Add some accessor functions:

RSA_meth_get_finish() RSA_meth_set1_name() EVP_CIPHER_CTX_(get|set)_iv() feedback and ok jsing@ tb@
author: djm <> 2018-09-12 06:35:38 +0000
committer: djm <> 2018-09-12 06:35:38 +0000
commit: 8862867fd25d4b58970fbba6b27ed2a36347500d (patch)
tree: aaeca881a5b92a89a54597eeb5aacdbd9d58fe30
parent: 55621332fb7374cfcfccae0561ed84e62513e575 (diff)
download: openbsd-8862867fd25d4b58970fbba6b27ed2a36347500d.tar.gz
openbsd-8862867fd25d4b58970fbba6b27ed2a36347500d.tar.bz2
openbsd-8862867fd25d4b58970fbba6b27ed2a36347500d.zip
8 files changed, 138 insertions, 17 deletions
diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list
index ea5c93995b..7851c4c3a6 100644
--- a/src/lib/libcrypto/Symbols.list
+++ b/src/lib/libcrypto/Symbols.list
@@ -1262,6 +1262,7 @@ EVP_CIPHER_CTX_encrypting
 EVP_CIPHER_CTX_flags
 EVP_CIPHER_CTX_free
 EVP_CIPHER_CTX_get_app_data
+EVP_CIPHER_CTX_get_iv
 EVP_CIPHER_CTX_init
 EVP_CIPHER_CTX_iv_length
 EVP_CIPHER_CTX_key_length
@@ -1271,6 +1272,7 @@ EVP_CIPHER_CTX_rand_key
 EVP_CIPHER_CTX_reset
 EVP_CIPHER_CTX_set_app_data
 EVP_CIPHER_CTX_set_flags
+EVP_CIPHER_CTX_set_iv
 EVP_CIPHER_CTX_set_key_length
 EVP_CIPHER_CTX_set_padding
 EVP_CIPHER_CTX_test_flags
@@ -2274,7 +2276,9 @@ RSA_get_ex_new_index
 RSA_get_method
 RSA_meth_dup
 RSA_meth_free
+RSA_meth_get_finish
 RSA_meth_new
+RSA_meth_set1_name
 RSA_meth_set_finish
 RSA_meth_set_priv_dec
 RSA_meth_set_priv_enc
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 1684b13e49..c09e2c046a 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.68 2018/08/24 20:22:15 tb Exp $ */
+/* $OpenBSD: evp.h,v 1.69 2018/09/12 06:35:38 djm Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -496,6 +496,10 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx,
+    unsigned char *iv, size_t len);
+int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,
+    const unsigned char *iv, size_t len);
 int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
 void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
 void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c
index 3571755620..90107739e7 100644
--- a/src/lib/libcrypto/evp/evp_lib.c
+++ b/src/lib/libcrypto/evp/evp_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_lib.c,v 1.16 2018/08/24 19:36:52 tb Exp $ */
+/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -274,6 +274,44 @@ EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
 }
 int
+EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len)
+{
+        if (ctx == NULL || len != EVP_CIPHER_CTX_iv_length(ctx))
+                return 0;
+        if (len > EVP_MAX_IV_LENGTH)
+                return 0; /* sanity check; shouldn't happen */
+        /*
+         * Skip the memcpy entirely when the requested IV length is zero,
+         * since the iv pointer may be NULL or invalid.
+         */
+        if (len != 0) {
+                if (iv == NULL)
+                        return 0;
+                memcpy(iv, ctx->iv, len);
+        }
+        return 1;
+}
+int
+EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len)
+{
+        if (ctx == NULL || len != EVP_CIPHER_CTX_iv_length(ctx))
+                return 0;
+        if (len > EVP_MAX_IV_LENGTH)
+                return 0; /* sanity check; shouldn't happen */
+        /*
+         * Skip the memcpy entirely when the requested IV length is zero,
+         * since the iv pointer may be NULL or invalid.
+         */
+        if (len != 0) {
+                if (iv == NULL)
+                        return 0;
+                memcpy(ctx->iv, iv, len);
+        }
+        return 1;
+}
+int
 EVP_MD_block_size(const EVP_MD *md)
 {
        return md->block_size;
diff --git a/src/lib/libcrypto/man/EVP_EncryptInit.3 b/src/lib/libcrypto/man/EVP_EncryptInit.3
index 1409bfed69..0dbaa6c848 100644
--- a/src/lib/libcrypto/man/EVP_EncryptInit.3
+++ b/src/lib/libcrypto/man/EVP_EncryptInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_EncryptInit.3,v 1.23 2018/08/28 17:47:29 tb Exp $
+.\" $OpenBSD: EVP_EncryptInit.3,v 1.24 2018/09/12 06:35:38 djm Exp $
 .\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
 .\" selective merge up to: OpenSSL 16cfc2c9 Mar 8 22:30:28 2018 +0100
 .\"
@@ -51,7 +51,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 28 2018 $
+.Dd $Mdocdate: September 12 2018 $
 .Dt EVP_ENCRYPTINIT 3
 .Os
 .Sh NAME
@@ -94,6 +94,8 @@
 .Nm EVP_CIPHER_CTX_block_size ,
 .Nm EVP_CIPHER_CTX_key_length ,
 .Nm EVP_CIPHER_CTX_iv_length ,
+.Nm EVP_CIPHER_CTX_get_iv ,
+.Nm EVP_CIPHER_CTX_set_iv ,
 .Nm EVP_CIPHER_CTX_get_app_data ,
 .Nm EVP_CIPHER_CTX_set_app_data ,
 .Nm EVP_CIPHER_CTX_type ,
@@ -367,6 +369,18 @@
 .Fo EVP_CIPHER_CTX_iv_length
 .Fa "const EVP_CIPHER_CTX *ctx"
 .Fc
+.Ft int
+.Fo EVP_CIPHER_CTX_get_iv
+.Fa "const EVP_CIPHER_CTX *ctx"
+.Fa "u_char *iv"
+.Fa "size_t len"
+.Fc
+.Ft int
+.Fo EVP_CIPHER_CTX_set_iv
+.Fa "EVP_CIPHER_CTX *ctx"
+.Fa "const u_char *iv"
+.Fa "size_t len"
+.Fc
 .Ft void *
 .Fo EVP_CIPHER_CTX_get_app_data
 .Fa "const EVP_CIPHER_CTX *ctx"
@@ -651,6 +665,15 @@ The constant
 .Dv EVP_MAX_IV_LENGTH
 is the maximum IV length for all ciphers.
 .Pp
+.Fn EVP_CIPHER_CTX_get_iv
+and
+.Fn EVP_CIPHER_CTX_set_iv
+will respectively retrieve and set the IV for a
+.Vt EVP_CIPHER_CTX .
+In both cases, the specified IV length must exactly equal the expected
+IV length for the context as returned by
+.Fn EVP_CIPHER_CTX_iv_length .
+.Pp
 .Fn EVP_CIPHER_block_size
 and
 .Fn EVP_CIPHER_CTX_block_size
@@ -804,6 +827,8 @@ for failure.
 .Pp
 .Fn EVP_CIPHER_CTX_reset ,
 .Fn EVP_CIPHER_CTX_cleanup ,
+.Fn EVP_CIPHER_CTX_get_iv ,
+.Fn EVP_CIPHER_CTX_set_iv ,
 .Fn EVP_EncryptInit_ex ,
 .Fn EVP_EncryptUpdate ,
 .Fn EVP_EncryptFinal_ex ,
@@ -1330,6 +1355,12 @@ first appeared in OpenSSL 1.0.1 and have been available since
 .Fn EVP_CIPHER_CTX_reset
 first appeared in OpenSSL 1.1.0 and has been available since
 .Ox 6.3 .
+.Pp
+.Fn EVP_CIPHER_CTX_get_iv
+and
+.Fn EVP_CIPHER_CTX_set_iv
+first appeared in LibreSSL 2.8.1 and has been available since
+.Ox 6.4 .
 .Sh BUGS
 .Dv EVP_MAX_KEY_LENGTH
 and
diff --git a/src/lib/libcrypto/man/RSA_meth_new.3 b/src/lib/libcrypto/man/RSA_meth_new.3
index ae3ca88adb..6eabcc5bf8 100644
--- a/src/lib/libcrypto/man/RSA_meth_new.3
+++ b/src/lib/libcrypto/man/RSA_meth_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: RSA_meth_new.3,v 1.1 2018/03/18 13:06:36 schwarze Exp $
+.\" $OpenBSD: RSA_meth_new.3,v 1.2 2018/09/12 06:35:38 djm Exp $
 .\" selective merge up to: OpenSSL a970b14f Jul 31 18:58:40 2017 -0400
 .\"
 .\" This file is a derived work.
@@ -65,13 +65,15 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 18 2018 $
+.Dd $Mdocdate: September 12 2018 $
 .Dt RSA_METH_NEW 3
 .Os
 .Sh NAME
 .Nm RSA_meth_new ,
-.Nm RSA_meth_free ,
 .Nm RSA_meth_dup ,
+.Nm RSA_meth_free ,
+.Nm RSA_meth_get_finish ,
+.Nm RSA_meth_set1_name ,
 .Nm RSA_meth_set_finish ,
 .Nm RSA_meth_set_priv_enc ,
 .Nm RSA_meth_set_priv_dec
@@ -83,15 +85,22 @@
 .Fa "const char *name"
 .Fa "int flags"
 .Fc
+.Ft RSA_METHOD *
+.Fo RSA_meth_dup
+.Fa "const RSA_METHOD *meth"
+.Fc
 .Ft void
 .Fo RSA_meth_free
 .Fa "RSA_METHOD *meth"
 .Fc
-.Ft RSA_METHOD *
+.Ft int
-.Fo RSA_meth_dup
+.Fo RSA_meth_set1_name
-.Fa "const RSA_METHOD *meth"
+.Fa "RSA_METHOD *meth"
+.Fa "const char *name"
 .Fc
 .Ft int
+.Fn "(*RSA_meth_get_finish(const RSA_METHOD *meth))" "RSA *rsa"
+.Ft int
 .Fo RSA_meth_set_finish
 .Fa "RSA_METHOD *meth"
 .Fa "int (*finish)(RSA *rsa)"
@@ -142,8 +151,18 @@ destroys
 .Fa meth
 and frees any memory associated with it.
 .Pp
+.Fn RSA_meth_set1_name
+Stores a copy of the NUL-terminated
+.Fa name
+in the
+.Vt RSA_METHOD
+object after freeing the previously stored
+.Fa name.
+.Pp
+.Fn RSA_meth_get_finish
+and
 .Fn RSA_meth_set_finish
-sets an optional function for destroying an
+get and set an optional function for destroying an
 .Vt RSA
 object.
 Unless
@@ -180,7 +199,7 @@ object or
 on failure.
 .Pp
 All
-.Fn RSA_meth_set_*
+.Fn RSA_meth_set*
 functions return 1 on success or 0 on failure.
 .Sh SEE ALSO
 .Xr RSA_new 3 ,
@@ -188,6 +207,11 @@ functions return 1 on success or 0 on failure.
 .Xr RSA_private_encrypt 3 ,
 .Xr RSA_set_method 3
 .Sh HISTORY
-These functions first appeared in OpenSSL 1.1.0
+These functions first appeared in OpenSSL 1.1.0.
-and have been available since
+.Fn RSA_meth_get_finish
+and
+.Fn RSA_meth_set1_name
+have been available since
+.Ox 6.4 ,
+all the other functions since
 .Ox 6.3 .
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
index 23929aafb9..d2df1a92d3 100644
--- a/src/lib/libcrypto/rsa/rsa.h
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa.h,v 1.38 2018/03/17 15:12:56 tb Exp $ */
+/* $OpenBSD: rsa.h,v 1.39 2018/09/12 06:35:38 djm Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -433,10 +433,12 @@ RSA *RSAPrivateKey_dup(RSA *rsa);
 RSA_METHOD *RSA_meth_new(const char *name, int flags);
 void RSA_meth_free(RSA_METHOD *meth);
 RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
 int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
    const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
 int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
    const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
+int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);
 int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa));
 /* BEGIN ERROR CODES */
diff --git a/src/lib/libcrypto/rsa/rsa_meth.c b/src/lib/libcrypto/rsa/rsa_meth.c
index 0e52799a38..ae613cc65c 100644
--- a/src/lib/libcrypto/rsa/rsa_meth.c
+++ b/src/lib/libcrypto/rsa/rsa_meth.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: rsa_meth.c,v 1.1 2018/03/17 15:12:56 tb Exp $ */
+/*      $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $        */
 /*
 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
 *
@@ -63,6 +63,24 @@ RSA_meth_dup(const RSA_METHOD *meth)
 }
 int
+RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
+{
+        char *copy;
+        if ((copy = strdup(name)) == NULL)
+                return 0;
+        free((char *)meth->name);
+        meth->name = copy;
+        return 1;
+}
+int
+(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa)
+{
+        return meth->finish;
+}
+int
 RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
    const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
 {
diff --git a/src/lib/libcrypto/shlib_version b/src/lib/libcrypto/shlib_version
index 5f1adc35ef..77964f81e8 100644
--- a/src/lib/libcrypto/shlib_version
+++ b/src/lib/libcrypto/shlib_version
@@ -1,3 +1,3 @@
 # Don't forget to give libssl and libtls the same type of bump!
 major=44
-minor=0
+minor=1
author	djm <>	2018-09-12 06:35:38 +0000
committer	djm <>	2018-09-12 06:35:38 +0000
commit	8862867fd25d4b58970fbba6b27ed2a36347500d (patch)
tree	aaeca881a5b92a89a54597eeb5aacdbd9d58fe30
parent	55621332fb7374cfcfccae0561ed84e62513e575 (diff)
download	openbsd-8862867fd25d4b58970fbba6b27ed2a36347500d.tar.gz openbsd-8862867fd25d4b58970fbba6b27ed2a36347500d.tar.bz2 openbsd-8862867fd25d4b58970fbba6b27ed2a36347500d.zip