[openssl] master update

[shane.lontis at oracle.com]

The branch master has been updated
       via  e870791a4d6aea3a0275396bd01da629cb6f4ac8 (commit)
      from  8c00f267b8df1a8c70eff8198de40aa561299e48 (commit)


- Log -----------------------------------------------------------------
commit e870791a4d6aea3a0275396bd01da629cb6f4ac8
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Wed Jul 31 20:34:26 2019 +1000

    Add evp_util macros
    
    Also added EVP_CTRL_RET_UNSUPPORTED define (so magic numbers can be removed)
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/9464)

-----------------------------------------------------------------------

Summary of changes:
 crypto/err/openssl.txt   |  2 ++
 crypto/evp/evp_enc.c     |  8 ++---
 crypto/evp/evp_err.c     |  4 +++
 crypto/evp/evp_lib.c     | 10 +++----
 crypto/evp/evp_locl.h    |  3 ++
 crypto/evp/evp_utils.c   | 76 +++++++++++++++++++++++++++++++++++-------------
 include/openssl/evperr.h |  5 ++++
 7 files changed, 78 insertions(+), 30 deletions(-)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index d172f4c288..6b52193895 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2421,6 +2421,8 @@ EVP_R_BAD_DECRYPT:100:bad decrypt
 EVP_R_BAD_KEY_LENGTH:195:bad key length
 EVP_R_BUFFER_TOO_SMALL:155:buffer too small
 EVP_R_CAMELLIA_KEY_SETUP_FAILED:157:camellia key setup failed
+EVP_R_CANNOT_GET_PARAMETERS:197:cannot get parameters
+EVP_R_CANNOT_SET_PARAMETERS:198:cannot set parameters
 EVP_R_CIPHER_NOT_GCM_MODE:184:cipher not gcm mode
 EVP_R_CIPHER_PARAMETER_ERROR:122:cipher parameter error
 EVP_R_COMMAND_NOT_SUPPORTED:147:command not supported
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index b2c0a260e6..8f5175b525 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -926,7 +926,7 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
     params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &keylen);
     ok = evp_do_ciph_ctx_setparams(c->cipher, c->provctx, params);
 
-    if (ok != -2)
+    if (ok != EVP_CTRL_RET_UNSUPPORTED)
         return ok;
 
     /* TODO(3.0) legacy code follows */
@@ -960,7 +960,7 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
 
 int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
 {
-    int ret = -2;                /* Unsupported */
+    int ret = EVP_CTRL_RET_UNSUPPORTED;
     int set_params = 1;
     size_t sz;
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
@@ -981,7 +981,7 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
     case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */
     case EVP_CTRL_INIT: /* TODO(3.0) Purely legacy, no provider counterpart */
     default:
-        return -2;      /* Unsupported */
+        return EVP_CTRL_RET_UNSUPPORTED;
     case EVP_CTRL_GET_IV:
         set_params = 0;
         params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV,
@@ -1039,7 +1039,7 @@ legacy:
     }
 
     ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
-    if (ret == -1) {
+    if (ret == EVP_CTRL_RET_UNSUPPORTED) {
         EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL,
                EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
         return 0;
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 92df593821..749f189be3 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -23,6 +23,10 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BUFFER_TOO_SMALL), "buffer too small"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CAMELLIA_KEY_SETUP_FAILED),
     "camellia key setup failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CANNOT_GET_PARAMETERS),
+    "cannot get parameters"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CANNOT_SET_PARAMETERS),
+    "cannot set parameters"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CIPHER_NOT_GCM_MODE),
     "cipher not gcm mode"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CIPHER_PARAMETER_ERROR),
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 9091f8b475..e6daf684be 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -224,7 +224,7 @@ int EVP_CIPHER_block_size(const EVP_CIPHER *cipher)
     params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_BLOCK_SIZE, &v);
     ok = evp_do_ciph_getparams(cipher, params);
 
-    return ok != 0 ? v : -1;
+    return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED;
 }
 
 int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
@@ -310,7 +310,7 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
     params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_IVLEN, &v);
     ok = evp_do_ciph_getparams(cipher, params);
 
-    return ok != 0 ? v : -1;
+    return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED;
 }
 
 int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
@@ -367,7 +367,7 @@ int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx)
     params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_NUM, &v);
     ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
 
-    return ok != 0 ? v : -1;
+    return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED;
 }
 
 int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num)
@@ -391,7 +391,7 @@ int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
     params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &v);
     ok = evp_do_ciph_getparams(cipher, params);
 
-    return ok != 0 ? v : -1;
+    return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED;
 }
 
 int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
@@ -402,7 +402,7 @@ int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
     params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &v);
     ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
 
-    return ok != 0 ? v : -1;
+    return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED;
 }
 
 int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h
index 848ef299ca..17ab24c07a 100644
--- a/crypto/evp/evp_locl.h
+++ b/crypto/evp/evp_locl.h
@@ -11,6 +11,9 @@
 
 #include <openssl/core_numbers.h>
 
+#define EVP_CTRL_RET_UNSUPPORTED -1
+
+
 struct evp_md_ctx_st {
     const EVP_MD *reqdigest;    /* The original requested digest */
     const EVP_MD *digest;
diff --git a/crypto/evp/evp_utils.c b/crypto/evp/evp_utils.c
index c3b5520593..e24bee1c0c 100644
--- a/crypto/evp/evp_utils.c
+++ b/crypto/evp/evp_utils.c
@@ -17,31 +17,65 @@
 #include "internal/evp_int.h"    /* evp_locl.h needs it */
 #include "evp_locl.h"
 
-int evp_do_ciph_getparams(const EVP_CIPHER *ciph, OSSL_PARAM params[])
-{
-    if (ciph->prov == NULL)
-        return -2;
-    if (ciph->get_params == NULL)
-        return -1;
-    return ciph->get_params(params);
+/*
+ * EVP_CTRL_RET_UNSUPPORTED = -1 is the returned value from any ctrl function
+ * where the control command isn't supported, and an alternative code path
+ * may be chosen.
+ * Since these functions are used to implement ctrl functionality, we
+ * use the same value, and other callers will have to compensate.
+ */
+#define PARAM_CHECK(obj, func, errfunc)                                        \
+    if (obj->prov == NULL)                                                     \
+        return EVP_CTRL_RET_UNSUPPORTED;                                       \
+    if (obj->func == NULL) {                                                   \
+        errfunc();                                                             \
+        return 0;                                                              \
+    }
+
+#define PARAM_FUNC(name, func, type, err)                                      \
+int name (const type *obj, OSSL_PARAM params[])                                \
+{                                                                              \
+    PARAM_CHECK(obj, func, err)                                                \
+    return obj->func(params);                                                  \
+}
+
+#define PARAM_CTX_FUNC(name, func, type, err)                                  \
+int name (const type *obj, void *provctx, OSSL_PARAM params[])                 \
+{                                                                              \
+    PARAM_CHECK(obj, func, err)                                                \
+    return obj->func(provctx, params);                                         \
 }
 
-int evp_do_ciph_ctx_getparams(const EVP_CIPHER *ciph, void *provctx,
-                              OSSL_PARAM params[])
+#define PARAM_FUNCTIONS(type,                                                  \
+                        getname, getfunc,                                      \
+                        getctxname, getctxfunc,                                \
+                        setctxname, setctxfunc)                                \
+    PARAM_FUNC(getname, getfunc, type, geterr)                                 \
+    PARAM_CTX_FUNC(getctxname, getctxfunc, type, geterr)                       \
+    PARAM_CTX_FUNC(setctxname, setctxfunc, type, seterr)
+
+/*
+ * These error functions are a workaround for the error scripts, which
+ * currently require that XXXerr method appears inside a function (not a macro).
+ */
+static void geterr(void)
 {
-    if (ciph->prov == NULL)
-        return -2;
-    if (ciph->ctx_get_params == NULL)
-        return -1;
-    return ciph->ctx_get_params(provctx, params);
+    EVPerr(0, EVP_R_CANNOT_GET_PARAMETERS);
 }
 
-int evp_do_ciph_ctx_setparams(const EVP_CIPHER *ciph, void *provctx,
-                              OSSL_PARAM params[])
+static void seterr(void)
 {
-    if (ciph->prov == NULL)
-        return -2;
-    if (ciph->ctx_set_params == NULL)
-        return -1;
-    return ciph->ctx_set_params(provctx, params);
+    EVPerr(0, EVP_R_CANNOT_SET_PARAMETERS);
 }
+
+PARAM_FUNCTIONS(EVP_CIPHER,
+                evp_do_ciph_getparams, get_params,
+                evp_do_ciph_ctx_getparams, ctx_get_params,
+                evp_do_ciph_ctx_setparams, ctx_set_params)
+
+#if 0
+PARAM_FUNCTIONS(EVP_MD,
+                evp_do_md_getparams, get_params,
+                evp_do_md_ctx_getparams, ctx_get_params,
+                evp_do_md_ctx_setparams, ctx_set_params)
+#endif
diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h
index 8b46d76ec1..34966f84cd 100644
--- a/include/openssl/evperr.h
+++ b/include/openssl/evperr.h
@@ -73,6 +73,8 @@ int ERR_load_EVP_strings(void);
 #  define EVP_F_EVP_KDF_CTRL_STR                           0
 #  define EVP_F_EVP_KDF_CTX_NEW                            0
 #  define EVP_F_EVP_KDF_CTX_NEW_ID                         0
+#  define EVP_F_EVP_KEYEXCH_FETCH                          0
+#  define EVP_F_EVP_KEYEXCH_FROM_DISPATCH                  0
 #  define EVP_F_EVP_MAC_CTRL                               0
 #  define EVP_F_EVP_MAC_CTRL_STR                           0
 #  define EVP_F_EVP_MAC_CTX_DUP                            0
@@ -100,6 +102,7 @@ int ERR_load_EVP_strings(void);
 #  define EVP_F_EVP_PKEY_DECRYPT_OLD                       0
 #  define EVP_F_EVP_PKEY_DERIVE                            0
 #  define EVP_F_EVP_PKEY_DERIVE_INIT                       0
+#  define EVP_F_EVP_PKEY_DERIVE_INIT_EX                    0
 #  define EVP_F_EVP_PKEY_DERIVE_SET_PEER                   0
 #  define EVP_F_EVP_PKEY_ENCRYPT                           0
 #  define EVP_F_EVP_PKEY_ENCRYPT_INIT                      0
@@ -168,6 +171,8 @@ int ERR_load_EVP_strings(void);
 # define EVP_R_BAD_KEY_LENGTH                             195
 # define EVP_R_BUFFER_TOO_SMALL                           155
 # define EVP_R_CAMELLIA_KEY_SETUP_FAILED                  157
+# define EVP_R_CANNOT_GET_PARAMETERS                      197
+# define EVP_R_CANNOT_SET_PARAMETERS                      198
 # define EVP_R_CIPHER_NOT_GCM_MODE                        184
 # define EVP_R_CIPHER_PARAMETER_ERROR                     122
 # define EVP_R_COMMAND_NOT_SUPPORTED                      147