diff --git a/contrib/pgcrypto/openssl.c b/contrib/pgcrypto/openssl.c index f3e3a92486..fa530233f4 100644 --- a/contrib/pgcrypto/openssl.c +++ b/contrib/pgcrypto/openssl.c @@ -250,7 +250,7 @@ struct ossl_cipher typedef struct { - EVP_CIPHER_CTX evp_ctx; + EVP_CIPHER_CTX *evp_ctx; const EVP_CIPHER *evp_ciph; uint8 key[MAX_KEY]; uint8 iv[MAX_IV]; @@ -292,7 +292,7 @@ gen_ossl_free(PX_Cipher *c) { ossldata *od = (ossldata *) c->ptr; - EVP_CIPHER_CTX_cleanup(&od->evp_ctx); + EVP_CIPHER_CTX_free(od->evp_ctx); px_memset(od, 0, sizeof(*od)); px_free(od); px_free(c); @@ -307,17 +307,17 @@ gen_ossl_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, if (!od->init) { - EVP_CIPHER_CTX_init(&od->evp_ctx); - if (!EVP_DecryptInit_ex(&od->evp_ctx, od->evp_ciph, NULL, NULL, NULL)) + od->evp_ctx = EVP_CIPHER_CTX_new(); + if (!EVP_DecryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL)) return PXE_CIPHER_INIT; - if (!EVP_CIPHER_CTX_set_key_length(&od->evp_ctx, od->klen)) + if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen)) return PXE_CIPHER_INIT; - if (!EVP_DecryptInit_ex(&od->evp_ctx, NULL, NULL, od->key, od->iv)) + if (!EVP_DecryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv)) return PXE_CIPHER_INIT; od->init = true; } - if (!EVP_DecryptUpdate(&od->evp_ctx, res, &outlen, data, dlen)) + if (!EVP_DecryptUpdate(od->evp_ctx, res, &outlen, data, dlen)) return PXE_DECRYPT_FAILED; return 0; @@ -332,17 +332,17 @@ gen_ossl_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, if (!od->init) { - EVP_CIPHER_CTX_init(&od->evp_ctx); - if (!EVP_EncryptInit_ex(&od->evp_ctx, od->evp_ciph, NULL, NULL, NULL)) + od->evp_ctx = EVP_CIPHER_CTX_new(); + if (!EVP_EncryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL)) return PXE_CIPHER_INIT; - if (!EVP_CIPHER_CTX_set_key_length(&od->evp_ctx, od->klen)) + if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen)) return PXE_CIPHER_INIT; - if (!EVP_EncryptInit_ex(&od->evp_ctx, NULL, NULL, od->key, od->iv)) + if (!EVP_EncryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv)) return PXE_CIPHER_INIT; od->init = true; } - if (!EVP_EncryptUpdate(&od->evp_ctx, res, &outlen, data, dlen)) + if (!EVP_EncryptUpdate(od->evp_ctx, res, &outlen, data, dlen)) return PXE_ERR_GENERIC; return 0; @@ -370,25 +370,30 @@ bf_check_supported_key_len(void) static const uint8 data[8] = {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10}; static const uint8 res[8] = {0xc0, 0x45, 0x04, 0x01, 0x2e, 0x4e, 0x1f, 0x53}; uint8 out[8]; - EVP_CIPHER_CTX evp_ctx; + EVP_CIPHER_CTX *evp_ctx; int outlen; + int status = 0; /* encrypt with 448bits key and verify output */ - EVP_CIPHER_CTX_init(&evp_ctx); - if (!EVP_EncryptInit_ex(&evp_ctx, EVP_bf_ecb(), NULL, NULL, NULL)) - return 0; - if (!EVP_CIPHER_CTX_set_key_length(&evp_ctx, 56)) - return 0; - if (!EVP_EncryptInit_ex(&evp_ctx, NULL, NULL, key, NULL)) - return 0; + evp_ctx = EVP_CIPHER_CTX_new(); + if (!EVP_EncryptInit_ex(evp_ctx, EVP_bf_ecb(), NULL, NULL, NULL)) + goto leave; + if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, 56)) + goto leave; + if (!EVP_EncryptInit_ex(evp_ctx, NULL, NULL, key, NULL)) + goto leave; - if (!EVP_EncryptUpdate(&evp_ctx, out, &outlen, data, 8)) - return 0; + if (!EVP_EncryptUpdate(evp_ctx, out, &outlen, data, 8)) + goto leave; if (memcmp(out, res, 8) != 0) - return 0; /* Output does not match -> strong cipher is + goto leave; /* Output does not match -> strong cipher is * not supported */ - return 1; + status = 1; + +leave: + EVP_CIPHER_CTX_free(evp_ctx); + return status; } static int