1 files changed, 431 insertions, 23 deletions

diff --git a/src/lib/libcrypto/man/RSA_meth_new.3 b/src/lib/libcrypto/man/RSA_meth_new.3
index 137e0cad87..8faab9490d 100644
--- a/src/lib/libcrypto/man/RSA_meth_new.3
+++ b/src/lib/libcrypto/man/RSA_meth_new.3
@@ -1,10 +1,11 @@
-.\" $OpenBSD: RSA_meth_new.3,v 1.3 2018/09/12 15:09:22 jmc Exp $
-.\" selective merge up to: OpenSSL a970b14f Jul 31 18:58:40 2017 -0400
+.\" $OpenBSD: RSA_meth_new.3,v 1.4 2019/06/08 09:53:15 schwarze Exp $
+.\" full merge up to: OpenSSL a970b14f Jul 31 18:58:40 2017 -0400
+.\" selective merge up to: OpenSSL 24907560 Sep 17 07:47:42 2018 +1000
 .\"
 .\" This file is a derived work.
 .\" The changes are covered by the following Copyright and license:
 .\"
-.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
+.\" Copyright (c) 2018, 2019 Ingo Schwarze <schwarze@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -65,18 +66,41 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 12 2018 $
+.Dd $Mdocdate: June 8 2019 $
 .Dt RSA_METH_NEW 3
 .Os
 .Sh NAME
 .Nm RSA_meth_new ,
 .Nm RSA_meth_dup ,
 .Nm RSA_meth_free ,
-.Nm RSA_meth_get_finish ,
+.Nm RSA_meth_get0_name ,
 .Nm RSA_meth_set1_name ,
+.Nm RSA_meth_get_flags ,
+.Nm RSA_meth_set_flags ,
+.Nm RSA_meth_get0_app_data ,
+.Nm RSA_meth_set0_app_data ,
+.Nm RSA_meth_get_init ,
+.Nm RSA_meth_set_init ,
+.Nm RSA_meth_get_finish ,
 .Nm RSA_meth_set_finish ,
+.Nm RSA_meth_get_pub_enc ,
+.Nm RSA_meth_set_pub_enc ,
+.Nm RSA_meth_get_pub_dec ,
+.Nm RSA_meth_set_pub_dec ,
+.Nm RSA_meth_get_priv_enc ,
 .Nm RSA_meth_set_priv_enc ,
-.Nm RSA_meth_set_priv_dec
+.Nm RSA_meth_get_priv_dec ,
+.Nm RSA_meth_set_priv_dec ,
+.Nm RSA_meth_get_sign ,
+.Nm RSA_meth_set_sign ,
+.Nm RSA_meth_get_verify ,
+.Nm RSA_meth_set_verify ,
+.Nm RSA_meth_get_mod_exp ,
+.Nm RSA_meth_set_mod_exp ,
+.Nm RSA_meth_get_bn_mod_exp ,
+.Nm RSA_meth_set_bn_mod_exp ,
+.Nm RSA_meth_get_keygen ,
+.Nm RSA_meth_set_keygen
 .Nd build up RSA methods
 .Sh SYNOPSIS
 .In openssl/rsa.h
@@ -93,30 +117,177 @@
 .Fo RSA_meth_free
 .Fa "RSA_METHOD *meth"
 .Fc
+.Ft const char *
+.Fo RSA_meth_get0_name
+.Fa "const RSA_METHOD *meth"
+.Fc
 .Ft int
 .Fo RSA_meth_set1_name
 .Fa "RSA_METHOD *meth"
 .Fa "const char *name"
 .Fc
 .Ft int
-.Fn "(*RSA_meth_get_finish(const RSA_METHOD *meth))" "RSA *rsa"
+.Fo RSA_meth_get_flags
+.Fa "const RSA_METHOD *meth"
+.Fc
+.Ft int
+.Fo RSA_meth_set_flags
+.Fa "RSA_METHOD *meth"
+.Fa "int flags"
+.Fc
+.Ft void *
+.Fo RSA_meth_get0_app_data
+.Fa "const RSA_METHOD *meth"
+.Fc
+.Ft int
+.Fo RSA_meth_set0_app_data
+.Fa "RSA_METHOD *meth"
+.Fa "void *app_data"
+.Fc
+.Ft int
+.Fo "(*RSA_meth_get_init(const RSA_METHOD *meth))"
+.Fa "RSA *rsa"
+.Fc
+.Ft int
+.Fo "RSA_meth_set_init"
+.Fa "RSA_METHOD *meth"
+.Fa "int (*init)(RSA *rsa)"
+.Fc
+.Ft int
+.Fo "(*RSA_meth_get_finish(const RSA_METHOD *meth))"
+.Fa "RSA *rsa"
+.Fc
 .Ft int
 .Fo RSA_meth_set_finish
 .Fa "RSA_METHOD *meth"
 .Fa "int (*finish)(RSA *rsa)"
 .Fc
 .Ft int
+.Fo "(*RSA_meth_get_pub_enc(const RSA_METHOD *meth))"
+.Fa "int flen"
+.Fa "const unsigned char *from"
+.Fa "unsigned char *to"
+.Fa "RSA *rsa"
+.Fa "int padding"
+.Fc
+.Ft int
+.Fo RSA_meth_set_pub_enc
+.Fa "RSA_METHOD *meth"
+.Fa "int (*pub_enc)(int flen, const unsigned char *from,\
+ unsigned char *to, RSA *rsa, int padding)"
+.Fc
+.Ft int
+.Fo "(*RSA_meth_get_pub_dec(const RSA_METHOD *meth))"
+.Fa "int flen"
+.Fa "const unsigned char *from"
+.Fa "unsigned char *to"
+.Fa "RSA *rsa"
+.Fa "int padding"
+.Fc
+.Ft int
+.Fo RSA_meth_set_pub_dec
+.Fa "RSA_METHOD *meth"
+.Fa "int (*pub_dec)(int flen, const unsigned char *from,\
+ unsigned char *to, RSA *rsa, int padding)"
+.Fc
+.Ft int
+.Fo "(*RSA_meth_get_priv_enc(const RSA_METHOD *meth))"
+.Fa "int flen"
+.Fa "const unsigned char *from"
+.Fa "unsigned char *to"
+.Fa "RSA *rsa"
+.Fa "int padding"
+.Fc
+.Ft int
 .Fo RSA_meth_set_priv_enc
 .Fa "RSA_METHOD *meth"
 .Fa "int (*priv_enc)(int flen, const unsigned char *from,\
  unsigned char *to, RSA *rsa, int padding)"
 .Fc
 .Ft int
+.Fo "(*RSA_meth_get_priv_dec(const RSA_METHOD *meth))"
+.Fa "int flen"
+.Fa "const unsigned char *from"
+.Fa "unsigned char *to"
+.Fa "RSA *rsa"
+.Fa "int padding"
+.Fc
+.Ft int
 .Fo RSA_meth_set_priv_dec
 .Fa "RSA_METHOD *meth"
 .Fa "int (*priv_dec)(int flen, const unsigned char *from,\
  unsigned char *to, RSA *rsa, int padding)"
 .Fc
+.Ft int
+.Fo "(*RSA_meth_get_sign(const RSA_METHOD *meth))"
+.Fa "int type"
+.Fa "const unsigned char *m"
+.Fa "unsigned int m_length"
+.Fa "unsigned char *sigret"
+.Fa "unsigned int *siglen"
+.Fa "const RSA *rsa"
+.Fc
+.Ft int
+.Fo RSA_meth_set_sign
+.Fa "RSA_METHOD *rsa"
+.Fa "int (*sign)(int type, const unsigned char *m, unsigned int m_length,\
+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa)"
+.Fc
+.Ft int
+.Fo "(*RSA_meth_get_verify(const RSA_METHOD *meth))"
+.Fa "int dtype"
+.Fa "const unsigned char *m"
+.Fa "unsigned int m_length"
+.Fa "const unsigned char *sigbuf"
+.Fa "unsigned int siglen"
+.Fa "const RSA *rsa"
+.Fc
+.Ft int
+.Fo RSA_meth_set_verify
+.Fa "RSA_METHOD *rsa"
+.Fa "int (*verify)(int dtype, const unsigned char *m,\
+ unsigned int m_length, const unsigned char *sigbuf,\
+ unsigned int siglen, const RSA *rsa)"
+.Fc
+.Ft int
+.Fo "(*RSA_meth_get_mod_exp(const RSA_METHOD *meth))"
+.Fa "BIGNUM *r0"
+.Fa "const BIGNUM *i"
+.Fa "RSA *rsa"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo RSA_meth_set_mod_exp
+.Fa "RSA_METHOD *meth"
+.Fa "int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx)"
+.Fc
+.Ft int
+.Fo "(*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))"
+.Fa "BIGNUM *r"
+.Fa "const BIGNUM *a"
+.Fa "const BIGNUM *p"
+.Fa "const BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fa "BN_MONT_CTX *m_ctx"
+.Fc
+.Ft int
+.Fo RSA_meth_set_bn_mod_exp
+.Fa "RSA_METHOD *meth"
+.Fa "int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,\
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)"
+.Fc
+.Ft int
+.Fo "(*RSA_meth_get_keygen(const RSA_METHOD *meth))"
+.Fa "RSA *rsa"
+.Fa "int bits"
+.Fa "BIGNUM *e"
+.Fa "BN_GENCB *cb"
+.Fc
+.Ft int
+.Fo RSA_meth_set_keygen
+.Fa "RSA_METHOD *meth"
+.Fa "int (*keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)"
+.Fc
 .Sh DESCRIPTION
 The
 .Vt RSA_METHOD
@@ -137,11 +308,15 @@ object constructed from this
 .Vt RSA_METHOD
 will have the given
 .Fa flags
-set by default.
+set by default, as if they were set with
+.Xr RSA_set_flags 3 .
 .Pp
 .Fn RSA_meth_dup
 creates a deep copy of
-.Fa meth .
+.Fa meth ,
+except that a pointer stored into it with
+.Fn RSA_meth_set0_app_data
+is copied as a pointer without creating a copy of its content.
 This might be useful for creating a new
 .Vt RSA_METHOD
 based on an existing one, but with some differences.
@@ -149,15 +324,80 @@ based on an existing one, but with some differences.
 .Fn RSA_meth_free
 destroys
 .Fa meth
-and frees any memory associated with it.
+and frees any memory associated with it,
+except that memory pointed to by a pointer set with
+.Fn RSA_meth_set0_app_data
+is not freed.
+If
+.Fa meth
+is
+.Dv NULL ,
+no action occurs.
 .Pp
+.Fn RSA_meth_get0_name
+returns an internal pointer to the name of
+.Fa meth .
 .Fn RSA_meth_set1_name
-Stores a copy of the NUL-terminated
+stores a copy of the NUL-terminated
 .Fa name
 in the
 .Vt RSA_METHOD
-object after freeing the previously stored
-.Fa name .
+object after freeing the previously stored name.
+Method names are ignored by the default RSA implementation
+but can be used by alternative implementations
+and by the application program.
+.Pp
+.Fn RSA_meth_get_flags
+retrieves the flags from
+.Fa meth .
+Flags are documented in
+.Xr RSA_test_flags 3 .
+.Fn RSA_meth_set_flags
+overwrites all flags in
+.Fa meth .
+Unlike
+.Xr RSA_set_flags 3 ,
+it does not preserve any flags that were set before the call.
+.Pp
+.Fn RSA_meth_get0_app_data
+and
+.Fn RSA_meth_set0_app_data
+get and set a pointer to implementation-specific data.
+The function
+.Fn RSA_meth_free
+does not
+.Xr free 3
+the memory pointed to by
+.Fa app_data .
+The default RSA implementation does not use
+.Fa app_data .
+.Pp
+.Fn RSA_meth_get_init
+and
+.Fn RSA_meth_set_init
+get and set an optional function used when creating a new
+.Vt RSA
+object.
+Unless
+.Fa init
+is
+.Dv NULL ,
+it will be called at the end of
+.Xr RSA_new 3 ,
+.Xr RSA_new_method 3 ,
+and
+.Xr RSA_set_method 3 ,
+passing a pointer to the newly allocated or reset
+.Vt RSA
+object as an argument.
+The default RSA implementation,
+.Xr RSA_PKCS1_SSLeay 3 ,
+contains an
+.Fa init
+function equivalent to calling
+.Xr RSA_set_flags 3
+with an argument of
+.Dv RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE .
 .Pp
 .Fn RSA_meth_get_finish
 and
@@ -170,24 +410,125 @@ Unless
 is
 .Dv NULL ,
 it will be called from
+.Xr RSA_set_method 3
+and from
 .Xr RSA_free 3 .
-It takes the same argument
+It takes the same argument as
+.Xr RSA_free 3
 and is intended to do RSA implementation specific cleanup.
 The memory used by the
 .Vt RSA
 object itself should not be freed by the
 .Fa finish
 function.
+The default RSA implementation contains a
+.Fa finish
+function freeing the memory used by the
+.Dv RSA_FLAG_CACHE_PUBLIC
+and
+.Dv RSA_FLAG_CACHE_PRIVATE
+caches.
 .Pp
-.Fn RSA_meth_set_priv_enc
+.Fn RSA_meth_get_pub_enc ,
+.Fn RSA_meth_set_pub_enc ,
+.Fn RSA_meth_get_pub_dec ,
+.Fn RSA_meth_set_pub_dec ,
+.Fn RSA_meth_get_priv_enc ,
+.Fn RSA_meth_set_priv_enc ,
+.Fn RSA_meth_get_priv_dec ,
 and
 .Fn RSA_meth_set_priv_dec
-set the functions used for private key encryption and decryption.
+get and set the mandatory functions
+used for public and private key encryption and decryption.
 These functions will be called from
+.Xr RSA_public_encrypt 3 ,
+.Xr RSA_public_decrypt 3 ,
+.Xr RSA_private_encrypt 3 ,
+and
+.Xr RSA_private_decrypt 3 ,
+respectively, and take the same parameters as those.
+.Pp
+.Fn RSA_meth_get_sign ,
+.Fn RSA_meth_set_sign ,
+.Fn RSA_meth_get_verify ,
+and
+.Fn RSA_meth_set_verify
+get and set the optional functions
+used for creating and verifying an RSA signature.
+If the flag
+.Dv RSA_FLAG_SIGN_VER
+is set on the
+.Vt RSA
+object in question and
+.Fa sign
+or
+.Fa verify
+is not
+.Dv NULL ,
+it will be called from
+.Xr RSA_sign 3
+or
+.Xr RSA_verify 3 ,
+respectively, and take the same parameters as those.
+Otherwise,
+.Xr RSA_private_encrypt 3
+or
+.Xr RSA_public_decrypt 3
+will be used instead.
+.Pp
+.Fn RSA_meth_get_mod_exp
+and
+.Fn RSA_meth_set_mod_exp
+get and set the function used for CRT computations involving the
+.Fa p ,
+.Fa q ,
+.Fa dmp1 ,
+.Fa dmq1 ,
+and
+.Fa iqmp
+fields of an
+.Vt RSA
+object.
+It is used by the default RSA implementation during
+.Xr RSA_private_encrypt 3
+and
 .Xr RSA_private_decrypt 3
+when the required components of the private key are available
+or when the
+.Dv RSA_FLAG_EXT_PKEY
+flag is set.
+.Pp
+.Fn RSA_meth_get_bn_mod_exp
+and
+.Fn RSA_meth_set_bn_mod_exp
+get and set the function used for CRT computations,
+specifically the value r =
+.Fa a
+\(ha
+.Fa p
+mod
+.Fa m .
+It is used by the default RSA implementation during
+.Xr RSA_public_encrypt 3
 and
+.Xr RSA_public_decrypt 3
+and as a fallback during
 .Xr RSA_private_encrypt 3
-and take the same parameters as those.
+and
+.Xr RSA_private_decrypt 3 .
+.Pp
+.Fn RSA_meth_get_keygen
+and
+.Fn RSA_meth_set_keygen
+get and set the optional function used for generating a new RSA key pair.
+Unless
+.Fa keygen
+is
+.Dv NULL ,
+it will be called from
+.Xr RSA_generate_key_ex 3
+and takes the same parameters.
+Otherwise, a builtin default implementation is used.
 .Sh RETURN VALUES
 .Fn RSA_meth_new
 and
@@ -198,20 +539,87 @@ object or
 .Dv NULL
 on failure.
 .Pp
+.Fn RSA_meth_get0_name
+returns an internal pointer which must not be freed by the caller.
+.Pp
+.Fn RSA_meth_get_flags
+returns zero or more
+.Dv RSA_FLAG_*
+constants OR'ed together, or 0 if no flags are set in
+.Fa meth .
+.Pp
+.Fn RSA_meth_get0_app_data
+returns the pointer that was earlier passed to
+.Fn RSA_meth_set0_app_data
+or
+.Dv NULL
+otherwise.
+.Pp
+All other
+.Fn RSA_meth_get_*
+functions return the appropriate function pointer that has been set
+with the corresponding
+.Fn RSA_meth_set_*
+function, or
+.Dv NULL
+if no such pointer has been set in
+.Fa meth .
+.Pp
 All
 .Fn RSA_meth_set*
 functions return 1 on success or 0 on failure.
+In the current implementation, only
+.Fn RSA_meth_set1_name
+can actually fail.
 .Sh SEE ALSO
+.Xr RSA_generate_key_ex 3 ,
 .Xr RSA_new 3 ,
-.Xr RSA_private_decrypt 3 ,
 .Xr RSA_private_encrypt 3 ,
-.Xr RSA_set_method 3
+.Xr RSA_public_encrypt 3 ,
+.Xr RSA_set_flags 3 ,
+.Xr RSA_set_method 3 ,
+.Xr RSA_sign 3
 .Sh HISTORY
 These functions first appeared in OpenSSL 1.1.0.
-.Fn RSA_meth_get_finish
+.Fn RSA_meth_new ,
+.Fn RSA_meth_dup ,
+.Fn RSA_meth_free ,
+.Fn RSA_meth_set_finish ,
+.Fn RSA_meth_set_priv_enc ,
 and
-.Fn RSA_meth_set1_name
+.Fn RSA_meth_set_priv_dec
 have been available since
+.Ox 6.3 ,
+.Fn RSA_meth_set1_name
+and
+.Fn RSA_meth_get_finish
+since
 .Ox 6.4 ,
-all the other functions since
-.Ox 6.3 .
+and
+.Fn RSA_meth_get0_name ,
+.Fn RSA_meth_get_flags ,
+.Fn RSA_meth_set_flags ,
+.Fn RSA_meth_get0_app_data ,
+.Fn RSA_meth_set0_app_data ,
+.Fn RSA_meth_get_init ,
+.Fn RSA_meth_set_init ,
+.Fn RSA_meth_set_finish ,
+.Fn RSA_meth_get_pub_enc ,
+.Fn RSA_meth_set_pub_enc ,
+.Fn RSA_meth_get_pub_dec ,
+.Fn RSA_meth_set_pub_dec ,
+.Fn RSA_meth_get_priv_enc ,
+.Fn RSA_meth_get_priv_dec ,
+.Fn RSA_meth_get_sign ,
+.Fn RSA_meth_set_sign ,
+.Fn RSA_meth_get_verify ,
+.Fn RSA_meth_set_verify ,
+.Fn RSA_meth_get_mod_exp ,
+.Fn RSA_meth_set_mod_exp ,
+.Fn RSA_meth_get_bn_mod_exp ,
+.Fn RSA_meth_set_bn_mod_exp ,
+.Fn RSA_meth_get_keygen ,
+and
+.Fn RSA_meth_set_keygen
+since
+.Ox 6.6 .