Modify EVP cipher behaviour in a similar way
to digests to retain compatibility.
diff --git a/CHANGES b/CHANGES
index 0cdc0f5..b544a62 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,10 @@
*) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
+) applies to 0.9.7 only
+ +) Modify the behaviour of EVP cipher functions in similar way to digests
+ to retain compatibility with existing code.
+ [Steve Henson]
+
+) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain
compatibility with existing code. In particular the 'ctx' parameter is
not assumed to be valid before the call to EVP_DigestInit() and it is tidied
diff --git a/apps/speed.c b/apps/speed.c
index 3c359e3..dec893d 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1216,9 +1216,9 @@
print_message(names[D_EVP],save_count,
lengths[j]);
if(decrypt)
- EVP_DecryptInit(&ctx,evp,key16,iv);
+ EVP_DecryptInit_ex(&ctx,evp,NULL,key16,iv);
else
- EVP_EncryptInit(&ctx,evp,key16,iv);
+ EVP_EncryptInit_ex(&ctx,evp,NULL,key16,iv);
Time_F(START,usertime);
if(decrypt)
@@ -1228,9 +1228,9 @@
for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
if(decrypt)
- EVP_DecryptFinal(&ctx,buf,&outl);
+ EVP_DecryptFinal_ex(&ctx,buf,&outl);
else
- EVP_EncryptFinal(&ctx,buf,&outl);
+ EVP_EncryptFinal_ex(&ctx,buf,&outl);
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_EVP],d);
diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
index 7a1d9ba..49f80ff 100644
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -207,9 +207,9 @@
/* Encrypt private key in place */
zz = enckey->enckey->digest->data;
EVP_CIPHER_CTX_init(&ctx);
- EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
+ EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
- EVP_EncryptFinal(&ctx,zz + i,&j);
+ EVP_EncryptFinal_ex(&ctx,zz + i,&j);
EVP_CIPHER_CTX_cleanup(&ctx);
ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
@@ -293,9 +293,9 @@
memset(buf,0,256);
EVP_CIPHER_CTX_init(&ctx);
- EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+ EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
- EVP_DecryptFinal(&ctx,&(os->data[i]),&j);
+ EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
EVP_CIPHER_CTX_cleanup(&ctx);
os->length=i+j;
diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
index cd597ff..43dfe09 100644
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -117,7 +117,7 @@
goto err;
/* Dummy cipherinit to just setup the IV */
- EVP_CipherInit(&ctx, cipher, NULL, iv, 0);
+ EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
ASN1err(ASN1_F_PKCS5_PBE2_SET,
ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c
index d9278fb..05f4249 100644
--- a/crypto/evp/bio_enc.c
+++ b/crypto/evp/bio_enc.c
@@ -184,7 +184,7 @@
if (!BIO_should_retry(b->next_bio))
{
ctx->cont=i;
- i=EVP_CipherFinal(&(ctx->cipher),
+ i=EVP_CipherFinal_ex(&(ctx->cipher),
(unsigned char *)ctx->buf,
&(ctx->buf_len));
ctx->ok=i;
@@ -298,7 +298,7 @@
case BIO_CTRL_RESET:
ctx->ok=1;
ctx->finished=0;
- EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL,
+ EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
ctx->cipher.encrypt);
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
@@ -335,7 +335,7 @@
{
ctx->finished=1;
ctx->buf_off=0;
- ret=EVP_CipherFinal(&(ctx->cipher),
+ ret=EVP_CipherFinal_ex(&(ctx->cipher),
(unsigned char *)ctx->buf,
&(ctx->buf_len));
ctx->ok=(int)ret;
@@ -421,7 +421,7 @@
b->init=1;
ctx=(BIO_ENC_CTX *)b->ptr;
- EVP_CipherInit(&(ctx->cipher),c,k,i,e);
+ EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e);
if (b->callback != NULL)
b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L);
diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c
index 799858f..b62d941 100644
--- a/crypto/evp/e_rc2.c
+++ b/crypto/evp/e_rc2.c
@@ -180,7 +180,7 @@
key_bits =rc2_magic_to_meth((int)num);
if (!key_bits)
return(-1);
- if(i > 0) EVP_CipherInit(c, NULL, NULL, iv, -1);
+ if(i > 0) EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1);
EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
}
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index ff3c797..255f957 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -488,6 +488,7 @@
const unsigned char *key, const unsigned char *iv);
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, const unsigned char *in, int inl);
+int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
@@ -497,6 +498,7 @@
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, const unsigned char *in, int inl);
int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
int EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
const unsigned char *key,const unsigned char *iv,
@@ -507,6 +509,7 @@
int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, const unsigned char *in, int inl);
int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
EVP_PKEY *pkey);
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 0f5a128..eb39539 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -73,11 +73,14 @@
/* ctx->cipher=NULL; */
}
+
int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
const unsigned char *key, const unsigned char *iv, int enc)
{
+ EVP_CIPHER_CTX_init(ctx);
return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
}
+
int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
const unsigned char *key, const unsigned char *iv, int enc)
{
@@ -187,6 +190,13 @@
else return EVP_DecryptUpdate(ctx,out,outl,in,inl);
}
+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+ {
+ if (ctx->encrypt)
+ return EVP_EncryptFinal_ex(ctx,out,outl);
+ else return EVP_DecryptFinal_ex(ctx,out,outl);
+ }
+
int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
if (ctx->encrypt)
@@ -197,7 +207,7 @@
int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
const unsigned char *key, const unsigned char *iv)
{
- return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1);
+ return EVP_CipherInit(ctx, cipher, key, iv, 1);
}
int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
@@ -276,6 +286,14 @@
int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
+ int ret;
+ ret = EVP_EncryptFinal_ex(ctx, out, outl);
+ EVP_CIPHER_CTX_cleanup(ctx);
+ return ret;
+ }
+
+int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+ {
int i,n,b,bl,ret;
b=ctx->cipher->block_size;
@@ -359,6 +377,14 @@
int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
+ int ret;
+ ret = EVP_DecryptFinal_ex(ctx, out, outl);
+ EVP_CIPHER_CTX_cleanup(ctx);
+ return ret;
+ }
+
+int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+ {
int i,b;
int n;
diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c
index 435bb09..e312672 100644
--- a/crypto/evp/evp_test.c
+++ b/crypto/evp/evp_test.c
@@ -142,7 +142,7 @@
exit(5);
}
EVP_CIPHER_CTX_init(&ctx);
- if(!EVP_EncryptInit(&ctx,c,key,iv))
+ if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv))
{
fprintf(stderr,"EncryptInit failed\n");
exit(10);
@@ -154,7 +154,7 @@
fprintf(stderr,"Encrypt failed\n");
exit(6);
}
- if(!EVP_EncryptFinal(&ctx,out+outl,&outl2))
+ if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2))
{
fprintf(stderr,"EncryptFinal failed\n");
exit(7);
@@ -175,7 +175,7 @@
exit(9);
}
- if(!EVP_DecryptInit(&ctx,c,key,iv))
+ if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv))
{
fprintf(stderr,"DecryptInit failed\n");
exit(11);
@@ -187,7 +187,7 @@
fprintf(stderr,"Decrypt failed\n");
exit(6);
}
- if(!EVP_DecryptFinal(&ctx,out+outl,&outl2))
+ if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2))
{
fprintf(stderr,"DecryptFinal failed\n");
exit(7);
diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c
index cbe904d..113c60f 100644
--- a/crypto/evp/p5_crpt.c
+++ b/crypto/evp/p5_crpt.c
@@ -143,7 +143,7 @@
memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
EVP_CIPHER_iv_length(cipher));
- EVP_CipherInit(cctx, cipher, key, iv, en_de);
+ EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
memset(md_tmp, 0, EVP_MAX_MD_SIZE);
memset(key, 0, EVP_MAX_KEY_LENGTH);
memset(iv, 0, EVP_MAX_IV_LENGTH);
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index 645409e..6c4b3ea 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -183,7 +183,7 @@
}
/* Fixup cipher based on AlgorithmIdentifier */
- EVP_CipherInit(ctx, cipher, NULL, NULL, en_de);
+ EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de);
if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
EVP_R_CIPHER_PARAMETER_ERROR);
@@ -229,7 +229,7 @@
saltlen = kdf->salt->value.octet_string->length;
iter = ASN1_INTEGER_get(kdf->iter);
PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
- EVP_CipherInit(ctx, NULL, key, NULL, en_de);
+ EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
memset(key, 0, keylen);
PBKDF2PARAM_free(kdf);
return 1;
diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c
index c0a50b9..6976f2a 100644
--- a/crypto/evp/p_open.c
+++ b/crypto/evp/p_open.c
@@ -71,7 +71,7 @@
if(type) {
EVP_CIPHER_CTX_init(ctx);
- if(!EVP_DecryptInit(ctx,type,NULL,NULL)) return 0;
+ if(!EVP_DecryptInit_ex(ctx,type,NULL, NULL,NULL)) return 0;
}
if(!priv) return 1;
@@ -97,7 +97,7 @@
/* ERROR */
goto err;
}
- if(!EVP_DecryptInit(ctx,NULL,key,iv)) goto err;
+ if(!EVP_DecryptInit_ex(ctx,NULL,NULL,key,iv)) goto err;
ret=1;
err:
@@ -110,8 +110,8 @@
{
int i;
- i=EVP_DecryptFinal(ctx,out,outl);
- EVP_DecryptInit(ctx,NULL,NULL,NULL);
+ i=EVP_DecryptFinal_ex(ctx,out,outl);
+ EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL);
return(i);
}
#else /* !OPENSSL_NO_RSA */
diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c
index c870ebf..ba2dd65 100644
--- a/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
@@ -74,7 +74,7 @@
if(type) {
EVP_CIPHER_CTX_init(ctx);
- if(!EVP_EncryptInit(ctx,type,NULL,NULL)) return 0;
+ if(!EVP_EncryptInit_ex(ctx,type,NULL,NULL,NULL)) return 0;
}
if (npubk <= 0) return(0);
if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0)
@@ -82,7 +82,7 @@
if (EVP_CIPHER_CTX_iv_length(ctx))
RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx));
- if(!EVP_EncryptInit(ctx,NULL,key,iv)) return 0;
+ if(!EVP_EncryptInit_ex(ctx,NULL,NULL,key,iv)) return 0;
for (i=0; i<npubk; i++)
{
@@ -107,6 +107,6 @@
void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
- EVP_EncryptFinal(ctx,out,outl);
- EVP_EncryptInit(ctx,NULL,NULL,NULL);
+ EVP_EncryptFinal_ex(ctx,out,outl);
+ EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL);
}
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 1c1a64a..f5ae9d7 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -346,9 +346,9 @@
PEM_dek_info(buf,objstr,8,(char *)iv);
/* k=strlen(buf); */
- EVP_EncryptInit(&ctx,enc,key,iv);
+ EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
EVP_EncryptUpdate(&ctx,data,&j,data,i);
- EVP_EncryptFinal(&ctx,&(data[j]),&i);
+ EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
i+=j;
ret=1;
}
@@ -399,9 +399,9 @@
(unsigned char *)buf,klen,1,key,NULL);
j=(int)len;
- EVP_DecryptInit(&ctx,cipher->cipher,key,&(cipher->iv[0]));
+ EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
EVP_DecryptUpdate(&ctx,data,&i,data,j);
- o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
+ o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
EVP_CIPHER_CTX_cleanup(&ctx);
memset((char *)buf,0,sizeof(buf));
memset((char *)key,0,sizeof(key));
diff --git a/crypto/pem/pem_seal.c b/crypto/pem/pem_seal.c
index 50a1b91..ae463a3 100644
--- a/crypto/pem/pem_seal.c
+++ b/crypto/pem/pem_seal.c
@@ -161,7 +161,7 @@
goto err;
}
- EVP_EncryptFinal(&ctx->cipher,s,(int *)&i);
+ EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
*outl=j;
out+=j;
diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c
index 2a6de32..97be6a5 100644
--- a/crypto/pkcs12/p12_crpt.c
+++ b/crypto/pkcs12/p12_crpt.c
@@ -117,7 +117,7 @@
return 0;
}
PBEPARAM_free(pbe);
- EVP_CipherInit(ctx, cipher, key, iv, en_de);
+ EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
memset(key, 0, EVP_MAX_KEY_LENGTH);
memset(iv, 0, EVP_MAX_IV_LENGTH);
return 1;
diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c
index 92b95f6..e0bbe4c 100644
--- a/crypto/pkcs12/p12_decr.c
+++ b/crypto/pkcs12/p12_decr.c
@@ -90,7 +90,7 @@
EVP_CipherUpdate (&ctx, out, &i, in, inlen);
outlen = i;
- if(!EVP_CipherFinal (&ctx, out + i, &i)) {
+ if(!EVP_CipherFinal_ex (&ctx, out + i, &i)) {
OPENSSL_free (out);
PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
return NULL;
diff --git a/crypto/pkcs7/bio_ber.c b/crypto/pkcs7/bio_ber.c
index 5447e69..42331f7 100644
--- a/crypto/pkcs7/bio_ber.c
+++ b/crypto/pkcs7/bio_ber.c
@@ -339,7 +339,7 @@
case BIO_CTRL_RESET:
ctx->ok=1;
ctx->finished=0;
- EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL,
+ EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
ctx->cipher.berrypt);
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
@@ -376,7 +376,7 @@
{
ctx->finished=1;
ctx->buf_off=0;
- ret=EVP_CipherFinal(&(ctx->cipher),
+ ret=EVP_CipherFinal_ex(&(ctx->cipher),
(unsigned char *)ctx->buf,
&(ctx->buf_len));
ctx->ok=(int)ret;
@@ -458,7 +458,7 @@
b->init=1;
ctx=(BIO_ENC_CTX *)b->ptr;
- EVP_CipherInit(&(ctx->cipher),c,k,i,e);
+ EVP_CipherInit_ex(&(ctx->cipher),c,NULL,k,i,e);
if (b->callback != NULL)
b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 4cc3055..5b803b0 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -165,7 +165,7 @@
goto err;
xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen);
- EVP_CipherInit(ctx, evp_cipher, key, iv, 1);
+ EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, iv, 1);
if (ivlen > 0) {
if (xalg->parameter == NULL)
@@ -391,7 +391,7 @@
evp_ctx=NULL;
BIO_get_cipher_ctx(etmp,&evp_ctx);
- EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0);
+ EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0);
if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
goto err;
@@ -407,7 +407,7 @@
goto err;
}
}
- EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
+ EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
memset(tmp,0,jj);
diff --git a/demos/maurice/example1.c b/demos/maurice/example1.c
index 4890b69..da2c6d3 100644
--- a/demos/maurice/example1.c
+++ b/demos/maurice/example1.c
@@ -126,7 +126,7 @@
void main_decrypt(void)
{
- char buf[512];
+ char buf[520];
char ebuf[512];
unsigned int buflen;
EVP_CIPHER_CTX ectx;
@@ -164,7 +164,6 @@
read(STDIN, encryptKey, ekeylen);
read(STDIN, iv, sizeof(iv));
-
EVP_OpenInit(&ectx,
EVP_des_ede3_cbc(),
encryptKey,
@@ -185,7 +184,6 @@
}
EVP_OpenUpdate(&ectx, buf, &buflen, ebuf, readlen);
-
write(STDOUT, buf, buflen);
}
diff --git a/demos/maurice/example3.c b/demos/maurice/example3.c
index c8462a4..03d8a20 100644
--- a/demos/maurice/example3.c
+++ b/demos/maurice/example3.c
@@ -57,7 +57,8 @@
EVP_BytesToKey(ALG, EVP_md5(), "salu", pw, strlen(pw), 1, key, iv);
- EVP_CipherInit(&ectx, ALG, key, iv, operation);
+ EVP_CIPHER_CTX_init(&ectx);
+ EVP_CipherInit_ex(&ectx, ALG, NULL, key, iv, operation);
while(1)
{
@@ -79,7 +80,8 @@
write(STDOUT, ebuf, ebuflen);
}
- EVP_CipherFinal(&ectx, ebuf, &ebuflen);
+ EVP_CipherFinal_ex(&ectx, ebuf, &ebuflen);
+ EVP_CIPHER_CTX_cleanup(&ectx);
write(STDOUT, ebuf, ebuflen);
}
diff --git a/ssl/kssl.c b/ssl/kssl.c
index e61b698..726dceb 100644
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@@ -1997,10 +1997,10 @@
*/
goto err;
}
- if (!EVP_DecryptInit(&ciph_ctx, enc, kssl_ctx->key, iv))
+ if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv))
{
kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "EVP_DecryptInit error decrypting authenticator.\n");
+ "EVP_DecryptInit_ex error decrypting authenticator.\n");
krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
goto err;
}
@@ -2019,10 +2019,10 @@
krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
goto err;
}
- if (!EVP_DecryptFinal(&ciph_ctx, &(unenc_authent[outl]), &padl))
+ if (!EVP_DecryptFinal_ex(&ciph_ctx, &(unenc_authent[outl]), &padl))
{
kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "EVP_DecryptFinal error decrypting authenticator.\n");
+ "EVP_DecryptFinal_ex error decrypting authenticator.\n");
krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
goto err;
}
diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c
index b4187bb..a28e747 100644
--- a/ssl/s2_enc.c
+++ b/ssl/s2_enc.c
@@ -98,9 +98,9 @@
ssl2_generate_key_material(s);
- EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]),
+ EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
s->session->key_arg);
- EVP_DecryptInit(rs,c,&(s->s2->key_material[(client)?0:num]),
+ EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]),
s->session->key_arg);
s->s2->read_key= &(s->s2->key_material[(client)?0:num]);
s->s2->write_key= &(s->s2->key_material[(client)?num:0]);
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 8ebba65..e56bfb1 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1519,17 +1519,17 @@
goto err;
/* 20010420 VRS. Tried it this way; failed.
- ** EVP_EncryptInit(&ciph_ctx,enc, NULL,NULL);
+ ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
** kssl_ctx->length);
- ** EVP_EncryptInit(&ciph_ctx,NULL, key,iv);
+ ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
*/
memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */
- EVP_EncryptInit(&ciph_ctx,enc, kssl_ctx->key,iv);
+ EVP_EncryptInit_ex(&ciph_ctx,enc, kssl_ctx->key,iv);
EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
SSL_MAX_MASTER_KEY_LENGTH);
- EVP_EncryptFinal(&ciph_ctx,&(epms[outl]),&padl);
+ EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
outl += padl;
EVP_CIPHER_CTX_cleanup(&ciph_ctx);
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 833fea8..52d389e 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -275,7 +275,7 @@
s->session->key_arg_length=0;
- EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+ EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
memset(&(exp_key[0]),0,sizeof(exp_key));
memset(&(exp_iv[0]),0,sizeof(exp_iv));
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 2954571..f858a9f 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1618,7 +1618,7 @@
memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */
- if (!EVP_DecryptInit(&ciph_ctx,enc,kssl_ctx->key,iv))
+ if (!EVP_DecryptInit_ex(&ciph_ctx,enc,kssl_ctx->key,iv))
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DECRYPTION_FAILED);
@@ -1637,7 +1637,7 @@
SSL_R_DATA_LENGTH_TOO_LONG);
goto err;
}
- if (!EVP_DecryptFinal(&ciph_ctx,&(pms[outl]),&padl))
+ if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DECRYPTION_FAILED);
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index c37b417..7bb04e6 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -341,7 +341,7 @@
#ifdef KSSL_DEBUG
{
int i;
- printf("EVP_CipherInit(dd,c,key=,iv=,which)\n");
+ printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
printf("\n");
printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
@@ -349,7 +349,7 @@
}
#endif /* KSSL_DEBUG */
- EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+ EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
#ifdef TLS_DEBUG
printf("which = %04X\nkey=",which);
{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
