1 files changed, 103 insertions, 1 deletions
diff --git a/src/lib/libcrypto/evp/p_legacy.c b/src/lib/libcrypto/evp/p_legacy.c
index a88393a849..f73a6a9dae 100644
--- a/src/lib/libcrypto/evp/p_legacy.c
+++ b/src/lib/libcrypto/evp/p_legacy.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: p_legacy.c,v 1.1 2023/12/20 13:46:05 tb Exp $ */
+/*      $OpenBSD: p_legacy.c,v 1.2 2023/12/20 13:52:17 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -56,6 +56,8 @@
 * [including the GNU Public Licence.]
 */
+#include <stdlib.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -88,3 +90,103 @@ EVP_PKEY_encrypt_old(unsigned char *to, const unsigned char *from, int from_len,
        return RSA_public_encrypt(from_len, from, to, pkey->pkey.rsa,
            RSA_PKCS1_PADDING);
 }
+int
+EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+    const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv)
+{
+        unsigned char *key = NULL;
+        int i, size = 0, ret = 0;
+        if (type) {
+                EVP_CIPHER_CTX_init(ctx);
+                if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL))
+                        return 0;
+        }
+        if (!priv)
+                return 1;
+        if (priv->type != EVP_PKEY_RSA) {
+                EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA);
+                goto err;
+        }
+        size = RSA_size(priv->pkey.rsa);
+        key = malloc(size + 2);
+        if (key == NULL) {
+                /* ERROR */
+                EVPerror(ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        i = EVP_PKEY_decrypt_old(key, ek, ekl, priv);
+        if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) {
+                /* ERROR */
+                goto err;
+        }
+        if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
+                goto err;
+        ret = 1;
+err:
+        freezero(key, size);
+        return (ret);
+}
+int
+EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+        int i;
+        i = EVP_DecryptFinal_ex(ctx, out, outl);
+        if (i)
+                i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
+        return (i);
+}
+int
+EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
+    int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
+{
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        int i, iv_len;
+        if (type) {
+                EVP_CIPHER_CTX_init(ctx);
+                if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
+                        return 0;
+        }
+        if ((npubk <= 0) || !pubk)
+                return 1;
+        if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
+                return 0;
+        /* XXX - upper bound? */
+        if ((iv_len = EVP_CIPHER_CTX_iv_length(ctx)) < 0)
+                return 0;
+        if (iv_len > 0)
+                arc4random_buf(iv, iv_len);
+        if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
+                return 0;
+        for (i = 0; i < npubk; i++) {
+                ekl[i] = EVP_PKEY_encrypt_old(ek[i], key,
+                    EVP_CIPHER_CTX_key_length(ctx), pubk[i]);
+                if (ekl[i] <= 0)
+                        return (-1);
+        }
+        return (npubk);
+}
+int
+EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+        int i;
+        i = EVP_EncryptFinal_ex(ctx, out, outl);
+        if (i)
+                i = EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL);
+        return i;
+}

diff --git a/src/lib/libcrypto/evp/p_legacy.c b/src/lib/libcrypto/evp/p_legacy.c index a88393a849..f73a6a9dae 100644 --- a/src/lib/libcrypto/evp/p_legacy.c +++ b/src/lib/libcrypto/evp/p_legacy.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: p_legacy.c,v 1.1 2023/12/20 13:46:05 tb Exp $ */	1	/* $OpenBSD: p_legacy.c,v 1.2 2023/12/20 13:52:17 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -56,6 +56,8 @@
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
58		58
		59	#include <stdlib.h>
		60
59	#include <openssl/evp.h>	61	#include <openssl/evp.h>
60	#include <openssl/err.h>	62	#include <openssl/err.h>
61		63
@@ -88,3 +90,103 @@ EVP_PKEY_encrypt_old(unsigned char to, const unsigned char from, int from_len,
88	return RSA_public_encrypt(from_len, from, to, pkey->pkey.rsa,	90	return RSA_public_encrypt(from_len, from, to, pkey->pkey.rsa,
89	RSA_PKCS1_PADDING);	91	RSA_PKCS1_PADDING);
90	}	92	}
		93
		94	int
		95	EVP_OpenInit(EVP_CIPHER_CTX ctx, const EVP_CIPHER type,
		96	const unsigned char ek, int ekl, const unsigned char iv, EVP_PKEY *priv)
		97	{
		98	unsigned char *key = NULL;
		99	int i, size = 0, ret = 0;
		100
		101	if (type) {
		102	EVP_CIPHER_CTX_init(ctx);
		103	if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL))
		104	return 0;
		105	}
		106
		107	if (!priv)
		108	return 1;
		109
		110	if (priv->type != EVP_PKEY_RSA) {
		111	EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA);
		112	goto err;
		113	}
		114
		115	size = RSA_size(priv->pkey.rsa);
		116	key = malloc(size + 2);
		117	if (key == NULL) {
		118	/* ERROR */
		119	EVPerror(ERR_R_MALLOC_FAILURE);
		120	goto err;
		121	}
		122
		123	i = EVP_PKEY_decrypt_old(key, ek, ekl, priv);
		124	if ((i <= 0) \|\| !EVP_CIPHER_CTX_set_key_length(ctx, i)) {
		125	/* ERROR */
		126	goto err;
		127	}
		128	if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
		129	goto err;
		130
		131	ret = 1;
		132
		133	err:
		134	freezero(key, size);
		135	return (ret);
		136	}
		137
		138	int
		139	EVP_OpenFinal(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
		140	{
		141	int i;
		142
		143	i = EVP_DecryptFinal_ex(ctx, out, outl);
		144	if (i)
		145	i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
		146	return (i);
		147	}
		148
		149	int
		150	EVP_SealInit(EVP_CIPHER_CTX ctx, const EVP_CIPHER type, unsigned char **ek,
		151	int ekl, unsigned char iv, EVP_PKEY **pubk, int npubk)
		152	{
		153	unsigned char key[EVP_MAX_KEY_LENGTH];
		154	int i, iv_len;
		155
		156	if (type) {
		157	EVP_CIPHER_CTX_init(ctx);
		158	if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
		159	return 0;
		160	}
		161	if ((npubk <= 0) \|\| !pubk)
		162	return 1;
		163	if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
		164	return 0;
		165	/* XXX - upper bound? */
		166	if ((iv_len = EVP_CIPHER_CTX_iv_length(ctx)) < 0)
		167	return 0;
		168	if (iv_len > 0)
		169	arc4random_buf(iv, iv_len);
		170
		171	if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
		172	return 0;
		173
		174	for (i = 0; i < npubk; i++) {
		175	ekl[i] = EVP_PKEY_encrypt_old(ek[i], key,
		176	EVP_CIPHER_CTX_key_length(ctx), pubk[i]);
		177	if (ekl[i] <= 0)
		178	return (-1);
		179	}
		180	return (npubk);
		181	}
		182
		183	int
		184	EVP_SealFinal(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
		185	{
		186	int i;
		187
		188	i = EVP_EncryptFinal_ex(ctx, out, outl);
		189	if (i)
		190	i = EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL);
		191	return i;
		192	}