From cdf1d39e4e18c933a22ec516fe8c230deadfa9bc Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Fri, 19 Nov 2021 18:55:29 +0100 Subject: [PATCH] Remove OpenSSL compat code that misuses the API Immediately after EVP_CIPHER_CTX_new() neither EVP_CIPHER_CTX_init() nor EVP_CIHPER_CTX_reset() should be called: the purpose of the init function is to initialize a context on the stack while reset clears a used context for reuse. Neither situation is the case here. Removing the code also fixes a potential NULL dereference because an error of reset is not signaled to the caller. Fortunately reset doesn't currently fail in this situation in current OpenSSL and LibreSSL. --- libarchive/archive_cryptor.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/libarchive/archive_cryptor.c b/libarchive/archive_cryptor.c index d4bca906b..112baf161 100644 --- a/libarchive/archive_cryptor.c +++ b/libarchive/archive_cryptor.c @@ -401,14 +401,6 @@ aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *key, size_t key_len) memcpy(ctx->key, key, key_len); memset(ctx->nonce, 0, sizeof(ctx->nonce)); ctx->encr_pos = AES_BLOCK_SIZE; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - if (!EVP_CIPHER_CTX_reset(ctx->ctx)) { - EVP_CIPHER_CTX_free(ctx->ctx); - ctx->ctx = NULL; - } -#else - EVP_CIPHER_CTX_init(ctx->ctx); -#endif return 0; } -- 2.47.2