mirror of
https://github.com/openssl/openssl.git
synced 2024-12-21 06:09:35 +08:00
0d2bfe52bb
Also Add ability for providers to dynamically exclude cipher algorithms. Cipher algorithms are only returned from providers if their capable() method is either NULL, or the method returns 1. This is mainly required for ciphers that only have hardware implementations. If there is no hardware support, then the algorithm needs to be not available. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10146)
66 lines
2.2 KiB
C
66 lines
2.2 KiB
C
/*
|
|
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include "prov/ciphercommon.h"
|
|
#include "crypto/aes_platform.h"
|
|
|
|
int cipher_capable_aes_cbc_hmac_sha1(void);
|
|
int cipher_capable_aes_cbc_hmac_sha256(void);
|
|
|
|
#ifdef AES_CBC_HMAC_SHA_CAPABLE
|
|
# include <openssl/aes.h>
|
|
# include <openssl/sha.h>
|
|
|
|
typedef struct prov_cipher_hw_aes_hmac_sha_ctx_st {
|
|
PROV_CIPHER_HW base; /* must be first */
|
|
void (*init_mac_key)(void *ctx, const unsigned char *inkey, size_t inlen);
|
|
int (*set_tls1_aad)(void *ctx, unsigned char *aad_rec, int aad_len);
|
|
# if !defined(OPENSSL_NO_MULTIBLOCK)
|
|
int (*tls1_multiblock_max_bufsize)(void *ctx);
|
|
int (*tls1_multiblock_aad)(
|
|
void *vctx, EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param);
|
|
int (*tls1_multiblock_encrypt)(
|
|
void *ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param);
|
|
# endif /* OPENSSL_NO_MULTIBLOCK) */
|
|
} PROV_CIPHER_HW_AES_HMAC_SHA;
|
|
|
|
typedef struct prov_aes_hmac_sha_ctx_st {
|
|
PROV_CIPHER_CTX base;
|
|
AES_KEY ks;
|
|
size_t payload_length; /* AAD length in decrypt case */
|
|
union {
|
|
unsigned int tls_ver;
|
|
unsigned char tls_aad[16]; /* 13 used */
|
|
} aux;
|
|
const PROV_CIPHER_HW_AES_HMAC_SHA *hw;
|
|
/* some value that are setup by set methods - that can be retrieved */
|
|
unsigned int multiblock_interleave;
|
|
unsigned int multiblock_aad_packlen;
|
|
size_t multiblock_max_send_fragment;
|
|
size_t multiblock_encrypt_len;
|
|
size_t tls_aad_pad;
|
|
} PROV_AES_HMAC_SHA_CTX;
|
|
|
|
typedef struct prov_aes_hmac_sha1_ctx_st {
|
|
PROV_AES_HMAC_SHA_CTX base_ctx;
|
|
SHA_CTX head, tail, md;
|
|
} PROV_AES_HMAC_SHA1_CTX;
|
|
|
|
typedef struct prov_aes_hmac_sha256_ctx_st {
|
|
PROV_AES_HMAC_SHA_CTX base_ctx;
|
|
SHA256_CTX head, tail, md;
|
|
} PROV_AES_HMAC_SHA256_CTX;
|
|
|
|
# define NO_PAYLOAD_LENGTH ((size_t)-1)
|
|
|
|
const PROV_CIPHER_HW_AES_HMAC_SHA *PROV_CIPHER_HW_aes_cbc_hmac_sha1(void);
|
|
const PROV_CIPHER_HW_AES_HMAC_SHA *PROV_CIPHER_HW_aes_cbc_hmac_sha256(void);
|
|
|
|
#endif /* AES_CBC_HMAC_SHA_CAPABLE */
|