From 07bb7ca2824221826d2a7568cea26cab1b5f3250 Mon Sep 17 00:00:00 2001 From: Marcel Hollerbach Date: Mon, 5 Dec 2016 11:13:02 +0100 Subject: [PATCH] emile: do not rely on the struct size Summary: in newer versions of openssl, most of the public structures are made opaque. So we should use the openssl api to allocate this structure. Since ctx is now a pointer we dont need opened anymore, so those vars are replaced with ctx checks. ctx is always NULL'ed after a free fix T4923 Reviewers: cedric, jpeg, stefan_schmidt Reviewed By: jpeg, stefan_schmidt Subscribers: stefan_schmidt, ManMower, jpeg Maniphest Tasks: T4923 Differential Revision: https://phab.enlightenment.org/D4456 --- src/lib/emile/emile_cipher_openssl.c | 37 +++++++++++++--------------- 1 file changed, 17 insertions(+), 20 deletions(-) diff --git a/src/lib/emile/emile_cipher_openssl.c b/src/lib/emile/emile_cipher_openssl.c index 9963c22601..efd9324a5c 100644 --- a/src/lib/emile/emile_cipher_openssl.c +++ b/src/lib/emile/emile_cipher_openssl.c @@ -102,9 +102,8 @@ emile_binbuf_cipher(Emile_Cipher_Algorithm algo, unsigned int salt; unsigned int tmp = 0; unsigned int crypted_length; - int opened = 0; /* Openssl declarations*/ - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx = NULL; unsigned int *buffer = NULL; int tmp_len; @@ -151,29 +150,28 @@ emile_binbuf_cipher(Emile_Cipher_Algorithm algo, /* Openssl create the corresponding cipher AES with a 256 bit key, Cipher Block Chaining mode */ - EVP_CIPHER_CTX_init(&ctx); - if (!EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, ik, iv)) + ctx = EVP_CIPHER_CTX_new(); + if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, ik, iv)) goto on_error; - opened = 1; - memset(iv, 0, sizeof (iv)); memset(ik, 0, sizeof (ik)); pointer = (unsigned char*) eina_binbuf_string_get(result); /* Openssl encrypt */ - if (!EVP_EncryptUpdate(&ctx, pointer + sizeof (int), &tmp_len, + if (!EVP_EncryptUpdate(ctx, pointer + sizeof (int), &tmp_len, (unsigned char *)buffer, eina_binbuf_length_get(data) + sizeof(unsigned int))) goto on_error; /* Openssl close the cipher */ - if (!EVP_EncryptFinal_ex(&ctx, pointer + sizeof (int) + tmp_len, + if (!EVP_EncryptFinal_ex(ctx, pointer + sizeof (int) + tmp_len, &tmp_len)) goto on_error; - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; free(buffer); return result; @@ -183,8 +181,8 @@ on_error: memset(ik, 0, sizeof (ik)); /* Openssl error */ - if (opened) - EVP_CIPHER_CTX_cleanup(&ctx); + if (ctx) + EVP_CIPHER_CTX_cleanup(ctx); free(buffer); @@ -203,7 +201,7 @@ emile_binbuf_decipher(Emile_Cipher_Algorithm algo, { Eina_Binbuf *result = NULL; unsigned int *over; - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx = NULL; unsigned char ik[MAX_KEY_LEN]; unsigned char iv[MAX_IV_LEN]; unsigned char key_material[MAX_KEY_LEN + MAX_IV_LEN]; @@ -211,7 +209,6 @@ emile_binbuf_decipher(Emile_Cipher_Algorithm algo, unsigned int size; int tmp_len; int tmp = 0; - int opened = 0; if (algo != EMILE_AES256_CBC) return NULL; if (!emile_cipher_init()) return NULL; @@ -247,23 +244,23 @@ emile_binbuf_decipher(Emile_Cipher_Algorithm algo, eina_binbuf_append_length(result, (unsigned char*) (over + 1), tmp_len); /* Openssl create the corresponding cipher */ - EVP_CIPHER_CTX_init(&ctx); - opened = 1; + ctx = EVP_CIPHER_CTX_new(); - if (!EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, ik, iv)) + if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, ik, iv)) goto on_error; memset(iv, 0, sizeof (iv)); memset(ik, 0, sizeof (ik)); /* Openssl decrypt */ - if (!EVP_DecryptUpdate(&ctx, + if (!EVP_DecryptUpdate(ctx, (void*) eina_binbuf_string_get(result), &tmp, (void*) (over + 1), tmp_len)) goto on_error; /* Openssl close the cipher*/ - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; /* Get the decrypted data size */ tmp = *(unsigned int*)(eina_binbuf_string_get(result)); @@ -281,8 +278,8 @@ on_error: memset(iv, 0, sizeof (iv)); memset(ik, 0, sizeof (ik)); - if (opened) - EVP_CIPHER_CTX_cleanup(&ctx); + if (ctx) + EVP_CIPHER_CTX_free(ctx); eina_binbuf_free(result);