Don't use deprecated OpenSSL functions.

This change simply switches from the deprecated EVP_{En|De}crypt{Init|Final} to the newer, _ex versions of the same. There is no difference in behaviour, save for calling EVP_CIPHER_CTX_init, as the deprecated versions are just wrappers around the _ex functions. See https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=crypto/evp/evp_enc.c;h=f705967a40ab92cdf3c2ba8dd6bc19680d6157d6;hb=HEAD#l274 This change is required for the transition to BoringSSL, which removes the deprecated functions. Bug: 17409664 Change-Id: I35c6cc2d86d0c876a9edaff1e5571170fe393d87 Signed-off-by: Adam Langley <agl@google.com>
10 years ago · 889c4f1e36
parent 52f5425ff5
commit 889c4f1e36
1 changed files with 6 additions and 4 deletions
--- a/cryptfs.c
+++ b/cryptfs.c
@ -903,7 +903,8 @@ static int encrypt_master_key(char *passwd, unsigned char *salt,
    scrypt(passwd, salt, ikey, crypt_ftr);

    /* Initialize the decryption engine */
-    if (! EVP_EncryptInit(&e_ctx, EVP_aes_128_cbc(), ikey, ikey+KEY_LEN_BYTES)) {
+    EVP_CIPHER_CTX_init(&e_ctx);
+    if (! EVP_EncryptInit_ex(&e_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
        SLOGE("EVP_EncryptInit failed\n");
        return -1;
    }
@ -915,7 +916,7 @@ static int encrypt_master_key(char *passwd, unsigned char *salt,
        SLOGE("EVP_EncryptUpdate failed\n");
        return -1;
    }
-    if (! EVP_EncryptFinal(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
+    if (! EVP_EncryptFinal_ex(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
        SLOGE("EVP_EncryptFinal failed\n");
        return -1;
    }
@ -941,7 +942,8 @@ static int decrypt_master_key_aux(char *passwd, unsigned char *salt,
  kdf(passwd, salt, ikey, kdf_params);

  /* Initialize the decryption engine */
-  if (! EVP_DecryptInit(&d_ctx, EVP_aes_128_cbc(), ikey, ikey+KEY_LEN_BYTES)) {
+  EVP_CIPHER_CTX_init(&d_ctx);
+  if (! EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
    return -1;
  }
  EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
@ -950,7 +952,7 @@ static int decrypt_master_key_aux(char *passwd, unsigned char *salt,
                            encrypted_master_key, KEY_LEN_BYTES)) {
    return -1;
  }
-  if (! EVP_DecryptFinal(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
+  if (! EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
    return -1;
  }