Make EVP_CIPHER_CTX opaque and renew the creator / destructor functions (8baf9968) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/evp/evp_enc.c

+28 −36

Original line number	Diff line number	Diff line
		@@ -66,17 +66,39 @@
		#endif
		#include "evp_locl.h"

		void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
		int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
		{
		memset(ctx, 0, sizeof(*ctx));
		if (c == NULL)
		return 1;
		if (c->cipher != NULL) {
		if (c->cipher->cleanup && !c->cipher->cleanup(c))
		return 0;
		/* Cleanse cipher context data */
		if (c->cipher_data && c->cipher->ctx_size)
		OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
		}
		OPENSSL_free(c->cipher_data);
		#ifndef OPENSSL_NO_ENGINE
		if (c->engine)
		/*
		* The EVP_CIPHER we used belongs to an ENGINE, release the
		* functional reference we held for this reason.
		*/
		ENGINE_finish(c->engine);
		#endif
		memset(c, 0, sizeof(*c));
		return 1;
		}

		EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
		{
		EVP_CIPHER_CTX ctx = OPENSSL_malloc(sizeof(ctx));
		if (ctx != NULL)
		EVP_CIPHER_CTX_init(ctx);
		return ctx;
		return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
		}

		void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
		{
		EVP_CIPHER_CTX_reset(ctx);
		OPENSSL_free(ctx);
		}

		int EVP_CipherInit(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher,
		@@ -515,36 +537,6 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
		return (1);
		}

		void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
		{
		EVP_CIPHER_CTX_cleanup(ctx);
		OPENSSL_free(ctx);
		}

		int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
		{
		if (!c)
		return 0;
		if (c->cipher != NULL) {
		if (c->cipher->cleanup && !c->cipher->cleanup(c))
		return 0;
		/* Cleanse cipher context data */
		if (c->cipher_data && c->cipher->ctx_size)
		OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
		}
		OPENSSL_free(c->cipher_data);
		#ifndef OPENSSL_NO_ENGINE
		if (c->engine)
		/*
		* The EVP_CIPHER we used belongs to an ENGINE, release the
		* functional reference we held for this reason.
		*/
		ENGINE_finish(c->engine);
		#endif
		memset(c, 0, sizeof(*c));
		return 1;
		}

		int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
		{
		if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)

crypto/evp/evp_locl.h

+20 −0

Original line number	Diff line number	Diff line
		@@ -71,6 +71,26 @@ struct evp_md_ctx_st {
		int (update) (EVP_MD_CTX ctx, const void *data, size_t count);
		} /* EVP_MD_CTX */ ;

		struct evp_cipher_ctx_st {
		const EVP_CIPHER *cipher;
		ENGINE engine; / functional reference if 'cipher' is
		* ENGINE-provided */
		int encrypt; /* encrypt or decrypt */
		int buf_len; /* number we have left */
		unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */
		unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */
		unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */
		int num; /* used by cfb/ofb/ctr mode */
		/* FIXME: Should this even exist? It appears unused */
		void app_data; / application stuff */
		int key_len; /* May change for variable length cipher */
		unsigned long flags; /* Various flags */
		void cipher_data; / per EVP data */
		int final_used;
		int block_mask;
		unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
		} /* EVP_CIPHER_CTX */ ;

		/* Macros to code block cipher wrappers */

		/* Wrapper functions for each cipher mode */

include/openssl/evp.h

+3 −21

Original line number	Diff line number	Diff line
		@@ -428,24 +428,6 @@ typedef struct evp_cipher_info_st {
		unsigned char iv[EVP_MAX_IV_LENGTH];
		} EVP_CIPHER_INFO;

		struct evp_cipher_ctx_st {
		const EVP_CIPHER *cipher;
		ENGINE engine; / functional reference if 'cipher' is
		* ENGINE-provided */
		int encrypt; /* encrypt or decrypt */
		int buf_len; /* number we have left */
		unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */
		unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */
		unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */
		int num; /* used by cfb/ofb/ctr mode */
		void app_data; / application stuff */
		int key_len; /* May change for variable length cipher */
		unsigned long flags; /* Various flags */
		void cipher_data; / per EVP data */
		int final_used;
		int block_mask;
		unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
		} /* EVP_CIPHER_CTX */ ;

		/* Password based encryption function */
		typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX ctx, const char pass,
		@@ -703,10 +685,10 @@ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
		char out, int outl);
		int EVP_DecodeBlock(unsigned char t, const unsigned char f, int n);

		void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
		int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
		EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
		void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a);
		int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c);
		void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c);
		#define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset((c))
		int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
		int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
		int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX ctx, int type, int arg, void ptr);