From: Matt Caswell Date: Wed, 3 Dec 2025 10:38:56 +0000 (+0000) Subject: Remove support for custom cipher methods X-Git-Url: https://git.feebdaed.xyz/?a=commitdiff_plain;h=441bf727d0fb748103dc40c371fe7289a41692b7;p=0xmirror%2Fopenssl.git Remove support for custom cipher methods Custom cipher methods are considered legacy and have been deprecated since 3.0. With the removal of ENGINEs they become a lot less useful and add significant complexity to the code. We should therefore remove them in 4.0. Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/29299) --- diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 2243820bb2..3b0d5070ce 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -1480,19 +1480,6 @@ int ossl_cms_RecipientInfo_wrap_init(CMS_RecipientInfo *ri, ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH); return 0; } - if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_GET_WRAP_CIPHER) != 0) { - ret = EVP_CIPHER_meth_get_ctrl(cipher)(NULL, EVP_CTRL_GET_WRAP_CIPHER, - 0, &kekcipher); - if (ret <= 0) - return 0; - - if (kekcipher != NULL) { - if (EVP_CIPHER_get_mode(kekcipher) != EVP_CIPH_WRAP_MODE) - return 0; - kekcipher_name = EVP_CIPHER_get0_name(kekcipher); - goto enc; - } - } /* * Pick a cipher based on content encryption cipher. If it is DES3 use @@ -1509,7 +1496,7 @@ int ossl_cms_RecipientInfo_wrap_init(CMS_RecipientInfo *ri, kekcipher_name = SN_id_aes192_wrap; else kekcipher_name = SN_id_aes256_wrap; -enc: + fetched_kekcipher = EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(cms_ctx), kekcipher_name, ossl_cms_ctx_get0_propq(cms_ctx)); diff --git a/crypto/evp/build.info b/crypto/evp/build.info index f46bbe8843..1cbf6e8920 100644 --- a/crypto/evp/build.info +++ b/crypto/evp/build.info @@ -18,7 +18,7 @@ SOURCE[../../libcrypto]=$COMMON\ e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \ e_chacha20_poly1305.c \ legacy_sha.c ctrl_params_translate.c \ - cmeth_lib.c m_sigver.c + m_sigver.c # Diverse type specific ctrl functions. They are kinda sorta legacy, kinda # sorta not. diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c deleted file mode 100644 index 5e71d0061c..0000000000 --- a/crypto/evp/cmeth_lib.c +++ /dev/null @@ -1,200 +0,0 @@ -/* - * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * EVP _meth_ APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include - -#include -#include "crypto/evp.h" -#include "internal/provider.h" -#include "evp_local.h" - -EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len) -{ - EVP_CIPHER *cipher = evp_cipher_new(); - - if (cipher != NULL) { - cipher->nid = cipher_type; - cipher->block_size = block_size; - cipher->key_len = key_len; - cipher->origin = EVP_ORIG_METH; - } - return cipher; -} - -EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher) -{ - EVP_CIPHER *to = NULL; - - /* - * Non-legacy EVP_CIPHERs can't be duplicated like this. - * Use EVP_CIPHER_up_ref() instead. - */ - if (cipher->prov != NULL) - return NULL; - - if ((to = EVP_CIPHER_meth_new(cipher->nid, cipher->block_size, - cipher->key_len)) - != NULL) { - CRYPTO_REF_COUNT refcnt = to->refcnt; - - memcpy(to, cipher, sizeof(*to)); - to->refcnt = refcnt; - to->origin = EVP_ORIG_METH; - } - return to; -} - -void EVP_CIPHER_meth_free(EVP_CIPHER *cipher) -{ - if (cipher == NULL || cipher->origin != EVP_ORIG_METH) - return; - - evp_cipher_free_int(cipher); -} - -int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len) -{ - if (cipher->iv_len != 0) - return 0; - - cipher->iv_len = iv_len; - return 1; -} - -int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags) -{ - if (cipher->flags != 0) - return 0; - - cipher->flags = flags; - return 1; -} - -int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size) -{ - if (cipher->ctx_size != 0) - return 0; - - cipher->ctx_size = ctx_size; - return 1; -} - -int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, - int (*init)(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, - int enc)) -{ - if (cipher->init != NULL) - return 0; - - cipher->init = init; - return 1; -} - -int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, - int (*do_cipher)(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t inl)) -{ - if (cipher->do_cipher != NULL) - return 0; - - cipher->do_cipher = do_cipher; - return 1; -} - -int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, - int (*cleanup)(EVP_CIPHER_CTX *)) -{ - if (cipher->cleanup != NULL) - return 0; - - cipher->cleanup = cleanup; - return 1; -} - -int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, - int (*set_asn1_parameters)(EVP_CIPHER_CTX *, - ASN1_TYPE *)) -{ - if (cipher->set_asn1_parameters != NULL) - return 0; - - cipher->set_asn1_parameters = set_asn1_parameters; - return 1; -} - -int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, - int (*get_asn1_parameters)(EVP_CIPHER_CTX *, - ASN1_TYPE *)) -{ - if (cipher->get_asn1_parameters != NULL) - return 0; - - cipher->get_asn1_parameters = get_asn1_parameters; - return 1; -} - -int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, - int (*ctrl)(EVP_CIPHER_CTX *, int type, - int arg, void *ptr)) -{ - if (cipher->ctrl != NULL) - return 0; - - cipher->ctrl = ctrl; - return 1; -} - -int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, - int enc) -{ - return cipher->init; -} -int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t inl) -{ - return cipher->do_cipher; -} - -int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *) -{ - return cipher->cleanup; -} - -int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - ASN1_TYPE *) -{ - return cipher->set_asn1_parameters; -} - -int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - ASN1_TYPE *) -{ - return cipher->get_asn1_parameters; -} - -int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - int type, int arg, - void *ptr) -{ - return cipher->ctrl; -} diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 7716a1dbf2..f5cefe207c 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -88,8 +88,6 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, uint8_t is_pipeline, const OSSL_PARAM params[]) { - int n; - /* * enc == 1 means we are encrypting. * enc == 0 means we are decrypting. @@ -108,35 +106,6 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, return 0; } - /* Code below to be removed when legacy support is dropped. */ - if (is_pipeline) - goto nonlegacy; - - /* - * If there are engines involved then we should use legacy handling for now. - */ - if ((cipher != NULL && cipher->origin == EVP_ORIG_METH) - || (cipher == NULL && ctx->cipher != NULL - && ctx->cipher->origin == EVP_ORIG_METH)) { - if (ctx->cipher == ctx->fetched_cipher) - ctx->cipher = NULL; - EVP_CIPHER_free(ctx->fetched_cipher); - ctx->fetched_cipher = NULL; - goto legacy; - } - /* - * Ensure a context left lying around from last time is cleared - * (legacy code) - */ - if (cipher != NULL && ctx->cipher != NULL) { - if (ctx->cipher->cleanup != NULL && !ctx->cipher->cleanup(ctx)) - return 0; - OPENSSL_clear_free(ctx->cipher_data, ctx->cipher->ctx_size); - ctx->cipher_data = NULL; - } - - /* Start of non-legacy code below */ -nonlegacy: /* Ensure a context left lying around from last time is cleared */ if (cipher != NULL && ctx->cipher != NULL) { unsigned long flags = ctx->flags; @@ -298,111 +267,6 @@ nonlegacy: iv == NULL ? 0 : EVP_CIPHER_CTX_get_iv_length(ctx), params); - - /* Code below to be removed when legacy support is dropped. */ -legacy: - - if (cipher != NULL) { - /* - * Ensure a context left lying around from last time is cleared (we - * previously attempted to avoid this if the same ENGINE and - * EVP_CIPHER could be used). - */ - if (ctx->cipher) { - unsigned long flags = ctx->flags; - EVP_CIPHER_CTX_reset(ctx); - /* Restore encrypt and flags */ - ctx->encrypt = enc; - ctx->flags = flags; - } - - ctx->cipher = cipher; - if (ctx->cipher->ctx_size) { - ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size); - if (ctx->cipher_data == NULL) { - ctx->cipher = NULL; - return 0; - } - } else { - ctx->cipher_data = NULL; - } - ctx->key_len = cipher->key_len; - /* Preserve wrap enable flag, zero everything else */ - ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; - if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL) <= 0) { - ctx->cipher = NULL; - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - } - } - if (ctx->cipher == NULL) - return 0; - - /* we assume block size is a power of 2 in *cryptUpdate */ - OPENSSL_assert(ctx->cipher->block_size == 1 - || ctx->cipher->block_size == 8 - || ctx->cipher->block_size == 16); - - if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW) - && EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_WRAP_MODE) { - ERR_raise(ERR_LIB_EVP, EVP_R_WRAP_MODE_NOT_ALLOWED); - return 0; - } - - if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) - & EVP_CIPH_CUSTOM_IV) - == 0) { - switch (EVP_CIPHER_CTX_get_mode(ctx)) { - - case EVP_CIPH_STREAM_CIPHER: - case EVP_CIPH_ECB_MODE: - break; - - case EVP_CIPH_CFB_MODE: - case EVP_CIPH_OFB_MODE: - - ctx->num = 0; - /* fall-through */ - - case EVP_CIPH_CBC_MODE: - n = EVP_CIPHER_CTX_get_iv_length(ctx); - if (n < 0 || n > (int)sizeof(ctx->iv)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH); - return 0; - } - if (iv != NULL) - memcpy(ctx->oiv, iv, n); - memcpy(ctx->iv, ctx->oiv, n); - break; - - case EVP_CIPH_CTR_MODE: - ctx->num = 0; - /* Don't reuse IV for CTR mode */ - if (iv != NULL) { - n = EVP_CIPHER_CTX_get_iv_length(ctx); - if (n <= 0 || n > (int)sizeof(ctx->iv)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH); - return 0; - } - memcpy(ctx->iv, iv, n); - } - break; - - default: - return 0; - } - } - - if (key != NULL || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { - if (!ctx->cipher->init(ctx, key, iv, enc)) - return 0; - } - ctx->buf_len = 0; - ctx->final_used = 0; - ctx->block_mask = ctx->cipher->block_size - 1; - return 1; } /* @@ -432,26 +296,6 @@ static int evp_cipher_init_skey_internal(EVP_CIPHER_CTX *ctx, return 0; } - /* - * If there are engines involved then we throw an error - */ - if ((cipher != NULL && cipher->origin == EVP_ORIG_METH) - || (cipher == NULL && ctx->cipher != NULL - && ctx->cipher->origin == EVP_ORIG_METH)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - /* - * Ensure a context left lying around from last time is cleared - * (legacy code) - */ - if (cipher != NULL && ctx->cipher != NULL) { - if (ctx->cipher->cleanup != NULL && !ctx->cipher->cleanup(ctx)) - return 0; - OPENSSL_clear_free(ctx->cipher_data, ctx->cipher->ctx_size); - ctx->cipher_data = NULL; - } - /* Ensure a context left lying around from last time is cleared */ if (cipher != NULL && ctx->cipher != NULL) { unsigned long flags = ctx->flags; @@ -829,21 +673,6 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, bl = ctx->cipher->block_size; - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - /* If block size > 1 then the cipher will have to do this check */ - if (bl == 1 && ossl_is_partially_overlapping(out, in, cmpl)) { - ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING); - return 0; - } - - i = ctx->cipher->do_cipher(ctx, out, in, inl); - if (i < 0) - return 0; - else - *outl = i; - return 1; - } - if (inl <= 0) { *outl = 0; return inl == 0; @@ -972,8 +801,7 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int n, ret; - unsigned int i, b, bl; + int ret; size_t soutl; int blocksize; @@ -994,8 +822,10 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET); return 0; } - if (ctx->cipher->prov == NULL) - goto legacy; + if (ctx->cipher->prov == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET); + return 0; + } blocksize = EVP_CIPHER_CTX_get_block_size(ctx); @@ -1016,51 +846,12 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) } return ret; - - /* Code below to be removed when legacy support is dropped. */ -legacy: - - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - ret = ctx->cipher->do_cipher(ctx, out, NULL, 0); - if (ret < 0) - return 0; - else - *outl = ret; - return 1; - } - - b = ctx->cipher->block_size; - OPENSSL_assert(b <= sizeof(ctx->buf)); - if (b == 1) { - *outl = 0; - return 1; - } - bl = ctx->buf_len; - if (ctx->flags & EVP_CIPH_NO_PADDING) { - if (bl) { - ERR_raise(ERR_LIB_EVP, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); - return 0; - } - *outl = 0; - return 1; - } - - n = b - bl; - for (i = bl; i < b; i++) - ctx->buf[i] = n; - ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b); - - if (ret) - *outl = b; - - return ret; } int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int fix_len, cmpl = inl, ret; - unsigned int b; + int ret; size_t soutl, inl_ = (size_t)inl; int blocksize; @@ -1081,8 +872,10 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET); return 0; } - if (ossl_unlikely(ctx->cipher->prov == NULL)) - goto legacy; + if (ossl_unlikely(ctx->cipher->prov == NULL)) { + ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET); + return 0; + } blocksize = EVP_CIPHER_CTX_get_block_size(ctx); @@ -1103,84 +896,6 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } return ret; - - /* Code below to be removed when legacy support is dropped. */ -legacy: - - b = ctx->cipher->block_size; - - if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) - cmpl = safe_div_round_up_int(cmpl, 8, NULL); - - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - if (b == 1 && ossl_is_partially_overlapping(out, in, cmpl)) { - ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING); - return 0; - } - - fix_len = ctx->cipher->do_cipher(ctx, out, in, inl); - if (fix_len < 0) { - *outl = 0; - return 0; - } else - *outl = fix_len; - return 1; - } - - if (inl <= 0) { - *outl = 0; - return inl == 0; - } - - if (ctx->flags & EVP_CIPH_NO_PADDING) - return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl); - - OPENSSL_assert(b <= sizeof(ctx->final)); - - if (ctx->final_used) { - /* see comment about PTRDIFF_T comparison above */ - if (((PTRDIFF_T)out == (PTRDIFF_T)in) - || ossl_is_partially_overlapping(out, in, b)) { - ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING); - return 0; - } - /* - * final_used is only ever set if buf_len is 0. Therefore the maximum - * length output we will ever see from evp_EncryptDecryptUpdate is - * the maximum multiple of the block length that is <= inl, or just: - * inl & ~(b - 1) - * Since final_used has been set then the final output length is: - * (inl & ~(b - 1)) + b - * This must never exceed INT_MAX - */ - if ((inl & ~(b - 1)) > INT_MAX - b) { - ERR_raise(ERR_LIB_EVP, EVP_R_OUTPUT_WOULD_OVERFLOW); - return 0; - } - memcpy(out, ctx->final, b); - out += b; - fix_len = 1; - } else - fix_len = 0; - - if (!evp_EncryptDecryptUpdate(ctx, out, outl, in, inl)) - return 0; - - /* - * if we have 'decrypted' a multiple of block size, make sure we have a - * copy of this last block - */ - if (b > 1 && !ctx->buf_len) { - *outl -= b; - ctx->final_used = 1; - memcpy(ctx->final, &out[*outl], b); - } else - ctx->final_used = 0; - - if (fix_len) - *outl += b; - - return 1; } int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) @@ -1192,8 +907,6 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int i, n; - unsigned int b; size_t soutl; int ret; int blocksize; @@ -1216,8 +929,10 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) return 0; } - if (ctx->cipher->prov == NULL) - goto legacy; + if (ctx->cipher->prov == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET); + return 0; + } blocksize = EVP_CIPHER_CTX_get_block_size(ctx); @@ -1238,103 +953,38 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) } return ret; - - /* Code below to be removed when legacy support is dropped. */ -legacy: - - *outl = 0; - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - i = ctx->cipher->do_cipher(ctx, out, NULL, 0); - if (i < 0) - return 0; - else - *outl = i; - return 1; - } - - b = ctx->cipher->block_size; - if (ctx->flags & EVP_CIPH_NO_PADDING) { - if (ctx->buf_len) { - ERR_raise(ERR_LIB_EVP, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); - return 0; - } - *outl = 0; - return 1; - } - if (b > 1) { - if (ctx->buf_len || !ctx->final_used) { - ERR_raise(ERR_LIB_EVP, EVP_R_WRONG_FINAL_BLOCK_LENGTH); - return 0; - } - OPENSSL_assert(b <= sizeof(ctx->final)); - - /* - * The following assumes that the ciphertext has been authenticated. - * Otherwise it provides a padding oracle. - */ - n = ctx->final[b - 1]; - if (n == 0 || n > (int)b) { - ERR_raise(ERR_LIB_EVP, EVP_R_BAD_DECRYPT); - return 0; - } - for (i = 0; i < n; i++) { - if (ctx->final[--b] != n) { - ERR_raise(ERR_LIB_EVP, EVP_R_BAD_DECRYPT); - return 0; - } - } - n = ctx->cipher->block_size - n; - for (i = 0; i < n; i++) - out[i] = ctx->final[i]; - *outl = n; - } - return 1; } int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) { - if (c->cipher->prov != NULL) { - int ok; - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - size_t len; - - if (EVP_CIPHER_CTX_get_key_length(c) == keylen) - return 1; - - /* Check the cipher actually understands this parameter */ - if (OSSL_PARAM_locate_const(EVP_CIPHER_settable_ctx_params(c->cipher), - OSSL_CIPHER_PARAM_KEYLEN) - == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH); - return 0; - } + int ok; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + size_t len; - params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len); - if (!OSSL_PARAM_set_int(params, keylen)) - return 0; - ok = evp_do_ciph_ctx_setparams(c->cipher, c->algctx, params); - if (ok <= 0) - return 0; - c->key_len = keylen; - return 1; + if (c->cipher->prov == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_CIPHER_PARAMETER_ERROR); + return 0; } - /* Code below to be removed when legacy support is dropped. */ - - /* - * Note there have never been any built-in ciphers that define this flag - * since it was first introduced. - */ - if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) - return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL); if (EVP_CIPHER_CTX_get_key_length(c) == keylen) return 1; - if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) { - c->key_len = keylen; - return 1; + + /* Check the cipher actually understands this parameter */ + if (OSSL_PARAM_locate_const(EVP_CIPHER_settable_ctx_params(c->cipher), + OSSL_CIPHER_PARAM_KEYLEN) + == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH); + return 0; } - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH); - return 0; + + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len); + if (!OSSL_PARAM_set_int(params, keylen)) + return 0; + ok = evp_do_ciph_ctx_setparams(c->cipher, c->algctx, params); + if (ok <= 0) + return 0; + c->key_len = keylen; + return 1; } int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) @@ -1712,8 +1362,10 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) return 0; } - if (in->cipher->prov == NULL) - goto legacy; + if (in->cipher->prov == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INPUT_NOT_INITIALIZED); + return 0; + } if (in->cipher->dupctx == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX); @@ -1737,29 +1389,6 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) } return 1; - - /* Code below to be removed when legacy support is dropped. */ -legacy: - - EVP_CIPHER_CTX_reset(out); - memcpy(out, in, sizeof(*out)); - - if (in->cipher_data && in->cipher->ctx_size) { - out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); - if (out->cipher_data == NULL) { - out->cipher = NULL; - return 0; - } - memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); - } - - if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) - if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) { - out->cipher = NULL; - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - return 1; } EVP_CIPHER *evp_cipher_new(void) diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 1cf61076cc..e96dae3355 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -246,63 +246,6 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, #define EVP_MD_CTX_FLAG_FINALISE 0x0200 /* NOTE: 0x0400 and 0x0800 are reserved for internal usage */ -#ifndef OPENSSL_NO_DEPRECATED_3_0 -OSSL_DEPRECATEDIN_3_0 -EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); -OSSL_DEPRECATEDIN_3_0 -EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); -OSSL_DEPRECATEDIN_3_0 -void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); -OSSL_DEPRECATEDIN_3_0 -int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); -OSSL_DEPRECATEDIN_3_0 -int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); -OSSL_DEPRECATEDIN_3_0 -int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); -OSSL_DEPRECATEDIN_3_0 -int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, - int (*init)(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, - int enc)); -OSSL_DEPRECATEDIN_3_0 -int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, - int (*do_cipher)(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t inl)); -OSSL_DEPRECATEDIN_3_0 -int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, - int (*cleanup)(EVP_CIPHER_CTX *)); -OSSL_DEPRECATEDIN_3_0 -int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, - int (*set_asn1_parameters)(EVP_CIPHER_CTX *, - ASN1_TYPE *)); -OSSL_DEPRECATEDIN_3_0 -int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, - int (*get_asn1_parameters)(EVP_CIPHER_CTX *, - ASN1_TYPE *)); -OSSL_DEPRECATEDIN_3_0 -int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, - int (*ctrl)(EVP_CIPHER_CTX *, int type, - int arg, void *ptr)); -OSSL_DEPRECATEDIN_3_0 int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, - int enc); -OSSL_DEPRECATEDIN_3_0 int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t inl); -OSSL_DEPRECATEDIN_3_0 int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); -OSSL_DEPRECATEDIN_3_0 int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - ASN1_TYPE *); -OSSL_DEPRECATEDIN_3_0 int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - ASN1_TYPE *); -OSSL_DEPRECATEDIN_3_0 int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, int type, - int arg, void *ptr); -#endif - /* Values for cipher flags */ /* Modes for ciphers */ diff --git a/ssl/record/methods/tls1_meth.c b/ssl/record/methods/tls1_meth.c index b738ede95f..e6360d995c 100644 --- a/ssl/record/methods/tls1_meth.c +++ b/ssl/record/methods/tls1_meth.c @@ -186,10 +186,10 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs, size_t reclen[SSL_MAX_PIPELINES]; unsigned char buf[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN]; unsigned char *data[SSL_MAX_PIPELINES]; - int pad = 0, tmpr, provided; - size_t bs, ctr, padnum, loop; - unsigned char padval; + int pad = 0; + size_t bs, ctr; const EVP_CIPHER *enc; + int outlen; if (n_recs == 0) { RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -240,8 +240,6 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs, return 0; } - provided = (EVP_CIPHER_get0_provider(enc) != NULL); - bs = EVP_CIPHER_get_block_size(EVP_CIPHER_CTX_get0_cipher(ds)); if (bs == 0) { @@ -301,25 +299,6 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs, reclen[ctr] += pad; recs[ctr].length += pad; } - } else if ((bs != 1) && sending && !provided) { - /* - * We only do this for legacy ciphers. Provided ciphers add the - * padding on the provider side. - */ - padnum = bs - (reclen[ctr] % bs); - - /* Add weird padding of up to 256 bytes */ - - if (padnum > MAX_PADDING) { - RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } - /* we need to add 'padnum' padding bytes of value padval */ - padval = (unsigned char)(padnum - 1); - for (loop = reclen[ctr]; loop < reclen[ctr] + padnum; loop++) - recs[ctr].input[loop] = padval; - reclen[ctr] += padnum; - recs[ctr].length += padnum; } if (!sending) { @@ -375,112 +354,56 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs, } } - if (provided) { - int outlen; - - /* Provided cipher - we do not support pipelining on this path */ - if (n_recs > 1) { - RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } - - if (!EVP_CipherUpdate(ds, recs[0].data, &outlen, recs[0].input, - (unsigned int)reclen[0])) - return 0; - recs[0].length = outlen; - - /* - * The length returned from EVP_CipherUpdate above is the actual - * payload length. We need to adjust the data/input ptr to skip over - * any explicit IV - */ - if (!sending) { - if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_GCM_MODE) { - recs[0].data += EVP_GCM_TLS_EXPLICIT_IV_LEN; - recs[0].input += EVP_GCM_TLS_EXPLICIT_IV_LEN; - } else if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_CCM_MODE) { - recs[0].data += EVP_CCM_TLS_EXPLICIT_IV_LEN; - recs[0].input += EVP_CCM_TLS_EXPLICIT_IV_LEN; - } else if (bs != 1 && RLAYER_USE_EXPLICIT_IV(rl)) { - recs[0].data += bs; - recs[0].input += bs; - recs[0].orig_len -= bs; - } - - /* Now get a pointer to the MAC (if applicable) */ - if (macs != NULL) { - OSSL_PARAM params[2], *p = params; - - /* Get the MAC */ - macs[0].alloced = 0; + /* Provided cipher - we do not support pipelining on this path */ + if (n_recs > 1) { + RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return 0; + } - *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_TLS_MAC, - (void **)&macs[0].mac, - macsize); - *p = OSSL_PARAM_construct_end(); + if (!EVP_CipherUpdate(ds, recs[0].data, &outlen, recs[0].input, + (unsigned int)reclen[0])) + return 0; + recs[0].length = outlen; - if (!EVP_CIPHER_CTX_get_params(ds, params)) { - /* Shouldn't normally happen */ - RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, - ERR_R_INTERNAL_ERROR); - return 0; - } - } + /* + * The length returned from EVP_CipherUpdate above is the actual + * payload length. We need to adjust the data/input ptr to skip over + * any explicit IV + */ + if (!sending) { + if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_GCM_MODE) { + recs[0].data += EVP_GCM_TLS_EXPLICIT_IV_LEN; + recs[0].input += EVP_GCM_TLS_EXPLICIT_IV_LEN; + } else if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_CCM_MODE) { + recs[0].data += EVP_CCM_TLS_EXPLICIT_IV_LEN; + recs[0].input += EVP_CCM_TLS_EXPLICIT_IV_LEN; + } else if (bs != 1 && RLAYER_USE_EXPLICIT_IV(rl)) { + recs[0].data += bs; + recs[0].input += bs; + recs[0].orig_len -= bs; } - } else { - /* Legacy cipher */ - tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input, - (unsigned int)reclen[0]); - if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds)) - & EVP_CIPH_FLAG_CUSTOM_CIPHER) - != 0 - ? (tmpr < 0) - : (tmpr == 0)) { - /* AEAD can fail to verify MAC */ - return 0; - } + /* Now get a pointer to the MAC (if applicable) */ + if (macs != NULL) { + OSSL_PARAM params[2], *p = params; - if (!sending) { - for (ctr = 0; ctr < n_recs; ctr++) { - /* Adjust the record to remove the explicit IV/MAC/Tag */ - if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_GCM_MODE) { - recs[ctr].data += EVP_GCM_TLS_EXPLICIT_IV_LEN; - recs[ctr].input += EVP_GCM_TLS_EXPLICIT_IV_LEN; - recs[ctr].length -= EVP_GCM_TLS_EXPLICIT_IV_LEN; - } else if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_CCM_MODE) { - recs[ctr].data += EVP_CCM_TLS_EXPLICIT_IV_LEN; - recs[ctr].input += EVP_CCM_TLS_EXPLICIT_IV_LEN; - recs[ctr].length -= EVP_CCM_TLS_EXPLICIT_IV_LEN; - } else if (bs != 1 && RLAYER_USE_EXPLICIT_IV(rl)) { - if (recs[ctr].length < bs) - return 0; - recs[ctr].data += bs; - recs[ctr].input += bs; - recs[ctr].length -= bs; - recs[ctr].orig_len -= bs; - } + /* Get the MAC */ + macs[0].alloced = 0; - /* - * If using Mac-then-encrypt, then this will succeed but - * with a random MAC if padding is invalid - */ - if (!tls1_cbc_remove_padding_and_mac(&recs[ctr].length, - recs[ctr].orig_len, - recs[ctr].data, - (macs != NULL) ? &macs[ctr].mac : NULL, - (macs != NULL) ? &macs[ctr].alloced - : NULL, - bs, - pad ? (size_t)pad : macsize, - (EVP_CIPHER_get_flags(enc) - & EVP_CIPH_FLAG_AEAD_CIPHER) - != 0, - rl->libctx)) - return 0; + *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_TLS_MAC, + (void **)&macs[0].mac, + macsize); + *p = OSSL_PARAM_construct_end(); + + if (!EVP_CIPHER_CTX_get_params(ds, params)) { + /* Shouldn't normally happen */ + RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, + ERR_R_INTERNAL_ERROR); + return 0; } } } + return 1; } diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 5280007b3d..532983a69f 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -5992,20 +5992,18 @@ err: return testresult; } -static int test_evp_md_cipher_meth(void) +static int test_evp_md_meth(void) { EVP_MD *md = EVP_MD_meth_dup(EVP_sha256()); - EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc()); int testresult = 0; - if (!TEST_ptr(md) || !TEST_ptr(ciph)) + if (!TEST_ptr(md)) goto err; testresult = 1; err: EVP_MD_meth_free(md); - EVP_CIPHER_meth_free(ciph); return testresult; } @@ -6110,90 +6108,6 @@ err: return testresult; } -typedef struct { - int data; -} custom_ciph_ctx; - -static int custom_ciph_init_called = 0; -static int custom_ciph_cleanup_called = 0; - -static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); - - if (p == NULL) - return 0; - - custom_ciph_init_called++; - return 1; -} - -static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx) -{ - custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); - - if (p == NULL) - /* Nothing to do */ - return 1; - - custom_ciph_cleanup_called++; - return 1; -} - -static int test_custom_ciph_meth(void) -{ - EVP_CIPHER_CTX *ciphctx = NULL; - EVP_CIPHER *tmp = NULL; - int testresult = 0; - int nid; - - /* - * We are testing deprecated functions. We don't support a non-default - * library context in this test. - */ - if (testctx != NULL) - return TEST_skip("Non-default libctx"); - - custom_ciph_init_called = custom_ciph_cleanup_called = 0; - - nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph"); - if (!TEST_int_ne(nid, NID_undef)) - goto err; - if (!TEST_int_eq(OBJ_txt2nid("1.3.6.1.4.1.16604.998866.2"), nid)) - goto err; - tmp = EVP_CIPHER_meth_new(nid, 16, 16); - if (!TEST_ptr(tmp)) - goto err; - - if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init)) - || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT)) - || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup)) - || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp, - sizeof(custom_ciph_ctx)))) - goto err; - - ciphctx = EVP_CIPHER_CTX_new(); - if (!TEST_ptr(ciphctx) - /* - * Initing our custom cipher and then initing another cipher - * should result in the init and cleanup functions of the custom - * cipher being called. - */ - || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1)) - || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL, - NULL, NULL, 1)) - || !TEST_int_eq(custom_ciph_init_called, 1) - || !TEST_int_eq(custom_ciph_cleanup_called, 1)) - goto err; - - testresult = 1; -err: - EVP_CIPHER_CTX_free(ciphctx); - EVP_CIPHER_meth_free(tmp); - return testresult; -} - #endif /* OPENSSL_NO_DEPRECATED_3_0 */ #ifndef OPENSSL_NO_ECX @@ -7016,9 +6930,8 @@ int setup_tests(void) #ifndef OPENSSL_NO_DEPRECATED_3_0 ADD_ALL_TESTS(test_custom_pmeth, 12); - ADD_TEST(test_evp_md_cipher_meth); + ADD_TEST(test_evp_md_meth); ADD_TEST(test_custom_md_meth); - ADD_TEST(test_custom_ciph_meth); #endif #ifndef OPENSSL_NO_ECX diff --git a/util/libcrypto.num b/util/libcrypto.num index 324cc46a72..2494abdc36 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -850,24 +850,6 @@ EVP_MD_meth_get_final ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_MD_meth_get_copy ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_MD_meth_get_cleanup ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_MD_meth_get_ctrl ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_CIPHER_meth_new ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_CIPHER_meth_dup ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_CIPHER_meth_free ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_CIPHER_meth_set_iv_length ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_CIPHER_meth_set_flags ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_CIPHER_meth_set_impl_ctx_size ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_CIPHER_meth_set_init ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_CIPHER_meth_set_do_cipher ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_CIPHER_meth_set_cleanup ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_CIPHER_meth_set_set_asn1_params ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_CIPHER_meth_set_get_asn1_params ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_CIPHER_meth_set_ctrl ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_CIPHER_meth_get_init ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_CIPHER_meth_get_do_cipher ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_CIPHER_meth_get_cleanup ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_CIPHER_meth_get_set_asn1_params ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_CIPHER_meth_get_get_asn1_params ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_CIPHER_meth_get_ctrl ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_MD_get_type ? 4_0_0 EXIST::FUNCTION: EVP_MD_get0_name ? 4_0_0 EXIST::FUNCTION: EVP_MD_get0_description ? 4_0_0 EXIST::FUNCTION: