From bd0284078e042cfc456fe63adb56f581f0b9b844 Mon Sep 17 00:00:00 2001 From: djm Date: Wed, 12 Sep 2018 06:35:38 +0000 Subject: [PATCH] Add some accessor functions: RSA_meth_get_finish() RSA_meth_set1_name() EVP_CIPHER_CTX_(get|set)_iv() feedback and ok jsing@ tb@ --- lib/libcrypto/Symbols.list | 4 +++ lib/libcrypto/evp/evp.h | 6 +++- lib/libcrypto/evp/evp_lib.c | 40 +++++++++++++++++++++++++- lib/libcrypto/man/EVP_EncryptInit.3 | 35 +++++++++++++++++++++-- lib/libcrypto/man/RSA_meth_new.3 | 44 ++++++++++++++++++++++------- lib/libcrypto/rsa/rsa.h | 4 ++- lib/libcrypto/rsa/rsa_meth.c | 20 ++++++++++++- lib/libcrypto/shlib_version | 2 +- 8 files changed, 138 insertions(+), 17 deletions(-) diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list index ea5c93995b3..7851c4c3a60 100644 --- a/lib/libcrypto/Symbols.list +++ b/lib/libcrypto/Symbols.list @@ -1262,6 +1262,7 @@ EVP_CIPHER_CTX_encrypting EVP_CIPHER_CTX_flags EVP_CIPHER_CTX_free EVP_CIPHER_CTX_get_app_data +EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_init EVP_CIPHER_CTX_iv_length EVP_CIPHER_CTX_key_length @@ -1271,6 +1272,7 @@ EVP_CIPHER_CTX_rand_key EVP_CIPHER_CTX_reset EVP_CIPHER_CTX_set_app_data EVP_CIPHER_CTX_set_flags +EVP_CIPHER_CTX_set_iv EVP_CIPHER_CTX_set_key_length EVP_CIPHER_CTX_set_padding EVP_CIPHER_CTX_test_flags @@ -2274,7 +2276,9 @@ RSA_get_ex_new_index RSA_get_method RSA_meth_dup RSA_meth_free +RSA_meth_get_finish RSA_meth_new +RSA_meth_set1_name RSA_meth_set_finish RSA_meth_set_priv_dec RSA_meth_set_priv_enc diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h index 1684b13e496..c09e2c046ad 100644 --- a/lib/libcrypto/evp/evp.h +++ b/lib/libcrypto/evp/evp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp.h,v 1.68 2018/08/24 20:22:15 tb Exp $ */ +/* $OpenBSD: evp.h,v 1.69 2018/09/12 06:35:38 djm Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -496,6 +496,10 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, + unsigned char *iv, size_t len); +int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, + const unsigned char *iv, size_t len); int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); diff --git a/lib/libcrypto/evp/evp_lib.c b/lib/libcrypto/evp/evp_lib.c index 3571755620b..90107739e7d 100644 --- a/lib/libcrypto/evp/evp_lib.c +++ b/lib/libcrypto/evp/evp_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_lib.c,v 1.16 2018/08/24 19:36:52 tb Exp $ */ +/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -273,6 +273,44 @@ EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) return ctx->cipher->nid; } +int +EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len) +{ + if (ctx == NULL || len != EVP_CIPHER_CTX_iv_length(ctx)) + return 0; + if (len > EVP_MAX_IV_LENGTH) + return 0; /* sanity check; shouldn't happen */ + /* + * Skip the memcpy entirely when the requested IV length is zero, + * since the iv pointer may be NULL or invalid. + */ + if (len != 0) { + if (iv == NULL) + return 0; + memcpy(iv, ctx->iv, len); + } + return 1; +} + +int +EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len) +{ + if (ctx == NULL || len != EVP_CIPHER_CTX_iv_length(ctx)) + return 0; + if (len > EVP_MAX_IV_LENGTH) + return 0; /* sanity check; shouldn't happen */ + /* + * Skip the memcpy entirely when the requested IV length is zero, + * since the iv pointer may be NULL or invalid. + */ + if (len != 0) { + if (iv == NULL) + return 0; + memcpy(ctx->iv, iv, len); + } + return 1; +} + int EVP_MD_block_size(const EVP_MD *md) { diff --git a/lib/libcrypto/man/EVP_EncryptInit.3 b/lib/libcrypto/man/EVP_EncryptInit.3 index 1409bfed697..0dbaa6c848c 100644 --- a/lib/libcrypto/man/EVP_EncryptInit.3 +++ b/lib/libcrypto/man/EVP_EncryptInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_EncryptInit.3,v 1.23 2018/08/28 17:47:29 tb Exp $ +.\" $OpenBSD: EVP_EncryptInit.3,v 1.24 2018/09/12 06:35:38 djm Exp $ .\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800 .\" selective merge up to: OpenSSL 16cfc2c9 Mar 8 22:30:28 2018 +0100 .\" @@ -51,7 +51,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 28 2018 $ +.Dd $Mdocdate: September 12 2018 $ .Dt EVP_ENCRYPTINIT 3 .Os .Sh NAME @@ -94,6 +94,8 @@ .Nm EVP_CIPHER_CTX_block_size , .Nm EVP_CIPHER_CTX_key_length , .Nm EVP_CIPHER_CTX_iv_length , +.Nm EVP_CIPHER_CTX_get_iv , +.Nm EVP_CIPHER_CTX_set_iv , .Nm EVP_CIPHER_CTX_get_app_data , .Nm EVP_CIPHER_CTX_set_app_data , .Nm EVP_CIPHER_CTX_type , @@ -367,6 +369,18 @@ .Fo EVP_CIPHER_CTX_iv_length .Fa "const EVP_CIPHER_CTX *ctx" .Fc +.Ft int +.Fo EVP_CIPHER_CTX_get_iv +.Fa "const EVP_CIPHER_CTX *ctx" +.Fa "u_char *iv" +.Fa "size_t len" +.Fc +.Ft int +.Fo EVP_CIPHER_CTX_set_iv +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "const u_char *iv" +.Fa "size_t len" +.Fc .Ft void * .Fo EVP_CIPHER_CTX_get_app_data .Fa "const EVP_CIPHER_CTX *ctx" @@ -651,6 +665,15 @@ The constant .Dv EVP_MAX_IV_LENGTH is the maximum IV length for all ciphers. .Pp +.Fn EVP_CIPHER_CTX_get_iv +and +.Fn EVP_CIPHER_CTX_set_iv +will respectively retrieve and set the IV for a +.Vt EVP_CIPHER_CTX . +In both cases, the specified IV length must exactly equal the expected +IV length for the context as returned by +.Fn EVP_CIPHER_CTX_iv_length . +.Pp .Fn EVP_CIPHER_block_size and .Fn EVP_CIPHER_CTX_block_size @@ -804,6 +827,8 @@ for failure. .Pp .Fn EVP_CIPHER_CTX_reset , .Fn EVP_CIPHER_CTX_cleanup , +.Fn EVP_CIPHER_CTX_get_iv , +.Fn EVP_CIPHER_CTX_set_iv , .Fn EVP_EncryptInit_ex , .Fn EVP_EncryptUpdate , .Fn EVP_EncryptFinal_ex , @@ -1330,6 +1355,12 @@ first appeared in OpenSSL 1.0.1 and have been available since .Fn EVP_CIPHER_CTX_reset first appeared in OpenSSL 1.1.0 and has been available since .Ox 6.3 . +.Pp +.Fn EVP_CIPHER_CTX_get_iv +and +.Fn EVP_CIPHER_CTX_set_iv +first appeared in LibreSSL 2.8.1 and has been available since +.Ox 6.4 . .Sh BUGS .Dv EVP_MAX_KEY_LENGTH and diff --git a/lib/libcrypto/man/RSA_meth_new.3 b/lib/libcrypto/man/RSA_meth_new.3 index ae3ca88adb4..6eabcc5bf8d 100644 --- a/lib/libcrypto/man/RSA_meth_new.3 +++ b/lib/libcrypto/man/RSA_meth_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: RSA_meth_new.3,v 1.1 2018/03/18 13:06:36 schwarze Exp $ +.\" $OpenBSD: RSA_meth_new.3,v 1.2 2018/09/12 06:35:38 djm Exp $ .\" selective merge up to: OpenSSL a970b14f Jul 31 18:58:40 2017 -0400 .\" .\" This file is a derived work. @@ -65,13 +65,15 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 18 2018 $ +.Dd $Mdocdate: September 12 2018 $ .Dt RSA_METH_NEW 3 .Os .Sh NAME .Nm RSA_meth_new , -.Nm RSA_meth_free , .Nm RSA_meth_dup , +.Nm RSA_meth_free , +.Nm RSA_meth_get_finish , +.Nm RSA_meth_set1_name , .Nm RSA_meth_set_finish , .Nm RSA_meth_set_priv_enc , .Nm RSA_meth_set_priv_dec @@ -83,15 +85,22 @@ .Fa "const char *name" .Fa "int flags" .Fc +.Ft RSA_METHOD * +.Fo RSA_meth_dup +.Fa "const RSA_METHOD *meth" +.Fc .Ft void .Fo RSA_meth_free .Fa "RSA_METHOD *meth" .Fc -.Ft RSA_METHOD * -.Fo RSA_meth_dup -.Fa "const RSA_METHOD *meth" +.Ft int +.Fo RSA_meth_set1_name +.Fa "RSA_METHOD *meth" +.Fa "const char *name" .Fc .Ft int +.Fn "(*RSA_meth_get_finish(const RSA_METHOD *meth))" "RSA *rsa" +.Ft int .Fo RSA_meth_set_finish .Fa "RSA_METHOD *meth" .Fa "int (*finish)(RSA *rsa)" @@ -142,8 +151,18 @@ destroys .Fa meth and frees any memory associated with it. .Pp +.Fn RSA_meth_set1_name +Stores a copy of the NUL-terminated +.Fa name +in the +.Vt RSA_METHOD +object after freeing the previously stored +.Fa name. +.Pp +.Fn RSA_meth_get_finish +and .Fn RSA_meth_set_finish -sets an optional function for destroying an +get and set an optional function for destroying an .Vt RSA object. Unless @@ -180,7 +199,7 @@ object or on failure. .Pp All -.Fn RSA_meth_set_* +.Fn RSA_meth_set* functions return 1 on success or 0 on failure. .Sh SEE ALSO .Xr RSA_new 3 , @@ -188,6 +207,11 @@ functions return 1 on success or 0 on failure. .Xr RSA_private_encrypt 3 , .Xr RSA_set_method 3 .Sh HISTORY -These functions first appeared in OpenSSL 1.1.0 -and have been available since +These functions first appeared in OpenSSL 1.1.0. +.Fn RSA_meth_get_finish +and +.Fn RSA_meth_set1_name +have been available since +.Ox 6.4 , +all the other functions since .Ox 6.3 . diff --git a/lib/libcrypto/rsa/rsa.h b/lib/libcrypto/rsa/rsa.h index 23929aafb91..d2df1a92d38 100644 --- a/lib/libcrypto/rsa/rsa.h +++ b/lib/libcrypto/rsa/rsa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa.h,v 1.38 2018/03/17 15:12:56 tb Exp $ */ +/* $OpenBSD: rsa.h,v 1.39 2018/09/12 06:35:38 djm Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -433,10 +433,12 @@ RSA *RSAPrivateKey_dup(RSA *rsa); RSA_METHOD *RSA_meth_new(const char *name, int flags); void RSA_meth_free(RSA_METHOD *meth); RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); +int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); +int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)); /* BEGIN ERROR CODES */ diff --git a/lib/libcrypto/rsa/rsa_meth.c b/lib/libcrypto/rsa/rsa_meth.c index 0e52799a384..ae613cc65c5 100644 --- a/lib/libcrypto/rsa/rsa_meth.c +++ b/lib/libcrypto/rsa/rsa_meth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_meth.c,v 1.1 2018/03/17 15:12:56 tb Exp $ */ +/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $ */ /* * Copyright (c) 2018 Theo Buehler * @@ -62,6 +62,24 @@ RSA_meth_dup(const RSA_METHOD *meth) return copy; } +int +RSA_meth_set1_name(RSA_METHOD *meth, const char *name) +{ + char *copy; + + if ((copy = strdup(name)) == NULL) + return 0; + free((char *)meth->name); + meth->name = copy; + return 1; +} + +int +(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa) +{ + return meth->finish; +} + int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) diff --git a/lib/libcrypto/shlib_version b/lib/libcrypto/shlib_version index 5f1adc35efe..77964f81e84 100644 --- a/lib/libcrypto/shlib_version +++ b/lib/libcrypto/shlib_version @@ -1,3 +1,3 @@ # Don't forget to give libssl and libtls the same type of bump! major=44 -minor=0 +minor=1 -- 2.20.1