Add EVP_CIPHER_CTX_legacy_clear()

OpenSSL 1.1 made EVP_CIPHER_CTX_init() an alias of EVP_CIPHER_CTX_reset().
In particular, it changed signature and it would no longer leak internal
state if used on an already used ctx. On the other hand, it can't be used
for ctx on the stack.

libcrypto still has a few ctx on the stack which will be converted to heap
allocated contexts at some point. Until this is completed, we will use
EVP_CIPHER_CTX_legacy_clear() internally, so that the public API can be
changed to match OpenSSL 1.1.

ok jsing

diff --git a/lib/libcrypto/evp/evp_cipher.c b/lib/libcrypto/evp/evp_cipher.c
index abdc33e..94eb42a 100644 (file)
--- a/lib/libcrypto/evp/evp_cipher.c
+++ b/lib/libcrypto/evp/evp_cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_cipher.c,v 1.17 2024/01/30 17:41:01 tb Exp $ */
+/* $OpenBSD: evp_cipher.c,v 1.18 2024/02/18 15:41:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -618,6 +618,12 @@ EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
        memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
 }
 
+void
+EVP_CIPHER_CTX_legacy_clear(EVP_CIPHER_CTX *ctx)
+{
+       memset(ctx, 0, sizeof(*ctx));
+}
+
 int
 EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
 {

diff --git a/lib/libcrypto/evp/evp_local.h b/lib/libcrypto/evp/evp_local.h
index f81a8d6..8b24be6 100644 (file)
--- a/lib/libcrypto/evp/evp_local.h
+++ b/lib/libcrypto/evp/evp_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_local.h,v 1.14 2024/01/27 23:34:18 tb Exp $ */
+/* $OpenBSD: evp_local.h,v 1.15 2024/02/18 15:41:50 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -377,6 +377,8 @@ int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str);
 int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex);
 int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md_name);
 
+void EVP_CIPHER_CTX_legacy_clear(EVP_CIPHER_CTX *ctx);
+
 __END_HIDDEN_DECLS
 
 #endif /* !HEADER_EVP_LOCAL_H */