SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync with OpenBSD -current

Browse source
This commit is contained in:
purplerain 2024-01-03 01:46:05 +00:00
parent e26f182543
commit eff43bb1fd
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
20 changed files with 553 additions and 416 deletions
Download patch file Download diff file Expand all files Collapse all files

8
lib/libcrypto/evp/e_sm4.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: e_sm4.c,v 1.10 2023/12/02 19:07:10 tb Exp $ */
/* $OpenBSD: e_sm4.c,v 1.11 2024/01/02 19:54:43 tb Exp $ */
/*
* Copyright (c) 2017, 2019 Ribose Inc
*
@ -220,9 +220,9 @@ static const EVP_CIPHER sm4_ecb = {
.do_cipher = sm4_ecb_cipher,
.cleanup = NULL,
.ctx_size = sizeof(EVP_SM4_KEY),
.set_asn1_parameters = 0,
.get_asn1_parameters = 0,
.ctrl = 0,
.set_asn1_parameters = NULL,
.get_asn1_parameters = NULL,
.ctrl = NULL,
.app_data = NULL,
};

540
lib/libcrypto/evp/evp_cipher.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: evp_cipher.c,v 1.3 2023/12/29 06:56:38 tb Exp $ */
/* $OpenBSD: evp_cipher.c,v 1.13 2024/01/02 21:27:39 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -618,56 +618,30 @@ EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
}
int
EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *a)
EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
{
return EVP_CIPHER_CTX_cleanup(a);
return EVP_CIPHER_CTX_cleanup(ctx);
}
int
EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *ctx)
{
if (c->cipher != NULL) {
if (ctx->cipher != NULL) {
/* XXX - Avoid leaks, so ignore return value of cleanup()... */
if (c->cipher->cleanup != NULL)
c->cipher->cleanup(c);
if (c->cipher_data != NULL)
explicit_bzero(c->cipher_data, c->cipher->ctx_size);
if (ctx->cipher->cleanup != NULL)
ctx->cipher->cleanup(ctx);
if (ctx->cipher_data != NULL)
explicit_bzero(ctx->cipher_data, ctx->cipher->ctx_size);
}
/* XXX - store size of cipher_data so we can always freezero(). */
free(c->cipher_data);
free(ctx->cipher_data);
explicit_bzero(c, sizeof(EVP_CIPHER_CTX));
explicit_bzero(ctx, sizeof(EVP_CIPHER_CTX));
return 1;
}
int
EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
{
if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH,
keylen, NULL);
if (c->key_len == keylen)
return 1;
if (keylen > 0 && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
c->key_len = keylen;
return 1;
}
EVPerror(EVP_R_INVALID_KEY_LENGTH);
return 0;
}
int
EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
{
if (pad)
ctx->flags &= ~EVP_CIPH_NO_PADDING;
else
ctx->flags |= EVP_CIPH_NO_PADDING;
return 1;
}
int
EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
{
@ -739,136 +713,9 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
return 1;
}
int
EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
{
int ret;
if (c->cipher->set_asn1_parameters != NULL)
ret = c->cipher->set_asn1_parameters(c, type);
else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
ret = EVP_CIPHER_set_asn1_iv(c, type);
else
ret = -1;
return (ret);
}
int
EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
{
int ret;
if (c->cipher->get_asn1_parameters != NULL)
ret = c->cipher->get_asn1_parameters(c, type);
else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
ret = EVP_CIPHER_get_asn1_iv(c, type);
else
ret = -1;
return (ret);
}
int
EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
{
int i = 0;
int l;
if (type != NULL) {
l = EVP_CIPHER_CTX_iv_length(c);
if (l < 0 || l > sizeof(c->iv)) {
EVPerror(EVP_R_IV_TOO_LARGE);
return 0;
}
i = ASN1_TYPE_get_octetstring(type, c->oiv, l);
if (i != l)
return (-1);
else if (i > 0)
memcpy(c->iv, c->oiv, l);
}
return (i);
}
int
EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
{
int i = 0;
int j;
if (type != NULL) {
j = EVP_CIPHER_CTX_iv_length(c);
if (j < 0 || j > sizeof(c->iv)) {
EVPerror(EVP_R_IV_TOO_LARGE);
return 0;
}
i = ASN1_TYPE_set_octetstring(type, c->oiv, j);
}
return (i);
}
/* Convert the various cipher NIDs and dummies to a proper OID NID */
int
EVP_CIPHER_type(const EVP_CIPHER *ctx)
{
int nid;
ASN1_OBJECT *otmp;
nid = EVP_CIPHER_nid(ctx);
switch (nid) {
case NID_rc2_cbc:
case NID_rc2_64_cbc:
case NID_rc2_40_cbc:
return NID_rc2_cbc;
case NID_rc4:
case NID_rc4_40:
return NID_rc4;
case NID_aes_128_cfb128:
case NID_aes_128_cfb8:
case NID_aes_128_cfb1:
return NID_aes_128_cfb128;
case NID_aes_192_cfb128:
case NID_aes_192_cfb8:
case NID_aes_192_cfb1:
return NID_aes_192_cfb128;
case NID_aes_256_cfb128:
case NID_aes_256_cfb8:
case NID_aes_256_cfb1:
return NID_aes_256_cfb128;
case NID_des_cfb64:
case NID_des_cfb8:
case NID_des_cfb1:
return NID_des_cfb64;
case NID_des_ede3_cfb64:
case NID_des_ede3_cfb8:
case NID_des_ede3_cfb1:
return NID_des_cfb64;
default:
/* Check it has an OID and it is valid */
otmp = OBJ_nid2obj(nid);
if (!otmp || !otmp->data)
nid = NID_undef;
ASN1_OBJECT_free(otmp);
return nid;
}
}
int
EVP_CIPHER_block_size(const EVP_CIPHER *e)
{
return e->block_size;
}
int
EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
{
return ctx->cipher->block_size;
}
/*
* EVP_CIPHER_CTX accessors.
*/
const EVP_CIPHER *
EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
@ -882,102 +729,6 @@ EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
return ctx->encrypt;
}
unsigned long
EVP_CIPHER_flags(const EVP_CIPHER *cipher)
{
return cipher->flags;
}
unsigned long
EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
{
return ctx->cipher->flags;
}
void *
EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
{
return ctx->app_data;
}
void
EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
{
ctx->app_data = data;
}
void *
EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx)
{
return ctx->cipher_data;
}
void *
EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data)
{
void *old_cipher_data;
old_cipher_data = ctx->cipher_data;
ctx->cipher_data = cipher_data;
return old_cipher_data;
}
int
EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
{
return cipher->iv_len;
}
int
EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
{
int iv_length = 0;
if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_IV_LENGTH) == 0)
return ctx->cipher->iv_len;
/*
* XXX - sanity would suggest to pass the size of the pointer along,
* but unfortunately we have to match the other crowd.
*/
if (EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, 0,
&iv_length) != 1)
return -1;
return iv_length;
}
unsigned char *
EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
{
return ctx->buf;
}
int
EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
{
return cipher->key_len;
}
int
EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
{
return ctx->key_len;
}
int
EVP_CIPHER_nid(const EVP_CIPHER *cipher)
{
return cipher->nid;
}
int
EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
{
return ctx->cipher->nid;
}
int
EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len)
{
@ -1016,6 +767,57 @@ EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len)
return 1;
}
unsigned char *
EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
{
return ctx->buf;
}
void *
EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
{
return ctx->app_data;
}
void
EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
{
ctx->app_data = data;
}
int
EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
{
return ctx->key_len;
}
int
EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *ctx, int key_len)
{
/* XXX - remove this. It's unused. */
if (ctx->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_KEY_LENGTH,
key_len, NULL);
if (ctx->key_len == key_len)
return 1;
if (key_len > 0 && (ctx->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
ctx->key_len = key_len;
return 1;
}
EVPerror(EVP_R_INVALID_KEY_LENGTH);
return 0;
}
int
EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
{
if (pad)
ctx->flags &= ~EVP_CIPH_NO_PADDING;
else
ctx->flags |= EVP_CIPH_NO_PADDING;
return 1;
}
void
EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags)
{
@ -1034,6 +836,218 @@ EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
return (ctx->flags & flags);
}
void *
EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx)
{
return ctx->cipher_data;
}
void *
EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data)
{
void *old_cipher_data;
old_cipher_data = ctx->cipher_data;
ctx->cipher_data = cipher_data;
return old_cipher_data;
}
/*
* EVP_CIPHER_CTX getters that reach into the cipher attached to the context.
*/
int
EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
{
return ctx->cipher->nid;
}
int
EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
{
return ctx->cipher->block_size;
}
int
EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
{
int iv_length = 0;
if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_IV_LENGTH) == 0)
return ctx->cipher->iv_len;
/*
* XXX - sanity would suggest to pass the size of the pointer along,
* but unfortunately we have to match the other crowd.
*/
if (EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, 0,
&iv_length) != 1)
return -1;
return iv_length;
}
unsigned long
EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
{
return ctx->cipher->flags;
}
/*
* Used by CMS and its predecessors. Only GOST and RC2 have a custom method.
*/
int
EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
{
if (ctx->cipher->set_asn1_parameters != NULL)
return ctx->cipher->set_asn1_parameters(ctx, type);
if ((ctx->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) != 0)
return EVP_CIPHER_set_asn1_iv(ctx, type);
return -1;
}
int
EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
{
if (ctx->cipher->get_asn1_parameters != NULL)
return ctx->cipher->get_asn1_parameters(ctx, type);
if ((ctx->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) != 0)
return EVP_CIPHER_get_asn1_iv(ctx, type);
return -1;
}
int
EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
{
int i = 0;
int l;
if (type != NULL) {
l = EVP_CIPHER_CTX_iv_length(ctx);
if (l < 0 || l > sizeof(ctx->iv)) {
EVPerror(EVP_R_IV_TOO_LARGE);
return 0;
}
i = ASN1_TYPE_get_octetstring(type, ctx->oiv, l);
if (i != l)
return (-1);
else if (i > 0)
memcpy(ctx->iv, ctx->oiv, l);
}
return (i);
}
int
EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
{
int i = 0;
int j;
if (type != NULL) {
j = EVP_CIPHER_CTX_iv_length(ctx);
if (j < 0 || j > sizeof(ctx->iv)) {
EVPerror(EVP_R_IV_TOO_LARGE);
return 0;
}
i = ASN1_TYPE_set_octetstring(type, ctx->oiv, j);
}
return (i);
}
/* Convert the various cipher NIDs and dummies to a proper OID NID */
int
EVP_CIPHER_type(const EVP_CIPHER *cipher)
{
ASN1_OBJECT *aobj;
int nid;
nid = EVP_CIPHER_nid(cipher);
switch (nid) {
case NID_rc2_cbc:
case NID_rc2_64_cbc:
case NID_rc2_40_cbc:
return NID_rc2_cbc;
case NID_rc4:
case NID_rc4_40:
return NID_rc4;
case NID_aes_128_cfb128:
case NID_aes_128_cfb8:
case NID_aes_128_cfb1:
return NID_aes_128_cfb128;
case NID_aes_192_cfb128:
case NID_aes_192_cfb8:
case NID_aes_192_cfb1:
return NID_aes_192_cfb128;
case NID_aes_256_cfb128:
case NID_aes_256_cfb8:
case NID_aes_256_cfb1:
return NID_aes_256_cfb128;
case NID_des_cfb64:
case NID_des_cfb8:
case NID_des_cfb1:
return NID_des_cfb64;
case NID_des_ede3_cfb64:
case NID_des_ede3_cfb8:
case NID_des_ede3_cfb1:
return NID_des_cfb64;
default:
/* Check it has an OID and it is valid */
if (((aobj = OBJ_nid2obj(nid)) == NULL) || aobj->data == NULL)
nid = NID_undef;
ASN1_OBJECT_free(aobj);
return nid;
}
}
/*
* Accessors. First the trivial getters, then the setters for the method API.
*/
int
EVP_CIPHER_nid(const EVP_CIPHER *cipher)
{
return cipher->nid;
}
int
EVP_CIPHER_block_size(const EVP_CIPHER *cipher)
{
return cipher->block_size;
}
int
EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
{
return cipher->key_len;
}
int
EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
{
return cipher->iv_len;
}
unsigned long
EVP_CIPHER_flags(const EVP_CIPHER *cipher)
{
return cipher->flags;
}
EVP_CIPHER *
EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
{