EVP_DecryptInit() should call EVP_CipherInit() not EVP_CipherInit_ex().

[openssl.git] / crypto / evp / evp_enc.c

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 32a1c7a2e946a8ecfed44e1613af8797ba3661cf..ccfcc7e1b15ba815daad602608af989f1e979540 100644 (file)
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -63,8 +63,6 @@
 #include <openssl/engine.h>
 #include "evp_locl.h"
 
-#include <assert.h>
-
 const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
 
 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
@@ -163,9 +161,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                }
 skip_to_init:
        /* we assume block size is a power of 2 in *cryptUpdate */
-       assert(ctx->cipher->block_size == 1
-              || ctx->cipher->block_size == 8
-              || ctx->cipher->block_size == 16);
+       OPENSSL_assert(ctx->cipher->block_size == 1
+           || ctx->cipher->block_size == 8
+           || ctx->cipher->block_size == 16);
 
        if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
                switch(EVP_CIPHER_CTX_mode(ctx)) {
@@ -181,6 +179,7 @@ skip_to_init:
 
                        case EVP_CIPH_CBC_MODE:
 
+                       OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv);
                        if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
                        memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
                        break;
@@ -237,7 +236,7 @@ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *imp
 int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
             const unsigned char *key, const unsigned char *iv)
        {
-       return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0);
+       return EVP_CipherInit(ctx, cipher, key, iv, 0);
        }
 
 int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
@@ -251,6 +250,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        {
        int i,j,bl;
 
+       OPENSSL_assert(inl > 0);
        if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
                {
                if(ctx->cipher->do_cipher(ctx,out,in,inl))
@@ -266,6 +266,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                }
        i=ctx->buf_len;
        bl=ctx->cipher->block_size;
+       OPENSSL_assert(bl <= sizeof ctx->buf);
        if (i != 0)
                {
                if (i+inl < bl)
@@ -314,6 +315,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        int i,n,b,bl,ret;
 
        b=ctx->cipher->block_size;
+       OPENSSL_assert(b <= sizeof ctx->buf);
        if (b == 1)
                {
                *outl=0;
@@ -358,6 +360,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                return EVP_EncryptUpdate(ctx, out, outl, in, inl);
 
        b=ctx->cipher->block_size;
+       OPENSSL_assert(b <= sizeof ctx->final);
 
        if(ctx->final_used)
                {
@@ -420,6 +423,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
                        EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
                        return(0);
                        }
+               OPENSSL_assert(b <= sizeof ctx->final);
                n=ctx->final[b-1];
                if (n > b)
                        {
@@ -450,9 +454,9 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
                {
                if(c->cipher->cleanup && !c->cipher->cleanup(c))
                        return 0;
-               /* Zero cipher context data */
+               /* Cleanse cipher context data */
                if (c->cipher_data)
-                       memset(c->cipher_data, 0, c->cipher->ctx_size);
+                       OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
                }
        if (c->cipher_data)
                OPENSSL_free(c->cipher_data);