Modify EVP cipher behaviour in a similar way
authorDr. Stephen Henson <steve@openssl.org>
Wed, 17 Oct 2001 00:37:12 +0000 (00:37 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 17 Oct 2001 00:37:12 +0000 (00:37 +0000)
to digests to retain compatibility.

27 files changed:
CHANGES
apps/speed.c
crypto/asn1/n_pkey.c
crypto/asn1/p5_pbev2.c
crypto/evp/bio_enc.c
crypto/evp/e_rc2.c
crypto/evp/evp.h
crypto/evp/evp_enc.c
crypto/evp/evp_test.c
crypto/evp/p5_crpt.c
crypto/evp/p5_crpt2.c
crypto/evp/p_open.c
crypto/evp/p_seal.c
crypto/pem/pem_lib.c
crypto/pem/pem_seal.c
crypto/pkcs12/p12_crpt.c
crypto/pkcs12/p12_decr.c
crypto/pkcs7/bio_ber.c
crypto/pkcs7/pk7_doit.c
demos/maurice/example1.c
demos/maurice/example3.c
ssl/kssl.c
ssl/s2_enc.c
ssl/s3_clnt.c
ssl/s3_enc.c
ssl/s3_srvr.c
ssl/t1_enc.c

diff --git a/CHANGES b/CHANGES
index 0cdc0f5..b544a62 100644 (file)
--- a/CHANGES
+++ b/CHANGES
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  +) Modify the behaviour of EVP cipher functions in similar way to digests
+     to retain compatibility with existing code.
+     [Steve Henson]
+
   +) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain
      compatibility with existing code. In particular the 'ctx' parameter is
      not assumed to be valid before the call to EVP_DigestInit() and it is tidied
index 3c359e3..dec893d 100644 (file)
@@ -1216,9 +1216,9 @@ int MAIN(int argc, char **argv)
                        print_message(names[D_EVP],save_count,
                                                  lengths[j]);
                        if(decrypt)
-                               EVP_DecryptInit(&ctx,evp,key16,iv);
+                               EVP_DecryptInit_ex(&ctx,evp,NULL,key16,iv);
                        else
-                               EVP_EncryptInit(&ctx,evp,key16,iv);
+                               EVP_EncryptInit_ex(&ctx,evp,NULL,key16,iv);
                                
                        Time_F(START,usertime);
                        if(decrypt)
@@ -1228,9 +1228,9 @@ int MAIN(int argc, char **argv)
                                for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
                                        EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
                        if(decrypt)
-                               EVP_DecryptFinal(&ctx,buf,&outl);
+                               EVP_DecryptFinal_ex(&ctx,buf,&outl);
                        else
-                               EVP_EncryptFinal(&ctx,buf,&outl);
+                               EVP_EncryptFinal_ex(&ctx,buf,&outl);
                        d=Time_F(STOP,usertime);
                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                           count,names[D_EVP],d);
index 7a1d9ba..49f80ff 100644 (file)
@@ -207,9 +207,9 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
        /* Encrypt private key in place */
        zz = enckey->enckey->digest->data;
        EVP_CIPHER_CTX_init(&ctx);
-       EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
+       EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
        EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
-       EVP_EncryptFinal(&ctx,zz + i,&j);
+       EVP_EncryptFinal_ex(&ctx,zz + i,&j);
        EVP_CIPHER_CTX_cleanup(&ctx);
 
        ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
@@ -293,9 +293,9 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
        memset(buf,0,256);
 
        EVP_CIPHER_CTX_init(&ctx);
-       EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+       EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
        EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
-       EVP_DecryptFinal(&ctx,&(os->data[i]),&j);
+       EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
        EVP_CIPHER_CTX_cleanup(&ctx);
        os->length=i+j;
 
index cd597ff..43dfe09 100644 (file)
@@ -117,7 +117,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
                goto err;
 
        /* Dummy cipherinit to just setup the IV */
-       EVP_CipherInit(&ctx, cipher, NULL, iv, 0);
+       EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
        if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
                ASN1err(ASN1_F_PKCS5_PBE2_SET,
                                        ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
index d9278fb..05f4249 100644 (file)
@@ -184,7 +184,7 @@ static int enc_read(BIO *b, char *out, int outl)
                        if (!BIO_should_retry(b->next_bio))
                                {
                                ctx->cont=i;
-                               i=EVP_CipherFinal(&(ctx->cipher),
+                               i=EVP_CipherFinal_ex(&(ctx->cipher),
                                        (unsigned char *)ctx->buf,
                                        &(ctx->buf_len));
                                ctx->ok=i;
@@ -298,7 +298,7 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
        case BIO_CTRL_RESET:
                ctx->ok=1;
                ctx->finished=0;
-               EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL,
+               EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
                        ctx->cipher.encrypt);
                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
                break;
@@ -335,7 +335,7 @@ again:
                        {
                        ctx->finished=1;
                        ctx->buf_off=0;
-                       ret=EVP_CipherFinal(&(ctx->cipher),
+                       ret=EVP_CipherFinal_ex(&(ctx->cipher),
                                (unsigned char *)ctx->buf,
                                &(ctx->buf_len));
                        ctx->ok=(int)ret;
@@ -421,7 +421,7 @@ void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, unsigned char *k,
 
        b->init=1;
        ctx=(BIO_ENC_CTX *)b->ptr;
-       EVP_CipherInit(&(ctx->cipher),c,k,i,e);
+       EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e);
        
        if (b->callback != NULL)
                b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L);
index 799858f..b62d941 100644 (file)
@@ -180,7 +180,7 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
                key_bits =rc2_magic_to_meth((int)num);
                if (!key_bits)
                        return(-1);
-               if(i > 0) EVP_CipherInit(c, NULL, NULL, iv, -1);
+               if(i > 0) EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1);
                EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
                EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
                }
index ff3c797..255f957 100644 (file)
@@ -488,6 +488,7 @@ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *imp
                const unsigned char *key, const unsigned char *iv);
 int    EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                int *outl, const unsigned char *in, int inl);
+int    EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
 int    EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
 
 int    EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
@@ -497,6 +498,7 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *imp
 int    EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                int *outl, const unsigned char *in, int inl);
 int    EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+int    EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
 
 int    EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
                       const unsigned char *key,const unsigned char *iv,
@@ -507,6 +509,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl
 int    EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                int *outl, const unsigned char *in, int inl);
 int    EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+int    EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
 
 int    EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
                EVP_PKEY *pkey);
index 0f5a128..eb39539 100644 (file)
@@ -73,11 +73,14 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
        /* ctx->cipher=NULL; */
        }
 
+
 int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
             const unsigned char *key, const unsigned char *iv, int enc)
        {
+       EVP_CIPHER_CTX_init(ctx);
        return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
        }
+
 int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
             const unsigned char *key, const unsigned char *iv, int enc)
        {
@@ -187,6 +190,13 @@ int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        else    return EVP_DecryptUpdate(ctx,out,outl,in,inl);
        }
 
+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+       {
+       if (ctx->encrypt)
+               return EVP_EncryptFinal_ex(ctx,out,outl);
+       else    return EVP_DecryptFinal_ex(ctx,out,outl);
+       }
+
 int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        {
        if (ctx->encrypt)
@@ -197,7 +207,7 @@ int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
             const unsigned char *key, const unsigned char *iv)
        {
-       return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1);
+       return EVP_CipherInit(ctx, cipher, key, iv, 1);
        }
 
 int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
@@ -275,6 +285,14 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        }
 
 int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+       {
+       int ret;
+       ret = EVP_EncryptFinal_ex(ctx, out, outl);
+       EVP_CIPHER_CTX_cleanup(ctx);
+       return ret;
+       }
+
+int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        {
        int i,n,b,bl,ret;
 
@@ -358,6 +376,14 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        }
 
 int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+       {
+       int ret;
+       ret = EVP_DecryptFinal_ex(ctx, out, outl);
+       EVP_CIPHER_CTX_cleanup(ctx);
+       return ret;
+       }
+
+int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        {
        int i,b;
        int n;
index 435bb09..e312672 100644 (file)
@@ -142,7 +142,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
        exit(5);
        }
     EVP_CIPHER_CTX_init(&ctx);
-    if(!EVP_EncryptInit(&ctx,c,key,iv))
+    if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv))
        {
        fprintf(stderr,"EncryptInit failed\n");
        exit(10);
@@ -154,7 +154,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
        fprintf(stderr,"Encrypt failed\n");
        exit(6);
        }
-    if(!EVP_EncryptFinal(&ctx,out+outl,&outl2))
+    if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2))
        {
        fprintf(stderr,"EncryptFinal failed\n");
        exit(7);
@@ -175,7 +175,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
        exit(9);
        }
 
-    if(!EVP_DecryptInit(&ctx,c,key,iv))
+    if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv))
        {
        fprintf(stderr,"DecryptInit failed\n");
        exit(11);
@@ -187,7 +187,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
        fprintf(stderr,"Decrypt failed\n");
        exit(6);
        }
-    if(!EVP_DecryptFinal(&ctx,out+outl,&outl2))
+    if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2))
        {
        fprintf(stderr,"DecryptFinal failed\n");
        exit(7);
index cbe904d..113c60f 100644 (file)
@@ -143,7 +143,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
        memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
        memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
                                                 EVP_CIPHER_iv_length(cipher));
-       EVP_CipherInit(cctx, cipher, key, iv, en_de);
+       EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
        memset(md_tmp, 0, EVP_MAX_MD_SIZE);
        memset(key, 0, EVP_MAX_KEY_LENGTH);
        memset(iv, 0, EVP_MAX_IV_LENGTH);
index 645409e..6c4b3ea 100644 (file)
@@ -183,7 +183,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        }
 
        /* Fixup cipher based on AlgorithmIdentifier */
-       EVP_CipherInit(ctx, cipher, NULL, NULL, en_de);
+       EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de);
        if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
                                        EVP_R_CIPHER_PARAMETER_ERROR);
@@ -229,7 +229,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        saltlen = kdf->salt->value.octet_string->length;
        iter = ASN1_INTEGER_get(kdf->iter);
        PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
-       EVP_CipherInit(ctx, NULL, key, NULL, en_de);
+       EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
        memset(key, 0, keylen);
        PBKDF2PARAM_free(kdf);
        return 1;
index c0a50b9..6976f2a 100644 (file)
@@ -71,7 +71,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek,
 
        if(type) {      
                EVP_CIPHER_CTX_init(ctx);
-               if(!EVP_DecryptInit(ctx,type,NULL,NULL)) return 0;
+               if(!EVP_DecryptInit_ex(ctx,type,NULL, NULL,NULL)) return 0;
        }
 
        if(!priv) return 1;
@@ -97,7 +97,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek,
                /* ERROR */
                goto err;
                }
-       if(!EVP_DecryptInit(ctx,NULL,key,iv)) goto err;
+       if(!EVP_DecryptInit_ex(ctx,NULL,NULL,key,iv)) goto err;
 
        ret=1;
 err:
@@ -110,8 +110,8 @@ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        {
        int i;
 
-       i=EVP_DecryptFinal(ctx,out,outl);
-       EVP_DecryptInit(ctx,NULL,NULL,NULL);
+       i=EVP_DecryptFinal_ex(ctx,out,outl);
+       EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL);
        return(i);
        }
 #else /* !OPENSSL_NO_RSA */
index c870ebf..ba2dd65 100644 (file)
@@ -74,7 +74,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek
        
        if(type) {
                EVP_CIPHER_CTX_init(ctx);
-               if(!EVP_EncryptInit(ctx,type,NULL,NULL)) return 0;
+               if(!EVP_EncryptInit_ex(ctx,type,NULL,NULL,NULL)) return 0;
        }
        if (npubk <= 0) return(0);
        if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0)
@@ -82,7 +82,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek
        if (EVP_CIPHER_CTX_iv_length(ctx))
                RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx));
 
-       if(!EVP_EncryptInit(ctx,NULL,key,iv)) return 0;
+       if(!EVP_EncryptInit_ex(ctx,NULL,NULL,key,iv)) return 0;
 
        for (i=0; i<npubk; i++)
                {
@@ -107,6 +107,6 @@ int inl;
 
 void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        {
-       EVP_EncryptFinal(ctx,out,outl);
-       EVP_EncryptInit(ctx,NULL,NULL,NULL);
+       EVP_EncryptFinal_ex(ctx,out,outl);
+       EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL);
        }
index 1c1a64a..f5ae9d7 100644 (file)
@@ -346,9 +346,9 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
                PEM_dek_info(buf,objstr,8,(char *)iv);
                /* k=strlen(buf); */
        
-               EVP_EncryptInit(&ctx,enc,key,iv);
+               EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
                EVP_EncryptUpdate(&ctx,data,&j,data,i);
-               EVP_EncryptFinal(&ctx,&(data[j]),&i);
+               EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
                i+=j;
                ret=1;
                }
@@ -399,9 +399,9 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
                (unsigned char *)buf,klen,1,key,NULL);
 
        j=(int)len;
-       EVP_DecryptInit(&ctx,cipher->cipher,key,&(cipher->iv[0]));
+       EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
        EVP_DecryptUpdate(&ctx,data,&i,data,j);
-       o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
+       o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
        EVP_CIPHER_CTX_cleanup(&ctx);
        memset((char *)buf,0,sizeof(buf));
        memset((char *)key,0,sizeof(key));
index 50a1b91..ae463a3 100644 (file)
@@ -161,7 +161,7 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
                goto err;
                }
 
-       EVP_EncryptFinal(&ctx->cipher,s,(int *)&i);
+       EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
        EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
        *outl=j;
        out+=j;
index 2a6de32..97be6a5 100644 (file)
@@ -117,7 +117,7 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                return 0;
        }
        PBEPARAM_free(pbe);
-       EVP_CipherInit(ctx, cipher, key, iv, en_de);
+       EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
        memset(key, 0, EVP_MAX_KEY_LENGTH);
        memset(iv, 0, EVP_MAX_IV_LENGTH);
        return 1;
index 92b95f6..e0bbe4c 100644 (file)
@@ -90,7 +90,7 @@ unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
 
        EVP_CipherUpdate (&ctx, out, &i, in, inlen);
        outlen = i;
-       if(!EVP_CipherFinal (&ctx, out + i, &i)) {
+       if(!EVP_CipherFinal_ex (&ctx, out + i, &i)) {
                OPENSSL_free (out);
                PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
                return NULL;
index 5447e69..42331f7 100644 (file)
@@ -339,7 +339,7 @@ static long ber_ctrl(BIO *b, int cmd, long num, char *ptr)
        case BIO_CTRL_RESET:
                ctx->ok=1;
                ctx->finished=0;
-               EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL,
+               EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
                        ctx->cipher.berrypt);
                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
                break;
@@ -376,7 +376,7 @@ again:
                        {
                        ctx->finished=1;
                        ctx->buf_off=0;
-                       ret=EVP_CipherFinal(&(ctx->cipher),
+                       ret=EVP_CipherFinal_ex(&(ctx->cipher),
                                (unsigned char *)ctx->buf,
                                &(ctx->buf_len));
                        ctx->ok=(int)ret;
@@ -458,7 +458,7 @@ void BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *k, unsigned char *i,
 
        b->init=1;
        ctx=(BIO_ENC_CTX *)b->ptr;
-       EVP_CipherInit(&(ctx->cipher),c,k,i,e);
+       EVP_CipherInit_ex(&(ctx->cipher),c,NULL,k,i,e);
        
        if (b->callback != NULL)
                b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
index 4cc3055..5b803b0 100644 (file)
@@ -165,7 +165,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                        goto err;
                xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
                if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen);
-               EVP_CipherInit(ctx, evp_cipher, key, iv, 1);
+               EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, iv, 1);
 
                if (ivlen > 0) {
                        if (xalg->parameter == NULL) 
@@ -391,7 +391,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 
                evp_ctx=NULL;
                BIO_get_cipher_ctx(etmp,&evp_ctx);
-               EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0);
+               EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0);
                if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
                        goto err;
 
@@ -407,7 +407,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                                goto err;
                                }
                } 
-               EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
+               EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
 
                memset(tmp,0,jj);
 
index 4890b69..da2c6d3 100644 (file)
@@ -126,7 +126,7 @@ void main_encrypt(void)
 
 void main_decrypt(void)
 {
-       char buf[512];
+       char buf[520];
        char ebuf[512];
        unsigned int buflen;
         EVP_CIPHER_CTX ectx;
@@ -164,7 +164,6 @@ void main_decrypt(void)
 
        read(STDIN, encryptKey, ekeylen);
        read(STDIN, iv, sizeof(iv));
-
        EVP_OpenInit(&ectx,
                   EVP_des_ede3_cbc(), 
                   encryptKey,
@@ -185,7 +184,6 @@ void main_decrypt(void)
                }
 
                EVP_OpenUpdate(&ectx, buf, &buflen, ebuf, readlen);
-
                write(STDOUT, buf, buflen);
        }
 
index c8462a4..03d8a20 100644 (file)
@@ -57,7 +57,8 @@ void do_cipher(char *pw, int operation)
 
        EVP_BytesToKey(ALG, EVP_md5(), "salu", pw, strlen(pw), 1, key, iv);
 
-       EVP_CipherInit(&ectx, ALG, key, iv, operation);
+       EVP_CIPHER_CTX_init(&ectx);
+       EVP_CipherInit_ex(&ectx, ALG, NULL, key, iv, operation);
 
        while(1)
        {
@@ -79,7 +80,8 @@ void do_cipher(char *pw, int operation)
                write(STDOUT, ebuf, ebuflen);
        }
 
-        EVP_CipherFinal(&ectx, ebuf, &ebuflen); 
+        EVP_CipherFinal_ex(&ectx, ebuf, &ebuflen); 
+       EVP_CIPHER_CTX_cleanup(&ectx);
 
        write(STDOUT, ebuf, ebuflen); 
 }
index e61b698..726dceb 100644 (file)
@@ -1997,10 +1997,10 @@ krb5_error_code  kssl_check_authent(
                */
                goto err;
                }
-       if (!EVP_DecryptInit(&ciph_ctx, enc, kssl_ctx->key, iv))
+       if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv))
                {
                kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                       "EVP_DecryptInit error decrypting authenticator.\n");
+                       "EVP_DecryptInit_ex error decrypting authenticator.\n");
                krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
                goto err;
                }
@@ -2019,10 +2019,10 @@ krb5_error_code  kssl_check_authent(
                krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
                goto err;
                }
-       if (!EVP_DecryptFinal(&ciph_ctx, &(unenc_authent[outl]), &padl))
+       if (!EVP_DecryptFinal_ex(&ciph_ctx, &(unenc_authent[outl]), &padl))
                {
                kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                       "EVP_DecryptFinal error decrypting authenticator.\n");
+                       "EVP_DecryptFinal_ex error decrypting authenticator.\n");
                krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
                goto err;
                }
index b4187bb..a28e747 100644 (file)
@@ -98,9 +98,9 @@ int ssl2_enc_init(SSL *s, int client)
 
        ssl2_generate_key_material(s);
 
-       EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]),
+       EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
                s->session->key_arg);
-       EVP_DecryptInit(rs,c,&(s->s2->key_material[(client)?0:num]),
+       EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]),
                s->session->key_arg);
        s->s2->read_key=  &(s->s2->key_material[(client)?0:num]);
        s->s2->write_key= &(s->s2->key_material[(client)?num:0]);
index 8ebba65..e56bfb1 100644 (file)
@@ -1519,17 +1519,17 @@ static int ssl3_send_client_key_exchange(SSL *s)
                            goto err;
 
                        /*  20010420 VRS.  Tried it this way; failed.
-                       **      EVP_EncryptInit(&ciph_ctx,enc, NULL,NULL);
+                       **      EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
                        **      EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
                        **                              kssl_ctx->length);
-                       **      EVP_EncryptInit(&ciph_ctx,NULL, key,iv);
+                       **      EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
                        */
 
                        memset(iv, 0, EVP_MAX_IV_LENGTH);  /* per RFC 1510 */
-                       EVP_EncryptInit(&ciph_ctx,enc, kssl_ctx->key,iv);
+                       EVP_EncryptInit_ex(&ciph_ctx,enc, kssl_ctx->key,iv);
                        EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
                                                SSL_MAX_MASTER_KEY_LENGTH);
-                       EVP_EncryptFinal(&ciph_ctx,&(epms[outl]),&padl);
+                       EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
                        outl += padl;
                        EVP_CIPHER_CTX_cleanup(&ciph_ctx);
 
index 833fea8..52d389e 100644 (file)
@@ -275,7 +275,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
 
        s->session->key_arg_length=0;
 
-       EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+       EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
 
        memset(&(exp_key[0]),0,sizeof(exp_key));
        memset(&(exp_iv[0]),0,sizeof(exp_iv));
index 2954571..f858a9f 100644 (file)
@@ -1618,7 +1618,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 
                memset(iv, 0, EVP_MAX_IV_LENGTH);       /* per RFC 1510 */
 
-               if (!EVP_DecryptInit(&ciph_ctx,enc,kssl_ctx->key,iv))
+               if (!EVP_DecryptInit_ex(&ciph_ctx,enc,kssl_ctx->key,iv))
                        {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                                SSL_R_DECRYPTION_FAILED);
@@ -1637,7 +1637,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                                SSL_R_DATA_LENGTH_TOO_LONG);
                        goto err;
                        }
-               if (!EVP_DecryptFinal(&ciph_ctx,&(pms[outl]),&padl))
+               if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
                        {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                                SSL_R_DECRYPTION_FAILED);
index c37b417..7bb04e6 100644 (file)
@@ -341,7 +341,7 @@ printf("which = %04X\nmac key=",which);
 #ifdef KSSL_DEBUG
        {
         int i;
-       printf("EVP_CipherInit(dd,c,key=,iv=,which)\n");
+       printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
        printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
        printf("\n");
        printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
@@ -349,7 +349,7 @@ printf("which = %04X\nmac key=",which);
        }
 #endif /* KSSL_DEBUG */
 
-       EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+       EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
 #ifdef TLS_DEBUG
 printf("which = %04X\nkey=",which);
 { int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }