SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync with OpenBSD -current

Browse source
This commit is contained in:
purplerain 2023-12-16 16:23:05 +00:00
parent 30cf31d90d
commit 8f3269c13c
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
27 changed files with 498 additions and 682 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/libcrypto/evp/e_chacha20poly1305.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: e_chacha20poly1305.c,v 1.32 2023/09/28 11:29:10 tb Exp $ */
/* $OpenBSD: e_chacha20poly1305.c,v 1.33 2023/12/15 13:48:59 tb Exp $ */
/*
* Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
@ -477,7 +477,7 @@ chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (len > SIZE_MAX - cpx->in_len) {
EVPerror(EVP_R_TOO_LARGE);
return 0;
return -1;
}
/* Disallow authenticated data after plaintext/ciphertext. */

204
lib/libcrypto/evp/evp_enc.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: evp_enc.c,v 1.58 2023/12/03 11:18:30 tb Exp $ */
/* $OpenBSD: evp_enc.c,v 1.63 2023/12/16 17:40:22 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -246,11 +246,60 @@ EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0);
}
/*
* EVP_Cipher() is an implementation detail of EVP_Cipher{Update,Final}().
* Behavior depends on EVP_CIPH_FLAG_CUSTOM_CIPHER being set on ctx->cipher.
*
* If the flag is set, do_cipher() operates in update mode if in != NULL and
* in final mode if in == NULL. It returns the number of bytes written to out
* (which may be 0) or -1 on error.
*
* If the flag is not set, do_cipher() assumes properly aligned data and that
* padding is handled correctly by the caller. Most do_cipher() methods will
* silently produce garbage and succeed. Returns 1 on success, 0 on error.
*/
int
EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
unsigned int inl)
{
return ctx->cipher->do_cipher(ctx, out, in, inl);
}
static int
evp_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len,
const unsigned char *in, int in_len)
{
int len;
*out_len = 0;
if (in_len < 0)
return 0;
if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0) {
if ((len = ctx->cipher->do_cipher(ctx, out, in, in_len)) < 0)
return 0;
*out_len = len;
return 1;
}
if (!ctx->cipher->do_cipher(ctx, out, in, in_len))
return 0;
*out_len = in_len;
return 1;
}
int
EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
int i, j, bl;
const int block_size = ctx->cipher->block_size;
const int block_mask = ctx->block_mask;
int buf_offset = ctx->buf_len;
int len = 0, total_len = 0;
*outl = 0;
@ -260,71 +309,67 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
if (inl == 0 && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)
return 1;
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
i = ctx->cipher->do_cipher(ctx, out, in, inl);
if (i < 0)
return 0;
else
*outl = i;
return 1;
}
if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0)
return evp_cipher(ctx, out, outl, in, inl);
if (ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) {
if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
*outl = inl;
return 1;
} else {
*outl = 0;
return 0;
}
}
i = ctx->buf_len;
bl = ctx->cipher->block_size;
if ((size_t)bl > sizeof(ctx->buf)) {
if (buf_offset == 0 && (inl & block_mask) == 0)
return evp_cipher(ctx, out, outl, in, inl);
/* XXX - check that block_size > buf_offset. */
if (block_size > sizeof(ctx->buf)) {
EVPerror(EVP_R_BAD_BLOCK_LENGTH);
*outl = 0;
return 0;
}
if (i != 0) {
if (bl - i > inl) {
memcpy(&(ctx->buf[i]), in, inl);
ctx->buf_len += inl;
*outl = 0;
return 1;
} else {
j = bl - i;
/*
* Once we've processed the first j bytes from in, the
* amount of data left that is a multiple of the block
* length is (inl - j) & ~(bl - 1). Ensure this plus
* the block processed from ctx-buf doesn't overflow.
*/
if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
EVPerror(EVP_R_TOO_LARGE);
return 0;
}
memcpy(&(ctx->buf[i]), in, j);
if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
return 0;
inl -= j;
in += j;
out += bl;
*outl = bl;
if (buf_offset != 0) {
int buf_avail;
if ((buf_avail = block_size - buf_offset) > inl) {
memcpy(&ctx->buf[buf_offset], in, inl);
ctx->buf_len += inl;
return 1;
}
} else
*outl = 0;
i = inl&(bl - 1);
inl -= i;
if (inl > 0) {
if (!ctx->cipher->do_cipher(ctx, out, in, inl))
/*
* Once the first buf_avail bytes from in are processed, the
* amount of data left that is a multiple of the block length is
* (inl - buf_avail) & ~block_mask. Ensure that this plus the
* block processed from ctx->buf doesn't overflow.
*/
if (((inl - buf_avail) & ~block_mask) > INT_MAX - block_size) {
EVPerror(EVP_R_TOO_LARGE);
return 0;
*outl += inl;
}
memcpy(&ctx->buf[buf_offset], in, buf_avail);
len = 0;
if (!evp_cipher(ctx, out, &len, ctx->buf, block_size))
return 0;
total_len = len;
inl -= buf_avail;
in += buf_avail;
out += len;
}
if (i != 0)
memcpy(ctx->buf, &(in[inl]), i);
ctx->buf_len = i;
buf_offset = inl & block_mask;
if ((inl -= buf_offset) > 0) {
if (INT_MAX - inl < total_len)
return 0;
len = 0;
if (!evp_cipher(ctx, out, &len, in, inl))
return 0;
if (INT_MAX - len < total_len)
return 0;
total_len += len;
}
if (buf_offset != 0)
memcpy(ctx->buf, &in[inl], buf_offset);
ctx->buf_len = buf_offset;
*outl = total_len;
return 1;
}
@ -337,17 +382,13 @@ EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
int
EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
int n, ret;
int n;
unsigned int i, b, bl;
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
if (ret < 0)
return 0;
else
*outl = ret;
return 1;
}
*outl = 0;
if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0)
return evp_cipher(ctx, out, outl, NULL, 0);
b = ctx->cipher->block_size;
if (b > sizeof ctx->buf) {
@ -371,13 +412,8 @@ EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
n = b - bl;
for (i = bl; i < b; i++)
ctx->buf[i] = n;
ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b);
if (ret)
*outl = b;
return ret;
return evp_cipher(ctx, out, outl, ctx->buf, b);
}
int
@ -395,15 +431,8 @@ EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
if (inl == 0 && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)
return 1;
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
if (fix_len < 0) {
*outl = 0;
return 0;
} else
*outl = fix_len;
return 1;
}
if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0)
return evp_cipher(ctx, out, outl, in, inl);
if (ctx->flags & EVP_CIPH_NO_PADDING)
return EVP_EncryptUpdate(ctx, out, outl, in, inl);
@ -461,16 +490,11 @@ EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
int i, n;
unsigned int b;
*outl = 0;
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
if (i < 0)
return 0;
else
*outl = i;
return 1;
}
if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0)
return evp_cipher(ctx, out, outl, NULL, 0);
b = ctx->cipher->block_size;
if (ctx->flags & EVP_CIPH_NO_PADDING) {

9
lib/libcrypto/evp/evp_lib.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: evp_lib.c,v 1.29 2023/11/18 09:37:15 tb Exp $ */
/* $OpenBSD: evp_lib.c,v 1.30 2023/12/15 13:28:30 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -197,13 +197,6 @@ EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
return ctx->cipher->block_size;
}
int
EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
unsigned int inl)
{
return ctx->cipher->do_cipher(ctx, out, in, inl);
}
const EVP_CIPHER *
EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
{

360
lib/libcrypto/evp/evp_pbe.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: evp_pbe.c,v 1.29 2023/07/07 19:37:53 beck Exp $ */
/* $OpenBSD: evp_pbe.c,v 1.33 2023/12/16 14:09:33 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -70,54 +70,201 @@
/* Password based encryption (PBE) functions */
DECLARE_STACK_OF(EVP_PBE_CTL)
static STACK_OF(EVP_PBE_CTL) *pbe_algs;
/* Setup a cipher context from a PBE algorithm */
typedef struct {
int pbe_type;
struct pbe_config {
int pbe_nid;
int cipher_nid;
int md_nid;
EVP_PBE_KEYGEN *keygen;
} EVP_PBE_CTL;
static const EVP_PBE_CTL builtin_pbe[] = {
{EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC, NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen},
{EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC, NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen},
{EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC, NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen},
#ifndef OPENSSL_NO_HMAC
{EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
#endif
{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4, NID_rc4, NID_sha1, PKCS12_PBE_keyivgen},
{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4, NID_rc4_40, NID_sha1, PKCS12_PBE_keyivgen},
{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NID_des_ede3_cbc, NID_sha1, PKCS12_PBE_keyivgen},
{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And2_Key_TripleDES_CBC, NID_des_ede_cbc, NID_sha1, PKCS12_PBE_keyivgen},
{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC2_CBC, NID_rc2_cbc, NID_sha1, PKCS12_PBE_keyivgen},
{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC, NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen},
#ifndef OPENSSL_NO_HMAC
{EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen},
#endif
{EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC, NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen},
{EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC, NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen},
{EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC, NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen},
{EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0},
{EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0},
{EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0},
{EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0},
{EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
{EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
{EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
{EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_12_256, -1, NID_id_tc26_gost3411_2012_256, 0},
{EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_12_512, -1, NID_id_tc26_gost3411_2012_512, 0},
};
static const struct pbe_config pbe_outer[] = {
{
.pbe_nid = NID_pbeWithMD2AndDES_CBC,
.cipher_nid = NID_des_cbc,
.md_nid = NID_md2,
.keygen = PKCS5_PBE_keyivgen,
},
{
.pbe_nid = NID_pbeWithMD5AndDES_CBC,
.cipher_nid = NID_des_cbc,
.md_nid = NID_md5,
.keygen = PKCS5_PBE_keyivgen,
},
{
.pbe_nid = NID_pbeWithSHA1AndRC2_CBC,
.cipher_nid = NID_rc2_64_cbc,
.md_nid = NID_sha1,
.keygen = PKCS5_PBE_keyivgen,
},
#ifndef OPENSSL_NO_HMAC
{
.pbe_nid = NID_id_pbkdf2,
.cipher_nid = -1,
.md_nid = -1,
.keygen = PKCS5_v2_PBKDF2_keyivgen,
},
#endif
{
.pbe_nid = NID_pbe_WithSHA1And128BitRC4,
.cipher_nid = NID_rc4,
.md_nid = NID_sha1,
.keygen = PKCS12_PBE_keyivgen,
},
{
.pbe_nid = NID_pbe_WithSHA1And40BitRC4,
.cipher_nid = NID_rc4_40,
.md_nid = NID_sha1,
.keygen = PKCS12_PBE_keyivgen,
},
{
.pbe_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
.cipher_nid = NID_des_ede3_cbc,
.md_nid = NID_sha1,
.keygen = PKCS12_PBE_keyivgen,
},
{
.pbe_nid = NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
.cipher_nid = NID_des_ede_cbc,
.md_nid = NID_sha1,
.keygen = PKCS12_PBE_keyivgen,
},
{
.pbe_nid = NID_pbe_WithSHA1And128BitRC2_CBC,
.cipher_nid = NID_rc2_cbc,
.md_nid = NID_sha1,
.keygen = PKCS12_PBE_keyivgen,
},
{
.pbe_nid = NID_pbe_WithSHA1And40BitRC2_CBC,
.cipher_nid = NID_rc2_40_cbc,
.md_nid = NID_sha1,
.keygen = PKCS12_PBE_keyivgen,
},
#ifndef OPENSSL_NO_HMAC
{
.pbe_nid = NID_pbes2,
.cipher_nid = -1,
.md_nid = -1,
.keygen = PKCS5_v2_PBE_keyivgen,
},
#endif
{
.pbe_nid = NID_pbeWithMD2AndRC2_CBC,
.cipher_nid = NID_rc2_64_cbc,
.md_nid = NID_md2,
.keygen = PKCS5_PBE_keyivgen,
},
{
.pbe_nid = NID_pbeWithMD5AndRC2_CBC,
.cipher_nid = NID_rc2_64_cbc,
.md_nid = NID_md5,
.keygen = PKCS5_PBE_keyivgen,
},
{
.pbe_nid = NID_pbeWithSHA1AndDES_CBC,
.cipher_nid = NID_des_cbc,
.md_nid = NID_sha1,
.keygen = PKCS5_PBE_keyivgen,
},
};
#define N_PBE_OUTER (sizeof(pbe_outer) / sizeof(pbe_outer[0]))
static const struct pbe_config pbe_prf[] = {
{
.pbe_nid = NID_hmacWithSHA1,
.cipher_nid = -1,
.md_nid = NID_sha1,
},
{
.pbe_nid = NID_hmacWithMD5,
.cipher_nid = -1,
.md_nid = NID_md5,
},
{
.pbe_nid = NID_hmacWithSHA224,
.cipher_nid = -1,
.md_nid = NID_sha224,
},
{
.pbe_nid = NID_hmacWithSHA256,
.cipher_nid = -1,
.md_nid = NID_sha256,
},
{
.pbe_nid = NID_hmacWithSHA384,
.cipher_nid = -1,
.md_nid = NID_sha384,
},
{
.pbe_nid = NID_hmacWithSHA512,
.cipher_nid = -1,
.md_nid = NID_sha512,
},
{
.pbe_nid = NID_id_HMACGostR3411_94,
.cipher_nid = -1,
.md_nid = NID_id_GostR3411_94,
},
{
.pbe_nid = NID_id_tc26_hmac_gost_3411_12_256,
.cipher_nid = -1,
.md_nid = NID_id_tc26_gost3411_2012_256,
},
{
.pbe_nid = NID_id_tc26_hmac_gost_3411_12_512,
.cipher_nid = -1,
.md_nid = NID_id_tc26_gost3411_2012_512,
},
};
#define N_PBE_PRF (sizeof(pbe_prf) / sizeof(pbe_prf[0]))
int
EVP_PBE_find(int type, int pbe_nid, int *out_cipher_nid, int *out_md_nid,
EVP_PBE_KEYGEN **out_keygen)
{
const struct pbe_config *pbe = NULL;
size_t i;
if (out_cipher_nid != NULL)
*out_cipher_nid = NID_undef;
if (out_md_nid != NULL)
*out_md_nid = NID_undef;
if (out_keygen != NULL)
*out_keygen = NULL;
if (pbe_nid == NID_undef)
return 0;
if (type == EVP_PBE_TYPE_OUTER) {
for (i = 0; i < N_PBE_OUTER; i++) {
if (pbe_nid == pbe_outer[i].pbe_nid) {
pbe = &pbe_outer[i];
break;
}
}
} else if (type == EVP_PBE_TYPE_PRF) {
for (i = 0; i < N_PBE_PRF; i++) {
if (pbe_nid == pbe_prf[i].pbe_nid) {
pbe = &pbe_prf[i];
break;
}
}
}
if (pbe == NULL)
return 0;
if (out_cipher_nid != NULL)
*out_cipher_nid = pbe->cipher_nid;
if (out_md_nid != NULL)
*out_md_nid = pbe->md_nid;
if (out_keygen != NULL)
*out_keygen = pbe->keygen;
return 1;
}
int
EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
@ -171,142 +318,23 @@ EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
return 1;
}
static int pbe2_cmp_BSEARCH_CMP_FN(const void *, const void *);
static int pbe2_cmp(EVP_PBE_CTL const *, EVP_PBE_CTL const *);
static EVP_PBE_CTL *OBJ_bsearch_pbe2(EVP_PBE_CTL *key, EVP_PBE_CTL const *base, int num);
static int
pbe2_cmp(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2)
{
int ret = pbe1->pbe_type - pbe2->pbe_type;
if (ret)
return ret;
else
return pbe1->pbe_nid - pbe2->pbe_nid;
}
static int
pbe2_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
{
EVP_PBE_CTL const *a = a_;
EVP_PBE_CTL const *b = b_;
return pbe2_cmp(a, b);
}
static EVP_PBE_CTL *
OBJ_bsearch_pbe2(EVP_PBE_CTL *key, EVP_PBE_CTL const *base, int num)
{
return (EVP_PBE_CTL *)OBJ_bsearch_(key, base, num, sizeof(EVP_PBE_CTL),
pbe2_cmp_BSEARCH_CMP_FN);
}
static int
pbe_cmp(const EVP_PBE_CTL * const *a, const EVP_PBE_CTL * const *b)
{
int ret = (*a)->pbe_type - (*b)->pbe_type;
if (ret)
return ret;
else
return (*a)->pbe_nid - (*b)->pbe_nid;
}
/* Add a PBE algorithm */
int
EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid,
EVP_PBE_KEYGEN *keygen)
{
EVP_PBE_CTL *pbe_tmp;
if (pbe_algs == NULL) {
pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp);
if (pbe_algs == NULL) {
EVPerror(ERR_R_MALLOC_FAILURE);
return 0;
}
}
pbe_tmp = malloc(sizeof(EVP_PBE_CTL));
if (pbe_tmp == NULL) {
EVPerror(ERR_R_MALLOC_FAILURE);
return 0;
}
pbe_tmp->pbe_type = pbe_type;
pbe_tmp->pbe_nid = pbe_nid;
pbe_tmp->cipher_nid = cipher_nid;
pbe_tmp->md_nid = md_nid;
pbe_tmp->keygen = keygen;
if (sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp) == 0) {
free(pbe_tmp);
EVPerror(ERR_R_MALLOC_FAILURE);
return 0;
}
return 1;
EVPerror(ERR_R_DISABLED);
return 0;
}
int
EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
EVP_PBE_KEYGEN *keygen)
{
int cipher_nid, md_nid;
if (cipher)
cipher_nid = EVP_CIPHER_nid(cipher);
else
cipher_nid = -1;
if (md)
md_nid = EVP_MD_type(md);
else
md_nid = -1;
return EVP_PBE_alg_add_type(EVP_PBE_TYPE_OUTER, nid,
cipher_nid, md_nid, keygen);
}
int
EVP_PBE_find(int type, int pbe_nid,
int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen)
{
EVP_PBE_CTL *pbetmp = NULL, pbelu;
int i;
if (pbe_nid == NID_undef)
return 0;
pbelu.pbe_type = type;
pbelu.pbe_nid = pbe_nid;
if (pbe_algs) {
i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu);
if (i != -1)
pbetmp = sk_EVP_PBE_CTL_value (pbe_algs, i);
}
if (pbetmp == NULL) {
pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe,
sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL));
}
if (pbetmp == NULL)
return 0;
if (pcnid)
*pcnid = pbetmp->cipher_nid;
if (pmnid)
*pmnid = pbetmp->md_nid;
if (pkeygen)
*pkeygen = pbetmp->keygen;
return 1;
}
static void
free_evp_pbe_ctl(EVP_PBE_CTL *pbe)
{
free(pbe);
EVPerror(ERR_R_DISABLED);
return 0;
}
void
EVP_PBE_cleanup(void)
{
sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl);
pbe_algs = NULL;
}

3
lib/libcrypto/evp/names.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: names.c,v 1.21 2023/08/26 02:59:13 tb Exp $ */
/* $OpenBSD: names.c,v 1.22 2023/12/15 14:22:10 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -141,7 +141,6 @@ EVP_cleanup(void)
does that part. -- Richard Levitte */
OBJ_NAME_cleanup(-1);
EVP_PBE_cleanup();
if (obj_cleanup_defer == 2) {
obj_cleanup_defer = 0;
OBJ_cleanup();

4
lib/libcrypto/evp/p5_crpt2.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: p5_crpt2.c,v 1.27 2023/07/07 19:37:54 beck Exp $ */
/* $OpenBSD: p5_crpt2.c,v 1.28 2023/12/16 13:23:20 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -270,7 +270,7 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
else
prf_nid = NID_hmacWithSHA1;
if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) {
if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, NULL)) {
EVPerror(EVP_R_UNSUPPORTED_PRF);
goto err;
}