diff options
| author | Hugo Landau <hlandau@openssl.org> | 2022-03-10 12:42:05 +0000 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2022-03-15 21:05:05 +1100 |
| commit | b9a2f24e44f53c7c3a63a7f7b165e8267cbdda42 (patch) | |
| tree | 48f90834e784933106b36bd2684a16cfecf3c6b2 /crypto | |
| parent | 224ea84b4054de105447cde407fa3d39004a563d (diff) | |
Fix IV length caching in EVP encryption code
The IV length cache value was being invalidated excessively, causing IV
length caching to be ineffective.
Related to #17064.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17862)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/evp/evp_enc.c | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 7ae92df98b..02566ae949 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -62,13 +62,20 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) ENGINE_finish(ctx->engine); #endif memset(ctx, 0, sizeof(*ctx)); - ctx->iv_len = 0; + ctx->iv_len = -1; return 1; } EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { - return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX)); + EVP_CIPHER_CTX *ctx; + + ctx = OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX)); + if (ctx == NULL) + return NULL; + + ctx->iv_len = -1; + return ctx; } void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) @@ -90,8 +97,6 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, ENGINE *tmpimpl = NULL; #endif - ctx->iv_len = -1; - /* * enc == 1 means we are encrypting. * enc == 0 means we are decrypting. @@ -1267,13 +1272,17 @@ int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]) r = ctx->cipher->set_ctx_params(ctx->algctx, params); if (r > 0) { p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->key_len)) + if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->key_len)) { r = 0; + ctx->key_len = -1; + } } if (r > 0) { p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN); - if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->iv_len)) + if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->iv_len)) { r = 0; + ctx->iv_len = -1; + } } } return r; |