From 573bb26a3d68284e56ac04f4fe72f932cf43413b Mon Sep 17 00:00:00 2001 From: tb Date: Sat, 2 Mar 2024 10:06:48 +0000 Subject: [PATCH] Remove EVP_PBE_* API from public visibility You can no longer add your custom PBE algorithm. Pity. EVP_PBE_CipherInit() stays for internal use, the rest goes away copmletely. ok jsing --- lib/libcrypto/Symbols.list | 6 ------ lib/libcrypto/evp/evp.h | 22 +------------------ lib/libcrypto/evp/evp_local.h | 5 ++++- lib/libcrypto/evp/evp_pbe.c | 40 +---------------------------------- 4 files changed, 6 insertions(+), 67 deletions(-) diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list index a7181eb38e3..28f115da06c 100644 --- a/lib/libcrypto/Symbols.list +++ b/lib/libcrypto/Symbols.list @@ -1269,11 +1269,6 @@ EVP_MD_size EVP_MD_type EVP_OpenFinal EVP_OpenInit -EVP_PBE_CipherInit -EVP_PBE_alg_add -EVP_PBE_alg_add_type -EVP_PBE_cleanup -EVP_PBE_find EVP_PKCS82PKEY EVP_PKEY2PKCS8 EVP_PKEY_CTX_ctrl @@ -2007,7 +2002,6 @@ PKCS12_unpack_p7data PKCS12_unpack_p7encdata PKCS12_verify_mac PKCS1_MGF1 -PKCS5_PBE_add PKCS5_PBE_keyivgen PKCS5_PBKDF2_HMAC PKCS5_PBKDF2_HMAC_SHA1 diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h index eba3ab3869d..b810e727670 100644 --- a/lib/libcrypto/evp/evp.h +++ b/lib/libcrypto/evp/evp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp.h,v 1.127 2024/03/02 10:04:40 tb Exp $ */ +/* $OpenBSD: evp.h,v 1.128 2024/03/02 10:06:48 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -897,26 +897,6 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); -void PKCS5_PBE_add(void); - -int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); - -/* PBE type */ - -/* Can appear as the outermost AlgorithmIdentifier */ -#define EVP_PBE_TYPE_OUTER 0x0 -/* Is an PRF type OID */ -#define EVP_PBE_TYPE_PRF 0x1 - -int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid, - EVP_PBE_KEYGEN *keygen); -int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, - EVP_PBE_KEYGEN *keygen); -int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, - EVP_PBE_KEYGEN **pkeygen); -void EVP_PBE_cleanup(void); - #define ASN1_PKEY_ALIAS 0x1 #define ASN1_PKEY_DYNAMIC 0x2 #define ASN1_PKEY_SIGPARAM_NULL 0x4 diff --git a/lib/libcrypto/evp/evp_local.h b/lib/libcrypto/evp/evp_local.h index 65d23547bca..0e6b6bdfa2f 100644 --- a/lib/libcrypto/evp/evp_local.h +++ b/lib/libcrypto/evp/evp_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_local.h,v 1.16 2024/02/18 15:43:21 tb Exp $ */ +/* $OpenBSD: evp_local.h,v 1.17 2024/03/02 10:06:48 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -373,6 +373,9 @@ struct evp_aead_ctx_st { void *aead_state; }; +int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); + int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str); int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex); int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md_name); diff --git a/lib/libcrypto/evp/evp_pbe.c b/lib/libcrypto/evp/evp_pbe.c index eb8d5c4157d..e33f2cb08f4 100644 --- a/lib/libcrypto/evp/evp_pbe.c +++ b/lib/libcrypto/evp/evp_pbe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_pbe.c,v 1.42 2024/02/18 15:45:42 tb Exp $ */ +/* $OpenBSD: evp_pbe.c,v 1.43 2024/03/02 10:06:48 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -640,41 +640,3 @@ PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, return ret; } LCRYPTO_ALIAS(PKCS12_PBE_keyivgen); - -/* - * XXX - remove the functions below in the next major bump - */ - -int -EVP_PBE_find(int type, int pbe_nid, int *out_cipher_nid, int *out_md_nid, - EVP_PBE_KEYGEN **out_keygen) -{ - EVPerror(ERR_R_DISABLED); - return 0; -} - -int -EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid, - EVP_PBE_KEYGEN *keygen) -{ - EVPerror(ERR_R_DISABLED); - return 0; -} - -int -EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, - EVP_PBE_KEYGEN *keygen) -{ - EVPerror(ERR_R_DISABLED); - return 0; -} - -void -EVP_PBE_cleanup(void) -{ -} - -void -PKCS5_PBE_add(void) -{ -} -- 2.20.1