diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2024-04-18 11:56:54 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2024-04-18 11:56:54 +0000 |
commit | 84429fd6e105c39ac55477923cef2e3491a231eb (patch) | |
tree | 12944cdba03528b299ada0ba75eb12773478d2a5 | |
parent | 66d42054ecf7ea3d7162d6aa04766dd57987ea61 (diff) |
Add some more comments explaining shortcomings of the API
The case in point is the incompatibility of the very ergonomic X509_ALGOR
API with the RC2-derived API massacre that is EVP_CIPHER_asn1_to_param()
and its "inverse".
ok jsing
-rw-r--r-- | lib/libcrypto/ec/ec_ameth.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/libcrypto/ec/ec_ameth.c b/lib/libcrypto/ec/ec_ameth.c index 313d21823da..7b2bad45b4d 100644 --- a/lib/libcrypto/ec/ec_ameth.c +++ b/lib/libcrypto/ec/ec_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_ameth.c,v 1.66 2024/04/18 11:53:40 tb Exp $ */ +/* $OpenBSD: ec_ameth.c,v 1.67 2024/04/18 11:56:53 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -851,6 +851,13 @@ ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) plen = ASN1_STRING_length(parameter); if ((kekalg = d2i_X509_ALGOR(NULL, &p, plen)) == NULL) goto err; + + /* + * XXX - the reaching into kekalg below is ugly, but unfortunately the + * now internal legacy EVP_CIPHER_asn1_to_param() API doesn't interact + * nicely with the X509_ALGOR API. + */ + if ((kekctx = CMS_RecipientInfo_kari_get0_ctx(ri)) == NULL) goto err; if ((kekcipher = EVP_get_cipherbyobj(kekalg->algorithm)) == NULL) @@ -998,7 +1005,7 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri) * Package wrap algorithm in an AlgorithmIdentifier. * * Incompatibility of X509_ALGOR_set0() with EVP_CIPHER_param_to_asn1() - * makes this really gross. + * makes this really gross. See the XXX in ecdh_cms_set_shared_info(). */ if ((wrap_alg = X509_ALGOR_new()) == NULL) |