Ensure EVP_CipherInit() uses the correct encode/decode parameter if

enc == -1

[Reported by Markus Friedl <markus@openbsd.org>]

Fix typo in dh_lib.c (use of DSAerr instead of DHerr).

2 files changed, 9 insertions, 3 deletions

diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 7adf48e6a2..ba5fd41057 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -116,7 +116,7 @@ DH *DH_new_method(ENGINE *engine)
 		{
 		if (!ENGINE_init(engine))
 			{
-			DSAerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+			DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
 			OPENSSL_free(ret);
 			return NULL;
 			}
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 22a7b745c1..d28a7d266e 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -85,7 +85,14 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
 	     const unsigned char *key, const unsigned char *iv, int enc)
 	{
-	if(enc && (enc != -1)) enc = 1;
+	if (enc == -1)
+		enc = ctx->encrypt;
+	else
+		{
+		if (enc)
+			enc = 1;
+		ctx->encrypt = enc;
+		}
 	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
 	 * so this context may already have an ENGINE! Try to avoid releasing
 	 * the previous handle, re-querying for an ENGINE, and having a
@@ -184,7 +191,6 @@ skip_to_init:
 	if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
 		if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
 	}
-	if(enc != -1) ctx->encrypt=enc;
 	ctx->buf_len=0;
 	ctx->final_used=0;
 	ctx->block_mask=ctx->cipher->block_size-1;