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) return 0; if (dlen == 0) return 1; bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx); bl = EVP_CIPHER_CTX_block_size(ctx->cctx); /* Copy into partial block if we need to */ if (ctx->nlast_block > 0) { size_t nleft; Loading @@ -204,12 +208,12 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) return 1; data += nleft; /* Else not final block so encrypt it */ if (!EVP_Cipher(&ctx->cctx, ctx->tbl, ctx->last_block, bl)) if (!EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl)) return 0; } /* Encrypt all but one of the complete blocks left */ while (dlen > bl) { if (!EVP_Cipher(&ctx->cctx, ctx->tbl, data, bl)) if (!EVP_Cipher(ctx->cctx, ctx->tbl, data, bl)) return 0; dlen -= bl; data += bl; Loading @@ -226,7 +230,7 @@ int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) int i, bl, lb; if (ctx->nlast_block == -1) return 0; bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx); bl = EVP_CIPHER_CTX_block_size(ctx->cctx); *poutlen = (size_t)bl; if (!out) return 1; Loading @@ -242,7 +246,7 @@ int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) for (i = 0; i < bl; i++) out[i] = ctx->last_block[i] ^ ctx->k2[i]; } if (!EVP_Cipher(&ctx->cctx, out, out, bl)) { if (!EVP_Cipher(ctx->cctx, out, out, bl)) { OPENSSL_cleanse(out, bl); return 0; } Loading @@ -260,5 +264,5 @@ int CMAC_resume(CMAC_CTX *ctx) * decrypted block will allow CMAC to continue after calling * CMAC_Final(). */ return M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl); return M_EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, ctx->tbl); } crypto/cms/cms_asn1.c +5 −3 Original line number Diff line number Diff line Loading @@ -194,12 +194,14 @@ static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, { CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval; if (operation == ASN1_OP_NEW_POST) { EVP_CIPHER_CTX_init(&kari->ctx); EVP_CIPHER_CTX_set_flags(&kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); kari->ctx = EVP_CIPHER_CTX_new(); if (kari->ctx == NULL) return 0; EVP_CIPHER_CTX_set_flags(kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); kari->pctx = NULL; } else if (operation == ASN1_OP_FREE_POST) { EVP_PKEY_CTX_free(kari->pctx); EVP_CIPHER_CTX_cleanup(&kari->ctx); EVP_CIPHER_CTX_free(kari->ctx); } return 1; } Loading Loading
apps/speed.c +19 −21 Original line number Diff line number Diff line Loading @@ -1654,7 +1654,7 @@ int speed_main(int argc, char **argv) #endif for (j = 0; j < SIZE_NUM; j++) { if (evp_cipher) { EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX *ctx; int outl; names[D_EVP] = OBJ_nid2ln(evp_cipher->nid); Loading @@ -1664,30 +1664,30 @@ int speed_main(int argc, char **argv) */ print_message(names[D_EVP], save_count, lengths[j]); EVP_CIPHER_CTX_init(&ctx); ctx = EVP_CIPHER_CTX_new(); if (decrypt) EVP_DecryptInit_ex(&ctx, evp_cipher, NULL, key16, iv); EVP_DecryptInit_ex(ctx, evp_cipher, NULL, key16, iv); else EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, key16, iv); EVP_CIPHER_CTX_set_padding(&ctx, 0); EVP_EncryptInit_ex(ctx, evp_cipher, NULL, key16, iv); EVP_CIPHER_CTX_set_padding(ctx, 0); Time_F(START); if (decrypt) for (count = 0, run = 1; COND(save_count * 4 * lengths[0] / lengths[j]); count++) EVP_DecryptUpdate(&ctx, buf, &outl, buf, lengths[j]); EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[j]); else for (count = 0, run = 1; COND(save_count * 4 * lengths[0] / lengths[j]); count++) EVP_EncryptUpdate(&ctx, buf, &outl, buf, lengths[j]); EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[j]); if (decrypt) EVP_DecryptFinal_ex(&ctx, buf, &outl); EVP_DecryptFinal_ex(ctx, buf, &outl); else EVP_EncryptFinal_ex(&ctx, buf, &outl); EVP_EncryptFinal_ex(ctx, buf, &outl); d = Time_F(STOP); EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_free(ctx); } if (evp_md) { names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md)); Loading Loading @@ -2438,14 +2438,14 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) int j, count, num = OSSL_NELEM(lengths); const char *alg_name; unsigned char *inp, *out, no_key[32], no_iv[16]; EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX *ctx; double d = 0.0; inp = app_malloc(mblengths[num - 1], "multiblock input buffer"); out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer"); EVP_CIPHER_CTX_init(&ctx); EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, no_key, no_iv); EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key), ctx = EVP_CIPHER_CTX_new(); EVP_EncryptInit_ex(ctx, evp_cipher, NULL, no_key, no_iv); EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key), no_key); alg_name = OBJ_nid2ln(evp_cipher->nid); Loading @@ -2469,16 +2469,14 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) mb_param.len = len; mb_param.interleave = 8; packlen = EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD, packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD, sizeof(mb_param), &mb_param); if (packlen > 0) { mb_param.out = out; mb_param.inp = inp; mb_param.len = len; EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT, EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT, sizeof(mb_param), &mb_param); } else { int pad; Loading @@ -2487,10 +2485,9 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) len += 16; aad[11] = len >> 8; aad[12] = len; pad = EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_AEAD_TLS1_AAD, pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, EVP_AEAD_TLS1_AAD_LEN, aad); EVP_Cipher(&ctx, out, inp, len + pad); EVP_Cipher(ctx, out, inp, len + pad); } } d = Time_F(STOP); Loading Loading @@ -2528,4 +2525,5 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) OPENSSL_free(inp); OPENSSL_free(out); EVP_CIPHER_CTX_free(ctx); }
crypto/asn1/p5_pbev2.c +10 −7 Original line number Diff line number Diff line Loading @@ -93,7 +93,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, { X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; int alg_nid, keylen; EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX *ctx = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; PBE2PARAM *pbe2 = NULL; ASN1_OBJECT *obj; Loading Loading @@ -123,14 +123,15 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, goto err; } EVP_CIPHER_CTX_init(&ctx); ctx = EVP_CIPHER_CTX_new(); if (ctx == NULL) goto merr; /* Dummy cipherinit to just setup the IV, and PRF */ if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0)) if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0)) goto err; if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) { ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); EVP_CIPHER_CTX_cleanup(&ctx); goto err; } /* Loading @@ -138,11 +139,12 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, * here: just means use default PRF. */ if ((prf_nid == -1) && EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { ERR_clear_error(); prf_nid = NID_hmacWithSHA1; } EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_free(ctx); ctx = NULL; /* If its RC2 then we'd better setup the key length */ Loading Loading @@ -182,6 +184,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE); err: EVP_CIPHER_CTX_free(ctx); PBE2PARAM_free(pbe2); /* Note 'scheme' is freed as part of pbe2 */ X509_ALGOR_free(kalg); Loading
crypto/asn1/p5_scrypt.c +9 −6 Original line number Diff line number Diff line Loading @@ -103,7 +103,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; int alg_nid; size_t keylen = 0; EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX *ctx = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; PBE2PARAM *pbe2 = NULL; ASN1_OBJECT *obj; Loading Loading @@ -146,18 +146,20 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, goto err; } EVP_CIPHER_CTX_init(&ctx); ctx = EVP_CIPHER_CTX_new(); if (ctx == NULL) goto merr; /* Dummy cipherinit to just setup the IV */ if (EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0) == 0) if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0) == 0) goto err; if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) { ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); EVP_CIPHER_CTX_cleanup(&ctx); goto err; } EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_free(ctx); ctx = NULL; /* If its RC2 then we'd better setup the key length */ Loading Loading @@ -199,6 +201,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, PBE2PARAM_free(pbe2); X509_ALGOR_free(kalg); X509_ALGOR_free(ret); EVP_CIPHER_CTX_free(ctx); return NULL; Loading
crypto/cmac/cmac.c +25 −21 Original line number Diff line number Diff line Loading @@ -60,7 +60,7 @@ struct CMAC_CTX_st { /* Cipher context to use */ EVP_CIPHER_CTX cctx; EVP_CIPHER_CTX *cctx; /* Keys k1 and k2 */ unsigned char k1[EVP_MAX_BLOCK_LENGTH]; unsigned char k2[EVP_MAX_BLOCK_LENGTH]; Loading Loading @@ -94,14 +94,18 @@ CMAC_CTX *CMAC_CTX_new(void) ctx = OPENSSL_malloc(sizeof(*ctx)); if (ctx == NULL) return NULL; EVP_CIPHER_CTX_init(&ctx->cctx); ctx->cctx = EVP_CIPHER_CTX_new(); if (ctx->cctx == NULL) { OPENSSL_free(ctx); return NULL; } ctx->nlast_block = -1; return ctx; } void CMAC_CTX_cleanup(CMAC_CTX *ctx) { EVP_CIPHER_CTX_cleanup(&ctx->cctx); EVP_CIPHER_CTX_free(ctx->cctx); OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH); OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH); OPENSSL_cleanse(ctx->k2, EVP_MAX_BLOCK_LENGTH); Loading @@ -111,7 +115,7 @@ void CMAC_CTX_cleanup(CMAC_CTX *ctx) EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) { return &ctx->cctx; return ctx->cctx; } void CMAC_CTX_free(CMAC_CTX *ctx) Loading @@ -127,9 +131,9 @@ int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) int bl; if (in->nlast_block == -1) return 0; if (!EVP_CIPHER_CTX_copy(&out->cctx, &in->cctx)) if (!EVP_CIPHER_CTX_copy(out->cctx, in->cctx)) return 0; bl = M_EVP_CIPHER_CTX_block_size(&in->cctx); bl = EVP_CIPHER_CTX_block_size(in->cctx); memcpy(out->k1, in->k1, bl); memcpy(out->k2, in->k2, bl); memcpy(out->tbl, in->tbl, bl); Loading @@ -147,32 +151,32 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, /* Not initialised */ if (ctx->nlast_block == -1) return 0; if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv)) return 0; memset(ctx->tbl, 0, M_EVP_CIPHER_CTX_block_size(&ctx->cctx)); memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(ctx->cctx)); ctx->nlast_block = 0; return 1; } /* Initialiase context */ if (cipher && !M_EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL)) if (cipher && !EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL)) return 0; /* Non-NULL key means initialisation complete */ if (key) { int bl; if (!M_EVP_CIPHER_CTX_cipher(&ctx->cctx)) if (!EVP_CIPHER_CTX_cipher(ctx->cctx)) return 0; if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen)) if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen)) return 0; if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv)) if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv)) return 0; bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx); if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl)) bl = EVP_CIPHER_CTX_block_size(ctx->cctx); if (!EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl)) return 0; make_kn(ctx->k1, ctx->tbl, bl); make_kn(ctx->k2, ctx->k1, bl); OPENSSL_cleanse(ctx->tbl, bl); /* Reset context again ready for first data block */ if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv)) return 0; /* Zero tbl so resume works */ memset(ctx->tbl, 0, bl); Loading @@ -189,7 +193,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) return 0; if (dlen == 0) return 1; bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx); bl = EVP_CIPHER_CTX_block_size(ctx->cctx); /* Copy into partial block if we need to */ if (ctx->nlast_block > 0) { size_t nleft; Loading @@ -204,12 +208,12 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) return 1; data += nleft; /* Else not final block so encrypt it */ if (!EVP_Cipher(&ctx->cctx, ctx->tbl, ctx->last_block, bl)) if (!EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl)) return 0; } /* Encrypt all but one of the complete blocks left */ while (dlen > bl) { if (!EVP_Cipher(&ctx->cctx, ctx->tbl, data, bl)) if (!EVP_Cipher(ctx->cctx, ctx->tbl, data, bl)) return 0; dlen -= bl; data += bl; Loading @@ -226,7 +230,7 @@ int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) int i, bl, lb; if (ctx->nlast_block == -1) return 0; bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx); bl = EVP_CIPHER_CTX_block_size(ctx->cctx); *poutlen = (size_t)bl; if (!out) return 1; Loading @@ -242,7 +246,7 @@ int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) for (i = 0; i < bl; i++) out[i] = ctx->last_block[i] ^ ctx->k2[i]; } if (!EVP_Cipher(&ctx->cctx, out, out, bl)) { if (!EVP_Cipher(ctx->cctx, out, out, bl)) { OPENSSL_cleanse(out, bl); return 0; } Loading @@ -260,5 +264,5 @@ int CMAC_resume(CMAC_CTX *ctx) * decrypted block will allow CMAC to continue after calling * CMAC_Final(). */ return M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl); return M_EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, ctx->tbl); }
crypto/cms/cms_asn1.c +5 −3 Original line number Diff line number Diff line Loading @@ -194,12 +194,14 @@ static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, { CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval; if (operation == ASN1_OP_NEW_POST) { EVP_CIPHER_CTX_init(&kari->ctx); EVP_CIPHER_CTX_set_flags(&kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); kari->ctx = EVP_CIPHER_CTX_new(); if (kari->ctx == NULL) return 0; EVP_CIPHER_CTX_set_flags(kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); kari->pctx = NULL; } else if (operation == ASN1_OP_FREE_POST) { EVP_PKEY_CTX_free(kari->pctx); EVP_CIPHER_CTX_cleanup(&kari->ctx); EVP_CIPHER_CTX_free(kari->ctx); } return 1; } Loading
Rich Salz <rsalz@openssl.org>