From: Matt Caswell Date: Thu, 18 Dec 2025 16:45:12 +0000 (+0000) Subject: Remove some last remaining EVP_CIPHER related legacy paths X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f9bdb61bbf54d8cedf0be5f9546162b6b975fc33;p=thirdparty%2Fopenssl.git Remove some last remaining EVP_CIPHER related legacy paths There were some final remaining legacy paths that are now redundant and can be removed. Reviewed-by: Tomas Mraz Reviewed-by: Neil Horman (Merged from https://github.com/openssl/openssl/pull/29446) --- diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index f5cefe207c5..c04a4dc7826 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -31,7 +31,7 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) return 1; if (ctx->cipher == NULL || ctx->cipher->prov == NULL) - goto legacy; + return 1; if (ctx->algctx != NULL) { if (ctx->cipher->freectx != NULL) @@ -44,21 +44,6 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) ctx->iv_len = -1; return 1; - - /* Remove legacy code below when legacy support is removed. */ -legacy: - - if (ctx->cipher != NULL) { - if (ctx->cipher->cleanup && !ctx->cipher->cleanup(ctx)) - return 0; - /* Cleanse cipher context data */ - if (ctx->cipher_data && ctx->cipher->ctx_size) - OPENSSL_cleanse(ctx->cipher_data, ctx->cipher->ctx_size); - } - OPENSSL_free(ctx->cipher_data); - memset(ctx, 0, sizeof(*ctx)); - ctx->iv_len = -1; - return 1; } EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) @@ -662,81 +647,6 @@ int ossl_is_partially_overlapping(const void *ptr1, const void *ptr2, int len) return overlapped; } -static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, - unsigned char *out, int *outl, - const unsigned char *in, int inl) -{ - int i, j, bl, cmpl = inl; - - if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) - cmpl = safe_div_round_up_int(cmpl, 8, NULL); - - bl = ctx->cipher->block_size; - - if (inl <= 0) { - *outl = 0; - return inl == 0; - } - if (ossl_is_partially_overlapping(out + ctx->buf_len, in, cmpl)) { - ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING); - return 0; - } - - if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) { - if (ctx->cipher->do_cipher(ctx, out, in, inl)) { - *outl = inl; - return 1; - } else { - *outl = 0; - return 0; - } - } - i = ctx->buf_len; - OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); - if (i != 0) { - if (bl - i > inl) { - memcpy(&(ctx->buf[i]), in, inl); - ctx->buf_len += inl; - *outl = 0; - return 1; - } else { - j = bl - i; - - /* - * Once we've processed the first j bytes from in, the amount of - * data left that is a multiple of the block length is: - * (inl - j) & ~(bl - 1) - * We must ensure that this amount of data, plus the one block that - * we process from ctx->buf does not exceed INT_MAX - */ - if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) { - ERR_raise(ERR_LIB_EVP, EVP_R_OUTPUT_WOULD_OVERFLOW); - return 0; - } - memcpy(&(ctx->buf[i]), in, j); - inl -= j; - in += j; - if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl)) - return 0; - out += bl; - *outl = bl; - } - } else - *outl = 0; - i = inl & (bl - 1); - inl -= i; - if (inl > 0) { - if (!ctx->cipher->do_cipher(ctx, out, in, inl)) - return 0; - *outl += inl; - } - - if (i != 0) - memcpy(ctx->buf, &(in[inl]), i); - ctx->buf_len = i; - return 1; -} - int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { @@ -763,7 +673,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } if (ossl_unlikely(ctx->cipher->prov == NULL)) - goto legacy; + return 0; blocksize = ctx->cipher->block_size; @@ -785,11 +695,6 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } return ret; - - /* Code below to be removed when legacy support is dropped. */ -legacy: - - return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl); } int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) @@ -1021,8 +926,10 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) return 0; } - if (ctx->cipher->prov == NULL) - goto legacy; + if (ctx->cipher->prov == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED); + return 0; + } switch (type) { case EVP_CTRL_SET_KEY_LENGTH: @@ -1200,16 +1107,6 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params); else ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); - goto end; - - /* Code below to be removed when legacy support is dropped. */ -legacy: - if (ctx->cipher->ctrl == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED); - return 0; - } - - ret = ctx->cipher->ctrl(ctx, type, arg, ptr); end: if (ret == EVP_CTRL_RET_UNSUPPORTED) { diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 312452221de..f5a4d24e300 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -89,12 +89,7 @@ int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, cipher = c->cipher; /* - * For legacy implementations, we detect custom AlgorithmIdentifier - * parameter handling by checking if the function pointer - * cipher->set_asn1_parameters is set. We know that this pointer - * is NULL for provided implementations. - * - * Otherwise, for any implementation, we check the flag + * For any implementation, we check the flag * EVP_CIPH_FLAG_CUSTOM_ASN1. If it isn't set, we apply * default AI parameter extraction. * @@ -104,9 +99,7 @@ int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, * * If none of the above applies, this operation is unsupported. */ - if (cipher->set_asn1_parameters != NULL) { - ret = cipher->set_asn1_parameters(c, type); - } else if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) { + if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) { switch (EVP_CIPHER_get_mode(cipher)) { case EVP_CIPH_WRAP_MODE: if (EVP_CIPHER_is_a(cipher, SN_id_smime_alg_CMS3DESwrap)) @@ -160,12 +153,7 @@ int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, cipher = c->cipher; /* - * For legacy implementations, we detect custom AlgorithmIdentifier - * parameter handling by checking if there the function pointer - * cipher->get_asn1_parameters is set. We know that this pointer - * is NULL for provided implementations. - * - * Otherwise, for any implementation, we check the flag + * For any implementation, we check the flag * EVP_CIPH_FLAG_CUSTOM_ASN1. If it isn't set, we apply * default AI parameter creation. * @@ -175,9 +163,7 @@ int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, * * If none of the above applies, this operation is unsupported. */ - if (cipher->get_asn1_parameters != NULL) { - ret = cipher->get_asn1_parameters(c, type); - } else if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) { + if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) { switch (EVP_CIPHER_get_mode(cipher)) { case EVP_CIPH_WRAP_MODE: ret = 1; @@ -381,48 +367,44 @@ int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx) int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e) { - return e->ctx_size; + return 0; } int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { - if (ctx == NULL || ctx->cipher == NULL) + if (ctx == NULL || ctx->cipher == NULL || ctx->cipher->prov == NULL) return 0; - if (ctx->cipher->prov != NULL) { - /* - * If the provided implementation has a ccipher function, we use it, - * and translate its return value like this: 0 => -1, 1 => outlen - * - * Otherwise, we call the cupdate function if in != NULL, or cfinal - * if in == NULL. Regardless of which, we return what we got. - */ - int ret = -1; - size_t outl = 0; - size_t blocksize = EVP_CIPHER_CTX_get_block_size(ctx); - - if (blocksize == 0) - return 0; - - if (ctx->cipher->ccipher != NULL) - ret = ctx->cipher->ccipher(ctx->algctx, out, &outl, - inl + (blocksize == 1 ? 0 : blocksize), - in, (size_t)inl) - ? (int)outl - : -1; - else if (in != NULL) - ret = ctx->cipher->cupdate(ctx->algctx, out, &outl, - inl + (blocksize == 1 ? 0 : blocksize), - in, (size_t)inl); - else - ret = ctx->cipher->cfinal(ctx->algctx, out, &outl, - blocksize == 1 ? 0 : blocksize); - - return ret; - } + /* + * If the provided implementation has a ccipher function, we use it, + * and translate its return value like this: 0 => -1, 1 => outlen + * + * Otherwise, we call the cupdate function if in != NULL, or cfinal + * if in == NULL. Regardless of which, we return what we got. + */ + int ret = -1; + size_t outl = 0; + size_t blocksize = EVP_CIPHER_CTX_get_block_size(ctx); - return ctx->cipher->do_cipher(ctx, out, in, inl); + if (blocksize == 0) + return 0; + + if (ctx->cipher->ccipher != NULL) + ret = ctx->cipher->ccipher(ctx->algctx, out, &outl, + inl + (blocksize == 1 ? 0 : blocksize), + in, (size_t)inl) + ? (int)outl + : -1; + else if (in != NULL) + ret = ctx->cipher->cupdate(ctx->algctx, out, &outl, + inl + (blocksize == 1 ? 0 : blocksize), + in, (size_t)inl); + else + ret = ctx->cipher->cfinal(ctx->algctx, out, &outl, + blocksize == 1 ? 0 : blocksize); + + return ret; } #ifndef OPENSSL_NO_DEPRECATED_3_0