Backport of https://github.com/cisco/libsrtp/commit/fb954450198c832c96b4191fcef3a1b9e2d15d8b

--- a/crypto/cipher/aes_icm_ossl.c	2018-06-10 20:33:16 UTC
+++ b/crypto/cipher/aes_icm_ossl.c
@@ -235,6 +235,8 @@ err_status_t aes_icm_openssl_dealloc (cipher_t *c)
  */
 err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key, int len)
 {
+    const EVP_CIPHER *evp;
+
     /*
      * set counter and initial values to 'offset' value, being careful not to
      * go past the end of the key buffer
@@ -252,30 +254,35 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx
     c->offset.v8[SALT_SIZE] = c->offset.v8[SALT_SIZE + 1] = 0;
     c->counter.v8[SALT_SIZE] = c->counter.v8[SALT_SIZE + 1] = 0;
 
-    /* copy key to be used later when CiscoSSL crypto context is created */
-    v128_copy_octet_string((v128_t*)&c->key, key);
+    debug_print(mod_aes_icm, "key:  %s", octet_string_hex_string(key, c->key_size));
+    debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
 
-    /* if the key is greater than 16 bytes, copy the second
-     * half.  Note, we treat AES-192 and AES-256 the same here
-     * for simplicity.  The storage location receiving the
-     * key is statically allocated to handle a full 32 byte key
-     * regardless of the cipher in use.
-     */
-    if (c->key_size == AES_256_KEYSIZE
+    EVP_CIPHER_CTX_init(&c->ctx);
+
+    switch (c->key_size) {
+    case AES_256_KEYSIZE:
+        evp = EVP_aes_256_ctr();
+        break;
 #ifndef SRTP_NO_AES192
-        || c->key_size == AES_192_KEYSIZE
+    case AES_192_KEYSIZE:
+        evp = EVP_aes_192_ctr();
+        break;
 #endif
-        ) {
-        debug_print(mod_aes_icm, "Copying last 16 bytes of key: %s",
-                    v128_hex_string((v128_t*)(key + AES_128_KEYSIZE)));
-        v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, key + AES_128_KEYSIZE);
+    case AES_128_KEYSIZE:
+        evp = EVP_aes_128_ctr();
+        break;
+    default:
+        return err_status_bad_param;
+        break;
     }
 
-    debug_print(mod_aes_icm, "key:  %s", v128_hex_string((v128_t*)&c->key));
-    debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
+    if (!EVP_EncryptInit_ex(&c->ctx, evp,
+                            NULL, key, NULL)) {
+        return err_status_fail;
+    } else {
+        return err_status_ok;
+    }
 
-    EVP_CIPHER_CTX_cleanup(&c->ctx);
-
     return err_status_ok;
 }
 
@@ -286,7 +293,6 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx
  */
 err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir)
 {
-    const EVP_CIPHER *evp;
     v128_t nonce;
 
     /* set nonce (for alignment) */
@@ -298,25 +304,8 @@ err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c,
 
     debug_print(mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter));
 
-    switch (c->key_size) {
-    case AES_256_KEYSIZE:
-        evp = EVP_aes_256_ctr();
-        break;
-#ifndef SRTP_NO_AES192
-    case AES_192_KEYSIZE:
-        evp = EVP_aes_192_ctr();
-        break;
-#endif
-    case AES_128_KEYSIZE:
-        evp = EVP_aes_128_ctr();
-        break;
-    default:
-        return err_status_bad_param;
-        break;
-    }
-
-    if (!EVP_EncryptInit_ex(&c->ctx, evp,
-                            NULL, c->key.v8, c->counter.v8)) {
+    if (!EVP_EncryptInit_ex(&c->ctx, NULL,
+                            NULL, NULL, c->counter.v8)) {
         return err_status_fail;
     } else {
         return err_status_ok;
--- a/crypto/include/aes_icm_ossl.h 2017-08-01 11:57:38 UTC
+++ b/crypto/include/aes_icm_ossl.h
@@ -70,7 +70,6 @@
 typedef struct {
     v128_t counter;                /* holds the counter value          */
     v128_t offset;                 /* initial offset value             */
-    v256_t key;
     int key_size;
     EVP_CIPHER_CTX ctx;
 } aes_icm_ctx_t;