diff --git a/common/block-tx-utils.c b/common/block-tx-utils.c index 3f07aab..65ef746 100644 --- a/common/block-tx-utils.c +++ b/common/block-tx-utils.c @@ -24,16 +24,16 @@ blocktx_generate_encrypt_key (unsigned char *session_key, int sk_len, } int -blocktx_encrypt_init (EVP_CIPHER_CTX *ctx, +blocktx_encrypt_init (EVP_CIPHER_CTX **ctx, const unsigned char *key, const unsigned char *iv) { int ret; /* Prepare CTX for encryption. */ - EVP_CIPHER_CTX_init (ctx); + *ctx = EVP_CIPHER_CTX_new (); - ret = EVP_EncryptInit_ex (ctx, + ret = EVP_EncryptInit_ex (*ctx, EVP_aes_256_cbc(), /* cipher mode */ NULL, /* engine, NULL for default */ key, /* derived key */ @@ -45,16 +45,16 @@ blocktx_encrypt_init (EVP_CIPHER_CTX *ctx, } int -blocktx_decrypt_init (EVP_CIPHER_CTX *ctx, +blocktx_decrypt_init (EVP_CIPHER_CTX **ctx, const unsigned char *key, const unsigned char *iv) { int ret; /* Prepare CTX for decryption. */ - EVP_CIPHER_CTX_init (ctx); + *ctx = EVP_CIPHER_CTX_new(); - ret = EVP_DecryptInit_ex (ctx, + ret = EVP_DecryptInit_ex (*ctx, EVP_aes_256_cbc(), /* cipher mode */ NULL, /* engine, NULL for default */ key, /* derived key */ @@ -138,7 +138,7 @@ static int handle_frame_content (struct evbuffer *buf, FrameParser *parser) { char *frame; - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; char *out; int outlen, outlen2; int ret = 0; @@ -158,7 +158,7 @@ handle_frame_content (struct evbuffer *buf, FrameParser *parser) evbuffer_remove (input, frame, parser->enc_frame_len); - if (EVP_DecryptUpdate (&ctx, + if (EVP_DecryptUpdate (ctx, (unsigned char *)out, &outlen, (unsigned char *)frame, parser->enc_frame_len) == 0) { @@ -167,7 +167,7 @@ handle_frame_content (struct evbuffer *buf, FrameParser *parser) goto out; } - if (EVP_DecryptFinal_ex (&ctx, (unsigned char *)(out + outlen), &outlen2) == 0) + if (EVP_DecryptFinal_ex (ctx, (unsigned char *)(out + outlen), &outlen2) == 0) { seaf_warning ("Failed to decrypt frame content.\n"); ret = -1; @@ -180,7 +180,7 @@ out: g_free (frame); g_free (out); parser->enc_frame_len = 0; - EVP_CIPHER_CTX_cleanup (&ctx); + EVP_CIPHER_CTX_free (ctx); return ret; } @@ -222,7 +222,7 @@ handle_frame_fragment_content (struct evbuffer *buf, FrameParser *parser) out = g_malloc (fragment_len + ENC_BLOCK_SIZE); - if (EVP_DecryptUpdate (&parser->ctx, + if (EVP_DecryptUpdate (parser->ctx, (unsigned char *)out, &outlen, (unsigned char *)fragment, fragment_len) == 0) { seaf_warning ("Failed to decrypt frame fragment.\n"); @@ -237,7 +237,7 @@ handle_frame_fragment_content (struct evbuffer *buf, FrameParser *parser) parser->remain -= fragment_len; if (parser->remain <= 0) { - if (EVP_DecryptFinal_ex (&parser->ctx, + if (EVP_DecryptFinal_ex (parser->ctx, (unsigned char *)out, &outlen) == 0) { seaf_warning ("Failed to decrypt frame fragment.\n"); @@ -249,7 +249,7 @@ handle_frame_fragment_content (struct evbuffer *buf, FrameParser *parser) if (ret < 0) goto out; - EVP_CIPHER_CTX_cleanup (&parser->ctx); + EVP_CIPHER_CTX_free (parser->ctx); parser->enc_init = FALSE; parser->enc_frame_len = 0; } @@ -258,7 +258,7 @@ out: g_free (fragment); g_free (out); if (ret < 0) { - EVP_CIPHER_CTX_cleanup (&parser->ctx); + EVP_CIPHER_CTX_free (parser->ctx); parser->enc_init = FALSE; parser->enc_frame_len = 0; } diff --git a/common/block-tx-utils.h b/common/block-tx-utils.h index 5ade381..f8eaeba 100644 --- a/common/block-tx-utils.h +++ b/common/block-tx-utils.h @@ -68,12 +68,12 @@ blocktx_generate_encrypt_key (unsigned char *session_key, int sk_len, unsigned char *key, unsigned char *iv); int -blocktx_encrypt_init (EVP_CIPHER_CTX *ctx, +blocktx_encrypt_init (EVP_CIPHER_CTX **ctx, const unsigned char *key, const unsigned char *iv); int -blocktx_decrypt_init (EVP_CIPHER_CTX *ctx, +blocktx_decrypt_init (EVP_CIPHER_CTX **ctx, const unsigned char *key, const unsigned char *iv); @@ -112,7 +112,7 @@ typedef struct _FrameParser { unsigned char key[ENC_KEY_SIZE]; unsigned char iv[ENC_BLOCK_SIZE]; gboolean enc_init; - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; unsigned char key_v2[ENC_KEY_SIZE]; unsigned char iv_v2[ENC_BLOCK_SIZE]; diff --git a/common/seafile-crypt.c b/common/seafile-crypt.c index e615285..c7d1702 100644 --- a/common/seafile-crypt.c +++ b/common/seafile-crypt.c @@ -254,35 +254,36 @@ seafile_encrypt (char **data_out, return -1; } - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; int ret; int blks; /* Prepare CTX for encryption. */ - EVP_CIPHER_CTX_init (&ctx); + ctx = EVP_CIPHER_CTX_new (); if (crypt->version == 2) - ret = EVP_EncryptInit_ex (&ctx, + ret = EVP_EncryptInit_ex (ctx, EVP_aes_256_cbc(), /* cipher mode */ NULL, /* engine, NULL for default */ crypt->key, /* derived key */ crypt->iv); /* initial vector */ else if (crypt->version == 1) - ret = EVP_EncryptInit_ex (&ctx, + ret = EVP_EncryptInit_ex (ctx, EVP_aes_128_cbc(), /* cipher mode */ NULL, /* engine, NULL for default */ crypt->key, /* derived key */ crypt->iv); /* initial vector */ else - ret = EVP_EncryptInit_ex (&ctx, + ret = EVP_EncryptInit_ex (ctx, EVP_aes_128_ecb(), /* cipher mode */ NULL, /* engine, NULL for default */ crypt->key, /* derived key */ crypt->iv); /* initial vector */ - if (ret == ENC_FAILURE) + if (ret == ENC_FAILURE) { + EVP_CIPHER_CTX_free (ctx); return -1; - + } /* Allocating output buffer. */ /* @@ -303,7 +304,7 @@ seafile_encrypt (char **data_out, int update_len, final_len; /* Do the encryption. */ - ret = EVP_EncryptUpdate (&ctx, + ret = EVP_EncryptUpdate (ctx, (unsigned char*)*data_out, &update_len, (unsigned char*)data_in, @@ -314,7 +315,7 @@ seafile_encrypt (char **data_out, /* Finish the possible partial block. */ - ret = EVP_EncryptFinal_ex (&ctx, + ret = EVP_EncryptFinal_ex (ctx, (unsigned char*)*data_out + update_len, &final_len); @@ -324,13 +325,13 @@ seafile_encrypt (char **data_out, if (ret == ENC_FAILURE || *out_len != (blks * BLK_SIZE)) goto enc_error; - EVP_CIPHER_CTX_cleanup (&ctx); + EVP_CIPHER_CTX_free (ctx); return 0; enc_error: - EVP_CIPHER_CTX_cleanup (&ctx); + EVP_CIPHER_CTX_free (ctx); *out_len = -1; @@ -365,34 +366,35 @@ seafile_decrypt (char **data_out, return -1; } - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; int ret; /* Prepare CTX for decryption. */ - EVP_CIPHER_CTX_init (&ctx); + ctx = EVP_CIPHER_CTX_new (); if (crypt->version == 2) - ret = EVP_DecryptInit_ex (&ctx, + ret = EVP_DecryptInit_ex (ctx, EVP_aes_256_cbc(), /* cipher mode */ NULL, /* engine, NULL for default */ crypt->key, /* derived key */ crypt->iv); /* initial vector */ else if (crypt->version == 1) - ret = EVP_DecryptInit_ex (&ctx, + ret = EVP_DecryptInit_ex (ctx, EVP_aes_128_cbc(), /* cipher mode */ NULL, /* engine, NULL for default */ crypt->key, /* derived key */ crypt->iv); /* initial vector */ else - ret = EVP_DecryptInit_ex (&ctx, + ret = EVP_DecryptInit_ex (ctx, EVP_aes_128_ecb(), /* cipher mode */ NULL, /* engine, NULL for default */ crypt->key, /* derived key */ crypt->iv); /* initial vector */ - if (ret == DEC_FAILURE) + if (ret == DEC_FAILURE) { + EVP_CIPHER_CTX_free (ctx); return -1; - + } /* Allocating output buffer. */ *data_out = (char *)g_malloc (in_len); @@ -405,7 +407,7 @@ seafile_decrypt (char **data_out, int update_len, final_len; /* Do the decryption. */ - ret = EVP_DecryptUpdate (&ctx, + ret = EVP_DecryptUpdate (ctx, (unsigned char*)*data_out, &update_len, (unsigned char*)data_in, @@ -416,7 +418,7 @@ seafile_decrypt (char **data_out, /* Finish the possible partial block. */ - ret = EVP_DecryptFinal_ex (&ctx, + ret = EVP_DecryptFinal_ex (ctx, (unsigned char*)*data_out + update_len, &final_len); @@ -426,13 +428,13 @@ seafile_decrypt (char **data_out, if (ret == DEC_FAILURE || *out_len > in_len) goto dec_error; - EVP_CIPHER_CTX_cleanup (&ctx); + EVP_CIPHER_CTX_free (ctx); return 0; dec_error: - EVP_CIPHER_CTX_cleanup (&ctx); + EVP_CIPHER_CTX_free (ctx); *out_len = -1; if (*data_out != NULL) @@ -445,7 +447,7 @@ dec_error: } int -seafile_decrypt_init (EVP_CIPHER_CTX *ctx, +seafile_decrypt_init (EVP_CIPHER_CTX **ctx, int version, const unsigned char *key, const unsigned char *iv) @@ -453,22 +455,22 @@ seafile_decrypt_init (EVP_CIPHER_CTX *ctx, int ret; /* Prepare CTX for decryption. */ - EVP_CIPHER_CTX_init (ctx); + *ctx = EVP_CIPHER_CTX_new (); if (version == 2) - ret = EVP_DecryptInit_ex (ctx, + ret = EVP_DecryptInit_ex (*ctx, EVP_aes_256_cbc(), /* cipher mode */ NULL, /* engine, NULL for default */ key, /* derived key */ iv); /* initial vector */ else if (version == 1) - ret = EVP_DecryptInit_ex (ctx, + ret = EVP_DecryptInit_ex (*ctx, EVP_aes_128_cbc(), /* cipher mode */ NULL, /* engine, NULL for default */ key, /* derived key */ iv); /* initial vector */ else - ret = EVP_DecryptInit_ex (ctx, + ret = EVP_DecryptInit_ex (*ctx, EVP_aes_128_ecb(), /* cipher mode */ NULL, /* engine, NULL for default */ key, /* derived key */ diff --git a/common/seafile-crypt.h b/common/seafile-crypt.h index e03ad71..2d5756c 100644 --- a/common/seafile-crypt.h +++ b/common/seafile-crypt.h @@ -98,7 +98,7 @@ seafile_decrypt (char **data_out, SeafileCrypt *crypt); int -seafile_decrypt_init (EVP_CIPHER_CTX *ctx, +seafile_decrypt_init (EVP_CIPHER_CTX **ctx, int version, const unsigned char *key, const unsigned char *iv); diff --git a/lib/utils.c b/lib/utils.c index b4dcd60..a553da2 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -1526,7 +1526,7 @@ ccnet_encrypt (char **data_out, return -1; } - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; int ret, key_len; unsigned char key[16], iv[16]; int blks; @@ -1552,17 +1552,18 @@ ccnet_encrypt (char **data_out, } /* Prepare CTX for encryption. */ - EVP_CIPHER_CTX_init (&ctx); + ctx = EVP_CIPHER_CTX_new (); - ret = EVP_EncryptInit_ex (&ctx, + ret = EVP_EncryptInit_ex (ctx, EVP_aes_128_ecb(), /* cipher mode */ NULL, /* engine, NULL for default */ key, /* derived key */ iv); /* initial vector */ - if (ret == ENC_FAILURE) + if (ret == ENC_FAILURE){ + EVP_CIPHER_CTX_free (ctx); return -1; - + } /* Allocating output buffer. */ /* @@ -1583,7 +1584,7 @@ ccnet_encrypt (char **data_out, int update_len, final_len; /* Do the encryption. */ - ret = EVP_EncryptUpdate (&ctx, + ret = EVP_EncryptUpdate (ctx, (unsigned char*)*data_out, &update_len, (unsigned char*)data_in, @@ -1591,10 +1592,9 @@ ccnet_encrypt (char **data_out, if (ret == ENC_FAILURE) goto enc_error; - - + /* Finish the possible partial block. */ - ret = EVP_EncryptFinal_ex (&ctx, + ret = EVP_EncryptFinal_ex (ctx, (unsigned char*)*data_out + update_len, &final_len); @@ -1604,13 +1604,13 @@ ccnet_encrypt (char **data_out, if (ret == ENC_FAILURE || *out_len != (blks * BLK_SIZE)) goto enc_error; - EVP_CIPHER_CTX_cleanup (&ctx); + EVP_CIPHER_CTX_free (ctx); return 0; enc_error: - EVP_CIPHER_CTX_cleanup (&ctx); + EVP_CIPHER_CTX_free (ctx); *out_len = -1; @@ -1642,7 +1642,7 @@ ccnet_decrypt (char **data_out, return -1; } - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; int ret, key_len; unsigned char key[16], iv[16]; @@ -1668,9 +1668,9 @@ ccnet_decrypt (char **data_out, /* Prepare CTX for decryption. */ - EVP_CIPHER_CTX_init (&ctx); + ctx = EVP_CIPHER_CTX_new (); - ret = EVP_DecryptInit_ex (&ctx, + ret = EVP_DecryptInit_ex (ctx, EVP_aes_128_ecb(), /* cipher mode */ NULL, /* engine, NULL for default */ key, /* derived key */ @@ -1691,7 +1691,7 @@ ccnet_decrypt (char **data_out, int update_len, final_len; /* Do the decryption. */ - ret = EVP_DecryptUpdate (&ctx, + ret = EVP_DecryptUpdate (ctx, (unsigned char*)*data_out, &update_len, (unsigned char*)data_in, @@ -1702,7 +1702,7 @@ ccnet_decrypt (char **data_out, /* Finish the possible partial block. */ - ret = EVP_DecryptFinal_ex (&ctx, + ret = EVP_DecryptFinal_ex (ctx, (unsigned char*)*data_out + update_len, &final_len); @@ -1712,13 +1712,13 @@ ccnet_decrypt (char **data_out, if (ret == DEC_FAILURE || *out_len > in_len) goto dec_error; - EVP_CIPHER_CTX_cleanup (&ctx); + EVP_CIPHER_CTX_free (ctx); return 0; dec_error: - EVP_CIPHER_CTX_cleanup (&ctx); + EVP_CIPHER_CTX_free (ctx); *out_len = -1; if (*data_out != NULL) diff --git a/server/access-file.c b/server/access-file.c index 42e5838..67f4648 100644 --- a/server/access-file.c +++ b/server/access-file.c @@ -58,7 +58,7 @@ typedef struct SendfileData { Seafile *file; SeafileCrypt *crypt; gboolean enc_init; - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; BlockHandle *handle; size_t remain; int idx; @@ -154,7 +154,7 @@ free_sendfile_data (SendfileData *data) } if (data->enc_init) - EVP_CIPHER_CTX_cleanup (&data->ctx); + EVP_CIPHER_CTX_free (data->ctx); seafile_unref (data->file); g_free (data->crypt); @@ -301,7 +301,7 @@ next: seaf_block_manager_block_handle_free (seaf->block_mgr, handle); data->handle = NULL; if (data->crypt != NULL) { - EVP_CIPHER_CTX_cleanup (&data->ctx); + EVP_CIPHER_CTX_free (data->ctx); data->enc_init = FALSE; } @@ -337,7 +337,7 @@ next: goto err; } - int ret = EVP_DecryptUpdate (&data->ctx, + int ret = EVP_DecryptUpdate (data->ctx, (unsigned char *)dec_out, &dec_out_len, (unsigned char *)buf, @@ -355,7 +355,7 @@ next: /* If it's the last piece of a block, call decrypt_final() * to decrypt the possible partial block. */ if (data->remain == 0) { - ret = EVP_DecryptFinal_ex (&data->ctx, + ret = EVP_DecryptFinal_ex (data->ctx, (unsigned char *)dec_out, &dec_out_len); if (ret == 0) { diff --git a/server/block-tx-server.c b/server/block-tx-server.c index b50f9f4..1b6051a 100644 --- a/server/block-tx-server.c +++ b/server/block-tx-server.c @@ -205,7 +205,7 @@ static int send_auth_response (BlockTxServer *server, int status) { AuthResponse rsp; - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; int ret = 0; rsp.status = htonl (status); @@ -221,21 +221,21 @@ send_auth_response (BlockTxServer *server, int status) goto out; } - if (send_encrypted_data (&ctx, server->data_fd, &rsp, sizeof(rsp)) < 0) + if (send_encrypted_data (ctx, server->data_fd, &rsp, sizeof(rsp)) < 0) { seaf_warning ("Send auth response: failed to send data.\n"); ret = -1; goto out; } - if (send_encrypted_data_frame_end (&ctx, server->data_fd) < 0) { + if (send_encrypted_data_frame_end (ctx, server->data_fd) < 0) { seaf_warning ("Send auth response: failed to end.\n"); ret = -1; goto out; } out: - EVP_CIPHER_CTX_cleanup (&ctx); + EVP_CIPHER_CTX_free (ctx); return ret; } @@ -308,7 +308,7 @@ static int send_block_response_header (BlockTxServer *server, int status) { ResponseHeader header; - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; int ret = 0; header.status = htonl (status); @@ -325,7 +325,7 @@ send_block_response_header (BlockTxServer *server, int status) goto out; } - if (send_encrypted_data (&ctx, server->data_fd, + if (send_encrypted_data (ctx, server->data_fd, &header, sizeof(header)) < 0) { seaf_warning ("Send block response header %s: failed to send data.\n", @@ -334,7 +334,7 @@ send_block_response_header (BlockTxServer *server, int status) goto out; } - if (send_encrypted_data_frame_end (&ctx, server->data_fd) < 0) { + if (send_encrypted_data_frame_end (ctx, server->data_fd) < 0) { seaf_warning ("Send block response header %s: failed to end.\n", server->curr_block_id); ret = -1; @@ -342,7 +342,7 @@ send_block_response_header (BlockTxServer *server, int status) } out: - EVP_CIPHER_CTX_cleanup (&ctx); + EVP_CIPHER_CTX_free (ctx); return ret; } @@ -447,7 +447,7 @@ send_encrypted_block (BlockTxServer *server, { int n, remain; int ret = 0; - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; char send_buf[SEND_BUFFER_SIZE]; if (server->version == 1) @@ -472,7 +472,7 @@ send_encrypted_block (BlockTxServer *server, goto out; } - if (send_encrypted_data (&ctx, server->data_fd, send_buf, n) < 0) { + if (send_encrypted_data (ctx, server->data_fd, send_buf, n) < 0) { seaf_warning ("Send block %s: failed to send data.\n", block_id); ret = -1; goto out; @@ -481,7 +481,7 @@ send_encrypted_block (BlockTxServer *server, remain -= n; } - if (send_encrypted_data_frame_end (&ctx, server->data_fd) < 0) { + if (send_encrypted_data_frame_end (ctx, server->data_fd) < 0) { seaf_warning ("Send block %s: failed to end.\n", block_id); ret = -1; goto out; @@ -490,7 +490,7 @@ send_encrypted_block (BlockTxServer *server, seaf_debug ("Send block %s done.\n", server->curr_block_id); out: - EVP_CIPHER_CTX_cleanup (&ctx); + EVP_CIPHER_CTX_free (ctx); return ret; } @@ -661,7 +661,7 @@ block_tx_server_thread (void *vdata) } if (server->parser.enc_init) - EVP_CIPHER_CTX_cleanup (&server->parser.ctx); + EVP_CIPHER_CTX_free (server->parser.ctx); evbuffer_free (server->recv_buf); evutil_closesocket (server->data_fd); diff --git a/server/pack-dir.c b/server/pack-dir.c index fab7353..7763d18 100644 --- a/server/pack-dir.c +++ b/server/pack-dir.c @@ -86,7 +86,7 @@ add_file_to_archive (PackDirData *data, BlockMetadata *bmd = NULL; char *blk_id = NULL; uint32_t remain = 0; - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; gboolean enc_init = FALSE; char *dec_out = NULL; int dec_out_len = -1; @@ -196,7 +196,7 @@ add_file_to_archive (PackDirData *data, goto out; } - int r = EVP_DecryptUpdate (&ctx, + int r = EVP_DecryptUpdate (ctx, (unsigned char *)dec_out, &dec_out_len, (unsigned char *)buf, @@ -221,7 +221,7 @@ add_file_to_archive (PackDirData *data, /* If it's the last piece of a block, call decrypt_final() * to decrypt the possible partial block. */ if (remain == 0) { - r = EVP_DecryptFinal_ex (&ctx, + r = EVP_DecryptFinal_ex (ctx, (unsigned char *)dec_out, &dec_out_len); if (r != 1) { @@ -264,7 +264,7 @@ out: seaf_block_manager_block_handle_free(seaf->block_mgr, handle); } if (crypt != NULL && enc_init) - EVP_CIPHER_CTX_cleanup (&ctx); + EVP_CIPHER_CTX_free (ctx); g_free (dec_out); return ret;