]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/evp/evp_lib.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
EVP: deprecate the EVP_X_meth_ functions.
[thirdparty/openssl.git] / crypto / evp / evp_lib.c
1 /*
2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * EVP _meth_ APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <stdio.h>
17 #include "internal/cryptlib.h"
18 #include <openssl/evp.h>
19 #include <openssl/objects.h>
20 #include <openssl/params.h>
21 #include <openssl/core_names.h>
22 #include <openssl/dh.h>
23 #include <openssl/ec.h>
24 #include "crypto/evp.h"
25 #include "internal/provider.h"
26 #include "evp_local.h"
27
28 #if !defined(FIPS_MODULE)
29 int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
30 {
31 int ret = -1; /* Assume the worst */
32 const EVP_CIPHER *cipher = c->cipher;
33
34 /*
35 * For legacy implementations, we detect custom AlgorithmIdentifier
36 * parameter handling by checking if the function pointer
37 * cipher->set_asn1_parameters is set. We know that this pointer
38 * is NULL for provided implementations.
39 *
40 * Otherwise, for any implementation, we check the flag
41 * EVP_CIPH_FLAG_CUSTOM_ASN1. If it isn't set, we apply
42 * default AI parameter extraction.
43 *
44 * Otherwise, for provided implementations, we convert |type| to
45 * a DER encoded blob and pass to the implementation in OSSL_PARAM
46 * form.
47 *
48 * If none of the above applies, this operation is unsupported.
49 */
50 if (cipher->set_asn1_parameters != NULL) {
51 ret = cipher->set_asn1_parameters(c, type);
52 } else if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) {
53 switch (EVP_CIPHER_mode(cipher)) {
54 case EVP_CIPH_WRAP_MODE:
55 if (EVP_CIPHER_is_a(cipher, SN_id_smime_alg_CMS3DESwrap))
56 ASN1_TYPE_set(type, V_ASN1_NULL, NULL);
57 ret = 1;
58 break;
59
60 case EVP_CIPH_GCM_MODE:
61 case EVP_CIPH_CCM_MODE:
62 case EVP_CIPH_XTS_MODE:
63 case EVP_CIPH_OCB_MODE:
64 ret = -2;
65 break;
66
67 default:
68 ret = EVP_CIPHER_set_asn1_iv(c, type);
69 }
70 } else if (cipher->prov != NULL) {
71 OSSL_PARAM params[3], *p = params;
72 unsigned char *der = NULL, *derp;
73
74 /*
75 * We make two passes, the first to get the appropriate buffer size,
76 * and the second to get the actual value.
77 */
78 *p++ = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_ALG_ID,
79 NULL, 0);
80 *p = OSSL_PARAM_construct_end();
81
82 if (!EVP_CIPHER_CTX_get_params(c, params))
83 goto err;
84
85 /* ... but, we should get a return size too! */
86 if (OSSL_PARAM_modified(params)
87 && params[0].return_size != 0
88 && (der = OPENSSL_malloc(params[0].return_size)) != NULL) {
89 params[0].data = der;
90 params[0].data_size = params[0].return_size;
91 OSSL_PARAM_set_all_unmodified(params);
92 derp = der;
93 if (EVP_CIPHER_CTX_get_params(c, params)
94 && OSSL_PARAM_modified(params)
95 && d2i_ASN1_TYPE(&type, (const unsigned char **)&derp,
96 params[0].return_size) != NULL) {
97 ret = 1;
98 }
99 OPENSSL_free(der);
100 }
101 } else {
102 ret = -2;
103 }
104
105 err:
106 if (ret == -2)
107 EVPerr(EVP_F_EVP_CIPHER_PARAM_TO_ASN1, ASN1_R_UNSUPPORTED_CIPHER);
108 else if (ret <= 0)
109 EVPerr(EVP_F_EVP_CIPHER_PARAM_TO_ASN1, EVP_R_CIPHER_PARAMETER_ERROR);
110 if (ret < -1)
111 ret = -1;
112 return ret;
113 }
114
115 int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
116 {
117 int ret = -1; /* Assume the worst */
118 const EVP_CIPHER *cipher = c->cipher;
119
120 /*
121 * For legacy implementations, we detect custom AlgorithmIdentifier
122 * parameter handling by checking if there the function pointer
123 * cipher->get_asn1_parameters is set. We know that this pointer
124 * is NULL for provided implementations.
125 *
126 * Otherwise, for any implementation, we check the flag
127 * EVP_CIPH_FLAG_CUSTOM_ASN1. If it isn't set, we apply
128 * default AI parameter creation.
129 *
130 * Otherwise, for provided implementations, we get the AI parameter
131 * in DER encoded form from the implementation by requesting the
132 * appropriate OSSL_PARAM and converting the result to a ASN1_TYPE.
133 *
134 * If none of the above applies, this operation is unsupported.
135 */
136 if (cipher->get_asn1_parameters != NULL) {
137 ret = cipher->get_asn1_parameters(c, type);
138 } else if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) {
139 switch (EVP_CIPHER_mode(cipher)) {
140 case EVP_CIPH_WRAP_MODE:
141 ret = 1;
142 break;
143
144 case EVP_CIPH_GCM_MODE:
145 case EVP_CIPH_CCM_MODE:
146 case EVP_CIPH_XTS_MODE:
147 case EVP_CIPH_OCB_MODE:
148 ret = -2;
149 break;
150
151 default:
152 ret = EVP_CIPHER_get_asn1_iv(c, type);
153 }
154 } else if (cipher->prov != NULL) {
155 OSSL_PARAM params[3], *p = params;
156 unsigned char *der = NULL;
157 int derl = -1;
158
159 if ((derl = i2d_ASN1_TYPE(type, &der)) >= 0) {
160 *p++ =
161 OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_ALG_ID,
162 der, (size_t)derl);
163 *p = OSSL_PARAM_construct_end();
164 if (EVP_CIPHER_CTX_set_params(c, params))
165 ret = 1;
166 OPENSSL_free(der);
167 }
168 } else {
169 ret = -2;
170 }
171
172 if (ret == -2)
173 EVPerr(EVP_F_EVP_CIPHER_ASN1_TO_PARAM, EVP_R_UNSUPPORTED_CIPHER);
174 else if (ret <= 0)
175 EVPerr(EVP_F_EVP_CIPHER_ASN1_TO_PARAM, EVP_R_CIPHER_PARAMETER_ERROR);
176 if (ret < -1)
177 ret = -1;
178 return ret;
179 }
180
181 int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
182 {
183 int i = 0;
184 unsigned int l;
185
186 if (type != NULL) {
187 unsigned char iv[EVP_MAX_IV_LENGTH];
188
189 l = EVP_CIPHER_CTX_iv_length(ctx);
190 if (!ossl_assert(l <= sizeof(iv)))
191 return -1;
192 i = ASN1_TYPE_get_octetstring(type, iv, l);
193 if (i != (int)l)
194 return -1;
195
196 if (!EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1))
197 return -1;
198 }
199 return i;
200 }
201
202 int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
203 {
204 int i = 0;
205 unsigned int j;
206 unsigned char *oiv = NULL;
207
208 if (type != NULL) {
209 oiv = (unsigned char *)EVP_CIPHER_CTX_original_iv(c);
210 j = EVP_CIPHER_CTX_iv_length(c);
211 OPENSSL_assert(j <= sizeof(c->iv));
212 i = ASN1_TYPE_set_octetstring(type, oiv, j);
213 }
214 return i;
215 }
216 #endif /* !defined(FIPS_MODULE) */
217
218 /* Convert the various cipher NIDs and dummies to a proper OID NID */
219 int EVP_CIPHER_type(const EVP_CIPHER *ctx)
220 {
221 int nid;
222 nid = EVP_CIPHER_nid(ctx);
223
224 switch (nid) {
225
226 case NID_rc2_cbc:
227 case NID_rc2_64_cbc:
228 case NID_rc2_40_cbc:
229
230 return NID_rc2_cbc;
231
232 case NID_rc4:
233 case NID_rc4_40:
234
235 return NID_rc4;
236
237 case NID_aes_128_cfb128:
238 case NID_aes_128_cfb8:
239 case NID_aes_128_cfb1:
240
241 return NID_aes_128_cfb128;
242
243 case NID_aes_192_cfb128:
244 case NID_aes_192_cfb8:
245 case NID_aes_192_cfb1:
246
247 return NID_aes_192_cfb128;
248
249 case NID_aes_256_cfb128:
250 case NID_aes_256_cfb8:
251 case NID_aes_256_cfb1:
252
253 return NID_aes_256_cfb128;
254
255 case NID_des_cfb64:
256 case NID_des_cfb8:
257 case NID_des_cfb1:
258
259 return NID_des_cfb64;
260
261 case NID_des_ede3_cfb64:
262 case NID_des_ede3_cfb8:
263 case NID_des_ede3_cfb1:
264
265 return NID_des_cfb64;
266
267 default:
268 #ifdef FIPS_MODULE
269 return NID_undef;
270 #else
271 {
272 /* Check it has an OID and it is valid */
273 ASN1_OBJECT *otmp = OBJ_nid2obj(nid);
274
275 if (OBJ_get0_data(otmp) == NULL)
276 nid = NID_undef;
277 ASN1_OBJECT_free(otmp);
278 return nid;
279 }
280 #endif
281 }
282 }
283
284 int evp_cipher_cache_constants(EVP_CIPHER *cipher)
285 {
286 int ok;
287 size_t ivlen = 0;
288 size_t blksz = 0;
289 size_t keylen = 0;
290 unsigned int mode = 0;
291 unsigned long flags = 0;
292 OSSL_PARAM params[6];
293
294 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, &blksz);
295 params[1] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &ivlen);
296 params[2] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &keylen);
297 params[3] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_MODE, &mode);
298 params[4] = OSSL_PARAM_construct_ulong(OSSL_CIPHER_PARAM_FLAGS, &flags);
299 params[5] = OSSL_PARAM_construct_end();
300 ok = evp_do_ciph_getparams(cipher, params);
301 if (ok) {
302 /* Provided implementations may have a custom cipher_cipher */
303 if (cipher->prov != NULL && cipher->ccipher != NULL)
304 flags |= EVP_CIPH_FLAG_CUSTOM_CIPHER;
305 cipher->block_size = blksz;
306 cipher->iv_len = ivlen;
307 cipher->key_len = keylen;
308 cipher->flags = flags | mode;
309 }
310 return ok;
311 }
312
313 int EVP_CIPHER_block_size(const EVP_CIPHER *cipher)
314 {
315 return cipher->block_size;
316 }
317
318 int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
319 {
320 return EVP_CIPHER_block_size(ctx->cipher);
321 }
322
323 int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e)
324 {
325 return e->ctx_size;
326 }
327
328 int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
329 const unsigned char *in, unsigned int inl)
330 {
331 if (ctx->cipher->prov != NULL) {
332 /*
333 * If the provided implementation has a ccipher function, we use it,
334 * and translate its return value like this: 0 => -1, 1 => outlen
335 *
336 * Otherwise, we call the cupdate function if in != NULL, or cfinal
337 * if in == NULL. Regardless of which, we return what we got.
338 */
339 int ret = -1;
340 size_t outl = 0;
341 size_t blocksize = EVP_CIPHER_CTX_block_size(ctx);
342
343 if (ctx->cipher->ccipher != NULL)
344 ret = ctx->cipher->ccipher(ctx->provctx, out, &outl,
345 inl + (blocksize == 1 ? 0 : blocksize),
346 in, (size_t)inl)
347 ? (int)outl : -1;
348 else if (in != NULL)
349 ret = ctx->cipher->cupdate(ctx->provctx, out, &outl,
350 inl + (blocksize == 1 ? 0 : blocksize),
351 in, (size_t)inl);
352 else
353 ret = ctx->cipher->cfinal(ctx->provctx, out, &outl,
354 blocksize == 1 ? 0 : blocksize);
355
356 return ret;
357 }
358
359 return ctx->cipher->do_cipher(ctx, out, in, inl);
360 }
361
362 const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
363 {
364 return ctx->cipher;
365 }
366
367 int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
368 {
369 return ctx->encrypt;
370 }
371
372 unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
373 {
374 return cipher->flags;
375 }
376
377 void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
378 {
379 return ctx->app_data;
380 }
381
382 void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
383 {
384 ctx->app_data = data;
385 }
386
387 void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx)
388 {
389 return ctx->cipher_data;
390 }
391
392 void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data)
393 {
394 void *old_cipher_data;
395
396 old_cipher_data = ctx->cipher_data;
397 ctx->cipher_data = cipher_data;
398
399 return old_cipher_data;
400 }
401
402 int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
403 {
404 return cipher->iv_len;
405 }
406
407 int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
408 {
409 int rv, len = EVP_CIPHER_iv_length(ctx->cipher);
410 size_t v = len;
411 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
412
413 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &v);
414 rv = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
415 if (rv == EVP_CTRL_RET_UNSUPPORTED)
416 goto legacy;
417 return rv != 0 ? (int)v : -1;
418 /* TODO (3.0) Remove legacy support */
419 legacy:
420 if ((EVP_CIPHER_flags(ctx->cipher) & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) {
421 rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN,
422 0, &len);
423 return (rv == 1) ? len : -1;
424 }
425 return len;
426 }
427
428 int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx)
429 {
430 int ret;
431 size_t v = 0;
432 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
433
434 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, &v);
435 ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
436 return ret == 1 ? (int)v : 0;
437 }
438
439 const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
440 {
441 int ok;
442 const unsigned char *v = ctx->oiv;
443 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
444
445 params[0] =
446 OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV,
447 (void **)&v, sizeof(ctx->oiv));
448 ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
449
450 return ok != 0 ? v : NULL;
451 }
452
453 /*
454 * OSSL_PARAM_OCTET_PTR gets us the pointer to the running IV in the provider
455 */
456 const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
457 {
458 int ok;
459 const unsigned char *v = ctx->iv;
460 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
461
462 params[0] =
463 OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV, (void **)&v,
464 sizeof(ctx->iv));
465 ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
466
467 return ok != 0 ? v : NULL;
468 }
469
470 unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
471 {
472 int ok;
473 unsigned char *v = ctx->iv;
474 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
475
476 params[0] =
477 OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV, (void **)&v,
478 sizeof(ctx->iv));
479 ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
480
481 return ok != 0 ? v : NULL;
482 }
483
484 unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
485 {
486 return ctx->buf;
487 }
488
489 int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx)
490 {
491 int ok;
492 unsigned int v = (unsigned int)ctx->num;
493 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
494
495 params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_NUM, &v);
496 ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
497
498 return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
499 }
500
501 int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num)
502 {
503 int ok;
504 unsigned int n = (unsigned int)num;
505 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
506
507 params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_NUM, &n);
508 ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params);
509
510 if (ok != 0)
511 ctx->num = (int)n;
512 return ok != 0;
513 }
514
515 int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
516 {
517 return cipher->key_len;
518 }
519
520 int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
521 {
522 int ok;
523 size_t v = ctx->key_len;
524 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
525
526 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &v);
527 ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
528
529 return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
530 }
531
532 int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
533 {
534 return cipher->nid;
535 }
536
537 int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
538 {
539 return ctx->cipher->nid;
540 }
541
542 int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name)
543 {
544 if (cipher->prov != NULL)
545 return evp_is_a(cipher->prov, cipher->name_id, NULL, name);
546 return evp_is_a(NULL, 0, EVP_CIPHER_name(cipher), name);
547 }
548
549 int EVP_CIPHER_number(const EVP_CIPHER *cipher)
550 {
551 return cipher->name_id;
552 }
553
554 const char *EVP_CIPHER_name(const EVP_CIPHER *cipher)
555 {
556 if (cipher->prov != NULL)
557 return evp_first_name(cipher->prov, cipher->name_id);
558 #ifndef FIPS_MODULE
559 return OBJ_nid2sn(EVP_CIPHER_nid(cipher));
560 #else
561 return NULL;
562 #endif
563 }
564
565 void EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher,
566 void (*fn)(const char *name, void *data),
567 void *data)
568 {
569 if (cipher->prov != NULL)
570 evp_names_do_all(cipher->prov, cipher->name_id, fn, data);
571 }
572
573 const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher)
574 {
575 return cipher->prov;
576 }
577
578 int EVP_CIPHER_mode(const EVP_CIPHER *cipher)
579 {
580 return EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE;
581 }
582
583 int EVP_MD_is_a(const EVP_MD *md, const char *name)
584 {
585 if (md->prov != NULL)
586 return evp_is_a(md->prov, md->name_id, NULL, name);
587 return evp_is_a(NULL, 0, EVP_MD_name(md), name);
588 }
589
590 int EVP_MD_number(const EVP_MD *md)
591 {
592 return md->name_id;
593 }
594
595 const char *EVP_MD_name(const EVP_MD *md)
596 {
597 if (md->prov != NULL)
598 return evp_first_name(md->prov, md->name_id);
599 #ifndef FIPS_MODULE
600 return OBJ_nid2sn(EVP_MD_nid(md));
601 #else
602 return NULL;
603 #endif
604 }
605
606 void EVP_MD_names_do_all(const EVP_MD *md,
607 void (*fn)(const char *name, void *data),
608 void *data)
609 {
610 if (md->prov != NULL)
611 evp_names_do_all(md->prov, md->name_id, fn, data);
612 }
613
614 const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md)
615 {
616 return md->prov;
617 }
618
619 int EVP_MD_block_size(const EVP_MD *md)
620 {
621 int ok;
622 size_t v = md->block_size;
623 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
624
625 if (md == NULL) {
626 EVPerr(EVP_F_EVP_MD_BLOCK_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL);
627 return -1;
628 }
629
630 params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, &v);
631 ok = evp_do_md_getparams(md, params);
632
633 return ok != 0 ? (int)v : -1;
634 }
635
636 int EVP_MD_type(const EVP_MD *md)
637 {
638 return md->type;
639 }
640
641 int EVP_MD_pkey_type(const EVP_MD *md)
642 {
643 return md->pkey_type;
644 }
645
646 int EVP_MD_size(const EVP_MD *md)
647 {
648 int ok;
649 size_t v = md->md_size;
650 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
651
652 if (md == NULL) {
653 EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL);
654 return -1;
655 }
656
657 params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &v);
658 ok = evp_do_md_getparams(md, params);
659
660 return ok != 0 ? (int)v : -1;
661 }
662
663 unsigned long EVP_MD_flags(const EVP_MD *md)
664 {
665 int ok;
666 unsigned long v = md->flags;
667 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
668
669 params[0] = OSSL_PARAM_construct_ulong(OSSL_CIPHER_PARAM_FLAGS, &v);
670 ok = evp_do_md_getparams(md, params);
671
672 return ok != 0 ? v : 0;
673 }
674
675 EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
676 {
677 EVP_MD *md = evp_md_new();
678
679 if (md != NULL) {
680 md->type = md_type;
681 md->pkey_type = pkey_type;
682 }
683 return md;
684 }
685
686 EVP_MD *EVP_MD_meth_dup(const EVP_MD *md)
687 {
688 EVP_MD *to = NULL;
689
690 /*
691 * Non-legacy EVP_MDs can't be duplicated like this.
692 * Use EVP_MD_up_ref() instead.
693 */
694 if (md->prov != NULL)
695 return NULL;
696
697 if ((to = EVP_MD_meth_new(md->type, md->pkey_type)) != NULL) {
698 CRYPTO_RWLOCK *lock = to->lock;
699
700 memcpy(to, md, sizeof(*to));
701 to->lock = lock;
702 }
703 return to;
704 }
705
706 void EVP_MD_meth_free(EVP_MD *md)
707 {
708 EVP_MD_free(md);
709 }
710 int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize)
711 {
712 if (md->block_size != 0)
713 return 0;
714
715 md->block_size = blocksize;
716 return 1;
717 }
718 int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize)
719 {
720 if (md->md_size != 0)
721 return 0;
722
723 md->md_size = resultsize;
724 return 1;
725 }
726 int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize)
727 {
728 if (md->ctx_size != 0)
729 return 0;
730
731 md->ctx_size = datasize;
732 return 1;
733 }
734 int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags)
735 {
736 if (md->flags != 0)
737 return 0;
738
739 md->flags = flags;
740 return 1;
741 }
742 int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx))
743 {
744 if (md->init != NULL)
745 return 0;
746
747 md->init = init;
748 return 1;
749 }
750 int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx,
751 const void *data,
752 size_t count))
753 {
754 if (md->update != NULL)
755 return 0;
756
757 md->update = update;
758 return 1;
759 }
760 int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx,
761 unsigned char *md))
762 {
763 if (md->final != NULL)
764 return 0;
765
766 md->final = final;
767 return 1;
768 }
769 int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to,
770 const EVP_MD_CTX *from))
771 {
772 if (md->copy != NULL)
773 return 0;
774
775 md->copy = copy;
776 return 1;
777 }
778 int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx))
779 {
780 if (md->cleanup != NULL)
781 return 0;
782
783 md->cleanup = cleanup;
784 return 1;
785 }
786 int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
787 int p1, void *p2))
788 {
789 if (md->md_ctrl != NULL)
790 return 0;
791
792 md->md_ctrl = ctrl;
793 return 1;
794 }
795
796 int EVP_MD_meth_get_input_blocksize(const EVP_MD *md)
797 {
798 return md->block_size;
799 }
800 int EVP_MD_meth_get_result_size(const EVP_MD *md)
801 {
802 return md->md_size;
803 }
804 int EVP_MD_meth_get_app_datasize(const EVP_MD *md)
805 {
806 return md->ctx_size;
807 }
808 unsigned long EVP_MD_meth_get_flags(const EVP_MD *md)
809 {
810 return md->flags;
811 }
812 int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx)
813 {
814 return md->init;
815 }
816 int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx,
817 const void *data,
818 size_t count)
819 {
820 return md->update;
821 }
822 int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx,
823 unsigned char *md)
824 {
825 return md->final;
826 }
827 int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to,
828 const EVP_MD_CTX *from)
829 {
830 return md->copy;
831 }
832 int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx)
833 {
834 return md->cleanup;
835 }
836 int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
837 int p1, void *p2)
838 {
839 return md->md_ctrl;
840 }
841
842 const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
843 {
844 if (ctx == NULL)
845 return NULL;
846 return ctx->reqdigest;
847 }
848
849 EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx)
850 {
851 return ctx->pctx;
852 }
853
854 #if !defined(FIPS_MODULE)
855 /* TODO(3.0): EVP_DigestSign* not yet supported in FIPS module */
856 void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx)
857 {
858 /*
859 * it's reasonable to set NULL pctx (a.k.a clear the ctx->pctx), so
860 * we have to deal with the cleanup job here.
861 */
862 if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
863 EVP_PKEY_CTX_free(ctx->pctx);
864
865 ctx->pctx = pctx;
866
867 if (pctx != NULL) {
868 /* make sure pctx is not freed when destroying EVP_MD_CTX */
869 EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
870 } else {
871 EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
872 }
873 }
874 #endif /* !defined(FIPS_MODULE) */
875
876 void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx)
877 {
878 return ctx->md_data;
879 }
880
881 int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
882 const void *data, size_t count)
883 {
884 return ctx->update;
885 }
886
887 void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
888 int (*update) (EVP_MD_CTX *ctx,
889 const void *data, size_t count))
890 {
891 ctx->update = update;
892 }
893
894 void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags)
895 {
896 ctx->flags |= flags;
897 }
898
899 void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags)
900 {
901 ctx->flags &= ~flags;
902 }
903
904 int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags)
905 {
906 return (ctx->flags & flags);
907 }
908
909 void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags)
910 {
911 ctx->flags |= flags;
912 }
913
914 void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags)
915 {
916 ctx->flags &= ~flags;
917 }
918
919 int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
920 {
921 return (ctx->flags & flags);
922 }
923
924 int EVP_str2ctrl(int (*cb)(void *ctx, int cmd, void *buf, size_t buflen),
925 void *ctx, int cmd, const char *value)
926 {
927 size_t len;
928
929 len = strlen(value);
930 if (len > INT_MAX)
931 return -1;
932 return cb(ctx, cmd, (void *)value, len);
933 }
934
935 int EVP_hex2ctrl(int (*cb)(void *ctx, int cmd, void *buf, size_t buflen),
936 void *ctx, int cmd, const char *hex)
937 {
938 unsigned char *bin;
939 long binlen;
940 int rv = -1;
941
942 bin = OPENSSL_hexstr2buf(hex, &binlen);
943 if (bin == NULL)
944 return 0;
945 if (binlen <= INT_MAX)
946 rv = cb(ctx, cmd, bin, binlen);
947 OPENSSL_free(bin);
948 return rv;
949 }
950
951 int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name)
952 {
953 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
954 OSSL_PARAM *p = params;
955
956 if (ctx == NULL) {
957 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
958 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
959 return -2;
960 }
961
962 if (!EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
963 #ifndef FIPS_MODULE
964 int nid;
965
966 /* Could be a legacy key, try and convert to a ctrl */
967 if (ctx->pmeth != NULL && (nid = OBJ_txt2nid(name)) != NID_undef) {
968 # ifndef OPENSSL_NO_DH
969 if (ctx->pmeth->pkey_id == EVP_PKEY_DH)
970 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH,
971 EVP_PKEY_OP_PARAMGEN
972 | EVP_PKEY_OP_KEYGEN,
973 EVP_PKEY_CTRL_DH_NID, nid, NULL);
974 # endif
975 # ifndef OPENSSL_NO_EC
976 if (ctx->pmeth->pkey_id == EVP_PKEY_EC)
977 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
978 EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN,
979 EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID,
980 nid, NULL);
981 # endif
982 }
983 #endif
984 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
985 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
986 return -2;
987 }
988
989 if (name == NULL)
990 return -1;
991
992 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
993 (char *)name, 0);
994 return EVP_PKEY_CTX_set_params(ctx, params);
995 }
996
997 int EVP_PKEY_CTX_get_group_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen)
998 {
999 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
1000 OSSL_PARAM *p = params;
1001
1002 if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
1003 /* There is no legacy support for this */
1004 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1005 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1006 return -2;
1007 }
1008
1009 if (name == NULL)
1010 return -1;
1011
1012 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
1013 name, namelen);
1014 if (!EVP_PKEY_CTX_get_params(ctx, params))
1015 return -1;
1016 return 1;
1017 }
A mirror of the official openssl repository