From 0ed6f4de41ab12fbad78084a67ffd736114b18a6 Mon Sep 17 00:00:00 2001 From: purplerain Date: Sat, 26 Aug 2023 08:27:18 +0000 Subject: [PATCH] sync code with last improvements from OpenBSD --- lib/libcrypto/evp/names.c | 12 +- .../man/EVP_CIPHER_CTX_get_cipher_data.3 | 109 ++++++++++++++++++ lib/libcrypto/man/EVP_add_cipher.3 | 16 ++- lib/libcrypto/man/Makefile | 3 +- lib/libcrypto/man/evp.3 | 5 +- share/man/man3/dlfcn.3 | 10 +- 6 files changed, 138 insertions(+), 17 deletions(-) create mode 100644 lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 diff --git a/lib/libcrypto/evp/names.c b/lib/libcrypto/evp/names.c index 4931c92e2..5242892e9 100644 --- a/lib/libcrypto/evp/names.c +++ b/lib/libcrypto/evp/names.c @@ -1,4 +1,4 @@ -/* $OpenBSD: names.c,v 1.20 2023/07/22 18:12:55 tb Exp $ */ +/* $OpenBSD: names.c,v 1.21 2023/08/26 02:59:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -116,25 +116,19 @@ EVP_add_digest(const EVP_MD *md) const EVP_CIPHER * EVP_get_cipherbyname(const char *name) { - const EVP_CIPHER *cp; - if (!OPENSSL_init_crypto(0, NULL)) return NULL; - cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH); - return (cp); + return (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH); } const EVP_MD * EVP_get_digestbyname(const char *name) { - const EVP_MD *cp; - if (!OPENSSL_init_crypto(0, NULL)) return NULL; - cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); - return (cp); + return (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); } void diff --git a/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 b/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 new file mode 100644 index 000000000..e60e1fb30 --- /dev/null +++ b/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 @@ -0,0 +1,109 @@ +.\" $OpenBSD: EVP_CIPHER_CTX_get_cipher_data.3,v 1.2 2023/08/26 06:19:09 jsg Exp $ +.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Matt Caswell +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: August 26 2023 $ +.Dt EVP_CIPHER_CTX_GET_CIPHER_DATA 3 +.Os +.Sh NAME +.Nm EVP_CIPHER_CTX_get_cipher_data , +.Nm EVP_CIPHER_CTX_set_cipher_data +.Nd inspect and modify EVP_CIPHER_CTX objects +.Sh SYNOPSIS +.In openssl/evp.h +.Ft void * +.Fo EVP_CIPHER_CTX_get_cipher_data +.Fa "const EVP_CIPHER_CTX *ctx" +.Fc +.Ft void * +.Fo EVP_CIPHER_CTX_set_cipher_data +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "void *cipher_data" +.Fc +.Sh DESCRIPTION +.Fn EVP_CIPHER_CTX_get_cipher_data +returns a pointer to the cipher data of +.Fa ctx . +The format and content of this data is specific to the algorithm +and to the particular implementation of the cipher. +For example, this data can be used by engines +to store engine specific information. +The data is automatically allocated and freed by OpenSSL, so +applications and engines should not normally free this directly (but see +below). +.Pp +.Fn EVP_CIPHER_CTX_set_cipher_data +allows an application or engine to replace the existing cipher data +with new data, transferring ownership of +.Fa cipher_data +to the +.Fa ctx +object. +A pointer to any existing cipher data is returned from this function. +If the old data is no longer required, +it should be freed through a call to +.Xr free 3 . +.Sh RETURN VALUES +.Fn EVP_CIPHER_CTX_get_cipher_data +returns an internal pointer owned by +.Fa ctx . +.Pp +.Fn EVP_CIPHER_CTX_set_cipher_data +returns a pointer to the old cipher data of +.Fa ctx +and transfers ownership to the caller. +.Sh SEE ALSO +.Xr evp 3 , +.Xr EVP_EncryptInit 3 +.Sh HISTORY +.Fn EVP_CIPHER_CTX_get_cipher_data +and +.Fn EVP_CIPHER_CTX_set_cipher_data +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 7.1 . diff --git a/lib/libcrypto/man/EVP_add_cipher.3 b/lib/libcrypto/man/EVP_add_cipher.3 index 1d92d3c00..6cbfd2e39 100644 --- a/lib/libcrypto/man/EVP_add_cipher.3 +++ b/lib/libcrypto/man/EVP_add_cipher.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_add_cipher.3,v 1.5 2023/08/25 13:26:27 schwarze Exp $ +.\" $OpenBSD: EVP_add_cipher.3,v 1.6 2023/08/25 18:39:04 schwarze Exp $ .\" .\" Copyright (c) 2023 Theo Buehler .\" @@ -24,7 +24,7 @@ .Nm EVP_add_digest , .Nm EVP_add_digest_alias , .Nm EVP_delete_digest_alias -.Nd maintain cipher and digest lookup by names +.Nd maintain lookup tables for cipher and digest names .Sh SYNOPSIS .In openssl/evp.h .Ft int @@ -147,7 +147,17 @@ set to the bitwise or of and .Dv OBJ_NAME_ALIAS . .Sh RETURN VALUES -These functions return 1 on success and 0 on failure. +.Fn EVP_add_cipher , +.Fn EVP_add_cipher_alias , +.Fn EVP_add_digest , +and +.Fn EVP_add_digest_alias +return 1 on success or 0 if memory allocation fails. +.Pp +.Fn EVP_delete_cipher_alias +and +.Fn EVP_delete_digest_alias +return 1 if one alias was removed or 0 otherwise. .Sh SEE ALSO .Xr evp 3 , .Xr EVP_CIPHER_meth_new 3 , diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile index 27e64c494..24b53b9eb 100644 --- a/lib/libcrypto/man/Makefile +++ b/lib/libcrypto/man/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.262 2023/08/25 05:29:35 tb Exp $ +# $OpenBSD: Makefile,v 1.263 2023/08/25 18:22:41 schwarze Exp $ .include @@ -164,6 +164,7 @@ MAN= \ ESS_SIGNING_CERT_new.3 \ EVP_AEAD_CTX_init.3 \ EVP_BytesToKey.3 \ + EVP_CIPHER_CTX_get_cipher_data.3 \ EVP_CIPHER_meth_new.3 \ EVP_DigestInit.3 \ EVP_DigestSignInit.3 \ diff --git a/lib/libcrypto/man/evp.3 b/lib/libcrypto/man/evp.3 index 02e21b857..92a6c6a41 100644 --- a/lib/libcrypto/man/evp.3 +++ b/lib/libcrypto/man/evp.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: evp.3,v 1.18 2023/08/25 05:29:35 tb Exp $ +.\" $OpenBSD: evp.3,v 1.19 2023/08/25 18:22:41 schwarze Exp $ .\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100 .\" .\" This file was written by Ulf Moeller , @@ -193,12 +193,13 @@ operations are more efficient using the high-level interfaces. .Xr d2i_PrivateKey 3 , .Xr ENGINE_get_cipher 3 , .Xr ENGINE_register_RSA 3 , -.Xr EVP_AEAD_CTX_init 3 , .Xr EVP_add_cipher 3 , +.Xr EVP_AEAD_CTX_init 3 , .Xr EVP_aes_128_cbc 3 , .Xr EVP_BytesToKey 3 , .Xr EVP_camellia_128_cbc 3 , .Xr EVP_chacha20 3 , +.Xr EVP_CIPHER_CTX_get_cipher_data 3 , .Xr EVP_CIPHER_meth_new 3 , .Xr EVP_des_cbc 3 , .Xr EVP_DigestInit 3 , diff --git a/share/man/man3/dlfcn.3 b/share/man/man3/dlfcn.3 index 9ffa6b8a9..b8395976a 100644 --- a/share/man/man3/dlfcn.3 +++ b/share/man/man3/dlfcn.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: dlfcn.3,v 1.34 2022/12/13 02:50:01 guenther Exp $ +.\" $OpenBSD: dlfcn.3,v 1.35 2023/08/26 01:38:28 deraadt Exp $ .\" $NetBSD: dlfcn.3,v 1.3 1996/01/09 19:43:34 pk Exp $ .\" .\" Copyright (c) 1995 Paul Kranenburg @@ -29,7 +29,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 13 2022 $ +.Dd $Mdocdate: August 26 2023 $ .Dt DLOPEN 3 .Os .Sh NAME @@ -305,3 +305,9 @@ being returned. Some of the .Nm dl* functions first appeared in SunOS 4. +.Sh CAVEATS +Loading untrustworthy libraries into the process's address space with +.Nm dlopen +is very dangerous because system-dependent initialization steps occur +including the calling of constructor functions, even if the library +is otherwise unused.