# define EVP_PKS_RSA 0x0100
# define EVP_PKS_DSA 0x0200
# define EVP_PKS_EC 0x0400
-# define EVP_PKT_EXP 0x1000 /* <= 512 bit key */
# define EVP_PKEY_NONE NID_undef
# define EVP_PKEY_RSA NID_rsaEncryption
# define EVP_PKEY_MO_DECRYPT 0x0008
# ifndef EVP_MD
-struct env_md_st {
- int type;
- int pkey_type;
- int md_size;
- unsigned long flags;
- int (*init) (EVP_MD_CTX *ctx);
- int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
- int (*final) (EVP_MD_CTX *ctx, unsigned char *md);
- int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from);
- int (*cleanup) (EVP_MD_CTX *ctx);
- /* FIXME: prototype these some day */
- int (*sign) (int type, const unsigned char *m, unsigned int m_length,
- unsigned char *sigret, unsigned int *siglen, void *key);
- int (*verify) (int type, const unsigned char *m, unsigned int m_length,
- const unsigned char *sigbuf, unsigned int siglen,
- void *key);
- int required_pkey_type[5]; /* EVP_PKEY_xxx */
- int block_size;
- int ctx_size; /* how big does the ctx->md_data need to be */
- /* control function */
- int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
-} /* EVP_MD */ ;
-
-typedef int evp_sign_method(int type, const unsigned char *m,
- unsigned int m_length, unsigned char *sigret,
- unsigned int *siglen, void *key);
-typedef int evp_verify_method(int type, const unsigned char *m,
- unsigned int m_length,
- const unsigned char *sigbuf,
- unsigned int siglen, void *key);
+EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type);
+EVP_MD *EVP_MD_meth_dup(const EVP_MD *md);
+void EVP_MD_meth_free(EVP_MD *md);
+
+int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize);
+int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize);
+int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize);
+int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags);
+int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx));
+int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx,
+ const void *data,
+ size_t count));
+int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx,
+ unsigned char *md));
+int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to,
+ const EVP_MD_CTX *from));
+int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx));
+int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
+ int p1, void *p2));
+
+int EVP_MD_meth_get_input_blocksize(const EVP_MD *md);
+int EVP_MD_meth_get_result_size(const EVP_MD *md);
+int EVP_MD_meth_get_app_datasize(const EVP_MD *md);
+unsigned long EVP_MD_meth_get_flags(const EVP_MD *md);
+int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx);
+int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx,
+ const void *data,
+ size_t count);
+int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx,
+ unsigned char *md);
+int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to,
+ const EVP_MD_CTX *from);
+int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx);
+int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
+ int p1, void *p2);
/* digest can only handle a single block */
# define EVP_MD_FLAG_ONESHOT 0x0001
-/*
- * digest is a "clone" digest used
- * which is a copy of an existing
- * one for a specific public key type.
- * EVP_dss1() etc
- */
-# define EVP_MD_FLAG_PKEY_DIGEST 0x0002
-
-/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */
-
-# define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004
-
/* DigestAlgorithmIdentifier flags... */
# define EVP_MD_FLAG_DIGALGID_MASK 0x0018
# define EVP_MD_CTRL_ALG_CTRL 0x1000
-# define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0}
-
-# ifndef OPENSSL_NO_DSA
-# define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \
- (evp_verify_method *)DSA_verify, \
- {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \
- EVP_PKEY_DSA4,0}
-# else
-# define EVP_PKEY_DSA_method EVP_PKEY_NULL_method
-# endif
-
-# ifndef OPENSSL_NO_EC
-# define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \
- (evp_verify_method *)ECDSA_verify, \
- {EVP_PKEY_EC,0,0,0}
-# else
-# define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method
-# endif
-
-# ifndef OPENSSL_NO_RSA
-# define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \
- (evp_verify_method *)RSA_verify, \
- {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
-# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \
- (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \
- (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \
- {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
-# else
-# define EVP_PKEY_RSA_method EVP_PKEY_NULL_method
-# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method
-# endif
-
# endif /* !EVP_MD */
-struct env_md_ctx_st {
- const EVP_MD *digest;
- ENGINE *engine; /* functional reference if 'digest' is
- * ENGINE-provided */
- unsigned long flags;
- void *md_data;
- /* Public key context for sign/verify */
- EVP_PKEY_CTX *pctx;
- /* Update function: usually copied from EVP_MD */
- int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
-} /* EVP_MD_CTX */ ;
-
/* values for EVP_MD_CTX flags */
# define EVP_MD_CTX_FLAG_ONESHOT 0x0001/* digest update will be
# define EVP_CTRL_AEAD_SET_IVLEN 0x9
# define EVP_CTRL_AEAD_GET_TAG 0x10
# define EVP_CTRL_AEAD_SET_TAG 0x11
+# define EVP_CTRL_AEAD_SET_IV_FIXED 0x12
# define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN
# define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG
# define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG
-# define EVP_CTRL_GCM_SET_IV_FIXED 0x12
+# define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED
# define EVP_CTRL_GCM_IV_GEN 0x13
# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN
# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG
# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG
+# define EVP_CTRL_CCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED
# define EVP_CTRL_CCM_SET_L 0x14
# define EVP_CTRL_CCM_SET_MSGLEN 0x15
/*
# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b
# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c
+# define EVP_CTRL_SSL3_MASTER_SECRET 0x1d
+
/* RFC 5246 defines additional data to be 13 bytes in length */
# define EVP_AEAD_TLS1_AAD_LEN 13
/* Length of tag for TLS */
# define EVP_GCM_TLS_TAG_LEN 16
+/* CCM TLS constants */
+/* Length of fixed part of IV derived from PRF */
+# define EVP_CCM_TLS_FIXED_IV_LEN 4
+/* Length of explicit part of IV part of TLS records */
+# define EVP_CCM_TLS_EXPLICIT_IV_LEN 8
+
typedef struct evp_cipher_info_st {
const EVP_CIPHER *cipher;
unsigned char iv[EVP_MAX_IV_LENGTH];
# define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
/* Macros to reduce FIPS dependencies: do NOT use in applications */
-# define M_EVP_MD_size(e) ((e)->md_size)
-# define M_EVP_MD_block_size(e) ((e)->block_size)
-# define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
-# define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
-# define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
-# define M_EVP_MD_type(e) ((e)->type)
-# define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e))
-# define M_EVP_MD_CTX_md(e) ((e)->digest)
-
# define M_EVP_CIPHER_nid(e) ((e)->nid)
# define M_EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len)
# define M_EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags)
unsigned long EVP_MD_flags(const EVP_MD *md);
const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
+ const void *data, size_t count);
+void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
+ int (*update) (EVP_MD_CTX *ctx,
+ const void *data, size_t count));
# define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e))
# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e))
# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e))
+EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
+void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
# define EVP_delete_digest_alias(alias) \
OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
-void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
-int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
-EVP_MD_CTX *EVP_MD_CTX_create(void);
-void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
+int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
+EVP_MD_CTX *EVP_MD_CTX_new(void);
+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
+# ifdef OPENSSL_USE_DEPRECATED
+# define EVP_MD_CTX_create() EVP_MD_CTX_new()
+# define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx))
+# define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx))
+# endif
/*__owur*/ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
# endif
# ifndef OPENSSL_NO_MD5
const EVP_MD *EVP_md5(void);
+const EVP_MD *EVP_md5_sha1(void);
# endif
const EVP_MD *EVP_sha1(void);
-const EVP_MD *EVP_dss1(void);
-const EVP_MD *EVP_ecdsa(void);
const EVP_MD *EVP_sha224(void);
const EVP_MD *EVP_sha256(void);
const EVP_MD *EVP_sha384(void);
void OpenSSL_add_all_ciphers(void);
void OpenSSL_add_all_digests(void);
-# define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms()
-# define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers()
-# define SSLeay_add_all_digests() OpenSSL_add_all_digests()
int EVP_add_cipher(const EVP_CIPHER *cipher);
int EVP_add_digest(const EVP_MD *digest);
ASN1_TYPE *param, const EVP_CIPHER *cipher,
const EVP_MD *md, int en_de);
+#ifndef OPENSSL_NO_SCRYPT
+int EVP_PBE_scrypt(const char *pass, size_t passlen,
+ const unsigned char *salt, size_t saltlen,
+ uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
+ unsigned char *key, size_t keylen);
+
+int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
+ int passlen, ASN1_TYPE *param,
+ const EVP_CIPHER *c, const EVP_MD *md, int en_de);
+#endif
+
void PKCS5_PBE_add(void);
int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid,
EVP_PBE_KEYGEN **pkeygen);
void EVP_PBE_cleanup(void);
+int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num);
# define ASN1_PKEY_ALIAS 0x1
# define ASN1_PKEY_DYNAMIC 0x2
void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
int (*pkey_ctrl) (EVP_PKEY *pkey, int op,
long arg1, void *arg2));
+void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
+ int (*item_verify) (EVP_MD_CTX *ctx,
+ const ASN1_ITEM *it,
+ void *asn,
+ X509_ALGOR *a,
+ ASN1_BIT_STRING *sig,
+ EVP_PKEY *pkey),
+ int (*item_sign) (EVP_MD_CTX *ctx,
+ const ASN1_ITEM *it,
+ void *asn,
+ X509_ALGOR *alg1,
+ X509_ALGOR *alg2,
+ ASN1_BIT_STRING *sig));
void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
int (*pkey_security_bits) (const EVP_PKEY
const char *type,
const char *value));
+void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
+ int (**pinit) (EVP_PKEY_CTX *ctx));
+
+void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth,
+ int (**pcopy) (EVP_PKEY_CTX *dst,
+ EVP_PKEY_CTX *src));
+
+void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth,
+ void (**pcleanup) (EVP_PKEY_CTX *ctx));
+
+void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth,
+ int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
+ int (**pparamgen) (EVP_PKEY_CTX *ctx,
+ EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
+ int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
+ int (**pkeygen) (EVP_PKEY_CTX *ctx,
+ EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
+ int (**psign_init) (EVP_PKEY_CTX *ctx),
+ int (**psign) (EVP_PKEY_CTX *ctx,
+ unsigned char *sig, size_t *siglen,
+ const unsigned char *tbs,
+ size_t tbslen));
+
+void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth,
+ int (**pverify_init) (EVP_PKEY_CTX *ctx),
+ int (**pverify) (EVP_PKEY_CTX *ctx,
+ const unsigned char *sig,
+ size_t siglen,
+ const unsigned char *tbs,
+ size_t tbslen));
+
+void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth,
+ int (**pverify_recover_init) (EVP_PKEY_CTX
+ *ctx),
+ int (**pverify_recover) (EVP_PKEY_CTX
+ *ctx,
+ unsigned char
+ *sig,
+ size_t *siglen,
+ const unsigned
+ char *tbs,
+ size_t tbslen));
+
+void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth,
+ int (**psignctx_init) (EVP_PKEY_CTX *ctx,
+ EVP_MD_CTX *mctx),
+ int (**psignctx) (EVP_PKEY_CTX *ctx,
+ unsigned char *sig,
+ size_t *siglen,
+ EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth,
+ int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
+ EVP_MD_CTX *mctx),
+ int (**pverifyctx) (EVP_PKEY_CTX *ctx,
+ const unsigned char *sig,
+ int siglen,
+ EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth,
+ int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
+ int (**pencryptfn) (EVP_PKEY_CTX *ctx,
+ unsigned char *out,
+ size_t *outlen,
+ const unsigned char *in,
+ size_t inlen));
+
+void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
+ int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
+ int (**pdecrypt) (EVP_PKEY_CTX *ctx,
+ unsigned char *out,
+ size_t *outlen,
+ const unsigned char *in,
+ size_t inlen));
+
+void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
+ int (**pderive_init) (EVP_PKEY_CTX *ctx),
+ int (**pderive) (EVP_PKEY_CTX *ctx,
+ unsigned char *key,
+ size_t *keylen));
+
+void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth,
+ int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+ void *p2),
+ int (**pctrl_str) (EVP_PKEY_CTX *ctx,
+ const char *type,
+ const char *value));
+
void EVP_add_alg_module(void);
/* BEGIN ERROR CODES */
# define EVP_F_EVP_PBE_ALG_ADD 115
# define EVP_F_EVP_PBE_ALG_ADD_TYPE 160
# define EVP_F_EVP_PBE_CIPHERINIT 116
+# define EVP_F_EVP_PBE_SCRYPT 181
# define EVP_F_EVP_PKCS82PKEY 111
# define EVP_F_EVP_PKCS82PKEY_BROKEN 136
# define EVP_F_EVP_PKEY2PKCS8_BROKEN 113
# define EVP_F_PKCS5_PBE_KEYIVGEN 117
# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118
# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164
+# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180
# define EVP_F_PKCS8_SET_BROKEN 112
# define EVP_F_PKEY_SET_TYPE 158
# define EVP_F_RC2_MAGIC_TO_METH 109
# define EVP_R_EXPECTING_A_ECDSA_KEY 141
# define EVP_R_EXPECTING_A_EC_KEY 142
# define EVP_R_FIPS_MODE_NOT_SUPPORTED 167
+# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171
# define EVP_R_INITIALIZATION_ERROR 134
# define EVP_R_INPUT_NOT_INITIALIZED 111
# define EVP_R_INVALID_DIGEST 152
# define EVP_R_INVALID_OPERATION 148
# define EVP_R_IV_TOO_LARGE 102
# define EVP_R_KEYGEN_FAILURE 120
+# define EVP_R_MEMORY_LIMIT_EXCEEDED 172
# define EVP_R_MESSAGE_DIGEST_IS_NULL 159
# define EVP_R_METHOD_NOT_SUPPORTED 144
# define EVP_R_MISSING_PARAMETERS 103
projects / openssl.git / blobdiff