From 87da0f20d01e42fecc73a2ca1675e48d7a60d0a5 Mon Sep 17 00:00:00 2001 From: tb Date: Sun, 18 Feb 2024 15:41:50 +0000 Subject: [PATCH] Add EVP_CIPHER_CTX_legacy_clear() OpenSSL 1.1 made EVP_CIPHER_CTX_init() an alias of EVP_CIPHER_CTX_reset(). In particular, it changed signature and it would no longer leak internal state if used on an already used ctx. On the other hand, it can't be used for ctx on the stack. libcrypto still has a few ctx on the stack which will be converted to heap allocated contexts at some point. Until this is completed, we will use EVP_CIPHER_CTX_legacy_clear() internally, so that the public API can be changed to match OpenSSL 1.1. ok jsing --- lib/libcrypto/evp/evp_cipher.c | 8 +++++++- lib/libcrypto/evp/evp_local.h | 4 +++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/libcrypto/evp/evp_cipher.c b/lib/libcrypto/evp/evp_cipher.c index abdc33eace6..94eb42a8078 100644 --- a/lib/libcrypto/evp/evp_cipher.c +++ b/lib/libcrypto/evp/evp_cipher.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_cipher.c,v 1.17 2024/01/30 17:41:01 tb Exp $ */ +/* $OpenBSD: evp_cipher.c,v 1.18 2024/02/18 15:41:50 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -618,6 +618,12 @@ EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); } +void +EVP_CIPHER_CTX_legacy_clear(EVP_CIPHER_CTX *ctx) +{ + memset(ctx, 0, sizeof(*ctx)); +} + int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) { diff --git a/lib/libcrypto/evp/evp_local.h b/lib/libcrypto/evp/evp_local.h index f81a8d6080d..8b24be60391 100644 --- a/lib/libcrypto/evp/evp_local.h +++ b/lib/libcrypto/evp/evp_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_local.h,v 1.14 2024/01/27 23:34:18 tb Exp $ */ +/* $OpenBSD: evp_local.h,v 1.15 2024/02/18 15:41:50 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -377,6 +377,8 @@ int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str); int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex); int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md_name); +void EVP_CIPHER_CTX_legacy_clear(EVP_CIPHER_CTX *ctx); + __END_HIDDEN_DECLS #endif /* !HEADER_EVP_LOCAL_H */ -- 2.20.1