Changes between 0.9.6d and 0.9.7 [XX xxx 2002]
+ *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this
+ allows existing EVP_CIPHER_CTX structures to be reused after
+ calling EVP_*Final(). This behaviour is used by encryption
+ BIOs and some applications. This has the side effect that
+ applications must explicitly clean up cipher contexts with
+ EVP_CIPHER_CTX_cleanup() or they will leak memory.
+ [Steve Henson]
+
*) Check the values of dna and dnb in bn_mul_recursive before calling
bn_mul_comba (a non zero value means the a or b arrays do not contain
n2 elements) and fallback to bn_mul_normal if either is not zero.
goto skip_to_init;
if (cipher)
{
- /* Ensure an ENGINE left lying around from last time is cleared
+ /* Ensure a context left lying around from last time is cleared
* (the previous check attempted to avoid this if the same
* ENGINE and EVP_CIPHER could be used). */
- if(ctx->engine)
- ENGINE_finish(ctx->engine);
+ EVP_CIPHER_CTX_cleanup(ctx);
+
+ /* Restore encrypt field: it is zeroed by cleanup */
+ ctx->encrypt = enc;
if(impl)
{
if (!ENGINE_init(impl))
}
else
ctx->engine = NULL;
+
ctx->cipher=cipher;
ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
ctx->key_len = cipher->key_len;
{
int ret;
ret = EVP_EncryptFinal_ex(ctx, out, outl);
- EVP_CIPHER_CTX_cleanup(ctx);
return ret;
}
b=ctx->cipher->block_size;
if (b == 1)
{
- EVP_CIPHER_CTX_cleanup(ctx);
*outl=0;
return 1;
}
bl=ctx->buf_len;
if (ctx->flags & EVP_CIPH_NO_PADDING)
{
- EVP_CIPHER_CTX_cleanup(ctx);
if(bl)
{
EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
ctx->buf[i]=n;
ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
- EVP_CIPHER_CTX_cleanup(ctx);
if(ret)
*outl=b;
{
int ret;
ret = EVP_DecryptFinal_ex(ctx, out, outl);
- EVP_CIPHER_CTX_cleanup(ctx);
return ret;
}
b=ctx->cipher->block_size;
if (ctx->flags & EVP_CIPH_NO_PADDING)
{
- EVP_CIPHER_CTX_cleanup(ctx);
if(ctx->buf_len)
{
EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
{
if (ctx->buf_len || !ctx->final_used)
{
- EVP_CIPHER_CTX_cleanup(ctx);
EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
return(0);
}
n=ctx->final[b-1];
if (n > b)
{
- EVP_CIPHER_CTX_cleanup(ctx);
EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
return(0);
}
{
if (ctx->final[--b] != n)
{
- EVP_CIPHER_CTX_cleanup(ctx);
EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
return(0);
}
}
else
*outl=0;
- EVP_CIPHER_CTX_cleanup(ctx);
return(1);
}
int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
{
- if ((c->cipher != NULL) && (c->cipher->cleanup != NULL))
+ if (c->cipher != NULL)
{
- if(!c->cipher->cleanup(c)) return 0;
+ if(c->cipher->cleanup && !c->cipher->cleanup(c))
+ return 0;
+ /* Zero cipher context data */
+ if (c->cipher_data)
+ memset(c->cipher_data, 0, c->cipher->ctx_size);
}
- OPENSSL_free(c->cipher_data);
+ if (c->cipher_data)
+ OPENSSL_free(c->cipher_data);
if (c->engine)
/* The EVP_CIPHER we used belongs to an ENGINE, release the
* functional reference we held for this reason. */
projects / oweals / openssl.git / commitdiff