4 files changed, 104 insertions, 247 deletions
diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile
index d584019e14..6329d309e7 100644
--- a/src/lib/libcrypto/Makefile
+++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.158 2023/12/20 13:46:05 tb Exp $
+# $OpenBSD: Makefile,v 1.159 2023/12/20 13:52:17 tb Exp $
 LIB=    crypto
 LIBREBUILD=y
@@ -394,8 +394,6 @@ SRCS+= p5_crpt.c
 SRCS+= p5_crpt2.c
 SRCS+= p_legacy.c
 SRCS+= p_lib.c
-SRCS+= p_open.c
-SRCS+= p_seal.c
 SRCS+= p_sign.c
 SRCS+= p_verify.c
 SRCS+= pmeth_fn.c
diff --git a/src/lib/libcrypto/evp/p_legacy.c b/src/lib/libcrypto/evp/p_legacy.c
index a88393a849..f73a6a9dae 100644
--- a/src/lib/libcrypto/evp/p_legacy.c
+++ b/src/lib/libcrypto/evp/p_legacy.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: p_legacy.c,v 1.1 2023/12/20 13:46:05 tb Exp $ */
+/*      $OpenBSD: p_legacy.c,v 1.2 2023/12/20 13:52:17 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -56,6 +56,8 @@
 * [including the GNU Public Licence.]
 */
+#include <stdlib.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -88,3 +90,103 @@ EVP_PKEY_encrypt_old(unsigned char *to, const unsigned char *from, int from_len,
        return RSA_public_encrypt(from_len, from, to, pkey->pkey.rsa,
            RSA_PKCS1_PADDING);
 }
+int
+EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+    const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv)
+{
+        unsigned char *key = NULL;
+        int i, size = 0, ret = 0;
+        if (type) {
+                EVP_CIPHER_CTX_init(ctx);
+                if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL))
+                        return 0;
+        }
+        if (!priv)
+                return 1;
+        if (priv->type != EVP_PKEY_RSA) {
+                EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA);
+                goto err;
+        }
+        size = RSA_size(priv->pkey.rsa);
+        key = malloc(size + 2);
+        if (key == NULL) {
+                /* ERROR */
+                EVPerror(ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        i = EVP_PKEY_decrypt_old(key, ek, ekl, priv);
+        if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) {
+                /* ERROR */
+                goto err;
+        }
+        if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
+                goto err;
+        ret = 1;
+err:
+        freezero(key, size);
+        return (ret);
+}
+int
+EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+        int i;
+        i = EVP_DecryptFinal_ex(ctx, out, outl);
+        if (i)
+                i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
+        return (i);
+}
+int
+EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
+    int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
+{
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        int i, iv_len;
+        if (type) {
+                EVP_CIPHER_CTX_init(ctx);
+                if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
+                        return 0;
+        }
+        if ((npubk <= 0) || !pubk)
+                return 1;
+        if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
+                return 0;
+        /* XXX - upper bound? */
+        if ((iv_len = EVP_CIPHER_CTX_iv_length(ctx)) < 0)
+                return 0;
+        if (iv_len > 0)
+                arc4random_buf(iv, iv_len);
+        if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
+                return 0;
+        for (i = 0; i < npubk; i++) {
+                ekl[i] = EVP_PKEY_encrypt_old(ek[i], key,
+                    EVP_CIPHER_CTX_key_length(ctx), pubk[i]);
+                if (ekl[i] <= 0)
+                        return (-1);
+        }
+        return (npubk);
+}
+int
+EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+        int i;
+        i = EVP_EncryptFinal_ex(ctx, out, outl);
+        if (i)
+                i = EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL);
+        return i;
+}
diff --git a/src/lib/libcrypto/evp/p_open.c b/src/lib/libcrypto/evp/p_open.c
deleted file mode 100644
index d18548e3f2..0000000000
--- a/src/lib/libcrypto/evp/p_open.c
+++ /dev/null
@@ -1,128 +0,0 @@
-/* $OpenBSD: p_open.c,v 1.23 2023/07/07 19:37:54 beck Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <string.h>
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/rsa.h>
-#include <openssl/x509.h>
-#include "evp_local.h"
-int
-EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-    const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv)
-{
-        unsigned char *key = NULL;
-        int i, size = 0, ret = 0;
-        if (type) {
-                EVP_CIPHER_CTX_init(ctx);
-                if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL))
-                        return 0;
-        }
-        if (!priv)
-                return 1;
-        if (priv->type != EVP_PKEY_RSA) {
-                EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA);
-                goto err;
-        }
-        size = RSA_size(priv->pkey.rsa);
-        key = malloc(size + 2);
-        if (key == NULL) {
-                /* ERROR */
-                EVPerror(ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        i = EVP_PKEY_decrypt_old(key, ek, ekl, priv);
-        if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) {
-                /* ERROR */
-                goto err;
-        }
-        if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
-                goto err;
-        ret = 1;
-err:
-        freezero(key, size);
-        return (ret);
-}
-int
-EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-{
-        int i;
-        i = EVP_DecryptFinal_ex(ctx, out, outl);
-        if (i)
-                i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
-        return (i);
-}
-#endif
diff --git a/src/lib/libcrypto/evp/p_seal.c b/src/lib/libcrypto/evp/p_seal.c
deleted file mode 100644
index e7b0e6f232..0000000000
--- a/src/lib/libcrypto/evp/p_seal.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/* $OpenBSD: p_seal.c,v 1.18 2023/12/20 10:15:30 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/opensslconf.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-int
-EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
-    int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
-{
-        unsigned char key[EVP_MAX_KEY_LENGTH];
-        int i, iv_len;
-        if (type) {
-                EVP_CIPHER_CTX_init(ctx);
-                if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
-                        return 0;
-        }
-        if ((npubk <= 0) || !pubk)
-                return 1;
-        if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
-                return 0;
-        /* XXX - upper bound? */
-        if ((iv_len = EVP_CIPHER_CTX_iv_length(ctx)) < 0)
-                return 0;
-        if (iv_len > 0)
-                arc4random_buf(iv, iv_len);
-        if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
-                return 0;
-        for (i = 0; i < npubk; i++) {
-                ekl[i] = EVP_PKEY_encrypt_old(ek[i], key,
-                    EVP_CIPHER_CTX_key_length(ctx), pubk[i]);
-                if (ekl[i] <= 0)
-                        return (-1);
-        }
-        return (npubk);
-}
-int
-EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-{
-        int i;
-        i = EVP_EncryptFinal_ex(ctx, out, outl);
-        if (i)
-                i = EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL);
-        return i;
-}

diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile index d584019e14..6329d309e7 100644 --- a/src/lib/libcrypto/Makefile +++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.158 2023/12/20 13:46:05 tb Exp $	1	# $OpenBSD: Makefile,v 1.159 2023/12/20 13:52:17 tb Exp $
2		2
3	LIB= crypto	3	LIB= crypto
4	LIBREBUILD=y	4	LIBREBUILD=y
@@ -394,8 +394,6 @@ SRCS+= p5_crpt.c
394	SRCS+= p5_crpt2.c	394	SRCS+= p5_crpt2.c
395	SRCS+= p_legacy.c	395	SRCS+= p_legacy.c
396	SRCS+= p_lib.c	396	SRCS+= p_lib.c
397	SRCS+= p_open.c
398	SRCS+= p_seal.c
399	SRCS+= p_sign.c	397	SRCS+= p_sign.c
400	SRCS+= p_verify.c	398	SRCS+= p_verify.c
401	SRCS+= pmeth_fn.c	399	SRCS+= pmeth_fn.c


diff --git a/src/lib/libcrypto/evp/p_legacy.c b/src/lib/libcrypto/evp/p_legacy.c index a88393a849..f73a6a9dae 100644 --- a/src/lib/libcrypto/evp/p_legacy.c +++ b/src/lib/libcrypto/evp/p_legacy.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: p_legacy.c,v 1.1 2023/12/20 13:46:05 tb Exp $ */	1	/* $OpenBSD: p_legacy.c,v 1.2 2023/12/20 13:52:17 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -56,6 +56,8 @@
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
58		58
		59	#include <stdlib.h>
		60
59	#include <openssl/evp.h>	61	#include <openssl/evp.h>
60	#include <openssl/err.h>	62	#include <openssl/err.h>
61		63
@@ -88,3 +90,103 @@ EVP_PKEY_encrypt_old(unsigned char to, const unsigned char from, int from_len,
88	return RSA_public_encrypt(from_len, from, to, pkey->pkey.rsa,	90	return RSA_public_encrypt(from_len, from, to, pkey->pkey.rsa,
89	RSA_PKCS1_PADDING);	91	RSA_PKCS1_PADDING);
90	}	92	}
		93
		94	int
		95	EVP_OpenInit(EVP_CIPHER_CTX ctx, const EVP_CIPHER type,
		96	const unsigned char ek, int ekl, const unsigned char iv, EVP_PKEY *priv)
		97	{
		98	unsigned char *key = NULL;
		99	int i, size = 0, ret = 0;
		100
		101	if (type) {
		102	EVP_CIPHER_CTX_init(ctx);
		103	if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL))
		104	return 0;
		105	}
		106
		107	if (!priv)
		108	return 1;
		109
		110	if (priv->type != EVP_PKEY_RSA) {
		111	EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA);
		112	goto err;
		113	}
		114
		115	size = RSA_size(priv->pkey.rsa);
		116	key = malloc(size + 2);
		117	if (key == NULL) {
		118	/* ERROR */
		119	EVPerror(ERR_R_MALLOC_FAILURE);
		120	goto err;
		121	}
		122
		123	i = EVP_PKEY_decrypt_old(key, ek, ekl, priv);
		124	if ((i <= 0) \|\| !EVP_CIPHER_CTX_set_key_length(ctx, i)) {
		125	/* ERROR */
		126	goto err;
		127	}
		128	if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
		129	goto err;
		130
		131	ret = 1;
		132
		133	err:
		134	freezero(key, size);
		135	return (ret);
		136	}
		137
		138	int
		139	EVP_OpenFinal(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
		140	{
		141	int i;
		142
		143	i = EVP_DecryptFinal_ex(ctx, out, outl);
		144	if (i)
		145	i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
		146	return (i);
		147	}
		148
		149	int
		150	EVP_SealInit(EVP_CIPHER_CTX ctx, const EVP_CIPHER type, unsigned char **ek,
		151	int ekl, unsigned char iv, EVP_PKEY **pubk, int npubk)
		152	{
		153	unsigned char key[EVP_MAX_KEY_LENGTH];
		154	int i, iv_len;
		155
		156	if (type) {
		157	EVP_CIPHER_CTX_init(ctx);
		158	if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
		159	return 0;
		160	}
		161	if ((npubk <= 0) \|\| !pubk)
		162	return 1;
		163	if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
		164	return 0;
		165	/* XXX - upper bound? */
		166	if ((iv_len = EVP_CIPHER_CTX_iv_length(ctx)) < 0)
		167	return 0;
		168	if (iv_len > 0)
		169	arc4random_buf(iv, iv_len);
		170
		171	if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
		172	return 0;
		173
		174	for (i = 0; i < npubk; i++) {
		175	ekl[i] = EVP_PKEY_encrypt_old(ek[i], key,
		176	EVP_CIPHER_CTX_key_length(ctx), pubk[i]);
		177	if (ekl[i] <= 0)
		178	return (-1);
		179	}
		180	return (npubk);
		181	}
		182
		183	int
		184	EVP_SealFinal(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
		185	{
		186	int i;
		187
		188	i = EVP_EncryptFinal_ex(ctx, out, outl);
		189	if (i)
		190	i = EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL);
		191	return i;
		192	}


diff --git a/src/lib/libcrypto/evp/p_open.c b/src/lib/libcrypto/evp/p_open.c deleted file mode 100644 index d18548e3f2..0000000000 --- a/src/lib/libcrypto/evp/p_open.c +++ /dev/null
@@ -1,128 +0,0 @@
1	/* $OpenBSD: p_open.c,v 1.23 2023/07/07 19:37:54 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.
4	*
5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.
8	*
9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.
22	*
23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions
25	* are met:
26	* 1. Redistributions of source code must retain the copyright
27	* notice, this list of conditions and the following disclaimer.
28	* 2. Redistributions in binary form must reproduce the above copyright
29	* notice, this list of conditions and the following disclaimer in the
30	* documentation and/or other materials provided with the distribution.
31	* 3. All advertising materials mentioning features or use of this software
32	* must display the following acknowledgement:
33	* "This product includes cryptographic software written by
34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.
52	*
53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]
57	*/
58
59	#include <stdio.h>
60	#include <string.h>
61
62	#include <openssl/opensslconf.h>
63
64	#ifndef OPENSSL_NO_RSA
65
66	#include <openssl/err.h>
67	#include <openssl/evp.h>
68	#include <openssl/objects.h>
69	#include <openssl/rsa.h>
70	#include <openssl/x509.h>
71
72	#include "evp_local.h"
73
74	int
75	EVP_OpenInit(EVP_CIPHER_CTX ctx, const EVP_CIPHER type,
76	const unsigned char ek, int ekl, const unsigned char iv, EVP_PKEY *priv)
77	{
78	unsigned char *key = NULL;
79	int i, size = 0, ret = 0;
80
81	if (type) {
82	EVP_CIPHER_CTX_init(ctx);
83	if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL))
84	return 0;
85	}
86
87	if (!priv)
88	return 1;
89
90	if (priv->type != EVP_PKEY_RSA) {
91	EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA);
92	goto err;
93	}
94
95	size = RSA_size(priv->pkey.rsa);
96	key = malloc(size + 2);
97	if (key == NULL) {
98	/* ERROR */
99	EVPerror(ERR_R_MALLOC_FAILURE);
100	goto err;
101	}
102
103	i = EVP_PKEY_decrypt_old(key, ek, ekl, priv);
104	if ((i <= 0) \|\| !EVP_CIPHER_CTX_set_key_length(ctx, i)) {
105	/* ERROR */
106	goto err;
107	}
108	if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
109	goto err;
110
111	ret = 1;
112
113	err:
114	freezero(key, size);
115	return (ret);
116	}
117
118	int
119	EVP_OpenFinal(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
120	{
121	int i;
122
123	i = EVP_DecryptFinal_ex(ctx, out, outl);
124	if (i)
125	i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
126	return (i);
127	}
128	#endif


diff --git a/src/lib/libcrypto/evp/p_seal.c b/src/lib/libcrypto/evp/p_seal.c deleted file mode 100644 index e7b0e6f232..0000000000 --- a/src/lib/libcrypto/evp/p_seal.c +++ /dev/null
@@ -1,115 +0,0 @@
1	/* $OpenBSD: p_seal.c,v 1.18 2023/12/20 10:15:30 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.
4	*
5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.
8	*
9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.
22	*
23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions
25	* are met:
26	* 1. Redistributions of source code must retain the copyright
27	* notice, this list of conditions and the following disclaimer.
28	* 2. Redistributions in binary form must reproduce the above copyright
29	* notice, this list of conditions and the following disclaimer in the
30	* documentation and/or other materials provided with the distribution.
31	* 3. All advertising materials mentioning features or use of this software
32	* must display the following acknowledgement:
33	* "This product includes cryptographic software written by
34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.
52	*
53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]
57	*/
58
59	#include <stdio.h>
60	#include <stdlib.h>
61
62	#include <openssl/opensslconf.h>
63
64	#include <openssl/evp.h>
65	#include <openssl/objects.h>
66	#include <openssl/x509.h>
67
68	#ifndef OPENSSL_NO_RSA
69	#include <openssl/rsa.h>
70	#endif
71
72	int
73	EVP_SealInit(EVP_CIPHER_CTX ctx, const EVP_CIPHER type, unsigned char **ek,
74	int ekl, unsigned char iv, EVP_PKEY **pubk, int npubk)
75	{
76	unsigned char key[EVP_MAX_KEY_LENGTH];
77	int i, iv_len;
78
79	if (type) {
80	EVP_CIPHER_CTX_init(ctx);
81	if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
82	return 0;
83	}
84	if ((npubk <= 0) \|\| !pubk)
85	return 1;
86	if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
87	return 0;
88	/* XXX - upper bound? */
89	if ((iv_len = EVP_CIPHER_CTX_iv_length(ctx)) < 0)
90	return 0;
91	if (iv_len > 0)
92	arc4random_buf(iv, iv_len);
93
94	if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
95	return 0;
96
97	for (i = 0; i < npubk; i++) {
98	ekl[i] = EVP_PKEY_encrypt_old(ek[i], key,
99	EVP_CIPHER_CTX_key_length(ctx), pubk[i]);
100	if (ekl[i] <= 0)
101	return (-1);
102	}
103	return (npubk);
104	}
105
106	int
107	EVP_SealFinal(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
108	{
109	int i;
110
111	i = EVP_EncryptFinal_ex(ctx, out, outl);
112	if (i)
113	i = EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL);
114	return i;
115	}