1 | /* |
2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at |
7 | * https://www.openssl.org/source/license.html |
8 | */ |
9 | |
10 | #include <stdio.h> |
11 | #include "internal/cryptlib.h" |
12 | #include <openssl/evp.h> |
13 | #include <openssl/objects.h> |
14 | #include <openssl/params.h> |
15 | #include <openssl/core_names.h> |
16 | #include <openssl/dh.h> |
17 | #include "crypto/evp.h" |
18 | #include "internal/provider.h" |
19 | #include "evp_local.h" |
20 | |
21 | #if !defined(FIPS_MODE) |
22 | int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) |
23 | { |
24 | int ret = -1; /* Assume the worst */ |
25 | const EVP_CIPHER *cipher = c->cipher; |
26 | |
27 | /* |
28 | * For legacy implementations, we detect custom AlgorithmIdentifier |
29 | * parameter handling by checking if the function pointer |
30 | * cipher->set_asn1_parameters is set. We know that this pointer |
31 | * is NULL for provided implementations. |
32 | * |
33 | * Otherwise, for any implementation, we check the flag |
34 | * EVP_CIPH_FLAG_CUSTOM_ASN1. If it isn't set, we apply |
35 | * default AI parameter extraction. |
36 | * |
37 | * Otherwise, for provided implementations, we convert |type| to |
38 | * a DER encoded blob and pass to the implementation in OSSL_PARAM |
39 | * form. |
40 | * |
41 | * If none of the above applies, this operation is unsupported. |
42 | */ |
43 | if (cipher->set_asn1_parameters != NULL) { |
44 | ret = cipher->set_asn1_parameters(c, type); |
45 | } else if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) { |
46 | switch (EVP_CIPHER_mode(cipher)) { |
47 | case EVP_CIPH_WRAP_MODE: |
48 | if (EVP_CIPHER_is_a(cipher, SN_id_smime_alg_CMS3DESwrap)) |
49 | ASN1_TYPE_set(type, V_ASN1_NULL, NULL); |
50 | ret = 1; |
51 | break; |
52 | |
53 | case EVP_CIPH_GCM_MODE: |
54 | case EVP_CIPH_CCM_MODE: |
55 | case EVP_CIPH_XTS_MODE: |
56 | case EVP_CIPH_OCB_MODE: |
57 | ret = -2; |
58 | break; |
59 | |
60 | default: |
61 | ret = EVP_CIPHER_set_asn1_iv(c, type); |
62 | } |
63 | } else if (cipher->prov != NULL) { |
64 | OSSL_PARAM params[3], *p = params; |
65 | unsigned char *der = NULL, *derp; |
66 | |
67 | /* |
68 | * We make two passes, the first to get the appropriate buffer size, |
69 | * and the second to get the actual value. |
70 | */ |
71 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_ALG_ID, |
72 | NULL, 0); |
73 | *p = OSSL_PARAM_construct_end(); |
74 | |
75 | if (!EVP_CIPHER_CTX_get_params(c, params)) |
76 | goto err; |
77 | |
78 | /* ... but, we should get a return size too! */ |
79 | if (params[0].return_size != 0 |
80 | && (der = OPENSSL_malloc(params[0].return_size)) != NULL) { |
81 | params[0].data = der; |
82 | params[0].data_size = params[0].return_size; |
83 | params[0].return_size = 0; |
84 | derp = der; |
85 | if (EVP_CIPHER_CTX_get_params(c, params) |
86 | && d2i_ASN1_TYPE(&type, (const unsigned char **)&derp, |
87 | params[0].return_size) != NULL) { |
88 | ret = 1; |
89 | } |
90 | OPENSSL_free(der); |
91 | } |
92 | } else { |
93 | ret = -2; |
94 | } |
95 | |
96 | err: |
97 | if (ret == -2) |
98 | EVPerr(EVP_F_EVP_CIPHER_PARAM_TO_ASN1, ASN1_R_UNSUPPORTED_CIPHER); |
99 | else if (ret <= 0) |
100 | EVPerr(EVP_F_EVP_CIPHER_PARAM_TO_ASN1, EVP_R_CIPHER_PARAMETER_ERROR); |
101 | if (ret < -1) |
102 | ret = -1; |
103 | return ret; |
104 | } |
105 | |
106 | int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) |
107 | { |
108 | int ret = -1; /* Assume the worst */ |
109 | const EVP_CIPHER *cipher = c->cipher; |
110 | |
111 | /* |
112 | * For legacy implementations, we detect custom AlgorithmIdentifier |
113 | * parameter handling by checking if there the function pointer |
114 | * cipher->get_asn1_parameters is set. We know that this pointer |
115 | * is NULL for provided implementations. |
116 | * |
117 | * Otherwise, for any implementation, we check the flag |
118 | * EVP_CIPH_FLAG_CUSTOM_ASN1. If it isn't set, we apply |
119 | * default AI parameter creation. |
120 | * |
121 | * Otherwise, for provided implementations, we get the AI parameter |
122 | * in DER encoded form from the implementation by requesting the |
123 | * appropriate OSSL_PARAM and converting the result to a ASN1_TYPE. |
124 | * |
125 | * If none of the above applies, this operation is unsupported. |
126 | */ |
127 | if (cipher->get_asn1_parameters != NULL) { |
128 | ret = cipher->get_asn1_parameters(c, type); |
129 | } else if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) { |
130 | switch (EVP_CIPHER_mode(cipher)) { |
131 | case EVP_CIPH_WRAP_MODE: |
132 | ret = 1; |
133 | break; |
134 | |
135 | case EVP_CIPH_GCM_MODE: |
136 | case EVP_CIPH_CCM_MODE: |
137 | case EVP_CIPH_XTS_MODE: |
138 | case EVP_CIPH_OCB_MODE: |
139 | ret = -2; |
140 | break; |
141 | |
142 | default: |
143 | ret = EVP_CIPHER_get_asn1_iv(c, type); |
144 | } |
145 | } else if (cipher->prov != NULL) { |
146 | OSSL_PARAM params[3], *p = params; |
147 | unsigned char *der = NULL; |
148 | int derl = -1; |
149 | |
150 | if ((derl = i2d_ASN1_TYPE(type, &der)) >= 0) { |
151 | *p++ = |
152 | OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_ALG_ID, |
153 | der, (size_t)derl); |
154 | *p = OSSL_PARAM_construct_end(); |
155 | if (EVP_CIPHER_CTX_set_params(c, params)) |
156 | ret = 1; |
157 | OPENSSL_free(der); |
158 | } |
159 | } else { |
160 | ret = -2; |
161 | } |
162 | |
163 | if (ret == -2) |
164 | EVPerr(EVP_F_EVP_CIPHER_ASN1_TO_PARAM, EVP_R_UNSUPPORTED_CIPHER); |
165 | else if (ret <= 0) |
166 | EVPerr(EVP_F_EVP_CIPHER_ASN1_TO_PARAM, EVP_R_CIPHER_PARAMETER_ERROR); |
167 | if (ret < -1) |
168 | ret = -1; |
169 | return ret; |
170 | } |
171 | |
172 | int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) |
173 | { |
174 | int i = 0; |
175 | unsigned int l; |
176 | |
177 | if (type != NULL) { |
178 | unsigned char iv[EVP_MAX_IV_LENGTH]; |
179 | |
180 | l = EVP_CIPHER_CTX_iv_length(ctx); |
181 | if (!ossl_assert(l <= sizeof(iv))) |
182 | return -1; |
183 | i = ASN1_TYPE_get_octetstring(type, iv, l); |
184 | if (i != (int)l) |
185 | return -1; |
186 | |
187 | if (!EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1)) |
188 | return -1; |
189 | } |
190 | return i; |
191 | } |
192 | |
193 | int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) |
194 | { |
195 | int i = 0; |
196 | unsigned int j; |
197 | unsigned char *oiv = NULL; |
198 | |
199 | if (type != NULL) { |
200 | oiv = (unsigned char *)EVP_CIPHER_CTX_original_iv(c); |
201 | j = EVP_CIPHER_CTX_iv_length(c); |
202 | OPENSSL_assert(j <= sizeof(c->iv)); |
203 | i = ASN1_TYPE_set_octetstring(type, oiv, j); |
204 | } |
205 | return i; |
206 | } |
207 | #endif /* !defined(FIPS_MODE) */ |
208 | |
209 | /* Convert the various cipher NIDs and dummies to a proper OID NID */ |
210 | int EVP_CIPHER_type(const EVP_CIPHER *ctx) |
211 | { |
212 | int nid; |
213 | nid = EVP_CIPHER_nid(ctx); |
214 | |
215 | switch (nid) { |
216 | |
217 | case NID_rc2_cbc: |
218 | case NID_rc2_64_cbc: |
219 | case NID_rc2_40_cbc: |
220 | |
221 | return NID_rc2_cbc; |
222 | |
223 | case NID_rc4: |
224 | case NID_rc4_40: |
225 | |
226 | return NID_rc4; |
227 | |
228 | case NID_aes_128_cfb128: |
229 | case NID_aes_128_cfb8: |
230 | case NID_aes_128_cfb1: |
231 | |
232 | return NID_aes_128_cfb128; |
233 | |
234 | case NID_aes_192_cfb128: |
235 | case NID_aes_192_cfb8: |
236 | case NID_aes_192_cfb1: |
237 | |
238 | return NID_aes_192_cfb128; |
239 | |
240 | case NID_aes_256_cfb128: |
241 | case NID_aes_256_cfb8: |
242 | case NID_aes_256_cfb1: |
243 | |
244 | return NID_aes_256_cfb128; |
245 | |
246 | case NID_des_cfb64: |
247 | case NID_des_cfb8: |
248 | case NID_des_cfb1: |
249 | |
250 | return NID_des_cfb64; |
251 | |
252 | case NID_des_ede3_cfb64: |
253 | case NID_des_ede3_cfb8: |
254 | case NID_des_ede3_cfb1: |
255 | |
256 | return NID_des_cfb64; |
257 | |
258 | default: |
259 | #ifdef FIPS_MODE |
260 | return NID_undef; |
261 | #else |
262 | { |
263 | /* Check it has an OID and it is valid */ |
264 | ASN1_OBJECT *otmp = OBJ_nid2obj(nid); |
265 | |
266 | if (OBJ_get0_data(otmp) == NULL) |
267 | nid = NID_undef; |
268 | ASN1_OBJECT_free(otmp); |
269 | return nid; |
270 | } |
271 | #endif |
272 | } |
273 | } |
274 | |
275 | int evp_cipher_cache_constants(EVP_CIPHER *cipher) |
276 | { |
277 | int ok; |
278 | size_t ivlen = 0; |
279 | size_t blksz = 0; |
280 | size_t keylen = 0; |
281 | unsigned int mode = 0; |
282 | unsigned long flags = 0; |
283 | OSSL_PARAM params[6]; |
284 | |
285 | params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, &blksz); |
286 | params[1] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &ivlen); |
287 | params[2] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &keylen); |
288 | params[3] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_MODE, &mode); |
289 | params[4] = OSSL_PARAM_construct_ulong(OSSL_CIPHER_PARAM_FLAGS, &flags); |
290 | params[5] = OSSL_PARAM_construct_end(); |
291 | ok = evp_do_ciph_getparams(cipher, params); |
292 | if (ok) { |
293 | /* Provided implementations may have a custom cipher_cipher */ |
294 | if (cipher->prov != NULL && cipher->ccipher != NULL) |
295 | flags |= EVP_CIPH_FLAG_CUSTOM_CIPHER; |
296 | cipher->block_size = blksz; |
297 | cipher->iv_len = ivlen; |
298 | cipher->key_len = keylen; |
299 | cipher->flags = flags | mode; |
300 | } |
301 | return ok; |
302 | } |
303 | |
304 | int EVP_CIPHER_block_size(const EVP_CIPHER *cipher) |
305 | { |
306 | return cipher->block_size; |
307 | } |
308 | |
309 | int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) |
310 | { |
311 | return EVP_CIPHER_block_size(ctx->cipher); |
312 | } |
313 | |
314 | int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e) |
315 | { |
316 | return e->ctx_size; |
317 | } |
318 | |
319 | int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
320 | const unsigned char *in, unsigned int inl) |
321 | { |
322 | if (ctx->cipher->prov != NULL) { |
323 | /* |
324 | * If the provided implementation has a ccipher function, we use it, |
325 | * and translate its return value like this: 0 => -1, 1 => outlen |
326 | * |
327 | * Otherwise, we call the cupdate function if in != NULL, or cfinal |
328 | * if in == NULL. Regardless of which, we return what we got. |
329 | */ |
330 | int ret = -1; |
331 | size_t outl = 0; |
332 | size_t blocksize = EVP_CIPHER_CTX_block_size(ctx); |
333 | |
334 | if (ctx->cipher->ccipher != NULL) |
335 | ret = ctx->cipher->ccipher(ctx->provctx, out, &outl, |
336 | inl + (blocksize == 1 ? 0 : blocksize), |
337 | in, (size_t)inl) |
338 | ? (int)outl : -1; |
339 | else if (in != NULL) |
340 | ret = ctx->cipher->cupdate(ctx->provctx, out, &outl, |
341 | inl + (blocksize == 1 ? 0 : blocksize), |
342 | in, (size_t)inl); |
343 | else |
344 | ret = ctx->cipher->cfinal(ctx->provctx, out, &outl, |
345 | blocksize == 1 ? 0 : blocksize); |
346 | |
347 | return ret; |
348 | } |
349 | |
350 | return ctx->cipher->do_cipher(ctx, out, in, inl); |
351 | } |
352 | |
353 | const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) |
354 | { |
355 | return ctx->cipher; |
356 | } |
357 | |
358 | int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx) |
359 | { |
360 | return ctx->encrypt; |
361 | } |
362 | |
363 | unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) |
364 | { |
365 | return cipher->flags; |
366 | } |
367 | |
368 | void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) |
369 | { |
370 | return ctx->app_data; |
371 | } |
372 | |
373 | void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) |
374 | { |
375 | ctx->app_data = data; |
376 | } |
377 | |
378 | void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx) |
379 | { |
380 | return ctx->cipher_data; |
381 | } |
382 | |
383 | void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data) |
384 | { |
385 | void *old_cipher_data; |
386 | |
387 | old_cipher_data = ctx->cipher_data; |
388 | ctx->cipher_data = cipher_data; |
389 | |
390 | return old_cipher_data; |
391 | } |
392 | |
393 | int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) |
394 | { |
395 | return cipher->iv_len; |
396 | } |
397 | |
398 | int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) |
399 | { |
400 | int rv, len = EVP_CIPHER_iv_length(ctx->cipher); |
401 | size_t v = len; |
402 | OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; |
403 | |
404 | params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &v); |
405 | rv = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); |
406 | if (rv == EVP_CTRL_RET_UNSUPPORTED) |
407 | goto legacy; |
408 | return rv != 0 ? (int)v : -1; |
409 | /* TODO (3.0) Remove legacy support */ |
410 | legacy: |
411 | if ((EVP_CIPHER_flags(ctx->cipher) & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) { |
412 | rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, |
413 | 0, &len); |
414 | return (rv == 1) ? len : -1; |
415 | } |
416 | return len; |
417 | } |
418 | |
419 | int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx) |
420 | { |
421 | int ret; |
422 | size_t v = 0; |
423 | OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; |
424 | |
425 | params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, &v); |
426 | ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); |
427 | return ret == 1 ? (int)v : 0; |
428 | } |
429 | |
430 | const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx) |
431 | { |
432 | int ok; |
433 | const unsigned char *v = ctx->oiv; |
434 | OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; |
435 | |
436 | params[0] = |
437 | OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV, |
438 | (void **)&v, sizeof(ctx->oiv)); |
439 | ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); |
440 | |
441 | return ok != 0 ? v : NULL; |
442 | } |
443 | |
444 | /* |
445 | * OSSL_PARAM_OCTET_PTR gets us the pointer to the running IV in the provider |
446 | */ |
447 | const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx) |
448 | { |
449 | int ok; |
450 | const unsigned char *v = ctx->iv; |
451 | OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; |
452 | |
453 | params[0] = |
454 | OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV, (void **)&v, |
455 | sizeof(ctx->iv)); |
456 | ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); |
457 | |
458 | return ok != 0 ? v : NULL; |
459 | } |
460 | |
461 | unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx) |
462 | { |
463 | int ok; |
464 | unsigned char *v = ctx->iv; |
465 | OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; |
466 | |
467 | params[0] = |
468 | OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV, (void **)&v, |
469 | sizeof(ctx->iv)); |
470 | ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); |
471 | |
472 | return ok != 0 ? v : NULL; |
473 | } |
474 | |
475 | unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx) |
476 | { |
477 | return ctx->buf; |
478 | } |
479 | |
480 | int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx) |
481 | { |
482 | int ok; |
483 | unsigned int v = (unsigned int)ctx->num; |
484 | OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; |
485 | |
486 | params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_NUM, &v); |
487 | ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); |
488 | |
489 | return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED; |
490 | } |
491 | |
492 | int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num) |
493 | { |
494 | int ok; |
495 | unsigned int n = (unsigned int)num; |
496 | OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; |
497 | |
498 | params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_NUM, &n); |
499 | ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params); |
500 | |
501 | if (ok != 0) |
502 | ctx->num = (int)n; |
503 | return ok != 0; |
504 | } |
505 | |
506 | int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) |
507 | { |
508 | return cipher->key_len; |
509 | } |
510 | |
511 | int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) |
512 | { |
513 | int ok; |
514 | size_t v = ctx->key_len; |
515 | OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; |
516 | |
517 | params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &v); |
518 | ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); |
519 | |
520 | return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED; |
521 | } |
522 | |
523 | int EVP_CIPHER_nid(const EVP_CIPHER *cipher) |
524 | { |
525 | return cipher->nid; |
526 | } |
527 | |
528 | int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) |
529 | { |
530 | return ctx->cipher->nid; |
531 | } |
532 | |
533 | int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name) |
534 | { |
535 | #ifndef FIPS_MODE |
536 | if (cipher->prov == NULL) { |
537 | int nid = EVP_CIPHER_nid(cipher); |
538 | |
539 | return nid == OBJ_sn2nid(name) || nid == OBJ_ln2nid(name); |
540 | } |
541 | #endif |
542 | return evp_is_a(cipher->prov, cipher->name_id, name); |
543 | } |
544 | |
545 | int EVP_CIPHER_number(const EVP_CIPHER *cipher) |
546 | { |
547 | return cipher->name_id; |
548 | } |
549 | |
550 | const char *EVP_CIPHER_name(const EVP_CIPHER *cipher) |
551 | { |
552 | if (cipher->prov != NULL) |
553 | return evp_first_name(cipher->prov, cipher->name_id); |
554 | #ifndef FIPS_MODE |
555 | return OBJ_nid2sn(EVP_CIPHER_nid(cipher)); |
556 | #else |
557 | return NULL; |
558 | #endif |
559 | } |
560 | |
561 | void EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, |
562 | void (*fn)(const char *name, void *data), |
563 | void *data) |
564 | { |
565 | if (cipher->prov != NULL) |
566 | evp_names_do_all(cipher->prov, cipher->name_id, fn, data); |
567 | } |
568 | |
569 | const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher) |
570 | { |
571 | return cipher->prov; |
572 | } |
573 | |
574 | int EVP_CIPHER_mode(const EVP_CIPHER *cipher) |
575 | { |
576 | return EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE; |
577 | } |
578 | |
579 | int EVP_MD_is_a(const EVP_MD *md, const char *name) |
580 | { |
581 | return evp_is_a(md->prov, md->name_id, name); |
582 | } |
583 | |
584 | int EVP_MD_number(const EVP_MD *md) |
585 | { |
586 | return md->name_id; |
587 | } |
588 | |
589 | const char *EVP_MD_name(const EVP_MD *md) |
590 | { |
591 | if (md->prov != NULL) |
592 | return evp_first_name(md->prov, md->name_id); |
593 | #ifndef FIPS_MODE |
594 | return OBJ_nid2sn(EVP_MD_nid(md)); |
595 | #else |
596 | return NULL; |
597 | #endif |
598 | } |
599 | |
600 | void EVP_MD_names_do_all(const EVP_MD *md, |
601 | void (*fn)(const char *name, void *data), |
602 | void *data) |
603 | { |
604 | if (md->prov != NULL) |
605 | evp_names_do_all(md->prov, md->name_id, fn, data); |
606 | } |
607 | |
608 | const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md) |
609 | { |
610 | return md->prov; |
611 | } |
612 | |
613 | int EVP_MD_block_size(const EVP_MD *md) |
614 | { |
615 | int ok; |
616 | size_t v = md->block_size; |
617 | OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; |
618 | |
619 | if (md == NULL) { |
620 | EVPerr(EVP_F_EVP_MD_BLOCK_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL); |
621 | return -1; |
622 | } |
623 | |
624 | params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, &v); |
625 | ok = evp_do_md_getparams(md, params); |
626 | |
627 | return ok != 0 ? (int)v : -1; |
628 | } |
629 | |
630 | int EVP_MD_type(const EVP_MD *md) |
631 | { |
632 | return md->type; |
633 | } |
634 | |
635 | int EVP_MD_pkey_type(const EVP_MD *md) |
636 | { |
637 | return md->pkey_type; |
638 | } |
639 | |
640 | int EVP_MD_size(const EVP_MD *md) |
641 | { |
642 | int ok; |
643 | size_t v = md->md_size; |
644 | OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; |
645 | |
646 | if (md == NULL) { |
647 | EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL); |
648 | return -1; |
649 | } |
650 | |
651 | params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &v); |
652 | ok = evp_do_md_getparams(md, params); |
653 | |
654 | return ok != 0 ? (int)v : -1; |
655 | } |
656 | |
657 | unsigned long EVP_MD_flags(const EVP_MD *md) |
658 | { |
659 | int ok; |
660 | unsigned long v = md->flags; |
661 | OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; |
662 | |
663 | params[0] = OSSL_PARAM_construct_ulong(OSSL_CIPHER_PARAM_FLAGS, &v); |
664 | ok = evp_do_md_getparams(md, params); |
665 | |
666 | return ok != 0 ? v : 0; |
667 | } |
668 | |
669 | EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type) |
670 | { |
671 | EVP_MD *md = evp_md_new(); |
672 | |
673 | if (md != NULL) { |
674 | md->type = md_type; |
675 | md->pkey_type = pkey_type; |
676 | } |
677 | return md; |
678 | } |
679 | |
680 | EVP_MD *EVP_MD_meth_dup(const EVP_MD *md) |
681 | { |
682 | EVP_MD *to = NULL; |
683 | |
684 | /* |
685 | * Non-legacy EVP_MDs can't be duplicated like this. |
686 | * Use EVP_MD_up_ref() instead. |
687 | */ |
688 | if (md->prov != NULL) |
689 | return NULL; |
690 | |
691 | if ((to = EVP_MD_meth_new(md->type, md->pkey_type)) != NULL) { |
692 | CRYPTO_RWLOCK *lock = to->lock; |
693 | |
694 | memcpy(to, md, sizeof(*to)); |
695 | to->lock = lock; |
696 | } |
697 | return to; |
698 | } |
699 | |
700 | void EVP_MD_meth_free(EVP_MD *md) |
701 | { |
702 | EVP_MD_free(md); |
703 | } |
704 | int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize) |
705 | { |
706 | if (md->block_size != 0) |
707 | return 0; |
708 | |
709 | md->block_size = blocksize; |
710 | return 1; |
711 | } |
712 | int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize) |
713 | { |
714 | if (md->md_size != 0) |
715 | return 0; |
716 | |
717 | md->md_size = resultsize; |
718 | return 1; |
719 | } |
720 | int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize) |
721 | { |
722 | if (md->ctx_size != 0) |
723 | return 0; |
724 | |
725 | md->ctx_size = datasize; |
726 | return 1; |
727 | } |
728 | int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags) |
729 | { |
730 | if (md->flags != 0) |
731 | return 0; |
732 | |
733 | md->flags = flags; |
734 | return 1; |
735 | } |
736 | int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)) |
737 | { |
738 | if (md->init != NULL) |
739 | return 0; |
740 | |
741 | md->init = init; |
742 | return 1; |
743 | } |
744 | int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, |
745 | const void *data, |
746 | size_t count)) |
747 | { |
748 | if (md->update != NULL) |
749 | return 0; |
750 | |
751 | md->update = update; |
752 | return 1; |
753 | } |
754 | int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, |
755 | unsigned char *md)) |
756 | { |
757 | if (md->final != NULL) |
758 | return 0; |
759 | |
760 | md->final = final; |
761 | return 1; |
762 | } |
763 | int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, |
764 | const EVP_MD_CTX *from)) |
765 | { |
766 | if (md->copy != NULL) |
767 | return 0; |
768 | |
769 | md->copy = copy; |
770 | return 1; |
771 | } |
772 | int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)) |
773 | { |
774 | if (md->cleanup != NULL) |
775 | return 0; |
776 | |
777 | md->cleanup = cleanup; |
778 | return 1; |
779 | } |
780 | int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, |
781 | int p1, void *p2)) |
782 | { |
783 | if (md->md_ctrl != NULL) |
784 | return 0; |
785 | |
786 | md->md_ctrl = ctrl; |
787 | return 1; |
788 | } |
789 | |
790 | int EVP_MD_meth_get_input_blocksize(const EVP_MD *md) |
791 | { |
792 | return md->block_size; |
793 | } |
794 | int EVP_MD_meth_get_result_size(const EVP_MD *md) |
795 | { |
796 | return md->md_size; |
797 | } |
798 | int EVP_MD_meth_get_app_datasize(const EVP_MD *md) |
799 | { |
800 | return md->ctx_size; |
801 | } |
802 | unsigned long EVP_MD_meth_get_flags(const EVP_MD *md) |
803 | { |
804 | return md->flags; |
805 | } |
806 | int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx) |
807 | { |
808 | return md->init; |
809 | } |
810 | int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, |
811 | const void *data, |
812 | size_t count) |
813 | { |
814 | return md->update; |
815 | } |
816 | int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, |
817 | unsigned char *md) |
818 | { |
819 | return md->final; |
820 | } |
821 | int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, |
822 | const EVP_MD_CTX *from) |
823 | { |
824 | return md->copy; |
825 | } |
826 | int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx) |
827 | { |
828 | return md->cleanup; |
829 | } |
830 | int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, |
831 | int p1, void *p2) |
832 | { |
833 | return md->md_ctrl; |
834 | } |
835 | |
836 | const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx) |
837 | { |
838 | if (ctx == NULL) |
839 | return NULL; |
840 | return ctx->reqdigest; |
841 | } |
842 | |
843 | EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx) |
844 | { |
845 | return ctx->pctx; |
846 | } |
847 | |
848 | #if !defined(FIPS_MODE) |
849 | /* TODO(3.0): EVP_DigestSign* not yet supported in FIPS module */ |
850 | void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx) |
851 | { |
852 | /* |
853 | * it's reasonable to set NULL pctx (a.k.a clear the ctx->pctx), so |
854 | * we have to deal with the cleanup job here. |
855 | */ |
856 | if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) |
857 | EVP_PKEY_CTX_free(ctx->pctx); |
858 | |
859 | ctx->pctx = pctx; |
860 | |
861 | if (pctx != NULL) { |
862 | /* make sure pctx is not freed when destroying EVP_MD_CTX */ |
863 | EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); |
864 | } else { |
865 | EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); |
866 | } |
867 | } |
868 | #endif /* !defined(FIPS_MODE) */ |
869 | |
870 | void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx) |
871 | { |
872 | return ctx->md_data; |
873 | } |
874 | |
875 | int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, |
876 | const void *data, size_t count) |
877 | { |
878 | return ctx->update; |
879 | } |
880 | |
881 | void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, |
882 | int (*update) (EVP_MD_CTX *ctx, |
883 | const void *data, size_t count)) |
884 | { |
885 | ctx->update = update; |
886 | } |
887 | |
888 | void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) |
889 | { |
890 | ctx->flags |= flags; |
891 | } |
892 | |
893 | void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags) |
894 | { |
895 | ctx->flags &= ~flags; |
896 | } |
897 | |
898 | int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags) |
899 | { |
900 | return (ctx->flags & flags); |
901 | } |
902 | |
903 | void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags) |
904 | { |
905 | ctx->flags |= flags; |
906 | } |
907 | |
908 | void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags) |
909 | { |
910 | ctx->flags &= ~flags; |
911 | } |
912 | |
913 | int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags) |
914 | { |
915 | return (ctx->flags & flags); |
916 | } |
917 | |
918 | int EVP_str2ctrl(int (*cb)(void *ctx, int cmd, void *buf, size_t buflen), |
919 | void *ctx, int cmd, const char *value) |
920 | { |
921 | size_t len; |
922 | |
923 | len = strlen(value); |
924 | if (len > INT_MAX) |
925 | return -1; |
926 | return cb(ctx, cmd, (void *)value, len); |
927 | } |
928 | |
929 | int EVP_hex2ctrl(int (*cb)(void *ctx, int cmd, void *buf, size_t buflen), |
930 | void *ctx, int cmd, const char *hex) |
931 | { |
932 | unsigned char *bin; |
933 | long binlen; |
934 | int rv = -1; |
935 | |
936 | bin = OPENSSL_hexstr2buf(hex, &binlen); |
937 | if (bin == NULL) |
938 | return 0; |
939 | if (binlen <= INT_MAX) |
940 | rv = cb(ctx, cmd, bin, binlen); |
941 | OPENSSL_free(bin); |
942 | return rv; |
943 | } |
944 | |