CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2024/03/02 02:55:30
Modified files:
lib/libcrypto/evp: evp.h evp_cipher.c evp_digest.c
Log message:
Fix signature and semantics of EVP_{CIPHER,MD}_CTX_init()
When the EVP_CIPHER_CTX and the EVP_MD_CTX were still expected to live
on the stack, these initialization APIs were wrappers around memset.
In OpenSSL 1.1, somebody removed them and carelessly made _init() an
alias of _reset() aka _cleanup(). As a consequence, both signature and
semantics changed.
Unsurprisingly, there is now code out there that actually uses the new
semantics, which causes leaks on LibreSSL and older OpenSSL. This aligns
our _init() with OpenSSL 1.1 semantics.
ok jsing
