]>
Commit | Line | Data |
---|---|---|
27af42f9 | 1 | /* |
a28d06f3 | 2 | * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. |
27af42f9 | 3 | * |
48f4ad77 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
aa6bb135 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
27af42f9 DSH |
8 | */ |
9 | ||
80ce21fe F |
10 | #ifndef OSSL_CRYPTO_EVP_H |
11 | # define OSSL_CRYPTO_EVP_H | |
12 | # pragma once | |
13 | ||
14 | # include <openssl/evp.h> | |
15 | # include <openssl/core_dispatch.h> | |
16 | # include "internal/refcount.h" | |
17 | # include "crypto/ecx.h" | |
2f545ae4 | 18 | |
4803717f PY |
19 | /* |
20 | * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag | |
21 | * values in evp.h | |
22 | */ | |
23 | #define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400 | |
24 | ||
f21c9c64 | 25 | /* |
6179dfc7 | 26 | * An EVP_PKEY_CTX can have the following support states: |
f21c9c64 RL |
27 | * |
28 | * Supports legacy implementations only: | |
29 | * | |
30 | * engine != NULL || keytype == NULL | |
31 | * | |
32 | * Supports provided implementations: | |
33 | * | |
34 | * engine == NULL && keytype != NULL | |
35 | */ | |
36 | #define evp_pkey_ctx_is_legacy(ctx) \ | |
37 | ((ctx)->engine != NULL || (ctx)->keytype == NULL) | |
38 | #define evp_pkey_ctx_is_provided(ctx) \ | |
39 | (!evp_pkey_ctx_is_legacy(ctx)) | |
40 | ||
27af42f9 | 41 | struct evp_pkey_ctx_st { |
864b89ce MC |
42 | /* Actual operation */ |
43 | int operation; | |
44 | ||
3ee348b0 | 45 | /* |
4b9e90f4 RL |
46 | * Library context, property query, keytype and keymgmt associated with |
47 | * this context | |
3ee348b0 | 48 | */ |
b4250010 | 49 | OSSL_LIB_CTX *libctx; |
ddfd7182 | 50 | char *propquery; |
4b9e90f4 | 51 | const char *keytype; |
c0e0984f RL |
52 | EVP_KEYMGMT *keymgmt; |
53 | ||
864b89ce | 54 | union { |
62924755 RL |
55 | struct { |
56 | void *genctx; | |
57 | } keymgmt; | |
58 | ||
864b89ce MC |
59 | struct { |
60 | EVP_KEYEXCH *exchange; | |
61 | void *exchprovctx; | |
62 | } kex; | |
ff64702b | 63 | |
864b89ce MC |
64 | struct { |
65 | EVP_SIGNATURE *signature; | |
66 | void *sigprovctx; | |
67 | } sig; | |
2c938e2e MC |
68 | |
69 | struct { | |
70 | EVP_ASYM_CIPHER *cipher; | |
71 | void *ciphprovctx; | |
72 | } ciph; | |
80f4fd18 SL |
73 | struct { |
74 | EVP_KEM *kem; | |
75 | void *kemprovctx; | |
76 | } encap; | |
864b89ce | 77 | } op; |
dfcb5d29 | 78 | |
86df26b3 RL |
79 | /* |
80 | * Cached parameters. Inits of operations that depend on these should | |
81 | * call evp_pkey_ctx_use_delayed_data() when the operation has been set | |
82 | * up properly. | |
83 | */ | |
84 | struct { | |
85 | /* Distinguishing Identifier, ISO/IEC 15946-3, FIPS 196 */ | |
86 | char *dist_id_name; /* The name used with EVP_PKEY_CTX_ctrl_str() */ | |
87 | void *dist_id; /* The distinguishing ID itself */ | |
88 | size_t dist_id_len; /* The length of the distinguishing ID */ | |
89 | ||
90 | /* Indicators of what has been set. Keep them together! */ | |
91 | unsigned int dist_id_set : 1; | |
92 | } cached_parameters; | |
93 | ||
62924755 RL |
94 | /* Application specific data, usually used by the callback */ |
95 | void *app_data; | |
96 | /* Keygen callback */ | |
97 | EVP_PKEY_gen_cb *pkey_gencb; | |
98 | /* implementation specific keygen data */ | |
99 | int *keygen_info; | |
100 | int keygen_info_count; | |
101 | ||
ff64702b MC |
102 | /* Legacy fields below */ |
103 | ||
50914496 RL |
104 | /* EVP_PKEY identity */ |
105 | int legacy_keytype; | |
27af42f9 DSH |
106 | /* Method associated with this operation */ |
107 | const EVP_PKEY_METHOD *pmeth; | |
108 | /* Engine that implements this method or NULL if builtin */ | |
109 | ENGINE *engine; | |
110 | /* Key: may be NULL */ | |
111 | EVP_PKEY *pkey; | |
112 | /* Peer key for key agreement, may be NULL */ | |
113 | EVP_PKEY *peerkey; | |
27af42f9 DSH |
114 | /* Algorithm specific data */ |
115 | void *data; | |
a5ce329e RL |
116 | /* Indicator if digest_custom needs to be called */ |
117 | unsigned int flag_call_digest_custom:1; | |
3786d748 | 118 | /* |
119 | * Used to support taking custody of memory in the case of a provider being | |
120 | * used with the deprecated EVP_PKEY_CTX_set_rsa_keygen_pubexp() API. This | |
121 | * member should NOT be used for any other purpose and should be removed | |
122 | * when said deprecated API is excised completely. | |
123 | */ | |
124 | BIGNUM *rsa_pubexp; | |
27af42f9 DSH |
125 | } /* EVP_PKEY_CTX */ ; |
126 | ||
127 | #define EVP_PKEY_FLAG_DYNAMIC 1 | |
128 | ||
129 | struct evp_pkey_method_st { | |
130 | int pkey_id; | |
131 | int flags; | |
132 | int (*init) (EVP_PKEY_CTX *ctx); | |
9fdcc21f | 133 | int (*copy) (EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); |
27af42f9 DSH |
134 | void (*cleanup) (EVP_PKEY_CTX *ctx); |
135 | int (*paramgen_init) (EVP_PKEY_CTX *ctx); | |
136 | int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); | |
137 | int (*keygen_init) (EVP_PKEY_CTX *ctx); | |
138 | int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); | |
139 | int (*sign_init) (EVP_PKEY_CTX *ctx); | |
140 | int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, | |
141 | const unsigned char *tbs, size_t tbslen); | |
142 | int (*verify_init) (EVP_PKEY_CTX *ctx); | |
143 | int (*verify) (EVP_PKEY_CTX *ctx, | |
144 | const unsigned char *sig, size_t siglen, | |
145 | const unsigned char *tbs, size_t tbslen); | |
146 | int (*verify_recover_init) (EVP_PKEY_CTX *ctx); | |
147 | int (*verify_recover) (EVP_PKEY_CTX *ctx, | |
148 | unsigned char *rout, size_t *routlen, | |
149 | const unsigned char *sig, size_t siglen); | |
150 | int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); | |
151 | int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, | |
152 | EVP_MD_CTX *mctx); | |
153 | int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); | |
154 | int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, | |
155 | EVP_MD_CTX *mctx); | |
156 | int (*encrypt_init) (EVP_PKEY_CTX *ctx); | |
157 | int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, | |
158 | const unsigned char *in, size_t inlen); | |
159 | int (*decrypt_init) (EVP_PKEY_CTX *ctx); | |
160 | int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, | |
161 | const unsigned char *in, size_t inlen); | |
162 | int (*derive_init) (EVP_PKEY_CTX *ctx); | |
163 | int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); | |
164 | int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); | |
165 | int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); | |
f723c98e DSH |
166 | int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, |
167 | const unsigned char *tbs, size_t tbslen); | |
168 | int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, | |
169 | size_t siglen, const unsigned char *tbs, | |
170 | size_t tbslen); | |
2aee35d3 | 171 | int (*check) (EVP_PKEY *pkey); |
b0004708 PY |
172 | int (*public_check) (EVP_PKEY *pkey); |
173 | int (*param_check) (EVP_PKEY *pkey); | |
0a8fdef7 PY |
174 | |
175 | int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); | |
27af42f9 DSH |
176 | } /* EVP_PKEY_METHOD */ ; |
177 | ||
a8eba56e | 178 | DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD) |
4a1f3f27 | 179 | |
27af42f9 | 180 | void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); |
8f463dbd | 181 | |
19dbb742 SL |
182 | const EVP_PKEY_METHOD *ossl_dh_pkey_method(void); |
183 | const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void); | |
5af02212 | 184 | const EVP_PKEY_METHOD *ossl_dsa_pkey_method(void); |
32ab57cb SL |
185 | const EVP_PKEY_METHOD *ossl_ec_pkey_method(void); |
186 | const EVP_PKEY_METHOD *ossl_ecx25519_pkey_method(void); | |
187 | const EVP_PKEY_METHOD *ossl_ecx448_pkey_method(void); | |
188 | const EVP_PKEY_METHOD *ossl_ed25519_pkey_method(void); | |
189 | const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void); | |
23b2fc0b P |
190 | const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void); |
191 | const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void); | |
2db6bf6f | 192 | |
567db2c1 | 193 | struct evp_mac_st { |
e74bd290 | 194 | OSSL_PROVIDER *prov; |
f7c16d48 | 195 | int name_id; |
6c9bc258 | 196 | char *type_name; |
309a78aa | 197 | const char *description; |
e74bd290 RL |
198 | |
199 | CRYPTO_REF_COUNT refcnt; | |
200 | CRYPTO_RWLOCK *lock; | |
201 | ||
363b1e5d DMSP |
202 | OSSL_FUNC_mac_newctx_fn *newctx; |
203 | OSSL_FUNC_mac_dupctx_fn *dupctx; | |
204 | OSSL_FUNC_mac_freectx_fn *freectx; | |
363b1e5d DMSP |
205 | OSSL_FUNC_mac_init_fn *init; |
206 | OSSL_FUNC_mac_update_fn *update; | |
207 | OSSL_FUNC_mac_final_fn *final; | |
208 | OSSL_FUNC_mac_gettable_params_fn *gettable_params; | |
209 | OSSL_FUNC_mac_gettable_ctx_params_fn *gettable_ctx_params; | |
210 | OSSL_FUNC_mac_settable_ctx_params_fn *settable_ctx_params; | |
211 | OSSL_FUNC_mac_get_params_fn *get_params; | |
212 | OSSL_FUNC_mac_get_ctx_params_fn *get_ctx_params; | |
213 | OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params; | |
567db2c1 RL |
214 | }; |
215 | ||
d2ba8123 | 216 | struct evp_kdf_st { |
fb9e6dd6 | 217 | OSSL_PROVIDER *prov; |
f7c16d48 | 218 | int name_id; |
6c9bc258 | 219 | char *type_name; |
309a78aa | 220 | const char *description; |
fb9e6dd6 P |
221 | CRYPTO_REF_COUNT refcnt; |
222 | CRYPTO_RWLOCK *lock; | |
223 | ||
363b1e5d DMSP |
224 | OSSL_FUNC_kdf_newctx_fn *newctx; |
225 | OSSL_FUNC_kdf_dupctx_fn *dupctx; | |
226 | OSSL_FUNC_kdf_freectx_fn *freectx; | |
227 | OSSL_FUNC_kdf_reset_fn *reset; | |
228 | OSSL_FUNC_kdf_derive_fn *derive; | |
229 | OSSL_FUNC_kdf_gettable_params_fn *gettable_params; | |
230 | OSSL_FUNC_kdf_gettable_ctx_params_fn *gettable_ctx_params; | |
231 | OSSL_FUNC_kdf_settable_ctx_params_fn *settable_ctx_params; | |
232 | OSSL_FUNC_kdf_get_params_fn *get_params; | |
233 | OSSL_FUNC_kdf_get_ctx_params_fn *get_ctx_params; | |
234 | OSSL_FUNC_kdf_set_ctx_params_fn *set_ctx_params; | |
d2ba8123 | 235 | }; |
5a285add | 236 | |
f6c95e46 RS |
237 | #define EVP_ORIG_DYNAMIC 0 |
238 | #define EVP_ORIG_GLOBAL 1 | |
239 | #define EVP_ORIG_METH 2 | |
240 | ||
2db6bf6f | 241 | struct evp_md_st { |
3653d0c2 | 242 | /* nid */ |
2db6bf6f | 243 | int type; |
3653d0c2 MC |
244 | |
245 | /* Legacy structure members */ | |
2db6bf6f RL |
246 | int pkey_type; |
247 | int md_size; | |
248 | unsigned long flags; | |
f6c95e46 | 249 | int origin; |
2db6bf6f RL |
250 | int (*init) (EVP_MD_CTX *ctx); |
251 | int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); | |
252 | int (*final) (EVP_MD_CTX *ctx, unsigned char *md); | |
253 | int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); | |
254 | int (*cleanup) (EVP_MD_CTX *ctx); | |
255 | int block_size; | |
256 | int ctx_size; /* how big does the ctx->md_data need to be */ | |
257 | /* control function */ | |
258 | int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); | |
3653d0c2 MC |
259 | |
260 | /* New structure members */ | |
946bdd12 | 261 | /* Above comment to be removed when legacy has gone */ |
f7c16d48 | 262 | int name_id; |
6c9bc258 | 263 | char *type_name; |
309a78aa | 264 | const char *description; |
3653d0c2 MC |
265 | OSSL_PROVIDER *prov; |
266 | CRYPTO_REF_COUNT refcnt; | |
267 | CRYPTO_RWLOCK *lock; | |
363b1e5d DMSP |
268 | OSSL_FUNC_digest_newctx_fn *newctx; |
269 | OSSL_FUNC_digest_init_fn *dinit; | |
270 | OSSL_FUNC_digest_update_fn *dupdate; | |
271 | OSSL_FUNC_digest_final_fn *dfinal; | |
272 | OSSL_FUNC_digest_digest_fn *digest; | |
273 | OSSL_FUNC_digest_freectx_fn *freectx; | |
274 | OSSL_FUNC_digest_dupctx_fn *dupctx; | |
275 | OSSL_FUNC_digest_get_params_fn *get_params; | |
276 | OSSL_FUNC_digest_set_ctx_params_fn *set_ctx_params; | |
277 | OSSL_FUNC_digest_get_ctx_params_fn *get_ctx_params; | |
278 | OSSL_FUNC_digest_gettable_params_fn *gettable_params; | |
279 | OSSL_FUNC_digest_settable_ctx_params_fn *settable_ctx_params; | |
280 | OSSL_FUNC_digest_gettable_ctx_params_fn *gettable_ctx_params; | |
3653d0c2 | 281 | |
2db6bf6f RL |
282 | } /* EVP_MD */ ; |
283 | ||
e79f8773 RL |
284 | struct evp_cipher_st { |
285 | int nid; | |
df05f2ce | 286 | |
e79f8773 RL |
287 | int block_size; |
288 | /* Default value for variable length ciphers */ | |
289 | int key_len; | |
290 | int iv_len; | |
df05f2ce MC |
291 | |
292 | /* Legacy structure members */ | |
e79f8773 RL |
293 | /* Various flags */ |
294 | unsigned long flags; | |
f6c95e46 RS |
295 | /* How the EVP_CIPHER was created. */ |
296 | int origin; | |
e79f8773 RL |
297 | /* init key */ |
298 | int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, | |
299 | const unsigned char *iv, int enc); | |
300 | /* encrypt/decrypt data */ | |
301 | int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, | |
302 | const unsigned char *in, size_t inl); | |
303 | /* cleanup ctx */ | |
304 | int (*cleanup) (EVP_CIPHER_CTX *); | |
305 | /* how big ctx->cipher_data needs to be */ | |
306 | int ctx_size; | |
307 | /* Populate a ASN1_TYPE with parameters */ | |
308 | int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); | |
309 | /* Get parameters from a ASN1_TYPE */ | |
310 | int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); | |
311 | /* Miscellaneous operations */ | |
312 | int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); | |
313 | /* Application data */ | |
314 | void *app_data; | |
df05f2ce MC |
315 | |
316 | /* New structure members */ | |
946bdd12 | 317 | /* Above comment to be removed when legacy has gone */ |
f7c16d48 | 318 | int name_id; |
6c9bc258 | 319 | char *type_name; |
309a78aa | 320 | const char *description; |
df05f2ce MC |
321 | OSSL_PROVIDER *prov; |
322 | CRYPTO_REF_COUNT refcnt; | |
323 | CRYPTO_RWLOCK *lock; | |
363b1e5d DMSP |
324 | OSSL_FUNC_cipher_newctx_fn *newctx; |
325 | OSSL_FUNC_cipher_encrypt_init_fn *einit; | |
326 | OSSL_FUNC_cipher_decrypt_init_fn *dinit; | |
327 | OSSL_FUNC_cipher_update_fn *cupdate; | |
328 | OSSL_FUNC_cipher_final_fn *cfinal; | |
329 | OSSL_FUNC_cipher_cipher_fn *ccipher; | |
330 | OSSL_FUNC_cipher_freectx_fn *freectx; | |
331 | OSSL_FUNC_cipher_dupctx_fn *dupctx; | |
332 | OSSL_FUNC_cipher_get_params_fn *get_params; | |
333 | OSSL_FUNC_cipher_get_ctx_params_fn *get_ctx_params; | |
334 | OSSL_FUNC_cipher_set_ctx_params_fn *set_ctx_params; | |
335 | OSSL_FUNC_cipher_gettable_params_fn *gettable_params; | |
336 | OSSL_FUNC_cipher_gettable_ctx_params_fn *gettable_ctx_params; | |
337 | OSSL_FUNC_cipher_settable_ctx_params_fn *settable_ctx_params; | |
e79f8773 RL |
338 | } /* EVP_CIPHER */ ; |
339 | ||
340 | /* Macros to code block cipher wrappers */ | |
341 | ||
342 | /* Wrapper functions for each cipher mode */ | |
343 | ||
44ab2dfd MC |
344 | #define EVP_C_DATA(kstruct, ctx) \ |
345 | ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx)) | |
e79f8773 RL |
346 | |
347 | #define BLOCK_CIPHER_ecb_loop() \ | |
348 | size_t i, bl; \ | |
f6c95e46 | 349 | bl = EVP_CIPHER_CTX_get0_cipher(ctx)->block_size; \ |
e8aa8b6c | 350 | if (inl < bl) return 1;\ |
e79f8773 | 351 | inl -= bl; \ |
e8aa8b6c | 352 | for (i=0; i <= inl; i+=bl) |
e79f8773 RL |
353 | |
354 | #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ | |
355 | static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ | |
356 | {\ | |
357 | BLOCK_CIPHER_ecb_loop() \ | |
358 | cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_encrypting(ctx)); \ | |
359 | return 1;\ | |
360 | } | |
361 | ||
362 | #define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2)) | |
363 | ||
364 | #define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ | |
365 | static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ | |
366 | {\ | |
367 | while(inl>=EVP_MAXCHUNK) {\ | |
368 | int num = EVP_CIPHER_CTX_num(ctx);\ | |
2f5c405a | 369 | cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \ |
e79f8773 RL |
370 | EVP_CIPHER_CTX_set_num(ctx, num);\ |
371 | inl-=EVP_MAXCHUNK;\ | |
372 | in +=EVP_MAXCHUNK;\ | |
373 | out+=EVP_MAXCHUNK;\ | |
374 | }\ | |
375 | if (inl) {\ | |
376 | int num = EVP_CIPHER_CTX_num(ctx);\ | |
2f5c405a | 377 | cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \ |
e79f8773 RL |
378 | EVP_CIPHER_CTX_set_num(ctx, num);\ |
379 | }\ | |
380 | return 1;\ | |
381 | } | |
382 | ||
383 | #define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ | |
384 | static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ | |
385 | {\ | |
386 | while(inl>=EVP_MAXCHUNK) \ | |
387 | {\ | |
2f5c405a | 388 | cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_encrypting(ctx));\ |
e79f8773 RL |
389 | inl-=EVP_MAXCHUNK;\ |
390 | in +=EVP_MAXCHUNK;\ | |
391 | out+=EVP_MAXCHUNK;\ | |
392 | }\ | |
393 | if (inl)\ | |
2f5c405a | 394 | cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_encrypting(ctx));\ |
e79f8773 RL |
395 | return 1;\ |
396 | } | |
397 | ||
398 | #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ | |
399 | static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ | |
400 | {\ | |
e8aa8b6c F |
401 | size_t chunk = EVP_MAXCHUNK;\ |
402 | if (cbits == 1) chunk >>= 3;\ | |
403 | if (inl < chunk) chunk = inl;\ | |
404 | while (inl && inl >= chunk)\ | |
405 | {\ | |
406 | int num = EVP_CIPHER_CTX_num(ctx);\ | |
407 | cprefix##_cfb##cbits##_encrypt(in, out, (long) \ | |
408 | ((cbits == 1) \ | |
409 | && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \ | |
604e591e | 410 | ? chunk*8 : chunk), \ |
2f5c405a | 411 | &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv,\ |
e8aa8b6c F |
412 | &num, EVP_CIPHER_CTX_encrypting(ctx));\ |
413 | EVP_CIPHER_CTX_set_num(ctx, num);\ | |
414 | inl -= chunk;\ | |
415 | in += chunk;\ | |
416 | out += chunk;\ | |
417 | if (inl < chunk) chunk = inl;\ | |
418 | }\ | |
419 | return 1;\ | |
e79f8773 RL |
420 | } |
421 | ||
422 | #define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ | |
423 | BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ | |
424 | BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ | |
425 | BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ | |
426 | BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) | |
427 | ||
428 | #define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \ | |
429 | key_len, iv_len, flags, init_key, cleanup, \ | |
430 | set_asn1, get_asn1, ctrl) \ | |
431 | static const EVP_CIPHER cname##_##mode = { \ | |
432 | nid##_##nmode, block_size, key_len, iv_len, \ | |
433 | flags | EVP_CIPH_##MODE##_MODE, \ | |
f6c95e46 | 434 | EVP_ORIG_GLOBAL, \ |
e79f8773 RL |
435 | init_key, \ |
436 | cname##_##mode##_cipher, \ | |
437 | cleanup, \ | |
438 | sizeof(kstruct), \ | |
439 | set_asn1, get_asn1,\ | |
440 | ctrl, \ | |
441 | NULL \ | |
442 | }; \ | |
443 | const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; } | |
444 | ||
445 | #define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \ | |
446 | iv_len, flags, init_key, cleanup, set_asn1, \ | |
447 | get_asn1, ctrl) \ | |
448 | BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ | |
449 | iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) | |
450 | ||
451 | #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ | |
452 | iv_len, cbits, flags, init_key, cleanup, \ | |
453 | set_asn1, get_asn1, ctrl) \ | |
454 | BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \ | |
455 | key_len, iv_len, flags, init_key, cleanup, set_asn1, \ | |
456 | get_asn1, ctrl) | |
457 | ||
458 | #define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \ | |
459 | iv_len, cbits, flags, init_key, cleanup, \ | |
460 | set_asn1, get_asn1, ctrl) \ | |
461 | BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \ | |
462 | key_len, iv_len, flags, init_key, cleanup, set_asn1, \ | |
463 | get_asn1, ctrl) | |
464 | ||
465 | #define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \ | |
466 | flags, init_key, cleanup, set_asn1, \ | |
467 | get_asn1, ctrl) \ | |
468 | BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ | |
469 | 0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) | |
470 | ||
471 | #define BLOCK_CIPHER_defs(cname, kstruct, \ | |
472 | nid, block_size, key_len, iv_len, cbits, flags, \ | |
473 | init_key, cleanup, set_asn1, get_asn1, ctrl) \ | |
474 | BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ | |
475 | init_key, cleanup, set_asn1, get_asn1, ctrl) \ | |
476 | BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \ | |
477 | flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ | |
478 | BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \ | |
479 | flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ | |
480 | BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \ | |
481 | init_key, cleanup, set_asn1, get_asn1, ctrl) | |
482 | ||
483 | /*- | |
484 | #define BLOCK_CIPHER_defs(cname, kstruct, \ | |
485 | nid, block_size, key_len, iv_len, flags,\ | |
486 | init_key, cleanup, set_asn1, get_asn1, ctrl)\ | |
487 | static const EVP_CIPHER cname##_cbc = {\ | |
488 | nid##_cbc, block_size, key_len, iv_len, \ | |
489 | flags | EVP_CIPH_CBC_MODE,\ | |
f6c95e46 | 490 | EVP_ORIG_GLOBAL,\ |
e79f8773 RL |
491 | init_key,\ |
492 | cname##_cbc_cipher,\ | |
493 | cleanup,\ | |
494 | sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ | |
495 | sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ | |
496 | set_asn1, get_asn1,\ | |
497 | ctrl, \ | |
498 | NULL \ | |
499 | };\ | |
500 | const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ | |
501 | static const EVP_CIPHER cname##_cfb = {\ | |
502 | nid##_cfb64, 1, key_len, iv_len, \ | |
503 | flags | EVP_CIPH_CFB_MODE,\ | |
f6c95e46 | 504 | EVP_ORIG_GLOBAL,\ |
e79f8773 RL |
505 | init_key,\ |
506 | cname##_cfb_cipher,\ | |
507 | cleanup,\ | |
508 | sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ | |
509 | sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ | |
510 | set_asn1, get_asn1,\ | |
511 | ctrl,\ | |
512 | NULL \ | |
513 | };\ | |
514 | const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ | |
515 | static const EVP_CIPHER cname##_ofb = {\ | |
516 | nid##_ofb64, 1, key_len, iv_len, \ | |
517 | flags | EVP_CIPH_OFB_MODE,\ | |
f6c95e46 | 518 | EVP_ORIG_GLOBAL,\ |
e79f8773 RL |
519 | init_key,\ |
520 | cname##_ofb_cipher,\ | |
521 | cleanup,\ | |
522 | sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ | |
523 | sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ | |
524 | set_asn1, get_asn1,\ | |
525 | ctrl,\ | |
526 | NULL \ | |
527 | };\ | |
528 | const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ | |
529 | static const EVP_CIPHER cname##_ecb = {\ | |
530 | nid##_ecb, block_size, key_len, iv_len, \ | |
531 | flags | EVP_CIPH_ECB_MODE,\ | |
f6c95e46 | 532 | EVP_ORIG_GLOBAL,\ |
e79f8773 RL |
533 | init_key,\ |
534 | cname##_ecb_cipher,\ | |
535 | cleanup,\ | |
536 | sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ | |
537 | sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ | |
538 | set_asn1, get_asn1,\ | |
539 | ctrl,\ | |
540 | NULL \ | |
541 | };\ | |
542 | const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } | |
543 | */ | |
544 | ||
545 | #define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ | |
546 | block_size, key_len, iv_len, cbits, \ | |
547 | flags, init_key, \ | |
548 | cleanup, set_asn1, get_asn1, ctrl) \ | |
549 | BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ | |
550 | BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ | |
551 | cbits, flags, init_key, cleanup, set_asn1, \ | |
552 | get_asn1, ctrl) | |
553 | ||
554 | #define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \ | |
555 | BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ | |
556 | BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ | |
557 | NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ | |
558 | (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \ | |
559 | cipher##_init_key, NULL, NULL, NULL, NULL) | |
560 | ||
924663c3 JZ |
561 | typedef struct { |
562 | unsigned char iv[EVP_MAX_IV_LENGTH]; | |
563 | unsigned int iv_len; | |
564 | unsigned int tag_len; | |
565 | } evp_cipher_aead_asn1_params; | |
566 | ||
567 | int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, | |
568 | evp_cipher_aead_asn1_params *params); | |
569 | ||
570 | int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, | |
571 | evp_cipher_aead_asn1_params *params); | |
572 | ||
64954e2f P |
573 | /* |
574 | * To support transparent execution of operation in backends other | |
575 | * than the "origin" key, we support transparent export/import to | |
576 | * those providers, and maintain a cache of the imported keydata, | |
577 | * so we don't need to redo the export/import every time we perform | |
578 | * the same operation in that same provider. | |
579 | * This requires that the "origin" backend (whether it's a legacy or a | |
580 | * provider "origin") implements exports, and that the target provider | |
581 | * has an EVP_KEYMGMT that implements import. | |
582 | */ | |
583 | typedef struct { | |
584 | EVP_KEYMGMT *keymgmt; | |
585 | void *keydata; | |
586 | } OP_CACHE_ELEM; | |
587 | ||
588 | DEFINE_STACK_OF(OP_CACHE_ELEM) | |
589 | ||
3aeb9348 | 590 | /* |
adc9f731 RL |
591 | * An EVP_PKEY can have the following states: |
592 | * | |
593 | * untyped & empty: | |
594 | * | |
595 | * type == EVP_PKEY_NONE && keymgmt == NULL | |
596 | * | |
597 | * typed & empty: | |
598 | * | |
599 | * (type != EVP_PKEY_NONE && pkey.ptr == NULL) ## legacy (libcrypto only) | |
600 | * || (keymgmt != NULL && keydata == NULL) ## provider side | |
601 | * | |
602 | * fully assigned: | |
603 | * | |
604 | * (type != EVP_PKEY_NONE && pkey.ptr != NULL) ## legacy (libcrypto only) | |
605 | * || (keymgmt != NULL && keydata != NULL) ## provider side | |
606 | * | |
5e5bc836 RL |
607 | * The easiest way to detect a legacy key is: |
608 | * | |
609 | * keymgmt == NULL && type != EVP_PKEY_NONE | |
610 | * | |
611 | * The easiest way to detect a provider side key is: | |
612 | * | |
613 | * keymgmt != NULL | |
3aeb9348 | 614 | */ |
5e5bc836 RL |
615 | #define evp_pkey_is_blank(pk) \ |
616 | ((pk)->type == EVP_PKEY_NONE && (pk)->keymgmt == NULL) | |
617 | #define evp_pkey_is_typed(pk) \ | |
618 | ((pk)->type != EVP_PKEY_NONE || (pk)->keymgmt != NULL) | |
4d4928ed RL |
619 | #ifndef FIPS_MODULE |
620 | # define evp_pkey_is_assigned(pk) \ | |
5e5bc836 | 621 | ((pk)->pkey.ptr != NULL || (pk)->keydata != NULL) |
4d4928ed RL |
622 | #else |
623 | # define evp_pkey_is_assigned(pk) \ | |
624 | ((pk)->keydata != NULL) | |
625 | #endif | |
5e5bc836 RL |
626 | #define evp_pkey_is_legacy(pk) \ |
627 | ((pk)->type != EVP_PKEY_NONE && (pk)->keymgmt == NULL) | |
628 | #define evp_pkey_is_provided(pk) \ | |
629 | ((pk)->keymgmt != NULL) | |
630 | ||
b574c6a9 MC |
631 | union legacy_pkey_st { |
632 | void *ptr; | |
633 | struct rsa_st *rsa; /* RSA */ | |
634 | # ifndef OPENSSL_NO_DSA | |
635 | struct dsa_st *dsa; /* DSA */ | |
636 | # endif | |
637 | # ifndef OPENSSL_NO_DH | |
638 | struct dh_st *dh; /* DH */ | |
639 | # endif | |
640 | # ifndef OPENSSL_NO_EC | |
641 | struct ec_key_st *ec; /* ECC */ | |
642 | ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */ | |
643 | # endif | |
644 | }; | |
645 | ||
3aeb9348 | 646 | struct evp_pkey_st { |
a94a3e0d | 647 | /* == Legacy attributes == */ |
3aeb9348 DSH |
648 | int type; |
649 | int save_type; | |
3c6ed955 | 650 | |
f844f9eb | 651 | # ifndef FIPS_MODULE |
3c6ed955 RL |
652 | /* |
653 | * Legacy key "origin" is composed of a pointer to an EVP_PKEY_ASN1_METHOD, | |
654 | * a pointer to a low level key and possibly a pointer to an engine. | |
655 | */ | |
3aeb9348 DSH |
656 | const EVP_PKEY_ASN1_METHOD *ameth; |
657 | ENGINE *engine; | |
d19b01ad | 658 | ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */ |
b574c6a9 MC |
659 | |
660 | /* Union to store the reference to an origin legacy key */ | |
661 | union legacy_pkey_st pkey; | |
662 | ||
663 | /* Union to store the reference to a non-origin legacy key */ | |
664 | union legacy_pkey_st legacy_cache_pkey; | |
adc9f731 | 665 | # endif |
a94a3e0d RL |
666 | |
667 | /* == Common attributes == */ | |
668 | CRYPTO_REF_COUNT references; | |
03273d61 | 669 | CRYPTO_RWLOCK *lock; |
b247113c | 670 | #ifndef FIPS_MODULE |
a94a3e0d RL |
671 | STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ |
672 | int save_parameters; | |
b247113c | 673 | int foreign:1; /* the low-level key is using an engine or an app-method */ |
ff1f7cde AT |
674 | CRYPTO_EX_DATA ex_data; |
675 | #endif | |
a94a3e0d RL |
676 | |
677 | /* == Provider attributes == */ | |
3c6ed955 RL |
678 | |
679 | /* | |
680 | * Provider keydata "origin" is composed of a pointer to an EVP_KEYMGMT | |
681 | * and a pointer to the provider side key data. This is never used at | |
682 | * the same time as the legacy key data above. | |
683 | */ | |
684 | EVP_KEYMGMT *keymgmt; | |
685 | void *keydata; | |
686 | /* | |
687 | * If any libcrypto code does anything that may modify the keydata | |
688 | * contents, this dirty counter must be incremented. | |
689 | */ | |
690 | size_t dirty_cnt; | |
691 | ||
a94a3e0d | 692 | /* |
3c6ed955 RL |
693 | * To support transparent execution of operation in backends other |
694 | * than the "origin" key, we support transparent export/import to | |
695 | * those providers, and maintain a cache of the imported keydata, | |
696 | * so we don't need to redo the export/import every time we perform | |
697 | * the same operation in that same provider. | |
a94a3e0d | 698 | */ |
64954e2f P |
699 | STACK_OF(OP_CACHE_ELEM) *operation_cache; |
700 | ||
70a1f7b4 | 701 | /* |
3c6ed955 RL |
702 | * We keep a copy of that "origin"'s dirty count, so we know if the |
703 | * operation cache needs flushing. | |
70a1f7b4 RL |
704 | */ |
705 | size_t dirty_cnt_copy; | |
6508e858 | 706 | |
b305452f | 707 | /* Cache of key object information */ |
6508e858 RL |
708 | struct { |
709 | int bits; | |
710 | int security_bits; | |
711 | int size; | |
712 | } cache; | |
3aeb9348 | 713 | } /* EVP_PKEY */ ; |
7b9f8f7f | 714 | |
864b89ce MC |
715 | #define EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) \ |
716 | ((ctx)->operation == EVP_PKEY_OP_SIGN \ | |
717 | || (ctx)->operation == EVP_PKEY_OP_SIGNCTX \ | |
718 | || (ctx)->operation == EVP_PKEY_OP_VERIFY \ | |
719 | || (ctx)->operation == EVP_PKEY_OP_VERIFYCTX \ | |
720 | || (ctx)->operation == EVP_PKEY_OP_VERIFYRECOVER) | |
721 | ||
722 | #define EVP_PKEY_CTX_IS_DERIVE_OP(ctx) \ | |
723 | ((ctx)->operation == EVP_PKEY_OP_DERIVE) | |
7b9f8f7f | 724 | |
2c938e2e MC |
725 | #define EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) \ |
726 | ((ctx)->operation == EVP_PKEY_OP_ENCRYPT \ | |
727 | || (ctx)->operation == EVP_PKEY_OP_DECRYPT) | |
728 | ||
62924755 RL |
729 | #define EVP_PKEY_CTX_IS_GEN_OP(ctx) \ |
730 | ((ctx)->operation == EVP_PKEY_OP_PARAMGEN \ | |
731 | || (ctx)->operation == EVP_PKEY_OP_KEYGEN) | |
732 | ||
9a1c4e41 RL |
733 | #define EVP_PKEY_CTX_IS_FROMDATA_OP(ctx) \ |
734 | ((ctx)->operation == EVP_PKEY_OP_FROMDATA) | |
735 | ||
80f4fd18 SL |
736 | #define EVP_PKEY_CTX_IS_KEM_OP(ctx) \ |
737 | ((ctx)->operation == EVP_PKEY_OP_ENCAPSULATE \ | |
738 | || (ctx)->operation == EVP_PKEY_OP_DECAPSULATE) | |
739 | ||
b3599dbb MC |
740 | void openssl_add_all_ciphers_int(void); |
741 | void openssl_add_all_digests_int(void); | |
742 | void evp_cleanup_int(void); | |
0822e89a | 743 | void evp_app_cleanup_int(void); |
b4250010 | 744 | void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx, |
3c6ed955 RL |
745 | EVP_KEYMGMT **keymgmt, |
746 | const char *propquery); | |
f844f9eb | 747 | #ifndef FIPS_MODULE |
4ce1025a | 748 | int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src); |
b574c6a9 | 749 | void *evp_pkey_get_legacy(EVP_PKEY *pk); |
62924755 | 750 | void evp_pkey_free_legacy(EVP_PKEY *x); |
4f0831b8 TM |
751 | EVP_PKEY *evp_pkcs82pkey_legacy(const PKCS8_PRIV_KEY_INFO *p8inf, |
752 | OSSL_LIB_CTX *libctx, const char *propq); | |
62924755 | 753 | #endif |
9d6fcd42 | 754 | |
68552cde RL |
755 | /* |
756 | * KEYMGMT utility functions | |
757 | */ | |
af836c22 RL |
758 | |
759 | /* | |
760 | * Key import structure and helper function, to be used as an export callback | |
761 | */ | |
762 | struct evp_keymgmt_util_try_import_data_st { | |
763 | EVP_KEYMGMT *keymgmt; | |
764 | void *keydata; | |
765 | ||
766 | int selection; | |
767 | }; | |
768 | int evp_keymgmt_util_try_import(const OSSL_PARAM params[], void *arg); | |
769 | int evp_keymgmt_util_assign_pkey(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt, | |
770 | void *keydata); | |
771 | EVP_PKEY *evp_keymgmt_util_make_pkey(EVP_KEYMGMT *keymgmt, void *keydata); | |
772 | ||
655f73ce RL |
773 | int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection, |
774 | OSSL_CALLBACK *export_cb, void *export_cbarg); | |
b305452f | 775 | void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt); |
64954e2f P |
776 | OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, |
777 | EVP_KEYMGMT *keymgmt); | |
0b07db6f | 778 | int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking); |
64954e2f | 779 | int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, |
3c6ed955 RL |
780 | EVP_KEYMGMT *keymgmt, void *keydata); |
781 | void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk); | |
68552cde | 782 | void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, |
b305452f | 783 | int selection, const OSSL_PARAM params[]); |
157ded39 | 784 | int evp_keymgmt_util_has(EVP_PKEY *pk, int selection); |
1e9101c4 | 785 | int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection); |
ff3b59e1 | 786 | int evp_keymgmt_util_copy(EVP_PKEY *to, EVP_PKEY *from, int selection); |
62924755 RL |
787 | void *evp_keymgmt_util_gen(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, |
788 | void *genctx, OSSL_CALLBACK *cb, void *cbarg); | |
3b924da0 RL |
789 | int evp_keymgmt_util_get_deflt_digest_name(EVP_KEYMGMT *keymgmt, |
790 | void *keydata, | |
791 | char *mdname, size_t mdname_sz); | |
70a1f7b4 | 792 | |
68552cde RL |
793 | /* |
794 | * KEYMGMT provider interface functions | |
795 | */ | |
b305452f RL |
796 | void *evp_keymgmt_newdata(const EVP_KEYMGMT *keymgmt); |
797 | void evp_keymgmt_freedata(const EVP_KEYMGMT *keymgmt, void *keyddata); | |
798 | int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt, | |
799 | void *keydata, OSSL_PARAM params[]); | |
4fe54d67 NT |
800 | int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt, |
801 | void *keydata, const OSSL_PARAM params[]); | |
1be63b3e P |
802 | void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection, |
803 | const OSSL_PARAM params[]); | |
1a5632e0 RL |
804 | int evp_keymgmt_gen_set_template(const EVP_KEYMGMT *keymgmt, void *genctx, |
805 | void *template); | |
806 | int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx, | |
807 | const OSSL_PARAM params[]); | |
1a5632e0 RL |
808 | void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx, |
809 | OSSL_CALLBACK *cb, void *cbarg); | |
810 | void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx); | |
b305452f | 811 | |
5dacb38c RL |
812 | void *evp_keymgmt_load(const EVP_KEYMGMT *keymgmt, |
813 | const void *objref, size_t objref_sz); | |
814 | ||
b305452f RL |
815 | int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keyddata, int selection); |
816 | int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata, | |
899e2564 | 817 | int selection, int checktype); |
bee5d6cd RL |
818 | int evp_keymgmt_match(const EVP_KEYMGMT *keymgmt, |
819 | const void *keydata1, const void *keydata2, | |
820 | int selection); | |
b305452f RL |
821 | |
822 | int evp_keymgmt_import(const EVP_KEYMGMT *keymgmt, void *keydata, | |
823 | int selection, const OSSL_PARAM params[]); | |
824 | const OSSL_PARAM *evp_keymgmt_import_types(const EVP_KEYMGMT *keymgmt, | |
825 | int selection); | |
826 | int evp_keymgmt_export(const EVP_KEYMGMT *keymgmt, void *keydata, | |
827 | int selection, OSSL_CALLBACK *param_cb, void *cbarg); | |
828 | const OSSL_PARAM *evp_keymgmt_export_types(const EVP_KEYMGMT *keymgmt, | |
829 | int selection); | |
4a9fe33c | 830 | void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt, |
b4f447c0 | 831 | const void *keydata_from, int selection); |
12603de6 | 832 | |
46f4e1be | 833 | /* Pulling defines out of C source files */ |
9d6fcd42 | 834 | |
80ce21fe F |
835 | # define EVP_RC4_KEY_SIZE 16 |
836 | # ifndef TLS1_1_VERSION | |
837 | # define TLS1_1_VERSION 0x0302 | |
838 | # endif | |
c0804614 MC |
839 | |
840 | void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags); | |
841 | ||
842 | /* EVP_ENCODE_CTX flags */ | |
3fd59700 MC |
843 | /* Don't generate new lines when encoding */ |
844 | #define EVP_ENCODE_CTX_NO_NEWLINES 1 | |
845 | /* Use the SRP base64 alphabet instead of the standard one */ | |
846 | #define EVP_ENCODE_CTX_USE_SRP_ALPHABET 2 | |
7606bed9 | 847 | |
b4250010 DMSP |
848 | const EVP_CIPHER *evp_get_cipherbyname_ex(OSSL_LIB_CTX *libctx, |
849 | const char *name); | |
850 | const EVP_MD *evp_get_digestbyname_ex(OSSL_LIB_CTX *libctx, | |
851 | const char *name); | |
e683582b | 852 | |
4e17fb00 SL |
853 | int ossl_pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen, |
854 | const unsigned char *salt, int saltlen, int iter, | |
855 | const EVP_MD *digest, int keylen, | |
856 | unsigned char *out, | |
857 | OSSL_LIB_CTX *libctx, const char *propq); | |
5ccada09 | 858 | |
80ce21fe | 859 | # ifndef FIPS_MODULE |
4fe54d67 NT |
860 | /* |
861 | * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params(). | |
862 | * | |
863 | * Return 1 on success, 0 or negative for errors. | |
864 | * | |
865 | * In particular they return -2 if any of the params is not supported. | |
866 | * | |
f844f9eb | 867 | * They are not available in FIPS_MODULE as they depend on |
4fe54d67 NT |
868 | * - EVP_PKEY_CTX_{get,set}_params() |
869 | * - EVP_PKEY_CTX_{gettable,settable}_params() | |
870 | * | |
871 | */ | |
872 | int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); | |
873 | int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); | |
472a88b7 | 874 | |
d8652be0 | 875 | EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id, |
b4250010 | 876 | OSSL_LIB_CTX *libctx, const char *propq); |
50914496 | 877 | int evp_pkey_name2type(const char *name); |
977e95b9 | 878 | const char *evp_pkey_type2name(int type); |
86df26b3 RL |
879 | |
880 | int evp_pkey_ctx_set1_id_prov(EVP_PKEY_CTX *ctx, const void *id, int len); | |
881 | int evp_pkey_ctx_get1_id_prov(EVP_PKEY_CTX *ctx, void *id); | |
882 | int evp_pkey_ctx_get1_id_len_prov(EVP_PKEY_CTX *ctx, size_t *id_len); | |
883 | ||
884 | int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx); | |
80ce21fe F |
885 | # endif /* !defined(FIPS_MODULE) */ |
886 | ||
860ecfd7 | 887 | int evp_method_store_flush(OSSL_LIB_CTX *libctx); |
b4250010 | 888 | int evp_set_default_properties_int(OSSL_LIB_CTX *libctx, const char *propq, |
447588b6 MC |
889 | int loadconfig, int mirrored); |
890 | char *evp_get_global_properties_str(OSSL_LIB_CTX *libctx, int loadconfig); | |
3101ab60 MC |
891 | |
892 | void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force); | |
80ce21fe | 893 | |
e19246dc RL |
894 | /* Three possible states: */ |
895 | # define EVP_PKEY_STATE_UNKNOWN 0 | |
896 | # define EVP_PKEY_STATE_LEGACY 1 | |
897 | # define EVP_PKEY_STATE_PROVIDER 2 | |
898 | int evp_pkey_ctx_state(const EVP_PKEY_CTX *ctx); | |
899 | ||
9a1c4e41 RL |
900 | /* These two must ONLY be called for provider side operations */ |
901 | int evp_pkey_ctx_ctrl_to_param(EVP_PKEY_CTX *ctx, | |
902 | int keytype, int optype, | |
903 | int cmd, int p1, void *p2); | |
904 | int evp_pkey_ctx_ctrl_str_to_param(EVP_PKEY_CTX *ctx, | |
905 | const char *name, const char *value); | |
906 | ||
907 | /* These two must ONLY be called for legacy operations */ | |
56784203 | 908 | int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params); |
9a1c4e41 RL |
909 | int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); |
910 | ||
911 | /* This must ONLY be called for legacy EVP_PKEYs */ | |
912 | int evp_pkey_get_params_to_ctrl(const EVP_PKEY *pkey, OSSL_PARAM *params); | |
913 | ||
7bc0fdd3 MC |
914 | /* Same as the public get0 functions but are not const */ |
915 | # ifndef OPENSSL_NO_DEPRECATED_3_0 | |
916 | DH *evp_pkey_get0_DH_int(const EVP_PKEY *pkey); | |
917 | EC_KEY *evp_pkey_get0_EC_KEY_int(const EVP_PKEY *pkey); | |
918 | RSA *evp_pkey_get0_RSA_int(const EVP_PKEY *pkey); | |
919 | # endif | |
920 | ||
80ce21fe | 921 | #endif /* OSSL_CRYPTO_EVP_H */ |