You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by rj...@apache.org on 2016/02/07 15:16:13 UTC

svn commit: r1728963 - /apr/apr/trunk/crypto/apr_crypto_openssl.c

Author: rjung
Date: Sun Feb  7 14:16:13 2016
New Revision: 1728963

URL: http://svn.apache.org/viewvc?rev=1728963&view=rev
Log:
Add support for OpenSSL 1.1.0:
- choose OPENSSL_malloc_init() instead of
  CRYPTO_malloc_init
- make cipherCtx a pointer. Type EVP_CIPHER_CTX
  is now opaque.
  - use EVP_CIPHER_CTX_new() in init() functions
    if initialised flag is not set (and set flag)
  - use EVP_CIPHER_CTX_free() in cleanup function
- Improve reuse cleanup
  - call EVP_CIPHER_CTX_reset() resp.
    EVP_CIPHER_CTX_cleanup() in finish functions
  - call EVP_CIPHER_CTX_reset() resp.
    EVP_CIPHER_CTX_cleanup() when Update fails

Modified:
    apr/apr/trunk/crypto/apr_crypto_openssl.c

Modified: apr/apr/trunk/crypto/apr_crypto_openssl.c
URL: http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_crypto_openssl.c?rev=1728963&r1=1728962&r2=1728963&view=diff
==============================================================================
--- apr/apr/trunk/crypto/apr_crypto_openssl.c (original)
+++ apr/apr/trunk/crypto/apr_crypto_openssl.c Sun Feb  7 14:16:13 2016
@@ -65,7 +65,7 @@ struct apr_crypto_block_t {
     apr_pool_t *pool;
     const apr_crypto_driver_t *provider;
     const apr_crypto_t *f;
-    EVP_CIPHER_CTX cipherCtx;
+    EVP_CIPHER_CTX *cipherCtx;
     int initialised;
     int ivSize;
     int blockSize;
@@ -112,7 +112,11 @@ static apr_status_t crypto_shutdown_help
 static apr_status_t crypto_init(apr_pool_t *pool, const char *params,
         const apu_err_t **result)
 {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
     CRYPTO_malloc_init();
+#else
+    OPENSSL_malloc_init();
+#endif
     ERR_load_crypto_strings();
     /* SSL_load_error_strings(); */
     OpenSSL_add_all_algorithms();
@@ -135,7 +139,7 @@ static apr_status_t crypto_block_cleanup
 {
 
     if (ctx->initialised) {
-        EVP_CIPHER_CTX_cleanup(&ctx->cipherCtx);
+        EVP_CIPHER_CTX_free(ctx->cipherCtx);
         ctx->initialised = 0;
     }
 
@@ -492,8 +496,10 @@ static apr_status_t crypto_block_encrypt
             apr_pool_cleanup_null);
 
     /* create a new context for encryption */
-    EVP_CIPHER_CTX_init(&block->cipherCtx);
-    block->initialised = 1;
+    if (!block->initialised) {
+        block->cipherCtx = EVP_CIPHER_CTX_new();
+        block->initialised = 1;
+    }
 
     /* generate an IV, if necessary */
     usedIv = NULL;
@@ -520,16 +526,16 @@ static apr_status_t crypto_block_encrypt
 
     /* set up our encryption context */
 #if CRYPTO_OPENSSL_CONST_BUFFERS
-    if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
+    if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine,
             key->key, usedIv)) {
 #else
-        if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) {
+        if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) {
 #endif
         return APR_EINIT;
     }
 
     /* Clear up any read padding */
-    if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
+    if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) {
         return APR_EPADDING;
     }
 
@@ -583,11 +589,16 @@ static apr_status_t crypto_block_encrypt
     }
 
 #if CRYPT_OPENSSL_CONST_BUFFERS
-    if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl, in, inlen)) {
+    if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl, in, inlen)) {
 #else
-    if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl,
+    if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl,
             (unsigned char *) in, inlen)) {
 #endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+        EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
+#else
+        EVP_CIPHER_CTX_reset(ctx->cipherCtx);
+#endif
         return APR_ECRYPT;
     }
     *outlen = outl;
@@ -617,14 +628,22 @@ static apr_status_t crypto_block_encrypt
 static apr_status_t crypto_block_encrypt_finish(unsigned char *out,
         apr_size_t *outlen, apr_crypto_block_t *ctx)
 {
+    apr_status_t rc = APR_SUCCESS;
     int len = *outlen;
 
-    if (EVP_EncryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
-        return APR_EPADDING;
+    if (EVP_EncryptFinal_ex(ctx->cipherCtx, out, &len) == 0) {
+        rc = APR_EPADDING;
+    }
+    else {
+        *outlen = len;
     }
-    *outlen = len;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
+#else
+    EVP_CIPHER_CTX_reset(ctx->cipherCtx);
+#endif
 
-    return APR_SUCCESS;
+    return rc;
 
 }
 
@@ -663,8 +682,10 @@ static apr_status_t crypto_block_decrypt
             apr_pool_cleanup_null);
 
     /* create a new context for encryption */
-    EVP_CIPHER_CTX_init(&block->cipherCtx);
-    block->initialised = 1;
+    if (!block->initialised) {
+        block->cipherCtx = EVP_CIPHER_CTX_new();
+        block->initialised = 1;
+    }
 
     /* generate an IV, if necessary */
     if (key->ivSize) {
@@ -675,16 +696,16 @@ static apr_status_t crypto_block_decrypt
 
     /* set up our encryption context */
 #if CRYPTO_OPENSSL_CONST_BUFFERS
-    if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
+    if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine,
             key->key, iv)) {
 #else
-        if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) {
+        if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) {
 #endif
         return APR_EINIT;
     }
 
     /* Clear up any read padding */
-    if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
+    if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) {
         return APR_EPADDING;
     }
 
@@ -738,11 +759,16 @@ static apr_status_t crypto_block_decrypt
     }
 
 #if CRYPT_OPENSSL_CONST_BUFFERS
-    if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, in, inlen)) {
+    if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, in, inlen)) {
 #else
-    if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, (unsigned char *) in,
+    if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, (unsigned char *) in,
             inlen)) {
 #endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+        EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
+#else
+        EVP_CIPHER_CTX_reset(ctx->cipherCtx);
+#endif
         return APR_ECRYPT;
     }
     *outlen = outl;
@@ -772,15 +798,22 @@ static apr_status_t crypto_block_decrypt
 static apr_status_t crypto_block_decrypt_finish(unsigned char *out,
         apr_size_t *outlen, apr_crypto_block_t *ctx)
 {
-
+    apr_status_t rc = APR_SUCCESS;
     int len = *outlen;
 
-    if (EVP_DecryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
-        return APR_EPADDING;
+    if (EVP_DecryptFinal_ex(ctx->cipherCtx, out, &len) == 0) {
+        rc = APR_EPADDING;
     }
-    *outlen = len;
+    else {
+        *outlen = len;
+    }
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
+#else
+    EVP_CIPHER_CTX_reset(ctx->cipherCtx);
+#endif
 
-    return APR_SUCCESS;
+    return rc;
 
 }