diff options
| author | tb <> | 2024-04-18 11:56:53 +0000 |
|---|---|---|
| committer | tb <> | 2024-04-18 11:56:53 +0000 |
| commit | ddc416649d5c1a3f92a6925b01970c3aa2333635 (patch) | |
| tree | 98d9989b7c6ee76b0ed92f5de5a3e3546eb25b99 | |
| parent | c2689a3130614712fc04ce8148aaec04a3a51873 (diff) | |
| download | openbsd-ddc416649d5c1a3f92a6925b01970c3aa2333635.tar.gz openbsd-ddc416649d5c1a3f92a6925b01970c3aa2333635.tar.bz2 openbsd-ddc416649d5c1a3f92a6925b01970c3aa2333635.zip | |
Add some more comments explaining shortcomings of the API
The case in point is the incompatibility of the very ergonomic X509_ALGOR
API with the RC2-derived API massacre that is EVP_CIPHER_asn1_to_param()
and its "inverse".
ok jsing
| -rw-r--r-- | src/lib/libcrypto/ec/ec_ameth.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c index 313d21823d..7b2bad45b4 100644 --- a/src/lib/libcrypto/ec/ec_ameth.c +++ b/src/lib/libcrypto/ec/ec_ameth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ec_ameth.c,v 1.66 2024/04/18 11:53:40 tb Exp $ */ | 1 | /* $OpenBSD: ec_ameth.c,v 1.67 2024/04/18 11:56:53 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -851,6 +851,13 @@ ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) | |||
| 851 | plen = ASN1_STRING_length(parameter); | 851 | plen = ASN1_STRING_length(parameter); |
| 852 | if ((kekalg = d2i_X509_ALGOR(NULL, &p, plen)) == NULL) | 852 | if ((kekalg = d2i_X509_ALGOR(NULL, &p, plen)) == NULL) |
| 853 | goto err; | 853 | goto err; |
| 854 | |||
| 855 | /* | ||
| 856 | * XXX - the reaching into kekalg below is ugly, but unfortunately the | ||
| 857 | * now internal legacy EVP_CIPHER_asn1_to_param() API doesn't interact | ||
| 858 | * nicely with the X509_ALGOR API. | ||
| 859 | */ | ||
| 860 | |||
| 854 | if ((kekctx = CMS_RecipientInfo_kari_get0_ctx(ri)) == NULL) | 861 | if ((kekctx = CMS_RecipientInfo_kari_get0_ctx(ri)) == NULL) |
| 855 | goto err; | 862 | goto err; |
| 856 | if ((kekcipher = EVP_get_cipherbyobj(kekalg->algorithm)) == NULL) | 863 | if ((kekcipher = EVP_get_cipherbyobj(kekalg->algorithm)) == NULL) |
| @@ -998,7 +1005,7 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri) | |||
| 998 | * Package wrap algorithm in an AlgorithmIdentifier. | 1005 | * Package wrap algorithm in an AlgorithmIdentifier. |
| 999 | * | 1006 | * |
| 1000 | * Incompatibility of X509_ALGOR_set0() with EVP_CIPHER_param_to_asn1() | 1007 | * Incompatibility of X509_ALGOR_set0() with EVP_CIPHER_param_to_asn1() |
| 1001 | * makes this really gross. | 1008 | * makes this really gross. See the XXX in ecdh_cms_set_shared_info(). |
| 1002 | */ | 1009 | */ |
| 1003 | 1010 | ||
| 1004 | if ((wrap_alg = X509_ALGOR_new()) == NULL) | 1011 | if ((wrap_alg = X509_ALGOR_new()) == NULL) |