From c1f409eab9c024c6da239096fed92d93b5d17678 Mon Sep 17 00:00:00 2001 From: tb Date: Tue, 26 Mar 2024 07:03:10 +0000 Subject: [PATCH] Remove PKCS5_pbe2_set_iv() This used to be a generalization of PKCS5_pbe2_set(). Its only caller was the latter, which always passes aiv == NULL and pbe_prf == -1. Thus, the iv would always be random and regarding the pbe_prf, it would always end up being NID_hmacWithSHA1 since the only ctrl grokking EVP_CTRL_PBE_PRF_NID was RC2's control, but only if PBE_PRF_TEST was defined, which it wasn't. ok jsing --- lib/libcrypto/asn1/p5_pbev2.c | 37 +++++++++-------------------------- 1 file changed, 9 insertions(+), 28 deletions(-) diff --git a/lib/libcrypto/asn1/p5_pbev2.c b/lib/libcrypto/asn1/p5_pbev2.c index 4a6ac062128..76872a8dec6 100644 --- a/lib/libcrypto/asn1/p5_pbev2.c +++ b/lib/libcrypto/asn1/p5_pbev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_pbev2.c,v 1.34 2024/03/26 05:43:22 tb Exp $ */ +/* $OpenBSD: p5_pbev2.c,v 1.35 2024/03/26 07:03:10 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999-2004. */ @@ -177,17 +177,17 @@ PBKDF2PARAM_free(PBKDF2PARAM *a) ASN1_item_free((ASN1_VALUE *)a, &PBKDF2PARAM_it); } -/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: +/* + * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: * yes I know this is horrible! - * - * Extended version to allow application supplied PRF NID and IV. */ -static X509_ALGOR * -PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt, - int saltlen, unsigned char *aiv, int prf_nid) +X509_ALGOR * +PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, unsigned char *salt, + int saltlen) { X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; + int prf_nid = NID_hmacWithSHA1; int alg_nid, keylen; EVP_CIPHER_CTX ctx; unsigned char iv[EVP_MAX_IV_LENGTH]; @@ -212,12 +212,8 @@ PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt, goto merr; /* Create random IV */ - if (EVP_CIPHER_iv_length(cipher)) { - if (aiv) - memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); - else - arc4random_buf(iv, EVP_CIPHER_iv_length(cipher)); - } + if (EVP_CIPHER_iv_length(cipher) > 0) + arc4random_buf(iv, EVP_CIPHER_iv_length(cipher)); EVP_CIPHER_CTX_legacy_clear(&ctx); @@ -229,14 +225,6 @@ PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt, EVP_CIPHER_CTX_cleanup(&ctx); goto err; } - /* If prf NID unspecified see if cipher has a preference. - * An error is OK here: just means use default PRF. - */ - if ((prf_nid == -1) && - EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { - ERR_clear_error(); - prf_nid = NID_hmacWithSHA1; - } EVP_CIPHER_CTX_cleanup(&ctx); /* If its RC2 then we'd better setup the key length */ @@ -287,13 +275,6 @@ PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt, return NULL; } -X509_ALGOR * -PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, unsigned char *salt, - int saltlen) -{ - return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1); -} - X509_ALGOR * PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid, int keylen) -- 2.20.1