From: tb <tb@openbsd.org>
Date: Tue, 26 Mar 2024 07:03:10 +0000 (+0000)
Subject: Remove PKCS5_pbe2_set_iv()
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=c1f409eab9c024c6da239096fed92d93b5d17678;p=openbsd

Remove PKCS5_pbe2_set_iv()

This used to be a generalization of PKCS5_pbe2_set(). Its only caller was
the latter, which always passes aiv == NULL and pbe_prf == -1. Thus, the
iv would always be random and regarding the pbe_prf, it would always end
up being NID_hmacWithSHA1 since the only ctrl grokking EVP_CTRL_PBE_PRF_NID
was RC2's control, but only if PBE_PRF_TEST was defined, which it wasn't.

ok jsing
---

diff --git a/lib/libcrypto/asn1/p5_pbev2.c b/lib/libcrypto/asn1/p5_pbev2.c
index 4a6ac062128..76872a8dec6 100644
--- a/lib/libcrypto/asn1/p5_pbev2.c
+++ b/lib/libcrypto/asn1/p5_pbev2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p5_pbev2.c,v 1.34 2024/03/26 05:43:22 tb Exp $ */
+/* $OpenBSD: p5_pbev2.c,v 1.35 2024/03/26 07:03:10 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999-2004.
  */
@@ -177,17 +177,17 @@ PBKDF2PARAM_free(PBKDF2PARAM *a)
 	ASN1_item_free((ASN1_VALUE *)a, &PBKDF2PARAM_it);
 }
 
-/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
+/*
+ * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
  * yes I know this is horrible!
- *
- * Extended version to allow application supplied PRF NID and IV.
  */
 
-static X509_ALGOR *
-PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
-    int saltlen, unsigned char *aiv, int prf_nid)
+X509_ALGOR *
+PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
+    int saltlen)
 {
 	X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
+	int prf_nid = NID_hmacWithSHA1;
 	int alg_nid, keylen;
 	EVP_CIPHER_CTX ctx;
 	unsigned char iv[EVP_MAX_IV_LENGTH];
@@ -212,12 +212,8 @@ PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
 		goto merr;
 
 	/* Create random IV */
-	if (EVP_CIPHER_iv_length(cipher)) {
-		if (aiv)
-			memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
-		else
-			arc4random_buf(iv, EVP_CIPHER_iv_length(cipher));
-	}
+	if (EVP_CIPHER_iv_length(cipher) > 0)
+		arc4random_buf(iv, EVP_CIPHER_iv_length(cipher));
 
 	EVP_CIPHER_CTX_legacy_clear(&ctx);
 
@@ -229,14 +225,6 @@ PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
 		EVP_CIPHER_CTX_cleanup(&ctx);
 		goto err;
 	}
-	/* If prf NID unspecified see if cipher has a preference.
-	 * An error is OK here: just means use default PRF.
-	 */
-	if ((prf_nid == -1) &&
-	    EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
-		ERR_clear_error();
-		prf_nid = NID_hmacWithSHA1;
-	}
 	EVP_CIPHER_CTX_cleanup(&ctx);
 
 	/* If its RC2 then we'd better setup the key length */
@@ -287,13 +275,6 @@ PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
 	return NULL;
 }
 
-X509_ALGOR *
-PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
-    int saltlen)
-{
-	return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
-}
-
 X509_ALGOR *
 PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid,
     int keylen)