From 581f1c84940d77451c2592e9fa470893f6c3c3eb Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 17 Oct 2001 00:37:12 +0000 Subject: [PATCH] Modify EVP cipher behaviour in a similar way to digests to retain compatibility. --- CHANGES | 4 ++++ apps/speed.c | 8 ++++---- crypto/asn1/n_pkey.c | 8 ++++---- crypto/asn1/p5_pbev2.c | 2 +- crypto/evp/bio_enc.c | 8 ++++---- crypto/evp/e_rc2.c | 2 +- crypto/evp/evp.h | 3 +++ crypto/evp/evp_enc.c | 28 +++++++++++++++++++++++++++- crypto/evp/evp_test.c | 8 ++++---- crypto/evp/p5_crpt.c | 2 +- crypto/evp/p5_crpt2.c | 4 ++-- crypto/evp/p_open.c | 8 ++++---- crypto/evp/p_seal.c | 8 ++++---- crypto/pem/pem_lib.c | 8 ++++---- crypto/pem/pem_seal.c | 2 +- crypto/pkcs12/p12_crpt.c | 2 +- crypto/pkcs12/p12_decr.c | 2 +- crypto/pkcs7/bio_ber.c | 6 +++--- crypto/pkcs7/pk7_doit.c | 6 +++--- demos/maurice/example1.c | 4 +--- demos/maurice/example3.c | 6 ++++-- ssl/kssl.c | 8 ++++---- ssl/s2_enc.c | 4 ++-- ssl/s3_clnt.c | 8 ++++---- ssl/s3_enc.c | 2 +- ssl/s3_srvr.c | 4 ++-- ssl/t1_enc.c | 4 ++-- 27 files changed, 96 insertions(+), 63 deletions(-) diff --git a/CHANGES b/CHANGES index 0cdc0f500..b544a62db 100644 --- a/CHANGES +++ b/CHANGES @@ -12,6 +12,10 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only + +) Modify the behaviour of EVP cipher functions in similar way to digests + to retain compatibility with existing code. + [Steve Henson] + +) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain compatibility with existing code. In particular the 'ctx' parameter is not assumed to be valid before the call to EVP_DigestInit() and it is tidied diff --git a/apps/speed.c b/apps/speed.c index 3c359e3d6..dec893d44 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1216,9 +1216,9 @@ int MAIN(int argc, char **argv) print_message(names[D_EVP],save_count, lengths[j]); if(decrypt) - EVP_DecryptInit(&ctx,evp,key16,iv); + EVP_DecryptInit_ex(&ctx,evp,NULL,key16,iv); else - EVP_EncryptInit(&ctx,evp,key16,iv); + EVP_EncryptInit_ex(&ctx,evp,NULL,key16,iv); Time_F(START,usertime); if(decrypt) @@ -1228,9 +1228,9 @@ int MAIN(int argc, char **argv) for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++) EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]); if(decrypt) - EVP_DecryptFinal(&ctx,buf,&outl); + EVP_DecryptFinal_ex(&ctx,buf,&outl); else - EVP_EncryptFinal(&ctx,buf,&outl); + EVP_EncryptFinal_ex(&ctx,buf,&outl); d=Time_F(STOP,usertime); BIO_printf(bio_err,"%ld %s's in %.2fs\n", count,names[D_EVP],d); diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c index 7a1d9ba39..49f80fffd 100644 --- a/crypto/asn1/n_pkey.c +++ b/crypto/asn1/n_pkey.c @@ -207,9 +207,9 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey) /* Encrypt private key in place */ zz = enckey->enckey->digest->data; EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL); + EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL); EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen); - EVP_EncryptFinal(&ctx,zz + i,&j); + EVP_EncryptFinal_ex(&ctx,zz + i,&j); EVP_CIPHER_CTX_cleanup(&ctx); ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp); @@ -293,9 +293,9 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, memset(buf,0,256); EVP_CIPHER_CTX_init(&ctx); - EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL); + EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL); EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length); - EVP_DecryptFinal(&ctx,&(os->data[i]),&j); + EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j); EVP_CIPHER_CTX_cleanup(&ctx); os->length=i+j; diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c index cd597ff41..43dfe0947 100644 --- a/crypto/asn1/p5_pbev2.c +++ b/crypto/asn1/p5_pbev2.c @@ -117,7 +117,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, goto err; /* Dummy cipherinit to just setup the IV */ - EVP_CipherInit(&ctx, cipher, NULL, iv, 0); + EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0); if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { ASN1err(ASN1_F_PKCS5_PBE2_SET, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c index d9278fb50..05f424945 100644 --- a/crypto/evp/bio_enc.c +++ b/crypto/evp/bio_enc.c @@ -184,7 +184,7 @@ static int enc_read(BIO *b, char *out, int outl) if (!BIO_should_retry(b->next_bio)) { ctx->cont=i; - i=EVP_CipherFinal(&(ctx->cipher), + i=EVP_CipherFinal_ex(&(ctx->cipher), (unsigned char *)ctx->buf, &(ctx->buf_len)); ctx->ok=i; @@ -298,7 +298,7 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_RESET: ctx->ok=1; ctx->finished=0; - EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL, + EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL, ctx->cipher.encrypt); ret=BIO_ctrl(b->next_bio,cmd,num,ptr); break; @@ -335,7 +335,7 @@ again: { ctx->finished=1; ctx->buf_off=0; - ret=EVP_CipherFinal(&(ctx->cipher), + ret=EVP_CipherFinal_ex(&(ctx->cipher), (unsigned char *)ctx->buf, &(ctx->buf_len)); ctx->ok=(int)ret; @@ -421,7 +421,7 @@ void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, unsigned char *k, b->init=1; ctx=(BIO_ENC_CTX *)b->ptr; - EVP_CipherInit(&(ctx->cipher),c,k,i,e); + EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e); if (b->callback != NULL) b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L); diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index 799858f2f..b62d94197 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -180,7 +180,7 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) key_bits =rc2_magic_to_meth((int)num); if (!key_bits) return(-1); - if(i > 0) EVP_CipherInit(c, NULL, NULL, iv, -1); + if(i > 0) EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1); EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); EVP_CIPHER_CTX_set_key_length(c, key_bits / 8); } diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index ff3c797d9..255f957f4 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -488,6 +488,7 @@ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *imp const unsigned char *key, const unsigned char *iv); int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); +int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, @@ -497,6 +498,7 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *imp int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, const unsigned char *key,const unsigned char *iv, @@ -507,6 +509,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, EVP_PKEY *pkey); diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 0f5a128d6..eb39539ca 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -73,11 +73,14 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) /* ctx->cipher=NULL; */ } + int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, int enc) { + EVP_CIPHER_CTX_init(ctx); return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); } + int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc) { @@ -187,6 +190,13 @@ int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, else return EVP_DecryptUpdate(ctx,out,outl,in,inl); } +int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + { + if (ctx->encrypt) + return EVP_EncryptFinal_ex(ctx,out,outl); + else return EVP_DecryptFinal_ex(ctx,out,outl); + } + int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { if (ctx->encrypt) @@ -197,7 +207,7 @@ int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv) { - return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1); + return EVP_CipherInit(ctx, cipher, key, iv, 1); } int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, @@ -275,6 +285,14 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + { + int ret; + ret = EVP_EncryptFinal_ex(ctx, out, outl); + EVP_CIPHER_CTX_cleanup(ctx); + return ret; + } + +int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { int i,n,b,bl,ret; @@ -358,6 +376,14 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + { + int ret; + ret = EVP_DecryptFinal_ex(ctx, out, outl); + EVP_CIPHER_CTX_cleanup(ctx); + return ret; + } + +int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { int i,b; int n; diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index 435bb09ee..e312672ba 100644 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -142,7 +142,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, exit(5); } EVP_CIPHER_CTX_init(&ctx); - if(!EVP_EncryptInit(&ctx,c,key,iv)) + if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv)) { fprintf(stderr,"EncryptInit failed\n"); exit(10); @@ -154,7 +154,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, fprintf(stderr,"Encrypt failed\n"); exit(6); } - if(!EVP_EncryptFinal(&ctx,out+outl,&outl2)) + if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2)) { fprintf(stderr,"EncryptFinal failed\n"); exit(7); @@ -175,7 +175,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, exit(9); } - if(!EVP_DecryptInit(&ctx,c,key,iv)) + if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv)) { fprintf(stderr,"DecryptInit failed\n"); exit(11); @@ -187,7 +187,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, fprintf(stderr,"Decrypt failed\n"); exit(6); } - if(!EVP_DecryptFinal(&ctx,out+outl,&outl2)) + if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2)) { fprintf(stderr,"DecryptFinal failed\n"); exit(7); diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index cbe904d49..113c60fed 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -143,7 +143,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), EVP_CIPHER_iv_length(cipher)); - EVP_CipherInit(cctx, cipher, key, iv, en_de); + EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de); memset(md_tmp, 0, EVP_MAX_MD_SIZE); memset(key, 0, EVP_MAX_KEY_LENGTH); memset(iv, 0, EVP_MAX_IV_LENGTH); diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 645409e91..6c4b3eaf3 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -183,7 +183,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, } /* Fixup cipher based on AlgorithmIdentifier */ - EVP_CipherInit(ctx, cipher, NULL, NULL, en_de); + EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de); if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR); @@ -229,7 +229,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, saltlen = kdf->salt->value.octet_string->length; iter = ASN1_INTEGER_get(kdf->iter); PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key); - EVP_CipherInit(ctx, NULL, key, NULL, en_de); + EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); memset(key, 0, keylen); PBKDF2PARAM_free(kdf); return 1; diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c index c0a50b9cd..6976f2a86 100644 --- a/crypto/evp/p_open.c +++ b/crypto/evp/p_open.c @@ -71,7 +71,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek, if(type) { EVP_CIPHER_CTX_init(ctx); - if(!EVP_DecryptInit(ctx,type,NULL,NULL)) return 0; + if(!EVP_DecryptInit_ex(ctx,type,NULL, NULL,NULL)) return 0; } if(!priv) return 1; @@ -97,7 +97,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek, /* ERROR */ goto err; } - if(!EVP_DecryptInit(ctx,NULL,key,iv)) goto err; + if(!EVP_DecryptInit_ex(ctx,NULL,NULL,key,iv)) goto err; ret=1; err: @@ -110,8 +110,8 @@ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { int i; - i=EVP_DecryptFinal(ctx,out,outl); - EVP_DecryptInit(ctx,NULL,NULL,NULL); + i=EVP_DecryptFinal_ex(ctx,out,outl); + EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL); return(i); } #else /* !OPENSSL_NO_RSA */ diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c index c870ebfa3..ba2dd657a 100644 --- a/crypto/evp/p_seal.c +++ b/crypto/evp/p_seal.c @@ -74,7 +74,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek if(type) { EVP_CIPHER_CTX_init(ctx); - if(!EVP_EncryptInit(ctx,type,NULL,NULL)) return 0; + if(!EVP_EncryptInit_ex(ctx,type,NULL,NULL,NULL)) return 0; } if (npubk <= 0) return(0); if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0) @@ -82,7 +82,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek if (EVP_CIPHER_CTX_iv_length(ctx)) RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx)); - if(!EVP_EncryptInit(ctx,NULL,key,iv)) return 0; + if(!EVP_EncryptInit_ex(ctx,NULL,NULL,key,iv)) return 0; for (i=0; icipher,key,&(cipher->iv[0])); + EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0])); EVP_DecryptUpdate(&ctx,data,&i,data,j); - o=EVP_DecryptFinal(&ctx,&(data[i]),&j); + o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j); EVP_CIPHER_CTX_cleanup(&ctx); memset((char *)buf,0,sizeof(buf)); memset((char *)key,0,sizeof(key)); diff --git a/crypto/pem/pem_seal.c b/crypto/pem/pem_seal.c index 50a1b9162..ae463a301 100644 --- a/crypto/pem/pem_seal.c +++ b/crypto/pem/pem_seal.c @@ -161,7 +161,7 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, goto err; } - EVP_EncryptFinal(&ctx->cipher,s,(int *)&i); + EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i); EVP_EncodeUpdate(&ctx->encode,out,&j,s,i); *outl=j; out+=j; diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c index 2a6de32d8..97be6a5fb 100644 --- a/crypto/pkcs12/p12_crpt.c +++ b/crypto/pkcs12/p12_crpt.c @@ -117,7 +117,7 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen, return 0; } PBEPARAM_free(pbe); - EVP_CipherInit(ctx, cipher, key, iv, en_de); + EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); memset(key, 0, EVP_MAX_KEY_LENGTH); memset(iv, 0, EVP_MAX_IV_LENGTH); return 1; diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c index 92b95f682..e0bbe4cff 100644 --- a/crypto/pkcs12/p12_decr.c +++ b/crypto/pkcs12/p12_decr.c @@ -90,7 +90,7 @@ unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, EVP_CipherUpdate (&ctx, out, &i, in, inlen); outlen = i; - if(!EVP_CipherFinal (&ctx, out + i, &i)) { + if(!EVP_CipherFinal_ex (&ctx, out + i, &i)) { OPENSSL_free (out); PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR); return NULL; diff --git a/crypto/pkcs7/bio_ber.c b/crypto/pkcs7/bio_ber.c index 5447e6981..42331f7ab 100644 --- a/crypto/pkcs7/bio_ber.c +++ b/crypto/pkcs7/bio_ber.c @@ -339,7 +339,7 @@ static long ber_ctrl(BIO *b, int cmd, long num, char *ptr) case BIO_CTRL_RESET: ctx->ok=1; ctx->finished=0; - EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL, + EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL, ctx->cipher.berrypt); ret=BIO_ctrl(b->next_bio,cmd,num,ptr); break; @@ -376,7 +376,7 @@ again: { ctx->finished=1; ctx->buf_off=0; - ret=EVP_CipherFinal(&(ctx->cipher), + ret=EVP_CipherFinal_ex(&(ctx->cipher), (unsigned char *)ctx->buf, &(ctx->buf_len)); ctx->ok=(int)ret; @@ -458,7 +458,7 @@ void BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *k, unsigned char *i, b->init=1; ctx=(BIO_ENC_CTX *)b->ptr; - EVP_CipherInit(&(ctx->cipher),c,k,i,e); + EVP_CipherInit_ex(&(ctx->cipher),c,NULL,k,i,e); if (b->callback != NULL) b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 4cc30554c..5b803b026 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -165,7 +165,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) goto err; xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen); - EVP_CipherInit(ctx, evp_cipher, key, iv, 1); + EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, iv, 1); if (ivlen > 0) { if (xalg->parameter == NULL) @@ -391,7 +391,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) evp_ctx=NULL; BIO_get_cipher_ctx(etmp,&evp_ctx); - EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0); + EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0); if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) goto err; @@ -407,7 +407,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) goto err; } } - EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0); + EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0); memset(tmp,0,jj); diff --git a/demos/maurice/example1.c b/demos/maurice/example1.c index 4890b69ce..da2c6d31c 100644 --- a/demos/maurice/example1.c +++ b/demos/maurice/example1.c @@ -126,7 +126,7 @@ void main_encrypt(void) void main_decrypt(void) { - char buf[512]; + char buf[520]; char ebuf[512]; unsigned int buflen; EVP_CIPHER_CTX ectx; @@ -164,7 +164,6 @@ void main_decrypt(void) read(STDIN, encryptKey, ekeylen); read(STDIN, iv, sizeof(iv)); - EVP_OpenInit(&ectx, EVP_des_ede3_cbc(), encryptKey, @@ -185,7 +184,6 @@ void main_decrypt(void) } EVP_OpenUpdate(&ectx, buf, &buflen, ebuf, readlen); - write(STDOUT, buf, buflen); } diff --git a/demos/maurice/example3.c b/demos/maurice/example3.c index c8462a47c..03d8a20f6 100644 --- a/demos/maurice/example3.c +++ b/demos/maurice/example3.c @@ -57,7 +57,8 @@ void do_cipher(char *pw, int operation) EVP_BytesToKey(ALG, EVP_md5(), "salu", pw, strlen(pw), 1, key, iv); - EVP_CipherInit(&ectx, ALG, key, iv, operation); + EVP_CIPHER_CTX_init(&ectx); + EVP_CipherInit_ex(&ectx, ALG, NULL, key, iv, operation); while(1) { @@ -79,7 +80,8 @@ void do_cipher(char *pw, int operation) write(STDOUT, ebuf, ebuflen); } - EVP_CipherFinal(&ectx, ebuf, &ebuflen); + EVP_CipherFinal_ex(&ectx, ebuf, &ebuflen); + EVP_CIPHER_CTX_cleanup(&ectx); write(STDOUT, ebuf, ebuflen); } diff --git a/ssl/kssl.c b/ssl/kssl.c index e61b69806..726dceb66 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1997,10 +1997,10 @@ krb5_error_code kssl_check_authent( */ goto err; } - if (!EVP_DecryptInit(&ciph_ctx, enc, kssl_ctx->key, iv)) + if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv)) { kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "EVP_DecryptInit error decrypting authenticator.\n"); + "EVP_DecryptInit_ex error decrypting authenticator.\n"); krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; goto err; } @@ -2019,10 +2019,10 @@ krb5_error_code kssl_check_authent( krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; goto err; } - if (!EVP_DecryptFinal(&ciph_ctx, &(unenc_authent[outl]), &padl)) + if (!EVP_DecryptFinal_ex(&ciph_ctx, &(unenc_authent[outl]), &padl)) { kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "EVP_DecryptFinal error decrypting authenticator.\n"); + "EVP_DecryptFinal_ex error decrypting authenticator.\n"); krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; goto err; } diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c index b4187bbbd..a28e747d2 100644 --- a/ssl/s2_enc.c +++ b/ssl/s2_enc.c @@ -98,9 +98,9 @@ int ssl2_enc_init(SSL *s, int client) ssl2_generate_key_material(s); - EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]), + EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]), s->session->key_arg); - EVP_DecryptInit(rs,c,&(s->s2->key_material[(client)?0:num]), + EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]), s->session->key_arg); s->s2->read_key= &(s->s2->key_material[(client)?0:num]); s->s2->write_key= &(s->s2->key_material[(client)?num:0]); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 8ebba6572..e56bfb139 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1519,17 +1519,17 @@ static int ssl3_send_client_key_exchange(SSL *s) goto err; /* 20010420 VRS. Tried it this way; failed. - ** EVP_EncryptInit(&ciph_ctx,enc, NULL,NULL); + ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx, ** kssl_ctx->length); - ** EVP_EncryptInit(&ciph_ctx,NULL, key,iv); + ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); */ memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */ - EVP_EncryptInit(&ciph_ctx,enc, kssl_ctx->key,iv); + EVP_EncryptInit_ex(&ciph_ctx,enc, kssl_ctx->key,iv); EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, SSL_MAX_MASTER_KEY_LENGTH); - EVP_EncryptFinal(&ciph_ctx,&(epms[outl]),&padl); + EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); outl += padl; EVP_CIPHER_CTX_cleanup(&ciph_ctx); diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 833fea83c..52d389ee0 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -275,7 +275,7 @@ int ssl3_change_cipher_state(SSL *s, int which) s->session->key_arg_length=0; - EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE)); + EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)); memset(&(exp_key[0]),0,sizeof(exp_key)); memset(&(exp_iv[0]),0,sizeof(exp_iv)); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 29545715d..f858a9f18 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1618,7 +1618,7 @@ static int ssl3_get_client_key_exchange(SSL *s) memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */ - if (!EVP_DecryptInit(&ciph_ctx,enc,kssl_ctx->key,iv)) + if (!EVP_DecryptInit_ex(&ciph_ctx,enc,kssl_ctx->key,iv)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DECRYPTION_FAILED); @@ -1637,7 +1637,7 @@ static int ssl3_get_client_key_exchange(SSL *s) SSL_R_DATA_LENGTH_TOO_LONG); goto err; } - if (!EVP_DecryptFinal(&ciph_ctx,&(pms[outl]),&padl)) + if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DECRYPTION_FAILED); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index c37b41775..7bb04e6f8 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -341,7 +341,7 @@ printf("which = %04X\nmac key=",which); #ifdef KSSL_DEBUG { int i; - printf("EVP_CipherInit(dd,c,key=,iv=,which)\n"); + printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n"); printf("\tkey= "); for (i=0; ikey_len; i++) printf("%02x", key[i]); printf("\n"); printf("\t iv= "); for (i=0; iiv_len; i++) printf("%02x", iv[i]); @@ -349,7 +349,7 @@ printf("which = %04X\nmac key=",which); } #endif /* KSSL_DEBUG */ - EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE)); + EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)); #ifdef TLS_DEBUG printf("which = %04X\nkey=",which); { int z; for (z=0; z