2016-05-18 02:24:46 +08:00
|
|
|
/*
|
2021-01-28 20:54:57 +08:00
|
|
|
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
1998-12-21 18:56:39 +08:00
|
|
|
*
|
2018-12-06 20:40:06 +08:00
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
2016-05-18 02:24:46 +08:00
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
* https://www.openssl.org/source/license.html
|
1998-12-21 18:56:39 +08:00
|
|
|
*/
|
|
|
|
|
2020-02-13 09:00:57 +08:00
|
|
|
/*
|
|
|
|
* EVP _meth_ APIs are deprecated for public use, but still ok for
|
|
|
|
* internal use.
|
|
|
|
*/
|
|
|
|
#include "internal/deprecated.h"
|
|
|
|
|
1998-12-21 18:56:39 +08:00
|
|
|
#include <stdio.h>
|
2021-03-20 20:49:08 +08:00
|
|
|
#include <string.h>
|
|
|
|
#include "e_os.h" /* strcasecmp */
|
2015-05-14 22:56:48 +08:00
|
|
|
#include "internal/cryptlib.h"
|
1999-04-24 06:13:45 +08:00
|
|
|
#include <openssl/evp.h>
|
|
|
|
#include <openssl/objects.h>
|
2019-04-04 01:01:21 +08:00
|
|
|
#include <openssl/params.h>
|
|
|
|
#include <openssl/core_names.h>
|
2021-03-20 20:49:08 +08:00
|
|
|
#include <openssl/rsa.h>
|
2019-06-27 17:48:17 +08:00
|
|
|
#include <openssl/dh.h>
|
2020-05-20 21:46:22 +08:00
|
|
|
#include <openssl/ec.h>
|
2019-09-28 06:45:33 +08:00
|
|
|
#include "crypto/evp.h"
|
2020-09-07 02:11:34 +08:00
|
|
|
#include "crypto/asn1.h"
|
2019-03-13 22:49:40 +08:00
|
|
|
#include "internal/provider.h"
|
2019-09-28 06:45:40 +08:00
|
|
|
#include "evp_local.h"
|
1998-12-21 18:56:39 +08:00
|
|
|
|
2020-04-14 04:34:56 +08:00
|
|
|
#if !defined(FIPS_MODULE)
|
2021-03-20 20:49:08 +08:00
|
|
|
|
1999-04-20 05:31:43 +08:00
|
|
|
int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
|
2020-09-07 02:11:34 +08:00
|
|
|
{
|
|
|
|
return evp_cipher_param_to_asn1_ex(c, type, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
|
|
|
|
{
|
|
|
|
return evp_cipher_asn1_to_param_ex(c, type, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
|
|
|
|
{
|
|
|
|
int i = 0;
|
|
|
|
unsigned int l;
|
|
|
|
|
|
|
|
if (type != NULL) {
|
|
|
|
unsigned char iv[EVP_MAX_IV_LENGTH];
|
|
|
|
|
|
|
|
l = EVP_CIPHER_CTX_iv_length(ctx);
|
|
|
|
if (!ossl_assert(l <= sizeof(iv)))
|
|
|
|
return -1;
|
|
|
|
i = ASN1_TYPE_get_octetstring(type, iv, l);
|
|
|
|
if (i != (int)l)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (!EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1))
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return i;
|
|
|
|
}
|
|
|
|
|
|
|
|
int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
|
|
|
|
{
|
|
|
|
int i = 0;
|
|
|
|
unsigned int j;
|
|
|
|
unsigned char *oiv = NULL;
|
|
|
|
|
|
|
|
if (type != NULL) {
|
|
|
|
oiv = (unsigned char *)EVP_CIPHER_CTX_original_iv(c);
|
|
|
|
j = EVP_CIPHER_CTX_iv_length(c);
|
|
|
|
OPENSSL_assert(j <= sizeof(c->iv));
|
|
|
|
i = ASN1_TYPE_set_octetstring(type, oiv, j);
|
|
|
|
}
|
|
|
|
return i;
|
|
|
|
}
|
|
|
|
|
|
|
|
int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
|
|
|
|
evp_cipher_aead_asn1_params *asn1_params)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
Adapt EVP_CIPHER_{param_to_asn1,asn1_to_param} for use with provider.
So far, these two funtions have depended on legacy EVP_CIPHER
implementations to be able to do their work. This change adapts them
to work with provided implementations as well, in one of two possible
ways:
1. If the implementation's set_asn1_parameters or get_asn1_parameters
function pointers are non-NULL, this is a legacy implementation,
and that function is called.
2. Otherwise, if the cipher doesn't have EVP_CIPH_FLAG_CUSTOM_ASN1
set, the default AlgorithmIdentifier parameter code in libcrypto
is executed.
3. Otherwise, if the cipher is a provided implementation, the ASN1
type structure is converted to a DER blob which is then passed to
the implementation as a parameter (param_to_asn1) or the DER blob
is retrieved from the implementation as a parameter and converted
locally to a ASN1_TYPE (asn1_to_param).
With this, the old flag EVP_CIPH_FLAG_DEFAULT_ASN1 has become
irrelevant and is simply ignored.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10008)
2019-09-25 14:56:14 +08:00
|
|
|
int ret = -1; /* Assume the worst */
|
2019-04-04 01:01:21 +08:00
|
|
|
const EVP_CIPHER *cipher = c->cipher;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
Adapt EVP_CIPHER_{param_to_asn1,asn1_to_param} for use with provider.
So far, these two funtions have depended on legacy EVP_CIPHER
implementations to be able to do their work. This change adapts them
to work with provided implementations as well, in one of two possible
ways:
1. If the implementation's set_asn1_parameters or get_asn1_parameters
function pointers are non-NULL, this is a legacy implementation,
and that function is called.
2. Otherwise, if the cipher doesn't have EVP_CIPH_FLAG_CUSTOM_ASN1
set, the default AlgorithmIdentifier parameter code in libcrypto
is executed.
3. Otherwise, if the cipher is a provided implementation, the ASN1
type structure is converted to a DER blob which is then passed to
the implementation as a parameter (param_to_asn1) or the DER blob
is retrieved from the implementation as a parameter and converted
locally to a ASN1_TYPE (asn1_to_param).
With this, the old flag EVP_CIPH_FLAG_DEFAULT_ASN1 has become
irrelevant and is simply ignored.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10008)
2019-09-25 14:56:14 +08:00
|
|
|
/*
|
|
|
|
* For legacy implementations, we detect custom AlgorithmIdentifier
|
|
|
|
* parameter handling by checking if the function pointer
|
|
|
|
* cipher->set_asn1_parameters is set. We know that this pointer
|
|
|
|
* is NULL for provided implementations.
|
|
|
|
*
|
|
|
|
* Otherwise, for any implementation, we check the flag
|
|
|
|
* EVP_CIPH_FLAG_CUSTOM_ASN1. If it isn't set, we apply
|
|
|
|
* default AI parameter extraction.
|
|
|
|
*
|
|
|
|
* Otherwise, for provided implementations, we convert |type| to
|
|
|
|
* a DER encoded blob and pass to the implementation in OSSL_PARAM
|
|
|
|
* form.
|
|
|
|
*
|
|
|
|
* If none of the above applies, this operation is unsupported.
|
|
|
|
*/
|
|
|
|
if (cipher->set_asn1_parameters != NULL) {
|
2019-04-04 01:01:21 +08:00
|
|
|
ret = cipher->set_asn1_parameters(c, type);
|
Adapt EVP_CIPHER_{param_to_asn1,asn1_to_param} for use with provider.
So far, these two funtions have depended on legacy EVP_CIPHER
implementations to be able to do their work. This change adapts them
to work with provided implementations as well, in one of two possible
ways:
1. If the implementation's set_asn1_parameters or get_asn1_parameters
function pointers are non-NULL, this is a legacy implementation,
and that function is called.
2. Otherwise, if the cipher doesn't have EVP_CIPH_FLAG_CUSTOM_ASN1
set, the default AlgorithmIdentifier parameter code in libcrypto
is executed.
3. Otherwise, if the cipher is a provided implementation, the ASN1
type structure is converted to a DER blob which is then passed to
the implementation as a parameter (param_to_asn1) or the DER blob
is retrieved from the implementation as a parameter and converted
locally to a ASN1_TYPE (asn1_to_param).
With this, the old flag EVP_CIPH_FLAG_DEFAULT_ASN1 has become
irrelevant and is simply ignored.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10008)
2019-09-25 14:56:14 +08:00
|
|
|
} else if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) {
|
2019-04-04 01:01:21 +08:00
|
|
|
switch (EVP_CIPHER_mode(cipher)) {
|
2015-08-01 22:38:11 +08:00
|
|
|
case EVP_CIPH_WRAP_MODE:
|
Adapt EVP_CIPHER_{param_to_asn1,asn1_to_param} for use with provider.
So far, these two funtions have depended on legacy EVP_CIPHER
implementations to be able to do their work. This change adapts them
to work with provided implementations as well, in one of two possible
ways:
1. If the implementation's set_asn1_parameters or get_asn1_parameters
function pointers are non-NULL, this is a legacy implementation,
and that function is called.
2. Otherwise, if the cipher doesn't have EVP_CIPH_FLAG_CUSTOM_ASN1
set, the default AlgorithmIdentifier parameter code in libcrypto
is executed.
3. Otherwise, if the cipher is a provided implementation, the ASN1
type structure is converted to a DER blob which is then passed to
the implementation as a parameter (param_to_asn1) or the DER blob
is retrieved from the implementation as a parameter and converted
locally to a ASN1_TYPE (asn1_to_param).
With this, the old flag EVP_CIPH_FLAG_DEFAULT_ASN1 has become
irrelevant and is simply ignored.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10008)
2019-09-25 14:56:14 +08:00
|
|
|
if (EVP_CIPHER_is_a(cipher, SN_id_smime_alg_CMS3DESwrap))
|
2015-10-13 04:14:04 +08:00
|
|
|
ASN1_TYPE_set(type, V_ASN1_NULL, NULL);
|
2015-01-22 11:40:55 +08:00
|
|
|
ret = 1;
|
2015-08-01 22:38:11 +08:00
|
|
|
break;
|
|
|
|
|
|
|
|
case EVP_CIPH_GCM_MODE:
|
2020-09-07 02:11:34 +08:00
|
|
|
ret = evp_cipher_set_asn1_aead_params(c, type, asn1_params);
|
|
|
|
break;
|
|
|
|
|
2015-08-01 22:38:11 +08:00
|
|
|
case EVP_CIPH_CCM_MODE:
|
|
|
|
case EVP_CIPH_XTS_MODE:
|
|
|
|
case EVP_CIPH_OCB_MODE:
|
2018-05-11 03:14:12 +08:00
|
|
|
ret = -2;
|
2015-08-01 22:38:11 +08:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
2015-01-22 11:40:55 +08:00
|
|
|
ret = EVP_CIPHER_set_asn1_iv(c, type);
|
2015-08-01 22:38:11 +08:00
|
|
|
}
|
Adapt EVP_CIPHER_{param_to_asn1,asn1_to_param} for use with provider.
So far, these two funtions have depended on legacy EVP_CIPHER
implementations to be able to do their work. This change adapts them
to work with provided implementations as well, in one of two possible
ways:
1. If the implementation's set_asn1_parameters or get_asn1_parameters
function pointers are non-NULL, this is a legacy implementation,
and that function is called.
2. Otherwise, if the cipher doesn't have EVP_CIPH_FLAG_CUSTOM_ASN1
set, the default AlgorithmIdentifier parameter code in libcrypto
is executed.
3. Otherwise, if the cipher is a provided implementation, the ASN1
type structure is converted to a DER blob which is then passed to
the implementation as a parameter (param_to_asn1) or the DER blob
is retrieved from the implementation as a parameter and converted
locally to a ASN1_TYPE (asn1_to_param).
With this, the old flag EVP_CIPH_FLAG_DEFAULT_ASN1 has become
irrelevant and is simply ignored.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10008)
2019-09-25 14:56:14 +08:00
|
|
|
} else if (cipher->prov != NULL) {
|
|
|
|
OSSL_PARAM params[3], *p = params;
|
|
|
|
unsigned char *der = NULL, *derp;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We make two passes, the first to get the appropriate buffer size,
|
|
|
|
* and the second to get the actual value.
|
|
|
|
*/
|
2021-05-04 13:19:42 +08:00
|
|
|
*p++ = OSSL_PARAM_construct_octet_string(
|
|
|
|
OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS,
|
|
|
|
NULL, 0);
|
Adapt EVP_CIPHER_{param_to_asn1,asn1_to_param} for use with provider.
So far, these two funtions have depended on legacy EVP_CIPHER
implementations to be able to do their work. This change adapts them
to work with provided implementations as well, in one of two possible
ways:
1. If the implementation's set_asn1_parameters or get_asn1_parameters
function pointers are non-NULL, this is a legacy implementation,
and that function is called.
2. Otherwise, if the cipher doesn't have EVP_CIPH_FLAG_CUSTOM_ASN1
set, the default AlgorithmIdentifier parameter code in libcrypto
is executed.
3. Otherwise, if the cipher is a provided implementation, the ASN1
type structure is converted to a DER blob which is then passed to
the implementation as a parameter (param_to_asn1) or the DER blob
is retrieved from the implementation as a parameter and converted
locally to a ASN1_TYPE (asn1_to_param).
With this, the old flag EVP_CIPH_FLAG_DEFAULT_ASN1 has become
irrelevant and is simply ignored.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10008)
2019-09-25 14:56:14 +08:00
|
|
|
*p = OSSL_PARAM_construct_end();
|
|
|
|
|
|
|
|
if (!EVP_CIPHER_CTX_get_params(c, params))
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
/* ... but, we should get a return size too! */
|
2020-04-22 12:20:11 +08:00
|
|
|
if (OSSL_PARAM_modified(params)
|
|
|
|
&& params[0].return_size != 0
|
Adapt EVP_CIPHER_{param_to_asn1,asn1_to_param} for use with provider.
So far, these two funtions have depended on legacy EVP_CIPHER
implementations to be able to do their work. This change adapts them
to work with provided implementations as well, in one of two possible
ways:
1. If the implementation's set_asn1_parameters or get_asn1_parameters
function pointers are non-NULL, this is a legacy implementation,
and that function is called.
2. Otherwise, if the cipher doesn't have EVP_CIPH_FLAG_CUSTOM_ASN1
set, the default AlgorithmIdentifier parameter code in libcrypto
is executed.
3. Otherwise, if the cipher is a provided implementation, the ASN1
type structure is converted to a DER blob which is then passed to
the implementation as a parameter (param_to_asn1) or the DER blob
is retrieved from the implementation as a parameter and converted
locally to a ASN1_TYPE (asn1_to_param).
With this, the old flag EVP_CIPH_FLAG_DEFAULT_ASN1 has become
irrelevant and is simply ignored.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10008)
2019-09-25 14:56:14 +08:00
|
|
|
&& (der = OPENSSL_malloc(params[0].return_size)) != NULL) {
|
|
|
|
params[0].data = der;
|
|
|
|
params[0].data_size = params[0].return_size;
|
2020-04-22 12:20:11 +08:00
|
|
|
OSSL_PARAM_set_all_unmodified(params);
|
Adapt EVP_CIPHER_{param_to_asn1,asn1_to_param} for use with provider.
So far, these two funtions have depended on legacy EVP_CIPHER
implementations to be able to do their work. This change adapts them
to work with provided implementations as well, in one of two possible
ways:
1. If the implementation's set_asn1_parameters or get_asn1_parameters
function pointers are non-NULL, this is a legacy implementation,
and that function is called.
2. Otherwise, if the cipher doesn't have EVP_CIPH_FLAG_CUSTOM_ASN1
set, the default AlgorithmIdentifier parameter code in libcrypto
is executed.
3. Otherwise, if the cipher is a provided implementation, the ASN1
type structure is converted to a DER blob which is then passed to
the implementation as a parameter (param_to_asn1) or the DER blob
is retrieved from the implementation as a parameter and converted
locally to a ASN1_TYPE (asn1_to_param).
With this, the old flag EVP_CIPH_FLAG_DEFAULT_ASN1 has become
irrelevant and is simply ignored.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10008)
2019-09-25 14:56:14 +08:00
|
|
|
derp = der;
|
|
|
|
if (EVP_CIPHER_CTX_get_params(c, params)
|
2020-04-22 12:20:11 +08:00
|
|
|
&& OSSL_PARAM_modified(params)
|
Adapt EVP_CIPHER_{param_to_asn1,asn1_to_param} for use with provider.
So far, these two funtions have depended on legacy EVP_CIPHER
implementations to be able to do their work. This change adapts them
to work with provided implementations as well, in one of two possible
ways:
1. If the implementation's set_asn1_parameters or get_asn1_parameters
function pointers are non-NULL, this is a legacy implementation,
and that function is called.
2. Otherwise, if the cipher doesn't have EVP_CIPH_FLAG_CUSTOM_ASN1
set, the default AlgorithmIdentifier parameter code in libcrypto
is executed.
3. Otherwise, if the cipher is a provided implementation, the ASN1
type structure is converted to a DER blob which is then passed to
the implementation as a parameter (param_to_asn1) or the DER blob
is retrieved from the implementation as a parameter and converted
locally to a ASN1_TYPE (asn1_to_param).
With this, the old flag EVP_CIPH_FLAG_DEFAULT_ASN1 has become
irrelevant and is simply ignored.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10008)
2019-09-25 14:56:14 +08:00
|
|
|
&& d2i_ASN1_TYPE(&type, (const unsigned char **)&derp,
|
|
|
|
params[0].return_size) != NULL) {
|
|
|
|
ret = 1;
|
|
|
|
}
|
|
|
|
OPENSSL_free(der);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
ret = -2;
|
|
|
|
}
|
|
|
|
|
|
|
|
err:
|
2019-08-17 06:05:08 +08:00
|
|
|
if (ret == -2)
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_CIPHER);
|
2019-08-17 06:05:08 +08:00
|
|
|
else if (ret <= 0)
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_CIPHER_PARAMETER_ERROR);
|
2018-05-11 03:14:12 +08:00
|
|
|
if (ret < -1)
|
|
|
|
ret = -1;
|
2017-10-17 22:04:09 +08:00
|
|
|
return ret;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
1998-12-21 18:56:39 +08:00
|
|
|
|
2020-09-07 02:11:34 +08:00
|
|
|
int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
|
|
|
|
evp_cipher_aead_asn1_params *asn1_params)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
Adapt EVP_CIPHER_{param_to_asn1,asn1_to_param} for use with provider.
So far, these two funtions have depended on legacy EVP_CIPHER
implementations to be able to do their work. This change adapts them
to work with provided implementations as well, in one of two possible
ways:
1. If the implementation's set_asn1_parameters or get_asn1_parameters
function pointers are non-NULL, this is a legacy implementation,
and that function is called.
2. Otherwise, if the cipher doesn't have EVP_CIPH_FLAG_CUSTOM_ASN1
set, the default AlgorithmIdentifier parameter code in libcrypto
is executed.
3. Otherwise, if the cipher is a provided implementation, the ASN1
type structure is converted to a DER blob which is then passed to
the implementation as a parameter (param_to_asn1) or the DER blob
is retrieved from the implementation as a parameter and converted
locally to a ASN1_TYPE (asn1_to_param).
With this, the old flag EVP_CIPH_FLAG_DEFAULT_ASN1 has become
irrelevant and is simply ignored.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10008)
2019-09-25 14:56:14 +08:00
|
|
|
int ret = -1; /* Assume the worst */
|
2019-04-04 01:01:21 +08:00
|
|
|
const EVP_CIPHER *cipher = c->cipher;
|
|
|
|
|
Adapt EVP_CIPHER_{param_to_asn1,asn1_to_param} for use with provider.
So far, these two funtions have depended on legacy EVP_CIPHER
implementations to be able to do their work. This change adapts them
to work with provided implementations as well, in one of two possible
ways:
1. If the implementation's set_asn1_parameters or get_asn1_parameters
function pointers are non-NULL, this is a legacy implementation,
and that function is called.
2. Otherwise, if the cipher doesn't have EVP_CIPH_FLAG_CUSTOM_ASN1
set, the default AlgorithmIdentifier parameter code in libcrypto
is executed.
3. Otherwise, if the cipher is a provided implementation, the ASN1
type structure is converted to a DER blob which is then passed to
the implementation as a parameter (param_to_asn1) or the DER blob
is retrieved from the implementation as a parameter and converted
locally to a ASN1_TYPE (asn1_to_param).
With this, the old flag EVP_CIPH_FLAG_DEFAULT_ASN1 has become
irrelevant and is simply ignored.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10008)
2019-09-25 14:56:14 +08:00
|
|
|
/*
|
|
|
|
* For legacy implementations, we detect custom AlgorithmIdentifier
|
|
|
|
* parameter handling by checking if there the function pointer
|
|
|
|
* cipher->get_asn1_parameters is set. We know that this pointer
|
|
|
|
* is NULL for provided implementations.
|
|
|
|
*
|
|
|
|
* Otherwise, for any implementation, we check the flag
|
|
|
|
* EVP_CIPH_FLAG_CUSTOM_ASN1. If it isn't set, we apply
|
|
|
|
* default AI parameter creation.
|
|
|
|
*
|
|
|
|
* Otherwise, for provided implementations, we get the AI parameter
|
|
|
|
* in DER encoded form from the implementation by requesting the
|
|
|
|
* appropriate OSSL_PARAM and converting the result to a ASN1_TYPE.
|
|
|
|
*
|
|
|
|
* If none of the above applies, this operation is unsupported.
|
|
|
|
*/
|
|
|
|
if (cipher->get_asn1_parameters != NULL) {
|
2019-04-04 01:01:21 +08:00
|
|
|
ret = cipher->get_asn1_parameters(c, type);
|
Adapt EVP_CIPHER_{param_to_asn1,asn1_to_param} for use with provider.
So far, these two funtions have depended on legacy EVP_CIPHER
implementations to be able to do their work. This change adapts them
to work with provided implementations as well, in one of two possible
ways:
1. If the implementation's set_asn1_parameters or get_asn1_parameters
function pointers are non-NULL, this is a legacy implementation,
and that function is called.
2. Otherwise, if the cipher doesn't have EVP_CIPH_FLAG_CUSTOM_ASN1
set, the default AlgorithmIdentifier parameter code in libcrypto
is executed.
3. Otherwise, if the cipher is a provided implementation, the ASN1
type structure is converted to a DER blob which is then passed to
the implementation as a parameter (param_to_asn1) or the DER blob
is retrieved from the implementation as a parameter and converted
locally to a ASN1_TYPE (asn1_to_param).
With this, the old flag EVP_CIPH_FLAG_DEFAULT_ASN1 has become
irrelevant and is simply ignored.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10008)
2019-09-25 14:56:14 +08:00
|
|
|
} else if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) {
|
2019-04-04 01:01:21 +08:00
|
|
|
switch (EVP_CIPHER_mode(cipher)) {
|
2015-08-01 22:38:11 +08:00
|
|
|
case EVP_CIPH_WRAP_MODE:
|
|
|
|
ret = 1;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case EVP_CIPH_GCM_MODE:
|
2020-09-07 02:11:34 +08:00
|
|
|
ret = evp_cipher_get_asn1_aead_params(c, type, asn1_params);
|
|
|
|
break;
|
|
|
|
|
2015-08-01 22:38:11 +08:00
|
|
|
case EVP_CIPH_CCM_MODE:
|
|
|
|
case EVP_CIPH_XTS_MODE:
|
|
|
|
case EVP_CIPH_OCB_MODE:
|
2018-05-11 03:14:12 +08:00
|
|
|
ret = -2;
|
2015-08-01 22:38:11 +08:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
ret = EVP_CIPHER_get_asn1_iv(c, type);
|
|
|
|
}
|
Adapt EVP_CIPHER_{param_to_asn1,asn1_to_param} for use with provider.
So far, these two funtions have depended on legacy EVP_CIPHER
implementations to be able to do their work. This change adapts them
to work with provided implementations as well, in one of two possible
ways:
1. If the implementation's set_asn1_parameters or get_asn1_parameters
function pointers are non-NULL, this is a legacy implementation,
and that function is called.
2. Otherwise, if the cipher doesn't have EVP_CIPH_FLAG_CUSTOM_ASN1
set, the default AlgorithmIdentifier parameter code in libcrypto
is executed.
3. Otherwise, if the cipher is a provided implementation, the ASN1
type structure is converted to a DER blob which is then passed to
the implementation as a parameter (param_to_asn1) or the DER blob
is retrieved from the implementation as a parameter and converted
locally to a ASN1_TYPE (asn1_to_param).
With this, the old flag EVP_CIPH_FLAG_DEFAULT_ASN1 has become
irrelevant and is simply ignored.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10008)
2019-09-25 14:56:14 +08:00
|
|
|
} else if (cipher->prov != NULL) {
|
|
|
|
OSSL_PARAM params[3], *p = params;
|
|
|
|
unsigned char *der = NULL;
|
|
|
|
int derl = -1;
|
|
|
|
|
|
|
|
if ((derl = i2d_ASN1_TYPE(type, &der)) >= 0) {
|
|
|
|
*p++ =
|
2021-05-04 13:19:42 +08:00
|
|
|
OSSL_PARAM_construct_octet_string(
|
|
|
|
OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS,
|
|
|
|
der, (size_t)derl);
|
Adapt EVP_CIPHER_{param_to_asn1,asn1_to_param} for use with provider.
So far, these two funtions have depended on legacy EVP_CIPHER
implementations to be able to do their work. This change adapts them
to work with provided implementations as well, in one of two possible
ways:
1. If the implementation's set_asn1_parameters or get_asn1_parameters
function pointers are non-NULL, this is a legacy implementation,
and that function is called.
2. Otherwise, if the cipher doesn't have EVP_CIPH_FLAG_CUSTOM_ASN1
set, the default AlgorithmIdentifier parameter code in libcrypto
is executed.
3. Otherwise, if the cipher is a provided implementation, the ASN1
type structure is converted to a DER blob which is then passed to
the implementation as a parameter (param_to_asn1) or the DER blob
is retrieved from the implementation as a parameter and converted
locally to a ASN1_TYPE (asn1_to_param).
With this, the old flag EVP_CIPH_FLAG_DEFAULT_ASN1 has become
irrelevant and is simply ignored.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10008)
2019-09-25 14:56:14 +08:00
|
|
|
*p = OSSL_PARAM_construct_end();
|
|
|
|
if (EVP_CIPHER_CTX_set_params(c, params))
|
|
|
|
ret = 1;
|
|
|
|
OPENSSL_free(der);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
ret = -2;
|
|
|
|
}
|
|
|
|
|
2019-08-17 06:05:08 +08:00
|
|
|
if (ret == -2)
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_CIPHER);
|
2019-08-17 06:05:08 +08:00
|
|
|
else if (ret <= 0)
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_CIPHER_PARAMETER_ERROR);
|
2018-05-11 03:14:12 +08:00
|
|
|
if (ret < -1)
|
|
|
|
ret = -1;
|
2017-10-17 22:04:09 +08:00
|
|
|
return ret;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
1998-12-21 18:56:39 +08:00
|
|
|
|
2020-09-07 02:11:34 +08:00
|
|
|
int evp_cipher_get_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
|
|
|
|
evp_cipher_aead_asn1_params *asn1_params)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
int i = 0;
|
2020-09-07 02:11:34 +08:00
|
|
|
long tl;
|
|
|
|
unsigned char iv[EVP_MAX_IV_LENGTH];
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2020-09-07 02:11:34 +08:00
|
|
|
if (type == NULL || asn1_params == NULL)
|
|
|
|
return 0;
|
2019-04-04 01:01:21 +08:00
|
|
|
|
2021-03-09 07:48:16 +08:00
|
|
|
i = ossl_asn1_type_get_octetstring_int(type, &tl, NULL, EVP_MAX_IV_LENGTH);
|
2020-09-07 02:11:34 +08:00
|
|
|
if (i <= 0)
|
|
|
|
return -1;
|
2021-03-09 07:48:16 +08:00
|
|
|
ossl_asn1_type_get_octetstring_int(type, &tl, iv, i);
|
2020-09-07 02:11:34 +08:00
|
|
|
|
|
|
|
memcpy(asn1_params->iv, iv, i);
|
|
|
|
asn1_params->iv_len = i;
|
2019-04-04 01:01:21 +08:00
|
|
|
|
2017-10-17 22:04:09 +08:00
|
|
|
return i;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
1998-12-21 18:56:39 +08:00
|
|
|
|
2020-09-07 02:11:34 +08:00
|
|
|
int evp_cipher_set_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
|
|
|
|
evp_cipher_aead_asn1_params *asn1_params)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2020-09-07 02:11:34 +08:00
|
|
|
if (type == NULL || asn1_params == NULL)
|
|
|
|
return 0;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2021-03-09 07:48:16 +08:00
|
|
|
return ossl_asn1_type_set_octetstring_int(type, asn1_params->tag_len,
|
|
|
|
asn1_params->iv,
|
|
|
|
asn1_params->iv_len);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2020-04-14 04:34:56 +08:00
|
|
|
#endif /* !defined(FIPS_MODULE) */
|
1999-05-10 08:47:42 +08:00
|
|
|
|
|
|
|
/* Convert the various cipher NIDs and dummies to a proper OID NID */
|
2021-03-27 00:53:59 +08:00
|
|
|
int EVP_CIPHER_type(const EVP_CIPHER *cipher)
|
1999-05-10 08:47:42 +08:00
|
|
|
{
|
2015-01-22 11:40:55 +08:00
|
|
|
int nid;
|
2021-03-27 00:53:59 +08:00
|
|
|
nid = EVP_CIPHER_nid(cipher);
|
1999-05-10 08:47:42 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
switch (nid) {
|
1999-05-10 08:47:42 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
case NID_rc2_cbc:
|
|
|
|
case NID_rc2_64_cbc:
|
|
|
|
case NID_rc2_40_cbc:
|
1999-05-10 08:47:42 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
return NID_rc2_cbc;
|
1999-05-10 08:47:42 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
case NID_rc4:
|
|
|
|
case NID_rc4_40:
|
1999-05-10 08:47:42 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
return NID_rc4;
|
1999-05-10 08:47:42 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
case NID_aes_128_cfb128:
|
|
|
|
case NID_aes_128_cfb8:
|
|
|
|
case NID_aes_128_cfb1:
|
2004-01-29 03:05:35 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
return NID_aes_128_cfb128;
|
2004-01-29 03:05:35 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
case NID_aes_192_cfb128:
|
|
|
|
case NID_aes_192_cfb8:
|
|
|
|
case NID_aes_192_cfb1:
|
2004-01-29 03:05:35 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
return NID_aes_192_cfb128;
|
2004-01-29 03:05:35 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
case NID_aes_256_cfb128:
|
|
|
|
case NID_aes_256_cfb8:
|
|
|
|
case NID_aes_256_cfb1:
|
2004-01-29 03:05:35 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
return NID_aes_256_cfb128;
|
2004-01-29 03:05:35 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
case NID_des_cfb64:
|
|
|
|
case NID_des_cfb8:
|
|
|
|
case NID_des_cfb1:
|
2004-01-29 03:05:35 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
return NID_des_cfb64;
|
2004-01-29 03:05:35 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
case NID_des_ede3_cfb64:
|
|
|
|
case NID_des_ede3_cfb8:
|
|
|
|
case NID_des_ede3_cfb1:
|
2009-12-25 22:13:11 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
return NID_des_cfb64;
|
2009-12-25 22:13:11 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
default:
|
2020-04-14 04:34:56 +08:00
|
|
|
#ifdef FIPS_MODULE
|
2019-05-13 13:41:06 +08:00
|
|
|
return NID_undef;
|
|
|
|
#else
|
|
|
|
{
|
|
|
|
/* Check it has an OID and it is valid */
|
|
|
|
ASN1_OBJECT *otmp = OBJ_nid2obj(nid);
|
|
|
|
|
|
|
|
if (OBJ_get0_data(otmp) == NULL)
|
|
|
|
nid = NID_undef;
|
|
|
|
ASN1_OBJECT_free(otmp);
|
|
|
|
return nid;
|
|
|
|
}
|
|
|
|
#endif
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
1999-05-10 08:47:42 +08:00
|
|
|
}
|
|
|
|
|
2019-11-18 08:32:36 +08:00
|
|
|
int evp_cipher_cache_constants(EVP_CIPHER *cipher)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2020-12-17 14:39:57 +08:00
|
|
|
int ok, aead = 0, custom_iv = 0, cts = 0, multiblock = 0;
|
2019-11-18 08:32:36 +08:00
|
|
|
size_t ivlen = 0;
|
|
|
|
size_t blksz = 0;
|
|
|
|
size_t keylen = 0;
|
|
|
|
unsigned int mode = 0;
|
2020-12-17 14:39:57 +08:00
|
|
|
OSSL_PARAM params[9];
|
2019-11-18 08:32:36 +08:00
|
|
|
|
|
|
|
params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, &blksz);
|
|
|
|
params[1] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &ivlen);
|
|
|
|
params[2] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &keylen);
|
|
|
|
params[3] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_MODE, &mode);
|
2020-12-17 14:39:57 +08:00
|
|
|
params[4] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_AEAD, &aead);
|
|
|
|
params[5] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_CUSTOM_IV,
|
|
|
|
&custom_iv);
|
|
|
|
params[6] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_CTS, &cts);
|
|
|
|
params[7] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK,
|
|
|
|
&multiblock);
|
|
|
|
params[8] = OSSL_PARAM_construct_end();
|
2019-07-16 07:46:14 +08:00
|
|
|
ok = evp_do_ciph_getparams(cipher, params);
|
2019-11-18 08:32:36 +08:00
|
|
|
if (ok) {
|
|
|
|
cipher->block_size = blksz;
|
|
|
|
cipher->iv_len = ivlen;
|
|
|
|
cipher->key_len = keylen;
|
2020-12-17 14:39:57 +08:00
|
|
|
cipher->flags = mode;
|
|
|
|
if (aead)
|
|
|
|
cipher->flags |= EVP_CIPH_FLAG_AEAD_CIPHER;
|
|
|
|
if (custom_iv)
|
|
|
|
cipher->flags |= EVP_CIPH_CUSTOM_IV;
|
|
|
|
if (cts)
|
|
|
|
cipher->flags |= EVP_CIPH_FLAG_CTS;
|
|
|
|
if (multiblock)
|
|
|
|
cipher->flags |= EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK;
|
|
|
|
/* Provided implementations may have a custom cipher_cipher */
|
|
|
|
if (cipher->prov != NULL && cipher->ccipher != NULL)
|
|
|
|
cipher->flags |= EVP_CIPH_FLAG_CUSTOM_CIPHER;
|
2021-05-04 13:19:42 +08:00
|
|
|
/* Provided implementations may also have custom ASN1 algorithm parameters */
|
|
|
|
if (OSSL_PARAM_locate_const(EVP_CIPHER_gettable_ctx_params(cipher),
|
|
|
|
OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS))
|
|
|
|
cipher->flags |= EVP_CIPH_FLAG_CUSTOM_ASN1;
|
2019-11-18 08:32:36 +08:00
|
|
|
}
|
|
|
|
return ok;
|
|
|
|
}
|
2019-07-09 13:32:16 +08:00
|
|
|
|
2019-11-18 08:32:36 +08:00
|
|
|
int EVP_CIPHER_block_size(const EVP_CIPHER *cipher)
|
|
|
|
{
|
|
|
|
return cipher->block_size;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2006-11-30 04:54:57 +08:00
|
|
|
|
2008-11-12 11:58:08 +08:00
|
|
|
int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2019-04-04 01:01:21 +08:00
|
|
|
return EVP_CIPHER_block_size(ctx->cipher);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2006-11-30 04:54:57 +08:00
|
|
|
|
2015-12-18 23:37:02 +08:00
|
|
|
int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e)
|
|
|
|
{
|
|
|
|
return e->ctx_size;
|
|
|
|
}
|
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|
|
|
const unsigned char *in, unsigned int inl)
|
|
|
|
{
|
2019-04-04 01:01:21 +08:00
|
|
|
if (ctx->cipher->prov != NULL) {
|
Fix EVP_Cipher() for provided cipher implementations
EVP_Cipher() would return whatever ctx->cipher->ccipher() returned
with no regard for historical semantics.
We change this to first look if there is a ctx->cipher->ccipher(), and
in that case we treat the implementation as one with a custom cipher,
and "translate" it's return value like this: 0 => -1, 1 => outl, where
|outl| is the output length.
If there is no ctx->cipher->ccipher, we treat the implementation as
one without a custom cipher, call ctx->cipher->cupdate or
ctx->cipher->cfinal depending on input, and return whatever they
return (0 or 1).
Furthermore, we add a small hack in EVP_CIPHER_flags() to check if the
cipher is a provided one, and add EVP_CIPH_FLAG_CUSTOM_CIPHER to the
flags to be returned if there is a cipher->ccipher. That way,
provided implementations never have to set that flag themselves, all
they need to do is to include a OSSL_FUNC_CIPHER_CIPHER function.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10137)
2019-10-11 00:04:06 +08:00
|
|
|
/*
|
|
|
|
* If the provided implementation has a ccipher function, we use it,
|
|
|
|
* and translate its return value like this: 0 => -1, 1 => outlen
|
|
|
|
*
|
|
|
|
* Otherwise, we call the cupdate function if in != NULL, or cfinal
|
|
|
|
* if in == NULL. Regardless of which, we return what we got.
|
|
|
|
*/
|
|
|
|
int ret = -1;
|
|
|
|
size_t outl = 0;
|
|
|
|
size_t blocksize = EVP_CIPHER_CTX_block_size(ctx);
|
2019-04-30 20:01:52 +08:00
|
|
|
|
2019-04-04 01:01:21 +08:00
|
|
|
if (ctx->cipher->ccipher != NULL)
|
Fix EVP_Cipher() for provided cipher implementations
EVP_Cipher() would return whatever ctx->cipher->ccipher() returned
with no regard for historical semantics.
We change this to first look if there is a ctx->cipher->ccipher(), and
in that case we treat the implementation as one with a custom cipher,
and "translate" it's return value like this: 0 => -1, 1 => outl, where
|outl| is the output length.
If there is no ctx->cipher->ccipher, we treat the implementation as
one without a custom cipher, call ctx->cipher->cupdate or
ctx->cipher->cfinal depending on input, and return whatever they
return (0 or 1).
Furthermore, we add a small hack in EVP_CIPHER_flags() to check if the
cipher is a provided one, and add EVP_CIPH_FLAG_CUSTOM_CIPHER to the
flags to be returned if there is a cipher->ccipher. That way,
provided implementations never have to set that flag themselves, all
they need to do is to include a OSSL_FUNC_CIPHER_CIPHER function.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10137)
2019-10-11 00:04:06 +08:00
|
|
|
ret = ctx->cipher->ccipher(ctx->provctx, out, &outl,
|
|
|
|
inl + (blocksize == 1 ? 0 : blocksize),
|
|
|
|
in, (size_t)inl)
|
|
|
|
? (int)outl : -1;
|
|
|
|
else if (in != NULL)
|
|
|
|
ret = ctx->cipher->cupdate(ctx->provctx, out, &outl,
|
|
|
|
inl + (blocksize == 1 ? 0 : blocksize),
|
|
|
|
in, (size_t)inl);
|
|
|
|
else
|
|
|
|
ret = ctx->cipher->cfinal(ctx->provctx, out, &outl,
|
|
|
|
blocksize == 1 ? 0 : blocksize);
|
|
|
|
|
|
|
|
return ret;
|
2019-04-04 01:01:21 +08:00
|
|
|
}
|
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
return ctx->cipher->do_cipher(ctx, out, in, inl);
|
|
|
|
}
|
2006-11-30 04:54:57 +08:00
|
|
|
|
Add "origin" field to EVP_CIPHER, EVP_MD
Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch,
or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all
three origins. The flag is deliberately right before some function pointers,
so that compile-time failures (int/pointer) will occur, as opposed to
taking a bit in the existing "flags" field. The "global variable" flag
is non-zero, so the default case of using OPENSSL_zalloc (for provider
ciphers), will do the right thing. Ref-counting is a no-op for
Make up_ref no-op for global MD and CIPHER objects
Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as
the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate
EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add
EVP_CIPHER_CTX_get1_CIPHER().
Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common
evp_md_free_int() function.
Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common
evp_cipher_free_int() function.
Also change some flags tests to explicit test == or != zero. E.g.,
if (flags & x) --> if ((flags & x) != 0)
if (!(flags & x)) --> if ((flags & x) == 0)
Only done for those lines where "get0_cipher" calls were made.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14193)
2021-02-17 06:51:56 +08:00
|
|
|
#ifndef OPENSSL_NO_DEPRECATED_3_0
|
2006-11-30 04:54:57 +08:00
|
|
|
const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
Add "origin" field to EVP_CIPHER, EVP_MD
Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch,
or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all
three origins. The flag is deliberately right before some function pointers,
so that compile-time failures (int/pointer) will occur, as opposed to
taking a bit in the existing "flags" field. The "global variable" flag
is non-zero, so the default case of using OPENSSL_zalloc (for provider
ciphers), will do the right thing. Ref-counting is a no-op for
Make up_ref no-op for global MD and CIPHER objects
Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as
the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate
EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add
EVP_CIPHER_CTX_get1_CIPHER().
Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common
evp_md_free_int() function.
Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common
evp_cipher_free_int() function.
Also change some flags tests to explicit test == or != zero. E.g.,
if (flags & x) --> if ((flags & x) != 0)
if (!(flags & x)) --> if ((flags & x) == 0)
Only done for those lines where "get0_cipher" calls were made.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14193)
2021-02-17 06:51:56 +08:00
|
|
|
if (ctx == NULL)
|
|
|
|
return NULL;
|
|
|
|
return ctx->cipher;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx)
|
|
|
|
{
|
|
|
|
if (ctx == NULL)
|
|
|
|
return NULL;
|
2015-01-22 11:40:55 +08:00
|
|
|
return ctx->cipher;
|
|
|
|
}
|
2006-11-30 04:54:57 +08:00
|
|
|
|
Add "origin" field to EVP_CIPHER, EVP_MD
Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch,
or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all
three origins. The flag is deliberately right before some function pointers,
so that compile-time failures (int/pointer) will occur, as opposed to
taking a bit in the existing "flags" field. The "global variable" flag
is non-zero, so the default case of using OPENSSL_zalloc (for provider
ciphers), will do the right thing. Ref-counting is a no-op for
Make up_ref no-op for global MD and CIPHER objects
Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as
the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate
EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add
EVP_CIPHER_CTX_get1_CIPHER().
Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common
evp_md_free_int() function.
Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common
evp_cipher_free_int() function.
Also change some flags tests to explicit test == or != zero. E.g.,
if (flags & x) --> if ((flags & x) != 0)
if (!(flags & x)) --> if ((flags & x) == 0)
Only done for those lines where "get0_cipher" calls were made.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14193)
2021-02-17 06:51:56 +08:00
|
|
|
EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(EVP_CIPHER_CTX *ctx)
|
|
|
|
{
|
|
|
|
EVP_CIPHER *cipher;
|
|
|
|
|
|
|
|
if (ctx == NULL)
|
|
|
|
return NULL;
|
|
|
|
cipher = (EVP_CIPHER *)ctx->cipher;
|
|
|
|
if (!EVP_CIPHER_up_ref(cipher))
|
|
|
|
return NULL;
|
|
|
|
return cipher;
|
|
|
|
}
|
|
|
|
|
2015-12-14 04:25:42 +08:00
|
|
|
int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
|
|
|
|
{
|
|
|
|
return ctx->encrypt;
|
|
|
|
}
|
|
|
|
|
2006-11-30 04:54:57 +08:00
|
|
|
unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2019-11-18 08:32:36 +08:00
|
|
|
return cipher->flags;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2006-11-30 04:54:57 +08:00
|
|
|
|
|
|
|
void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
return ctx->app_data;
|
|
|
|
}
|
2006-11-30 04:54:57 +08:00
|
|
|
|
|
|
|
void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
ctx->app_data = data;
|
|
|
|
}
|
2006-11-30 04:54:57 +08:00
|
|
|
|
2016-03-07 18:17:27 +08:00
|
|
|
void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx)
|
2015-12-14 04:25:42 +08:00
|
|
|
{
|
|
|
|
return ctx->cipher_data;
|
|
|
|
}
|
|
|
|
|
2015-09-22 18:11:24 +08:00
|
|
|
void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data)
|
|
|
|
{
|
|
|
|
void *old_cipher_data;
|
|
|
|
|
|
|
|
old_cipher_data = ctx->cipher_data;
|
|
|
|
ctx->cipher_data = cipher_data;
|
|
|
|
|
|
|
|
return old_cipher_data;
|
|
|
|
}
|
|
|
|
|
2008-11-12 11:58:08 +08:00
|
|
|
int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2019-11-18 08:32:36 +08:00
|
|
|
return cipher->iv_len;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2006-11-30 04:54:57 +08:00
|
|
|
|
2008-11-12 11:58:08 +08:00
|
|
|
int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2019-09-14 07:11:28 +08:00
|
|
|
int rv, len = EVP_CIPHER_iv_length(ctx->cipher);
|
|
|
|
size_t v = len;
|
2019-07-31 19:55:16 +08:00
|
|
|
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
|
|
|
|
|
2019-09-05 09:23:57 +08:00
|
|
|
params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &v);
|
2019-08-08 11:14:05 +08:00
|
|
|
rv = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
|
|
|
|
if (rv == EVP_CTRL_RET_UNSUPPORTED)
|
|
|
|
goto legacy;
|
2019-09-05 09:23:57 +08:00
|
|
|
return rv != 0 ? (int)v : -1;
|
2021-03-02 23:16:06 +08:00
|
|
|
/* Code below to be removed when legacy support is dropped. */
|
2019-08-08 11:14:05 +08:00
|
|
|
legacy:
|
|
|
|
if ((EVP_CIPHER_flags(ctx->cipher) & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) {
|
|
|
|
rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN,
|
|
|
|
0, &len);
|
2019-09-14 07:11:28 +08:00
|
|
|
return (rv == 1) ? len : -1;
|
2019-08-08 11:14:05 +08:00
|
|
|
}
|
2019-09-14 07:11:28 +08:00
|
|
|
return len;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2006-11-30 04:54:57 +08:00
|
|
|
|
2019-09-11 15:52:30 +08:00
|
|
|
int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
size_t v = 0;
|
|
|
|
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
|
|
|
|
|
|
|
|
params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, &v);
|
|
|
|
ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
|
|
|
|
return ret == 1 ? (int)v : 0;
|
|
|
|
}
|
|
|
|
|
Deprecate and replace EVP_CIPHER_CTX_iv()/etc.
The EVP_CIPHER_CTX_iv() family of functions are incompatible with
the libcrypto/provider separation, since the implied API contract
(they are undocumented) involves a pointer into the active cipher
context structure. However, the active IV data in a provider-side
context need not even be in the same address space as libcrypto,
so a replacement API is needed.
The existing functions for accessing the (even the "original") IV had
remained undocumented for quite some time, presumably due to unease
about exposing the internals of the cipher state in such a manner.
Provide more maintainable new APIs for accessing the initial ("oiv") and
current-state ("iv") IV data, that copy the value into a caller-provided
array, eliminating the need to provide a pointer into the internal
cipher context, which accordingly no longer provides the ability to
write to the internal cipher state.
Unfortunately, in order to maintain API compatibility with OpenSSL
1.1.1, the old functionality is still available, but is marked as
deprecated for future removal. This would entail removing the "octet
pointer" parameter access, leaving only the "octet string" parameter
type.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
2020-06-20 09:43:58 +08:00
|
|
|
#ifndef OPENSSL_NO_DEPRECATED_3_0
|
2015-12-14 04:25:42 +08:00
|
|
|
const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
|
|
|
|
{
|
2019-10-08 07:19:10 +08:00
|
|
|
int ok;
|
|
|
|
const unsigned char *v = ctx->oiv;
|
|
|
|
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
|
|
|
|
|
|
|
|
params[0] =
|
|
|
|
OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV,
|
|
|
|
(void **)&v, sizeof(ctx->oiv));
|
|
|
|
ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
|
|
|
|
|
|
|
|
return ok != 0 ? v : NULL;
|
2015-12-14 04:25:42 +08:00
|
|
|
}
|
|
|
|
|
2019-07-09 13:32:16 +08:00
|
|
|
/*
|
|
|
|
* OSSL_PARAM_OCTET_PTR gets us the pointer to the running IV in the provider
|
|
|
|
*/
|
2015-12-14 04:25:42 +08:00
|
|
|
const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
|
|
|
|
{
|
2019-07-16 07:46:14 +08:00
|
|
|
int ok;
|
2019-07-09 13:32:16 +08:00
|
|
|
const unsigned char *v = ctx->iv;
|
2019-07-16 07:46:14 +08:00
|
|
|
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
|
2019-07-09 13:32:16 +08:00
|
|
|
|
2019-07-16 07:46:14 +08:00
|
|
|
params[0] =
|
2021-01-14 22:19:46 +08:00
|
|
|
OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_UPDATED_IV,
|
|
|
|
(void **)&v, sizeof(ctx->iv));
|
2019-07-16 07:46:14 +08:00
|
|
|
ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
|
|
|
|
|
|
|
|
return ok != 0 ? v : NULL;
|
2015-12-14 04:25:42 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
|
|
|
|
{
|
2019-07-16 07:46:14 +08:00
|
|
|
int ok;
|
2019-07-09 13:32:16 +08:00
|
|
|
unsigned char *v = ctx->iv;
|
2019-07-16 07:46:14 +08:00
|
|
|
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
|
|
|
|
|
|
|
|
params[0] =
|
2021-01-14 22:19:46 +08:00
|
|
|
OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_UPDATED_IV,
|
|
|
|
(void **)&v, sizeof(ctx->iv));
|
2019-07-16 07:46:14 +08:00
|
|
|
ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
|
2019-07-09 13:32:16 +08:00
|
|
|
|
2019-07-16 07:46:14 +08:00
|
|
|
return ok != 0 ? v : NULL;
|
2015-12-14 04:25:42 +08:00
|
|
|
}
|
Deprecate and replace EVP_CIPHER_CTX_iv()/etc.
The EVP_CIPHER_CTX_iv() family of functions are incompatible with
the libcrypto/provider separation, since the implied API contract
(they are undocumented) involves a pointer into the active cipher
context structure. However, the active IV data in a provider-side
context need not even be in the same address space as libcrypto,
so a replacement API is needed.
The existing functions for accessing the (even the "original") IV had
remained undocumented for quite some time, presumably due to unease
about exposing the internals of the cipher state in such a manner.
Provide more maintainable new APIs for accessing the initial ("oiv") and
current-state ("iv") IV data, that copy the value into a caller-provided
array, eliminating the need to provide a pointer into the internal
cipher context, which accordingly no longer provides the ability to
write to the internal cipher state.
Unfortunately, in order to maintain API compatibility with OpenSSL
1.1.1, the old functionality is still available, but is marked as
deprecated for future removal. This would entail removing the "octet
pointer" parameter access, leaving only the "octet string" parameter
type.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
2020-06-20 09:43:58 +08:00
|
|
|
#endif /* OPENSSL_NO_DEPRECATED_3_0_0 */
|
|
|
|
|
2021-01-14 22:19:46 +08:00
|
|
|
int EVP_CIPHER_CTX_get_updated_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len)
|
Deprecate and replace EVP_CIPHER_CTX_iv()/etc.
The EVP_CIPHER_CTX_iv() family of functions are incompatible with
the libcrypto/provider separation, since the implied API contract
(they are undocumented) involves a pointer into the active cipher
context structure. However, the active IV data in a provider-side
context need not even be in the same address space as libcrypto,
so a replacement API is needed.
The existing functions for accessing the (even the "original") IV had
remained undocumented for quite some time, presumably due to unease
about exposing the internals of the cipher state in such a manner.
Provide more maintainable new APIs for accessing the initial ("oiv") and
current-state ("iv") IV data, that copy the value into a caller-provided
array, eliminating the need to provide a pointer into the internal
cipher context, which accordingly no longer provides the ability to
write to the internal cipher state.
Unfortunately, in order to maintain API compatibility with OpenSSL
1.1.1, the old functionality is still available, but is marked as
deprecated for future removal. This would entail removing the "octet
pointer" parameter access, leaving only the "octet string" parameter
type.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
2020-06-20 09:43:58 +08:00
|
|
|
{
|
|
|
|
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
|
|
|
|
|
|
|
|
params[0] =
|
2021-01-14 22:19:46 +08:00
|
|
|
OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, buf, len);
|
Deprecate and replace EVP_CIPHER_CTX_iv()/etc.
The EVP_CIPHER_CTX_iv() family of functions are incompatible with
the libcrypto/provider separation, since the implied API contract
(they are undocumented) involves a pointer into the active cipher
context structure. However, the active IV data in a provider-side
context need not even be in the same address space as libcrypto,
so a replacement API is needed.
The existing functions for accessing the (even the "original") IV had
remained undocumented for quite some time, presumably due to unease
about exposing the internals of the cipher state in such a manner.
Provide more maintainable new APIs for accessing the initial ("oiv") and
current-state ("iv") IV data, that copy the value into a caller-provided
array, eliminating the need to provide a pointer into the internal
cipher context, which accordingly no longer provides the ability to
write to the internal cipher state.
Unfortunately, in order to maintain API compatibility with OpenSSL
1.1.1, the old functionality is still available, but is marked as
deprecated for future removal. This would entail removing the "octet
pointer" parameter access, leaving only the "octet string" parameter
type.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
2020-06-20 09:43:58 +08:00
|
|
|
return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
|
|
|
|
}
|
|
|
|
|
2021-01-14 22:19:46 +08:00
|
|
|
int EVP_CIPHER_CTX_get_original_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len)
|
Deprecate and replace EVP_CIPHER_CTX_iv()/etc.
The EVP_CIPHER_CTX_iv() family of functions are incompatible with
the libcrypto/provider separation, since the implied API contract
(they are undocumented) involves a pointer into the active cipher
context structure. However, the active IV data in a provider-side
context need not even be in the same address space as libcrypto,
so a replacement API is needed.
The existing functions for accessing the (even the "original") IV had
remained undocumented for quite some time, presumably due to unease
about exposing the internals of the cipher state in such a manner.
Provide more maintainable new APIs for accessing the initial ("oiv") and
current-state ("iv") IV data, that copy the value into a caller-provided
array, eliminating the need to provide a pointer into the internal
cipher context, which accordingly no longer provides the ability to
write to the internal cipher state.
Unfortunately, in order to maintain API compatibility with OpenSSL
1.1.1, the old functionality is still available, but is marked as
deprecated for future removal. This would entail removing the "octet
pointer" parameter access, leaving only the "octet string" parameter
type.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
2020-06-20 09:43:58 +08:00
|
|
|
{
|
|
|
|
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
|
|
|
|
|
|
|
|
params[0] =
|
|
|
|
OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, buf, len);
|
|
|
|
return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
|
|
|
|
}
|
2015-12-14 04:25:42 +08:00
|
|
|
|
|
|
|
unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
|
|
|
|
{
|
|
|
|
return ctx->buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx)
|
|
|
|
{
|
2019-09-05 09:23:57 +08:00
|
|
|
int ok;
|
|
|
|
unsigned int v = (unsigned int)ctx->num;
|
2019-07-16 07:46:14 +08:00
|
|
|
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
|
2019-07-09 13:32:16 +08:00
|
|
|
|
2019-09-05 09:23:57 +08:00
|
|
|
params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_NUM, &v);
|
2019-07-16 07:46:14 +08:00
|
|
|
ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
|
|
|
|
|
2019-09-05 09:23:57 +08:00
|
|
|
return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
|
2015-12-14 04:25:42 +08:00
|
|
|
}
|
|
|
|
|
2019-07-09 13:32:16 +08:00
|
|
|
int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num)
|
2015-12-14 04:25:42 +08:00
|
|
|
{
|
2019-07-16 07:46:14 +08:00
|
|
|
int ok;
|
2019-09-05 09:23:57 +08:00
|
|
|
unsigned int n = (unsigned int)num;
|
2019-07-16 07:46:14 +08:00
|
|
|
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
|
2019-07-09 13:32:16 +08:00
|
|
|
|
2019-09-05 09:23:57 +08:00
|
|
|
params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_NUM, &n);
|
2019-07-16 07:46:14 +08:00
|
|
|
ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params);
|
|
|
|
|
|
|
|
if (ok != 0)
|
2019-09-05 09:23:57 +08:00
|
|
|
ctx->num = (int)n;
|
2019-07-09 13:32:16 +08:00
|
|
|
return ok != 0;
|
2015-12-14 04:25:42 +08:00
|
|
|
}
|
|
|
|
|
2008-11-12 11:58:08 +08:00
|
|
|
int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2019-11-18 08:32:36 +08:00
|
|
|
return cipher->key_len;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2006-11-30 04:54:57 +08:00
|
|
|
|
2008-11-12 11:58:08 +08:00
|
|
|
int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2019-09-05 09:23:57 +08:00
|
|
|
int ok;
|
|
|
|
size_t v = ctx->key_len;
|
2019-07-16 07:46:14 +08:00
|
|
|
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
|
|
|
|
|
2019-09-05 09:23:57 +08:00
|
|
|
params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &v);
|
2019-07-16 07:46:14 +08:00
|
|
|
ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
|
2019-07-09 13:32:16 +08:00
|
|
|
|
2019-09-05 09:23:57 +08:00
|
|
|
return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2006-11-30 04:54:57 +08:00
|
|
|
|
|
|
|
int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
return cipher->nid;
|
|
|
|
}
|
2006-11-30 04:54:57 +08:00
|
|
|
|
|
|
|
int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
return ctx->cipher->nid;
|
|
|
|
}
|
2006-11-30 04:54:57 +08:00
|
|
|
|
2019-09-14 22:35:08 +08:00
|
|
|
int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name)
|
|
|
|
{
|
2020-01-15 08:04:37 +08:00
|
|
|
if (cipher->prov != NULL)
|
|
|
|
return evp_is_a(cipher->prov, cipher->name_id, NULL, name);
|
|
|
|
return evp_is_a(NULL, 0, EVP_CIPHER_name(cipher), name);
|
2019-09-14 22:35:08 +08:00
|
|
|
}
|
|
|
|
|
2019-09-23 17:16:21 +08:00
|
|
|
int EVP_CIPHER_number(const EVP_CIPHER *cipher)
|
|
|
|
{
|
|
|
|
return cipher->name_id;
|
|
|
|
}
|
|
|
|
|
2019-07-11 04:24:00 +08:00
|
|
|
const char *EVP_CIPHER_name(const EVP_CIPHER *cipher)
|
|
|
|
{
|
2021-04-16 22:22:03 +08:00
|
|
|
if (cipher->type_name != NULL)
|
|
|
|
return cipher->type_name;
|
2020-04-14 04:34:56 +08:00
|
|
|
#ifndef FIPS_MODULE
|
2019-07-11 04:24:00 +08:00
|
|
|
return OBJ_nid2sn(EVP_CIPHER_nid(cipher));
|
|
|
|
#else
|
|
|
|
return NULL;
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
EVP: Add EVP_<TYPE>_description()
The following operation types are covered:
EVP_MD, EVP_CIPHER, EVP_MAC, EVP_RAND, EVP_KEYMGMT, EVP_SIGNATURE,
EVP_ASYM_CIPHER, EVP_KEM, EVP_KEYEXCH, EVP_KDF. Also EVP_PKEY.
For EVP_MD and EVP_CIPHER, OBJ_nid2ln() is used as a fallback for
legacy implementations.
For EVP_PKEY, the info field of the EVP_PKEY_ASN1_METHOD is used as a
fallback for legacy implementations.
Fixes #14514
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
2021-03-16 21:23:54 +08:00
|
|
|
const char *EVP_CIPHER_description(const EVP_CIPHER *cipher)
|
|
|
|
{
|
|
|
|
if (cipher->description != NULL)
|
|
|
|
return cipher->description;
|
|
|
|
#ifndef FIPS_MODULE
|
|
|
|
return OBJ_nid2ln(EVP_CIPHER_nid(cipher));
|
|
|
|
#else
|
|
|
|
return NULL;
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2021-02-20 01:03:43 +08:00
|
|
|
int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher,
|
|
|
|
void (*fn)(const char *name, void *data),
|
|
|
|
void *data)
|
2019-09-23 16:56:13 +08:00
|
|
|
{
|
|
|
|
if (cipher->prov != NULL)
|
2021-02-20 01:03:43 +08:00
|
|
|
return evp_names_do_all(cipher->prov, cipher->name_id, fn, data);
|
|
|
|
|
|
|
|
return 1;
|
2019-09-23 16:56:13 +08:00
|
|
|
}
|
|
|
|
|
2019-07-11 04:59:07 +08:00
|
|
|
const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher)
|
|
|
|
{
|
|
|
|
return cipher->prov;
|
|
|
|
}
|
|
|
|
|
2019-04-04 01:01:21 +08:00
|
|
|
int EVP_CIPHER_mode(const EVP_CIPHER *cipher)
|
|
|
|
{
|
2019-11-18 08:32:36 +08:00
|
|
|
return EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE;
|
2019-07-16 07:46:14 +08:00
|
|
|
}
|
2019-04-04 01:01:21 +08:00
|
|
|
|
EVP: add missing common functionality
This adds the missing functions that should be common for all
fetchable EVP sub-APIs:
EVP_KEYMGMT_is_a(), EVP_KEYMGMT_do_all_provided(), EVP_KEYEXCH_is_a(),
EVP_KEYEXCH_do_all_provided(), EVP_KDF_is_a(), EVP_MD_is_a(),
EVP_SIGNATURE_do_all_provided(), EVP_SIGNATURE_is_a().
This also renames EVP_MD_do_all_ex(), EVP_CIPHER_do_all_ex(),
EVP_KDF_do_all_ex(), EVP_MAC_do_all_ex() to change '_ex'
to '_provided'.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9979)
2019-09-23 16:33:26 +08:00
|
|
|
int EVP_MD_is_a(const EVP_MD *md, const char *name)
|
|
|
|
{
|
2020-01-15 08:04:37 +08:00
|
|
|
if (md->prov != NULL)
|
|
|
|
return evp_is_a(md->prov, md->name_id, NULL, name);
|
|
|
|
return evp_is_a(NULL, 0, EVP_MD_name(md), name);
|
EVP: add missing common functionality
This adds the missing functions that should be common for all
fetchable EVP sub-APIs:
EVP_KEYMGMT_is_a(), EVP_KEYMGMT_do_all_provided(), EVP_KEYEXCH_is_a(),
EVP_KEYEXCH_do_all_provided(), EVP_KDF_is_a(), EVP_MD_is_a(),
EVP_SIGNATURE_do_all_provided(), EVP_SIGNATURE_is_a().
This also renames EVP_MD_do_all_ex(), EVP_CIPHER_do_all_ex(),
EVP_KDF_do_all_ex(), EVP_MAC_do_all_ex() to change '_ex'
to '_provided'.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9979)
2019-09-23 16:33:26 +08:00
|
|
|
}
|
|
|
|
|
2019-09-23 17:16:21 +08:00
|
|
|
int EVP_MD_number(const EVP_MD *md)
|
|
|
|
{
|
|
|
|
return md->name_id;
|
|
|
|
}
|
|
|
|
|
EVP: Add EVP_<TYPE>_description()
The following operation types are covered:
EVP_MD, EVP_CIPHER, EVP_MAC, EVP_RAND, EVP_KEYMGMT, EVP_SIGNATURE,
EVP_ASYM_CIPHER, EVP_KEM, EVP_KEYEXCH, EVP_KDF. Also EVP_PKEY.
For EVP_MD and EVP_CIPHER, OBJ_nid2ln() is used as a fallback for
legacy implementations.
For EVP_PKEY, the info field of the EVP_PKEY_ASN1_METHOD is used as a
fallback for legacy implementations.
Fixes #14514
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
2021-03-16 21:23:54 +08:00
|
|
|
const char *EVP_MD_description(const EVP_MD *md)
|
|
|
|
{
|
|
|
|
if (md->description != NULL)
|
|
|
|
return md->description;
|
|
|
|
#ifndef FIPS_MODULE
|
|
|
|
return OBJ_nid2ln(EVP_MD_nid(md));
|
|
|
|
#else
|
|
|
|
return NULL;
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2019-07-11 04:24:00 +08:00
|
|
|
const char *EVP_MD_name(const EVP_MD *md)
|
|
|
|
{
|
2021-04-12 09:19:21 +08:00
|
|
|
if (md == NULL)
|
|
|
|
return NULL;
|
2021-04-16 22:22:03 +08:00
|
|
|
if (md->type_name != NULL)
|
|
|
|
return md->type_name;
|
2020-04-14 04:34:56 +08:00
|
|
|
#ifndef FIPS_MODULE
|
2019-07-11 04:24:00 +08:00
|
|
|
return OBJ_nid2sn(EVP_MD_nid(md));
|
|
|
|
#else
|
|
|
|
return NULL;
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2021-02-20 01:03:43 +08:00
|
|
|
int EVP_MD_names_do_all(const EVP_MD *md,
|
|
|
|
void (*fn)(const char *name, void *data),
|
|
|
|
void *data)
|
2019-09-23 16:56:13 +08:00
|
|
|
{
|
|
|
|
if (md->prov != NULL)
|
2021-02-20 01:03:43 +08:00
|
|
|
return evp_names_do_all(md->prov, md->name_id, fn, data);
|
|
|
|
|
|
|
|
return 1;
|
2019-09-23 16:56:13 +08:00
|
|
|
}
|
|
|
|
|
2019-07-11 04:59:07 +08:00
|
|
|
const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md)
|
|
|
|
{
|
|
|
|
return md->prov;
|
|
|
|
}
|
|
|
|
|
2006-11-30 04:54:57 +08:00
|
|
|
int EVP_MD_type(const EVP_MD *md)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
return md->type;
|
|
|
|
}
|
2006-11-30 04:54:57 +08:00
|
|
|
|
|
|
|
int EVP_MD_pkey_type(const EVP_MD *md)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
return md->pkey_type;
|
|
|
|
}
|
2006-11-30 04:54:57 +08:00
|
|
|
|
2020-12-17 14:39:57 +08:00
|
|
|
int EVP_MD_block_size(const EVP_MD *md)
|
|
|
|
{
|
|
|
|
if (md == NULL) {
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return md->block_size;
|
|
|
|
}
|
|
|
|
|
2008-11-12 11:58:08 +08:00
|
|
|
int EVP_MD_size(const EVP_MD *md)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2019-07-16 12:03:12 +08:00
|
|
|
if (md == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL);
|
2015-01-22 11:40:55 +08:00
|
|
|
return -1;
|
|
|
|
}
|
2020-12-22 19:36:30 +08:00
|
|
|
return md->md_size;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2006-11-30 04:54:57 +08:00
|
|
|
|
2009-04-15 23:27:03 +08:00
|
|
|
unsigned long EVP_MD_flags(const EVP_MD *md)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2020-12-22 19:36:30 +08:00
|
|
|
return md->flags;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2009-04-15 23:27:03 +08:00
|
|
|
|
2015-11-30 03:09:34 +08:00
|
|
|
EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
|
|
|
|
{
|
2019-09-03 23:47:13 +08:00
|
|
|
EVP_MD *md = evp_md_new();
|
2016-02-08 23:11:56 +08:00
|
|
|
|
2015-11-30 03:09:34 +08:00
|
|
|
if (md != NULL) {
|
|
|
|
md->type = md_type;
|
|
|
|
md->pkey_type = pkey_type;
|
Add "origin" field to EVP_CIPHER, EVP_MD
Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch,
or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all
three origins. The flag is deliberately right before some function pointers,
so that compile-time failures (int/pointer) will occur, as opposed to
taking a bit in the existing "flags" field. The "global variable" flag
is non-zero, so the default case of using OPENSSL_zalloc (for provider
ciphers), will do the right thing. Ref-counting is a no-op for
Make up_ref no-op for global MD and CIPHER objects
Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as
the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate
EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add
EVP_CIPHER_CTX_get1_CIPHER().
Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common
evp_md_free_int() function.
Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common
evp_cipher_free_int() function.
Also change some flags tests to explicit test == or != zero. E.g.,
if (flags & x) --> if ((flags & x) != 0)
if (!(flags & x)) --> if ((flags & x) == 0)
Only done for those lines where "get0_cipher" calls were made.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14193)
2021-02-17 06:51:56 +08:00
|
|
|
md->origin = EVP_ORIG_METH;
|
2015-11-30 03:09:34 +08:00
|
|
|
}
|
|
|
|
return md;
|
|
|
|
}
|
2019-04-03 22:38:07 +08:00
|
|
|
|
2015-11-30 03:09:34 +08:00
|
|
|
EVP_MD *EVP_MD_meth_dup(const EVP_MD *md)
|
|
|
|
{
|
2019-09-03 23:47:13 +08:00
|
|
|
EVP_MD *to = NULL;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Non-legacy EVP_MDs can't be duplicated like this.
|
|
|
|
* Use EVP_MD_up_ref() instead.
|
|
|
|
*/
|
|
|
|
if (md->prov != NULL)
|
|
|
|
return NULL;
|
2016-02-08 23:11:56 +08:00
|
|
|
|
2019-09-03 23:47:13 +08:00
|
|
|
if ((to = EVP_MD_meth_new(md->type, md->pkey_type)) != NULL) {
|
2019-04-03 22:38:07 +08:00
|
|
|
CRYPTO_RWLOCK *lock = to->lock;
|
2019-09-03 23:47:13 +08:00
|
|
|
|
2015-11-30 03:09:34 +08:00
|
|
|
memcpy(to, md, sizeof(*to));
|
2019-04-03 22:38:07 +08:00
|
|
|
to->lock = lock;
|
|
|
|
}
|
2015-11-30 03:09:34 +08:00
|
|
|
return to;
|
|
|
|
}
|
2019-03-13 22:49:40 +08:00
|
|
|
|
Add "origin" field to EVP_CIPHER, EVP_MD
Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch,
or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all
three origins. The flag is deliberately right before some function pointers,
so that compile-time failures (int/pointer) will occur, as opposed to
taking a bit in the existing "flags" field. The "global variable" flag
is non-zero, so the default case of using OPENSSL_zalloc (for provider
ciphers), will do the right thing. Ref-counting is a no-op for
Make up_ref no-op for global MD and CIPHER objects
Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as
the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate
EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add
EVP_CIPHER_CTX_get1_CIPHER().
Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common
evp_md_free_int() function.
Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common
evp_cipher_free_int() function.
Also change some flags tests to explicit test == or != zero. E.g.,
if (flags & x) --> if ((flags & x) != 0)
if (!(flags & x)) --> if ((flags & x) == 0)
Only done for those lines where "get0_cipher" calls were made.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14193)
2021-02-17 06:51:56 +08:00
|
|
|
void evp_md_free_int(EVP_MD *md)
|
|
|
|
{
|
2021-04-16 22:22:03 +08:00
|
|
|
OPENSSL_free(md->type_name);
|
Add "origin" field to EVP_CIPHER, EVP_MD
Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch,
or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all
three origins. The flag is deliberately right before some function pointers,
so that compile-time failures (int/pointer) will occur, as opposed to
taking a bit in the existing "flags" field. The "global variable" flag
is non-zero, so the default case of using OPENSSL_zalloc (for provider
ciphers), will do the right thing. Ref-counting is a no-op for
Make up_ref no-op for global MD and CIPHER objects
Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as
the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate
EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add
EVP_CIPHER_CTX_get1_CIPHER().
Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common
evp_md_free_int() function.
Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common
evp_cipher_free_int() function.
Also change some flags tests to explicit test == or != zero. E.g.,
if (flags & x) --> if ((flags & x) != 0)
if (!(flags & x)) --> if ((flags & x) == 0)
Only done for those lines where "get0_cipher" calls were made.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14193)
2021-02-17 06:51:56 +08:00
|
|
|
ossl_provider_free(md->prov);
|
|
|
|
CRYPTO_THREAD_lock_free(md->lock);
|
|
|
|
OPENSSL_free(md);
|
|
|
|
}
|
|
|
|
|
2015-11-30 03:09:34 +08:00
|
|
|
void EVP_MD_meth_free(EVP_MD *md)
|
|
|
|
{
|
Add "origin" field to EVP_CIPHER, EVP_MD
Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch,
or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all
three origins. The flag is deliberately right before some function pointers,
so that compile-time failures (int/pointer) will occur, as opposed to
taking a bit in the existing "flags" field. The "global variable" flag
is non-zero, so the default case of using OPENSSL_zalloc (for provider
ciphers), will do the right thing. Ref-counting is a no-op for
Make up_ref no-op for global MD and CIPHER objects
Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as
the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate
EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add
EVP_CIPHER_CTX_get1_CIPHER().
Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common
evp_md_free_int() function.
Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common
evp_cipher_free_int() function.
Also change some flags tests to explicit test == or != zero. E.g.,
if (flags & x) --> if ((flags & x) != 0)
if (!(flags & x)) --> if ((flags & x) == 0)
Only done for those lines where "get0_cipher" calls were made.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14193)
2021-02-17 06:51:56 +08:00
|
|
|
if (md == NULL || md->origin != EVP_ORIG_METH)
|
|
|
|
return;
|
|
|
|
|
|
|
|
evp_md_free_int(md);
|
2015-11-30 03:09:34 +08:00
|
|
|
}
|
Add "origin" field to EVP_CIPHER, EVP_MD
Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch,
or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all
three origins. The flag is deliberately right before some function pointers,
so that compile-time failures (int/pointer) will occur, as opposed to
taking a bit in the existing "flags" field. The "global variable" flag
is non-zero, so the default case of using OPENSSL_zalloc (for provider
ciphers), will do the right thing. Ref-counting is a no-op for
Make up_ref no-op for global MD and CIPHER objects
Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as
the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate
EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add
EVP_CIPHER_CTX_get1_CIPHER().
Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common
evp_md_free_int() function.
Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common
evp_cipher_free_int() function.
Also change some flags tests to explicit test == or != zero. E.g.,
if (flags & x) --> if ((flags & x) != 0)
if (!(flags & x)) --> if ((flags & x) == 0)
Only done for those lines where "get0_cipher" calls were made.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14193)
2021-02-17 06:51:56 +08:00
|
|
|
|
2015-11-30 03:09:34 +08:00
|
|
|
int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize)
|
|
|
|
{
|
2019-09-05 03:49:09 +08:00
|
|
|
if (md->block_size != 0)
|
|
|
|
return 0;
|
|
|
|
|
2015-11-30 03:09:34 +08:00
|
|
|
md->block_size = blocksize;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize)
|
|
|
|
{
|
2019-09-05 03:49:09 +08:00
|
|
|
if (md->md_size != 0)
|
|
|
|
return 0;
|
|
|
|
|
2015-11-30 03:09:34 +08:00
|
|
|
md->md_size = resultsize;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize)
|
|
|
|
{
|
2019-09-05 03:49:09 +08:00
|
|
|
if (md->ctx_size != 0)
|
|
|
|
return 0;
|
|
|
|
|
2015-11-30 03:09:34 +08:00
|
|
|
md->ctx_size = datasize;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags)
|
|
|
|
{
|
2019-09-05 03:49:09 +08:00
|
|
|
if (md->flags != 0)
|
|
|
|
return 0;
|
|
|
|
|
2015-11-30 03:09:34 +08:00
|
|
|
md->flags = flags;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx))
|
|
|
|
{
|
2019-09-05 03:49:09 +08:00
|
|
|
if (md->init != NULL)
|
|
|
|
return 0;
|
|
|
|
|
2015-11-30 03:09:34 +08:00
|
|
|
md->init = init;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx,
|
|
|
|
const void *data,
|
|
|
|
size_t count))
|
|
|
|
{
|
2019-09-05 03:49:09 +08:00
|
|
|
if (md->update != NULL)
|
|
|
|
return 0;
|
|
|
|
|
2015-11-30 03:09:34 +08:00
|
|
|
md->update = update;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx,
|
|
|
|
unsigned char *md))
|
|
|
|
{
|
2019-09-05 03:49:09 +08:00
|
|
|
if (md->final != NULL)
|
|
|
|
return 0;
|
|
|
|
|
2015-11-30 03:09:34 +08:00
|
|
|
md->final = final;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to,
|
|
|
|
const EVP_MD_CTX *from))
|
|
|
|
{
|
2019-09-05 03:49:09 +08:00
|
|
|
if (md->copy != NULL)
|
|
|
|
return 0;
|
|
|
|
|
2015-11-30 03:09:34 +08:00
|
|
|
md->copy = copy;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx))
|
|
|
|
{
|
2019-09-05 03:49:09 +08:00
|
|
|
if (md->cleanup != NULL)
|
|
|
|
return 0;
|
|
|
|
|
2015-11-30 03:09:34 +08:00
|
|
|
md->cleanup = cleanup;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
|
|
|
|
int p1, void *p2))
|
|
|
|
{
|
2019-09-05 03:49:09 +08:00
|
|
|
if (md->md_ctrl != NULL)
|
|
|
|
return 0;
|
|
|
|
|
2015-11-30 03:09:34 +08:00
|
|
|
md->md_ctrl = ctrl;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
int EVP_MD_meth_get_input_blocksize(const EVP_MD *md)
|
|
|
|
{
|
|
|
|
return md->block_size;
|
|
|
|
}
|
|
|
|
int EVP_MD_meth_get_result_size(const EVP_MD *md)
|
|
|
|
{
|
|
|
|
return md->md_size;
|
|
|
|
}
|
|
|
|
int EVP_MD_meth_get_app_datasize(const EVP_MD *md)
|
|
|
|
{
|
|
|
|
return md->ctx_size;
|
|
|
|
}
|
|
|
|
unsigned long EVP_MD_meth_get_flags(const EVP_MD *md)
|
|
|
|
{
|
2016-12-22 22:06:59 +08:00
|
|
|
return md->flags;
|
2015-11-30 03:09:34 +08:00
|
|
|
}
|
|
|
|
int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx)
|
|
|
|
{
|
|
|
|
return md->init;
|
|
|
|
}
|
|
|
|
int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx,
|
|
|
|
const void *data,
|
|
|
|
size_t count)
|
|
|
|
{
|
|
|
|
return md->update;
|
|
|
|
}
|
|
|
|
int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx,
|
|
|
|
unsigned char *md)
|
|
|
|
{
|
|
|
|
return md->final;
|
|
|
|
}
|
|
|
|
int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to,
|
|
|
|
const EVP_MD_CTX *from)
|
|
|
|
{
|
|
|
|
return md->copy;
|
|
|
|
}
|
|
|
|
int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx)
|
|
|
|
{
|
|
|
|
return md->cleanup;
|
|
|
|
}
|
|
|
|
int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
|
|
|
|
int p1, void *p2)
|
|
|
|
{
|
|
|
|
return md->md_ctrl;
|
|
|
|
}
|
|
|
|
|
Add "origin" field to EVP_CIPHER, EVP_MD
Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch,
or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all
three origins. The flag is deliberately right before some function pointers,
so that compile-time failures (int/pointer) will occur, as opposed to
taking a bit in the existing "flags" field. The "global variable" flag
is non-zero, so the default case of using OPENSSL_zalloc (for provider
ciphers), will do the right thing. Ref-counting is a no-op for
Make up_ref no-op for global MD and CIPHER objects
Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as
the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate
EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add
EVP_CIPHER_CTX_get1_CIPHER().
Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common
evp_md_free_int() function.
Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common
evp_cipher_free_int() function.
Also change some flags tests to explicit test == or != zero. E.g.,
if (flags & x) --> if ((flags & x) != 0)
if (!(flags & x)) --> if ((flags & x) == 0)
Only done for those lines where "get0_cipher" calls were made.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14193)
2021-02-17 06:51:56 +08:00
|
|
|
#ifndef OPENSSL_NO_DEPRECATED_3_0
|
2006-11-30 04:54:57 +08:00
|
|
|
const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2019-03-30 00:28:07 +08:00
|
|
|
if (ctx == NULL)
|
2015-01-22 11:40:55 +08:00
|
|
|
return NULL;
|
2019-03-30 00:28:07 +08:00
|
|
|
return ctx->reqdigest;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
Add "origin" field to EVP_CIPHER, EVP_MD
Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch,
or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all
three origins. The flag is deliberately right before some function pointers,
so that compile-time failures (int/pointer) will occur, as opposed to
taking a bit in the existing "flags" field. The "global variable" flag
is non-zero, so the default case of using OPENSSL_zalloc (for provider
ciphers), will do the right thing. Ref-counting is a no-op for
Make up_ref no-op for global MD and CIPHER objects
Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as
the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate
EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add
EVP_CIPHER_CTX_get1_CIPHER().
Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common
evp_md_free_int() function.
Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common
evp_cipher_free_int() function.
Also change some flags tests to explicit test == or != zero. E.g.,
if (flags & x) --> if ((flags & x) != 0)
if (!(flags & x)) --> if ((flags & x) == 0)
Only done for those lines where "get0_cipher" calls were made.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14193)
2021-02-17 06:51:56 +08:00
|
|
|
#endif
|
|
|
|
|
|
|
|
const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx)
|
|
|
|
{
|
|
|
|
if (ctx == NULL)
|
|
|
|
return NULL;
|
|
|
|
return ctx->reqdigest;
|
|
|
|
}
|
|
|
|
|
|
|
|
EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx)
|
|
|
|
{
|
|
|
|
EVP_MD *md;
|
|
|
|
|
|
|
|
if (ctx == NULL)
|
|
|
|
return NULL;
|
|
|
|
md = (EVP_MD *)ctx->reqdigest;
|
|
|
|
if (!EVP_MD_up_ref(md))
|
|
|
|
return NULL;
|
|
|
|
return md;
|
|
|
|
}
|
2006-11-30 04:54:57 +08:00
|
|
|
|
2015-11-27 20:35:02 +08:00
|
|
|
EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx)
|
|
|
|
{
|
|
|
|
return ctx->pctx;
|
|
|
|
}
|
|
|
|
|
2020-04-14 04:34:56 +08:00
|
|
|
#if !defined(FIPS_MODULE)
|
2019-05-13 13:41:06 +08:00
|
|
|
/* TODO(3.0): EVP_DigestSign* not yet supported in FIPS module */
|
2018-09-03 23:56:41 +08:00
|
|
|
void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx)
|
|
|
|
{
|
2018-09-05 22:01:33 +08:00
|
|
|
/*
|
|
|
|
* it's reasonable to set NULL pctx (a.k.a clear the ctx->pctx), so
|
|
|
|
* we have to deal with the cleanup job here.
|
|
|
|
*/
|
|
|
|
if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
|
|
|
|
EVP_PKEY_CTX_free(ctx->pctx);
|
|
|
|
|
2018-09-03 23:56:41 +08:00
|
|
|
ctx->pctx = pctx;
|
2018-09-05 22:01:33 +08:00
|
|
|
|
|
|
|
if (pctx != NULL) {
|
|
|
|
/* make sure pctx is not freed when destroying EVP_MD_CTX */
|
|
|
|
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
|
|
|
|
} else {
|
|
|
|
EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
|
|
|
|
}
|
2018-09-03 23:56:41 +08:00
|
|
|
}
|
2020-04-14 04:34:56 +08:00
|
|
|
#endif /* !defined(FIPS_MODULE) */
|
2018-09-03 23:56:41 +08:00
|
|
|
|
2015-11-27 20:35:02 +08:00
|
|
|
void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx)
|
|
|
|
{
|
|
|
|
return ctx->md_data;
|
|
|
|
}
|
|
|
|
|
|
|
|
int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
|
|
|
|
const void *data, size_t count)
|
|
|
|
{
|
|
|
|
return ctx->update;
|
|
|
|
}
|
|
|
|
|
|
|
|
void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
|
|
|
|
int (*update) (EVP_MD_CTX *ctx,
|
|
|
|
const void *data, size_t count))
|
|
|
|
{
|
|
|
|
ctx->update = update;
|
|
|
|
}
|
|
|
|
|
2006-11-30 04:54:57 +08:00
|
|
|
void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
ctx->flags |= flags;
|
|
|
|
}
|
2006-11-30 04:54:57 +08:00
|
|
|
|
|
|
|
void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
ctx->flags &= ~flags;
|
|
|
|
}
|
2006-11-30 04:54:57 +08:00
|
|
|
|
|
|
|
int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
return (ctx->flags & flags);
|
|
|
|
}
|
2010-01-26 22:29:06 +08:00
|
|
|
|
|
|
|
void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
ctx->flags |= flags;
|
|
|
|
}
|
2010-01-26 22:29:06 +08:00
|
|
|
|
|
|
|
void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
ctx->flags &= ~flags;
|
|
|
|
}
|
2010-01-26 22:29:06 +08:00
|
|
|
|
|
|
|
int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
return (ctx->flags & flags);
|
|
|
|
}
|
2018-10-25 02:20:00 +08:00
|
|
|
|
2020-05-19 22:24:25 +08:00
|
|
|
int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name)
|
|
|
|
{
|
|
|
|
OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
|
2020-05-20 21:46:22 +08:00
|
|
|
|
2021-01-21 06:10:48 +08:00
|
|
|
if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
|
2020-05-19 22:24:25 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
|
|
|
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
|
|
|
|
return -2;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (name == NULL)
|
|
|
|
return -1;
|
|
|
|
|
2021-01-21 06:10:48 +08:00
|
|
|
params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
|
|
|
|
(char *)name, 0);
|
2020-05-19 22:24:25 +08:00
|
|
|
return EVP_PKEY_CTX_set_params(ctx, params);
|
|
|
|
}
|
|
|
|
|
|
|
|
int EVP_PKEY_CTX_get_group_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen)
|
|
|
|
{
|
|
|
|
OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
|
|
|
|
OSSL_PARAM *p = params;
|
|
|
|
|
|
|
|
if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
|
2020-05-20 21:46:22 +08:00
|
|
|
/* There is no legacy support for this */
|
2020-05-19 22:24:25 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
|
|
|
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
|
|
|
|
return -2;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (name == NULL)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
|
|
|
|
name, namelen);
|
|
|
|
if (!EVP_PKEY_CTX_get_params(ctx, params))
|
|
|
|
return -1;
|
|
|
|
return 1;
|
|
|
|
}
|
2021-03-20 20:49:08 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* evp_pkey_keygen() abstracts from the explicit use of B<EVP_PKEY_CTX>
|
|
|
|
* while providing a generic way of generating a new asymmetric key pair
|
|
|
|
* of algorithm type I<name> (e.g., C<RSA> or C<EC>).
|
|
|
|
* The library context I<libctx> and property query I<propq>
|
|
|
|
* are used when fetching algorithms from providers.
|
|
|
|
* The I<params> specify algorithm-specific parameters
|
|
|
|
* such as the RSA modulus size or the name of an EC curve.
|
|
|
|
*/
|
|
|
|
static EVP_PKEY *evp_pkey_keygen(OSSL_LIB_CTX *libctx, const char *name,
|
|
|
|
const char *propq, OSSL_PARAM *params)
|
|
|
|
{
|
|
|
|
EVP_PKEY *pkey = NULL;
|
|
|
|
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(libctx, name, propq);
|
|
|
|
|
|
|
|
if (ctx != NULL
|
|
|
|
&& EVP_PKEY_keygen_init(ctx) > 0
|
|
|
|
&& EVP_PKEY_CTX_set_params(ctx, params))
|
|
|
|
(void)EVP_PKEY_generate(ctx, &pkey);
|
|
|
|
|
|
|
|
EVP_PKEY_CTX_free(ctx);
|
|
|
|
return pkey;
|
|
|
|
}
|
|
|
|
|
|
|
|
EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
|
|
|
|
const char *type, ...)
|
|
|
|
{
|
|
|
|
va_list args;
|
|
|
|
size_t bits;
|
|
|
|
char *name;
|
|
|
|
OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
|
|
|
|
EVP_PKEY *ret = NULL;
|
|
|
|
|
|
|
|
va_start(args, type);
|
|
|
|
|
|
|
|
if (strcasecmp(type, "RSA") == 0) {
|
|
|
|
bits = va_arg(args, size_t);
|
|
|
|
params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits);
|
|
|
|
} else if (strcasecmp(type, "EC") == 0) {
|
|
|
|
name = va_arg(args, char *);
|
|
|
|
params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
|
|
|
|
name, 0);
|
|
|
|
} else if (strcasecmp(type, "ED25519") != 0
|
|
|
|
&& strcasecmp(type, "X25519") != 0
|
|
|
|
&& strcasecmp(type, "ED448") != 0
|
|
|
|
&& strcasecmp(type, "X448") != 0) {
|
|
|
|
ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT);
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
ret = evp_pkey_keygen(libctx, type, propq, params);
|
|
|
|
|
|
|
|
end:
|
|
|
|
va_end(args);
|
|
|
|
return ret;
|
|
|
|
}
|