Ensure EVP_CipherInit() uses the correct encode/decode parameter if enc == -1 [Reported by Markus Friedl <markus@openbsd.org>] Fix typo in dh_lib.c (use of DSAerr instead of DHerr).

3e268d27 · Dr. Stephen Henson · c46acbac · 3e268d27 · 3e268d27
隐藏空白更改
内联并排

Showing with 9 addition and 3 deletion

crypto/dh/dh_lib.c crypto/dh/dh_lib.c +1 -1

crypto/evp/evp_enc.c crypto/evp/evp_enc.c +8 -2

未找到文件。
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -116,7 +116,7 @@ DH *DH_new_method(ENGINE *engine)
 		{
 		if (!ENGINE_init(engine))
 			{
-			DSAerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+			DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
 			OPENSSL_free(ret);
 			return NULL;
 			}

--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -85,7 +85,14 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
 	     const unsigned char *key, const unsigned char *iv, int enc)
 	{
-	if(enc && (enc != -1)) enc = 1;
+	if (enc == -1)
+		enc = ctx->encrypt;
+	else
+		{
+		if (enc)
+			enc = 1;
+		ctx->encrypt = enc;
+		}
 	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
 	 * so this context may already have an ENGINE! Try to avoid releasing
 	 * the previous handle, re-querying for an ENGINE, and having a
@@ -184,7 +191,6 @@ skip_to_init:
 	if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
 		if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
 	}
-	if(enc != -1) ctx->encrypt=enc;
 	ctx->buf_len=0;
 	ctx->final_used=0;
 	ctx->block_mask=ctx->cipher->block_size-1;