On 12/12/2016 07:18 AM, Michael Paquier wrote:
> On Fri, Dec 9, 2016 at 10:22 AM, Michael Paquier
> <michael.paquier@gmail.com> wrote:
>> Thanks for looking at the patch. Looking forward to hearing more!
>
> Here is an updated patch based on which reviews should be done. I have
> fixed the issue you have reported, and upon additional lookup I have
> noticed that returning -1 when failing on EVP_CIPHER_CTX_new() in
> px_find_cipher() is dead wrong. The error code should be
> PXE_CIPHER_INIT.
> @@ -307,17 +360,18 @@ gen_ossl_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
>
> if (!od->init)
> {
> - EVP_CIPHER_CTX_init(&od->evp_ctx);
> - if (!EVP_DecryptInit_ex(&od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
> + if (!EVP_CIPHER_CTX_cleanup(od->evp_ctx))
> + return PXE_CIPHER_INIT;
> + if (!EVP_DecryptInit_ex(od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
> return PXE_CIPHER_INIT;
> - if (!EVP_CIPHER_CTX_set_key_length(&od->evp_ctx, od->klen))
> + if (!EVP_CIPHER_CTX_set_key_length(od->evp_ctx, od->klen))
> return PXE_CIPHER_INIT;
> - if (!EVP_DecryptInit_ex(&od->evp_ctx, NULL, NULL, od->key, od->iv))
> + if (!EVP_DecryptInit_ex(od->evp_ctx, NULL, NULL, od->key, od->iv))
> return PXE_CIPHER_INIT;
> od->init = true;
> }
The EVP_CIPHER_CTX_cleanup() call seems superfluous. We know that the
context isn't initialized yet, so no need to clean it up.
Removed that, did some further cosmetic changes, and pushed. I renamed a
bunch variables and structs, so that they are more consistent with the
similar digest stuff.
Thanks!
- Heikki