#define EVP_PKEY_MO_ENCRYPT 0x0004
#define EVP_PKEY_MO_DECRYPT 0x0008
-#if 0
-/* This structure is required to tie the message digest and signing together.
- * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or
- * oid, md and pkey.
- * This is required because for various smart-card perform the digest and
- * signing/verification on-board. To handle this case, the specific
- * EVP_MD and EVP_PKEY_METHODs need to be closely associated.
- * When a PKEY is created, it will have a EVP_PKEY_METHOD associated with it.
- * This can either be software or a token to provide the required low level
- * routines.
- */
-typedef struct evp_pkey_md_st
- {
- int oid;
- EVP_MD *md;
- EVP_PKEY_METHOD *pkey;
- } EVP_PKEY_MD;
-
-#define EVP_rsa_md2() \
- EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\
- EVP_rsa_pkcs1(),EVP_md2())
-#define EVP_rsa_md5() \
- EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\
- EVP_rsa_pkcs1(),EVP_md5())
-#define EVP_rsa_sha0() \
- EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\
- EVP_rsa_pkcs1(),EVP_sha())
-#define EVP_rsa_sha1() \
- EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\
- EVP_rsa_pkcs1(),EVP_sha1())
-#define EVP_rsa_ripemd160() \
- EVP_PKEY_MD_add(NID_ripemd160WithRSA,\
- EVP_rsa_pkcs1(),EVP_ripemd160())
-#define EVP_rsa_mdc2() \
- EVP_PKEY_MD_add(NID_mdc2WithRSA,\
- EVP_rsa_octet_string(),EVP_mdc2())
-#define EVP_dsa_sha() \
- EVP_PKEY_MD_add(NID_dsaWithSHA,\
- EVP_dsa(),EVP_sha())
-#define EVP_dsa_sha1() \
- EVP_PKEY_MD_add(NID_dsaWithSHA1,\
- EVP_dsa(),EVP_sha1())
-
-typedef struct evp_pkey_method_st
- {
- char *name;
- int flags;
- int type; /* RSA, DSA, an SSLeay specific constant */
- int oid; /* For the pub-key type */
- int encrypt_oid; /* pub/priv key encryption */
-
- int (*sign)();
- int (*verify)();
- struct {
- int (*set)(); /* get and/or set the underlying type */
- int (*get)();
- int (*encrypt)();
- int (*decrypt)();
- int (*i2d)();
- int (*d2i)();
- int (*dup)();
- } pub,priv;
- int (*set_asn1_parameters)();
- int (*get_asn1_parameters)();
- } EVP_PKEY_METHOD;
-#endif
-
#ifndef EVP_MD
struct env_md_st
{
#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single
* block */
+#define EVP_MD_FLAG_PKEY_DIGEST 0x0002 /* digest is a "clone" digest used
+ * which is a copy of an existing
+ * one for a specific public key type.
+ * EVP_dss1() etc */
+
+/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */
+
+#define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004
+
#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0}
#ifndef OPENSSL_NO_DSA
#define ASN1_PKEY_ALIAS 0x1
#define ASN1_PKEY_DYNAMIC 0x2
+#define ASN1_PKEY_SIGPARAM_NULL 0x4
+
+#define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1
int EVP_PKEY_asn1_get_count(void);
const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
const char **pinfo, const char **ppem_str,
const EVP_PKEY_ASN1_METHOD *ameth);
-EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id,
+EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
const char *pem_str, const char *info);
void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth);
void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
void (*pkey_free)(EVP_PKEY *pkey));
void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
- void (*pkey_ctrl)(EVP_PKEY *pkey, int op,
+ int (*pkey_ctrl)(EVP_PKEY *pkey, int op,
long arg1, void *arg2));
+#define EVP_PKEY_OP_UNDEFINED 0
+#define EVP_PKEY_OP_PARAMGEN (1<<1)
+#define EVP_PKEY_OP_KEYGEN (1<<2)
+#define EVP_PKEY_OP_SIGN (1<<3)
+#define EVP_PKEY_OP_VERIFY (1<<4)
+#define EVP_PKEY_OP_VERIFYRECOVER (1<<5)
+#define EVP_PKEY_OP_SIGNCTX (1<<6)
+#define EVP_PKEY_OP_VERIFYCTX (1<<7)
+#define EVP_PKEY_OP_ENCRYPT (1<<8)
+#define EVP_PKEY_OP_DECRYPT (1<<9)
+#define EVP_PKEY_OP_DERIVE (1<<10)
+#define EVP_PKEY_OP_TYPE_SIG \
+ (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \
+ | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX)
+
+#define EVP_PKEY_OP_TYPE_CRYPT \
+ (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)
+
+#define EVP_PKEY_OP_TYPE_NOGEN \
+ (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE)
+
+#define EVP_PKEY_OP_TYPE_GEN \
+ (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
+
+#define EVP_PKEY_CTX_set_signature_md(ctx, md) \
+ EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \
+ EVP_PKEY_CTRL_MD, 0, (void *)md)
+
+#define EVP_PKEY_CTRL_MD 1
+#define EVP_PKEY_CTRL_PEER_KEY 2
+
+#define EVP_PKEY_ALG_CTRL 0x1000
+
+#define EVP_PKEY_FLAG_AUTOARGLEN 2
const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type, ENGINE *e);
-EVP_PKEY_CTX *EVP_PKEY_CTX_new(int ktype, ENGINE *e);
+EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
+EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
+
int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
int cmd, int p1, void *p2);
-
+int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+ const char *value);
+
+void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
+void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
+void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
+void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+ unsigned char *sig, int *siglen,
+ const unsigned char *tbs, int tbslen);
+int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
+ const unsigned char *sig, int siglen,
+ const unsigned char *tbs, int tbslen);
+int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
+ unsigned char *rout, int *routlen,
+ const unsigned char *sig, int siglen);
+int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+ unsigned char *out, int *outlen,
+ const unsigned char *in, int inlen);
+int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+ unsigned char *out, int *outlen,
+ const unsigned char *in, int inlen);
+
+int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
+int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, int *keylen);
+
+typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+
+void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
+int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
+
+void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
+ int (*init)(EVP_PKEY_CTX *ctx));
+
+void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
+ void (*cleanup)(EVP_PKEY_CTX *ctx));
+
+void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
+ int (*paramgen_init)(EVP_PKEY_CTX *ctx),
+ int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
+ int (*keygen_init)(EVP_PKEY_CTX *ctx),
+ int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
+ int (*sign_init)(EVP_PKEY_CTX *ctx),
+ int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen,
+ const unsigned char *tbs, int tbslen));
+
+void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
+ int (*verify_init)(EVP_PKEY_CTX *ctx),
+ int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen,
+ const unsigned char *tbs, int tbslen));
+
+void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
+ int (*verify_recover_init)(EVP_PKEY_CTX *ctx),
+ int (*verify_recover)(EVP_PKEY_CTX *ctx,
+ unsigned char *sig, int *siglen,
+ const unsigned char *tbs, int tbslen));
+
+void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
+ int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx),
+ int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen,
+ EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
+ int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx),
+ int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,int siglen,
+ EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
+ int (*encrypt_init)(EVP_PKEY_CTX *ctx),
+ int (*encrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, int *outlen,
+ const unsigned char *in, int inlen));
+
+void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
+ int (*decrypt_init)(EVP_PKEY_CTX *ctx),
+ int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, int *outlen,
+ const unsigned char *in, int inlen));
+
+void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
+ int (*derive_init)(EVP_PKEY_CTX *ctx),
+ int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, int *keylen));
+
+void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
+ int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2),
+ int (*ctrl_str)(EVP_PKEY_CTX *ctx,
+ const char *type, const char *value));
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
#define EVP_F_EVP_PKEY2PKCS8_BROKEN 113
#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103
#define EVP_F_EVP_PKEY_CTX_CTRL 137
+#define EVP_F_EVP_PKEY_CTX_CTRL_STR 150
#define EVP_F_EVP_PKEY_DECRYPT 104
#define EVP_F_EVP_PKEY_DECRYPT_INIT 138
+#define EVP_F_EVP_PKEY_DECRYPT_OLD 151
+#define EVP_F_EVP_PKEY_DERIVE 153
+#define EVP_F_EVP_PKEY_DERIVE_INIT 154
+#define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155
#define EVP_F_EVP_PKEY_ENCRYPT 105
#define EVP_F_EVP_PKEY_ENCRYPT_INIT 139
+#define EVP_F_EVP_PKEY_ENCRYPT_OLD 152
#define EVP_F_EVP_PKEY_GET1_DH 119
#define EVP_F_EVP_PKEY_GET1_DSA 120
#define EVP_F_EVP_PKEY_GET1_ECDSA 130
#define EVP_F_EVP_PKEY_GET1_EC_KEY 131
#define EVP_F_EVP_PKEY_GET1_RSA 121
+#define EVP_F_EVP_PKEY_KEYGEN 146
+#define EVP_F_EVP_PKEY_KEYGEN_INIT 147
#define EVP_F_EVP_PKEY_NEW 106
+#define EVP_F_EVP_PKEY_PARAMGEN 148
+#define EVP_F_EVP_PKEY_PARAMGEN_INIT 149
#define EVP_F_EVP_PKEY_SIGN 140
#define EVP_F_EVP_PKEY_SIGN_INIT 141
#define EVP_F_EVP_PKEY_VERIFY 142
#define EVP_R_BAD_KEY_LENGTH 137
#define EVP_R_BN_DECODE_ERROR 112
#define EVP_R_BN_PUBKEY_ERROR 113
+#define EVP_R_BUFFER_TOO_SMALL 155
#define EVP_R_CIPHER_PARAMETER_ERROR 122
#define EVP_R_COMMAND_NOT_SUPPORTED 147
#define EVP_R_CTRL_NOT_IMPLEMENTED 132
#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
#define EVP_R_DECODE_ERROR 114
#define EVP_R_DIFFERENT_KEY_TYPES 101
+#define EVP_R_DIFFERENT_PARAMETERS 153
#define EVP_R_ENCODE_ERROR 115
#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
#define EVP_R_EXPECTING_AN_RSA_KEY 127
#define EVP_R_EXPECTING_A_EC_KEY 142
#define EVP_R_INITIALIZATION_ERROR 134
#define EVP_R_INPUT_NOT_INITIALIZED 111
+#define EVP_R_INVALID_DIGEST 152
#define EVP_R_INVALID_KEY_LENGTH 130
#define EVP_R_INVALID_OPERATION 148
#define EVP_R_IV_TOO_LARGE 102
#define EVP_R_NO_CIPHER_SET 131
#define EVP_R_NO_DIGEST_SET 139
#define EVP_R_NO_DSA_PARAMETERS 116
+#define EVP_R_NO_KEY_SET 154
#define EVP_R_NO_OPERATION_SET 149
#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104
#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105