EVP module documentation pass

Replace ECDH_KDF_X9_62() with internal ecdh_KDF_X9_63()
Signed-off-by: NAntoine Salon <asalon@vmware.com>
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7345)

(cherry picked from commit ffd89124bdfc9e69349492c3f15383bb35520a11)

CHANGES

@@ -9,9 +9,10 @@
 
  Changes between 1.1.1 and 1.1.1a [xx XXX xxxx]
 
-  *)
-
- Changes between 1.1.1 and 1.1.1a [xx XXX xxxx]
+  *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
+     the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
+     are retained for backwards compatibility.
+     [Antoine Salon]
 
   *) Fixed the issue that RAND_add()/RAND_seed() silently discards random input
      if its length exceeds 4096 bytes. The limit has been raised to a buffer size

crypto/ec/ec_ameth.c

@@ -699,7 +699,7 @@ static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, int eckdf_nid)
     if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0)
         return 0;
 
-    if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0)
+    if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0)
         return 0;
 
     kdf_md = EVP_get_digestbynid(kdfmd_nid);
@@ -864,7 +864,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
         ecdh_nid = NID_dh_cofactor_kdf;
 
     if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {
-        kdf_type = EVP_PKEY_ECDH_KDF_X9_62;
+        kdf_type = EVP_PKEY_ECDH_KDF_X9_63;
         if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
             goto err;
     } else

crypto/ec/ec_pmeth.c

@@ -209,7 +209,7 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,
     if (!pkey_ec_derive(ctx, ktmp, &ktmplen))
         goto err;
     /* Do KDF stuff */
-    if (!ECDH_KDF_X9_62(key, *keylen, ktmp, ktmplen,
+    if (!ecdh_KDF_X9_63(key, *keylen, ktmp, ktmplen,
                         dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))
         goto err;
     rv = 1;
@@ -281,7 +281,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
     case EVP_PKEY_CTRL_EC_KDF_TYPE:
         if (p1 == -2)
             return dctx->kdf_type;
-        if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_62)
+        if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_63)
             return -2;
         dctx->kdf_type = p1;
         return 1;

crypto/ec/ecdh_kdf.c

 /*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,12 +10,13 @@
 #include <string.h>
 #include <openssl/ec.h>
 #include <openssl/evp.h>
+#include "ec_lcl.h"
 
-/* Key derivation function from X9.62/SECG */
+/* Key derivation function from X9.63/SECG */
 /* Way more than we will ever need */
 #define ECDH_KDF_MAX    (1 << 30)
 
-int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
                    const unsigned char *Z, size_t Zlen,
                    const unsigned char *sinfo, size_t sinfolen,
                    const EVP_MD *md)
@@ -66,3 +67,15 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
     EVP_MD_CTX_free(mctx);
     return rv;
 }
+
+/*-
+ * The old name for ecdh_KDF_X9_63
+ * Retained for ABI compatibility
+ */
+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+                   const unsigned char *Z, size_t Zlen,
+                   const unsigned char *sinfo, size_t sinfolen,
+                   const EVP_MD *md)
+{
+    return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md);
+}

crypto/include/internal/ec_int.h

@@ -41,5 +41,13 @@
 __owur int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res,
                                    const BIGNUM *x, BN_CTX *ctx);
 
+/*-
+ * ECDH Key Derivation Function as defined in ANSI X9.63
+ */
+int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
+                   const unsigned char *Z, size_t Zlen,
+                   const unsigned char *sinfo, size_t sinfolen,
+                   const EVP_MD *md);
+
 # endif /* OPENSSL_NO_EC */
 #endif

crypto/sm2/sm2_crypt.c

@@ -11,6 +11,7 @@
 
 #include "internal/sm2.h"
 #include "internal/sm2err.h"
+#include "internal/ec_int.h" /* ecdh_KDF_X9_63() */
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/bn.h>
@@ -203,7 +204,7 @@ int sm2_encrypt(const EC_KEY *key,
    }
 
     /* X9.63 with no salt happens to match the KDF used in SM2 */
-    if (!ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
+    if (!ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
                         digest)) {
         SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB);
         goto done;
@@ -344,7 +345,7 @@ int sm2_decrypt(const EC_KEY *key,
 
     if (BN_bn2binpad(x2, x2y2, field_size) < 0
             || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0
-            || !ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
+            || !ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
                                digest)) {
         SM2err(SM2_F_SM2_DECRYPT, ERR_R_INTERNAL_ERROR);
         goto done;

doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod

@@ -32,7 +32,7 @@ The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro is used to set the salt length.
 If the key has usage restrictions then an error is returned if an attempt is
 made to set the salt length below the minimum value. It is otherwise similar
 to the B<RSA> operation except detection of the salt length (using
-RSA_PSS_SALTLEN_AUTO is not supported for verification if the key has
+RSA_PSS_SALTLEN_AUTO) is not supported for verification if the key has
 usage restrictions.
 
 The EVP_PKEY_CTX_set_signature_md() and EVP_PKEY_CTX_set_rsa_mgf1_md() macros
@@ -43,7 +43,7 @@ similar to the B<RSA> versions.
 
 =head2 Key Generation
 
-As with RSA key generation the EVP_PKEY_CTX_set_rsa_rsa_keygen_bits()
+As with RSA key generation the EVP_PKEY_CTX_set_rsa_keygen_bits()
 and EVP_PKEY_CTX_set_rsa_keygen_pubexp() macros are supported for RSA-PSS:
 they have exactly the same meaning as for the RSA algorithm.
 

doc/man3/EVP_PKEY_set1_RSA.pod

@@ -6,8 +6,10 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
 EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
 EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
 EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
-EVP_PKEY_assign_EC_KEY, EVP_PKEY_get0_hmac, EVP_PKEY_type, EVP_PKEY_id,
-EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine - EVP_PKEY assignment functions
+EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH,
+EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash,
+EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type,
+EVP_PKEY_set1_engine - EVP_PKEY assignment functions
 
 =head1 SYNOPSIS
 
@@ -24,6 +26,8 @@ EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine - EVP_PKEY assig
  EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
 
  const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
+ const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
+ const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
  RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
  DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
  DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
@@ -33,6 +37,8 @@ EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine - EVP_PKEY assig
  int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
  int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
  int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
+ int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
+ int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
 
  int EVP_PKEY_id(const EVP_PKEY *pkey);
  int EVP_PKEY_base_id(const EVP_PKEY *pkey);
@@ -50,14 +56,15 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
 EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or
 B<NULL> if the key is not of the correct type.
 
-EVP_PKEY_get0_hmac(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
-EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() also return the
-referenced key in B<pkey> or B<NULL> if the key is not of the
-correct type but the reference count of the returned key is
-B<not> incremented and so must not be freed up after use.
+EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(),
+EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH()
+and EVP_PKEY_get0_EC_KEY() also return the referenced key in B<pkey> or B<NULL>
+if the key is not of the correct type but the reference count of the
+returned key is B<not> incremented and so must not be freed up after use.
 
-EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
-and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key>
+EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
+EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and
+EVP_PKEY_assign_SIPHASH() also set the referenced key to B<key>
 however these use the supplied B<key> internally and so B<key>
 will be freed when the parent B<pkey> is freed.
 
@@ -89,8 +96,9 @@ In accordance with the OpenSSL naming convention the key obtained
 from or assigned to the B<pkey> using the B<1> functions must be
 freed as well as B<pkey>.
 
-EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
-and EVP_PKEY_assign_EC_KEY() are implemented as macros.
+EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
+EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305()
+and EVP_PKEY_assign_SIPHASH() are implemented as macros.
 
 Most applications wishing to know a key type will simply call
 EVP_PKEY_base_id() and will not care about the actual type:
@@ -119,8 +127,9 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
 EVP_PKEY_get1_EC_KEY() return the referenced key or B<NULL> if
 an error occurred.
 
-EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
-and EVP_PKEY_assign_EC_KEY() return 1 for success and 0 for failure.
+EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
+EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305()
+and EVP_PKEY_assign_SIPHASH() return 1 for success and 0 for failure.
 
 EVP_PKEY_base_id(), EVP_PKEY_id() and EVP_PKEY_type() return a key
 type or B<NID_undef> (equivalently B<EVP_PKEY_NONE>) on error.

doc/man3/EVP_aes.pod

@@ -14,6 +14,9 @@ EVP_aes_256_cfb1,
 EVP_aes_128_cfb8,
 EVP_aes_192_cfb8,
 EVP_aes_256_cfb8,
+EVP_aes_128_cfb128,
+EVP_aes_192_cfb128,
+EVP_aes_256_cfb128,
 EVP_aes_128_ctr,
 EVP_aes_192_ctr,
 EVP_aes_256_ctr,
@@ -75,6 +78,9 @@ EVP_aes_256_cfb1(),
 EVP_aes_128_cfb8(),
 EVP_aes_192_cfb8(),
 EVP_aes_256_cfb8(),
+EVP_aes_128_cfb128(),
+EVP_aes_192_cfb128(),
+EVP_aes_256_cfb128(),
 EVP_aes_128_ctr(),
 EVP_aes_192_ctr(),
 EVP_aes_256_ctr(),

doc/man3/EVP_aria.pod

@@ -14,6 +14,9 @@ EVP_aria_256_cfb1,
 EVP_aria_128_cfb8,
 EVP_aria_192_cfb8,
 EVP_aria_256_cfb8,
+EVP_aria_128_cfb128,
+EVP_aria_192_cfb128,
+EVP_aria_256_cfb128,
 EVP_aria_128_ctr,
 EVP_aria_192_ctr,
 EVP_aria_256_ctr,
@@ -60,6 +63,9 @@ EVP_aria_256_cfb1(),
 EVP_aria_128_cfb8(),
 EVP_aria_192_cfb8(),
 EVP_aria_256_cfb8(),
+EVP_aria_128_cfb128(),
+EVP_aria_192_cfb128(),
+EVP_aria_256_cfb128(),
 EVP_aria_128_ctr(),
 EVP_aria_192_ctr(),
 EVP_aria_256_ctr(),

doc/man3/EVP_bf_cbc.pod

@@ -4,6 +4,7 @@
 
 EVP_bf_cbc,
 EVP_bf_cfb,
+EVP_bf_cfb64,
 EVP_bf_ecb,
 EVP_bf_ofb
 - EVP Blowfish cipher
@@ -14,6 +15,7 @@ EVP_bf_ofb
 
  const EVP_CIPHER *EVP_bf_cbc(void)
  const EVP_CIPHER *EVP_bf_cfb(void)
+ const EVP_CIPHER *EVP_bf_cfb64(void)
  const EVP_CIPHER *EVP_bf_ecb(void)
  const EVP_CIPHER *EVP_bf_ofb(void)
 
@@ -27,6 +29,7 @@ This is a variable key length cipher.
 
 =item EVP_bf_cbc(),
 EVP_bf_cfb(),
+EVP_bf_cfb64(),
 EVP_bf_ecb(),
 EVP_bf_ofb()
 

doc/man3/EVP_camellia.pod

@@ -14,6 +14,9 @@ EVP_camellia_256_cfb1,
 EVP_camellia_128_cfb8,
 EVP_camellia_192_cfb8,
 EVP_camellia_256_cfb8,
+EVP_camellia_128_cfb128,
+EVP_camellia_192_cfb128,
+EVP_camellia_256_cfb128,
 EVP_camellia_128_ctr,
 EVP_camellia_192_ctr,
 EVP_camellia_256_ctr,
@@ -54,6 +57,9 @@ EVP_camellia_256_cfb1(),
 EVP_camellia_128_cfb8(),
 EVP_camellia_192_cfb8(),
 EVP_camellia_256_cfb8(),
+EVP_camellia_128_cfb128(),
+EVP_camellia_192_cfb128(),
+EVP_camellia_256_cfb128(),
 EVP_camellia_128_ctr(),
 EVP_camellia_192_ctr(),
 EVP_camellia_256_ctr(),

doc/man3/EVP_cast5_cbc.pod

@@ -4,6 +4,7 @@
 
 EVP_cast5_cbc,
 EVP_cast5_cfb,
+EVP_cast5_cfb64,
 EVP_cast5_ecb,
 EVP_cast5_ofb
 - EVP CAST cipher
@@ -14,6 +15,7 @@ EVP_cast5_ofb
 
  const EVP_CIPHER *EVP_cast5_cbc(void)
  const EVP_CIPHER *EVP_cast5_cfb(void)
+ const EVP_CIPHER *EVP_cast5_cfb64(void)
  const EVP_CIPHER *EVP_cast5_ecb(void)
  const EVP_CIPHER *EVP_cast5_ofb(void)
 
@@ -28,6 +30,7 @@ This is a variable key length cipher.
 =item EVP_cast5_cbc(),
 EVP_cast5_ecb(),
 EVP_cast5_cfb(),
+EVP_cast5_cfb64(),
 EVP_cast5_ofb()
 
 CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively.

doc/man3/EVP_des.pod

@@ -6,19 +6,24 @@ EVP_des_cbc,
 EVP_des_cfb,
 EVP_des_cfb1,
 EVP_des_cfb8,
+EVP_des_cfb64,
 EVP_des_ecb,
+EVP_des_ofb,
 EVP_des_ede,
+EVP_des_ede_cbc,
 EVP_des_ede_cfb,
+EVP_des_ede_cfb64,
+EVP_des_ede_ecb,
 EVP_des_ede_ofb,
-EVP_des_ofb,
 EVP_des_ede3,
 EVP_des_ede3_cbc,
 EVP_des_ede3_cfb,
 EVP_des_ede3_cfb1,
 EVP_des_ede3_cfb8,
+EVP_des_ede3_cfb64,
+EVP_des_ede3_ecb,
 EVP_des_ede3_ofb,
-EVP_des_ede3_wrap,
-EVP_des_ede_cbc
+EVP_des_ede3_wrap
 - EVP DES cipher
 
 =head1 SYNOPSIS
@@ -43,27 +48,32 @@ EVP_des_ecb(),
 EVP_des_cfb(),
 EVP_des_cfb1(),
 EVP_des_cfb8(),
+EVP_des_cfb64(),
 EVP_des_ofb()
 
-DES in CBC, ECB, CFB with 128-bit shift, CFB with 1-bit shift, CFB with 8-bit
-shift and OFB modes respectively.
+DES in CBC, ECB, CFB with 64-bit shift, CFB with 1-bit shift, CFB with 8-bit
+shift and OFB modes.
 
 =item EVP_des_ede(),
 EVP_des_ede_cbc(),
-EVP_des_ede_ofb(),
-EVP_des_ede_cfb()
+EVP_des_ede_cfb(),
+EVP_des_ede_cfb64(),
+EVP_des_ede_ecb(),
+EVP_des_ede_ofb()
 
-Two key triple DES in ECB, CBC, CFB and OFB modes respectively.
+Two key triple DES in ECB, CBC, CFB with 64-bit shift and OFB modes.
 
 =item EVP_des_ede3(),
 EVP_des_ede3_cbc(),
 EVP_des_ede3_cfb(),
 EVP_des_ede3_cfb1(),
 EVP_des_ede3_cfb8(),
+EVP_des_ede3_cfb64(),
+EVP_des_ede3_ecb(),
 EVP_des_ede3_ofb()
 
-Three-key triple DES in ECB, CBC, CFB with 128-bit shift, CFB with 1-bit shift,
-CFB with 8-bit shift and OFB modes respectively.
+Three-key triple DES in ECB, CBC, CFB with 64-bit shift, CFB with 1-bit shift,
+CFB with 8-bit shift and OFB modes.
 
 =item EVP_des_ede3_wrap()
 

doc/man3/EVP_idea_cbc.pod

@@ -4,6 +4,7 @@
 
 EVP_idea_cbc,
 EVP_idea_cfb,
+EVP_idea_cfb64,
 EVP_idea_ecb,
 EVP_idea_ofb
 - EVP IDEA cipher
@@ -14,6 +15,7 @@ EVP_idea_ofb
 
  const EVP_CIPHER *EVP_idea_cbc(void)
  const EVP_CIPHER *EVP_idea_cfb(void)
+ const EVP_CIPHER *EVP_idea_cfb64(void)
  const EVP_CIPHER *EVP_idea_ecb(void)
  const EVP_CIPHER *EVP_idea_ofb(void)
 
@@ -25,6 +27,7 @@ The IDEA encryption algorithm for EVP.
 
 =item EVP_idea_cbc(),
 EVP_idea_cfb(),
+EVP_idea_cfb64(),
 EVP_idea_ecb(),
 EVP_idea_ofb()
 

doc/man3/EVP_md5.pod

@@ -2,7 +2,8 @@
 
 =head1 NAME
 
-EVP_md5
+EVP_md5,
+EVP_md5_sha1
 - MD5 For EVP
 
 =head1 SYNOPSIS
@@ -10,6 +11,7 @@ EVP_md5
  #include <openssl/evp.h>
 
  const EVP_MD *EVP_md5(void);
+ const EVP_MD *EVP_md5_sha1(void);
 
 =head1 DESCRIPTION
 

doc/man3/EVP_rc2_cbc.pod

@@ -4,6 +4,7 @@
 
 EVP_rc2_cbc,
 EVP_rc2_cfb,
+EVP_rc2_cfb64,
 EVP_rc2_ecb,
 EVP_rc2_ofb,
 EVP_rc2_40_cbc,
@@ -16,6 +17,7 @@ EVP_rc2_64_cbc
 
  const EVP_CIPHER *EVP_rc2_cbc(void)
  const EVP_CIPHER *EVP_rc2_cfb(void)
+ const EVP_CIPHER *EVP_rc2_cfb64(void)
  const EVP_CIPHER *EVP_rc2_ecb(void)
  const EVP_CIPHER *EVP_rc2_ofb(void)
  const EVP_CIPHER *EVP_rc2_40_cbc(void)
@@ -29,6 +31,7 @@ The RC2 encryption algorithm for EVP.
 
 =item EVP_rc2_cbc(),
 EVP_rc2_cfb(),
+EVP_rc2_cfb64(),
 EVP_rc2_ecb(),
 EVP_rc2_ofb()
 

doc/man3/EVP_rc5_32_12_16_cbc.pod

@@ -4,6 +4,7 @@
 
 EVP_rc5_32_12_16_cbc,
 EVP_rc5_32_12_16_cfb,
+EVP_rc5_32_12_16_cfb64,
 EVP_rc5_32_12_16_ecb,
 EVP_rc5_32_12_16_ofb
 - EVP RC5 cipher
@@ -14,6 +15,7 @@ EVP_rc5_32_12_16_ofb
 
  const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void)
  const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
+ const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void)
  const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void)
  const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void)
 
@@ -25,6 +27,7 @@ The RC5 encryption algorithm for EVP.
 
 =item EVP_rc5_32_12_16_cbc(),
 EVP_rc5_32_12_16_cfb(),
+EVP_rc5_32_12_16_cfb64(),
 EVP_rc5_32_12_16_ecb(),
 EVP_rc5_32_12_16_ofb()
 

doc/man3/EVP_seed_cbc.pod

@@ -4,6 +4,7 @@
 
 EVP_seed_cbc,
 EVP_seed_cfb,
+EVP_seed_cfb128,
 EVP_seed_ecb,
 EVP_seed_ofb
 - EVP SEED cipher
@@ -14,6 +15,7 @@ EVP_seed_ofb
 
  const EVP_CIPHER *EVP_seed_cbc(void)
  const EVP_CIPHER *EVP_seed_cfb(void)
+ const EVP_CIPHER *EVP_seed_cfb128(void)
  const EVP_CIPHER *EVP_seed_ecb(void)
  const EVP_CIPHER *EVP_seed_ofb(void)
 
@@ -27,6 +29,7 @@ All modes below use a key length of 128 bits and acts on blocks of 128-bits.
 
 =item EVP_seed_cbc(),
 EVP_seed_cfb(),
+EVP_seed_cfb128(),
 EVP_seed_ecb(),
 EVP_seed_ofb()
 

doc/man3/EVP_sm4_cbc.pod

@@ -5,6 +5,7 @@
 EVP_sm4_cbc,
 EVP_sm4_ecb,
 EVP_sm4_cfb,
+EVP_sm4_cfb128,
 EVP_sm4_ofb,
 EVP_sm4_ctr
 - EVP SM4 cipher
@@ -16,6 +17,7 @@ EVP_sm4_ctr
  const EVP_CIPHER *EVP_sm4_cbc(void);
  const EVP_CIPHER *EVP_sm4_ecb(void);
  const EVP_CIPHER *EVP_sm4_cfb(void);
+ const EVP_CIPHER *EVP_sm4_cfb128(void);
  const EVP_CIPHER *EVP_sm4_ofb(void);
  const EVP_CIPHER *EVP_sm4_ctr(void);
 
@@ -30,6 +32,7 @@ All modes below use a key length of 128 bits and acts on blocks of 128 bits.
 =item EVP_sm4_cbc(),
 EVP_sm4_ecb(),
 EVP_sm4_cfb(),
+EVP_sm4_cfb128(),
 EVP_sm4_ofb(),
 EVP_sm4_ctr()
 

include/openssl/ec.h

@@ -1107,6 +1107,11 @@ const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
+/** The old name for ecdh_KDF_X9_63
+ *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  it is actually specified in ANSI X9.63.
+ *  This identifier is retained for backwards compatibility
+ */
 int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
                    const unsigned char *Z, size_t Zlen,
                    const unsigned char *sinfo, size_t sinfolen,
@@ -1457,7 +1462,13 @@ void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
 # define EVP_PKEY_CTRL_GET1_ID_LEN                       (EVP_PKEY_ALG_CTRL + 13)
 /* KDF types */
 # define EVP_PKEY_ECDH_KDF_NONE                          1
-# define EVP_PKEY_ECDH_KDF_X9_62                         2
+# define EVP_PKEY_ECDH_KDF_X9_63                         2
+/** The old name for EVP_PKEY_ECDH_KDF_X9_63
+ *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  it is actually specified in ANSI X9.63.
+ *  This identifier is retained for backwards compatibility
+ */
+# define EVP_PKEY_ECDH_KDF_X9_62   EVP_PKEY_ECDH_KDF_X9_63
 
 
 #  ifdef  __cplusplus

util/private.num

@@ -190,8 +190,27 @@ EVP_MD_CTX_type                         define
 EVP_OpenUpdate                          define
 EVP_PKEY_CTX_add1_hkdf_info             define
 EVP_PKEY_CTX_add1_tls1_prf_seed         define
+EVP_PKEY_CTX_get0_dh_kdf_oid            define
+EVP_PKEY_CTX_get0_dh_kdf_ukm            define
+EVP_PKEY_CTX_get0_ecdh_kdf_ukm          define
+EVP_PKEY_CTX_get0_rsa_oaep_label        define
+EVP_PKEY_CTX_get_dh_kdf_md              define
+EVP_PKEY_CTX_get_dh_kdf_outlen          define
+EVP_PKEY_CTX_get_dh_kdf_type            define
+EVP_PKEY_CTX_get_ecdh_cofactor_mode     define
+EVP_PKEY_CTX_get_ecdh_kdf_md            define
+EVP_PKEY_CTX_get_ecdh_kdf_outlen        define
+EVP_PKEY_CTX_get_ecdh_kdf_type          define
+EVP_PKEY_CTX_get_rsa_mgf1_md            define
+EVP_PKEY_CTX_get_rsa_oaep_md            define
+EVP_PKEY_CTX_get_rsa_padding            define
+EVP_PKEY_CTX_get_rsa_pss_saltlen        define
 EVP_PKEY_CTX_get_signature_md           define
 EVP_PKEY_CTX_hkdf_mode                  define
+EVP_PKEY_CTX_set0_dh_kdf_oid            define
+EVP_PKEY_CTX_set0_dh_kdf_ukm            define
+EVP_PKEY_CTX_set0_ecdh_kdf_ukm          define
+EVP_PKEY_CTX_set0_rsa_oaep_label        define
 EVP_PKEY_CTX_set1_hkdf_key              define
 EVP_PKEY_CTX_set1_hkdf_salt             define
 EVP_PKEY_CTX_set1_pbe_pass              define
@@ -199,14 +218,29 @@ EVP_PKEY_CTX_set1_scrypt_salt           define
 EVP_PKEY_CTX_set1_tls1_prf_secret       define
 EVP_PKEY_CTX_set_dh_paramgen_generator  define
 EVP_PKEY_CTX_set_dh_paramgen_prime_len  define
-EVP_PKEY_CTX_set_dh_pad                 define
+EVP_PKEY_CTX_set_dh_paramgen_subprime_len     define
+EVP_PKEY_CTX_set_dh_paramgen_type       define
+EVP_PKEY_CTX_set_dh_kdf_md              define
+EVP_PKEY_CTX_set_dh_kdf_outlen          define
+EVP_PKEY_CTX_set_dh_kdf_type            define
 EVP_PKEY_CTX_set_dh_nid                 define
+EVP_PKEY_CTX_set_dh_pad                 define
+EVP_PKEY_CTX_set_dh_rfc5114             define
+EVP_PKEY_CTX_set_dhx_rfc5114            define
 EVP_PKEY_CTX_set_dsa_paramgen_bits      define
 EVP_PKEY_CTX_set_ec_param_enc           define
 EVP_PKEY_CTX_set_ec_paramgen_curve_nid  define
+EVP_PKEY_CTX_set_ecdh_cofactor_mode     define
+EVP_PKEY_CTX_set_ecdh_kdf_md            define
+EVP_PKEY_CTX_set_ecdh_kdf_outlen        define
+EVP_PKEY_CTX_set_ecdh_kdf_type          define
 EVP_PKEY_CTX_set_hkdf_md                define
 EVP_PKEY_CTX_set_mac_key                define
+EVP_PKEY_CTX_set_rsa_keygen_bits        define
 EVP_PKEY_CTX_set_rsa_keygen_pubexp      define
+EVP_PKEY_CTX_set_rsa_keygen_primes      define
+EVP_PKEY_CTX_set_rsa_mgf1_md            define
+EVP_PKEY_CTX_set_rsa_oaep_md            define
 EVP_PKEY_CTX_set_rsa_padding            define
 EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md define
 EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen define
@@ -221,7 +255,9 @@ EVP_PKEY_CTX_set_tls1_prf_md            define
 EVP_PKEY_assign_DH                      define
 EVP_PKEY_assign_DSA                     define
 EVP_PKEY_assign_EC_KEY                  define
+EVP_PKEY_assign_POLY1305                define
 EVP_PKEY_assign_RSA                     define
+EVP_PKEY_assign_SIPHASH                 define
 EVP_SealUpdate                          define
 EVP_SignInit                            define
 EVP_SignInit_ex                         define
@@ -269,7 +305,6 @@ PEM_FLAG_ONLY_B64                       define
 PEM_FLAG_SECURE                         define
 RAND_cleanup                            define deprecated 1.1.0
 RAND_DRBG_get_ex_new_index              define
-EVP_PKEY_CTX_set_rsa_keygen_bits        define
 SSL_COMP_free_compression_methods       define deprecated 1.1.0
 SSL_CTX_add0_chain_cert                 define
 SSL_CTX_add1_chain_cert                 define