]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #ifndef OSSL_CRYPTO_EVP_H | |
11 | # define OSSL_CRYPTO_EVP_H | |
12 | # pragma once | |
13 | ||
14 | # include <openssl/evp.h> | |
15 | # include <openssl/core_dispatch.h> | |
16 | # include "internal/refcount.h" | |
17 | # include "crypto/ecx.h" | |
18 | ||
19 | /* | |
20 | * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag | |
21 | * values in evp.h | |
22 | */ | |
23 | #define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400 | |
24 | #define EVP_MD_CTX_FLAG_FINALISED 0x0800 | |
25 | ||
26 | #define evp_pkey_ctx_is_legacy(ctx) \ | |
27 | ((ctx)->keymgmt == NULL) | |
28 | #define evp_pkey_ctx_is_provided(ctx) \ | |
29 | (!evp_pkey_ctx_is_legacy(ctx)) | |
30 | ||
31 | struct evp_pkey_ctx_st { | |
32 | /* Actual operation */ | |
33 | int operation; | |
34 | ||
35 | /* | |
36 | * Library context, property query, keytype and keymgmt associated with | |
37 | * this context | |
38 | */ | |
39 | OSSL_LIB_CTX *libctx; | |
40 | char *propquery; | |
41 | const char *keytype; | |
42 | /* If |pkey| below is set, this field is always a reference to its keymgmt */ | |
43 | EVP_KEYMGMT *keymgmt; | |
44 | ||
45 | union { | |
46 | struct { | |
47 | void *genctx; | |
48 | } keymgmt; | |
49 | ||
50 | struct { | |
51 | EVP_KEYEXCH *exchange; | |
52 | /* | |
53 | * Opaque ctx returned from a providers exchange algorithm | |
54 | * implementation OSSL_FUNC_keyexch_newctx() | |
55 | */ | |
56 | void *algctx; | |
57 | } kex; | |
58 | ||
59 | struct { | |
60 | EVP_SIGNATURE *signature; | |
61 | /* | |
62 | * Opaque ctx returned from a providers signature algorithm | |
63 | * implementation OSSL_FUNC_signature_newctx() | |
64 | */ | |
65 | void *algctx; | |
66 | } sig; | |
67 | ||
68 | struct { | |
69 | EVP_ASYM_CIPHER *cipher; | |
70 | /* | |
71 | * Opaque ctx returned from a providers asymmetric cipher algorithm | |
72 | * implementation OSSL_FUNC_asym_cipher_newctx() | |
73 | */ | |
74 | void *algctx; | |
75 | } ciph; | |
76 | struct { | |
77 | EVP_KEM *kem; | |
78 | /* | |
79 | * Opaque ctx returned from a providers KEM algorithm | |
80 | * implementation OSSL_FUNC_kem_newctx() | |
81 | */ | |
82 | void *algctx; | |
83 | } encap; | |
84 | } op; | |
85 | ||
86 | /* | |
87 | * Cached parameters. Inits of operations that depend on these should | |
88 | * call evp_pkey_ctx_use_delayed_data() when the operation has been set | |
89 | * up properly. | |
90 | */ | |
91 | struct { | |
92 | /* Distinguishing Identifier, ISO/IEC 15946-3, FIPS 196 */ | |
93 | char *dist_id_name; /* The name used with EVP_PKEY_CTX_ctrl_str() */ | |
94 | void *dist_id; /* The distinguishing ID itself */ | |
95 | size_t dist_id_len; /* The length of the distinguishing ID */ | |
96 | ||
97 | /* Indicators of what has been set. Keep them together! */ | |
98 | unsigned int dist_id_set : 1; | |
99 | } cached_parameters; | |
100 | ||
101 | /* Application specific data, usually used by the callback */ | |
102 | void *app_data; | |
103 | /* Keygen callback */ | |
104 | EVP_PKEY_gen_cb *pkey_gencb; | |
105 | /* implementation specific keygen data */ | |
106 | int *keygen_info; | |
107 | int keygen_info_count; | |
108 | ||
109 | /* Legacy fields below */ | |
110 | ||
111 | /* EVP_PKEY identity */ | |
112 | int legacy_keytype; | |
113 | /* Method associated with this operation */ | |
114 | const EVP_PKEY_METHOD *pmeth; | |
115 | /* Engine that implements this method or NULL if builtin */ | |
116 | ENGINE *engine; | |
117 | /* Key: may be NULL */ | |
118 | EVP_PKEY *pkey; | |
119 | /* Peer key for key agreement, may be NULL */ | |
120 | EVP_PKEY *peerkey; | |
121 | /* Algorithm specific data */ | |
122 | void *data; | |
123 | /* Indicator if digest_custom needs to be called */ | |
124 | unsigned int flag_call_digest_custom:1; | |
125 | /* | |
126 | * Used to support taking custody of memory in the case of a provider being | |
127 | * used with the deprecated EVP_PKEY_CTX_set_rsa_keygen_pubexp() API. This | |
128 | * member should NOT be used for any other purpose and should be removed | |
129 | * when said deprecated API is excised completely. | |
130 | */ | |
131 | BIGNUM *rsa_pubexp; | |
132 | } /* EVP_PKEY_CTX */ ; | |
133 | ||
134 | #define EVP_PKEY_FLAG_DYNAMIC 1 | |
135 | ||
136 | struct evp_pkey_method_st { | |
137 | int pkey_id; | |
138 | int flags; | |
139 | int (*init) (EVP_PKEY_CTX *ctx); | |
140 | int (*copy) (EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); | |
141 | void (*cleanup) (EVP_PKEY_CTX *ctx); | |
142 | int (*paramgen_init) (EVP_PKEY_CTX *ctx); | |
143 | int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); | |
144 | int (*keygen_init) (EVP_PKEY_CTX *ctx); | |
145 | int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); | |
146 | int (*sign_init) (EVP_PKEY_CTX *ctx); | |
147 | int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, | |
148 | const unsigned char *tbs, size_t tbslen); | |
149 | int (*verify_init) (EVP_PKEY_CTX *ctx); | |
150 | int (*verify) (EVP_PKEY_CTX *ctx, | |
151 | const unsigned char *sig, size_t siglen, | |
152 | const unsigned char *tbs, size_t tbslen); | |
153 | int (*verify_recover_init) (EVP_PKEY_CTX *ctx); | |
154 | int (*verify_recover) (EVP_PKEY_CTX *ctx, | |
155 | unsigned char *rout, size_t *routlen, | |
156 | const unsigned char *sig, size_t siglen); | |
157 | int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); | |
158 | int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, | |
159 | EVP_MD_CTX *mctx); | |
160 | int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); | |
161 | int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, | |
162 | EVP_MD_CTX *mctx); | |
163 | int (*encrypt_init) (EVP_PKEY_CTX *ctx); | |
164 | int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, | |
165 | const unsigned char *in, size_t inlen); | |
166 | int (*decrypt_init) (EVP_PKEY_CTX *ctx); | |
167 | int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, | |
168 | const unsigned char *in, size_t inlen); | |
169 | int (*derive_init) (EVP_PKEY_CTX *ctx); | |
170 | int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); | |
171 | int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); | |
172 | int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); | |
173 | int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, | |
174 | const unsigned char *tbs, size_t tbslen); | |
175 | int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, | |
176 | size_t siglen, const unsigned char *tbs, | |
177 | size_t tbslen); | |
178 | int (*check) (EVP_PKEY *pkey); | |
179 | int (*public_check) (EVP_PKEY *pkey); | |
180 | int (*param_check) (EVP_PKEY *pkey); | |
181 | ||
182 | int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); | |
183 | } /* EVP_PKEY_METHOD */ ; | |
184 | ||
185 | DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD) | |
186 | ||
187 | void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); | |
188 | ||
189 | const EVP_PKEY_METHOD *ossl_dh_pkey_method(void); | |
190 | const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void); | |
191 | const EVP_PKEY_METHOD *ossl_dsa_pkey_method(void); | |
192 | const EVP_PKEY_METHOD *ossl_ec_pkey_method(void); | |
193 | const EVP_PKEY_METHOD *ossl_ecx25519_pkey_method(void); | |
194 | const EVP_PKEY_METHOD *ossl_ecx448_pkey_method(void); | |
195 | const EVP_PKEY_METHOD *ossl_ed25519_pkey_method(void); | |
196 | const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void); | |
197 | const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void); | |
198 | const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void); | |
199 | ||
200 | struct evp_mac_st { | |
201 | OSSL_PROVIDER *prov; | |
202 | int name_id; | |
203 | char *type_name; | |
204 | const char *description; | |
205 | ||
206 | CRYPTO_REF_COUNT refcnt; | |
207 | ||
208 | OSSL_FUNC_mac_newctx_fn *newctx; | |
209 | OSSL_FUNC_mac_dupctx_fn *dupctx; | |
210 | OSSL_FUNC_mac_freectx_fn *freectx; | |
211 | OSSL_FUNC_mac_init_fn *init; | |
212 | OSSL_FUNC_mac_update_fn *update; | |
213 | OSSL_FUNC_mac_final_fn *final; | |
214 | OSSL_FUNC_mac_gettable_params_fn *gettable_params; | |
215 | OSSL_FUNC_mac_gettable_ctx_params_fn *gettable_ctx_params; | |
216 | OSSL_FUNC_mac_settable_ctx_params_fn *settable_ctx_params; | |
217 | OSSL_FUNC_mac_get_params_fn *get_params; | |
218 | OSSL_FUNC_mac_get_ctx_params_fn *get_ctx_params; | |
219 | OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params; | |
220 | }; | |
221 | ||
222 | struct evp_kdf_st { | |
223 | OSSL_PROVIDER *prov; | |
224 | int name_id; | |
225 | char *type_name; | |
226 | const char *description; | |
227 | CRYPTO_REF_COUNT refcnt; | |
228 | ||
229 | OSSL_FUNC_kdf_newctx_fn *newctx; | |
230 | OSSL_FUNC_kdf_dupctx_fn *dupctx; | |
231 | OSSL_FUNC_kdf_freectx_fn *freectx; | |
232 | OSSL_FUNC_kdf_reset_fn *reset; | |
233 | OSSL_FUNC_kdf_derive_fn *derive; | |
234 | OSSL_FUNC_kdf_gettable_params_fn *gettable_params; | |
235 | OSSL_FUNC_kdf_gettable_ctx_params_fn *gettable_ctx_params; | |
236 | OSSL_FUNC_kdf_settable_ctx_params_fn *settable_ctx_params; | |
237 | OSSL_FUNC_kdf_get_params_fn *get_params; | |
238 | OSSL_FUNC_kdf_get_ctx_params_fn *get_ctx_params; | |
239 | OSSL_FUNC_kdf_set_ctx_params_fn *set_ctx_params; | |
240 | }; | |
241 | ||
242 | #define EVP_ORIG_DYNAMIC 0 | |
243 | #define EVP_ORIG_GLOBAL 1 | |
244 | #define EVP_ORIG_METH 2 | |
245 | ||
246 | struct evp_md_st { | |
247 | /* nid */ | |
248 | int type; | |
249 | ||
250 | /* Legacy structure members */ | |
251 | int pkey_type; | |
252 | int md_size; | |
253 | unsigned long flags; | |
254 | int origin; | |
255 | int (*init) (EVP_MD_CTX *ctx); | |
256 | int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); | |
257 | int (*final) (EVP_MD_CTX *ctx, unsigned char *md); | |
258 | int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); | |
259 | int (*cleanup) (EVP_MD_CTX *ctx); | |
260 | int block_size; | |
261 | int ctx_size; /* how big does the ctx->md_data need to be */ | |
262 | /* control function */ | |
263 | int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); | |
264 | ||
265 | /* New structure members */ | |
266 | /* Above comment to be removed when legacy has gone */ | |
267 | int name_id; | |
268 | char *type_name; | |
269 | const char *description; | |
270 | OSSL_PROVIDER *prov; | |
271 | CRYPTO_REF_COUNT refcnt; | |
272 | OSSL_FUNC_digest_newctx_fn *newctx; | |
273 | OSSL_FUNC_digest_init_fn *dinit; | |
274 | OSSL_FUNC_digest_update_fn *dupdate; | |
275 | OSSL_FUNC_digest_final_fn *dfinal; | |
276 | OSSL_FUNC_digest_digest_fn *digest; | |
277 | OSSL_FUNC_digest_freectx_fn *freectx; | |
278 | OSSL_FUNC_digest_dupctx_fn *dupctx; | |
279 | OSSL_FUNC_digest_get_params_fn *get_params; | |
280 | OSSL_FUNC_digest_set_ctx_params_fn *set_ctx_params; | |
281 | OSSL_FUNC_digest_get_ctx_params_fn *get_ctx_params; | |
282 | OSSL_FUNC_digest_gettable_params_fn *gettable_params; | |
283 | OSSL_FUNC_digest_settable_ctx_params_fn *settable_ctx_params; | |
284 | OSSL_FUNC_digest_gettable_ctx_params_fn *gettable_ctx_params; | |
285 | ||
286 | } /* EVP_MD */ ; | |
287 | ||
288 | struct evp_cipher_st { | |
289 | int nid; | |
290 | ||
291 | int block_size; | |
292 | /* Default value for variable length ciphers */ | |
293 | int key_len; | |
294 | int iv_len; | |
295 | ||
296 | /* Legacy structure members */ | |
297 | /* Various flags */ | |
298 | unsigned long flags; | |
299 | /* How the EVP_CIPHER was created. */ | |
300 | int origin; | |
301 | /* init key */ | |
302 | int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, | |
303 | const unsigned char *iv, int enc); | |
304 | /* encrypt/decrypt data */ | |
305 | int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, | |
306 | const unsigned char *in, size_t inl); | |
307 | /* cleanup ctx */ | |
308 | int (*cleanup) (EVP_CIPHER_CTX *); | |
309 | /* how big ctx->cipher_data needs to be */ | |
310 | int ctx_size; | |
311 | /* Populate a ASN1_TYPE with parameters */ | |
312 | int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); | |
313 | /* Get parameters from a ASN1_TYPE */ | |
314 | int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); | |
315 | /* Miscellaneous operations */ | |
316 | int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); | |
317 | /* Application data */ | |
318 | void *app_data; | |
319 | ||
320 | /* New structure members */ | |
321 | /* Above comment to be removed when legacy has gone */ | |
322 | int name_id; | |
323 | char *type_name; | |
324 | const char *description; | |
325 | OSSL_PROVIDER *prov; | |
326 | CRYPTO_REF_COUNT refcnt; | |
327 | OSSL_FUNC_cipher_newctx_fn *newctx; | |
328 | OSSL_FUNC_cipher_encrypt_init_fn *einit; | |
329 | OSSL_FUNC_cipher_decrypt_init_fn *dinit; | |
330 | OSSL_FUNC_cipher_update_fn *cupdate; | |
331 | OSSL_FUNC_cipher_final_fn *cfinal; | |
332 | OSSL_FUNC_cipher_cipher_fn *ccipher; | |
333 | OSSL_FUNC_cipher_freectx_fn *freectx; | |
334 | OSSL_FUNC_cipher_dupctx_fn *dupctx; | |
335 | OSSL_FUNC_cipher_get_params_fn *get_params; | |
336 | OSSL_FUNC_cipher_get_ctx_params_fn *get_ctx_params; | |
337 | OSSL_FUNC_cipher_set_ctx_params_fn *set_ctx_params; | |
338 | OSSL_FUNC_cipher_gettable_params_fn *gettable_params; | |
339 | OSSL_FUNC_cipher_gettable_ctx_params_fn *gettable_ctx_params; | |
340 | OSSL_FUNC_cipher_settable_ctx_params_fn *settable_ctx_params; | |
341 | } /* EVP_CIPHER */ ; | |
342 | ||
343 | /* Macros to code block cipher wrappers */ | |
344 | ||
345 | /* Wrapper functions for each cipher mode */ | |
346 | ||
347 | #define EVP_C_DATA(kstruct, ctx) \ | |
348 | ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx)) | |
349 | ||
350 | #define BLOCK_CIPHER_ecb_loop() \ | |
351 | size_t i, bl; \ | |
352 | bl = EVP_CIPHER_CTX_get0_cipher(ctx)->block_size; \ | |
353 | if (inl < bl) return 1;\ | |
354 | inl -= bl; \ | |
355 | for (i=0; i <= inl; i+=bl) | |
356 | ||
357 | #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ | |
358 | static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ | |
359 | {\ | |
360 | BLOCK_CIPHER_ecb_loop() \ | |
361 | cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_is_encrypting(ctx)); \ | |
362 | return 1;\ | |
363 | } | |
364 | ||
365 | #define EVP_MAXCHUNK ((size_t)1 << 30) | |
366 | ||
367 | #define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ | |
368 | static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ | |
369 | {\ | |
370 | while(inl>=EVP_MAXCHUNK) {\ | |
371 | int num = EVP_CIPHER_CTX_get_num(ctx);\ | |
372 | cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \ | |
373 | EVP_CIPHER_CTX_set_num(ctx, num);\ | |
374 | inl-=EVP_MAXCHUNK;\ | |
375 | in +=EVP_MAXCHUNK;\ | |
376 | out+=EVP_MAXCHUNK;\ | |
377 | }\ | |
378 | if (inl) {\ | |
379 | int num = EVP_CIPHER_CTX_get_num(ctx);\ | |
380 | cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \ | |
381 | EVP_CIPHER_CTX_set_num(ctx, num);\ | |
382 | }\ | |
383 | return 1;\ | |
384 | } | |
385 | ||
386 | #define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ | |
387 | static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ | |
388 | {\ | |
389 | while(inl>=EVP_MAXCHUNK) \ | |
390 | {\ | |
391 | cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\ | |
392 | inl-=EVP_MAXCHUNK;\ | |
393 | in +=EVP_MAXCHUNK;\ | |
394 | out+=EVP_MAXCHUNK;\ | |
395 | }\ | |
396 | if (inl)\ | |
397 | cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\ | |
398 | return 1;\ | |
399 | } | |
400 | ||
401 | #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ | |
402 | static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ | |
403 | {\ | |
404 | size_t chunk = EVP_MAXCHUNK;\ | |
405 | if (cbits == 1) chunk >>= 3;\ | |
406 | if (inl < chunk) chunk = inl;\ | |
407 | while (inl && inl >= chunk)\ | |
408 | {\ | |
409 | int num = EVP_CIPHER_CTX_get_num(ctx);\ | |
410 | cprefix##_cfb##cbits##_encrypt(in, out, (long) \ | |
411 | ((cbits == 1) \ | |
412 | && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \ | |
413 | ? chunk*8 : chunk), \ | |
414 | &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv,\ | |
415 | &num, EVP_CIPHER_CTX_is_encrypting(ctx));\ | |
416 | EVP_CIPHER_CTX_set_num(ctx, num);\ | |
417 | inl -= chunk;\ | |
418 | in += chunk;\ | |
419 | out += chunk;\ | |
420 | if (inl < chunk) chunk = inl;\ | |
421 | }\ | |
422 | return 1;\ | |
423 | } | |
424 | ||
425 | #define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ | |
426 | BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ | |
427 | BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ | |
428 | BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ | |
429 | BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) | |
430 | ||
431 | #define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \ | |
432 | key_len, iv_len, flags, init_key, cleanup, \ | |
433 | set_asn1, get_asn1, ctrl) \ | |
434 | static const EVP_CIPHER cname##_##mode = { \ | |
435 | nid##_##nmode, block_size, key_len, iv_len, \ | |
436 | flags | EVP_CIPH_##MODE##_MODE, \ | |
437 | EVP_ORIG_GLOBAL, \ | |
438 | init_key, \ | |
439 | cname##_##mode##_cipher, \ | |
440 | cleanup, \ | |
441 | sizeof(kstruct), \ | |
442 | set_asn1, get_asn1,\ | |
443 | ctrl, \ | |
444 | NULL \ | |
445 | }; \ | |
446 | const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; } | |
447 | ||
448 | #define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \ | |
449 | iv_len, flags, init_key, cleanup, set_asn1, \ | |
450 | get_asn1, ctrl) \ | |
451 | BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ | |
452 | iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) | |
453 | ||
454 | #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ | |
455 | iv_len, cbits, flags, init_key, cleanup, \ | |
456 | set_asn1, get_asn1, ctrl) \ | |
457 | BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \ | |
458 | key_len, iv_len, flags, init_key, cleanup, set_asn1, \ | |
459 | get_asn1, ctrl) | |
460 | ||
461 | #define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \ | |
462 | iv_len, cbits, flags, init_key, cleanup, \ | |
463 | set_asn1, get_asn1, ctrl) \ | |
464 | BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \ | |
465 | key_len, iv_len, flags, init_key, cleanup, set_asn1, \ | |
466 | get_asn1, ctrl) | |
467 | ||
468 | #define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \ | |
469 | flags, init_key, cleanup, set_asn1, \ | |
470 | get_asn1, ctrl) \ | |
471 | BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ | |
472 | 0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) | |
473 | ||
474 | #define BLOCK_CIPHER_defs(cname, kstruct, \ | |
475 | nid, block_size, key_len, iv_len, cbits, flags, \ | |
476 | init_key, cleanup, set_asn1, get_asn1, ctrl) \ | |
477 | BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ | |
478 | init_key, cleanup, set_asn1, get_asn1, ctrl) \ | |
479 | BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \ | |
480 | flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ | |
481 | BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \ | |
482 | flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ | |
483 | BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \ | |
484 | init_key, cleanup, set_asn1, get_asn1, ctrl) | |
485 | ||
486 | /*- | |
487 | #define BLOCK_CIPHER_defs(cname, kstruct, \ | |
488 | nid, block_size, key_len, iv_len, flags,\ | |
489 | init_key, cleanup, set_asn1, get_asn1, ctrl)\ | |
490 | static const EVP_CIPHER cname##_cbc = {\ | |
491 | nid##_cbc, block_size, key_len, iv_len, \ | |
492 | flags | EVP_CIPH_CBC_MODE,\ | |
493 | EVP_ORIG_GLOBAL,\ | |
494 | init_key,\ | |
495 | cname##_cbc_cipher,\ | |
496 | cleanup,\ | |
497 | sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ | |
498 | sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ | |
499 | set_asn1, get_asn1,\ | |
500 | ctrl, \ | |
501 | NULL \ | |
502 | };\ | |
503 | const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ | |
504 | static const EVP_CIPHER cname##_cfb = {\ | |
505 | nid##_cfb64, 1, key_len, iv_len, \ | |
506 | flags | EVP_CIPH_CFB_MODE,\ | |
507 | EVP_ORIG_GLOBAL,\ | |
508 | init_key,\ | |
509 | cname##_cfb_cipher,\ | |
510 | cleanup,\ | |
511 | sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ | |
512 | sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ | |
513 | set_asn1, get_asn1,\ | |
514 | ctrl,\ | |
515 | NULL \ | |
516 | };\ | |
517 | const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ | |
518 | static const EVP_CIPHER cname##_ofb = {\ | |
519 | nid##_ofb64, 1, key_len, iv_len, \ | |
520 | flags | EVP_CIPH_OFB_MODE,\ | |
521 | EVP_ORIG_GLOBAL,\ | |
522 | init_key,\ | |
523 | cname##_ofb_cipher,\ | |
524 | cleanup,\ | |
525 | sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ | |
526 | sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ | |
527 | set_asn1, get_asn1,\ | |
528 | ctrl,\ | |
529 | NULL \ | |
530 | };\ | |
531 | const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ | |
532 | static const EVP_CIPHER cname##_ecb = {\ | |
533 | nid##_ecb, block_size, key_len, iv_len, \ | |
534 | flags | EVP_CIPH_ECB_MODE,\ | |
535 | EVP_ORIG_GLOBAL,\ | |
536 | init_key,\ | |
537 | cname##_ecb_cipher,\ | |
538 | cleanup,\ | |
539 | sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ | |
540 | sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ | |
541 | set_asn1, get_asn1,\ | |
542 | ctrl,\ | |
543 | NULL \ | |
544 | };\ | |
545 | const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } | |
546 | */ | |
547 | ||
548 | #define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ | |
549 | block_size, key_len, iv_len, cbits, \ | |
550 | flags, init_key, \ | |
551 | cleanup, set_asn1, get_asn1, ctrl) \ | |
552 | BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ | |
553 | BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ | |
554 | cbits, flags, init_key, cleanup, set_asn1, \ | |
555 | get_asn1, ctrl) | |
556 | ||
557 | #define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \ | |
558 | BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ | |
559 | BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ | |
560 | NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ | |
561 | (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \ | |
562 | cipher##_init_key, NULL, NULL, NULL, NULL) | |
563 | ||
564 | typedef struct { | |
565 | unsigned char iv[EVP_MAX_IV_LENGTH]; | |
566 | unsigned int iv_len; | |
567 | unsigned int tag_len; | |
568 | } evp_cipher_aead_asn1_params; | |
569 | ||
570 | int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, | |
571 | evp_cipher_aead_asn1_params *params); | |
572 | ||
573 | int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, | |
574 | evp_cipher_aead_asn1_params *params); | |
575 | ||
576 | /* | |
577 | * To support transparent execution of operation in backends other | |
578 | * than the "origin" key, we support transparent export/import to | |
579 | * those providers, and maintain a cache of the imported keydata, | |
580 | * so we don't need to redo the export/import every time we perform | |
581 | * the same operation in that same provider. | |
582 | * This requires that the "origin" backend (whether it's a legacy or a | |
583 | * provider "origin") implements exports, and that the target provider | |
584 | * has an EVP_KEYMGMT that implements import. | |
585 | */ | |
586 | typedef struct { | |
587 | EVP_KEYMGMT *keymgmt; | |
588 | void *keydata; | |
589 | int selection; | |
590 | } OP_CACHE_ELEM; | |
591 | ||
592 | DEFINE_STACK_OF(OP_CACHE_ELEM) | |
593 | ||
594 | /* | |
595 | * An EVP_PKEY can have the following states: | |
596 | * | |
597 | * untyped & empty: | |
598 | * | |
599 | * type == EVP_PKEY_NONE && keymgmt == NULL | |
600 | * | |
601 | * typed & empty: | |
602 | * | |
603 | * (type != EVP_PKEY_NONE && pkey.ptr == NULL) ## legacy (libcrypto only) | |
604 | * || (keymgmt != NULL && keydata == NULL) ## provider side | |
605 | * | |
606 | * fully assigned: | |
607 | * | |
608 | * (type != EVP_PKEY_NONE && pkey.ptr != NULL) ## legacy (libcrypto only) | |
609 | * || (keymgmt != NULL && keydata != NULL) ## provider side | |
610 | * | |
611 | * The easiest way to detect a legacy key is: | |
612 | * | |
613 | * keymgmt == NULL && type != EVP_PKEY_NONE | |
614 | * | |
615 | * The easiest way to detect a provider side key is: | |
616 | * | |
617 | * keymgmt != NULL | |
618 | */ | |
619 | #define evp_pkey_is_blank(pk) \ | |
620 | ((pk)->type == EVP_PKEY_NONE && (pk)->keymgmt == NULL) | |
621 | #define evp_pkey_is_typed(pk) \ | |
622 | ((pk)->type != EVP_PKEY_NONE || (pk)->keymgmt != NULL) | |
623 | #ifndef FIPS_MODULE | |
624 | # define evp_pkey_is_assigned(pk) \ | |
625 | ((pk)->pkey.ptr != NULL || (pk)->keydata != NULL) | |
626 | #else | |
627 | # define evp_pkey_is_assigned(pk) \ | |
628 | ((pk)->keydata != NULL) | |
629 | #endif | |
630 | #define evp_pkey_is_legacy(pk) \ | |
631 | ((pk)->type != EVP_PKEY_NONE && (pk)->keymgmt == NULL) | |
632 | #define evp_pkey_is_provided(pk) \ | |
633 | ((pk)->keymgmt != NULL) | |
634 | ||
635 | union legacy_pkey_st { | |
636 | void *ptr; | |
637 | struct rsa_st *rsa; /* RSA */ | |
638 | # ifndef OPENSSL_NO_DSA | |
639 | struct dsa_st *dsa; /* DSA */ | |
640 | # endif | |
641 | # ifndef OPENSSL_NO_DH | |
642 | struct dh_st *dh; /* DH */ | |
643 | # endif | |
644 | # ifndef OPENSSL_NO_EC | |
645 | struct ec_key_st *ec; /* ECC */ | |
646 | # ifndef OPENSSL_NO_ECX | |
647 | ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */ | |
648 | # endif | |
649 | # endif | |
650 | }; | |
651 | ||
652 | struct evp_pkey_st { | |
653 | /* == Legacy attributes == */ | |
654 | int type; | |
655 | int save_type; | |
656 | ||
657 | # ifndef FIPS_MODULE | |
658 | /* | |
659 | * Legacy key "origin" is composed of a pointer to an EVP_PKEY_ASN1_METHOD, | |
660 | * a pointer to a low level key and possibly a pointer to an engine. | |
661 | */ | |
662 | const EVP_PKEY_ASN1_METHOD *ameth; | |
663 | ENGINE *engine; | |
664 | ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */ | |
665 | ||
666 | /* Union to store the reference to an origin legacy key */ | |
667 | union legacy_pkey_st pkey; | |
668 | ||
669 | /* Union to store the reference to a non-origin legacy key */ | |
670 | union legacy_pkey_st legacy_cache_pkey; | |
671 | # endif | |
672 | ||
673 | /* == Common attributes == */ | |
674 | CRYPTO_REF_COUNT references; | |
675 | CRYPTO_RWLOCK *lock; | |
676 | #ifndef FIPS_MODULE | |
677 | STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ | |
678 | int save_parameters; | |
679 | unsigned int foreign:1; /* the low-level key is using an engine or an app-method */ | |
680 | CRYPTO_EX_DATA ex_data; | |
681 | #endif | |
682 | ||
683 | /* == Provider attributes == */ | |
684 | ||
685 | /* | |
686 | * Provider keydata "origin" is composed of a pointer to an EVP_KEYMGMT | |
687 | * and a pointer to the provider side key data. This is never used at | |
688 | * the same time as the legacy key data above. | |
689 | */ | |
690 | EVP_KEYMGMT *keymgmt; | |
691 | void *keydata; | |
692 | /* | |
693 | * If any libcrypto code does anything that may modify the keydata | |
694 | * contents, this dirty counter must be incremented. | |
695 | */ | |
696 | size_t dirty_cnt; | |
697 | ||
698 | /* | |
699 | * To support transparent execution of operation in backends other | |
700 | * than the "origin" key, we support transparent export/import to | |
701 | * those providers, and maintain a cache of the imported keydata, | |
702 | * so we don't need to redo the export/import every time we perform | |
703 | * the same operation in that same provider. | |
704 | */ | |
705 | STACK_OF(OP_CACHE_ELEM) *operation_cache; | |
706 | ||
707 | /* | |
708 | * We keep a copy of that "origin"'s dirty count, so we know if the | |
709 | * operation cache needs flushing. | |
710 | */ | |
711 | size_t dirty_cnt_copy; | |
712 | ||
713 | /* Cache of key object information */ | |
714 | struct { | |
715 | int bits; | |
716 | int security_bits; | |
717 | int size; | |
718 | } cache; | |
719 | } /* EVP_PKEY */ ; | |
720 | ||
721 | #define EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) \ | |
722 | ((ctx)->operation == EVP_PKEY_OP_SIGN \ | |
723 | || (ctx)->operation == EVP_PKEY_OP_SIGNCTX \ | |
724 | || (ctx)->operation == EVP_PKEY_OP_VERIFY \ | |
725 | || (ctx)->operation == EVP_PKEY_OP_VERIFYCTX \ | |
726 | || (ctx)->operation == EVP_PKEY_OP_VERIFYRECOVER) | |
727 | ||
728 | #define EVP_PKEY_CTX_IS_DERIVE_OP(ctx) \ | |
729 | ((ctx)->operation == EVP_PKEY_OP_DERIVE) | |
730 | ||
731 | #define EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) \ | |
732 | ((ctx)->operation == EVP_PKEY_OP_ENCRYPT \ | |
733 | || (ctx)->operation == EVP_PKEY_OP_DECRYPT) | |
734 | ||
735 | #define EVP_PKEY_CTX_IS_GEN_OP(ctx) \ | |
736 | ((ctx)->operation == EVP_PKEY_OP_PARAMGEN \ | |
737 | || (ctx)->operation == EVP_PKEY_OP_KEYGEN) | |
738 | ||
739 | #define EVP_PKEY_CTX_IS_FROMDATA_OP(ctx) \ | |
740 | ((ctx)->operation == EVP_PKEY_OP_FROMDATA) | |
741 | ||
742 | #define EVP_PKEY_CTX_IS_KEM_OP(ctx) \ | |
743 | ((ctx)->operation == EVP_PKEY_OP_ENCAPSULATE \ | |
744 | || (ctx)->operation == EVP_PKEY_OP_DECAPSULATE) | |
745 | ||
746 | void openssl_add_all_ciphers_int(void); | |
747 | void openssl_add_all_digests_int(void); | |
748 | void evp_cleanup_int(void); | |
749 | void evp_app_cleanup_int(void); | |
750 | void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx, | |
751 | EVP_KEYMGMT **keymgmt, | |
752 | const char *propquery); | |
753 | #ifndef FIPS_MODULE | |
754 | int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src); | |
755 | void *evp_pkey_get_legacy(EVP_PKEY *pk); | |
756 | void evp_pkey_free_legacy(EVP_PKEY *x); | |
757 | EVP_PKEY *evp_pkcs82pkey_legacy(const PKCS8_PRIV_KEY_INFO *p8inf, | |
758 | OSSL_LIB_CTX *libctx, const char *propq); | |
759 | #endif | |
760 | ||
761 | /* | |
762 | * KEYMGMT utility functions | |
763 | */ | |
764 | ||
765 | /* | |
766 | * Key import structure and helper function, to be used as an export callback | |
767 | */ | |
768 | struct evp_keymgmt_util_try_import_data_st { | |
769 | EVP_KEYMGMT *keymgmt; | |
770 | void *keydata; | |
771 | ||
772 | int selection; | |
773 | }; | |
774 | int evp_keymgmt_util_try_import(const OSSL_PARAM params[], void *arg); | |
775 | int evp_keymgmt_util_assign_pkey(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt, | |
776 | void *keydata); | |
777 | EVP_PKEY *evp_keymgmt_util_make_pkey(EVP_KEYMGMT *keymgmt, void *keydata); | |
778 | ||
779 | int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection, | |
780 | OSSL_CALLBACK *export_cb, void *export_cbarg); | |
781 | void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, | |
782 | int selection); | |
783 | OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, | |
784 | EVP_KEYMGMT *keymgmt, | |
785 | int selection); | |
786 | int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk); | |
787 | int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, | |
788 | void *keydata, int selection); | |
789 | void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk); | |
790 | void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, | |
791 | int selection, const OSSL_PARAM params[]); | |
792 | int evp_keymgmt_util_has(EVP_PKEY *pk, int selection); | |
793 | int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection); | |
794 | int evp_keymgmt_util_copy(EVP_PKEY *to, EVP_PKEY *from, int selection); | |
795 | void *evp_keymgmt_util_gen(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, | |
796 | void *genctx, OSSL_CALLBACK *cb, void *cbarg); | |
797 | int evp_keymgmt_util_get_deflt_digest_name(EVP_KEYMGMT *keymgmt, | |
798 | void *keydata, | |
799 | char *mdname, size_t mdname_sz); | |
800 | const char *evp_keymgmt_util_query_operation_name(EVP_KEYMGMT *keymgmt, | |
801 | int op_id); | |
802 | ||
803 | /* | |
804 | * KEYMGMT provider interface functions | |
805 | */ | |
806 | void *evp_keymgmt_newdata(const EVP_KEYMGMT *keymgmt); | |
807 | void evp_keymgmt_freedata(const EVP_KEYMGMT *keymgmt, void *keyddata); | |
808 | int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt, | |
809 | void *keydata, OSSL_PARAM params[]); | |
810 | int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt, | |
811 | void *keydata, const OSSL_PARAM params[]); | |
812 | void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection, | |
813 | const OSSL_PARAM params[]); | |
814 | int evp_keymgmt_gen_set_template(const EVP_KEYMGMT *keymgmt, void *genctx, | |
815 | void *template); | |
816 | int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx, | |
817 | const OSSL_PARAM params[]); | |
818 | void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx, | |
819 | OSSL_CALLBACK *cb, void *cbarg); | |
820 | void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx); | |
821 | ||
822 | int evp_keymgmt_has_load(const EVP_KEYMGMT *keymgmt); | |
823 | void *evp_keymgmt_load(const EVP_KEYMGMT *keymgmt, | |
824 | const void *objref, size_t objref_sz); | |
825 | ||
826 | int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keyddata, int selection); | |
827 | int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata, | |
828 | int selection, int checktype); | |
829 | int evp_keymgmt_match(const EVP_KEYMGMT *keymgmt, | |
830 | const void *keydata1, const void *keydata2, | |
831 | int selection); | |
832 | ||
833 | int evp_keymgmt_import(const EVP_KEYMGMT *keymgmt, void *keydata, | |
834 | int selection, const OSSL_PARAM params[]); | |
835 | const OSSL_PARAM *evp_keymgmt_import_types(const EVP_KEYMGMT *keymgmt, | |
836 | int selection); | |
837 | int evp_keymgmt_export(const EVP_KEYMGMT *keymgmt, void *keydata, | |
838 | int selection, OSSL_CALLBACK *param_cb, void *cbarg); | |
839 | const OSSL_PARAM *evp_keymgmt_export_types(const EVP_KEYMGMT *keymgmt, | |
840 | int selection); | |
841 | void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt, | |
842 | const void *keydata_from, int selection); | |
843 | EVP_KEYMGMT *evp_keymgmt_fetch_from_prov(OSSL_PROVIDER *prov, | |
844 | const char *name, | |
845 | const char *properties); | |
846 | ||
847 | /* Pulling defines out of C source files */ | |
848 | ||
849 | # define EVP_RC4_KEY_SIZE 16 | |
850 | # ifndef TLS1_1_VERSION | |
851 | # define TLS1_1_VERSION 0x0302 | |
852 | # endif | |
853 | ||
854 | void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags); | |
855 | ||
856 | /* EVP_ENCODE_CTX flags */ | |
857 | /* Don't generate new lines when encoding */ | |
858 | #define EVP_ENCODE_CTX_NO_NEWLINES 1 | |
859 | /* Use the SRP base64 alphabet instead of the standard one */ | |
860 | #define EVP_ENCODE_CTX_USE_SRP_ALPHABET 2 | |
861 | ||
862 | const EVP_CIPHER *evp_get_cipherbyname_ex(OSSL_LIB_CTX *libctx, | |
863 | const char *name); | |
864 | const EVP_MD *evp_get_digestbyname_ex(OSSL_LIB_CTX *libctx, | |
865 | const char *name); | |
866 | ||
867 | int ossl_pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen, | |
868 | const unsigned char *salt, int saltlen, int iter, | |
869 | const EVP_MD *digest, int keylen, | |
870 | unsigned char *out, | |
871 | OSSL_LIB_CTX *libctx, const char *propq); | |
872 | ||
873 | # ifndef FIPS_MODULE | |
874 | /* | |
875 | * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params(). | |
876 | * | |
877 | * Return 1 on success, 0 or negative for errors. | |
878 | * | |
879 | * In particular they return -2 if any of the params is not supported. | |
880 | * | |
881 | * They are not available in FIPS_MODULE as they depend on | |
882 | * - EVP_PKEY_CTX_{get,set}_params() | |
883 | * - EVP_PKEY_CTX_{gettable,settable}_params() | |
884 | * | |
885 | */ | |
886 | int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); | |
887 | int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); | |
888 | ||
889 | EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id, | |
890 | OSSL_LIB_CTX *libctx, const char *propq); | |
891 | int evp_pkey_name2type(const char *name); | |
892 | const char *evp_pkey_type2name(int type); | |
893 | ||
894 | int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx); | |
895 | # endif /* !defined(FIPS_MODULE) */ | |
896 | ||
897 | int evp_method_store_cache_flush(OSSL_LIB_CTX *libctx); | |
898 | int evp_method_store_remove_all_provided(const OSSL_PROVIDER *prov); | |
899 | ||
900 | int evp_default_properties_enable_fips_int(OSSL_LIB_CTX *libctx, int enable, | |
901 | int loadconfig); | |
902 | int evp_set_default_properties_int(OSSL_LIB_CTX *libctx, const char *propq, | |
903 | int loadconfig, int mirrored); | |
904 | char *evp_get_global_properties_str(OSSL_LIB_CTX *libctx, int loadconfig); | |
905 | ||
906 | void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force, int keep_digest); | |
907 | /* just free the algctx if set, returns 0 on inconsistent state of ctx */ | |
908 | int evp_md_ctx_free_algctx(EVP_MD_CTX *ctx); | |
909 | ||
910 | /* Three possible states: */ | |
911 | # define EVP_PKEY_STATE_UNKNOWN 0 | |
912 | # define EVP_PKEY_STATE_LEGACY 1 | |
913 | # define EVP_PKEY_STATE_PROVIDER 2 | |
914 | int evp_pkey_ctx_state(const EVP_PKEY_CTX *ctx); | |
915 | ||
916 | /* These two must ONLY be called for provider side operations */ | |
917 | int evp_pkey_ctx_ctrl_to_param(EVP_PKEY_CTX *ctx, | |
918 | int keytype, int optype, | |
919 | int cmd, int p1, void *p2); | |
920 | int evp_pkey_ctx_ctrl_str_to_param(EVP_PKEY_CTX *ctx, | |
921 | const char *name, const char *value); | |
922 | ||
923 | /* These two must ONLY be called for legacy operations */ | |
924 | int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params); | |
925 | int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); | |
926 | ||
927 | /* This must ONLY be called for legacy EVP_PKEYs */ | |
928 | int evp_pkey_get_params_to_ctrl(const EVP_PKEY *pkey, OSSL_PARAM *params); | |
929 | ||
930 | /* Same as the public get0 functions but are not const */ | |
931 | # ifndef OPENSSL_NO_DEPRECATED_3_0 | |
932 | DH *evp_pkey_get0_DH_int(const EVP_PKEY *pkey); | |
933 | EC_KEY *evp_pkey_get0_EC_KEY_int(const EVP_PKEY *pkey); | |
934 | RSA *evp_pkey_get0_RSA_int(const EVP_PKEY *pkey); | |
935 | # endif | |
936 | ||
937 | /* Get internal identification number routines */ | |
938 | int evp_asym_cipher_get_number(const EVP_ASYM_CIPHER *cipher); | |
939 | int evp_cipher_get_number(const EVP_CIPHER *cipher); | |
940 | int evp_kdf_get_number(const EVP_KDF *kdf); | |
941 | int evp_kem_get_number(const EVP_KEM *wrap); | |
942 | int evp_keyexch_get_number(const EVP_KEYEXCH *keyexch); | |
943 | int evp_keymgmt_get_number(const EVP_KEYMGMT *keymgmt); | |
944 | int evp_mac_get_number(const EVP_MAC *mac); | |
945 | int evp_md_get_number(const EVP_MD *md); | |
946 | int evp_rand_get_number(const EVP_RAND *rand); | |
947 | int evp_signature_get_number(const EVP_SIGNATURE *signature); | |
948 | ||
949 | int evp_pkey_decrypt_alloc(EVP_PKEY_CTX *ctx, unsigned char **outp, | |
950 | size_t *outlenp, size_t expected_outlen, | |
951 | const unsigned char *in, size_t inlen); | |
952 | ||
953 | #endif /* OSSL_CRYPTO_EVP_H */ |