#endif
for (j = 0; j < SIZE_NUM; j++) {
if (evp_cipher) {
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx;
int outl;
names[D_EVP] = OBJ_nid2ln(evp_cipher->nid);
*/
print_message(names[D_EVP], save_count, lengths[j]);
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
if (decrypt)
- EVP_DecryptInit_ex(&ctx, evp_cipher, NULL, key16, iv);
+ EVP_DecryptInit_ex(ctx, evp_cipher, NULL, key16, iv);
else
- EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, key16, iv);
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ EVP_EncryptInit_ex(ctx, evp_cipher, NULL, key16, iv);
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
Time_F(START);
if (decrypt)
for (count = 0, run = 1;
COND(save_count * 4 * lengths[0] / lengths[j]);
count++)
- EVP_DecryptUpdate(&ctx, buf, &outl, buf, lengths[j]);
+ EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[j]);
else
for (count = 0, run = 1;
COND(save_count * 4 * lengths[0] / lengths[j]);
count++)
- EVP_EncryptUpdate(&ctx, buf, &outl, buf, lengths[j]);
+ EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[j]);
if (decrypt)
- EVP_DecryptFinal_ex(&ctx, buf, &outl);
+ EVP_DecryptFinal_ex(ctx, buf, &outl);
else
- EVP_EncryptFinal_ex(&ctx, buf, &outl);
+ EVP_EncryptFinal_ex(ctx, buf, &outl);
d = Time_F(STOP);
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
}
if (evp_md) {
names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md));
int j, count, num = OSSL_NELEM(lengths);
const char *alg_name;
unsigned char *inp, *out, no_key[32], no_iv[16];
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx;
double d = 0.0;
inp = app_malloc(mblengths[num - 1], "multiblock input buffer");
out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer");
- EVP_CIPHER_CTX_init(&ctx);
- EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, no_key, no_iv);
- EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key),
+ ctx = EVP_CIPHER_CTX_new();
+ EVP_EncryptInit_ex(ctx, evp_cipher, NULL, no_key, no_iv);
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key),
no_key);
alg_name = OBJ_nid2ln(evp_cipher->nid);
mb_param.len = len;
mb_param.interleave = 8;
- packlen = EVP_CIPHER_CTX_ctrl(&ctx,
- EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
+ packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
sizeof(mb_param), &mb_param);
if (packlen > 0) {
mb_param.out = out;
mb_param.inp = inp;
mb_param.len = len;
- EVP_CIPHER_CTX_ctrl(&ctx,
- EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
sizeof(mb_param), &mb_param);
} else {
int pad;
len += 16;
aad[11] = len >> 8;
aad[12] = len;
- pad = EVP_CIPHER_CTX_ctrl(&ctx,
- EVP_CTRL_AEAD_TLS1_AAD,
+ pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD,
EVP_AEAD_TLS1_AAD_LEN, aad);
- EVP_Cipher(&ctx, out, inp, len + pad);
+ EVP_Cipher(ctx, out, inp, len + pad);
}
}
d = Time_F(STOP);
OPENSSL_free(inp);
OPENSSL_free(out);
+ EVP_CIPHER_CTX_free(ctx);
}
{
X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
int alg_nid, keylen;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
PBE2PARAM *pbe2 = NULL;
ASN1_OBJECT *obj;
goto err;
}
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL)
+ goto merr;
/* Dummy cipherinit to just setup the IV, and PRF */
- if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
+ if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0))
goto err;
- if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
+ if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) {
ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
- EVP_CIPHER_CTX_cleanup(&ctx);
goto err;
}
/*
* here: just means use default PRF.
*/
if ((prf_nid == -1) &&
- EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
ERR_clear_error();
prf_nid = NID_hmacWithSHA1;
}
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
+ ctx = NULL;
/* If its RC2 then we'd better setup the key length */
ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE);
err:
+ EVP_CIPHER_CTX_free(ctx);
PBE2PARAM_free(pbe2);
/* Note 'scheme' is freed as part of pbe2 */
X509_ALGOR_free(kalg);
X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
int alg_nid;
size_t keylen = 0;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
PBE2PARAM *pbe2 = NULL;
ASN1_OBJECT *obj;
goto err;
}
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL)
+ goto merr;
/* Dummy cipherinit to just setup the IV */
- if (EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0) == 0)
+ if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0) == 0)
goto err;
- if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
+ if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) {
ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,
ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
- EVP_CIPHER_CTX_cleanup(&ctx);
goto err;
}
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
+ ctx = NULL;
/* If its RC2 then we'd better setup the key length */
PBE2PARAM_free(pbe2);
X509_ALGOR_free(kalg);
X509_ALGOR_free(ret);
+ EVP_CIPHER_CTX_free(ctx);
return NULL;
struct CMAC_CTX_st {
/* Cipher context to use */
- EVP_CIPHER_CTX cctx;
+ EVP_CIPHER_CTX *cctx;
/* Keys k1 and k2 */
unsigned char k1[EVP_MAX_BLOCK_LENGTH];
unsigned char k2[EVP_MAX_BLOCK_LENGTH];
ctx = OPENSSL_malloc(sizeof(*ctx));
if (ctx == NULL)
return NULL;
- EVP_CIPHER_CTX_init(&ctx->cctx);
+ ctx->cctx = EVP_CIPHER_CTX_new();
+ if (ctx->cctx == NULL) {
+ OPENSSL_free(ctx);
+ return NULL;
+ }
ctx->nlast_block = -1;
return ctx;
}
void CMAC_CTX_cleanup(CMAC_CTX *ctx)
{
- EVP_CIPHER_CTX_cleanup(&ctx->cctx);
+ EVP_CIPHER_CTX_free(ctx->cctx);
OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
OPENSSL_cleanse(ctx->k2, EVP_MAX_BLOCK_LENGTH);
EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx)
{
- return &ctx->cctx;
+ return ctx->cctx;
}
void CMAC_CTX_free(CMAC_CTX *ctx)
int bl;
if (in->nlast_block == -1)
return 0;
- if (!EVP_CIPHER_CTX_copy(&out->cctx, &in->cctx))
+ if (!EVP_CIPHER_CTX_copy(out->cctx, in->cctx))
return 0;
- bl = M_EVP_CIPHER_CTX_block_size(&in->cctx);
+ bl = EVP_CIPHER_CTX_block_size(in->cctx);
memcpy(out->k1, in->k1, bl);
memcpy(out->k2, in->k2, bl);
memcpy(out->tbl, in->tbl, bl);
/* Not initialised */
if (ctx->nlast_block == -1)
return 0;
- if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
+ if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv))
return 0;
- memset(ctx->tbl, 0, M_EVP_CIPHER_CTX_block_size(&ctx->cctx));
+ memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(ctx->cctx));
ctx->nlast_block = 0;
return 1;
}
/* Initialiase context */
- if (cipher && !M_EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL))
+ if (cipher && !EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL))
return 0;
/* Non-NULL key means initialisation complete */
if (key) {
int bl;
- if (!M_EVP_CIPHER_CTX_cipher(&ctx->cctx))
+ if (!EVP_CIPHER_CTX_cipher(ctx->cctx))
return 0;
- if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen))
+ if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen))
return 0;
- if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv))
+ if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv))
return 0;
- bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx);
- if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl))
+ bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
+ if (!EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl))
return 0;
make_kn(ctx->k1, ctx->tbl, bl);
make_kn(ctx->k2, ctx->k1, bl);
OPENSSL_cleanse(ctx->tbl, bl);
/* Reset context again ready for first data block */
- if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
+ if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv))
return 0;
/* Zero tbl so resume works */
memset(ctx->tbl, 0, bl);
return 0;
if (dlen == 0)
return 1;
- bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx);
+ bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
/* Copy into partial block if we need to */
if (ctx->nlast_block > 0) {
size_t nleft;
return 1;
data += nleft;
/* Else not final block so encrypt it */
- if (!EVP_Cipher(&ctx->cctx, ctx->tbl, ctx->last_block, bl))
+ if (!EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl))
return 0;
}
/* Encrypt all but one of the complete blocks left */
while (dlen > bl) {
- if (!EVP_Cipher(&ctx->cctx, ctx->tbl, data, bl))
+ if (!EVP_Cipher(ctx->cctx, ctx->tbl, data, bl))
return 0;
dlen -= bl;
data += bl;
int i, bl, lb;
if (ctx->nlast_block == -1)
return 0;
- bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx);
+ bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
*poutlen = (size_t)bl;
if (!out)
return 1;
for (i = 0; i < bl; i++)
out[i] = ctx->last_block[i] ^ ctx->k2[i];
}
- if (!EVP_Cipher(&ctx->cctx, out, out, bl)) {
+ if (!EVP_Cipher(ctx->cctx, out, out, bl)) {
OPENSSL_cleanse(out, bl);
return 0;
}
* decrypted block will allow CMAC to continue after calling
* CMAC_Final().
*/
- return M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl);
+ return M_EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, ctx->tbl);
}
{
CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval;
if (operation == ASN1_OP_NEW_POST) {
- EVP_CIPHER_CTX_init(&kari->ctx);
- EVP_CIPHER_CTX_set_flags(&kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
+ kari->ctx = EVP_CIPHER_CTX_new();
+ if (kari->ctx == NULL)
+ return 0;
+ EVP_CIPHER_CTX_set_flags(kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
kari->pctx = NULL;
} else if (operation == ASN1_OP_FREE_POST) {
EVP_PKEY_CTX_free(kari->pctx);
- EVP_CIPHER_CTX_cleanup(&kari->ctx);
+ EVP_CIPHER_CTX_free(kari->ctx);
}
return 1;
}
EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri)
{
if (ri->type == CMS_RECIPINFO_AGREE)
- return &ri->d.kari->ctx;
+ return ri->d.kari->ctx;
return NULL;
}
int rv = 0;
unsigned char *out = NULL;
int outlen;
- keklen = EVP_CIPHER_CTX_key_length(&kari->ctx);
+ keklen = EVP_CIPHER_CTX_key_length(kari->ctx);
if (keklen > EVP_MAX_KEY_LENGTH)
return 0;
/* Derive KEK */
if (EVP_PKEY_derive(kari->pctx, kek, &keklen) <= 0)
goto err;
/* Set KEK in context */
- if (!EVP_CipherInit_ex(&kari->ctx, NULL, NULL, kek, NULL, enc))
+ if (!EVP_CipherInit_ex(kari->ctx, NULL, NULL, kek, NULL, enc))
goto err;
/* obtain output length of ciphered key */
- if (!EVP_CipherUpdate(&kari->ctx, NULL, &outlen, in, inlen))
+ if (!EVP_CipherUpdate(kari->ctx, NULL, &outlen, in, inlen))
goto err;
out = OPENSSL_malloc(outlen);
if (out == NULL)
goto err;
- if (!EVP_CipherUpdate(&kari->ctx, out, &outlen, in, inlen))
+ if (!EVP_CipherUpdate(kari->ctx, out, &outlen, in, inlen))
goto err;
*pout = out;
*poutlen = (size_t)outlen;
OPENSSL_cleanse(kek, keklen);
if (!rv)
OPENSSL_free(out);
- EVP_CIPHER_CTX_cleanup(&kari->ctx);
+ EVP_CIPHER_CTX_reset(kari->ctx);
+ /* FIXME: WHY IS kari->pctx freed here? /RL */
EVP_PKEY_CTX_free(kari->pctx);
kari->pctx = NULL;
return rv;
static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
const EVP_CIPHER *cipher)
{
- EVP_CIPHER_CTX *ctx = &kari->ctx;
+ EVP_CIPHER_CTX *ctx = kari->ctx;
const EVP_CIPHER *kekcipher;
int keylen = EVP_CIPHER_key_length(cipher);
/* If a suitable wrap algorithm is already set nothing to do */
/* Public key context associated with current operation */
EVP_PKEY_CTX *pctx;
/* Cipher context for CEK wrapping */
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx;
};
struct CMS_OriginatorIdentifierOrKey_st {
CMS_RecipientInfo *ri = NULL;
CMS_EnvelopedData *env;
CMS_PasswordRecipientInfo *pwri;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
X509_ALGOR *encalg = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
int ivlen;
if (encalg == NULL) {
goto merr;
}
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
- if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) {
+ if (EVP_EncryptInit_ex(ctx, kekciph, NULL, NULL, NULL) <= 0) {
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
goto err;
}
- ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
+ ivlen = EVP_CIPHER_CTX_iv_length(ctx);
if (ivlen > 0) {
if (RAND_bytes(iv, ivlen) <= 0)
goto err;
- if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) {
+ if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) {
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
goto err;
}
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (EVP_CIPHER_param_to_asn1(&ctx, encalg->parameter) <= 0) {
+ if (EVP_CIPHER_param_to_asn1(ctx, encalg->parameter) <= 0) {
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err;
}
}
- encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(&ctx));
+ encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
+ ctx = NULL;
/* Initialize recipient info */
ri = M_ASN1_new_of(CMS_RecipientInfo);
merr:
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
err:
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
if (ri)
M_ASN1_free_of(ri, CMS_RecipientInfo);
X509_ALGOR_free(encalg);
CMS_PasswordRecipientInfo *pwri;
int r = 0;
X509_ALGOR *algtmp, *kekalg = NULL;
- EVP_CIPHER_CTX kekctx;
+ EVP_CIPHER_CTX *kekctx;
const EVP_CIPHER *kekcipher;
unsigned char *key = NULL;
size_t keylen;
ec = cms->d.envelopedData->encryptedContentInfo;
pwri = ri->d.pwri;
- EVP_CIPHER_CTX_init(&kekctx);
+ kekctx = EVP_CIPHER_CTX_new();
if (!pwri->pass) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
}
/* Fixup cipher based on AlgorithmIdentifier to set IV etc */
- if (!EVP_CipherInit_ex(&kekctx, kekcipher, NULL, NULL, NULL, en_de))
+ if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))
goto err;
- EVP_CIPHER_CTX_set_padding(&kekctx, 0);
- if (EVP_CIPHER_asn1_to_param(&kekctx, kekalg->parameter) < 0) {
+ EVP_CIPHER_CTX_set_padding(kekctx, 0);
+ if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) < 0) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err;
if (EVP_PBE_CipherInit(algtmp->algorithm,
(char *)pwri->pass, pwri->passlen,
- algtmp->parameter, &kekctx, en_de) < 0) {
+ algtmp->parameter, kekctx, en_de) < 0) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB);
goto err;
}
if (en_de) {
- if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, &kekctx))
+ if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, kekctx))
goto err;
key = OPENSSL_malloc(keylen);
if (key == NULL)
goto err;
- if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, &kekctx))
+ if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, kekctx))
goto err;
pwri->encryptedKey->data = key;
pwri->encryptedKey->length = keylen;
}
if (!kek_unwrap_key(key, &keylen,
pwri->encryptedKey->data,
- pwri->encryptedKey->length, &kekctx)) {
+ pwri->encryptedKey->length, kekctx)) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNWRAP_FAILURE);
goto err;
}
err:
- EVP_CIPHER_CTX_cleanup(&kekctx);
+ EVP_CIPHER_CTX_free(kekctx);
if (!r)
OPENSSL_free(key);
int cont; /* <= 0 when finished */
int finished;
int ok; /* bad decrypt */
- EVP_CIPHER_CTX cipher;
+ EVP_CIPHER_CTX *cipher;
/*
* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return
* up to a block more data than is presented to it
ctx = OPENSSL_zalloc(sizeof(*ctx));
if (ctx == NULL)
- return (0);
+ return 0;
- EVP_CIPHER_CTX_init(&ctx->cipher);
+ ctx->cipher = EVP_CIPHER_CTX_new();
+ if (ctx->cipher == NULL) {
+ OPENSSL_free(ctx);
+ return 0;
+ }
ctx->cont = 1;
ctx->ok = 1;
bi->init = 0;
bi->ptr = (char *)ctx;
bi->flags = 0;
- return (1);
+ return 1;
}
static int enc_free(BIO *a)
if (a == NULL)
return (0);
b = (BIO_ENC_CTX *)a->ptr;
- EVP_CIPHER_CTX_cleanup(&(b->cipher));
+ EVP_CIPHER_CTX_free(b->cipher);
OPENSSL_clear_free(a->ptr, sizeof(BIO_ENC_CTX));
a->ptr = NULL;
a->init = 0;
/* Should be continue next time we are called? */
if (!BIO_should_retry(b->next_bio)) {
ctx->cont = i;
- i = EVP_CipherFinal_ex(&(ctx->cipher),
+ i = EVP_CipherFinal_ex(ctx->cipher,
(unsigned char *)ctx->buf,
&(ctx->buf_len));
ctx->ok = i;
break;
}
} else {
- if (!EVP_CipherUpdate(&(ctx->cipher),
+ if (!EVP_CipherUpdate(ctx->cipher,
(unsigned char *)ctx->buf, &ctx->buf_len,
(unsigned char *)&(ctx->buf[BUF_OFFSET]),
i)) {
ctx->buf_off = 0;
while (inl > 0) {
n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl;
- if (!EVP_CipherUpdate(&(ctx->cipher),
+ if (!EVP_CipherUpdate(ctx->cipher,
(unsigned char *)ctx->buf, &ctx->buf_len,
(unsigned char *)in, n)) {
BIO_clear_retry_flags(b);
case BIO_CTRL_RESET:
ctx->ok = 1;
ctx->finished = 0;
- if (!EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL,
- ctx->cipher.encrypt))
+ if (!EVP_CipherInit_ex(ctx->cipher, NULL, NULL, NULL, NULL,
+ EVP_CIPHER_CTX_encrypting(ctx->cipher)))
return 0;
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
break;
if (!ctx->finished) {
ctx->finished = 1;
ctx->buf_off = 0;
- ret = EVP_CipherFinal_ex(&(ctx->cipher),
+ ret = EVP_CipherFinal_ex(ctx->cipher,
(unsigned char *)ctx->buf,
&(ctx->buf_len));
ctx->ok = (int)ret;
break;
case BIO_C_GET_CIPHER_CTX:
c_ctx = (EVP_CIPHER_CTX **)ptr;
- (*c_ctx) = &(ctx->cipher);
+ *c_ctx = ctx->cipher;
b->init = 1;
break;
case BIO_CTRL_DUP:
dbio = (BIO *)ptr;
dctx = (BIO_ENC_CTX *)dbio->ptr;
- EVP_CIPHER_CTX_init(&dctx->cipher);
- ret = EVP_CIPHER_CTX_copy(&dctx->cipher, &ctx->cipher);
+ dctx->cipher = EVP_CIPHER_CTX_new();
+ if (dctx->cipher == NULL)
+ return 0;
+ ret = EVP_CIPHER_CTX_copy(dctx->cipher, ctx->cipher);
if (ret)
dbio->init = 1;
break;
b->init = 1;
ctx = (BIO_ENC_CTX *)b->ptr;
- if (!EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e))
+ if (!EVP_CipherInit_ex(ctx->cipher, c, NULL, k, i, e))
return 0;
if (b->callback != NULL)
int i, size = 0, ret = 0;
if (type) {
- EVP_CIPHER_CTX_init(ctx);
+ EVP_CIPHER_CTX_reset(ctx);
if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL))
return 0;
}
int i;
if (type) {
- EVP_CIPHER_CTX_init(ctx);
+ EVP_CIPHER_CTX_reset(ctx);
if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
return 0;
}
unsigned char *kstr, int klen,
pem_password_cb *cb, void *u)
{
- EVP_CIPHER_CTX ctx;
int i, ret = 0;
unsigned char *data = NULL;
const char *objstr = NULL;
ret = 1;
err:
- OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
OPENSSL_cleanse(buf, PEM_BUFSIZE);
return (ret);
}
void *x, const EVP_CIPHER *enc, unsigned char *kstr,
int klen, pem_password_cb *callback, void *u)
{
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
int dsize = 0, i = 0, j = 0, ret = 0;
unsigned char *p, *data = NULL;
const char *objstr = NULL;
PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
/* k=strlen(buf); */
- EVP_CIPHER_CTX_init(&ctx);
ret = 1;
- if (!EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv)
- || !EVP_EncryptUpdate(&ctx, data, &j, data, i)
- || !EVP_EncryptFinal_ex(&ctx, &(data[j]), &i))
+ if ((ctx = EVP_CIPHER_CTX_new()) == NULL
+ || !EVP_EncryptInit_ex(ctx, enc, NULL, key, iv)
+ || !EVP_EncryptUpdate(ctx, data, &j, data, i)
+ || !EVP_EncryptFinal_ex(ctx, &(data[j]), &i))
ret = 0;
- EVP_CIPHER_CTX_cleanup(&ctx);
if (ret == 0)
goto err;
i += j;
err:
OPENSSL_cleanse(key, sizeof(key));
OPENSSL_cleanse(iv, sizeof(iv));
- OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
+ EVP_CIPHER_CTX_free(ctx);
OPENSSL_cleanse(buf, PEM_BUFSIZE);
OPENSSL_clear_free(data, (unsigned int)dsize);
return (ret);
{
int i = 0, j, o, klen;
long len;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx;
unsigned char key[EVP_MAX_KEY_LENGTH];
char buf[PEM_BUFSIZE];
return 0;
j = (int)len;
- EVP_CIPHER_CTX_init(&ctx);
- o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ o = EVP_DecryptInit_ex(ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
if (o)
- o = EVP_DecryptUpdate(&ctx, data, &i, data, j);
+ o = EVP_DecryptUpdate(ctx, data, &i, data, j);
if (o)
- o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j);
- EVP_CIPHER_CTX_cleanup(&ctx);
+ o = EVP_DecryptFinal_ex(ctx, &(data[i]), &j);
+ EVP_CIPHER_CTX_free(ctx);
OPENSSL_cleanse((char *)buf, sizeof(buf));
OPENSSL_cleanse((char *)key, sizeof(key));
if (o)
unsigned int magic;
unsigned char *enctmp = NULL, *q;
- EVP_CIPHER_CTX cctx;
- EVP_CIPHER_CTX_init(&cctx);
+ EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
if (saltlen) {
char psbuf[PEM_BUFSIZE];
unsigned char keybuf[20];
}
inlen = keylen - 8;
q = enctmp + 8;
- if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
+ if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
goto err;
- if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
+ if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
goto err;
- if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
+ if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
goto err;
magic = read_ledword((const unsigned char **)&q);
if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
q = enctmp + 8;
memset(keybuf + 5, 0, 11);
- if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
+ if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
goto err;
OPENSSL_cleanse(keybuf, 20);
- if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
+ if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
goto err;
- if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
+ if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
goto err;
magic = read_ledword((const unsigned char **)&q);
if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
ret = b2i_PrivateKey(&p, keylen);
err:
- EVP_CIPHER_CTX_cleanup(&cctx);
+ EVP_CIPHER_CTX_free(cctx);
OPENSSL_free(enctmp);
return ret;
}
{
int outlen = 24, pklen;
unsigned char *p, *salt = NULL;
- EVP_CIPHER_CTX cctx;
- EVP_CIPHER_CTX_init(&cctx);
+ EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
if (enclevel)
outlen += PVK_SALTLEN;
pklen = do_i2b(NULL, pk, 0);
if (enclevel == 1)
memset(keybuf + 5, 0, 11);
p = salt + PVK_SALTLEN + 8;
- if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
+ if (!EVP_EncryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
goto error;
OPENSSL_cleanse(keybuf, 20);
- if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8))
+ if (!EVP_DecryptUpdate(cctx, p, &enctmplen, p, pklen - 8))
goto error;
- if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen))
+ if (!EVP_DecryptFinal_ex(cctx, p + enctmplen, &enctmplen))
goto error;
}
- EVP_CIPHER_CTX_cleanup(&cctx);
+ EVP_CIPHER_CTX_free(cctx);
return outlen;
error:
- EVP_CIPHER_CTX_cleanup(&cctx);
+ EVP_CIPHER_CTX_free(cctx);
return -1;
}
{
unsigned char *out = NULL;
int outlen, i;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+
+ if (ctx == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
- EVP_CIPHER_CTX_init(&ctx);
/* Decrypt data */
if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
- algor->parameter, &ctx, en_de)) {
+ algor->parameter, ctx, en_de)) {
PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
goto err;
}
- if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))
+ if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(ctx)))
== NULL) {
PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) {
+ if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) {
OPENSSL_free(out);
out = NULL;
PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB);
}
outlen = i;
- if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
+ if (!EVP_CipherFinal_ex(ctx, out + i, &i)) {
OPENSSL_free(out);
out = NULL;
PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
if (data)
*data = out;
err:
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return out;
}
u_len >= 4 * (max_send_fragment = s->max_send_fragment) &&
s->compress == NULL && s->msg_callback == NULL &&
!SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
- EVP_CIPHER_flags(s->enc_write_ctx->cipher) &
+ EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) &
EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) {
unsigned char aad[13];
EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
rec->input = rec->data;
} else {
l = rec->length;
- bs = EVP_CIPHER_block_size(ds->cipher);
+ bs = EVP_CIPHER_CTX_block_size(ds);
/* COMPRESS */
ret = 1;
} else {
l = rec->length;
- bs = EVP_CIPHER_block_size(ds->cipher);
+ bs = EVP_CIPHER_CTX_block_size(ds);
- if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
+ if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds)) & EVP_CIPH_FLAG_AEAD_CIPHER) {
unsigned char buf[EVP_AEAD_TLS1_AAD_LEN], *seq;
seq = send ? RECORD_LAYER_get_write_sequence(&s->rlayer)
}
i = EVP_Cipher(ds, rec->data, rec->input, l);
- if ((EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_CUSTOM_CIPHER)
+ if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds)) & EVP_CIPH_FLAG_CUSTOM_CIPHER)
? (i < 0)
: (i == 0))
return -1; /* AEAD can fail to verify MAC */
padding_length = rec->data[rec->length - 1];
- if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
+ if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) {
/* padding is already verified */
rec->length -= padding_length + 1;
return 1;
if (which & SSL3_CC_READ) {
if (s->enc_read_ctx != NULL)
reuse_dd = 1;
- else if ((s->enc_read_ctx =
- OPENSSL_malloc(sizeof(*s->enc_read_ctx))) == NULL)
+ else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL)
goto err;
else
/*
* make sure it's intialized in case we exit later with an error
*/
- EVP_CIPHER_CTX_init(s->enc_read_ctx);
+ EVP_CIPHER_CTX_reset(s->enc_read_ctx);
dd = s->enc_read_ctx;
if (ssl_replace_hash(&s->read_hash, m) == NULL) {
} else {
if (s->enc_write_ctx != NULL)
reuse_dd = 1;
- else if ((s->enc_write_ctx =
- OPENSSL_malloc(sizeof(*s->enc_write_ctx))) == NULL)
+ else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL)
goto err;
else
/*
* make sure it's intialized in case we exit later with an error
*/
- EVP_CIPHER_CTX_init(s->enc_write_ctx);
+ EVP_CIPHER_CTX_reset(s->enc_write_ctx);
dd = s->enc_write_ctx;
if (ssl_replace_hash(&s->write_hash, m) == NULL) {
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
}
if (reuse_dd)
- EVP_CIPHER_CTX_cleanup(dd);
+ EVP_CIPHER_CTX_reset(dd);
p = s->s3->tmp.key_block;
i = EVP_MD_size(m);
void ssl_clear_cipher_ctx(SSL *s)
{
if (s->enc_read_ctx != NULL) {
- EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
- OPENSSL_free(s->enc_read_ctx);
+ EVP_CIPHER_CTX_free(s->enc_read_ctx);
s->enc_read_ctx = NULL;
}
if (s->enc_write_ctx != NULL) {
- EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
- OPENSSL_free(s->enc_write_ctx);
+ EVP_CIPHER_CTX_free(s->enc_write_ctx);
s->enc_write_ctx = NULL;
}
#ifndef OPENSSL_NO_COMP
if (s->write_hash) {
if (s->enc_write_ctx
- && (EVP_CIPHER_CTX_flags(s->enc_write_ctx) &
+ && (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) &
EVP_CIPH_FLAG_AEAD_CIPHER) != 0)
mac_size = 0;
else
if (s->enc_write_ctx &&
(EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE))
- blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
+ blocksize = 2 * EVP_CIPHER_CTX_block_size(s->enc_write_ctx);
else
blocksize = 0;
int tls_construct_new_session_ticket(SSL *s)
{
unsigned char *senc = NULL;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx;
HMAC_CTX *hctx = NULL;
unsigned char *p, *macstart;
const unsigned char *const_p;
return 0;
}
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
hctx = HMAC_CTX_new();
p = senc;
* all the work otherwise use generated values from parent ctx.
*/
if (tctx->tlsext_ticket_key_cb) {
- if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, hctx, 1) < 0)
+ if (tctx->tlsext_ticket_key_cb(s, key_name, iv, ctx, hctx, 1) < 0)
goto err;
} else {
if (RAND_bytes(iv, 16) <= 0)
goto err;
- if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+ if (!EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
tctx->tlsext_tick_aes_key, iv))
goto err;
if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16,
memcpy(p, key_name, 16);
p += 16;
/* output IV */
- memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
- p += EVP_CIPHER_CTX_iv_length(&ctx);
+ memcpy(p, iv, EVP_CIPHER_CTX_iv_length(ctx));
+ p += EVP_CIPHER_CTX_iv_length(ctx);
/* Encrypt session data */
- if (!EVP_EncryptUpdate(&ctx, p, &len, senc, slen))
+ if (!EVP_EncryptUpdate(ctx, p, &len, senc, slen))
goto err;
p += len;
- if (!EVP_EncryptFinal(&ctx, p, &len))
+ if (!EVP_EncryptFinal(ctx, p, &len))
goto err;
p += len;
if (!HMAC_Final(hctx, p, &hlen))
goto err;
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
HMAC_CTX_free(hctx);
+ ctx = NULL;
+ hctx = NULL;
p += hlen;
/* Now write out lengths: p points to end of data written */
return 1;
err:
OPENSSL_free(senc);
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
HMAC_CTX_free(hctx);
ossl_statem_set_error(s);
return 0;
if (s->enc_read_ctx != NULL)
reuse_dd = 1;
- else if ((s->enc_read_ctx =
- OPENSSL_malloc(sizeof(*s->enc_read_ctx))) == NULL)
+ else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL)
goto err;
else
/*
* make sure it's intialized in case we exit later with an error
*/
- EVP_CIPHER_CTX_init(s->enc_read_ctx);
+ EVP_CIPHER_CTX_reset(s->enc_read_ctx);
dd = s->enc_read_ctx;
mac_ctx = ssl_replace_hash(&s->read_hash, NULL);
if (mac_ctx == NULL)
}
if (reuse_dd)
- EVP_CIPHER_CTX_cleanup(dd);
+ EVP_CIPHER_CTX_reset(dd);
p = s->s3->tmp.key_block;
i = *mac_secret_size = s->s3->tmp.new_mac_secret_size;
int slen, mlen, renew_ticket = 0;
unsigned char tick_hmac[EVP_MAX_MD_SIZE];
HMAC_CTX *hctx = NULL;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx;
SSL_CTX *tctx = s->initial_ctx;
/* Need at least keyname + iv + some encrypted data */
if (eticklen < 48)
hctx = HMAC_CTX_new();
if (hctx == NULL)
return -2;
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
if (tctx->tlsext_ticket_key_cb) {
unsigned char *nctick = (unsigned char *)etick;
int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
- &ctx, hctx, 0);
+ ctx, hctx, 0);
if (rv < 0)
return -1;
if (rv == 0)
return 2;
if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16,
EVP_sha256(), NULL) <= 0
- || EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+ || EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
tctx->tlsext_tick_aes_key,
etick + 16) <= 0) {
goto err;
}
HMAC_CTX_free(hctx);
if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) {
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return 2;
}
/* Attempt to decrypt session data */
/* Move p after IV to start of encrypted ticket, update length */
- p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
- eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
+ p = etick + 16 + EVP_CIPHER_CTX_iv_length(ctx);
+ eticklen -= 16 + EVP_CIPHER_CTX_iv_length(ctx);
sdec = OPENSSL_malloc(eticklen);
if (sdec == NULL
- || EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) {
- EVP_CIPHER_CTX_cleanup(&ctx);
+ || EVP_DecryptUpdate(ctx, sdec, &slen, p, eticklen) <= 0) {
+ EVP_CIPHER_CTX_free(ctx);
return -1;
}
- if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) {
- EVP_CIPHER_CTX_cleanup(&ctx);
+ if (EVP_DecryptFinal(ctx, sdec + slen, &mlen) <= 0) {
+ EVP_CIPHER_CTX_free(ctx);
OPENSSL_free(sdec);
return 2;
}
slen += mlen;
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
+ ctx = NULL;
p = sdec;
sess = d2i_SSL_SESSION(NULL, &p, slen);
*/
return 2;
err:
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
HMAC_CTX_free(hctx);
return -1;
}
int ignore = 0;
ENGINE *impl = NULL;
EVP_MD_CTX *mctx;
- EVP_CIPHER_CTX ectx;
+ EVP_CIPHER_CTX *ectx;
EVP_PKEY *mac_key;
byte bDerive[EVP_MAX_KEY_LENGTH];
byte bTest[G89_MAX_TC_LEN];
}
ctype = cp_g89cnt;
engine_cipher_check:
- EVP_CIPHER_CTX_init(&ectx);
- EVP_EncryptInit_ex(&ectx, ctype, impl, bDerive, tcs[t].bIV);
+ ectx = EVP_CIPHER_CTX_new();
+ EVP_EncryptInit_ex(ectx, ctype, impl, bDerive, tcs[t].bIV);
if (G89_MAX_TC_LEN >= tcs[t].ullLen) {
enlu = sizeof(bTest);
- EVP_EncryptUpdate(&ectx, bTest, &enlu,
+ EVP_EncryptUpdate(ectx, bTest, &enlu,
tcs[t].bIn, (int)tcs[t].ullLen);
l = (size_t)tcs[t].ullLen;
} else {
printf("B");
fflush(NULL);
enlu = sizeof(bTS);
- EVP_EncryptUpdate(&ectx, bTS, &enlu, bZB, sizeof(bZB));
+ EVP_EncryptUpdate(ectx, bTS, &enlu, bZB, sizeof(bZB));
}
printf("b" FMT64 "/" FMT64, ullLeft, tcs[t].ullLen);
fflush(NULL);
- EVP_EncryptUpdate(&ectx, bTS, &enlu, bZB, (int)ullLeft);
+ EVP_EncryptUpdate(ectx, bTS, &enlu, bZB, (int)ullLeft);
memcpy(bTest, &bTS[enlu - 16], 16);
enlu = (int)tcs[t].ullLen;
l = 16;
}
enlf = sizeof(bTest1);
- EVP_EncryptFinal_ex(&ectx, bTest1, &enlf);
- EVP_CIPHER_CTX_cleanup(&ectx);
+ EVP_EncryptFinal_ex(ectx, bTest1, &enlf);
+ EVP_CIPHER_CTX_free(ectx);
break;
case G89_IMIT:
if (0 != strcmp("id-Gost28147-89-CryptoPro-A-ParamSet",
projects / openssl.git / commitdiff