From: tb Date: Tue, 2 Jan 2024 19:56:43 +0000 (+0000) Subject: Move the EVP_CIPHER API that only exists for CMS/legacy a bit down X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=f3f06693f3a215bd3ac7db6fcbbb063850a8ffd4;p=openbsd Move the EVP_CIPHER API that only exists for CMS/legacy a bit down --- diff --git a/lib/libcrypto/evp/evp_cipher.c b/lib/libcrypto/evp/evp_cipher.c index c762c968eb9..82441cbc948 100644 --- a/lib/libcrypto/evp/evp_cipher.c +++ b/lib/libcrypto/evp/evp_cipher.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_cipher.c,v 1.7 2024/01/02 18:48:02 tb Exp $ */ +/* $OpenBSD: evp_cipher.c,v 1.8 2024/01/02 19:56:43 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -740,126 +740,6 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) return 1; } -int -EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) -{ - int ret; - - if (ctx->cipher->set_asn1_parameters != NULL) - ret = ctx->cipher->set_asn1_parameters(ctx, type); - else if (ctx->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) - ret = EVP_CIPHER_set_asn1_iv(ctx, type); - else - ret = -1; - return (ret); -} - -int -EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) -{ - int ret; - - if (ctx->cipher->get_asn1_parameters != NULL) - ret = ctx->cipher->get_asn1_parameters(ctx, type); - else if (ctx->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) - ret = EVP_CIPHER_get_asn1_iv(ctx, type); - else - ret = -1; - return (ret); -} - -int -EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) -{ - int i = 0; - int l; - - if (type != NULL) { - l = EVP_CIPHER_CTX_iv_length(ctx); - if (l < 0 || l > sizeof(ctx->iv)) { - EVPerror(EVP_R_IV_TOO_LARGE); - return 0; - } - i = ASN1_TYPE_get_octetstring(type, ctx->oiv, l); - if (i != l) - return (-1); - else if (i > 0) - memcpy(ctx->iv, ctx->oiv, l); - } - return (i); -} - -int -EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) -{ - int i = 0; - int j; - - if (type != NULL) { - j = EVP_CIPHER_CTX_iv_length(ctx); - if (j < 0 || j > sizeof(ctx->iv)) { - EVPerror(EVP_R_IV_TOO_LARGE); - return 0; - } - i = ASN1_TYPE_set_octetstring(type, ctx->oiv, j); - } - return (i); -} - -/* Convert the various cipher NIDs and dummies to a proper OID NID */ -int -EVP_CIPHER_type(const EVP_CIPHER *cipher) -{ - ASN1_OBJECT *aobj; - int nid; - - nid = EVP_CIPHER_nid(cipher); - switch (nid) { - case NID_rc2_cbc: - case NID_rc2_64_cbc: - case NID_rc2_40_cbc: - return NID_rc2_cbc; - - case NID_rc4: - case NID_rc4_40: - return NID_rc4; - - case NID_aes_128_cfb128: - case NID_aes_128_cfb8: - case NID_aes_128_cfb1: - return NID_aes_128_cfb128; - - case NID_aes_192_cfb128: - case NID_aes_192_cfb8: - case NID_aes_192_cfb1: - return NID_aes_192_cfb128; - - case NID_aes_256_cfb128: - case NID_aes_256_cfb8: - case NID_aes_256_cfb1: - return NID_aes_256_cfb128; - - case NID_des_cfb64: - case NID_des_cfb8: - case NID_des_cfb1: - return NID_des_cfb64; - - case NID_des_ede3_cfb64: - case NID_des_ede3_cfb8: - case NID_des_ede3_cfb1: - return NID_des_cfb64; - - default: - /* Check it has an OID and it is valid */ - if (((aobj = OBJ_nid2obj(nid)) == NULL) || aobj->data == NULL) - nid = NID_undef; - - ASN1_OBJECT_free(aobj); - - return nid; - } -} - int EVP_CIPHER_block_size(const EVP_CIPHER *cipher) { @@ -1036,6 +916,130 @@ EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags) return (ctx->flags & flags); } +/* + * Used by CMS and its predecessors. Only GOST and RC2 have a custom method. + */ + +int +EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) +{ + int ret; + + if (ctx->cipher->set_asn1_parameters != NULL) + ret = ctx->cipher->set_asn1_parameters(ctx, type); + else if (ctx->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) + ret = EVP_CIPHER_set_asn1_iv(ctx, type); + else + ret = -1; + return (ret); +} + +int +EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) +{ + int ret; + + if (ctx->cipher->get_asn1_parameters != NULL) + ret = ctx->cipher->get_asn1_parameters(ctx, type); + else if (ctx->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) + ret = EVP_CIPHER_get_asn1_iv(ctx, type); + else + ret = -1; + return (ret); +} + +int +EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) +{ + int i = 0; + int l; + + if (type != NULL) { + l = EVP_CIPHER_CTX_iv_length(ctx); + if (l < 0 || l > sizeof(ctx->iv)) { + EVPerror(EVP_R_IV_TOO_LARGE); + return 0; + } + i = ASN1_TYPE_get_octetstring(type, ctx->oiv, l); + if (i != l) + return (-1); + else if (i > 0) + memcpy(ctx->iv, ctx->oiv, l); + } + return (i); +} + +int +EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) +{ + int i = 0; + int j; + + if (type != NULL) { + j = EVP_CIPHER_CTX_iv_length(ctx); + if (j < 0 || j > sizeof(ctx->iv)) { + EVPerror(EVP_R_IV_TOO_LARGE); + return 0; + } + i = ASN1_TYPE_set_octetstring(type, ctx->oiv, j); + } + return (i); +} + +/* Convert the various cipher NIDs and dummies to a proper OID NID */ +int +EVP_CIPHER_type(const EVP_CIPHER *cipher) +{ + ASN1_OBJECT *aobj; + int nid; + + nid = EVP_CIPHER_nid(cipher); + switch (nid) { + case NID_rc2_cbc: + case NID_rc2_64_cbc: + case NID_rc2_40_cbc: + return NID_rc2_cbc; + + case NID_rc4: + case NID_rc4_40: + return NID_rc4; + + case NID_aes_128_cfb128: + case NID_aes_128_cfb8: + case NID_aes_128_cfb1: + return NID_aes_128_cfb128; + + case NID_aes_192_cfb128: + case NID_aes_192_cfb8: + case NID_aes_192_cfb1: + return NID_aes_192_cfb128; + + case NID_aes_256_cfb128: + case NID_aes_256_cfb8: + case NID_aes_256_cfb1: + return NID_aes_256_cfb128; + + case NID_des_cfb64: + case NID_des_cfb8: + case NID_des_cfb1: + return NID_des_cfb64; + + case NID_des_ede3_cfb64: + case NID_des_ede3_cfb8: + case NID_des_ede3_cfb1: + return NID_des_cfb64; + + default: + /* Check it has an OID and it is valid */ + if (((aobj = OBJ_nid2obj(nid)) == NULL) || aobj->data == NULL) + nid = NID_undef; + + ASN1_OBJECT_free(aobj); + + return nid; + } +} + EVP_CIPHER * EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len) {