From: jsing Date: Tue, 13 Sep 2022 04:59:18 +0000 (+0000) Subject: Stop pretending that EVP_CIPHER cleanup can fail. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=b81859533eb46037002fc92de8c3a7d0c2cc5d5f;p=openbsd Stop pretending that EVP_CIPHER cleanup can fail. Now that EVP_CIPHER is opaque, stop pretending that EVP_CIPHER cleanup can fail. ok tb@ --- diff --git a/lib/libcrypto/evp/e_aes.c b/lib/libcrypto/evp/e_aes.c index 3661abcbfe5..d674be38439 100644 --- a/lib/libcrypto/evp/e_aes.c +++ b/lib/libcrypto/evp/e_aes.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_aes.c,v 1.48 2022/09/10 17:45:10 jsing Exp $ */ +/* $OpenBSD: e_aes.c,v 1.49 2022/09/13 04:59:18 jsing Exp $ */ /* ==================================================================== * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. * @@ -1255,15 +1255,15 @@ EVP_aes_256_ctr(void) #endif } -static int +static void aes_gcm_cleanup(EVP_CIPHER_CTX *c) { EVP_AES_GCM_CTX *gctx = c->cipher_data; if (gctx->iv != c->iv) free(gctx->iv); + explicit_bzero(gctx, sizeof(*gctx)); - return 1; } /* increment counter (64-bit int) by 1 */ diff --git a/lib/libcrypto/evp/e_chacha20poly1305.c b/lib/libcrypto/evp/e_chacha20poly1305.c index 674a323258f..450264846bd 100644 --- a/lib/libcrypto/evp/e_chacha20poly1305.c +++ b/lib/libcrypto/evp/e_chacha20poly1305.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_chacha20poly1305.c,v 1.25 2022/08/30 19:33:26 tb Exp $ */ +/* $OpenBSD: e_chacha20poly1305.c,v 1.26 2022/09/13 04:59:18 jsing Exp $ */ /* * Copyright (c) 2022 Joel Sing @@ -530,14 +530,12 @@ chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return len; } -static int +static void chacha20_poly1305_cleanup(EVP_CIPHER_CTX *ctx) { struct chacha20_poly1305_ctx *cpx = ctx->cipher_data; explicit_bzero(cpx, sizeof(*cpx)); - - return 1; } static int diff --git a/lib/libcrypto/evp/evp_enc.c b/lib/libcrypto/evp/evp_enc.c index c46989b068e..49e0ffa1443 100644 --- a/lib/libcrypto/evp/evp_enc.c +++ b/lib/libcrypto/evp/evp_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_enc.c,v 1.46 2022/09/04 13:34:13 jsing Exp $ */ +/* $OpenBSD: evp_enc.c,v 1.47 2022/09/13 04:59:18 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -601,18 +601,21 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { if (c->cipher != NULL) { - if (c->cipher->cleanup && !c->cipher->cleanup(c)) - return 0; - /* Cleanse cipher context data */ - if (c->cipher_data) + if (c->cipher->cleanup != NULL) + c->cipher->cleanup(c); + if (c->cipher_data != NULL) explicit_bzero(c->cipher_data, c->cipher->ctx_size); } + /* XXX - store size of cipher_data so we can always freezero(). */ free(c->cipher_data); + #ifndef OPENSSL_NO_ENGINE ENGINE_finish(c->engine); #endif + explicit_bzero(c, sizeof(EVP_CIPHER_CTX)); + return 1; } diff --git a/lib/libcrypto/evp/evp_locl.h b/lib/libcrypto/evp/evp_locl.h index 7b14063c5ed..1e79af4c6df 100644 --- a/lib/libcrypto/evp/evp_locl.h +++ b/lib/libcrypto/evp/evp_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_locl.h,v 1.27 2022/09/04 09:56:30 jsing Exp $ */ +/* $OpenBSD: evp_locl.h,v 1.28 2022/09/13 04:59:18 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -143,7 +143,7 @@ struct evp_cipher_st { const unsigned char *iv, int enc); /* init key */ int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl);/* encrypt/decrypt data */ - int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ + void (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ int ctx_size; /* how big ctx->cipher_data needs to be */ int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */