timer23
/
efl
forked from enlightenment/efl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

emile: do not rely on the struct size 

Summary:
in newer versions of openssl, most of the public structures are made
opaque. So we should use the openssl api to allocate this structure.

Since ctx is now a pointer we dont need opened anymore, so those vars
are replaced with ctx checks. ctx is always NULL'ed after a free

fix T4923

Reviewers: cedric, jpeg, stefan_schmidt

Reviewed By: jpeg, stefan_schmidt

Subscribers: stefan_schmidt, ManMower, jpeg

Maniphest Tasks: T4923

Differential Revision: https://phab.enlightenment.org/D4456
This commit is contained in:
Marcel Hollerbach 2016-12-05 11:13:02 +01:00
parent 6076014f58
commit 07bb7ca282
1 changed files with 17 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
src/lib/emile/emile_cipher_openssl.c
View File

@ -102,9 +102,8 @@ emile_binbuf_cipher(Emile_Cipher_Algorithm algo,
unsigned int salt; unsigned int salt;
unsigned int tmp = 0; unsigned int tmp = 0;
unsigned int crypted_length; unsigned int crypted_length;
int opened = 0;
/* Openssl declarations*/ /* Openssl declarations*/
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX *ctx = NULL;
unsigned int *buffer = NULL; unsigned int *buffer = NULL;
int tmp_len; int tmp_len;
@ -151,29 +150,28 @@ emile_binbuf_cipher(Emile_Cipher_Algorithm algo,
/* Openssl create the corresponding cipher /* Openssl create the corresponding cipher
AES with a 256 bit key, Cipher Block Chaining mode */ AES with a 256 bit key, Cipher Block Chaining mode */
EVP_CIPHER_CTX_init(&ctx); ctx = EVP_CIPHER_CTX_new();
if (!EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, ik, iv)) if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, ik, iv))
goto on_error; goto on_error;
opened = 1;
memset(iv, 0, sizeof (iv)); memset(iv, 0, sizeof (iv));
memset(ik, 0, sizeof (ik)); memset(ik, 0, sizeof (ik));
pointer = (unsigned char*) eina_binbuf_string_get(result); pointer = (unsigned char*) eina_binbuf_string_get(result);
/* Openssl encrypt */ /* Openssl encrypt */
if (!EVP_EncryptUpdate(&ctx, pointer + sizeof (int), &tmp_len, if (!EVP_EncryptUpdate(ctx, pointer + sizeof (int), &tmp_len,
(unsigned char *)buffer, (unsigned char *)buffer,
eina_binbuf_length_get(data) + sizeof(unsigned int))) eina_binbuf_length_get(data) + sizeof(unsigned int)))
goto on_error; goto on_error;
/* Openssl close the cipher */ /* Openssl close the cipher */
if (!EVP_EncryptFinal_ex(&ctx, pointer + sizeof (int) + tmp_len, if (!EVP_EncryptFinal_ex(ctx, pointer + sizeof (int) + tmp_len,
&tmp_len)) &tmp_len))
goto on_error; goto on_error;
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_free(ctx);
ctx = NULL;
free(buffer); free(buffer);
return result; return result;
@ -183,8 +181,8 @@ on_error:
memset(ik, 0, sizeof (ik)); memset(ik, 0, sizeof (ik));
/* Openssl error */ /* Openssl error */
if (opened) if (ctx)
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_cleanup(ctx);
free(buffer); free(buffer);
@ -203,7 +201,7 @@ emile_binbuf_decipher(Emile_Cipher_Algorithm algo,
{ {
Eina_Binbuf *result = NULL; Eina_Binbuf *result = NULL;
unsigned int *over; unsigned int *over;
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX *ctx = NULL;
unsigned char ik[MAX_KEY_LEN]; unsigned char ik[MAX_KEY_LEN];
unsigned char iv[MAX_IV_LEN]; unsigned char iv[MAX_IV_LEN];
unsigned char key_material[MAX_KEY_LEN + MAX_IV_LEN]; unsigned char key_material[MAX_KEY_LEN + MAX_IV_LEN];
@ -211,7 +209,6 @@ emile_binbuf_decipher(Emile_Cipher_Algorithm algo,
unsigned int size; unsigned int size;
int tmp_len; int tmp_len;
int tmp = 0; int tmp = 0;
int opened = 0;
if (algo != EMILE_AES256_CBC) return NULL; if (algo != EMILE_AES256_CBC) return NULL;
if (!emile_cipher_init()) return NULL; if (!emile_cipher_init()) return NULL;
@ -247,23 +244,23 @@ emile_binbuf_decipher(Emile_Cipher_Algorithm algo,
eina_binbuf_append_length(result, (unsigned char*) (over + 1), tmp_len); eina_binbuf_append_length(result, (unsigned char*) (over + 1), tmp_len);
/* Openssl create the corresponding cipher */ /* Openssl create the corresponding cipher */
EVP_CIPHER_CTX_init(&ctx); ctx = EVP_CIPHER_CTX_new();
opened = 1;
if (!EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, ik, iv)) if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, ik, iv))
goto on_error; goto on_error;
memset(iv, 0, sizeof (iv)); memset(iv, 0, sizeof (iv));
memset(ik, 0, sizeof (ik)); memset(ik, 0, sizeof (ik));
/* Openssl decrypt */ /* Openssl decrypt */
if (!EVP_DecryptUpdate(&ctx, if (!EVP_DecryptUpdate(ctx,
(void*) eina_binbuf_string_get(result), &tmp, (void*) eina_binbuf_string_get(result), &tmp,
(void*) (over + 1), tmp_len)) (void*) (over + 1), tmp_len))
goto on_error; goto on_error;
/* Openssl close the cipher*/ /* Openssl close the cipher*/
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_free(ctx);
ctx = NULL;
/* Get the decrypted data size */ /* Get the decrypted data size */
tmp = *(unsigned int*)(eina_binbuf_string_get(result)); tmp = *(unsigned int*)(eina_binbuf_string_get(result));
@ -281,8 +278,8 @@ on_error:
memset(iv, 0, sizeof (iv)); memset(iv, 0, sizeof (iv));
memset(ik, 0, sizeof (ik)); memset(ik, 0, sizeof (ik));
if (opened) if (ctx)
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_free(ctx);
eina_binbuf_free(result); eina_binbuf_free(result);