X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fevp%2Fevp.h;h=bafe339f06e0706ae2fd8abd7174569417c832d5;hp=3b38ecd6e6cdabf7b4e8325b931abf83e2a161ff;hb=3881d8106df732fc433d30446625dfa2396da42d;hpb=bf6d2f986d47fa7f96ab9ede407bc3976a686b0f diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 3b38ecd6e6..bafe339f06 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -114,6 +114,7 @@ #define EVP_PKEY_DSA3 NID_dsaWithSHA1 #define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 #define EVP_PKEY_DH NID_dhKeyAgreement +#define EVP_PKEY_DHX NID_dhpublicnumber #define EVP_PKEY_EC NID_X9_62_id_ecPublicKey #define EVP_PKEY_HMAC NID_hmac #define EVP_PKEY_CMAC NID_cmac @@ -299,6 +300,12 @@ struct env_md_ctx_st #define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */ #define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */ +/* Some functions such as EVP_DigestSign only finalise copies of internal + * contexts so additional data can be included after the finalisation call. + * This is inefficient if this functionality is not required: it is disabled + * if the following flag is set. + */ +#define EVP_MD_CTX_FLAG_FINALISE 0x0200 struct evp_cipher_st { @@ -332,6 +339,7 @@ struct evp_cipher_st #define EVP_CIPH_GCM_MODE 0x6 #define EVP_CIPH_CCM_MODE 0x7 #define EVP_CIPH_XTS_MODE 0x10001 +#define EVP_CIPH_WRAP_MODE 0x10002 #define EVP_CIPH_MODE 0xF0007 /* Set if variable length cipher */ #define EVP_CIPH_VARIABLE_LENGTH 0x8 @@ -362,6 +370,14 @@ struct evp_cipher_st */ #define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 #define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 +#define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 + +/* Cipher context flag to indicate we can handle + * wrap mode: if allowed in older applications it could + * overflow buffers. + */ + +#define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1 /* ctrl() values */ @@ -394,6 +410,18 @@ struct evp_cipher_st /* Set the GCM invocation field, decrypt only */ #define EVP_CTRL_GCM_SET_IV_INV 0x18 +#define EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 0x19 +#define EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 0x1a +#define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b +#define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c + +typedef struct { + unsigned char *out; + const unsigned char *inp; + size_t len; + unsigned int interleave; +} EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM; + /* GCM TLS constants */ /* Length of fixed part of IV derived from PRF */ #define EVP_GCM_TLS_FIXED_IV_LEN 4 @@ -559,7 +587,7 @@ void BIO_set_md(BIO *,const EVP_MD *md); #define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) #define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) -__owur int EVP_Cipher(EVP_CIPHER_CTX *c, +/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c, unsigned char *out, const unsigned char *in, unsigned int inl); @@ -577,19 +605,19 @@ void EVP_MD_CTX_init(EVP_MD_CTX *ctx); int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); EVP_MD_CTX *EVP_MD_CTX_create(void); void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); -__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); +/*__owur*/ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags); -__owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); -__owur int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, +/*__owur*/ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +/*__owur*/ int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, size_t cnt); -__owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); -__owur int EVP_Digest(const void *data, size_t count, +/*__owur*/ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); +/*__owur*/ int EVP_Digest(const void *data, size_t count, unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); -__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); -__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +/*__owur*/ int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); +/*__owur*/ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); __owur int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); @@ -607,26 +635,26 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags); __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv); -__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, +/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv); -__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); -__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv); -__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, +/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv); -__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, const unsigned char *key,const unsigned char *iv, int enc); -__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, +/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key,const unsigned char *iv, int enc); __owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, @@ -640,7 +668,7 @@ __owur int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, __owur int EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey); -__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen); @@ -648,7 +676,7 @@ __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, __owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); __owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, - unsigned char *sig, size_t siglen); + const unsigned char *sig, size_t siglen); __owur int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, const unsigned char *ek, int ekl, const unsigned char *iv, @@ -753,6 +781,7 @@ const EVP_CIPHER *EVP_des_cbc(void); const EVP_CIPHER *EVP_des_ede_cbc(void); const EVP_CIPHER *EVP_des_ede3_cbc(void); const EVP_CIPHER *EVP_desx_cbc(void); +const EVP_CIPHER *EVP_des_ede3_wrap(void); /* This should now be supported through the dev_crypto ENGINE. But also, why are * rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */ #if 0 @@ -819,6 +848,8 @@ const EVP_CIPHER *EVP_aes_128_ctr(void); const EVP_CIPHER *EVP_aes_128_ccm(void); const EVP_CIPHER *EVP_aes_128_gcm(void); const EVP_CIPHER *EVP_aes_128_xts(void); +const EVP_CIPHER *EVP_aes_128_wrap(void); +const EVP_CIPHER *EVP_aes_128_wrap_pad(void); const EVP_CIPHER *EVP_aes_192_ecb(void); const EVP_CIPHER *EVP_aes_192_cbc(void); const EVP_CIPHER *EVP_aes_192_cfb1(void); @@ -829,6 +860,8 @@ const EVP_CIPHER *EVP_aes_192_ofb(void); const EVP_CIPHER *EVP_aes_192_ctr(void); const EVP_CIPHER *EVP_aes_192_ccm(void); const EVP_CIPHER *EVP_aes_192_gcm(void); +const EVP_CIPHER *EVP_aes_192_wrap(void); +const EVP_CIPHER *EVP_aes_192_wrap_pad(void); const EVP_CIPHER *EVP_aes_256_ecb(void); const EVP_CIPHER *EVP_aes_256_cbc(void); const EVP_CIPHER *EVP_aes_256_cfb1(void); @@ -840,10 +873,16 @@ const EVP_CIPHER *EVP_aes_256_ctr(void); const EVP_CIPHER *EVP_aes_256_ccm(void); const EVP_CIPHER *EVP_aes_256_gcm(void); const EVP_CIPHER *EVP_aes_256_xts(void); -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) +const EVP_CIPHER *EVP_aes_256_wrap(void); +const EVP_CIPHER *EVP_aes_256_wrap_pad(void); +# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); -#endif +# endif +# ifndef OPENSSL_NO_SHA256 +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); +# endif #endif #ifndef OPENSSL_NO_CAMELLIA const EVP_CIPHER *EVP_camellia_128_ecb(void); @@ -921,6 +960,7 @@ int EVP_PKEY_type(int type); int EVP_PKEY_id(const EVP_PKEY *pkey); int EVP_PKEY_base_id(const EVP_PKEY *pkey); int EVP_PKEY_bits(EVP_PKEY *pkey); +int EVP_PKEY_security_bits(const EVP_PKEY *pkey); int EVP_PKEY_size(EVP_PKEY *pkey); int EVP_PKEY_set_type(EVP_PKEY *pkey,int type); int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); @@ -1031,6 +1071,7 @@ void EVP_PBE_cleanup(void); #define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3 #define ASN1_PKEY_CTRL_CMS_SIGN 0x5 #define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 +#define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8 int EVP_PKEY_asn1_get_count(void); const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); @@ -1078,6 +1119,9 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2)); +void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_security_bits)(const EVP_PKEY *pk)); + #define EVP_PKEY_OP_UNDEFINED 0 #define EVP_PKEY_OP_PARAMGEN (1<<1) @@ -1099,7 +1143,7 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) #define EVP_PKEY_OP_TYPE_NOGEN \ - (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE) + (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE) #define EVP_PKEY_OP_TYPE_GEN \ (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) @@ -1108,6 +1152,10 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ EVP_PKEY_CTRL_MD, 0, (void *)md) +#define EVP_PKEY_CTX_get_signature_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_GET_MD, 0, (void *)pmd) + #define EVP_PKEY_CTRL_MD 1 #define EVP_PKEY_CTRL_PEER_KEY 2 @@ -1129,6 +1177,8 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, #define EVP_PKEY_CTRL_CIPHER 12 +#define EVP_PKEY_CTRL_GET_MD 13 + #define EVP_PKEY_ALG_CTRL 0x1000 @@ -1270,6 +1320,8 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value)); +void EVP_add_alg_module(void); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -1282,10 +1334,13 @@ void ERR_load_EVP_strings(void); #define EVP_F_AESNI_INIT_KEY 165 #define EVP_F_AESNI_XTS_CIPHER 176 #define EVP_F_AES_INIT_KEY 133 +#define EVP_F_AES_T4_INIT_KEY 178 #define EVP_F_AES_XTS 172 #define EVP_F_AES_XTS_CIPHER 175 +#define EVP_F_ALG_MODULE_INIT 177 #define EVP_F_CAMELLIA_INIT_KEY 159 #define EVP_F_CMAC_INIT 173 +#define EVP_F_CMLL_T4_INIT_KEY 179 #define EVP_F_D2I_PKEY 100 #define EVP_F_DO_SIGVER_INIT 161 #define EVP_F_DSAPKEY2PKCS8 134 @@ -1377,15 +1432,19 @@ void ERR_load_EVP_strings(void); #define EVP_R_DIFFERENT_PARAMETERS 153 #define EVP_R_DISABLED_FOR_FIPS 163 #define EVP_R_ENCODE_ERROR 115 +#define EVP_R_ERROR_LOADING_SECTION 165 +#define EVP_R_ERROR_SETTING_FIPS_MODE 166 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 #define EVP_R_EXPECTING_AN_RSA_KEY 127 #define EVP_R_EXPECTING_A_DH_KEY 128 #define EVP_R_EXPECTING_A_DSA_KEY 129 #define EVP_R_EXPECTING_A_ECDSA_KEY 141 #define EVP_R_EXPECTING_A_EC_KEY 142 +#define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 #define EVP_R_INITIALIZATION_ERROR 134 #define EVP_R_INPUT_NOT_INITIALIZED 111 #define EVP_R_INVALID_DIGEST 152 +#define EVP_R_INVALID_FIPS_MODE 168 #define EVP_R_INVALID_KEY_LENGTH 130 #define EVP_R_INVALID_OPERATION 148 #define EVP_R_IV_TOO_LARGE 102 @@ -1410,6 +1469,7 @@ void ERR_load_EVP_strings(void); #define EVP_R_TOO_LARGE 164 #define EVP_R_UNKNOWN_CIPHER 160 #define EVP_R_UNKNOWN_DIGEST 161 +#define EVP_R_UNKNOWN_OPTION 169 #define EVP_R_UNKNOWN_PBE_ALGORITHM 121 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 #define EVP_R_UNSUPPORTED_ALGORITHM 156 @@ -1420,6 +1480,7 @@ void ERR_load_EVP_strings(void); #define EVP_R_UNSUPPORTED_PRF 125 #define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 #define EVP_R_UNSUPPORTED_SALT_TYPE 126 +#define EVP_R_WRAP_MODE_NOT_ALLOWED 170 #define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 #define EVP_R_WRONG_PUBLIC_KEY_TYPE 110