Stop pretending that EVP_CIPHER cleanup can fail.

Now that EVP_CIPHER is opaque, stop pretending that EVP_CIPHER cleanup can
fail.

ok tb@

diff --git a/lib/libcrypto/evp/e_aes.c b/lib/libcrypto/evp/e_aes.c
index 3661abc..d674be3 100644 (file)
--- a/lib/libcrypto/evp/e_aes.c
+++ b/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.48 2022/09/10 17:45:10 jsing Exp $ */
+/* $OpenBSD: e_aes.c,v 1.49 2022/09/13 04:59:18 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -1255,15 +1255,15 @@ EVP_aes_256_ctr(void)
 #endif
 }
 
-static int
+static void
 aes_gcm_cleanup(EVP_CIPHER_CTX *c)
 {
        EVP_AES_GCM_CTX *gctx = c->cipher_data;
 
        if (gctx->iv != c->iv)
                free(gctx->iv);
+
        explicit_bzero(gctx, sizeof(*gctx));
-       return 1;
 }
 
 /* increment counter (64-bit int) by 1 */

diff --git a/lib/libcrypto/evp/e_chacha20poly1305.c b/lib/libcrypto/evp/e_chacha20poly1305.c
index 674a323..4502648 100644 (file)
--- a/lib/libcrypto/evp/e_chacha20poly1305.c
+++ b/lib/libcrypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_chacha20poly1305.c,v 1.25 2022/08/30 19:33:26 tb Exp $ */
+/* $OpenBSD: e_chacha20poly1305.c,v 1.26 2022/09/13 04:59:18 jsing Exp $ */
 
 /*
  * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
@@ -530,14 +530,12 @@ chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
        return len;
 }
 
-static int
+static void
 chacha20_poly1305_cleanup(EVP_CIPHER_CTX *ctx)
 {
        struct chacha20_poly1305_ctx *cpx = ctx->cipher_data;
 
        explicit_bzero(cpx, sizeof(*cpx));
-
-       return 1;
 }
 
 static int

diff --git a/lib/libcrypto/evp/evp_enc.c b/lib/libcrypto/evp/evp_enc.c
index c46989b..49e0ffa 100644 (file)
--- a/lib/libcrypto/evp/evp_enc.c
+++ b/lib/libcrypto/evp/evp_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_enc.c,v 1.46 2022/09/04 13:34:13 jsing Exp $ */
+/* $OpenBSD: evp_enc.c,v 1.47 2022/09/13 04:59:18 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -601,18 +601,21 @@ int
 EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
 {
        if (c->cipher != NULL) {
-               if (c->cipher->cleanup && !c->cipher->cleanup(c))
-                       return 0;
-               /* Cleanse cipher context data */
-               if (c->cipher_data)
+               if (c->cipher->cleanup != NULL)
+                       c->cipher->cleanup(c);
+               if (c->cipher_data != NULL)
                        explicit_bzero(c->cipher_data, c->cipher->ctx_size);
        }
+
        /* XXX - store size of cipher_data so we can always freezero(). */
        free(c->cipher_data);
+
 #ifndef OPENSSL_NO_ENGINE
        ENGINE_finish(c->engine);
 #endif
+
        explicit_bzero(c, sizeof(EVP_CIPHER_CTX));
+
        return 1;
 }
 

diff --git a/lib/libcrypto/evp/evp_locl.h b/lib/libcrypto/evp/evp_locl.h
index 7b14063..1e79af4 100644 (file)
--- a/lib/libcrypto/evp/evp_locl.h
+++ b/lib/libcrypto/evp/evp_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_locl.h,v 1.27 2022/09/04 09:56:30 jsing Exp $ */
+/* $OpenBSD: evp_locl.h,v 1.28 2022/09/13 04:59:18 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -143,7 +143,7 @@ struct evp_cipher_st {
            const unsigned char *iv, int enc);  /* init key */
        int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
            const unsigned char *in, size_t inl);/* encrypt/decrypt data */
-       int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
+       void (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
        int ctx_size;           /* how big ctx->cipher_data needs to be */
        int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */
        int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */