RubyGems - grpc - Versions diffs - 1.80.0 → 1.81.0 - Mend

grpc 1.80.0 → 1.81.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (889) hide show

data/third_party/boringssl-with-bazel/{src/crypto → crypto}/fipsmodule/self_check/self_check.cc.inc RENAMED Viewed

@@ -708,6 +708,10 @@ static int boringssl_self_test_fast(void) {
   };
   static const uint8_t kAESIV[16] = {0};
+  EVP_AEAD_CTX aead_ctx;
+  EVP_AEAD_CTX_zero(&aead_ctx);
+  int ret = 0;
   AES_KEY aes_key;
   uint8_t aes_iv[16];
   uint8_t output[256];
@@ -727,14 +731,14 @@ static int boringssl_self_test_fast(void) {
   if (!bcm_success(
           BCM_aes_set_encrypt_key(kAESKey, 8 * sizeof(kAESKey), &aes_key))) {
     fprintf(CRYPTO_get_stderr(), "BCM_aes_set_encrypt_key failed.\n");
-    return 0;
+    goto err;
   }
   AES_cbc_encrypt(kAESCBCEncPlaintext, output, sizeof(kAESCBCEncPlaintext),
                   &aes_key, aes_iv, AES_ENCRYPT);
   if (!BORINGSSL_check_test(kAESCBCEncCiphertext, output,
                             sizeof(kAESCBCEncCiphertext),
                             "AES-CBC-encrypt KAT")) {
-    return 0;
+    goto err;
   }
   // AES-CBC Decryption KAT
@@ -752,24 +756,23 @@ static int boringssl_self_test_fast(void) {
   if (!bcm_success(
           BCM_aes_set_decrypt_key(kAESKey, 8 * sizeof(kAESKey), &aes_key))) {
     fprintf(CRYPTO_get_stderr(), "BCM_aes_set_decrypt_key failed.\n");
-    return 0;
+    goto err;
   }
   AES_cbc_encrypt(kAESCBCDecCiphertext, output, sizeof(kAESCBCDecCiphertext),
                   &aes_key, aes_iv, AES_DECRYPT);
   if (!BORINGSSL_check_test(kAESCBCDecPlaintext, output,
                             sizeof(kAESCBCDecPlaintext),
                             "AES-CBC-decrypt KAT")) {
-    return 0;
+    goto err;
   }
   size_t out_len;
   uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH];
   OPENSSL_memset(nonce, 0, sizeof(nonce));
-  bssl::ScopedEVP_AEAD_CTX aead_ctx;
-  if (!EVP_AEAD_CTX_init(aead_ctx.get(), EVP_aead_aes_128_gcm(), kAESKey,
+  if (!EVP_AEAD_CTX_init(&aead_ctx, EVP_aead_aes_128_gcm(), kAESKey,
                          sizeof(kAESKey), 0, NULL)) {
     fprintf(CRYPTO_get_stderr(), "EVP_AEAD_CTX_init for AES-128-GCM failed.\n");
-    return 0;
+    goto err;
   }
   // AES-GCM Encryption KAT
@@ -784,14 +787,14 @@ static int boringssl_self_test_fast(void) {
       0x1c, 0x63, 0x2e, 0x97, 0x93, 0x0f, 0xfb, 0xed, 0xb5, 0x9e, 0x1c, 0x20,
       0xb2, 0xb0, 0x58, 0xda, 0x48, 0x07, 0x2d, 0xbd, 0x96, 0x0d, 0x34, 0xc6,
   };
-  if (!EVP_AEAD_CTX_seal(aead_ctx.get(), output, &out_len, sizeof(output),
-                         nonce, EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()),
+  if (!EVP_AEAD_CTX_seal(&aead_ctx, output, &out_len, sizeof(output), nonce,
+                         EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()),
                          kAESGCMEncPlaintext, sizeof(kAESGCMEncPlaintext), NULL,
                          0) ||
       !BORINGSSL_check_test(kAESGCMCiphertext, output,
                             sizeof(kAESGCMCiphertext), "AES-GCM-encrypt KAT")) {
     fprintf(CRYPTO_get_stderr(), "EVP_AEAD_CTX_seal for AES-128-GCM failed.\n");
-    return 0;
+    goto err;
   }
   // AES-GCM Decryption KAT
@@ -807,8 +810,8 @@ static int boringssl_self_test_fast(void) {
           0xa9, 0x99, 0x17, 0x6a, 0x45, 0x05, 0x5e, 0x99, 0x83, 0x56, 0x01,
           0xc0, 0x82, 0x40, 0x81, 0xd2, 0x48, 0x45, 0xf2, 0xcc, 0xc3,
       };
-  if (!EVP_AEAD_CTX_open(aead_ctx.get(), output, &out_len, sizeof(output),
-                         nonce, EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()),
+  if (!EVP_AEAD_CTX_open(&aead_ctx, output, &out_len, sizeof(output), nonce,
+                         EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()),
                          kAESGCMDecCiphertext, sizeof(kAESGCMDecCiphertext),
                          NULL, 0) ||
       !BORINGSSL_check_test(kAESGCMDecPlaintext, output,
@@ -816,7 +819,7 @@ static int boringssl_self_test_fast(void) {
                             "AES-GCM-decrypt KAT")) {
     fprintf(CRYPTO_get_stderr(),
             "AES-GCM-decrypt KAT failed because EVP_AEAD_CTX_open failed.\n");
-    return 0;
+    goto err;
   }
   // SHA-1 KAT
@@ -831,12 +834,12 @@ static int boringssl_self_test_fast(void) {
   SHA1(kSHA1Input, sizeof(kSHA1Input), output);
   if (!BORINGSSL_check_test(kSHA1Digest, output, sizeof(kSHA1Digest),
                             "SHA-1 KAT")) {
-    return 0;
+    goto err;
   }
   if (!boringssl_self_test_sha256() || !boringssl_self_test_sha512() ||
       !boringssl_self_test_hmac_sha256()) {
-    return 0;
+    goto err;
   }
   // DBRG KAT
@@ -886,7 +889,7 @@ static int boringssl_self_test_fast(void) {
       !BORINGSSL_check_test(kDRBGReseedOutput, output,
                             sizeof(kDRBGReseedOutput), "DRBG-reseed KAT")) {
     fprintf(CRYPTO_get_stderr(), "CTR-DRBG failed.\n");
-    return 0;
+    goto err;
   }
   CTR_DRBG_clear(&drbg);
@@ -894,7 +897,7 @@ static int boringssl_self_test_fast(void) {
   memset(&kZeroDRBG, 0, sizeof(kZeroDRBG));
   if (!BORINGSSL_check_test(&kZeroDRBG, &drbg, sizeof(drbg),
                             "DRBG Clear KAT")) {
-    return 0;
+    goto err;
   }
   // TLS KDF KAT
@@ -926,7 +929,7 @@ static int boringssl_self_test_fast(void) {
       !BORINGSSL_check_test(kTLS10Output, tls10_output, sizeof(kTLS10Output),
                             "TLS10-KDF KAT")) {
     fprintf(CRYPTO_get_stderr(), "TLS KDF failed.\n");
-    return 0;
+    goto err;
   }
   static const uint8_t kTLS12Secret[32] = {
@@ -947,7 +950,7 @@ static int boringssl_self_test_fast(void) {
       !BORINGSSL_check_test(kTLS12Output, tls12_output, sizeof(kTLS12Output),
                             "TLS12-KDF KAT")) {
     fprintf(CRYPTO_get_stderr(), "TLS KDF failed.\n");
-    return 0;
+    goto err;
   }
   // TLS v1.3: derives a dummy client-early-traffic secret.
@@ -987,7 +990,7 @@ static int boringssl_self_test_fast(void) {
                             sizeof(kTLS13ExpandLabelOutput),
                             "CRYPTO_tls13_hkdf_expand_label")) {
     fprintf(CRYPTO_get_stderr(), "TLS13-KDF failed.\n");
-    return 0;
+    goto err;
   }
   // HKDF
@@ -1018,10 +1021,15 @@ static int boringssl_self_test_fast(void) {
       !BORINGSSL_check_test(kHKDFOutput, hkdf_output, sizeof(kHKDFOutput),
                             "HKDF")) {
     fprintf(CRYPTO_get_stderr(), "HKDF failed.\n");
-    return 0;
+    goto err;
   }
-  return 1;
+  ret = 1;
+err:
+  EVP_AEAD_CTX_cleanup(&aead_ctx);
+  return ret;
 }
 int BORINGSSL_self_test(void) {

data/third_party/boringssl-with-bazel/{src/crypto → crypto}/obj/obj.cc RENAMED Viewed

@@ -278,8 +278,14 @@ int OBJ_txt2nid(const char *s) {
 OPENSSL_EXPORT int OBJ_nid2cbb(CBB *out, int nid) {
   const ASN1_OBJECT *obj = OBJ_nid2obj(nid);
-  return obj != NULL &&
-         CBB_add_asn1_element(out, CBS_ASN1_OBJECT, obj->data, obj->length);
+  CBB oid;
+  if (obj == NULL || !CBB_add_asn1(out, &oid, CBS_ASN1_OBJECT) ||
+      !CBB_add_bytes(&oid, obj->data, obj->length) || !CBB_flush(out)) {
+    return 0;
+  }
+  return 1;
 }
 const ASN1_OBJECT *OBJ_get_undef(void) {

data/third_party/boringssl-with-bazel/{src/crypto → crypto}/pem/pem_lib.cc RENAMED Viewed

@@ -239,7 +239,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, void *x,
 int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
                        const EVP_CIPHER *enc, const unsigned char *pass,
                        int pass_len, pem_password_cb *callback, void *u) {
-  bssl::ScopedEVP_CIPHER_CTX ctx;
+  EVP_CIPHER_CTX ctx;
   int dsize = 0, i, j, ret = 0;
   unsigned char *p, *data = NULL;
   const char *objstr = NULL;
@@ -305,14 +305,16 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
     PEM_dek_info(buf, objstr, iv_len, (char *)iv);
     // k=strlen(buf);
+    EVP_CIPHER_CTX_init(&ctx);
     ret = 1;
-    if (!EVP_EncryptInit_ex(ctx.get(), enc, NULL, key, iv) ||
-        !EVP_EncryptUpdate(ctx.get(), data, &j, data, i) ||
-        !EVP_EncryptFinal_ex(ctx.get(), &(data[j]), &i)) {
+    if (!EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv) ||
+        !EVP_EncryptUpdate(&ctx, data, &j, data, i) ||
+        !EVP_EncryptFinal_ex(&ctx, &(data[j]), &i)) {
       ret = 0;
     } else {
       i += j;
     }
+    EVP_CIPHER_CTX_cleanup(&ctx);
     if (ret == 0) {
       goto err;
     }
@@ -327,6 +329,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
 err:
   OPENSSL_cleanse(key, sizeof(key));
   OPENSSL_cleanse(iv, sizeof(iv));
+  OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
   OPENSSL_cleanse(buf, PEM_BUFSIZE);
   OPENSSL_free(data);
   return ret;
@@ -336,7 +339,7 @@ int PEM_do_header(const EVP_CIPHER_INFO *cipher, unsigned char *data,
                   long *plen, pem_password_cb *callback, void *u) {
   int i = 0, j, o, pass_len;
   long len;
-  bssl::ScopedEVP_CIPHER_CTX ctx;
+  EVP_CIPHER_CTX ctx;
   unsigned char key[EVP_MAX_KEY_LENGTH];
   char buf[PEM_BUFSIZE];
@@ -362,13 +365,15 @@ int PEM_do_header(const EVP_CIPHER_INFO *cipher, unsigned char *data,
   }
   j = (int)len;
-  o = EVP_DecryptInit_ex(ctx.get(), cipher->cipher, NULL, key, cipher->iv);
+  EVP_CIPHER_CTX_init(&ctx);
+  o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, cipher->iv);
   if (o) {
-    o = EVP_DecryptUpdate(ctx.get(), data, &i, data, j);
+    o = EVP_DecryptUpdate(&ctx, data, &i, data, j);
   }
   if (o) {
-    o = EVP_DecryptFinal_ex(ctx.get(), &(data[i]), &j);
+    o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j);
   }
+  EVP_CIPHER_CTX_cleanup(&ctx);
   OPENSSL_cleanse((char *)buf, sizeof(buf));
   OPENSSL_cleanse((char *)key, sizeof(key));
   if (!o) {

data/third_party/boringssl-with-bazel/{src/crypto → crypto}/pkcs7/pkcs7.cc RENAMED Viewed

@@ -167,12 +167,13 @@ int pkcs7_add_signed_data(CBB *out, uint64_t signed_data_version,
                           int (*cert_crl_cb)(CBB *out, void *arg),
                           int (*signer_infos_cb)(CBB *out, void *arg),
                           void *arg) {
-  CBB outer_seq, wrapped_seq, seq, digest_algos_set, content_info, signer_infos;
+  CBB outer_seq, oid, wrapped_seq, seq, digest_algos_set, content_info,
+      signer_infos;
   // See https://tools.ietf.org/html/rfc2315#section-7
   if (!CBB_add_asn1(out, &outer_seq, CBS_ASN1_SEQUENCE) ||
-      !CBB_add_asn1_element(&outer_seq, CBS_ASN1_OBJECT, kPKCS7SignedData,
-                            sizeof(kPKCS7SignedData)) ||
+      !CBB_add_asn1(&outer_seq, &oid, CBS_ASN1_OBJECT) ||
+      !CBB_add_bytes(&oid, kPKCS7SignedData, sizeof(kPKCS7SignedData)) ||
       !CBB_add_asn1(&outer_seq, &wrapped_seq,
                     CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0) ||
       // See https://tools.ietf.org/html/rfc2315#section-9.1
@@ -182,8 +183,8 @@ int pkcs7_add_signed_data(CBB *out, uint64_t signed_data_version,
       (digest_algos_cb != NULL && !digest_algos_cb(&digest_algos_set, arg)) ||
       !CBB_flush_asn1_set_of(&digest_algos_set) ||
       !CBB_add_asn1(&seq, &content_info, CBS_ASN1_SEQUENCE) ||
-      !CBB_add_asn1_element(&content_info, CBS_ASN1_OBJECT, kPKCS7Data,
-                            sizeof(kPKCS7Data)) ||
+      !CBB_add_asn1(&content_info, &oid, CBS_ASN1_OBJECT) ||
+      !CBB_add_bytes(&oid, kPKCS7Data, sizeof(kPKCS7Data)) ||
       (cert_crl_cb != NULL && !cert_crl_cb(&seq, arg)) ||
       !CBB_add_asn1(&seq, &signer_infos, CBS_ASN1_SET) ||
       (signer_infos_cb != NULL && !signer_infos_cb(&signer_infos, arg)) ||

data/third_party/boringssl-with-bazel/{src/crypto → crypto}/pkcs7/pkcs7_x509.cc RENAMED Viewed

@@ -17,12 +17,9 @@
 #include <assert.h>
 #include <limits.h>
-#include <openssl/asn1.h>
 #include <openssl/bytestring.h>
 #include <openssl/cms.h>
-#include <openssl/digest.h>
 #include <openssl/err.h>
-#include <openssl/evp.h>
 #include <openssl/mem.h>
 #include <openssl/obj.h>
 #include <openssl/pem.h>
@@ -422,9 +419,9 @@ static int write_signer_info(CBB *out, void *arg) {
       return 0;
     }
     // subjectKeyIdentifier is implicitly-tagged.
-    if (!CBB_add_asn1_element(&seq, CBS_ASN1_CONTEXT_SPECIFIC | 0,
-                              ASN1_STRING_get0_data(skid),
-                              ASN1_STRING_length(skid))) {
+    if (!CBB_add_asn1(&seq, &child, CBS_ASN1_CONTEXT_SPECIFIC | 0) ||
+        !CBB_add_bytes(&child, ASN1_STRING_get0_data(skid),
+                       ASN1_STRING_length(skid))) {
       return 0;
     }
   } else {

data/third_party/boringssl-with-bazel/{src/crypto → crypto}/pkcs8/p5_pbev2.cc RENAMED Viewed

@@ -90,8 +90,10 @@ static const EVP_CIPHER *cbs_to_cipher(const CBS *cbs) {
 static int add_cipher_oid(CBB *out, int nid) {
   for (const auto &cipher : kCipherOIDs) {
     if (cipher.nid == nid) {
-      return CBB_add_asn1_element(out, CBS_ASN1_OBJECT, cipher.oid,
-                                  cipher.oid_len);
+      CBB child;
+      return CBB_add_asn1(out, &child, CBS_ASN1_OBJECT) &&
+             CBB_add_bytes(&child, cipher.oid, cipher.oid_len) &&
+             CBB_flush(out);
     }
   }
@@ -143,15 +145,18 @@ int PKCS5_pbe2_encrypt_init(CBB *out, EVP_CIPHER_CTX *ctx,
   }
   // See RFC 2898, appendix A.
-  CBB algorithm, param, kdf, kdf_param, cipher_cbb;
+  CBB algorithm, oid, param, kdf, kdf_oid, kdf_param, salt_cbb, cipher_cbb,
+      iv_cbb;
   if (!CBB_add_asn1(out, &algorithm, CBS_ASN1_SEQUENCE) ||
-      !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, kPBES2,
-                            sizeof(kPBES2)) ||
+      !CBB_add_asn1(&algorithm, &oid, CBS_ASN1_OBJECT) ||
+      !CBB_add_bytes(&oid, kPBES2, sizeof(kPBES2)) ||
       !CBB_add_asn1(&algorithm, &param, CBS_ASN1_SEQUENCE) ||
       !CBB_add_asn1(&param, &kdf, CBS_ASN1_SEQUENCE) ||
-      !CBB_add_asn1_element(&kdf, CBS_ASN1_OBJECT, kPBKDF2, sizeof(kPBKDF2)) ||
+      !CBB_add_asn1(&kdf, &kdf_oid, CBS_ASN1_OBJECT) ||
+      !CBB_add_bytes(&kdf_oid, kPBKDF2, sizeof(kPBKDF2)) ||
       !CBB_add_asn1(&kdf, &kdf_param, CBS_ASN1_SEQUENCE) ||
-      !CBB_add_asn1_octet_string(&kdf_param, salt, salt_len) ||
+      !CBB_add_asn1(&kdf_param, &salt_cbb, CBS_ASN1_OCTETSTRING) ||
+      !CBB_add_bytes(&salt_cbb, salt, salt_len) ||
       !CBB_add_asn1_uint64(&kdf_param, iterations) ||
       // Specify a key length for RC2.
       (cipher_nid == NID_rc2_cbc &&
@@ -162,8 +167,8 @@ int PKCS5_pbe2_encrypt_init(CBB *out, EVP_CIPHER_CTX *ctx,
       !add_cipher_oid(&cipher_cbb, cipher_nid) ||
       // RFC 2898 says RC2-CBC and RC5-CBC-Pad use a SEQUENCE with version and
       // IV, but OpenSSL always uses an OCTET STRING IV, so we do the same.
-      !CBB_add_asn1_octet_string(&cipher_cbb, iv,
-                                 EVP_CIPHER_iv_length(cipher)) ||
+      !CBB_add_asn1(&cipher_cbb, &iv_cbb, CBS_ASN1_OCTETSTRING) ||
+      !CBB_add_bytes(&iv_cbb, iv, EVP_CIPHER_iv_length(cipher)) ||
       !CBB_flush(out)) {
     return 0;
   }

data/third_party/boringssl-with-bazel/{src/crypto → crypto}/pkcs8/pkcs8.cc RENAMED Viewed

@@ -33,8 +33,8 @@
 static int pkcs12_encode_password(const char *in, size_t in_len, uint8_t **out,
                                   size_t *out_len) {
-  bssl::ScopedCBB cbb;
-  if (!CBB_init(cbb.get(), in_len * 2)) {
+  CBB cbb;
+  if (!CBB_init(&cbb, in_len * 2)) {
     return 0;
   }
@@ -44,18 +44,22 @@ static int pkcs12_encode_password(const char *in, size_t in_len, uint8_t **out,
   CBS_init(&cbs, (const uint8_t *)in, in_len);
   while (CBS_len(&cbs) != 0) {
     uint32_t c;
-    if (!CBS_get_utf8(&cbs, &c) || !CBB_add_ucs2_be(cbb.get(), c)) {
+    if (!CBS_get_utf8(&cbs, &c) || !CBB_add_ucs2_be(&cbb, c)) {
       OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_INVALID_CHARACTERS);
-      return 0;
+      goto err;
     }
   }
   // Terminate the result with a UCS-2 NUL.
-  if (!CBB_add_ucs2_be(cbb.get(), 0) || !CBB_finish(cbb.get(), out, out_len)) {
-    return 0;
+  if (!CBB_add_ucs2_be(&cbb, 0) || !CBB_finish(&cbb, out, out_len)) {
+    goto err;
   }
   return 1;
+err:
+  CBB_cleanup(&cbb);
+  return 0;
 }
 int pkcs12_key_gen(const char *pass, size_t pass_len, const uint8_t *salt,
@@ -302,12 +306,13 @@ int pkcs12_pbe_encrypt_init(CBB *out, EVP_CIPHER_CTX *ctx, int alg_nid,
   }
   // See RFC 2898, appendix A.3.
-  CBB algorithm, param;
+  CBB algorithm, oid, param, salt_cbb;
   if (!CBB_add_asn1(out, &algorithm, CBS_ASN1_SEQUENCE) ||
-      !CBB_add_asn1_element(&algorithm, CBS_ASN1_OBJECT, suite->oid,
-                            suite->oid_len) ||
+      !CBB_add_asn1(&algorithm, &oid, CBS_ASN1_OBJECT) ||
+      !CBB_add_bytes(&oid, suite->oid, suite->oid_len) ||
       !CBB_add_asn1(&algorithm, &param, CBS_ASN1_SEQUENCE) ||
-      !CBB_add_asn1_octet_string(&param, salt, salt_len) ||
+      !CBB_add_asn1(&param, &salt_cbb, CBS_ASN1_OCTETSTRING) ||
+      !CBB_add_bytes(&salt_cbb, salt, salt_len) ||
       !CBB_add_asn1_uint64(&param, iterations) || !CBB_flush(out)) {
     return 0;
   }
@@ -321,7 +326,9 @@ int pkcs8_pbe_decrypt(uint8_t **out, size_t *out_len, CBS *algorithm,
                       size_t in_len) {
   int ret = 0;
   uint8_t *buf = NULL;
-  bssl::ScopedEVP_CIPHER_CTX ctx;
+  ;
+  EVP_CIPHER_CTX ctx;
+  EVP_CIPHER_CTX_init(&ctx);
   CBS obj;
   const struct pbe_suite *suite = NULL;
@@ -341,7 +348,7 @@ int pkcs8_pbe_decrypt(uint8_t **out, size_t *out_len, CBS *algorithm,
     goto err;
   }
-  if (!suite->decrypt_init(suite, ctx.get(), pass, pass_len, algorithm)) {
+  if (!suite->decrypt_init(suite, &ctx, pass, pass_len, algorithm)) {
     OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_KEYGEN_FAILURE);
     goto err;
   }
@@ -357,8 +364,8 @@ int pkcs8_pbe_decrypt(uint8_t **out, size_t *out_len, CBS *algorithm,
   }
   int n1, n2;
-  if (!EVP_DecryptUpdate(ctx.get(), buf, &n1, in, (int)in_len) ||
-      !EVP_DecryptFinal_ex(ctx.get(), buf + n1, &n2)) {
+  if (!EVP_DecryptUpdate(&ctx, buf, &n1, in, (int)in_len) ||
+      !EVP_DecryptFinal_ex(&ctx, buf + n1, &n2)) {
     goto err;
   }
@@ -369,6 +376,7 @@ int pkcs8_pbe_decrypt(uint8_t **out, size_t *out_len, CBS *algorithm,
 err:
   OPENSSL_free(buf);
+  EVP_CIPHER_CTX_cleanup(&ctx);
   return ret;
 }
@@ -406,7 +414,8 @@ int PKCS8_marshal_encrypted_private_key(CBB *out, int pbe_nid,
   int ret = 0;
   uint8_t *plaintext = NULL, *salt_buf = NULL;
   size_t plaintext_len = 0;
-  bssl::ScopedEVP_CIPHER_CTX ctx;
+  EVP_CIPHER_CTX ctx;
+  EVP_CIPHER_CTX_init(&ctx);
   {
     // Generate a random salt if necessary.
@@ -438,13 +447,13 @@ int PKCS8_marshal_encrypted_private_key(CBB *out, int pbe_nid,
     CBB epki;
     if (!CBB_add_asn1(out, &epki, CBS_ASN1_SEQUENCE) ||
-        !pkcs12_pbe_encrypt_init(&epki, ctx.get(), pbe_nid, cipher,
+        !pkcs12_pbe_encrypt_init(&epki, &ctx, pbe_nid, cipher,
                                  (uint32_t)iterations, pass, pass_len, salt,
                                  salt_len)) {
       goto err;
     }
-    size_t max_out = plaintext_len + EVP_CIPHER_CTX_block_size(ctx.get());
+    size_t max_out = plaintext_len + EVP_CIPHER_CTX_block_size(&ctx);
     if (max_out < plaintext_len) {
       OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_TOO_LONG);
       goto err;
@@ -455,8 +464,8 @@ int PKCS8_marshal_encrypted_private_key(CBB *out, int pbe_nid,
     int n1, n2;
     if (!CBB_add_asn1(&epki, &ciphertext, CBS_ASN1_OCTETSTRING) ||
         !CBB_reserve(&ciphertext, &ptr, max_out) ||
-        !EVP_CipherUpdate(ctx.get(), ptr, &n1, plaintext, plaintext_len) ||
-        !EVP_CipherFinal_ex(ctx.get(), ptr + n1, &n2) ||
+        !EVP_CipherUpdate(&ctx, ptr, &n1, plaintext, plaintext_len) ||
+        !EVP_CipherFinal_ex(&ctx, ptr + n1, &n2) ||
         !CBB_did_write(&ciphertext, n1 + n2) || !CBB_flush(out)) {
       goto err;
     }
@@ -467,5 +476,6 @@ int PKCS8_marshal_encrypted_private_key(CBB *out, int pbe_nid,
 err:
   OPENSSL_free(plaintext);
   OPENSSL_free(salt_buf);
+  EVP_CIPHER_CTX_cleanup(&ctx);
   return ret;
 }