CTR, HASH and HMAC DRBGs in provider

[openssl.git] / crypto / evp / evp_lib.c

diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 2b5126717982c08af9f63cf342ee7a0b53da1400..ef978ec6f1b8615c3fc9e11c60150e6e4025e8a2 100644 (file)
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -14,11 +14,12 @@
 #include <openssl/params.h>
 #include <openssl/core_names.h>
 #include <openssl/dh.h>
+#include <openssl/ec.h>
 #include "crypto/evp.h"
 #include "internal/provider.h"
 #include "evp_local.h"
 
-#if !defined(FIPS_MODE)
+#if !defined(FIPS_MODULE)
 int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 {
     int ret = -1;                /* Assume the worst */
@@ -76,13 +77,15 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
             goto err;
 
         /* ... but, we should get a return size too! */
-        if (params[0].return_size != 0
+        if (OSSL_PARAM_modified(params)
+            && params[0].return_size != 0
             && (der = OPENSSL_malloc(params[0].return_size)) != NULL) {
             params[0].data = der;
             params[0].data_size = params[0].return_size;
-            params[0].return_size = 0;
+            OSSL_PARAM_set_all_unmodified(params);
             derp = der;
             if (EVP_CIPHER_CTX_get_params(c, params)
+                && OSSL_PARAM_modified(params)
                 && d2i_ASN1_TYPE(&type, (const unsigned char **)&derp,
                                  params[0].return_size) != NULL) {
                 ret = 1;
@@ -204,7 +207,7 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
     }
     return i;
 }
-#endif /* !defined(FIPS_MODE) */
+#endif /* !defined(FIPS_MODULE) */
 
 /* Convert the various cipher NIDs and dummies to a proper OID NID */
 int EVP_CIPHER_type(const EVP_CIPHER *ctx)
@@ -256,7 +259,7 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
         return NID_des_cfb64;
 
     default:
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
         return NID_undef;
 #else
         {
@@ -546,7 +549,7 @@ const char *EVP_CIPHER_name(const EVP_CIPHER *cipher)
 {
     if (cipher->prov != NULL)
         return evp_first_name(cipher->prov, cipher->name_id);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
     return OBJ_nid2sn(EVP_CIPHER_nid(cipher));
 #else
     return NULL;
@@ -587,7 +590,7 @@ const char *EVP_MD_name(const EVP_MD *md)
 {
     if (md->prov != NULL)
         return evp_first_name(md->prov, md->name_id);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
     return OBJ_nid2sn(EVP_MD_nid(md));
 #else
     return NULL;
@@ -842,7 +845,7 @@ EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx)
     return ctx->pctx;
 }
 
-#if !defined(FIPS_MODE)
+#if !defined(FIPS_MODULE)
 /* TODO(3.0): EVP_DigestSign* not yet supported in FIPS module */
 void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx)
 {
@@ -862,7 +865,7 @@ void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx)
         EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
     }
 }
-#endif /* !defined(FIPS_MODE) */
+#endif /* !defined(FIPS_MODULE) */
 
 void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx)
 {
@@ -938,3 +941,71 @@ int EVP_hex2ctrl(int (*cb)(void *ctx, int cmd, void *buf, size_t buflen),
     OPENSSL_free(bin);
     return rv;
 }
+
+int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name)
+{
+    OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
+    OSSL_PARAM *p = params;
+
+    if (ctx == NULL) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+        /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+        return -2;
+    }
+
+    if (!EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
+#ifndef FIPS_MODULE
+        int nid;
+
+        /* Could be a legacy key, try and convert to a ctrl */
+        if (ctx->pmeth != NULL && (nid = OBJ_txt2nid(name)) != NID_undef) {
+# ifndef OPENSSL_NO_DH
+            if (ctx->pmeth->pkey_id == EVP_PKEY_DH)
+                return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH,
+                                         EVP_PKEY_OP_PARAMGEN
+                                         | EVP_PKEY_OP_KEYGEN,
+                                         EVP_PKEY_CTRL_DH_NID, nid, NULL);
+# endif
+# ifndef OPENSSL_NO_EC
+            if (ctx->pmeth->pkey_id == EVP_PKEY_EC)
+                return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+                                         EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN,
+                                         EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID,
+                                         nid, NULL);
+# endif
+        }
+#endif
+        ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+        /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+        return -2;
+    }
+
+    if (name == NULL)
+        return -1;
+
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
+                                            (char *)name, 0);
+    return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_get_group_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen)
+{
+    OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
+    OSSL_PARAM *p = params;
+
+    if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
+        /* There is no legacy support for this */
+        ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+        /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+        return -2;
+    }
+
+    if (name == NULL)
+        return -1;
+
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
+                                            name, namelen);
+    if (!EVP_PKEY_CTX_get_params(ctx, params))
+        return -1;
+    return 1;
+}