Add some accessor functions:

RSA_meth_get_finish() RSA_meth_set1_name() EVP_CIPHER_CTX_(get|set)_iv() feedback and ok jsing@ tb@
libressl · Sep 12, 2018 · db321d7 · db321d7
1 parent 435f416
commit db321d7
Show file tree

Hide file tree

Showing 8 changed files with 138 additions and 17 deletions.
diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list
@@ -1262,6 +1262,7 @@ EVP_CIPHER_CTX_encrypting
 EVP_CIPHER_CTX_flags
 EVP_CIPHER_CTX_free
 EVP_CIPHER_CTX_get_app_data
+EVP_CIPHER_CTX_get_iv
 EVP_CIPHER_CTX_init
 EVP_CIPHER_CTX_iv_length
 EVP_CIPHER_CTX_key_length
@@ -1271,6 +1272,7 @@ EVP_CIPHER_CTX_rand_key
 EVP_CIPHER_CTX_reset
 EVP_CIPHER_CTX_set_app_data
 EVP_CIPHER_CTX_set_flags
+EVP_CIPHER_CTX_set_iv
 EVP_CIPHER_CTX_set_key_length
 EVP_CIPHER_CTX_set_padding
 EVP_CIPHER_CTX_test_flags
@@ -2274,7 +2276,9 @@ RSA_get_ex_new_index
 RSA_get_method
 RSA_meth_dup
 RSA_meth_free
+RSA_meth_get_finish
 RSA_meth_new
+RSA_meth_set1_name
 RSA_meth_set_finish
 RSA_meth_set_priv_dec
 RSA_meth_set_priv_enc

diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.68 2018/08/24 20:22:15 tb Exp $ */
+/* $OpenBSD: evp.h,v 1.69 2018/09/12 06:35:38 djm Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -496,6 +496,10 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx,
+    unsigned char *iv, size_t len);
+int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,
+    const unsigned char *iv, size_t len);
 int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
 void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
 void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);

diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_lib.c,v 1.16 2018/08/24 19:36:52 tb Exp $ */
+/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -273,6 +273,44 @@ EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
 	return ctx->cipher->nid;
 }
 
+int
+EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len)
+{
+	if (ctx == NULL || len != EVP_CIPHER_CTX_iv_length(ctx))
+		return 0;
+	if (len > EVP_MAX_IV_LENGTH)
+		return 0; /* sanity check; shouldn't happen */
+	/*
+	 * Skip the memcpy entirely when the requested IV length is zero,
+	 * since the iv pointer may be NULL or invalid.
+	 */
+	if (len != 0) {
+		if (iv == NULL)
+			return 0;
+		memcpy(iv, ctx->iv, len);
+	}
+	return 1;
+}
+
+int
+EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len)
+{
+	if (ctx == NULL || len != EVP_CIPHER_CTX_iv_length(ctx))
+		return 0;
+	if (len > EVP_MAX_IV_LENGTH)
+		return 0; /* sanity check; shouldn't happen */
+	/*
+	 * Skip the memcpy entirely when the requested IV length is zero,
+	 * since the iv pointer may be NULL or invalid.
+	 */
+	if (len != 0) {
+		if (iv == NULL)
+			return 0;
+		memcpy(ctx->iv, iv, len);
+	}
+	return 1;
+}
+
 int
 EVP_MD_block_size(const EVP_MD *md)
 {

diff --git a/src/lib/libcrypto/man/EVP_EncryptInit.3 b/src/lib/libcrypto/man/EVP_EncryptInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_EncryptInit.3,v 1.23 2018/08/28 17:47:29 tb Exp $
+.\" $OpenBSD: EVP_EncryptInit.3,v 1.24 2018/09/12 06:35:38 djm Exp $
 .\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
 .\" selective merge up to: OpenSSL 16cfc2c9 Mar 8 22:30:28 2018 +0100
 .\"
@@ -51,7 +51,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 28 2018 $
+.Dd $Mdocdate: September 12 2018 $
 .Dt EVP_ENCRYPTINIT 3
 .Os
 .Sh NAME
@@ -94,6 +94,8 @@
 .Nm EVP_CIPHER_CTX_block_size ,
 .Nm EVP_CIPHER_CTX_key_length ,
 .Nm EVP_CIPHER_CTX_iv_length ,
+.Nm EVP_CIPHER_CTX_get_iv ,
+.Nm EVP_CIPHER_CTX_set_iv ,
 .Nm EVP_CIPHER_CTX_get_app_data ,
 .Nm EVP_CIPHER_CTX_set_app_data ,
 .Nm EVP_CIPHER_CTX_type ,
@@ -367,6 +369,18 @@
 .Fo EVP_CIPHER_CTX_iv_length
 .Fa "const EVP_CIPHER_CTX *ctx"
 .Fc
+.Ft int
+.Fo EVP_CIPHER_CTX_get_iv
+.Fa "const EVP_CIPHER_CTX *ctx"
+.Fa "u_char *iv"
+.Fa "size_t len"
+.Fc
+.Ft int
+.Fo EVP_CIPHER_CTX_set_iv
+.Fa "EVP_CIPHER_CTX *ctx"
+.Fa "const u_char *iv"
+.Fa "size_t len"
+.Fc
 .Ft void *
 .Fo EVP_CIPHER_CTX_get_app_data
 .Fa "const EVP_CIPHER_CTX *ctx"
@@ -651,6 +665,15 @@ The constant
 .Dv EVP_MAX_IV_LENGTH
 is the maximum IV length for all ciphers.
 .Pp
+.Fn EVP_CIPHER_CTX_get_iv
+and
+.Fn EVP_CIPHER_CTX_set_iv
+will respectively retrieve and set the IV for a
+.Vt EVP_CIPHER_CTX .
+In both cases, the specified IV length must exactly equal the expected
+IV length for the context as returned by
+.Fn EVP_CIPHER_CTX_iv_length .
+.Pp
 .Fn EVP_CIPHER_block_size
 and
 .Fn EVP_CIPHER_CTX_block_size
@@ -804,6 +827,8 @@ for failure.
 .Pp
 .Fn EVP_CIPHER_CTX_reset ,
 .Fn EVP_CIPHER_CTX_cleanup ,
+.Fn EVP_CIPHER_CTX_get_iv ,
+.Fn EVP_CIPHER_CTX_set_iv ,
 .Fn EVP_EncryptInit_ex ,
 .Fn EVP_EncryptUpdate ,
 .Fn EVP_EncryptFinal_ex ,
@@ -1330,6 +1355,12 @@ first appeared in OpenSSL 1.0.1 and have been available since
 .Fn EVP_CIPHER_CTX_reset
 first appeared in OpenSSL 1.1.0 and has been available since
 .Ox 6.3 .
+.Pp
+.Fn EVP_CIPHER_CTX_get_iv
+and
+.Fn EVP_CIPHER_CTX_set_iv
+first appeared in LibreSSL 2.8.1 and has been available since
+.Ox 6.4 .
 .Sh BUGS
 .Dv EVP_MAX_KEY_LENGTH
 and

diff --git a/src/lib/libcrypto/man/RSA_meth_new.3 b/src/lib/libcrypto/man/RSA_meth_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: RSA_meth_new.3,v 1.1 2018/03/18 13:06:36 schwarze Exp $
+.\" $OpenBSD: RSA_meth_new.3,v 1.2 2018/09/12 06:35:38 djm Exp $
 .\" selective merge up to: OpenSSL a970b14f Jul 31 18:58:40 2017 -0400
 .\"
 .\" This file is a derived work.
@@ -65,13 +65,15 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 18 2018 $
+.Dd $Mdocdate: September 12 2018 $
 .Dt RSA_METH_NEW 3
 .Os
 .Sh NAME
 .Nm RSA_meth_new ,
-.Nm RSA_meth_free ,
 .Nm RSA_meth_dup ,
+.Nm RSA_meth_free ,
+.Nm RSA_meth_get_finish ,
+.Nm RSA_meth_set1_name ,
 .Nm RSA_meth_set_finish ,
 .Nm RSA_meth_set_priv_enc ,
 .Nm RSA_meth_set_priv_dec
@@ -83,15 +85,22 @@
 .Fa "const char *name"
 .Fa "int flags"
 .Fc
+.Ft RSA_METHOD *
+.Fo RSA_meth_dup
+.Fa "const RSA_METHOD *meth"
+.Fc
 .Ft void
 .Fo RSA_meth_free
 .Fa "RSA_METHOD *meth"
 .Fc
-.Ft RSA_METHOD *
-.Fo RSA_meth_dup
-.Fa "const RSA_METHOD *meth"
+.Ft int
+.Fo RSA_meth_set1_name
+.Fa "RSA_METHOD *meth"
+.Fa "const char *name"
 .Fc
 .Ft int
+.Fn "(*RSA_meth_get_finish(const RSA_METHOD *meth))" "RSA *rsa"
+.Ft int
 .Fo RSA_meth_set_finish
 .Fa "RSA_METHOD *meth"
 .Fa "int (*finish)(RSA *rsa)"
@@ -142,8 +151,18 @@ destroys
 .Fa meth
 and frees any memory associated with it.
 .Pp
+.Fn RSA_meth_set1_name
+Stores a copy of the NUL-terminated
+.Fa name
+in the
+.Vt RSA_METHOD
+object after freeing the previously stored
+.Fa name.
+.Pp
+.Fn RSA_meth_get_finish
+and
 .Fn RSA_meth_set_finish
-sets an optional function for destroying an
+get and set an optional function for destroying an
 .Vt RSA
 object.
 Unless
@@ -180,14 +199,19 @@ object or
 on failure.
 .Pp
 All
-.Fn RSA_meth_set_*
+.Fn RSA_meth_set*
 functions return 1 on success or 0 on failure.
 .Sh SEE ALSO
 .Xr RSA_new 3 ,
 .Xr RSA_private_decrypt 3 ,
 .Xr RSA_private_encrypt 3 ,
 .Xr RSA_set_method 3
 .Sh HISTORY
-These functions first appeared in OpenSSL 1.1.0
-and have been available since
+These functions first appeared in OpenSSL 1.1.0.
+.Fn RSA_meth_get_finish
+and
+.Fn RSA_meth_set1_name
+have been available since
+.Ox 6.4 ,
+all the other functions since
 .Ox 6.3 .
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa.h,v 1.38 2018/03/17 15:12:56 tb Exp $ */
+/* $OpenBSD: rsa.h,v 1.39 2018/09/12 06:35:38 djm Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -433,10 +433,12 @@ RSA *RSAPrivateKey_dup(RSA *rsa);
 RSA_METHOD *RSA_meth_new(const char *name, int flags);
 void RSA_meth_free(RSA_METHOD *meth);
 RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
 int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
     const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
 int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
     const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
+int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);
 int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa));
 
 /* BEGIN ERROR CODES */

diff --git a/src/lib/libcrypto/rsa/rsa_meth.c b/src/lib/libcrypto/rsa/rsa_meth.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rsa_meth.c,v 1.1 2018/03/17 15:12:56 tb Exp $	*/
+/*	$OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $	*/
 /*
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
  *
@@ -62,6 +62,24 @@ RSA_meth_dup(const RSA_METHOD *meth)
 	return copy;
 }
 
+int
+RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
+{
+	char *copy;
+
+	if ((copy = strdup(name)) == NULL)
+		return 0;
+	free((char *)meth->name);
+	meth->name = copy;
+	return 1;
+}
+
+int
+(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa)
+{
+	return meth->finish;
+}
+
 int
 RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
     const unsigned char *from, unsigned char *to, RSA *rsa, int padding))

diff --git a/src/lib/libcrypto/shlib_version b/src/lib/libcrypto/shlib_version
@@ -1,3 +1,3 @@
 # Don't forget to give libssl and libtls the same type of bump!
 major=44
-minor=0
+minor=1