Readd EVP_CIPHER_CTX_set_key_length.

This only applies to RC4, but it is still used by some Android code. Change-Id: I4cf86269ffb7a230576da1bb2bfef7e1d4f234d6 Reviewed-on: https://boringssl-review.googlesource.com/1621 Reviewed-by: Adam Langley <agl@google.com>
2014-08-22 11:06:41 -07:00 · 2014-08-22 11:06:41 -07:00 · 539112fd44
commit 539112fd44
parent c9eb7eac86
3 changed files with 24 additions and 0 deletions
--- a/crypto/cipher/cipher.c
+++ b/crypto/cipher/cipher.c
@ -573,6 +573,21 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) {
  return 1;
 }

+int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, unsigned key_len) {
+  if (c->key_len == key_len) {
+    return 1;
+  }
+
+  if (key_len == 0 || !(c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
+    OPENSSL_PUT_ERROR(CIPHER, EVP_CIPHER_CTX_set_key_length,
+                      CIPHER_R_INVALID_KEY_LENGTH);
+    return 0;
+  }
+
+  c->key_len = key_len;
+  return 1;
+}
+
 int EVP_CIPHER_nid(const EVP_CIPHER *cipher) { return cipher->nid; }

 const char *EVP_CIPHER_name(const EVP_CIPHER *cipher) {
--- a/crypto/cipher/cipher_error.c
+++ b/crypto/cipher/cipher_error.c
@ -22,6 +22,7 @@ const ERR_STRING_DATA CIPHER_error_string_data[] = {
  {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_EVP_AEAD_CTX_seal, 0), "EVP_AEAD_CTX_seal"},
  {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_EVP_CIPHER_CTX_copy, 0), "EVP_CIPHER_CTX_copy"},
  {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_EVP_CIPHER_CTX_ctrl, 0), "EVP_CIPHER_CTX_ctrl"},
+  {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_EVP_CIPHER_CTX_set_key_length, 0), "EVP_CIPHER_CTX_set_key_length"},
  {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_EVP_CipherInit_ex, 0), "EVP_CipherInit_ex"},
  {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_EVP_DecryptFinal_ex, 0), "EVP_DecryptFinal_ex"},
  {ERR_PACK(ERR_LIB_CIPHER, CIPHER_F_EVP_EncryptFinal_ex, 0), "EVP_EncryptFinal_ex"},
@ -50,6 +51,7 @@ const ERR_STRING_DATA CIPHER_error_string_data[] = {
  {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_INPUT_NOT_INITIALIZED), "INPUT_NOT_INITIALIZED"},
  {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_INVALID_AD), "INVALID_AD"},
  {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_INVALID_AD_SIZE), "INVALID_AD_SIZE"},
+  {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_INVALID_KEY_LENGTH), "INVALID_KEY_LENGTH"},
  {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_IV_TOO_LARGE), "IV_TOO_LARGE"},
  {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_NO_CIPHER_SET), "NO_CIPHER_SET"},
  {ERR_PACK(ERR_LIB_CIPHER, 0, CIPHER_R_OUTPUT_ALIASES_INPUT), "OUTPUT_ALIASES_INPUT"},
--- a/include/openssl/cipher.h
+++ b/include/openssl/cipher.h
@ -261,6 +261,11 @@ OPENSSL_EXPORT int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int command,
 * to disable. */
 OPENSSL_EXPORT int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad);

+/* EVP_CIPHER_CTX_set_key_length sets the key length for |ctx|. This is only
+ * valid for ciphers that can take a variable length key. It returns one on
+ * success and zero on error. */
+OPENSSL_EXPORT int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *ctx, unsigned key_len);
+

 /* Cipher accessors. */

@ -467,6 +472,7 @@ typedef struct evp_cipher_info_st {
 #define CIPHER_F_aead_aes_key_wrap_seal 119
 #define CIPHER_F_aead_aes_key_wrap_init 120
 #define CIPHER_F_aead_aes_key_wrap_open 121
+#define CIPHER_F_EVP_CIPHER_CTX_set_key_length 122
 #define CIPHER_R_WRAP_MODE_NOT_ALLOWED 100
 #define CIPHER_R_AES_KEY_SETUP_FAILED 101
 #define CIPHER_R_INPUT_NOT_INITIALIZED 102
@ -490,5 +496,6 @@ typedef struct evp_cipher_info_st {
 #define CIPHER_R_UNSUPPORTED_INPUT_SIZE 120
 #define CIPHER_R_UNSUPPORTED_AD_SIZE 121
 #define CIPHER_R_UNSUPPORTED_NONCE_SIZE 122
+#define CIPHER_R_INVALID_KEY_LENGTH 123

 #endif  /* OPENSSL_HEADER_CIPHER_H */