1 files changed, 298 insertions, 3 deletions
diff --git a/src/lib/libcrypto/evp/evp_cipher.c b/src/lib/libcrypto/evp/evp_cipher.c
index 3b38e18bf3..b8945520b4 100644
--- a/src/lib/libcrypto/evp/evp_cipher.c
+++ b/src/lib/libcrypto/evp/evp_cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_cipher.c,v 1.1 2023/12/29 05:57:24 tb Exp $ */
+/* $OpenBSD: evp_cipher.c,v 1.2 2023/12/29 06:17:58 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -61,11 +61,11 @@
 #include <stdlib.h>
 #include <string.h>
-#include <openssl/opensslconf.h>
+#include <openssl/asn1.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
+#include "asn1_local.h"
 #include "evp_local.h"
 int
@@ -685,3 +685,298 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
        return 1;
 }
+int
+EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+        int ret;
+        if (c->cipher->set_asn1_parameters != NULL)
+                ret = c->cipher->set_asn1_parameters(c, type);
+        else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
+                ret = EVP_CIPHER_set_asn1_iv(c, type);
+        else
+                ret = -1;
+        return (ret);
+}
+int
+EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+        int ret;
+        if (c->cipher->get_asn1_parameters != NULL)
+                ret = c->cipher->get_asn1_parameters(c, type);
+        else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
+                ret = EVP_CIPHER_get_asn1_iv(c, type);
+        else
+                ret = -1;
+        return (ret);
+}
+int
+EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+        int i = 0;
+        int l;
+        if (type != NULL) {
+                l = EVP_CIPHER_CTX_iv_length(c);
+                if (l < 0 || l > sizeof(c->iv)) {
+                        EVPerror(EVP_R_IV_TOO_LARGE);
+                        return 0;
+                }
+                i = ASN1_TYPE_get_octetstring(type, c->oiv, l);
+                if (i != l)
+                        return (-1);
+                else if (i > 0)
+                        memcpy(c->iv, c->oiv, l);
+        }
+        return (i);
+}
+int
+EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+        int i = 0;
+        int j;
+        if (type != NULL) {
+                j = EVP_CIPHER_CTX_iv_length(c);
+                if (j < 0 || j > sizeof(c->iv)) {
+                        EVPerror(EVP_R_IV_TOO_LARGE);
+                        return 0;
+                }
+                i = ASN1_TYPE_set_octetstring(type, c->oiv, j);
+        }
+        return (i);
+}
+/* Convert the various cipher NIDs and dummies to a proper OID NID */
+int
+EVP_CIPHER_type(const EVP_CIPHER *ctx)
+{
+        int nid;
+        ASN1_OBJECT *otmp;
+        nid = EVP_CIPHER_nid(ctx);
+        switch (nid) {
+        case NID_rc2_cbc:
+        case NID_rc2_64_cbc:
+        case NID_rc2_40_cbc:
+                return NID_rc2_cbc;
+        case NID_rc4:
+        case NID_rc4_40:
+                return NID_rc4;
+        case NID_aes_128_cfb128:
+        case NID_aes_128_cfb8:
+        case NID_aes_128_cfb1:
+                return NID_aes_128_cfb128;
+        case NID_aes_192_cfb128:
+        case NID_aes_192_cfb8:
+        case NID_aes_192_cfb1:
+                return NID_aes_192_cfb128;
+        case NID_aes_256_cfb128:
+        case NID_aes_256_cfb8:
+        case NID_aes_256_cfb1:
+                return NID_aes_256_cfb128;
+        case NID_des_cfb64:
+        case NID_des_cfb8:
+        case NID_des_cfb1:
+                return NID_des_cfb64;
+        case NID_des_ede3_cfb64:
+        case NID_des_ede3_cfb8:
+        case NID_des_ede3_cfb1:
+                return NID_des_cfb64;
+        default:
+                /* Check it has an OID and it is valid */
+                otmp = OBJ_nid2obj(nid);
+                if (!otmp || !otmp->data)
+                        nid = NID_undef;
+                ASN1_OBJECT_free(otmp);
+                return nid;
+        }
+}
+int
+EVP_CIPHER_block_size(const EVP_CIPHER *e)
+{
+        return e->block_size;
+}
+int
+EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
+{
+        return ctx->cipher->block_size;
+}
+const EVP_CIPHER *
+EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
+{
+        return ctx->cipher;
+}
+int
+EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
+{
+        return ctx->encrypt;
+}
+unsigned long
+EVP_CIPHER_flags(const EVP_CIPHER *cipher)
+{
+        return cipher->flags;
+}
+unsigned long
+EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
+{
+        return ctx->cipher->flags;
+}
+void *
+EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
+{
+        return ctx->app_data;
+}
+void
+EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
+{
+        ctx->app_data = data;
+}
+void *
+EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx)
+{
+        return ctx->cipher_data;
+}
+void *
+EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data)
+{
+        void *old_cipher_data;
+        old_cipher_data = ctx->cipher_data;
+        ctx->cipher_data = cipher_data;
+        return old_cipher_data;
+}
+int
+EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
+{
+        return cipher->iv_len;
+}
+int
+EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
+{
+        int iv_length = 0;
+        if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_IV_LENGTH) == 0)
+                return ctx->cipher->iv_len;
+        /*
+         * XXX - sanity would suggest to pass the size of the pointer along,
+         * but unfortunately we have to match the other crowd.
+         */
+        if (EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, 0,
+            &iv_length) != 1)
+                return -1;
+        return iv_length;
+}
+unsigned char *
+EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
+{
+        return ctx->buf;
+}
+int
+EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
+{
+        return cipher->key_len;
+}
+int
+EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
+{
+        return ctx->key_len;
+}
+int
+EVP_CIPHER_nid(const EVP_CIPHER *cipher)
+{
+        return cipher->nid;
+}
+int
+EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
+{
+        return ctx->cipher->nid;
+}
+int
+EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len)
+{
+        if (ctx == NULL || len != EVP_CIPHER_CTX_iv_length(ctx))
+                return 0;
+        if (len > EVP_MAX_IV_LENGTH)
+                return 0; /* sanity check; shouldn't happen */
+        /*
+         * Skip the memcpy entirely when the requested IV length is zero,
+         * since the iv pointer may be NULL or invalid.
+         */
+        if (len != 0) {
+                if (iv == NULL)
+                        return 0;
+                memcpy(iv, ctx->iv, len);
+        }
+        return 1;
+}
+int
+EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len)
+{
+        if (ctx == NULL || len != EVP_CIPHER_CTX_iv_length(ctx))
+                return 0;
+        if (len > EVP_MAX_IV_LENGTH)
+                return 0; /* sanity check; shouldn't happen */
+        /*
+         * Skip the memcpy entirely when the requested IV length is zero,
+         * since the iv pointer may be NULL or invalid.
+         */
+        if (len != 0) {
+                if (iv == NULL)
+                        return 0;
+                memcpy(ctx->iv, iv, len);
+        }
+        return 1;
+}
+void
+EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags)
+{
+        ctx->flags |= flags;
+}
+void
+EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags)
+{
+        ctx->flags &= ~flags;
+}
+int
+EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
+{
+        return (ctx->flags & flags);
+}

diff --git a/src/lib/libcrypto/evp/evp_cipher.c b/src/lib/libcrypto/evp/evp_cipher.c index 3b38e18bf3..b8945520b4 100644 --- a/src/lib/libcrypto/evp/evp_cipher.c +++ b/src/lib/libcrypto/evp/evp_cipher.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp_cipher.c,v 1.1 2023/12/29 05:57:24 tb Exp $ */	1	/* $OpenBSD: evp_cipher.c,v 1.2 2023/12/29 06:17:58 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -61,11 +61,11 @@
61	#include <stdlib.h>	61	#include <stdlib.h>
62	#include <string.h>	62	#include <string.h>
63		63
64	#include <openssl/opensslconf.h>	64	#include <openssl/asn1.h>
65
66	#include <openssl/err.h>	65	#include <openssl/err.h>
67	#include <openssl/evp.h>	66	#include <openssl/evp.h>
68		67
		68	#include "asn1_local.h"
69	#include "evp_local.h"	69	#include "evp_local.h"
70		70
71	int	71	int
@@ -685,3 +685,298 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX out, const EVP_CIPHER_CTX in)
685		685
686	return 1;	686	return 1;
687	}	687	}
		688
		689	int
		690	EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX c, ASN1_TYPE type)
		691	{
		692	int ret;
		693
		694	if (c->cipher->set_asn1_parameters != NULL)
		695	ret = c->cipher->set_asn1_parameters(c, type);
		696	else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
		697	ret = EVP_CIPHER_set_asn1_iv(c, type);
		698	else
		699	ret = -1;
		700	return (ret);
		701	}
		702
		703	int
		704	EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX c, ASN1_TYPE type)
		705	{
		706	int ret;
		707
		708	if (c->cipher->get_asn1_parameters != NULL)
		709	ret = c->cipher->get_asn1_parameters(c, type);
		710	else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
		711	ret = EVP_CIPHER_get_asn1_iv(c, type);
		712	else
		713	ret = -1;
		714	return (ret);
		715	}
		716
		717	int
		718	EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX c, ASN1_TYPE type)
		719	{
		720	int i = 0;
		721	int l;
		722
		723	if (type != NULL) {
		724	l = EVP_CIPHER_CTX_iv_length(c);
		725	if (l < 0 \|\| l > sizeof(c->iv)) {
		726	EVPerror(EVP_R_IV_TOO_LARGE);
		727	return 0;
		728	}
		729	i = ASN1_TYPE_get_octetstring(type, c->oiv, l);
		730	if (i != l)
		731	return (-1);
		732	else if (i > 0)
		733	memcpy(c->iv, c->oiv, l);
		734	}
		735	return (i);
		736	}
		737
		738	int
		739	EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX c, ASN1_TYPE type)
		740	{
		741	int i = 0;
		742	int j;
		743
		744	if (type != NULL) {
		745	j = EVP_CIPHER_CTX_iv_length(c);
		746	if (j < 0 \|\| j > sizeof(c->iv)) {
		747	EVPerror(EVP_R_IV_TOO_LARGE);
		748	return 0;
		749	}
		750	i = ASN1_TYPE_set_octetstring(type, c->oiv, j);
		751	}
		752	return (i);
		753	}
		754
		755	/* Convert the various cipher NIDs and dummies to a proper OID NID */
		756	int
		757	EVP_CIPHER_type(const EVP_CIPHER *ctx)
		758	{
		759	int nid;
		760	ASN1_OBJECT *otmp;
		761	nid = EVP_CIPHER_nid(ctx);
		762
		763	switch (nid) {
		764	case NID_rc2_cbc:
		765	case NID_rc2_64_cbc:
		766	case NID_rc2_40_cbc:
		767	return NID_rc2_cbc;
		768
		769	case NID_rc4:
		770	case NID_rc4_40:
		771	return NID_rc4;
		772
		773	case NID_aes_128_cfb128:
		774	case NID_aes_128_cfb8:
		775	case NID_aes_128_cfb1:
		776	return NID_aes_128_cfb128;
		777
		778	case NID_aes_192_cfb128:
		779	case NID_aes_192_cfb8:
		780	case NID_aes_192_cfb1:
		781	return NID_aes_192_cfb128;
		782
		783	case NID_aes_256_cfb128:
		784	case NID_aes_256_cfb8:
		785	case NID_aes_256_cfb1:
		786	return NID_aes_256_cfb128;
		787
		788	case NID_des_cfb64:
		789	case NID_des_cfb8:
		790	case NID_des_cfb1:
		791	return NID_des_cfb64;
		792
		793	case NID_des_ede3_cfb64:
		794	case NID_des_ede3_cfb8:
		795	case NID_des_ede3_cfb1:
		796	return NID_des_cfb64;
		797
		798	default:
		799	/* Check it has an OID and it is valid */
		800	otmp = OBJ_nid2obj(nid);
		801	if (!otmp \|\| !otmp->data)
		802	nid = NID_undef;
		803	ASN1_OBJECT_free(otmp);
		804	return nid;
		805	}
		806	}
		807
		808	int
		809	EVP_CIPHER_block_size(const EVP_CIPHER *e)
		810	{
		811	return e->block_size;
		812	}
		813
		814	int
		815	EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
		816	{
		817	return ctx->cipher->block_size;
		818	}
		819
		820	const EVP_CIPHER *
		821	EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
		822	{
		823	return ctx->cipher;
		824	}
		825
		826	int
		827	EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
		828	{
		829	return ctx->encrypt;
		830	}
		831
		832	unsigned long
		833	EVP_CIPHER_flags(const EVP_CIPHER *cipher)
		834	{
		835	return cipher->flags;
		836	}
		837
		838	unsigned long
		839	EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
		840	{
		841	return ctx->cipher->flags;
		842	}
		843
		844	void *
		845	EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
		846	{
		847	return ctx->app_data;
		848	}
		849
		850	void
		851	EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX ctx, void data)
		852	{
		853	ctx->app_data = data;
		854	}
		855
		856	void *
		857	EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx)
		858	{
		859	return ctx->cipher_data;
		860	}
		861
		862	void *
		863	EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX ctx, void cipher_data)
		864	{
		865	void *old_cipher_data;
		866
		867	old_cipher_data = ctx->cipher_data;
		868	ctx->cipher_data = cipher_data;
		869
		870	return old_cipher_data;
		871	}
		872
		873	int
		874	EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
		875	{
		876	return cipher->iv_len;
		877	}
		878
		879	int
		880	EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
		881	{
		882	int iv_length = 0;
		883
		884	if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_IV_LENGTH) == 0)
		885	return ctx->cipher->iv_len;
		886
		887	/*
		888	* XXX - sanity would suggest to pass the size of the pointer along,
		889	* but unfortunately we have to match the other crowd.
		890	*/
		891	if (EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, 0,
		892	&iv_length) != 1)
		893	return -1;
		894
		895	return iv_length;
		896	}
		897
		898	unsigned char *
		899	EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
		900	{
		901	return ctx->buf;
		902	}
		903
		904	int
		905	EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
		906	{
		907	return cipher->key_len;
		908	}
		909
		910	int
		911	EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
		912	{
		913	return ctx->key_len;
		914	}
		915
		916	int
		917	EVP_CIPHER_nid(const EVP_CIPHER *cipher)
		918	{
		919	return cipher->nid;
		920	}
		921
		922	int
		923	EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
		924	{
		925	return ctx->cipher->nid;
		926	}
		927
		928	int
		929	EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX ctx, unsigned char iv, size_t len)
		930	{
		931	if (ctx == NULL \|\| len != EVP_CIPHER_CTX_iv_length(ctx))
		932	return 0;
		933	if (len > EVP_MAX_IV_LENGTH)
		934	return 0; /* sanity check; shouldn't happen */
		935	/*
		936	* Skip the memcpy entirely when the requested IV length is zero,
		937	* since the iv pointer may be NULL or invalid.
		938	*/
		939	if (len != 0) {
		940	if (iv == NULL)
		941	return 0;
		942	memcpy(iv, ctx->iv, len);
		943	}
		944	return 1;
		945	}
		946
		947	int
		948	EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX ctx, const unsigned char iv, size_t len)
		949	{
		950	if (ctx == NULL \|\| len != EVP_CIPHER_CTX_iv_length(ctx))
		951	return 0;
		952	if (len > EVP_MAX_IV_LENGTH)
		953	return 0; /* sanity check; shouldn't happen */
		954	/*
		955	* Skip the memcpy entirely when the requested IV length is zero,
		956	* since the iv pointer may be NULL or invalid.
		957	*/
		958	if (len != 0) {
		959	if (iv == NULL)
		960	return 0;
		961	memcpy(ctx->iv, iv, len);
		962	}
		963	return 1;
		964	}
		965
		966	void
		967	EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags)
		968	{
		969	ctx->flags \|= flags;
		970	}
		971
		972	void
		973	EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags)
		974	{
		975	ctx->flags &= ~flags;
		976	}
		977
		978	int
		979	EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
		980	{
		981	return (ctx->flags & flags);
		982	}