security/botan: port BlockCipher/HashFunction classes to OpenSSL 1.1 API.

ok bluhm (maintainer)
2021-11-14 18:43:44 +00:00 · 2021-11-14 18:43:44 +00:00 · 9bb79d35dd
commit 9bb79d35dd
parent f1b96c13ed
3 changed files with 239 additions and 4 deletions
--- a/security/botan/Makefile
+++ b/security/botan/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.34 2021/07/26 20:57:56 sthen Exp $
+# $OpenBSD: Makefile,v 1.35 2021/11/14 18:43:44 tb Exp $

 COMMENT =	portable, easy to use, and efficient C++ crypto library

@ -6,7 +6,7 @@ PORTROACH =	limit:^1\.10\.
 VERSION =	1.10.17
 DISTNAME =	Botan-${VERSION}
 PKGNAME =	botan-${VERSION}
-REVISION =	2
+REVISION =	3

 SHARED_LIBS =	botan-1.10	1.1

--- a/security/botan/patches/patch-src_engine_openssl_ossl_bc_cpp
+++ b/security/botan/patches/patch-src_engine_openssl_ossl_bc_cpp
@ -1,7 +1,9 @@
-$OpenBSD: patch-src_engine_openssl_ossl_bc_cpp,v 1.1 2017/10/09 20:06:26 bluhm Exp $
+$OpenBSD: patch-src_engine_openssl_ossl_bc_cpp,v 1.2 2021/11/14 18:43:44 tb Exp $

 https://github.com/randombit/botan/commit/e61a5f56fb404db3655909be4ce23c3a816cbb60

+Port EVP_BlockCipher class to OpenSSL 1.1 API
+
 Index: src/engine/openssl/ossl_bc.cpp
 --- src/engine/openssl/ossl_bc.cpp.orig
 +++ src/engine/openssl/ossl_bc.cpp
@ -14,3 +16,146 @@ Index: src/engine/openssl/ossl_bc.cpp
   #error "OpenSSL 1.1 API not supported in Botan 1.10, upgrade to 2.x"
 #endif
 
+@@ -44,7 +44,7 @@ class EVP_BlockCipher : public BlockCipher
+       size_t block_sz;
+       Key_Length_Specification cipher_key_spec;
+       std::string cipher_name;
+-      mutable EVP_CIPHER_CTX encrypt, decrypt;
+      mutable EVP_CIPHER_CTX *encrypt, *decrypt;
+    };
+ 
+ /*
+@@ -59,14 +59,16 @@ EVP_BlockCipher::EVP_BlockCipher(const EVP_CIPHER* alg
+    if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE)
+       throw Invalid_Argument("EVP_BlockCipher: Non-ECB EVP was passed in");
+ 
+-   EVP_CIPHER_CTX_init(&encrypt);
+-   EVP_CIPHER_CTX_init(&decrypt);
+   encrypt = EVP_CIPHER_CTX_new();
+   decrypt = EVP_CIPHER_CTX_new();
+   if(encrypt == NULL || decrypt == NULL)
+      throw Internal_Error("EVP_CIPHER_CTX_new failed");
+ 
+-   EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0);
+-   EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0);
+   EVP_EncryptInit_ex(encrypt, algo, 0, 0, 0);
+   EVP_DecryptInit_ex(decrypt, algo, 0, 0, 0);
+ 
+-   EVP_CIPHER_CTX_set_padding(&encrypt, 0);
+-   EVP_CIPHER_CTX_set_padding(&decrypt, 0);
+   EVP_CIPHER_CTX_set_padding(encrypt, 0);
+   EVP_CIPHER_CTX_set_padding(decrypt, 0);
+    }
+ 
+ /*
+@@ -83,14 +85,16 @@ EVP_BlockCipher::EVP_BlockCipher(const EVP_CIPHER* alg
+    if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE)
+       throw Invalid_Argument("EVP_BlockCipher: Non-ECB EVP was passed in");
+ 
+-   EVP_CIPHER_CTX_init(&encrypt);
+-   EVP_CIPHER_CTX_init(&decrypt);
+   encrypt = EVP_CIPHER_CTX_new();
+   decrypt = EVP_CIPHER_CTX_new();
+   if(encrypt == NULL || decrypt == NULL)
+      throw Internal_Error("EVP_CIPHER_CTX_new failed");
+ 
+-   EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0);
+-   EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0);
+   EVP_EncryptInit_ex(encrypt, algo, 0, 0, 0);
+   EVP_DecryptInit_ex(decrypt, algo, 0, 0, 0);
+ 
+-   EVP_CIPHER_CTX_set_padding(&encrypt, 0);
+-   EVP_CIPHER_CTX_set_padding(&decrypt, 0);
+   EVP_CIPHER_CTX_set_padding(encrypt, 0);
+   EVP_CIPHER_CTX_set_padding(decrypt, 0);
+    }
+ 
+ /*
+@@ -98,8 +102,8 @@ EVP_BlockCipher::EVP_BlockCipher(const EVP_CIPHER* alg
+ */
+ EVP_BlockCipher::~EVP_BlockCipher()
+    {
+-   EVP_CIPHER_CTX_cleanup(&encrypt);
+-   EVP_CIPHER_CTX_cleanup(&decrypt);
+   EVP_CIPHER_CTX_free(encrypt);
+   EVP_CIPHER_CTX_free(decrypt);
+    }
+ 
+ /*
+@@ -109,7 +113,7 @@ void EVP_BlockCipher::encrypt_n(const byte in[], byte 
+                                 size_t blocks) const
+    {
+    int out_len = 0;
+-   EVP_EncryptUpdate(&encrypt, out, &out_len, in, blocks * block_sz);
+   EVP_EncryptUpdate(encrypt, out, &out_len, in, blocks * block_sz);
+    }
+ 
+ /*
+@@ -119,7 +123,7 @@ void EVP_BlockCipher::decrypt_n(const byte in[], byte 
+                                 size_t blocks) const
+    {
+    int out_len = 0;
+-   EVP_DecryptUpdate(&decrypt, out, &out_len, in, blocks * block_sz);
+   EVP_DecryptUpdate(decrypt, out, &out_len, in, blocks * block_sz);
+    }
+ 
+ /*
+@@ -134,19 +138,19 @@ void EVP_BlockCipher::key_schedule(const byte key[], s
+       full_key += std::make_pair(key, 8);
+       }
+    else
+-      if(EVP_CIPHER_CTX_set_key_length(&encrypt, length) == 0 ||
+-         EVP_CIPHER_CTX_set_key_length(&decrypt, length) == 0)
+      if(EVP_CIPHER_CTX_set_key_length(encrypt, length) == 0 ||
+         EVP_CIPHER_CTX_set_key_length(decrypt, length) == 0)
+          throw Invalid_Argument("EVP_BlockCipher: Bad key length for " +
+                                 cipher_name);
+ 
+    if(cipher_name == "RC2")
+       {
+-      EVP_CIPHER_CTX_ctrl(&encrypt, EVP_CTRL_SET_RC2_KEY_BITS, length*8, 0);
+-      EVP_CIPHER_CTX_ctrl(&decrypt, EVP_CTRL_SET_RC2_KEY_BITS, length*8, 0);
+      EVP_CIPHER_CTX_ctrl(encrypt, EVP_CTRL_SET_RC2_KEY_BITS, length*8, 0);
+      EVP_CIPHER_CTX_ctrl(decrypt, EVP_CTRL_SET_RC2_KEY_BITS, length*8, 0);
+       }
+ 
+-   EVP_EncryptInit_ex(&encrypt, 0, 0, full_key.begin(), 0);
+-   EVP_DecryptInit_ex(&decrypt, 0, 0, full_key.begin(), 0);
+   EVP_EncryptInit_ex(encrypt, 0, 0, full_key.begin(), 0);
+   EVP_DecryptInit_ex(decrypt, 0, 0, full_key.begin(), 0);
+    }
+ 
+ /*
+@@ -154,7 +158,7 @@ void EVP_BlockCipher::key_schedule(const byte key[], s
+ */
+ BlockCipher* EVP_BlockCipher::clone() const
+    {
+-   return new EVP_BlockCipher(EVP_CIPHER_CTX_cipher(&encrypt),
+   return new EVP_BlockCipher(EVP_CIPHER_CTX_cipher(encrypt),
+                               cipher_name,
+                               cipher_key_spec.minimum_keylength(),
+                               cipher_key_spec.maximum_keylength(),
+@@ -166,16 +170,14 @@ BlockCipher* EVP_BlockCipher::clone() const
+ */
+ void EVP_BlockCipher::clear()
+    {
+-   const EVP_CIPHER* algo = EVP_CIPHER_CTX_cipher(&encrypt);
+   const EVP_CIPHER* algo = EVP_CIPHER_CTX_cipher(encrypt);
+ 
+-   EVP_CIPHER_CTX_cleanup(&encrypt);
+-   EVP_CIPHER_CTX_cleanup(&decrypt);
+-   EVP_CIPHER_CTX_init(&encrypt);
+-   EVP_CIPHER_CTX_init(&decrypt);
+-   EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0);
+-   EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0);
+-   EVP_CIPHER_CTX_set_padding(&encrypt, 0);
+-   EVP_CIPHER_CTX_set_padding(&decrypt, 0);
+   EVP_CIPHER_CTX_cleanup(encrypt);
+   EVP_CIPHER_CTX_cleanup(decrypt);
+   EVP_EncryptInit_ex(encrypt, algo, 0, 0, 0);
+   EVP_DecryptInit_ex(decrypt, algo, 0, 0, 0);
+   EVP_CIPHER_CTX_set_padding(encrypt, 0);
+   EVP_CIPHER_CTX_set_padding(decrypt, 0);
+    }
+ 
+ }
--- a/security/botan/patches/patch-src_engine_openssl_ossl_md_cpp
+++ b/security/botan/patches/patch-src_engine_openssl_ossl_md_cpp
@ -1,7 +1,9 @@
-$OpenBSD: patch-src_engine_openssl_ossl_md_cpp,v 1.1 2017/10/09 20:06:26 bluhm Exp $
+$OpenBSD: patch-src_engine_openssl_ossl_md_cpp,v 1.2 2021/11/14 18:43:44 tb Exp $

 https://github.com/randombit/botan/commit/e61a5f56fb404db3655909be4ce23c3a816cbb60

+Port EVP_HashFunction class to OpenSSL 1.1 API
+
 Index: src/engine/openssl/ossl_md.cpp
 --- src/engine/openssl/ossl_md.cpp.orig
 +++ src/engine/openssl/ossl_md.cpp
@ -14,3 +16,91 @@ Index: src/engine/openssl/ossl_md.cpp
   #error "OpenSSL 1.1 API not supported in Botan 1.10, upgrade to 2.x"
 #endif
 
+@@ -28,12 +28,12 @@ class EVP_HashFunction : public HashFunction
+ 
+       size_t output_length() const
+          {
+-         return EVP_MD_size(EVP_MD_CTX_md(&md));
+         return EVP_MD_size(EVP_MD_CTX_md(md));
+          }
+ 
+       size_t hash_block_size() const
+          {
+-         return EVP_MD_block_size(EVP_MD_CTX_md(&md));
+         return EVP_MD_block_size(EVP_MD_CTX_md(md));
+          }
+ 
+       EVP_HashFunction(const EVP_MD*, const std::string&);
+@@ -44,7 +44,7 @@ class EVP_HashFunction : public HashFunction
+ 
+       size_t block_size;
+       std::string algo_name;
+-      EVP_MD_CTX md;
+      EVP_MD_CTX *md;
+    };
+ 
+ /*
+@@ -52,7 +52,7 @@ class EVP_HashFunction : public HashFunction
+ */
+ void EVP_HashFunction::add_data(const byte input[], size_t length)
+    {
+-   EVP_DigestUpdate(&md, input, length);
+   EVP_DigestUpdate(md, input, length);
+    }
+ 
+ /*
+@@ -60,9 +60,9 @@ void EVP_HashFunction::add_data(const byte input[], si
+ */
+ void EVP_HashFunction::final_result(byte output[])
+    {
+-   EVP_DigestFinal_ex(&md, output, 0);
+-   const EVP_MD* algo = EVP_MD_CTX_md(&md);
+-   EVP_DigestInit_ex(&md, algo, 0);
+   EVP_DigestFinal_ex(md, output, 0);
+   const EVP_MD* algo = EVP_MD_CTX_md(md);
+   EVP_DigestInit_ex(md, algo, 0);
+    }
+ 
+ /*
+@@ -70,8 +70,8 @@ void EVP_HashFunction::final_result(byte output[])
+ */
+ void EVP_HashFunction::clear()
+    {
+-   const EVP_MD* algo = EVP_MD_CTX_md(&md);
+-   EVP_DigestInit_ex(&md, algo, 0);
+   const EVP_MD* algo = EVP_MD_CTX_md(md);
+   EVP_DigestInit_ex(md, algo, 0);
+    }
+ 
+ /*
+@@ -79,7 +79,7 @@ void EVP_HashFunction::clear()
+ */
+ HashFunction* EVP_HashFunction::clone() const
+    {
+-   const EVP_MD* algo = EVP_MD_CTX_md(&md);
+   const EVP_MD* algo = EVP_MD_CTX_md(md);
+    return new EVP_HashFunction(algo, name());
+    }
+ 
+@@ -90,8 +90,10 @@ EVP_HashFunction::EVP_HashFunction(const EVP_MD* algo,
+                                    const std::string& name) :
+    algo_name(name)
+    {
+-   EVP_MD_CTX_init(&md);
+-   EVP_DigestInit_ex(&md, algo, 0);
+   md = EVP_MD_CTX_new();
+   if(md == NULL)
+      throw Internal_Error("EVP_MD_CTX_init failed");
+   EVP_DigestInit_ex(md, algo, 0);
+    }
+ 
+ /*
+@@ -99,7 +101,7 @@ EVP_HashFunction::EVP_HashFunction(const EVP_MD* algo,
+ */
+ EVP_HashFunction::~EVP_HashFunction()
+    {
+-   EVP_MD_CTX_cleanup(&md);
+   EVP_MD_CTX_free(md);
+    }
+ 
+ }