From 889c4f1e36f69c1d5a9a92a6ba40d8a729d3f7b0 Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@google.com>
Date: Wed, 3 Sep 2014 14:23:13 -0700
Subject: [PATCH] Don't use deprecated OpenSSL functions.

This change simply switches from the deprecated
EVP_{En|De}crypt{Init|Final} to the newer, _ex versions of the same.

There is no difference in behaviour, save for calling
EVP_CIPHER_CTX_init, as the deprecated versions are just wrappers around
the _ex functions. See
https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=crypto/evp/evp_enc.c;h=f705967a40ab92cdf3c2ba8dd6bc19680d6157d6;hb=HEAD#l274

This change is required for the transition to BoringSSL, which removes
the deprecated functions.

Bug: 17409664
Change-Id: I35c6cc2d86d0c876a9edaff1e5571170fe393d87
Signed-off-by: Adam Langley <agl@google.com>
---
 cryptfs.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/cryptfs.c b/cryptfs.c
index 99f6069..3eab6ac 100644
--- a/cryptfs.c
+++ b/cryptfs.c
@@ -903,7 +903,8 @@ static int encrypt_master_key(char *passwd, unsigned char *salt,
     scrypt(passwd, salt, ikey, crypt_ftr);
 
     /* Initialize the decryption engine */
-    if (! EVP_EncryptInit(&e_ctx, EVP_aes_128_cbc(), ikey, ikey+KEY_LEN_BYTES)) {
+    EVP_CIPHER_CTX_init(&e_ctx);
+    if (! EVP_EncryptInit_ex(&e_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
         SLOGE("EVP_EncryptInit failed\n");
         return -1;
     }
@@ -915,7 +916,7 @@ static int encrypt_master_key(char *passwd, unsigned char *salt,
         SLOGE("EVP_EncryptUpdate failed\n");
         return -1;
     }
-    if (! EVP_EncryptFinal(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
+    if (! EVP_EncryptFinal_ex(&e_ctx, encrypted_master_key + encrypted_len, &final_len)) {
         SLOGE("EVP_EncryptFinal failed\n");
         return -1;
     }
@@ -941,7 +942,8 @@ static int decrypt_master_key_aux(char *passwd, unsigned char *salt,
   kdf(passwd, salt, ikey, kdf_params);
 
   /* Initialize the decryption engine */
-  if (! EVP_DecryptInit(&d_ctx, EVP_aes_128_cbc(), ikey, ikey+KEY_LEN_BYTES)) {
+  EVP_CIPHER_CTX_init(&d_ctx);
+  if (! EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+KEY_LEN_BYTES)) {
     return -1;
   }
   EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
@@ -950,7 +952,7 @@ static int decrypt_master_key_aux(char *passwd, unsigned char *salt,
                             encrypted_master_key, KEY_LEN_BYTES)) {
     return -1;
   }
-  if (! EVP_DecryptFinal(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
+  if (! EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
     return -1;
   }