Don't use deprecated OpenSSL functions.
This change simply switches from the deprecated
EVP_{En|De}crypt{Init|Final} to the newer, _ex versions of the same.
There is no difference in behaviour, save for calling
EVP_CIPHER_CTX_init, as the deprecated versions are just wrappers around
the _ex functions. See
https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=crypto/evp/evp_enc.c;h=f705967a40ab92cdf3c2ba8dd6bc19680d6157d6;hb=HEAD#l274
This change is required for the transition to BoringSSL, which removes
the deprecated functions.
Bug: 17409664
Change-Id: I35c6cc2d86d0c876a9edaff1e5571170fe393d87
Signed-off-by: Adam Langley <agl@google.com>
diff --git a/cryptfs.c b/cryptfs.c
index 99f6069..3eab6ac 100644
--- a/cryptfs.c
+++ b/cryptfs.c
@@ -903,7 +903,8 @@
scrypt(passwd, salt, ikey, crypt_ftr);
/* Initialize the decryption engine */
- if (! EVP_EncryptInit(&e_ctx, EVP_aes_128_cbc(), ikey, ikey+KEY_LEN_BYTES)) {
+ EVP_CIPHER_CTX_init(&e_ctx);
+ if (! EVP_EncryptInit_ex(&e_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
SLOGE("EVP_EncryptInit failed\n");
return -1;
}
@@ -915,7 +916,7 @@
SLOGE("EVP_EncryptUpdate failed\n");
return -1;
}
- if (! EVP_EncryptFinal(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
+ if (! EVP_EncryptFinal_ex(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
SLOGE("EVP_EncryptFinal failed\n");
return -1;
}
@@ -941,7 +942,8 @@
kdf(passwd, salt, ikey, kdf_params);
/* Initialize the decryption engine */
- if (! EVP_DecryptInit(&d_ctx, EVP_aes_128_cbc(), ikey, ikey+KEY_LEN_BYTES)) {
+ EVP_CIPHER_CTX_init(&d_ctx);
+ if (! EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
return -1;
}
EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
@@ -950,7 +952,7 @@
encrypted_master_key, KEY_LEN_BYTES)) {
return -1;
}
- if (! EVP_DecryptFinal(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
+ if (! EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
return -1;
}