Skip to content

Commit 640cd85

Browse files
sjlombardosjlombardo
committed
move EVP_CIPHER_CTX to locked heap memory
1 parent 12ed2a3 commit 640cd85

1 file changed

Lines changed: 7 additions & 7 deletions

File tree

src/crypto.c

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,7 @@ void sqlite3FreeCodecArg(void *pCodecArg);
6262
typedef struct {
6363
int derive_key;
6464
EVP_CIPHER *evp_cipher;
65+
EVP_CIPHER_CTX ectx;
6566
int kdf_iter;
6667
int key_sz;
6768
int iv_sz;
@@ -292,7 +293,6 @@ static int codec_key_derive(codec_ctx *ctx, cipher_ctx *c_ctx) {
292293
* out - pouter to output bytes
293294
*/
294295
static int codec_cipher(cipher_ctx *ctx, Pgno pgno, int mode, int size, unsigned char *in, unsigned char *out) {
295-
EVP_CIPHER_CTX ectx;
296296
unsigned char *iv;
297297
int tmp_csz, csz;
298298

@@ -314,15 +314,15 @@ static int codec_cipher(cipher_ctx *ctx, Pgno pgno, int mode, int size, unsigned
314314
memcpy(iv, in+size, ctx->iv_sz);
315315
}
316316

317-
EVP_CipherInit(&ectx, ctx->evp_cipher, NULL, NULL, mode);
318-
EVP_CIPHER_CTX_set_padding(&ectx, 0);
319-
EVP_CipherInit(&ectx, NULL, ctx->key, iv, mode);
320-
EVP_CipherUpdate(&ectx, out, &tmp_csz, in, size);
317+
EVP_CipherInit(&ctx->ectx, ctx->evp_cipher, NULL, NULL, mode);
318+
EVP_CIPHER_CTX_set_padding(&ctx->ectx, 0);
319+
EVP_CipherInit(&ctx->ectx, NULL, ctx->key, iv, mode);
320+
EVP_CipherUpdate(&ctx->ectx, out, &tmp_csz, in, size);
321321
csz = tmp_csz;
322322
out += tmp_csz;
323-
EVP_CipherFinal(&ectx, out, &tmp_csz);
323+
EVP_CipherFinal(&ctx->ectx, out, &tmp_csz);
324324
csz += tmp_csz;
325-
EVP_CIPHER_CTX_cleanup(&ectx);
325+
EVP_CIPHER_CTX_cleanup(&ctx->ectx);
326326
assert(size == csz);
327327

328328
return SQLITE_OK;

0 commit comments

Comments
 (0)