diff options
Diffstat (limited to 'windows-x86_64/include/openssl/evp.h')
-rw-r--r-- | windows-x86_64/include/openssl/evp.h | 2217 |
1 files changed, 742 insertions, 1475 deletions
diff --git a/windows-x86_64/include/openssl/evp.h b/windows-x86_64/include/openssl/evp.h index 39ab793..7debbc5 100644 --- a/windows-x86_64/include/openssl/evp.h +++ b/windows-x86_64/include/openssl/evp.h @@ -1,4 +1,3 @@ -/* crypto/evp/evp.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -53,1482 +52,750 @@ * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_ENVELOPE_H -# define HEADER_ENVELOPE_H - -# ifdef OPENSSL_ALGORITHM_DEFINES -# include <openssl/opensslconf.h> -# else -# define OPENSSL_ALGORITHM_DEFINES -# include <openssl/opensslconf.h> -# undef OPENSSL_ALGORITHM_DEFINES -# endif - -# include <openssl/ossl_typ.h> - -# include <openssl/symhacks.h> - -# ifndef OPENSSL_NO_BIO -# include <openssl/bio.h> -# endif - -/*- -#define EVP_RC2_KEY_SIZE 16 -#define EVP_RC4_KEY_SIZE 16 -#define EVP_BLOWFISH_KEY_SIZE 16 -#define EVP_CAST5_KEY_SIZE 16 -#define EVP_RC5_32_12_16_KEY_SIZE 16 -*/ -# define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ -# define EVP_MAX_KEY_LENGTH 64 -# define EVP_MAX_IV_LENGTH 16 -# define EVP_MAX_BLOCK_LENGTH 32 - -# define PKCS5_SALT_LEN 8 -/* Default PKCS#5 iteration count */ -# define PKCS5_DEFAULT_ITER 2048 - -# include <openssl/objects.h> - -# define EVP_PK_RSA 0x0001 -# define EVP_PK_DSA 0x0002 -# define EVP_PK_DH 0x0004 -# define EVP_PK_EC 0x0008 -# define EVP_PKT_SIGN 0x0010 -# define EVP_PKT_ENC 0x0020 -# define EVP_PKT_EXCH 0x0040 -# define EVP_PKS_RSA 0x0100 -# define EVP_PKS_DSA 0x0200 -# define EVP_PKS_EC 0x0400 - -# define EVP_PKEY_NONE NID_undef -# define EVP_PKEY_RSA NID_rsaEncryption -# define EVP_PKEY_RSA2 NID_rsa -# define EVP_PKEY_DSA NID_dsa -# define EVP_PKEY_DSA1 NID_dsa_2 -# define EVP_PKEY_DSA2 NID_dsaWithSHA -# define EVP_PKEY_DSA3 NID_dsaWithSHA1 -# define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 -# define EVP_PKEY_DH NID_dhKeyAgreement -# define EVP_PKEY_DHX NID_dhpublicnumber -# define EVP_PKEY_EC NID_X9_62_id_ecPublicKey -# define EVP_PKEY_HMAC NID_hmac -# define EVP_PKEY_CMAC NID_cmac - -#ifdef __cplusplus + * [including the GNU Public Licence.] */ + +#ifndef OPENSSL_HEADER_EVP_H +#define OPENSSL_HEADER_EVP_H + +#include <openssl/base.h> + +#include <openssl/thread.h> + +/* OpenSSL included digest and cipher functions in this header so we include + * them for users that still expect that. + * + * TODO(fork): clean up callers so that they include what they use. */ +#include <openssl/aead.h> +#include <openssl/base64.h> +#include <openssl/cipher.h> +#include <openssl/digest.h> +#include <openssl/nid.h> + +#if defined(__cplusplus) extern "C" { #endif -/* - * Type needs to be a bit field Sub-type needs to be for variations on the - * method, as in, can it do arbitrary encryption.... - */ + +/* EVP abstracts over public/private key algorithms. */ + + +/* Public key objects. */ + +/* EVP_PKEY_new creates a new, empty public-key object and returns it or NULL + * on allocation failure. */ +OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new(void); + +/* EVP_PKEY_free frees all data referenced by |pkey| and then frees |pkey| + * itself. */ +OPENSSL_EXPORT void EVP_PKEY_free(EVP_PKEY *pkey); + +/* EVP_PKEY_up_ref increments the reference count of |pkey| and returns one. */ +OPENSSL_EXPORT int EVP_PKEY_up_ref(EVP_PKEY *pkey); + +/* EVP_PKEY_is_opaque returns one if |pkey| is opaque. Opaque keys are backed by + * custom implementations which do not expose key material and parameters. It is + * an error to attempt to duplicate, export, or compare an opaque key. */ +OPENSSL_EXPORT int EVP_PKEY_is_opaque(const EVP_PKEY *pkey); + +/* EVP_PKEY_supports_digest returns one if |pkey| supports digests of + * type |md|. This is intended for use with EVP_PKEYs backing custom + * implementations which can't sign all digests. */ +OPENSSL_EXPORT int EVP_PKEY_supports_digest(const EVP_PKEY *pkey, + const EVP_MD *md); + +/* EVP_PKEY_cmp compares |a| and |b| and returns one if they are equal, zero if + * not and a negative number on error. + * + * WARNING: this differs from the traditional return value of a "cmp" + * function. */ +OPENSSL_EXPORT int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); + +/* EVP_PKEY_copy_parameters sets the parameters of |to| to equal the parameters + * of |from|. It returns one on success and zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); + +/* EVP_PKEY_missing_parameters returns one if |pkey| is missing needed + * parameters or zero if not, or if the algorithm doesn't take parameters. */ +OPENSSL_EXPORT int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); + +/* EVP_PKEY_size returns the maximum size, in bytes, of a signature signed by + * |pkey|. For an RSA key, this returns the number of bytes needed to represent + * the modulus. For an EC key, this returns the maximum size of a DER-encoded + * ECDSA signature. */ +OPENSSL_EXPORT int EVP_PKEY_size(const EVP_PKEY *pkey); + +/* EVP_PKEY_bits returns the "size", in bits, of |pkey|. For an RSA key, this + * returns the bit length of the modulus. For an EC key, this returns the bit + * length of the group order. */ +OPENSSL_EXPORT int EVP_PKEY_bits(EVP_PKEY *pkey); + +/* EVP_PKEY_id returns the type of |pkey|, which is one of the |EVP_PKEY_*| + * values. */ +OPENSSL_EXPORT int EVP_PKEY_id(const EVP_PKEY *pkey); + +/* EVP_PKEY_type returns |nid| if |nid| is a known key type and |NID_undef| + * otherwise. */ +OPENSSL_EXPORT int EVP_PKEY_type(int nid); + + +/* Getting and setting concrete public key types. + * + * The following functions get and set the underlying public key in an + * |EVP_PKEY| object. The |set1| functions take an additional reference to the + * underlying key and return one on success or zero on error. The |assign| + * functions adopt the caller's reference. The |get1| functions return a fresh + * reference to the underlying object or NULL if |pkey| is not of the correct + * type. The |get0| functions behave the same but return a non-owning + * pointer. */ + +OPENSSL_EXPORT int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key); +OPENSSL_EXPORT int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key); +OPENSSL_EXPORT RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); +OPENSSL_EXPORT RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); + +OPENSSL_EXPORT int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key); +OPENSSL_EXPORT int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key); +OPENSSL_EXPORT DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); +OPENSSL_EXPORT DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); + +OPENSSL_EXPORT int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); +OPENSSL_EXPORT int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); +OPENSSL_EXPORT EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); +OPENSSL_EXPORT EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); + +#define EVP_PKEY_NONE NID_undef +#define EVP_PKEY_RSA NID_rsaEncryption +#define EVP_PKEY_DSA NID_dsa +#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey + +/* EVP_PKEY_assign sets the underlying key of |pkey| to |key|, which must be of + * the given type. The |type| argument should be one of the |EVP_PKEY_*| + * values. */ +OPENSSL_EXPORT int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); + +/* EVP_PKEY_set_type sets the type of |pkey| to |type|, which should be one of + * the |EVP_PKEY_*| values. It returns one if successful or zero otherwise. If + * |pkey| is NULL, it simply reports whether the type is known. */ +OPENSSL_EXPORT int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); + +/* EVP_PKEY_cmp_parameters compares the parameters of |a| and |b|. It returns + * one if they match, zero if not, or a negative number of on error. + * + * WARNING: the return value differs from the usual return value convention. */ +OPENSSL_EXPORT int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, + const EVP_PKEY *b); + + +/* ASN.1 functions */ + +/* EVP_parse_public_key decodes a DER-encoded SubjectPublicKeyInfo structure + * (RFC 5280) from |cbs| and advances |cbs|. It returns a newly-allocated + * |EVP_PKEY| or NULL on error. + * + * The caller must check the type of the parsed public key to ensure it is + * suitable and validate other desired key properties such as RSA modulus size + * or EC curve. */ +OPENSSL_EXPORT EVP_PKEY *EVP_parse_public_key(CBS *cbs); + +/* EVP_marshal_public_key marshals |key| as a DER-encoded SubjectPublicKeyInfo + * structure (RFC 5280) and appends the result to |cbb|. It returns one on + * success and zero on error. */ +OPENSSL_EXPORT int EVP_marshal_public_key(CBB *cbb, const EVP_PKEY *key); + +/* EVP_parse_private_key decodes a DER-encoded PrivateKeyInfo structure (RFC + * 5208) from |cbs| and advances |cbs|. It returns a newly-allocated |EVP_PKEY| + * or NULL on error. + * + * The caller must check the type of the parsed private key to ensure it is + * suitable and validate other desired key properties such as RSA modulus size + * or EC curve. + * + * A PrivateKeyInfo ends with an optional set of attributes. These are not + * processed and so this function will silently ignore any trailing data in the + * structure. */ +OPENSSL_EXPORT EVP_PKEY *EVP_parse_private_key(CBS *cbs); + +/* EVP_marshal_private_key marshals |key| as a DER-encoded PrivateKeyInfo + * structure (RFC 5208) and appends the result to |cbb|. It returns one on + * success and zero on error. */ +OPENSSL_EXPORT int EVP_marshal_private_key(CBB *cbb, const EVP_PKEY *key); + + +/* Signing */ + +/* EVP_DigestSignInit sets up |ctx| for a signing operation with |type| and + * |pkey|. The |ctx| argument must have been initialised with + * |EVP_MD_CTX_init|. If |pctx| is not NULL, the |EVP_PKEY_CTX| of the signing + * operation will be written to |*pctx|; this can be used to set alternative + * signing options. + * + * It returns one on success, or zero on error. */ +OPENSSL_EXPORT int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); + +/* EVP_DigestSignUpdate appends |len| bytes from |data| to the data which will + * be signed in |EVP_DigestSignFinal|. It returns one. */ +OPENSSL_EXPORT int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, + size_t len); + +/* EVP_DigestSignFinal signs the data that has been included by one or more + * calls to |EVP_DigestSignUpdate|. If |out_sig| is NULL then |*out_sig_len| is + * set to the maximum number of output bytes. Otherwise, on entry, + * |*out_sig_len| must contain the length of the |out_sig| buffer. If the call + * is successful, the signature is written to |out_sig| and |*out_sig_len| is + * set to its length. + * + * It returns one on success, or zero on error. */ +OPENSSL_EXPORT int EVP_DigestSignFinal(EVP_MD_CTX *ctx, uint8_t *out_sig, + size_t *out_sig_len); + + +/* Verifying */ + +/* EVP_DigestVerifyInit sets up |ctx| for a signature verification operation + * with |type| and |pkey|. The |ctx| argument must have been initialised with + * |EVP_MD_CTX_init|. If |pctx| is not NULL, the |EVP_PKEY_CTX| of the signing + * operation will be written to |*pctx|; this can be used to set alternative + * signing options. + * + * It returns one on success, or zero on error. */ +OPENSSL_EXPORT int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); + +/* EVP_DigestVerifyUpdate appends |len| bytes from |data| to the data which + * will be verified by |EVP_DigestVerifyFinal|. It returns one. */ +OPENSSL_EXPORT int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, + size_t len); + +/* EVP_DigestVerifyFinal verifies that |sig_len| bytes of |sig| are a valid + * signature for the data that has been included by one or more calls to + * |EVP_DigestVerifyUpdate|. It returns one on success and zero otherwise. */ +OPENSSL_EXPORT int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const uint8_t *sig, + size_t sig_len); + + +/* Signing (old functions) */ + +/* EVP_SignInit_ex configures |ctx|, which must already have been initialised, + * for a fresh signing operation using the hash function |type|. It returns one + * on success and zero otherwise. + * + * (In order to initialise |ctx|, either obtain it initialised with + * |EVP_MD_CTX_create|, or use |EVP_MD_CTX_init|.) */ +OPENSSL_EXPORT int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, + ENGINE *impl); + +/* EVP_SignInit is a deprecated version of |EVP_SignInit_ex|. + * + * TODO(fork): remove. */ +OPENSSL_EXPORT int EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); + +/* EVP_SignUpdate appends |len| bytes from |data| to the data which will be + * signed in |EVP_SignFinal|. */ +OPENSSL_EXPORT int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *data, + size_t len); + +/* EVP_SignFinal signs the data that has been included by one or more calls to + * |EVP_SignUpdate|, using the key |pkey|, and writes it to |sig|. On entry, + * |sig| must point to at least |EVP_PKEY_size(pkey)| bytes of space. The + * actual size of the signature is written to |*out_sig_len|. + * + * It returns one on success and zero otherwise. + * + * It does not modify |ctx|, thus it's possible to continue to use |ctx| in + * order to sign a longer message. */ +OPENSSL_EXPORT int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig, + unsigned int *out_sig_len, EVP_PKEY *pkey); + + +/* Verifying (old functions) */ + +/* EVP_VerifyInit_ex configures |ctx|, which must already have been + * initialised, for a fresh signature verification operation using the hash + * function |type|. It returns one on success and zero otherwise. + * + * (In order to initialise |ctx|, either obtain it initialised with + * |EVP_MD_CTX_create|, or use |EVP_MD_CTX_init|.) */ +OPENSSL_EXPORT int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, + ENGINE *impl); + +/* EVP_VerifyInit is a deprecated version of |EVP_VerifyInit_ex|. + * + * TODO(fork): remove. */ +OPENSSL_EXPORT int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); + +/* EVP_VerifyUpdate appends |len| bytes from |data| to the data which will be + * signed in |EVP_VerifyFinal|. */ +OPENSSL_EXPORT int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *data, + size_t len); + +/* EVP_VerifyFinal verifies that |sig_len| bytes of |sig| are a valid + * signature, by |pkey|, for the data that has been included by one or more + * calls to |EVP_VerifyUpdate|. + * + * It returns one on success and zero otherwise. + * + * It does not modify |ctx|, thus it's possible to continue to use |ctx| in + * order to sign a longer message. */ +OPENSSL_EXPORT int EVP_VerifyFinal(EVP_MD_CTX *ctx, const uint8_t *sig, + size_t sig_len, EVP_PKEY *pkey); + + +/* Printing */ + +/* EVP_PKEY_print_public prints a textual representation of the public key in + * |pkey| to |out|. Returns one on success or zero otherwise. */ +OPENSSL_EXPORT int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); + +/* EVP_PKEY_print_private prints a textual representation of the private key in + * |pkey| to |out|. Returns one on success or zero otherwise. */ +OPENSSL_EXPORT int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); + +/* EVP_PKEY_print_params prints a textual representation of the parameters in + * |pkey| to |out|. Returns one on success or zero otherwise. */ +OPENSSL_EXPORT int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); + + +/* Password stretching. + * + * Password stretching functions take a low-entropy password and apply a slow + * function that results in a key suitable for use in symmetric + * cryptography. */ + +/* PKCS5_PBKDF2_HMAC computes |iterations| iterations of PBKDF2 of |password| + * and |salt|, using |digest|, and outputs |key_len| bytes to |out_key|. It + * returns one on success and zero on error. */ +OPENSSL_EXPORT int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len, + const uint8_t *salt, size_t salt_len, + unsigned iterations, const EVP_MD *digest, + size_t key_len, uint8_t *out_key); + +/* PKCS5_PBKDF2_HMAC_SHA1 is the same as PKCS5_PBKDF2_HMAC, but with |digest| + * fixed to |EVP_sha1|. */ +OPENSSL_EXPORT int PKCS5_PBKDF2_HMAC_SHA1(const char *password, + size_t password_len, + const uint8_t *salt, size_t salt_len, + unsigned iterations, size_t key_len, + uint8_t *out_key); + + +/* Public key contexts. + * + * |EVP_PKEY_CTX| objects hold the context of an operation (e.g. signing or + * encrypting) that uses a public key. */ + +/* EVP_PKEY_CTX_new allocates a fresh |EVP_PKEY_CTX| for use with |pkey|. It + * returns the context or NULL on error. */ +OPENSSL_EXPORT EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); + +/* EVP_PKEY_CTX_new_id allocates a fresh |EVP_PKEY_CTX| for a key of type |id| + * (e.g. |EVP_PKEY_HMAC|). This can be used for key generation where + * |EVP_PKEY_CTX_new| can't be used because there isn't an |EVP_PKEY| to pass + * it. It returns the context or NULL on error. */ +OPENSSL_EXPORT EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); + +/* EVP_PKEY_CTX_free frees |ctx| and the data it owns. */ +OPENSSL_EXPORT void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); + +/* EVP_PKEY_CTX_dup allocates a fresh |EVP_PKEY_CTX| and sets it equal to the + * state of |ctx|. It returns the fresh |EVP_PKEY_CTX| or NULL on error. */ +OPENSSL_EXPORT EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); + +/* EVP_PKEY_CTX_get0_pkey returns the |EVP_PKEY| associated with |ctx|. */ +OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); + +/* EVP_PKEY_sign_init initialises an |EVP_PKEY_CTX| for a signing operation. It + * should be called before |EVP_PKEY_sign|. + * + * It returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); + +/* EVP_PKEY_sign signs |data_len| bytes from |data| using |ctx|. If |sig| is + * NULL, the maximum size of the signature is written to + * |out_sig_len|. Otherwise, |*sig_len| must contain the number of bytes of + * space available at |sig|. If sufficient, the signature will be written to + * |sig| and |*sig_len| updated with the true length. + * + * WARNING: Setting |sig| to NULL only gives the maximum size of the + * signature. The actual signature may be smaller. + * + * It returns one on success or zero on error. (Note: this differs from + * OpenSSL, which can also return negative values to indicate an error. ) */ +OPENSSL_EXPORT int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, + size_t *sig_len, const uint8_t *data, + size_t data_len); + +/* EVP_PKEY_verify_init initialises an |EVP_PKEY_CTX| for a signature + * verification operation. It should be called before |EVP_PKEY_verify|. + * + * It returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); + +/* EVP_PKEY_verify verifies that |sig_len| bytes from |sig| are a valid + * signature for |data|. + * + * It returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, + size_t sig_len, const uint8_t *data, + size_t data_len); + +/* EVP_PKEY_encrypt_init initialises an |EVP_PKEY_CTX| for an encryption + * operation. It should be called before |EVP_PKEY_encrypt|. + * + * It returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); + +/* EVP_PKEY_encrypt encrypts |in_len| bytes from |in|. If |out| is NULL, the + * maximum size of the ciphertext is written to |out_len|. Otherwise, |*out_len| + * must contain the number of bytes of space available at |out|. If sufficient, + * the ciphertext will be written to |out| and |*out_len| updated with the true + * length. + * + * WARNING: Setting |out| to NULL only gives the maximum size of the + * ciphertext. The actual ciphertext may be smaller. + * + * It returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, uint8_t *out, + size_t *out_len, const uint8_t *in, + size_t in_len); + +/* EVP_PKEY_decrypt_init initialises an |EVP_PKEY_CTX| for a decryption + * operation. It should be called before |EVP_PKEY_decrypt|. + * + * It returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); + +/* EVP_PKEY_decrypt decrypts |in_len| bytes from |in|. If |out| is NULL, the + * maximum size of the plaintext is written to |out_len|. Otherwise, |*out_len| + * must contain the number of bytes of space available at |out|. If sufficient, + * the ciphertext will be written to |out| and |*out_len| updated with the true + * length. + * + * WARNING: Setting |out| to NULL only gives the maximum size of the + * plaintext. The actual plaintext may be smaller. + * + * It returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, uint8_t *out, + size_t *out_len, const uint8_t *in, + size_t in_len); + +/* EVP_PKEY_verify_recover_init initialises an |EVP_PKEY_CTX| for a public-key + * decryption operation. It should be called before |EVP_PKEY_verify_recover|. + * + * Public-key decryption is a very obscure operation that is only implemented + * by RSA keys. It is effectively a signature verification operation that + * returns the signed message directly. It is almost certainly not what you + * want. + * + * It returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); + +/* EVP_PKEY_verify_recover decrypts |sig_len| bytes from |sig|. If |out| is + * NULL, the maximum size of the plaintext is written to |out_len|. Otherwise, + * |*out_len| must contain the number of bytes of space available at |out|. If + * sufficient, the ciphertext will be written to |out| and |*out_len| updated + * with the true length. + * + * WARNING: Setting |out| to NULL only gives the maximum size of the + * plaintext. The actual plaintext may be smaller. + * + * See the warning about this operation in |EVP_PKEY_verify_recover_init|. It + * is probably not what you want. + * + * It returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, uint8_t *out, + size_t *out_len, const uint8_t *sig, + size_t siglen); + +/* EVP_PKEY_derive_init initialises an |EVP_PKEY_CTX| for a key derivation + * operation. It should be called before |EVP_PKEY_derive_set_peer| and + * |EVP_PKEY_derive|. + * + * It returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); + +/* EVP_PKEY_derive_set_peer sets the peer's key to be used for key derivation + * by |ctx| to |peer|. It should be called after |EVP_PKEY_derive_init|. (For + * example, this is used to set the peer's key in (EC)DH.) It returns one on + * success and zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); + +/* EVP_PKEY_derive derives a shared key between the two keys configured in + * |ctx|. If |key| is non-NULL then, on entry, |out_key_len| must contain the + * amount of space at |key|. If sufficient then the shared key will be written + * to |key| and |*out_key_len| will be set to the length. If |key| is NULL then + * |out_key_len| will be set to the maximum length. + * + * WARNING: Setting |out| to NULL only gives the maximum size of the key. The + * actual key may be smaller. + * + * It returns one on success and zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, uint8_t *key, + size_t *out_key_len); + +/* EVP_PKEY_keygen_init initialises an |EVP_PKEY_CTX| for a key generation + * operation. It should be called before |EVP_PKEY_keygen|. + * + * It returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); + +/* EVP_PKEY_keygen performs a key generation operation using the values from + * |ctx| and sets |*ppkey| to a fresh |EVP_PKEY| containing the resulting key. + * It returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); + + +/* Generic control functions. */ + +/* EVP_PKEY_CTX_set_signature_md sets |md| as the digest to be used in a + * signature operation. It returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, + const EVP_MD *md); + +/* EVP_PKEY_CTX_get_signature_md sets |*out_md| to the digest to be used in a + * signature operation. It returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, + const EVP_MD **out_md); + + +/* RSA specific control functions. */ + +/* EVP_PKEY_CTX_set_rsa_padding sets the padding type to use. It should be one + * of the |RSA_*_PADDING| values. Returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int padding); + +/* EVP_PKEY_CTX_get_rsa_padding sets |*out_padding| to the current padding + * value, which is one of the |RSA_*_PADDING| values. Returns one on success or + * zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, + int *out_padding); + +/* EVP_PKEY_CTX_set_rsa_pss_saltlen sets the length of the salt in a PSS-padded + * signature. A value of -1 cause the salt to be the same length as the digest + * in the signature. A value of -2 causes the salt to be the maximum length + * that will fit when signing and recovered from the signature when verifying. + * Otherwise the value gives the size of the salt in bytes. + * + * If unsure, use -1. + * + * Returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, + int salt_len); + +/* EVP_PKEY_CTX_get_rsa_pss_saltlen sets |*out_salt_len| to the salt length of + * a PSS-padded signature. See the documentation for + * |EVP_PKEY_CTX_set_rsa_pss_saltlen| for details of the special values that it + * can take. + * + * Returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, + int *out_salt_len); + +/* EVP_PKEY_CTX_set_rsa_keygen_bits sets the size of the desired RSA modulus, + * in bits, for key generation. Returns one on success or zero on + * error. */ +OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, + int bits); + +/* EVP_PKEY_CTX_set_rsa_keygen_pubexp sets |e| as the public exponent for key + * generation. Returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, + BIGNUM *e); + +/* EVP_PKEY_CTX_set_rsa_oaep_md sets |md| as the digest used in OAEP padding. + * Returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, + const EVP_MD *md); + +/* EVP_PKEY_CTX_get_rsa_oaep_md sets |*out_md| to the digest function used in + * OAEP padding. Returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, + const EVP_MD **out_md); + +/* EVP_PKEY_CTX_set_rsa_mgf1_md sets |md| as the digest used in MGF1. Returns + * one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, + const EVP_MD *md); + +/* EVP_PKEY_CTX_get_rsa_mgf1_md sets |*out_md| to the digest function used in + * MGF1. Returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, + const EVP_MD **out_md); + +/* EVP_PKEY_CTX_set0_rsa_oaep_label sets |label_len| bytes from |label| as the + * label used in OAEP. DANGER: On success, this call takes ownership of |label| + * and will call |OPENSSL_free| on it when |ctx| is destroyed. + * + * Returns one on success or zero on error. */ +OPENSSL_EXPORT int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, + uint8_t *label, + size_t label_len); + +/* EVP_PKEY_CTX_get0_rsa_oaep_label sets |*out_label| to point to the internal + * buffer containing the OAEP label (which may be NULL) and returns the length + * of the label or a negative value on error. + * + * WARNING: the return value differs from the usual return value convention. */ +OPENSSL_EXPORT int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, + const uint8_t **out_label); + + +/* Deprecated functions. */ + +/* EVP_PKEY_DH is defined for compatibility, but it is impossible to create an + * |EVP_PKEY| of that type. */ +#define EVP_PKEY_DH NID_dhKeyAgreement + +/* EVP_PKEY_RSA2 was historically an alternate form for RSA public keys (OID + * 2.5.8.1.1), but is no longer accepted. */ +#define EVP_PKEY_RSA2 NID_rsa + +/* OpenSSL_add_all_algorithms does nothing. */ +OPENSSL_EXPORT void OpenSSL_add_all_algorithms(void); + +/* OPENSSL_add_all_algorithms_conf does nothing. */ +OPENSSL_EXPORT void OPENSSL_add_all_algorithms_conf(void); + +/* OpenSSL_add_all_ciphers does nothing. */ +OPENSSL_EXPORT void OpenSSL_add_all_ciphers(void); + +/* OpenSSL_add_all_digests does nothing. */ +OPENSSL_EXPORT void OpenSSL_add_all_digests(void); + +/* EVP_cleanup does nothing. */ +OPENSSL_EXPORT void EVP_cleanup(void); + +OPENSSL_EXPORT void EVP_CIPHER_do_all_sorted( + void (*callback)(const EVP_CIPHER *cipher, const char *name, + const char *unused, void *arg), + void *arg); + +OPENSSL_EXPORT void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher, + const char *name, + const char *unused, + void *arg), + void *arg); + +/* i2d_PrivateKey marshals a private key from |key| to an ASN.1, DER + * structure. If |outp| is not NULL then the result is written to |*outp| and + * |*outp| is advanced just past the output. It returns the number of bytes in + * the result, whether written or not, or a negative value on error. + * + * RSA keys are serialized as a DER-encoded RSAPublicKey (RFC 3447) structure. + * EC keys are serialized as a DER-encoded ECPrivateKey (RFC 5915) structure. + * + * Use |RSA_marshal_private_key| or |EC_marshal_private_key| instead. */ +OPENSSL_EXPORT int i2d_PrivateKey(const EVP_PKEY *key, uint8_t **outp); + +/* i2d_PublicKey marshals a public key from |key| to a type-specific format. + * If |outp| is not NULL then the result is written to |*outp| and + * |*outp| is advanced just past the output. It returns the number of bytes in + * the result, whether written or not, or a negative value on error. + * + * RSA keys are serialized as a DER-encoded RSAPublicKey (RFC 3447) structure. + * EC keys are serialized as an EC point per SEC 1. + * + * Use |RSA_marshal_public_key| or |EC_POINT_point2cbb| instead. */ +OPENSSL_EXPORT int i2d_PublicKey(EVP_PKEY *key, uint8_t **outp); + +/* d2i_PrivateKey parses an ASN.1, DER-encoded, private key from |len| bytes at + * |*inp|. If |out| is not NULL then, on exit, a pointer to the result is in + * |*out|. Note that, even if |*out| is already non-NULL on entry, it will not + * be written to. Rather, a fresh |EVP_PKEY| is allocated and the previous one + * is freed. On successful exit, |*inp| is advanced past the DER structure. It + * returns the result or NULL on error. + * + * This function tries to detect one of several formats. Instead, use + * |EVP_parse_private_key| for a PrivateKeyInfo, |RSA_parse_private_key| for an + * RSAPrivateKey, and |EC_parse_private_key| for an ECPrivateKey. */ +OPENSSL_EXPORT EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **out, + const uint8_t **inp, long len); + +/* d2i_AutoPrivateKey acts the same as |d2i_PrivateKey|, but detects the type + * of the private key. + * + * This function tries to detect one of several formats. Instead, use + * |EVP_parse_private_key| for a PrivateKeyInfo, |RSA_parse_private_key| for an + * RSAPrivateKey, and |EC_parse_private_key| for an ECPrivateKey. */ +OPENSSL_EXPORT EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **out, const uint8_t **inp, + long len); + +/* EVP_PKEY_get0_DH returns NULL. */ +OPENSSL_EXPORT DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey); + + +/* Private structures. */ + struct evp_pkey_st { - int type; - int save_type; - int references; - const EVP_PKEY_ASN1_METHOD *ameth; - ENGINE *engine; - union { - char *ptr; -# ifndef OPENSSL_NO_RSA - struct rsa_st *rsa; /* RSA */ -# endif -# ifndef OPENSSL_NO_DSA - struct dsa_st *dsa; /* DSA */ -# endif -# ifndef OPENSSL_NO_DH - struct dh_st *dh; /* DH */ -# endif -# ifndef OPENSSL_NO_EC - struct ec_key_st *ec; /* ECC */ -# endif - } pkey; - int save_parameters; - STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ -} /* EVP_PKEY */ ; - -# define EVP_PKEY_MO_SIGN 0x0001 -# define EVP_PKEY_MO_VERIFY 0x0002 -# define EVP_PKEY_MO_ENCRYPT 0x0004 -# define EVP_PKEY_MO_DECRYPT 0x0008 - -# ifndef EVP_MD -struct env_md_st { - int type; - int pkey_type; - int md_size; - unsigned long flags; - int (*init) (EVP_MD_CTX *ctx); - int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); - int (*final) (EVP_MD_CTX *ctx, unsigned char *md); - int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); - int (*cleanup) (EVP_MD_CTX *ctx); - /* FIXME: prototype these some day */ - int (*sign) (int type, const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, void *key); - int (*verify) (int type, const unsigned char *m, unsigned int m_length, - const unsigned char *sigbuf, unsigned int siglen, - void *key); - int required_pkey_type[5]; /* EVP_PKEY_xxx */ - int block_size; - int ctx_size; /* how big does the ctx->md_data need to be */ - /* control function */ - int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); -} /* EVP_MD */ ; - -typedef int evp_sign_method(int type, const unsigned char *m, - unsigned int m_length, unsigned char *sigret, - unsigned int *siglen, void *key); -typedef int evp_verify_method(int type, const unsigned char *m, - unsigned int m_length, - const unsigned char *sigbuf, - unsigned int siglen, void *key); - -/* digest can only handle a single block */ -# define EVP_MD_FLAG_ONESHOT 0x0001 - -/* - * digest is a "clone" digest used - * which is a copy of an existing - * one for a specific public key type. - * EVP_dss1() etc - */ -# define EVP_MD_FLAG_PKEY_DIGEST 0x0002 - -/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */ - -# define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004 - -/* DigestAlgorithmIdentifier flags... */ - -# define EVP_MD_FLAG_DIGALGID_MASK 0x0018 - -/* NULL or absent parameter accepted. Use NULL */ - -# define EVP_MD_FLAG_DIGALGID_NULL 0x0000 - -/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */ - -# define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008 - -/* Custom handling via ctrl */ - -# define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 - -/* Note if suitable for use in FIPS mode */ -# define EVP_MD_FLAG_FIPS 0x0400 - -/* Digest ctrls */ - -# define EVP_MD_CTRL_DIGALGID 0x1 -# define EVP_MD_CTRL_MICALG 0x2 - -/* Minimum Algorithm specific ctrl value */ - -# define EVP_MD_CTRL_ALG_CTRL 0x1000 - -# define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} - -# ifndef OPENSSL_NO_DSA -# define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ - (evp_verify_method *)DSA_verify, \ - {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ - EVP_PKEY_DSA4,0} -# else -# define EVP_PKEY_DSA_method EVP_PKEY_NULL_method -# endif - -# ifndef OPENSSL_NO_ECDSA -# define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ - (evp_verify_method *)ECDSA_verify, \ - {EVP_PKEY_EC,0,0,0} -# else -# define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method -# endif - -# ifndef OPENSSL_NO_RSA -# define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ - (evp_verify_method *)RSA_verify, \ - {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} -# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ - (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ - (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ - {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} -# else -# define EVP_PKEY_RSA_method EVP_PKEY_NULL_method -# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method -# endif - -# endif /* !EVP_MD */ - -struct env_md_ctx_st { - const EVP_MD *digest; - ENGINE *engine; /* functional reference if 'digest' is - * ENGINE-provided */ - unsigned long flags; - void *md_data; - /* Public key context for sign/verify */ - EVP_PKEY_CTX *pctx; - /* Update function: usually copied from EVP_MD */ - int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); -} /* EVP_MD_CTX */ ; - -/* values for EVP_MD_CTX flags */ - -# define EVP_MD_CTX_FLAG_ONESHOT 0x0001/* digest update will be - * called once only */ -# define EVP_MD_CTX_FLAG_CLEANED 0x0002/* context has already been - * cleaned */ -# define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data - * in EVP_MD_CTX_cleanup */ -/* - * FIPS and pad options are ignored in 1.0.0, definitions are here so we - * don't accidentally reuse the values for other purposes. - */ - -# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS - * digest in FIPS mode */ - -/* - * The following PAD options are also currently ignored in 1.0.0, digest - * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*() - * instead. - */ -# define EVP_MD_CTX_FLAG_PAD_MASK 0xF0/* RSA mode to use */ -# define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */ -# define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */ -# define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ - -# define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */ - -struct evp_cipher_st { - int nid; - int block_size; - /* Default value for variable length ciphers */ - int key_len; - int iv_len; - /* Various flags */ - unsigned long flags; - /* init key */ - int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - /* encrypt/decrypt data */ - int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); - /* cleanup ctx */ - int (*cleanup) (EVP_CIPHER_CTX *); - /* how big ctx->cipher_data needs to be */ - int ctx_size; - /* Populate a ASN1_TYPE with parameters */ - int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); - /* Get parameters from a ASN1_TYPE */ - int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); - /* Miscellaneous operations */ - int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); - /* Application data */ - void *app_data; -} /* EVP_CIPHER */ ; - -/* Values for cipher flags */ - -/* Modes for ciphers */ - -# define EVP_CIPH_STREAM_CIPHER 0x0 -# define EVP_CIPH_ECB_MODE 0x1 -# define EVP_CIPH_CBC_MODE 0x2 -# define EVP_CIPH_CFB_MODE 0x3 -# define EVP_CIPH_OFB_MODE 0x4 -# define EVP_CIPH_CTR_MODE 0x5 -# define EVP_CIPH_GCM_MODE 0x6 -# define EVP_CIPH_CCM_MODE 0x7 -# define EVP_CIPH_XTS_MODE 0x10001 -# define EVP_CIPH_WRAP_MODE 0x10002 -# define EVP_CIPH_MODE 0xF0007 -/* Set if variable length cipher */ -# define EVP_CIPH_VARIABLE_LENGTH 0x8 -/* Set if the iv handling should be done by the cipher itself */ -# define EVP_CIPH_CUSTOM_IV 0x10 -/* Set if the cipher's init() function should be called if key is NULL */ -# define EVP_CIPH_ALWAYS_CALL_INIT 0x20 -/* Call ctrl() to init cipher parameters */ -# define EVP_CIPH_CTRL_INIT 0x40 -/* Don't use standard key length function */ -# define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 -/* Don't use standard block padding */ -# define EVP_CIPH_NO_PADDING 0x100 -/* cipher handles random key generation */ -# define EVP_CIPH_RAND_KEY 0x200 -/* cipher has its own additional copying logic */ -# define EVP_CIPH_CUSTOM_COPY 0x400 -/* Allow use default ASN1 get/set iv */ -# define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 -/* Buffer length in bits not bytes: CFB1 mode only */ -# define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 -/* Note if suitable for use in FIPS mode */ -# define EVP_CIPH_FLAG_FIPS 0x4000 -/* Allow non FIPS cipher in FIPS mode */ -# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 -/* - * Cipher handles any and all padding logic as well as finalisation. - */ -# define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 -# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 -# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 - -/* - * Cipher context flag to indicate we can handle wrap mode: if allowed in - * older applications it could overflow buffers. - */ - -# define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1 - -/* ctrl() values */ - -# define EVP_CTRL_INIT 0x0 -# define EVP_CTRL_SET_KEY_LENGTH 0x1 -# define EVP_CTRL_GET_RC2_KEY_BITS 0x2 -# define EVP_CTRL_SET_RC2_KEY_BITS 0x3 -# define EVP_CTRL_GET_RC5_ROUNDS 0x4 -# define EVP_CTRL_SET_RC5_ROUNDS 0x5 -# define EVP_CTRL_RAND_KEY 0x6 -# define EVP_CTRL_PBE_PRF_NID 0x7 -# define EVP_CTRL_COPY 0x8 -# define EVP_CTRL_GCM_SET_IVLEN 0x9 -# define EVP_CTRL_GCM_GET_TAG 0x10 -# define EVP_CTRL_GCM_SET_TAG 0x11 -# define EVP_CTRL_GCM_SET_IV_FIXED 0x12 -# define EVP_CTRL_GCM_IV_GEN 0x13 -# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN -# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_GCM_GET_TAG -# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_GCM_SET_TAG -# define EVP_CTRL_CCM_SET_L 0x14 -# define EVP_CTRL_CCM_SET_MSGLEN 0x15 -/* - * AEAD cipher deduces payload length and returns number of bytes required to - * store MAC and eventual padding. Subsequent call to EVP_Cipher even - * appends/verifies MAC. - */ -# define EVP_CTRL_AEAD_TLS1_AAD 0x16 -/* Used by composite AEAD ciphers, no-op in GCM, CCM... */ -# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 -/* Set the GCM invocation field, decrypt only */ -# define EVP_CTRL_GCM_SET_IV_INV 0x18 - -# define EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 0x19 -# define EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 0x1a -# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b -# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c - -/* RFC 5246 defines additional data to be 13 bytes in length */ -# define EVP_AEAD_TLS1_AAD_LEN 13 - -typedef struct { - unsigned char *out; - const unsigned char *inp; - size_t len; - unsigned int interleave; -} EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM; - -/* GCM TLS constants */ -/* Length of fixed part of IV derived from PRF */ -# define EVP_GCM_TLS_FIXED_IV_LEN 4 -/* Length of explicit part of IV part of TLS records */ -# define EVP_GCM_TLS_EXPLICIT_IV_LEN 8 -/* Length of tag for TLS */ -# define EVP_GCM_TLS_TAG_LEN 16 - -typedef struct evp_cipher_info_st { - const EVP_CIPHER *cipher; - unsigned char iv[EVP_MAX_IV_LENGTH]; -} EVP_CIPHER_INFO; - -struct evp_cipher_ctx_st { - const EVP_CIPHER *cipher; - ENGINE *engine; /* functional reference if 'cipher' is - * ENGINE-provided */ - int encrypt; /* encrypt or decrypt */ - int buf_len; /* number we have left */ - unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ - unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ - unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */ - int num; /* used by cfb/ofb/ctr mode */ - void *app_data; /* application stuff */ - int key_len; /* May change for variable length cipher */ - unsigned long flags; /* Various flags */ - void *cipher_data; /* per EVP data */ - int final_used; - int block_mask; - unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ -} /* EVP_CIPHER_CTX */ ; - -typedef struct evp_Encode_Ctx_st { - /* number saved in a partial encode/decode */ - int num; - /* - * The length is either the output line length (in input bytes) or the - * shortest input line length that is ok. Once decoding begins, the - * length is adjusted up each time a longer line is decoded - */ - int length; - /* data to encode */ - unsigned char enc_data[80]; - /* number read on current line */ - int line_num; - int expect_nl; -} EVP_ENCODE_CTX; - -/* Password based encryption function */ -typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *cipher, const EVP_MD *md, - int en_de); - -# ifndef OPENSSL_NO_RSA -# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ - (char *)(rsa)) -# endif - -# ifndef OPENSSL_NO_DSA -# define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ - (char *)(dsa)) -# endif - -# ifndef OPENSSL_NO_DH -# define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ - (char *)(dh)) -# endif - -# ifndef OPENSSL_NO_EC -# define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ - (char *)(eckey)) -# endif - -/* Add some extra combinations */ -# define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) -# define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) -# define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) -# define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) - -int EVP_MD_type(const EVP_MD *md); -# define EVP_MD_nid(e) EVP_MD_type(e) -# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) -int EVP_MD_pkey_type(const EVP_MD *md); -int EVP_MD_size(const EVP_MD *md); -int EVP_MD_block_size(const EVP_MD *md); -unsigned long EVP_MD_flags(const EVP_MD *md); - -const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); -# define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) -# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) -# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) - -int EVP_CIPHER_nid(const EVP_CIPHER *cipher); -# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) -int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); -int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); -int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); -unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); -# define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) - -const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); -int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); -int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); -int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); -int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); -int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); -void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); -void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); -# define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) -unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); -# define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) - -# define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) -# define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) - -# define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) -# define EVP_SignInit(a,b) EVP_DigestInit(a,b) -# define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) -# define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) -# define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) -# define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) -# define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) -# define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) -# define EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) -# define EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) - -# ifdef CONST_STRICT -void BIO_set_md(BIO *, const EVP_MD *md); -# else -# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md) -# endif -# define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) -# define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) -# define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp) -# define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) -# define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) - -int EVP_Cipher(EVP_CIPHER_CTX *c, - unsigned char *out, const unsigned char *in, unsigned int inl); - -# define EVP_add_cipher_alias(n,alias) \ - OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) -# define EVP_add_digest_alias(n,alias) \ - OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) -# define EVP_delete_cipher_alias(alias) \ - OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); -# define EVP_delete_digest_alias(alias) \ - OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); - -void EVP_MD_CTX_init(EVP_MD_CTX *ctx); -int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); -EVP_MD_CTX *EVP_MD_CTX_create(void); -void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); -int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); -void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); -void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); -int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); -int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); -int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); -int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); -int EVP_Digest(const void *data, size_t count, - unsigned char *md, unsigned int *size, const EVP_MD *type, - ENGINE *impl); - -int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); -int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); -int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); - -int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); -int EVP_read_pw_string_min(char *buf, int minlen, int maxlen, - const char *prompt, int verify); -void EVP_set_pw_prompt(const char *prompt); -char *EVP_get_pw_prompt(void); - -int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, - const unsigned char *salt, const unsigned char *data, - int datal, int count, unsigned char *key, - unsigned char *iv); - -void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); -void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); -int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); - -int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv); -int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - ENGINE *impl, const unsigned char *key, - const unsigned char *iv); -int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl); -int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); - -int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv); -int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - ENGINE *impl, const unsigned char *key, - const unsigned char *iv); -int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl); -int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); - -int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv, - int enc); -int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - ENGINE *impl, const unsigned char *key, - const unsigned char *iv, int enc); -int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl); -int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); - -int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, - EVP_PKEY *pkey); - -int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, - unsigned int siglen, EVP_PKEY *pkey); - -int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); -int EVP_DigestSignFinal(EVP_MD_CTX *ctx, - unsigned char *sigret, size_t *siglen); - -int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); -int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, - const unsigned char *sig, size_t siglen); - -int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - const unsigned char *ek, int ekl, const unsigned char *iv, - EVP_PKEY *priv); -int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); - -int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char **ek, int *ekl, unsigned char *iv, - EVP_PKEY **pubk, int npubk); -int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); - -void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); -void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl); -void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); -int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); - -void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); -int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl); -int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned - char *out, int *outl); -int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); - -void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); -int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); -EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); -void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a); -int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); -int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); -int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); -int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); - -# ifndef OPENSSL_NO_BIO -BIO_METHOD *BIO_f_md(void); -BIO_METHOD *BIO_f_base64(void); -BIO_METHOD *BIO_f_cipher(void); -BIO_METHOD *BIO_f_reliable(void); -void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, - const unsigned char *i, int enc); -# endif - -const EVP_MD *EVP_md_null(void); -# ifndef OPENSSL_NO_MD2 -const EVP_MD *EVP_md2(void); -# endif -# ifndef OPENSSL_NO_MD4 -const EVP_MD *EVP_md4(void); -# endif -# ifndef OPENSSL_NO_MD5 -const EVP_MD *EVP_md5(void); -# endif -# ifndef OPENSSL_NO_SHA -const EVP_MD *EVP_sha(void); -const EVP_MD *EVP_sha1(void); -const EVP_MD *EVP_dss(void); -const EVP_MD *EVP_dss1(void); -const EVP_MD *EVP_ecdsa(void); -# endif -# ifndef OPENSSL_NO_SHA256 -const EVP_MD *EVP_sha224(void); -const EVP_MD *EVP_sha256(void); -# endif -# ifndef OPENSSL_NO_SHA512 -const EVP_MD *EVP_sha384(void); -const EVP_MD *EVP_sha512(void); -# endif -# ifndef OPENSSL_NO_MDC2 -const EVP_MD *EVP_mdc2(void); -# endif -# ifndef OPENSSL_NO_RIPEMD -const EVP_MD *EVP_ripemd160(void); -# endif -# ifndef OPENSSL_NO_WHIRLPOOL -const EVP_MD *EVP_whirlpool(void); -# endif -const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ -# ifndef OPENSSL_NO_DES -const EVP_CIPHER *EVP_des_ecb(void); -const EVP_CIPHER *EVP_des_ede(void); -const EVP_CIPHER *EVP_des_ede3(void); -const EVP_CIPHER *EVP_des_ede_ecb(void); -const EVP_CIPHER *EVP_des_ede3_ecb(void); -const EVP_CIPHER *EVP_des_cfb64(void); -# define EVP_des_cfb EVP_des_cfb64 -const EVP_CIPHER *EVP_des_cfb1(void); -const EVP_CIPHER *EVP_des_cfb8(void); -const EVP_CIPHER *EVP_des_ede_cfb64(void); -# define EVP_des_ede_cfb EVP_des_ede_cfb64 -# if 0 -const EVP_CIPHER *EVP_des_ede_cfb1(void); -const EVP_CIPHER *EVP_des_ede_cfb8(void); -# endif -const EVP_CIPHER *EVP_des_ede3_cfb64(void); -# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 -const EVP_CIPHER *EVP_des_ede3_cfb1(void); -const EVP_CIPHER *EVP_des_ede3_cfb8(void); -const EVP_CIPHER *EVP_des_ofb(void); -const EVP_CIPHER *EVP_des_ede_ofb(void); -const EVP_CIPHER *EVP_des_ede3_ofb(void); -const EVP_CIPHER *EVP_des_cbc(void); -const EVP_CIPHER *EVP_des_ede_cbc(void); -const EVP_CIPHER *EVP_des_ede3_cbc(void); -const EVP_CIPHER *EVP_desx_cbc(void); -const EVP_CIPHER *EVP_des_ede3_wrap(void); -/* - * This should now be supported through the dev_crypto ENGINE. But also, why - * are rc4 and md5 declarations made here inside a "NO_DES" precompiler - * branch? - */ -# if 0 -# ifdef OPENSSL_OPENBSD_DEV_CRYPTO -const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void); -const EVP_CIPHER *EVP_dev_crypto_rc4(void); -const EVP_MD *EVP_dev_crypto_md5(void); -# endif -# endif -# endif -# ifndef OPENSSL_NO_RC4 -const EVP_CIPHER *EVP_rc4(void); -const EVP_CIPHER *EVP_rc4_40(void); -# ifndef OPENSSL_NO_MD5 -const EVP_CIPHER *EVP_rc4_hmac_md5(void); -# endif -# endif -# ifndef OPENSSL_NO_IDEA -const EVP_CIPHER *EVP_idea_ecb(void); -const EVP_CIPHER *EVP_idea_cfb64(void); -# define EVP_idea_cfb EVP_idea_cfb64 -const EVP_CIPHER *EVP_idea_ofb(void); -const EVP_CIPHER *EVP_idea_cbc(void); -# endif -# ifndef OPENSSL_NO_RC2 -const EVP_CIPHER *EVP_rc2_ecb(void); -const EVP_CIPHER *EVP_rc2_cbc(void); -const EVP_CIPHER *EVP_rc2_40_cbc(void); -const EVP_CIPHER *EVP_rc2_64_cbc(void); -const EVP_CIPHER *EVP_rc2_cfb64(void); -# define EVP_rc2_cfb EVP_rc2_cfb64 -const EVP_CIPHER *EVP_rc2_ofb(void); -# endif -# ifndef OPENSSL_NO_BF -const EVP_CIPHER *EVP_bf_ecb(void); -const EVP_CIPHER *EVP_bf_cbc(void); -const EVP_CIPHER *EVP_bf_cfb64(void); -# define EVP_bf_cfb EVP_bf_cfb64 -const EVP_CIPHER *EVP_bf_ofb(void); -# endif -# ifndef OPENSSL_NO_CAST -const EVP_CIPHER *EVP_cast5_ecb(void); -const EVP_CIPHER *EVP_cast5_cbc(void); -const EVP_CIPHER *EVP_cast5_cfb64(void); -# define EVP_cast5_cfb EVP_cast5_cfb64 -const EVP_CIPHER *EVP_cast5_ofb(void); -# endif -# ifndef OPENSSL_NO_RC5 -const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); -const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); -const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); -# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 -const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); -# endif -# ifndef OPENSSL_NO_AES -const EVP_CIPHER *EVP_aes_128_ecb(void); -const EVP_CIPHER *EVP_aes_128_cbc(void); -const EVP_CIPHER *EVP_aes_128_cfb1(void); -const EVP_CIPHER *EVP_aes_128_cfb8(void); -const EVP_CIPHER *EVP_aes_128_cfb128(void); -# define EVP_aes_128_cfb EVP_aes_128_cfb128 -const EVP_CIPHER *EVP_aes_128_ofb(void); -const EVP_CIPHER *EVP_aes_128_ctr(void); -const EVP_CIPHER *EVP_aes_128_ccm(void); -const EVP_CIPHER *EVP_aes_128_gcm(void); -const EVP_CIPHER *EVP_aes_128_xts(void); -const EVP_CIPHER *EVP_aes_128_wrap(void); -const EVP_CIPHER *EVP_aes_192_ecb(void); -const EVP_CIPHER *EVP_aes_192_cbc(void); -const EVP_CIPHER *EVP_aes_192_cfb1(void); -const EVP_CIPHER *EVP_aes_192_cfb8(void); -const EVP_CIPHER *EVP_aes_192_cfb128(void); -# define EVP_aes_192_cfb EVP_aes_192_cfb128 -const EVP_CIPHER *EVP_aes_192_ofb(void); -const EVP_CIPHER *EVP_aes_192_ctr(void); -const EVP_CIPHER *EVP_aes_192_ccm(void); -const EVP_CIPHER *EVP_aes_192_gcm(void); -const EVP_CIPHER *EVP_aes_192_wrap(void); -const EVP_CIPHER *EVP_aes_256_ecb(void); -const EVP_CIPHER *EVP_aes_256_cbc(void); -const EVP_CIPHER *EVP_aes_256_cfb1(void); -const EVP_CIPHER *EVP_aes_256_cfb8(void); -const EVP_CIPHER *EVP_aes_256_cfb128(void); -# define EVP_aes_256_cfb EVP_aes_256_cfb128 -const EVP_CIPHER *EVP_aes_256_ofb(void); -const EVP_CIPHER *EVP_aes_256_ctr(void); -const EVP_CIPHER *EVP_aes_256_ccm(void); -const EVP_CIPHER *EVP_aes_256_gcm(void); -const EVP_CIPHER *EVP_aes_256_xts(void); -const EVP_CIPHER *EVP_aes_256_wrap(void); -# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); -const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); -# endif -# ifndef OPENSSL_NO_SHA256 -const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); -const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); -# endif -# endif -# ifndef OPENSSL_NO_CAMELLIA -const EVP_CIPHER *EVP_camellia_128_ecb(void); -const EVP_CIPHER *EVP_camellia_128_cbc(void); -const EVP_CIPHER *EVP_camellia_128_cfb1(void); -const EVP_CIPHER *EVP_camellia_128_cfb8(void); -const EVP_CIPHER *EVP_camellia_128_cfb128(void); -# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 -const EVP_CIPHER *EVP_camellia_128_ofb(void); -const EVP_CIPHER *EVP_camellia_192_ecb(void); -const EVP_CIPHER *EVP_camellia_192_cbc(void); -const EVP_CIPHER *EVP_camellia_192_cfb1(void); -const EVP_CIPHER *EVP_camellia_192_cfb8(void); -const EVP_CIPHER *EVP_camellia_192_cfb128(void); -# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 -const EVP_CIPHER *EVP_camellia_192_ofb(void); -const EVP_CIPHER *EVP_camellia_256_ecb(void); -const EVP_CIPHER *EVP_camellia_256_cbc(void); -const EVP_CIPHER *EVP_camellia_256_cfb1(void); -const EVP_CIPHER *EVP_camellia_256_cfb8(void); -const EVP_CIPHER *EVP_camellia_256_cfb128(void); -# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 -const EVP_CIPHER *EVP_camellia_256_ofb(void); -# endif - -# ifndef OPENSSL_NO_SEED -const EVP_CIPHER *EVP_seed_ecb(void); -const EVP_CIPHER *EVP_seed_cbc(void); -const EVP_CIPHER *EVP_seed_cfb128(void); -# define EVP_seed_cfb EVP_seed_cfb128 -const EVP_CIPHER *EVP_seed_ofb(void); -# endif - -void OPENSSL_add_all_algorithms_noconf(void); -void OPENSSL_add_all_algorithms_conf(void); - -# ifdef OPENSSL_LOAD_CONF -# define OpenSSL_add_all_algorithms() \ - OPENSSL_add_all_algorithms_conf() -# else -# define OpenSSL_add_all_algorithms() \ - OPENSSL_add_all_algorithms_noconf() -# endif - -void OpenSSL_add_all_ciphers(void); -void OpenSSL_add_all_digests(void); -# define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() -# define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers() -# define SSLeay_add_all_digests() OpenSSL_add_all_digests() - -int EVP_add_cipher(const EVP_CIPHER *cipher); -int EVP_add_digest(const EVP_MD *digest); - -const EVP_CIPHER *EVP_get_cipherbyname(const char *name); -const EVP_MD *EVP_get_digestbyname(const char *name); -void EVP_cleanup(void); - -void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, - const char *from, const char *to, void *x), - void *arg); -void EVP_CIPHER_do_all_sorted(void (*fn) - (const EVP_CIPHER *ciph, const char *from, - const char *to, void *x), void *arg); - -void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph, - const char *from, const char *to, void *x), - void *arg); -void EVP_MD_do_all_sorted(void (*fn) - (const EVP_MD *ciph, const char *from, - const char *to, void *x), void *arg); - -int EVP_PKEY_decrypt_old(unsigned char *dec_key, - const unsigned char *enc_key, int enc_key_len, - EVP_PKEY *private_key); -int EVP_PKEY_encrypt_old(unsigned char *enc_key, - const unsigned char *key, int key_len, - EVP_PKEY *pub_key); -int EVP_PKEY_type(int type); -int EVP_PKEY_id(const EVP_PKEY *pkey); -int EVP_PKEY_base_id(const EVP_PKEY *pkey); -int EVP_PKEY_bits(EVP_PKEY *pkey); -int EVP_PKEY_size(EVP_PKEY *pkey); -int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); -int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); -int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); -void *EVP_PKEY_get0(EVP_PKEY *pkey); - -# ifndef OPENSSL_NO_RSA -struct rsa_st; -int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); -struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); -# endif -# ifndef OPENSSL_NO_DSA -struct dsa_st; -int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); -struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); -# endif -# ifndef OPENSSL_NO_DH -struct dh_st; -int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); -struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); -# endif -# ifndef OPENSSL_NO_EC -struct ec_key_st; -int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); -struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); -# endif - -EVP_PKEY *EVP_PKEY_new(void); -void EVP_PKEY_free(EVP_PKEY *pkey); - -EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, - long length); -int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); - -EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, - long length); -EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, - long length); -int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); - -int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); -int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); -int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode); -int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); - -int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); - -int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx); -int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx); -int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx); - -int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); - -int EVP_CIPHER_type(const EVP_CIPHER *ctx); - -/* calls methods */ -int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); -int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - -/* These are used by EVP_CIPHER methods */ -int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); -int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - -/* PKCS5 password based encryption */ -int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md, int en_de); -int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, - const unsigned char *salt, int saltlen, int iter, - int keylen, unsigned char *out); -int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, - const unsigned char *salt, int saltlen, int iter, - const EVP_MD *digest, int keylen, unsigned char *out); -int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md, int en_de); - -void PKCS5_PBE_add(void); - -int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); - -/* PBE type */ - -/* Can appear as the outermost AlgorithmIdentifier */ -# define EVP_PBE_TYPE_OUTER 0x0 -/* Is an PRF type OID */ -# define EVP_PBE_TYPE_PRF 0x1 - -int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, - int md_nid, EVP_PBE_KEYGEN *keygen); -int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, - EVP_PBE_KEYGEN *keygen); -int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, - EVP_PBE_KEYGEN **pkeygen); -void EVP_PBE_cleanup(void); - -# define ASN1_PKEY_ALIAS 0x1 -# define ASN1_PKEY_DYNAMIC 0x2 -# define ASN1_PKEY_SIGPARAM_NULL 0x4 - -# define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1 -# define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2 -# define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3 -# define ASN1_PKEY_CTRL_CMS_SIGN 0x5 -# define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 -# define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8 - -int EVP_PKEY_asn1_get_count(void); -const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); -const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); -const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, - const char *str, int len); -int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); -int EVP_PKEY_asn1_add_alias(int to, int from); -int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, - int *ppkey_flags, const char **pinfo, - const char **ppem_str, - const EVP_PKEY_ASN1_METHOD *ameth); - -const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(EVP_PKEY *pkey); -EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, - const char *pem_str, - const char *info); -void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, - const EVP_PKEY_ASN1_METHOD *src); -void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); -void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, - int (*pub_decode) (EVP_PKEY *pk, - X509_PUBKEY *pub), - int (*pub_encode) (X509_PUBKEY *pub, - const EVP_PKEY *pk), - int (*pub_cmp) (const EVP_PKEY *a, - const EVP_PKEY *b), - int (*pub_print) (BIO *out, - const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx), - int (*pkey_size) (const EVP_PKEY *pk), - int (*pkey_bits) (const EVP_PKEY *pk)); -void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, - int (*priv_decode) (EVP_PKEY *pk, - PKCS8_PRIV_KEY_INFO - *p8inf), - int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, - const EVP_PKEY *pk), - int (*priv_print) (BIO *out, - const EVP_PKEY *pkey, - int indent, - ASN1_PCTX *pctx)); -void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, - int (*param_decode) (EVP_PKEY *pkey, - const unsigned char **pder, - int derlen), - int (*param_encode) (const EVP_PKEY *pkey, - unsigned char **pder), - int (*param_missing) (const EVP_PKEY *pk), - int (*param_copy) (EVP_PKEY *to, - const EVP_PKEY *from), - int (*param_cmp) (const EVP_PKEY *a, - const EVP_PKEY *b), - int (*param_print) (BIO *out, - const EVP_PKEY *pkey, - int indent, - ASN1_PCTX *pctx)); - -void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, - void (*pkey_free) (EVP_PKEY *pkey)); -void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_ctrl) (EVP_PKEY *pkey, int op, - long arg1, void *arg2)); -void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, - int (*item_verify) (EVP_MD_CTX *ctx, - const ASN1_ITEM *it, - void *asn, - X509_ALGOR *a, - ASN1_BIT_STRING *sig, - EVP_PKEY *pkey), - int (*item_sign) (EVP_MD_CTX *ctx, - const ASN1_ITEM *it, - void *asn, - X509_ALGOR *alg1, - X509_ALGOR *alg2, - ASN1_BIT_STRING *sig)); - -# define EVP_PKEY_OP_UNDEFINED 0 -# define EVP_PKEY_OP_PARAMGEN (1<<1) -# define EVP_PKEY_OP_KEYGEN (1<<2) -# define EVP_PKEY_OP_SIGN (1<<3) -# define EVP_PKEY_OP_VERIFY (1<<4) -# define EVP_PKEY_OP_VERIFYRECOVER (1<<5) -# define EVP_PKEY_OP_SIGNCTX (1<<6) -# define EVP_PKEY_OP_VERIFYCTX (1<<7) -# define EVP_PKEY_OP_ENCRYPT (1<<8) -# define EVP_PKEY_OP_DECRYPT (1<<9) -# define EVP_PKEY_OP_DERIVE (1<<10) - -# define EVP_PKEY_OP_TYPE_SIG \ - (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \ - | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) - -# define EVP_PKEY_OP_TYPE_CRYPT \ - (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) - -# define EVP_PKEY_OP_TYPE_NOGEN \ - (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE) - -# define EVP_PKEY_OP_TYPE_GEN \ - (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) - -# define EVP_PKEY_CTX_set_signature_md(ctx, md) \ - EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ - EVP_PKEY_CTRL_MD, 0, (void *)md) - -# define EVP_PKEY_CTX_get_signature_md(ctx, pmd) \ - EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ - EVP_PKEY_CTRL_GET_MD, 0, (void *)pmd) - -# define EVP_PKEY_CTRL_MD 1 -# define EVP_PKEY_CTRL_PEER_KEY 2 - -# define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3 -# define EVP_PKEY_CTRL_PKCS7_DECRYPT 4 - -# define EVP_PKEY_CTRL_PKCS7_SIGN 5 - -# define EVP_PKEY_CTRL_SET_MAC_KEY 6 - -# define EVP_PKEY_CTRL_DIGESTINIT 7 - -/* Used by GOST key encryption in TLS */ -# define EVP_PKEY_CTRL_SET_IV 8 - -# define EVP_PKEY_CTRL_CMS_ENCRYPT 9 -# define EVP_PKEY_CTRL_CMS_DECRYPT 10 -# define EVP_PKEY_CTRL_CMS_SIGN 11 - -# define EVP_PKEY_CTRL_CIPHER 12 - -# define EVP_PKEY_CTRL_GET_MD 13 - -# define EVP_PKEY_ALG_CTRL 0x1000 - -# define EVP_PKEY_FLAG_AUTOARGLEN 2 -/* - * Method handles all operations: don't assume any digest related defaults. - */ -# define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 - -const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); -EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); -void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, - const EVP_PKEY_METHOD *meth); -void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); -void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); -int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); - -EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); -EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); -EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); -void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); - -int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, - int cmd, int p1, void *p2); -int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, - const char *value); - -int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); -void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); - -EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, - const unsigned char *key, int keylen); - -void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); -void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx); -EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); - -EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); - -void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); -void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); - -int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); -int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen); -int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); -int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen); -int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); -int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, - unsigned char *rout, size_t *routlen, - const unsigned char *sig, size_t siglen); -int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); -int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); -int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); -int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); - -int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); -int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); -int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); - -typedef int EVP_PKEY_gen_cb (EVP_PKEY_CTX *ctx); - -int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); -int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); -int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); -int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); - -void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); -EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); - -int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); - -void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, - int (*init) (EVP_PKEY_CTX *ctx)); - -void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, - int (*copy) (EVP_PKEY_CTX *dst, - EVP_PKEY_CTX *src)); - -void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, - void (*cleanup) (EVP_PKEY_CTX *ctx)); - -void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, - int (*paramgen_init) (EVP_PKEY_CTX *ctx), - int (*paramgen) (EVP_PKEY_CTX *ctx, - EVP_PKEY *pkey)); - -void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, - int (*keygen_init) (EVP_PKEY_CTX *ctx), - int (*keygen) (EVP_PKEY_CTX *ctx, - EVP_PKEY *pkey)); - -void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, - int (*sign_init) (EVP_PKEY_CTX *ctx), - int (*sign) (EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, - size_t tbslen)); - -void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, - int (*verify_init) (EVP_PKEY_CTX *ctx), - int (*verify) (EVP_PKEY_CTX *ctx, - const unsigned char *sig, - size_t siglen, - const unsigned char *tbs, - size_t tbslen)); - -void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, - int (*verify_recover_init) (EVP_PKEY_CTX - *ctx), - int (*verify_recover) (EVP_PKEY_CTX - *ctx, - unsigned char - *sig, - size_t *siglen, - const unsigned - char *tbs, - size_t tbslen)); - -void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, - int (*signctx_init) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx), - int (*signctx) (EVP_PKEY_CTX *ctx, - unsigned char *sig, - size_t *siglen, - EVP_MD_CTX *mctx)); - -void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, - int (*verifyctx_init) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx), - int (*verifyctx) (EVP_PKEY_CTX *ctx, - const unsigned char *sig, - int siglen, - EVP_MD_CTX *mctx)); - -void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, - int (*encrypt_init) (EVP_PKEY_CTX *ctx), - int (*encryptfn) (EVP_PKEY_CTX *ctx, - unsigned char *out, - size_t *outlen, - const unsigned char *in, - size_t inlen)); - -void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, - int (*decrypt_init) (EVP_PKEY_CTX *ctx), - int (*decrypt) (EVP_PKEY_CTX *ctx, - unsigned char *out, - size_t *outlen, - const unsigned char *in, - size_t inlen)); - -void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, - int (*derive_init) (EVP_PKEY_CTX *ctx), - int (*derive) (EVP_PKEY_CTX *ctx, - unsigned char *key, - size_t *keylen)); - -void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, - int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, - void *p2), - int (*ctrl_str) (EVP_PKEY_CTX *ctx, - const char *type, - const char *value)); - -void EVP_add_alg_module(void); - -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -void ERR_load_EVP_strings(void); - -/* Error codes for the EVP functions. */ - -/* Function codes. */ -# define EVP_F_AESNI_INIT_KEY 165 -# define EVP_F_AESNI_XTS_CIPHER 176 -# define EVP_F_AES_INIT_KEY 133 -# define EVP_F_AES_T4_INIT_KEY 178 -# define EVP_F_AES_XTS 172 -# define EVP_F_AES_XTS_CIPHER 175 -# define EVP_F_ALG_MODULE_INIT 177 -# define EVP_F_CAMELLIA_INIT_KEY 159 -# define EVP_F_CMAC_INIT 173 -# define EVP_F_CMLL_T4_INIT_KEY 179 -# define EVP_F_D2I_PKEY 100 -# define EVP_F_DO_SIGVER_INIT 161 -# define EVP_F_DSAPKEY2PKCS8 134 -# define EVP_F_DSA_PKEY2PKCS8 135 -# define EVP_F_ECDSA_PKEY2PKCS8 129 -# define EVP_F_ECKEY_PKEY2PKCS8 132 -# define EVP_F_EVP_CIPHERINIT_EX 123 -# define EVP_F_EVP_CIPHER_CTX_COPY 163 -# define EVP_F_EVP_CIPHER_CTX_CTRL 124 -# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 -# define EVP_F_EVP_DECRYPTFINAL_EX 101 -# define EVP_F_EVP_DIGESTINIT_EX 128 -# define EVP_F_EVP_ENCRYPTFINAL_EX 127 -# define EVP_F_EVP_MD_CTX_COPY_EX 110 -# define EVP_F_EVP_MD_SIZE 162 -# define EVP_F_EVP_OPENINIT 102 -# define EVP_F_EVP_PBE_ALG_ADD 115 -# define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 -# define EVP_F_EVP_PBE_CIPHERINIT 116 -# define EVP_F_EVP_PKCS82PKEY 111 -# define EVP_F_EVP_PKCS82PKEY_BROKEN 136 -# define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 -# define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 -# define EVP_F_EVP_PKEY_CTX_CTRL 137 -# define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 -# define EVP_F_EVP_PKEY_CTX_DUP 156 -# define EVP_F_EVP_PKEY_DECRYPT 104 -# define EVP_F_EVP_PKEY_DECRYPT_INIT 138 -# define EVP_F_EVP_PKEY_DECRYPT_OLD 151 -# define EVP_F_EVP_PKEY_DERIVE 153 -# define EVP_F_EVP_PKEY_DERIVE_INIT 154 -# define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155 -# define EVP_F_EVP_PKEY_ENCRYPT 105 -# define EVP_F_EVP_PKEY_ENCRYPT_INIT 139 -# define EVP_F_EVP_PKEY_ENCRYPT_OLD 152 -# define EVP_F_EVP_PKEY_GET1_DH 119 -# define EVP_F_EVP_PKEY_GET1_DSA 120 -# define EVP_F_EVP_PKEY_GET1_ECDSA 130 -# define EVP_F_EVP_PKEY_GET1_EC_KEY 131 -# define EVP_F_EVP_PKEY_GET1_RSA 121 -# define EVP_F_EVP_PKEY_KEYGEN 146 -# define EVP_F_EVP_PKEY_KEYGEN_INIT 147 -# define EVP_F_EVP_PKEY_NEW 106 -# define EVP_F_EVP_PKEY_PARAMGEN 148 -# define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 -# define EVP_F_EVP_PKEY_SIGN 140 -# define EVP_F_EVP_PKEY_SIGN_INIT 141 -# define EVP_F_EVP_PKEY_VERIFY 142 -# define EVP_F_EVP_PKEY_VERIFY_INIT 143 -# define EVP_F_EVP_PKEY_VERIFY_RECOVER 144 -# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145 -# define EVP_F_EVP_RIJNDAEL 126 -# define EVP_F_EVP_SIGNFINAL 107 -# define EVP_F_EVP_VERIFYFINAL 108 -# define EVP_F_FIPS_CIPHERINIT 166 -# define EVP_F_FIPS_CIPHER_CTX_COPY 170 -# define EVP_F_FIPS_CIPHER_CTX_CTRL 167 -# define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH 171 -# define EVP_F_FIPS_DIGESTINIT 168 -# define EVP_F_FIPS_MD_CTX_COPY 169 -# define EVP_F_HMAC_INIT_EX 174 -# define EVP_F_INT_CTX_NEW 157 -# define EVP_F_PKCS5_PBE_KEYIVGEN 117 -# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 -# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 -# define EVP_F_PKCS8_SET_BROKEN 112 -# define EVP_F_PKEY_SET_TYPE 158 -# define EVP_F_RC2_MAGIC_TO_METH 109 -# define EVP_F_RC5_CTRL 125 - -/* Reason codes. */ -# define EVP_R_AES_IV_SETUP_FAILED 162 -# define EVP_R_AES_KEY_SETUP_FAILED 143 -# define EVP_R_ASN1_LIB 140 -# define EVP_R_BAD_BLOCK_LENGTH 136 -# define EVP_R_BAD_DECRYPT 100 -# define EVP_R_BAD_KEY_LENGTH 137 -# define EVP_R_BN_DECODE_ERROR 112 -# define EVP_R_BN_PUBKEY_ERROR 113 -# define EVP_R_BUFFER_TOO_SMALL 155 -# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 -# define EVP_R_CIPHER_PARAMETER_ERROR 122 -# define EVP_R_COMMAND_NOT_SUPPORTED 147 -# define EVP_R_CTRL_NOT_IMPLEMENTED 132 -# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 -# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 -# define EVP_R_DECODE_ERROR 114 -# define EVP_R_DIFFERENT_KEY_TYPES 101 -# define EVP_R_DIFFERENT_PARAMETERS 153 -# define EVP_R_DISABLED_FOR_FIPS 163 -# define EVP_R_ENCODE_ERROR 115 -# define EVP_R_ERROR_LOADING_SECTION 165 -# define EVP_R_ERROR_SETTING_FIPS_MODE 166 -# define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 -# define EVP_R_EXPECTING_AN_RSA_KEY 127 -# define EVP_R_EXPECTING_A_DH_KEY 128 -# define EVP_R_EXPECTING_A_DSA_KEY 129 -# define EVP_R_EXPECTING_A_ECDSA_KEY 141 -# define EVP_R_EXPECTING_A_EC_KEY 142 -# define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 -# define EVP_R_INITIALIZATION_ERROR 134 -# define EVP_R_INPUT_NOT_INITIALIZED 111 -# define EVP_R_INVALID_DIGEST 152 -# define EVP_R_INVALID_FIPS_MODE 168 -# define EVP_R_INVALID_KEY_LENGTH 130 -# define EVP_R_INVALID_OPERATION 148 -# define EVP_R_IV_TOO_LARGE 102 -# define EVP_R_KEYGEN_FAILURE 120 -# define EVP_R_MESSAGE_DIGEST_IS_NULL 159 -# define EVP_R_METHOD_NOT_SUPPORTED 144 -# define EVP_R_MISSING_PARAMETERS 103 -# define EVP_R_NO_CIPHER_SET 131 -# define EVP_R_NO_DEFAULT_DIGEST 158 -# define EVP_R_NO_DIGEST_SET 139 -# define EVP_R_NO_DSA_PARAMETERS 116 -# define EVP_R_NO_KEY_SET 154 -# define EVP_R_NO_OPERATION_SET 149 -# define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 -# define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 -# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 -# define EVP_R_OPERATON_NOT_INITIALIZED 151 -# define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 -# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 -# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 -# define EVP_R_PUBLIC_KEY_NOT_RSA 106 -# define EVP_R_TOO_LARGE 164 -# define EVP_R_UNKNOWN_CIPHER 160 -# define EVP_R_UNKNOWN_DIGEST 161 -# define EVP_R_UNKNOWN_OPTION 169 -# define EVP_R_UNKNOWN_PBE_ALGORITHM 121 -# define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 -# define EVP_R_UNSUPPORTED_ALGORITHM 156 -# define EVP_R_UNSUPPORTED_CIPHER 107 -# define EVP_R_UNSUPPORTED_KEYLENGTH 123 -# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 -# define EVP_R_UNSUPPORTED_KEY_SIZE 108 -# define EVP_R_UNSUPPORTED_PRF 125 -# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 -# define EVP_R_UNSUPPORTED_SALT_TYPE 126 -# define EVP_R_WRAP_MODE_NOT_ALLOWED 170 -# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 -# define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 - -#ifdef __cplusplus -} -#endif + CRYPTO_refcount_t references; + + /* type contains one of the EVP_PKEY_* values or NID_undef and determines + * which element (if any) of the |pkey| union is valid. */ + int type; + + union { + char *ptr; + RSA *rsa; + DSA *dsa; + DH *dh; + EC_KEY *ec; + } pkey; + + /* ameth contains a pointer to a method table that contains many ASN.1 + * methods for the key type. */ + const EVP_PKEY_ASN1_METHOD *ameth; +} /* EVP_PKEY */; + + +#if defined(__cplusplus) +} /* extern C */ + +extern "C++" { +namespace bssl { + +BORINGSSL_MAKE_DELETER(EVP_PKEY, EVP_PKEY_free) +BORINGSSL_MAKE_DELETER(EVP_PKEY_CTX, EVP_PKEY_CTX_free) + +} // namespace bssl + +} /* extern C++ */ + #endif + +#define EVP_R_BUFFER_TOO_SMALL 100 +#define EVP_R_COMMAND_NOT_SUPPORTED 101 +#define EVP_R_DECODE_ERROR 102 +#define EVP_R_DIFFERENT_KEY_TYPES 103 +#define EVP_R_DIFFERENT_PARAMETERS 104 +#define EVP_R_ENCODE_ERROR 105 +#define EVP_R_EXPECTING_AN_EC_KEY_KEY 106 +#define EVP_R_EXPECTING_AN_RSA_KEY 107 +#define EVP_R_EXPECTING_A_DSA_KEY 108 +#define EVP_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 109 +#define EVP_R_INVALID_DIGEST_LENGTH 110 +#define EVP_R_INVALID_DIGEST_TYPE 111 +#define EVP_R_INVALID_KEYBITS 112 +#define EVP_R_INVALID_MGF1_MD 113 +#define EVP_R_INVALID_OPERATION 114 +#define EVP_R_INVALID_PADDING_MODE 115 +#define EVP_R_INVALID_PSS_SALTLEN 116 +#define EVP_R_KEYS_NOT_SET 117 +#define EVP_R_MISSING_PARAMETERS 118 +#define EVP_R_NO_DEFAULT_DIGEST 119 +#define EVP_R_NO_KEY_SET 120 +#define EVP_R_NO_MDC2_SUPPORT 121 +#define EVP_R_NO_NID_FOR_CURVE 122 +#define EVP_R_NO_OPERATION_SET 123 +#define EVP_R_NO_PARAMETERS_SET 124 +#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 125 +#define EVP_R_OPERATON_NOT_INITIALIZED 126 +#define EVP_R_UNKNOWN_PUBLIC_KEY_TYPE 127 +#define EVP_R_UNSUPPORTED_ALGORITHM 128 +#define EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE 129 + +#endif /* OPENSSL_HEADER_EVP_H */ |