1 /*
2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * EVP _meth_ APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <stdio.h>
17 #include <string.h>
18 #include "internal/cryptlib.h"
19 #include <openssl/evp.h>
20 #include <openssl/objects.h>
21 #include <openssl/params.h>
22 #include <openssl/core_names.h>
23 #include <openssl/rsa.h>
24 #include <openssl/dh.h>
25 #include <openssl/ec.h>
26 #include "crypto/evp.h"
27 #include "crypto/cryptlib.h"
28 #include "internal/provider.h"
29 #include "evp_local.h"
30
31 #if !defined(FIPS_MODULE)
32 # include "crypto/asn1.h"
33
EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX * c,ASN1_TYPE * type)34 int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
35 {
36 return evp_cipher_param_to_asn1_ex(c, type, NULL);
37 }
38
EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX * c,ASN1_TYPE * type)39 int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
40 {
41 return evp_cipher_asn1_to_param_ex(c, type, NULL);
42 }
43
EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX * ctx,ASN1_TYPE * type)44 int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
45 {
46 int i = 0;
47 unsigned int l;
48
49 if (type != NULL) {
50 unsigned char iv[EVP_MAX_IV_LENGTH];
51
52 l = EVP_CIPHER_CTX_get_iv_length(ctx);
53 if (!ossl_assert(l <= sizeof(iv)))
54 return -1;
55 i = ASN1_TYPE_get_octetstring(type, iv, l);
56 if (i != (int)l)
57 return -1;
58
59 if (!EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1))
60 return -1;
61 }
62 return i;
63 }
64
EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX * c,ASN1_TYPE * type)65 int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
66 {
67 int i = 0;
68 unsigned int j;
69 unsigned char *oiv = NULL;
70
71 if (type != NULL) {
72 oiv = (unsigned char *)EVP_CIPHER_CTX_original_iv(c);
73 j = EVP_CIPHER_CTX_get_iv_length(c);
74 OPENSSL_assert(j <= sizeof(c->iv));
75 i = ASN1_TYPE_set_octetstring(type, oiv, j);
76 }
77 return i;
78 }
79
evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX * c,ASN1_TYPE * type,evp_cipher_aead_asn1_params * asn1_params)80 int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
81 evp_cipher_aead_asn1_params *asn1_params)
82 {
83 int ret = -1; /* Assume the worst */
84 const EVP_CIPHER *cipher;
85
86 if (c == NULL || c->cipher == NULL)
87 goto err;
88
89 cipher = c->cipher;
90 /*
91 * For legacy implementations, we detect custom AlgorithmIdentifier
92 * parameter handling by checking if the function pointer
93 * cipher->set_asn1_parameters is set. We know that this pointer
94 * is NULL for provided implementations.
95 *
96 * Otherwise, for any implementation, we check the flag
97 * EVP_CIPH_FLAG_CUSTOM_ASN1. If it isn't set, we apply
98 * default AI parameter extraction.
99 *
100 * Otherwise, for provided implementations, we convert |type| to
101 * a DER encoded blob and pass to the implementation in OSSL_PARAM
102 * form.
103 *
104 * If none of the above applies, this operation is unsupported.
105 */
106 if (cipher->set_asn1_parameters != NULL) {
107 ret = cipher->set_asn1_parameters(c, type);
108 } else if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) {
109 switch (EVP_CIPHER_get_mode(cipher)) {
110 case EVP_CIPH_WRAP_MODE:
111 if (EVP_CIPHER_is_a(cipher, SN_id_smime_alg_CMS3DESwrap))
112 ASN1_TYPE_set(type, V_ASN1_NULL, NULL);
113 ret = 1;
114 break;
115
116 case EVP_CIPH_GCM_MODE:
117 ret = evp_cipher_set_asn1_aead_params(c, type, asn1_params);
118 break;
119
120 case EVP_CIPH_CCM_MODE:
121 case EVP_CIPH_XTS_MODE:
122 case EVP_CIPH_OCB_MODE:
123 ret = -2;
124 break;
125
126 default:
127 ret = EVP_CIPHER_set_asn1_iv(c, type);
128 }
129 } else if (cipher->prov != NULL) {
130 OSSL_PARAM params[3], *p = params;
131 unsigned char *der = NULL, *derp;
132
133 /*
134 * We make two passes, the first to get the appropriate buffer size,
135 * and the second to get the actual value.
136 */
137 *p++ = OSSL_PARAM_construct_octet_string(
138 OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS,
139 NULL, 0);
140 *p = OSSL_PARAM_construct_end();
141
142 if (!EVP_CIPHER_CTX_get_params(c, params))
143 goto err;
144
145 /* ... but, we should get a return size too! */
146 if (OSSL_PARAM_modified(params)
147 && params[0].return_size != 0
148 && (der = OPENSSL_malloc(params[0].return_size)) != NULL) {
149 params[0].data = der;
150 params[0].data_size = params[0].return_size;
151 OSSL_PARAM_set_all_unmodified(params);
152 derp = der;
153 if (EVP_CIPHER_CTX_get_params(c, params)
154 && OSSL_PARAM_modified(params)
155 && d2i_ASN1_TYPE(&type, (const unsigned char **)&derp,
156 params[0].return_size) != NULL) {
157 ret = 1;
158 }
159 OPENSSL_free(der);
160 }
161 } else {
162 ret = -2;
163 }
164
165 err:
166 if (ret == -2)
167 ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_CIPHER);
168 else if (ret <= 0)
169 ERR_raise(ERR_LIB_EVP, EVP_R_CIPHER_PARAMETER_ERROR);
170 if (ret < -1)
171 ret = -1;
172 return ret;
173 }
174
evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX * c,ASN1_TYPE * type,evp_cipher_aead_asn1_params * asn1_params)175 int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
176 evp_cipher_aead_asn1_params *asn1_params)
177 {
178 int ret = -1; /* Assume the worst */
179 const EVP_CIPHER *cipher;
180
181 if (c == NULL || c->cipher == NULL)
182 goto err;
183
184 cipher = c->cipher;
185 /*
186 * For legacy implementations, we detect custom AlgorithmIdentifier
187 * parameter handling by checking if there the function pointer
188 * cipher->get_asn1_parameters is set. We know that this pointer
189 * is NULL for provided implementations.
190 *
191 * Otherwise, for any implementation, we check the flag
192 * EVP_CIPH_FLAG_CUSTOM_ASN1. If it isn't set, we apply
193 * default AI parameter creation.
194 *
195 * Otherwise, for provided implementations, we get the AI parameter
196 * in DER encoded form from the implementation by requesting the
197 * appropriate OSSL_PARAM and converting the result to a ASN1_TYPE.
198 *
199 * If none of the above applies, this operation is unsupported.
200 */
201 if (cipher->get_asn1_parameters != NULL) {
202 ret = cipher->get_asn1_parameters(c, type);
203 } else if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) {
204 switch (EVP_CIPHER_get_mode(cipher)) {
205 case EVP_CIPH_WRAP_MODE:
206 ret = 1;
207 break;
208
209 case EVP_CIPH_GCM_MODE:
210 ret = evp_cipher_get_asn1_aead_params(c, type, asn1_params);
211 break;
212
213 case EVP_CIPH_CCM_MODE:
214 case EVP_CIPH_XTS_MODE:
215 case EVP_CIPH_OCB_MODE:
216 ret = -2;
217 break;
218
219 default:
220 ret = EVP_CIPHER_get_asn1_iv(c, type) >= 0 ? 1 : -1;
221 }
222 } else if (cipher->prov != NULL) {
223 OSSL_PARAM params[3], *p = params;
224 unsigned char *der = NULL;
225 int derl = -1;
226
227 if ((derl = i2d_ASN1_TYPE(type, &der)) >= 0) {
228 *p++ =
229 OSSL_PARAM_construct_octet_string(
230 OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS,
231 der, (size_t)derl);
232 *p = OSSL_PARAM_construct_end();
233 if (EVP_CIPHER_CTX_set_params(c, params))
234 ret = 1;
235 OPENSSL_free(der);
236 }
237 } else {
238 ret = -2;
239 }
240
241 err:
242 if (ret == -2)
243 ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_CIPHER);
244 else if (ret <= 0)
245 ERR_raise(ERR_LIB_EVP, EVP_R_CIPHER_PARAMETER_ERROR);
246 if (ret < -1)
247 ret = -1;
248 return ret;
249 }
250
evp_cipher_get_asn1_aead_params(EVP_CIPHER_CTX * c,ASN1_TYPE * type,evp_cipher_aead_asn1_params * asn1_params)251 int evp_cipher_get_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
252 evp_cipher_aead_asn1_params *asn1_params)
253 {
254 int i = 0;
255 long tl;
256 unsigned char iv[EVP_MAX_IV_LENGTH];
257
258 if (type == NULL || asn1_params == NULL)
259 return 0;
260
261 i = ossl_asn1_type_get_octetstring_int(type, &tl, NULL, EVP_MAX_IV_LENGTH);
262 if (i <= 0)
263 return -1;
264 ossl_asn1_type_get_octetstring_int(type, &tl, iv, i);
265
266 memcpy(asn1_params->iv, iv, i);
267 asn1_params->iv_len = i;
268
269 return i;
270 }
271
evp_cipher_set_asn1_aead_params(EVP_CIPHER_CTX * c,ASN1_TYPE * type,evp_cipher_aead_asn1_params * asn1_params)272 int evp_cipher_set_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
273 evp_cipher_aead_asn1_params *asn1_params)
274 {
275 if (type == NULL || asn1_params == NULL)
276 return 0;
277
278 return ossl_asn1_type_set_octetstring_int(type, asn1_params->tag_len,
279 asn1_params->iv,
280 asn1_params->iv_len);
281 }
282 #endif /* !defined(FIPS_MODULE) */
283
284 /* Convert the various cipher NIDs and dummies to a proper OID NID */
EVP_CIPHER_get_type(const EVP_CIPHER * cipher)285 int EVP_CIPHER_get_type(const EVP_CIPHER *cipher)
286 {
287 int nid;
288 nid = EVP_CIPHER_get_nid(cipher);
289
290 switch (nid) {
291
292 case NID_rc2_cbc:
293 case NID_rc2_64_cbc:
294 case NID_rc2_40_cbc:
295
296 return NID_rc2_cbc;
297
298 case NID_rc4:
299 case NID_rc4_40:
300
301 return NID_rc4;
302
303 case NID_aes_128_cfb128:
304 case NID_aes_128_cfb8:
305 case NID_aes_128_cfb1:
306
307 return NID_aes_128_cfb128;
308
309 case NID_aes_192_cfb128:
310 case NID_aes_192_cfb8:
311 case NID_aes_192_cfb1:
312
313 return NID_aes_192_cfb128;
314
315 case NID_aes_256_cfb128:
316 case NID_aes_256_cfb8:
317 case NID_aes_256_cfb1:
318
319 return NID_aes_256_cfb128;
320
321 case NID_des_cfb64:
322 case NID_des_cfb8:
323 case NID_des_cfb1:
324
325 return NID_des_cfb64;
326
327 case NID_des_ede3_cfb64:
328 case NID_des_ede3_cfb8:
329 case NID_des_ede3_cfb1:
330
331 return NID_des_cfb64;
332
333 default:
334 #ifdef FIPS_MODULE
335 return NID_undef;
336 #else
337 {
338 /* Check it has an OID and it is valid */
339 ASN1_OBJECT *otmp = OBJ_nid2obj(nid);
340
341 if (OBJ_get0_data(otmp) == NULL)
342 nid = NID_undef;
343 ASN1_OBJECT_free(otmp);
344 return nid;
345 }
346 #endif
347 }
348 }
349
evp_cipher_cache_constants(EVP_CIPHER * cipher)350 int evp_cipher_cache_constants(EVP_CIPHER *cipher)
351 {
352 int ok, aead = 0, custom_iv = 0, cts = 0, multiblock = 0, randkey = 0;
353 size_t ivlen = 0;
354 size_t blksz = 0;
355 size_t keylen = 0;
356 unsigned int mode = 0;
357 OSSL_PARAM params[10];
358
359 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, &blksz);
360 params[1] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &ivlen);
361 params[2] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &keylen);
362 params[3] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_MODE, &mode);
363 params[4] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_AEAD, &aead);
364 params[5] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_CUSTOM_IV,
365 &custom_iv);
366 params[6] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_CTS, &cts);
367 params[7] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK,
368 &multiblock);
369 params[8] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_HAS_RAND_KEY,
370 &randkey);
371 params[9] = OSSL_PARAM_construct_end();
372 ok = evp_do_ciph_getparams(cipher, params) > 0;
373 if (ok) {
374 cipher->block_size = blksz;
375 cipher->iv_len = ivlen;
376 cipher->key_len = keylen;
377 cipher->flags = mode;
378 if (aead)
379 cipher->flags |= EVP_CIPH_FLAG_AEAD_CIPHER;
380 if (custom_iv)
381 cipher->flags |= EVP_CIPH_CUSTOM_IV;
382 if (cts)
383 cipher->flags |= EVP_CIPH_FLAG_CTS;
384 if (multiblock)
385 cipher->flags |= EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK;
386 if (cipher->ccipher != NULL)
387 cipher->flags |= EVP_CIPH_FLAG_CUSTOM_CIPHER;
388 if (randkey)
389 cipher->flags |= EVP_CIPH_RAND_KEY;
390 if (OSSL_PARAM_locate_const(EVP_CIPHER_gettable_ctx_params(cipher),
391 OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS))
392 cipher->flags |= EVP_CIPH_FLAG_CUSTOM_ASN1;
393 }
394 return ok;
395 }
396
EVP_CIPHER_get_block_size(const EVP_CIPHER * cipher)397 int EVP_CIPHER_get_block_size(const EVP_CIPHER *cipher)
398 {
399 return (cipher == NULL) ? 0 : cipher->block_size;
400 }
401
EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX * ctx)402 int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx)
403 {
404 return EVP_CIPHER_get_block_size(ctx->cipher);
405 }
406
EVP_CIPHER_impl_ctx_size(const EVP_CIPHER * e)407 int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e)
408 {
409 return e->ctx_size;
410 }
411
EVP_Cipher(EVP_CIPHER_CTX * ctx,unsigned char * out,const unsigned char * in,unsigned int inl)412 int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
413 const unsigned char *in, unsigned int inl)
414 {
415 if (ctx == NULL || ctx->cipher == NULL)
416 return 0;
417
418 if (ctx->cipher->prov != NULL) {
419 /*
420 * If the provided implementation has a ccipher function, we use it,
421 * and translate its return value like this: 0 => -1, 1 => outlen
422 *
423 * Otherwise, we call the cupdate function if in != NULL, or cfinal
424 * if in == NULL. Regardless of which, we return what we got.
425 */
426 int ret = -1;
427 size_t outl = 0;
428 size_t blocksize = EVP_CIPHER_CTX_get_block_size(ctx);
429
430 if (blocksize == 0)
431 return 0;
432
433 if (ctx->cipher->ccipher != NULL)
434 ret = ctx->cipher->ccipher(ctx->algctx, out, &outl,
435 inl + (blocksize == 1 ? 0 : blocksize),
436 in, (size_t)inl)
437 ? (int)outl : -1;
438 else if (in != NULL)
439 ret = ctx->cipher->cupdate(ctx->algctx, out, &outl,
440 inl + (blocksize == 1 ? 0 : blocksize),
441 in, (size_t)inl);
442 else
443 ret = ctx->cipher->cfinal(ctx->algctx, out, &outl,
444 blocksize == 1 ? 0 : blocksize);
445
446 return ret;
447 }
448
449 return ctx->cipher->do_cipher(ctx, out, in, inl);
450 }
451
452 #ifndef OPENSSL_NO_DEPRECATED_3_0
EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX * ctx)453 const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
454 {
455 if (ctx == NULL)
456 return NULL;
457 return ctx->cipher;
458 }
459 #endif
460
EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX * ctx)461 const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx)
462 {
463 if (ctx == NULL)
464 return NULL;
465 return ctx->cipher;
466 }
467
EVP_CIPHER_CTX_get1_cipher(EVP_CIPHER_CTX * ctx)468 EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(EVP_CIPHER_CTX *ctx)
469 {
470 EVP_CIPHER *cipher;
471
472 if (ctx == NULL || ctx->cipher == NULL)
473 return NULL;
474 cipher = (EVP_CIPHER *)ctx->cipher;
475 if (!EVP_CIPHER_up_ref(cipher))
476 return NULL;
477 return cipher;
478 }
479
EVP_CIPHER_CTX_is_encrypting(const EVP_CIPHER_CTX * ctx)480 int EVP_CIPHER_CTX_is_encrypting(const EVP_CIPHER_CTX *ctx)
481 {
482 return ctx->encrypt;
483 }
484
EVP_CIPHER_get_flags(const EVP_CIPHER * cipher)485 unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *cipher)
486 {
487 return cipher == NULL ? 0 : cipher->flags;
488 }
489
EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX * ctx)490 void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
491 {
492 return ctx->app_data;
493 }
494
EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX * ctx,void * data)495 void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
496 {
497 ctx->app_data = data;
498 }
499
EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX * ctx)500 void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx)
501 {
502 return ctx->cipher_data;
503 }
504
EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX * ctx,void * cipher_data)505 void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data)
506 {
507 void *old_cipher_data;
508
509 old_cipher_data = ctx->cipher_data;
510 ctx->cipher_data = cipher_data;
511
512 return old_cipher_data;
513 }
514
EVP_CIPHER_get_iv_length(const EVP_CIPHER * cipher)515 int EVP_CIPHER_get_iv_length(const EVP_CIPHER *cipher)
516 {
517 return (cipher == NULL) ? 0 : cipher->iv_len;
518 }
519
EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX * ctx)520 int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx)
521 {
522 if (ctx->cipher == NULL)
523 return 0;
524
525 if (ctx->iv_len < 0) {
526 int rv, len = EVP_CIPHER_get_iv_length(ctx->cipher);
527 size_t v = len;
528 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
529
530 if (ctx->cipher->get_ctx_params != NULL) {
531 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN,
532 &v);
533 rv = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
534 if (rv > 0) {
535 if (OSSL_PARAM_modified(params)
536 && !OSSL_PARAM_get_int(params, &len))
537 return -1;
538 } else if (rv != EVP_CTRL_RET_UNSUPPORTED) {
539 return -1;
540 }
541 }
542 /* Code below to be removed when legacy support is dropped. */
543 else if ((EVP_CIPHER_get_flags(ctx->cipher)
544 & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) {
545 rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN,
546 0, &len);
547 if (rv <= 0)
548 return -1;
549 }
550 /*-
551 * Casting away the const is annoying but required here. We need to
552 * cache the result for performance reasons.
553 */
554 ((EVP_CIPHER_CTX *)ctx)->iv_len = len;
555 }
556 return ctx->iv_len;
557 }
558
EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX * ctx)559 int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx)
560 {
561 int ret;
562 size_t v = 0;
563 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
564
565 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, &v);
566 ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
567 return ret == 1 ? (int)v : 0;
568 }
569
570 #ifndef OPENSSL_NO_DEPRECATED_3_0
EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX * ctx)571 const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
572 {
573 int ok;
574 const unsigned char *v = ctx->oiv;
575 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
576
577 params[0] =
578 OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV,
579 (void **)&v, sizeof(ctx->oiv));
580 ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
581
582 return ok != 0 ? v : NULL;
583 }
584
585 /*
586 * OSSL_PARAM_OCTET_PTR gets us the pointer to the running IV in the provider
587 */
EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX * ctx)588 const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
589 {
590 int ok;
591 const unsigned char *v = ctx->iv;
592 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
593
594 params[0] =
595 OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_UPDATED_IV,
596 (void **)&v, sizeof(ctx->iv));
597 ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
598
599 return ok != 0 ? v : NULL;
600 }
601
EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX * ctx)602 unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
603 {
604 int ok;
605 unsigned char *v = ctx->iv;
606 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
607
608 params[0] =
609 OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_UPDATED_IV,
610 (void **)&v, sizeof(ctx->iv));
611 ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
612
613 return ok != 0 ? v : NULL;
614 }
615 #endif /* OPENSSL_NO_DEPRECATED_3_0_0 */
616
EVP_CIPHER_CTX_get_updated_iv(EVP_CIPHER_CTX * ctx,void * buf,size_t len)617 int EVP_CIPHER_CTX_get_updated_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len)
618 {
619 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
620
621 params[0] =
622 OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, buf, len);
623 return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params) > 0;
624 }
625
EVP_CIPHER_CTX_get_original_iv(EVP_CIPHER_CTX * ctx,void * buf,size_t len)626 int EVP_CIPHER_CTX_get_original_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len)
627 {
628 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
629
630 params[0] =
631 OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, buf, len);
632 return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params) > 0;
633 }
634
EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX * ctx)635 unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
636 {
637 return ctx->buf;
638 }
639
EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX * ctx)640 int EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX *ctx)
641 {
642 int ok;
643 unsigned int v = (unsigned int)ctx->num;
644 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
645
646 params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_NUM, &v);
647 ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
648
649 return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
650 }
651
EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX * ctx,int num)652 int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num)
653 {
654 int ok;
655 unsigned int n = (unsigned int)num;
656 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
657
658 params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_NUM, &n);
659 ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
660
661 if (ok != 0)
662 ctx->num = (int)n;
663 return ok != 0;
664 }
665
EVP_CIPHER_get_key_length(const EVP_CIPHER * cipher)666 int EVP_CIPHER_get_key_length(const EVP_CIPHER *cipher)
667 {
668 return cipher->key_len;
669 }
670
EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX * ctx)671 int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx)
672 {
673 if (ctx->cipher == NULL)
674 return 0;
675
676 if (ctx->key_len <= 0 && ctx->cipher->prov != NULL) {
677 int ok;
678 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
679 size_t len;
680
681 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len);
682 ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
683 if (ok <= 0)
684 return EVP_CTRL_RET_UNSUPPORTED;
685
686 /*-
687 * The if branch should never be taken since EVP_MAX_KEY_LENGTH is
688 * less than INT_MAX but best to be safe.
689 *
690 * Casting away the const is annoying but required here. We need to
691 * cache the result for performance reasons.
692 */
693 if (!OSSL_PARAM_get_int(params, &((EVP_CIPHER_CTX *)ctx)->key_len))
694 return -1;
695 ((EVP_CIPHER_CTX *)ctx)->key_len = (int)len;
696 }
697 return ctx->key_len;
698 }
699
EVP_CIPHER_get_nid(const EVP_CIPHER * cipher)700 int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher)
701 {
702 return (cipher == NULL) ? NID_undef : cipher->nid;
703 }
704
EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX * ctx)705 int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx)
706 {
707 return EVP_CIPHER_get_nid(ctx->cipher);
708 }
709
EVP_CIPHER_is_a(const EVP_CIPHER * cipher,const char * name)710 int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name)
711 {
712 if (cipher == NULL)
713 return 0;
714 if (cipher->prov != NULL)
715 return evp_is_a(cipher->prov, cipher->name_id, NULL, name);
716 return evp_is_a(NULL, 0, EVP_CIPHER_get0_name(cipher), name);
717 }
718
evp_cipher_get_number(const EVP_CIPHER * cipher)719 int evp_cipher_get_number(const EVP_CIPHER *cipher)
720 {
721 return cipher->name_id;
722 }
723
EVP_CIPHER_get0_name(const EVP_CIPHER * cipher)724 const char *EVP_CIPHER_get0_name(const EVP_CIPHER *cipher)
725 {
726 if (cipher->type_name != NULL)
727 return cipher->type_name;
728 #ifndef FIPS_MODULE
729 return OBJ_nid2sn(EVP_CIPHER_get_nid(cipher));
730 #else
731 return NULL;
732 #endif
733 }
734
EVP_CIPHER_get0_description(const EVP_CIPHER * cipher)735 const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher)
736 {
737 if (cipher->description != NULL)
738 return cipher->description;
739 #ifndef FIPS_MODULE
740 return OBJ_nid2ln(EVP_CIPHER_get_nid(cipher));
741 #else
742 return NULL;
743 #endif
744 }
745
EVP_CIPHER_names_do_all(const EVP_CIPHER * cipher,void (* fn)(const char * name,void * data),void * data)746 int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher,
747 void (*fn)(const char *name, void *data),
748 void *data)
749 {
750 if (cipher->prov != NULL)
751 return evp_names_do_all(cipher->prov, cipher->name_id, fn, data);
752
753 return 1;
754 }
755
EVP_CIPHER_get0_provider(const EVP_CIPHER * cipher)756 const OSSL_PROVIDER *EVP_CIPHER_get0_provider(const EVP_CIPHER *cipher)
757 {
758 return cipher->prov;
759 }
760
EVP_CIPHER_get_mode(const EVP_CIPHER * cipher)761 int EVP_CIPHER_get_mode(const EVP_CIPHER *cipher)
762 {
763 return EVP_CIPHER_get_flags(cipher) & EVP_CIPH_MODE;
764 }
765
EVP_MD_is_a(const EVP_MD * md,const char * name)766 int EVP_MD_is_a(const EVP_MD *md, const char *name)
767 {
768 if (md == NULL)
769 return 0;
770 if (md->prov != NULL)
771 return evp_is_a(md->prov, md->name_id, NULL, name);
772 return evp_is_a(NULL, 0, EVP_MD_get0_name(md), name);
773 }
774
evp_md_get_number(const EVP_MD * md)775 int evp_md_get_number(const EVP_MD *md)
776 {
777 return md->name_id;
778 }
779
EVP_MD_get0_description(const EVP_MD * md)780 const char *EVP_MD_get0_description(const EVP_MD *md)
781 {
782 if (md->description != NULL)
783 return md->description;
784 #ifndef FIPS_MODULE
785 return OBJ_nid2ln(EVP_MD_nid(md));
786 #else
787 return NULL;
788 #endif
789 }
790
EVP_MD_get0_name(const EVP_MD * md)791 const char *EVP_MD_get0_name(const EVP_MD *md)
792 {
793 if (md == NULL)
794 return NULL;
795 if (md->type_name != NULL)
796 return md->type_name;
797 #ifndef FIPS_MODULE
798 return OBJ_nid2sn(EVP_MD_nid(md));
799 #else
800 return NULL;
801 #endif
802 }
803
EVP_MD_names_do_all(const EVP_MD * md,void (* fn)(const char * name,void * data),void * data)804 int EVP_MD_names_do_all(const EVP_MD *md,
805 void (*fn)(const char *name, void *data),
806 void *data)
807 {
808 if (md->prov != NULL)
809 return evp_names_do_all(md->prov, md->name_id, fn, data);
810
811 return 1;
812 }
813
EVP_MD_get0_provider(const EVP_MD * md)814 const OSSL_PROVIDER *EVP_MD_get0_provider(const EVP_MD *md)
815 {
816 return md->prov;
817 }
818
EVP_MD_get_type(const EVP_MD * md)819 int EVP_MD_get_type(const EVP_MD *md)
820 {
821 return md->type;
822 }
823
EVP_MD_get_pkey_type(const EVP_MD * md)824 int EVP_MD_get_pkey_type(const EVP_MD *md)
825 {
826 return md->pkey_type;
827 }
828
EVP_MD_get_block_size(const EVP_MD * md)829 int EVP_MD_get_block_size(const EVP_MD *md)
830 {
831 if (md == NULL) {
832 ERR_raise(ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL);
833 return -1;
834 }
835 return md->block_size;
836 }
837
EVP_MD_get_size(const EVP_MD * md)838 int EVP_MD_get_size(const EVP_MD *md)
839 {
840 if (md == NULL) {
841 ERR_raise(ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL);
842 return -1;
843 }
844 return md->md_size;
845 }
846
EVP_MD_get_flags(const EVP_MD * md)847 unsigned long EVP_MD_get_flags(const EVP_MD *md)
848 {
849 return md->flags;
850 }
851
EVP_MD_meth_new(int md_type,int pkey_type)852 EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
853 {
854 EVP_MD *md = evp_md_new();
855
856 if (md != NULL) {
857 md->type = md_type;
858 md->pkey_type = pkey_type;
859 md->origin = EVP_ORIG_METH;
860 }
861 return md;
862 }
863
EVP_MD_meth_dup(const EVP_MD * md)864 EVP_MD *EVP_MD_meth_dup(const EVP_MD *md)
865 {
866 EVP_MD *to = NULL;
867
868 /*
869 * Non-legacy EVP_MDs can't be duplicated like this.
870 * Use EVP_MD_up_ref() instead.
871 */
872 if (md->prov != NULL)
873 return NULL;
874
875 if ((to = EVP_MD_meth_new(md->type, md->pkey_type)) != NULL) {
876 CRYPTO_REF_COUNT refcnt = to->refcnt;
877
878 memcpy(to, md, sizeof(*to));
879 to->refcnt = refcnt;
880 to->origin = EVP_ORIG_METH;
881 }
882 return to;
883 }
884
evp_md_free_int(EVP_MD * md)885 void evp_md_free_int(EVP_MD *md)
886 {
887 OPENSSL_free(md->type_name);
888 ossl_provider_free(md->prov);
889 CRYPTO_FREE_REF(&md->refcnt);
890 OPENSSL_free(md);
891 }
892
EVP_MD_meth_free(EVP_MD * md)893 void EVP_MD_meth_free(EVP_MD *md)
894 {
895 if (md == NULL || md->origin != EVP_ORIG_METH)
896 return;
897
898 evp_md_free_int(md);
899 }
900
EVP_MD_meth_set_input_blocksize(EVP_MD * md,int blocksize)901 int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize)
902 {
903 if (md->block_size != 0)
904 return 0;
905
906 md->block_size = blocksize;
907 return 1;
908 }
EVP_MD_meth_set_result_size(EVP_MD * md,int resultsize)909 int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize)
910 {
911 if (md->md_size != 0)
912 return 0;
913
914 md->md_size = resultsize;
915 return 1;
916 }
EVP_MD_meth_set_app_datasize(EVP_MD * md,int datasize)917 int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize)
918 {
919 if (md->ctx_size != 0)
920 return 0;
921
922 md->ctx_size = datasize;
923 return 1;
924 }
EVP_MD_meth_set_flags(EVP_MD * md,unsigned long flags)925 int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags)
926 {
927 if (md->flags != 0)
928 return 0;
929
930 md->flags = flags;
931 return 1;
932 }
EVP_MD_meth_set_init(EVP_MD * md,int (* init)(EVP_MD_CTX * ctx))933 int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx))
934 {
935 if (md->init != NULL)
936 return 0;
937
938 md->init = init;
939 return 1;
940 }
EVP_MD_meth_set_update(EVP_MD * md,int (* update)(EVP_MD_CTX * ctx,const void * data,size_t count))941 int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx,
942 const void *data,
943 size_t count))
944 {
945 if (md->update != NULL)
946 return 0;
947
948 md->update = update;
949 return 1;
950 }
EVP_MD_meth_set_final(EVP_MD * md,int (* final)(EVP_MD_CTX * ctx,unsigned char * md))951 int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx,
952 unsigned char *md))
953 {
954 if (md->final != NULL)
955 return 0;
956
957 md->final = final;
958 return 1;
959 }
EVP_MD_meth_set_copy(EVP_MD * md,int (* copy)(EVP_MD_CTX * to,const EVP_MD_CTX * from))960 int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to,
961 const EVP_MD_CTX *from))
962 {
963 if (md->copy != NULL)
964 return 0;
965
966 md->copy = copy;
967 return 1;
968 }
EVP_MD_meth_set_cleanup(EVP_MD * md,int (* cleanup)(EVP_MD_CTX * ctx))969 int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx))
970 {
971 if (md->cleanup != NULL)
972 return 0;
973
974 md->cleanup = cleanup;
975 return 1;
976 }
EVP_MD_meth_set_ctrl(EVP_MD * md,int (* ctrl)(EVP_MD_CTX * ctx,int cmd,int p1,void * p2))977 int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
978 int p1, void *p2))
979 {
980 if (md->md_ctrl != NULL)
981 return 0;
982
983 md->md_ctrl = ctrl;
984 return 1;
985 }
986
EVP_MD_meth_get_input_blocksize(const EVP_MD * md)987 int EVP_MD_meth_get_input_blocksize(const EVP_MD *md)
988 {
989 return md->block_size;
990 }
EVP_MD_meth_get_result_size(const EVP_MD * md)991 int EVP_MD_meth_get_result_size(const EVP_MD *md)
992 {
993 return md->md_size;
994 }
EVP_MD_meth_get_app_datasize(const EVP_MD * md)995 int EVP_MD_meth_get_app_datasize(const EVP_MD *md)
996 {
997 return md->ctx_size;
998 }
EVP_MD_meth_get_flags(const EVP_MD * md)999 unsigned long EVP_MD_meth_get_flags(const EVP_MD *md)
1000 {
1001 return md->flags;
1002 }
EVP_MD_meth_get_init(const EVP_MD * md)1003 int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx)
1004 {
1005 return md->init;
1006 }
EVP_MD_meth_get_update(const EVP_MD * md)1007 int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx,
1008 const void *data,
1009 size_t count)
1010 {
1011 return md->update;
1012 }
EVP_MD_meth_get_final(const EVP_MD * md)1013 int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx,
1014 unsigned char *md)
1015 {
1016 return md->final;
1017 }
EVP_MD_meth_get_copy(const EVP_MD * md)1018 int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to,
1019 const EVP_MD_CTX *from)
1020 {
1021 return md->copy;
1022 }
EVP_MD_meth_get_cleanup(const EVP_MD * md)1023 int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx)
1024 {
1025 return md->cleanup;
1026 }
EVP_MD_meth_get_ctrl(const EVP_MD * md)1027 int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
1028 int p1, void *p2)
1029 {
1030 return md->md_ctrl;
1031 }
1032
1033 #ifndef OPENSSL_NO_DEPRECATED_3_0
EVP_MD_CTX_md(const EVP_MD_CTX * ctx)1034 const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
1035 {
1036 if (ctx == NULL)
1037 return NULL;
1038 return ctx->reqdigest;
1039 }
1040 #endif
1041
EVP_MD_CTX_get0_md(const EVP_MD_CTX * ctx)1042 const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx)
1043 {
1044 if (ctx == NULL)
1045 return NULL;
1046 return ctx->reqdigest;
1047 }
1048
EVP_MD_CTX_get1_md(EVP_MD_CTX * ctx)1049 EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx)
1050 {
1051 EVP_MD *md;
1052
1053 if (ctx == NULL)
1054 return NULL;
1055 md = (EVP_MD *)ctx->reqdigest;
1056 if (md == NULL || !EVP_MD_up_ref(md))
1057 return NULL;
1058 return md;
1059 }
1060
EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX * ctx)1061 EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx)
1062 {
1063 return ctx->pctx;
1064 }
1065
1066 #if !defined(FIPS_MODULE)
EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX * ctx,EVP_PKEY_CTX * pctx)1067 void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx)
1068 {
1069 /*
1070 * it's reasonable to set NULL pctx (a.k.a clear the ctx->pctx), so
1071 * we have to deal with the cleanup job here.
1072 */
1073 if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
1074 EVP_PKEY_CTX_free(ctx->pctx);
1075
1076 ctx->pctx = pctx;
1077
1078 if (pctx != NULL) {
1079 /* make sure pctx is not freed when destroying EVP_MD_CTX */
1080 EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
1081 } else {
1082 EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
1083 }
1084 }
1085 #endif /* !defined(FIPS_MODULE) */
1086
EVP_MD_CTX_get0_md_data(const EVP_MD_CTX * ctx)1087 void *EVP_MD_CTX_get0_md_data(const EVP_MD_CTX *ctx)
1088 {
1089 return ctx->md_data;
1090 }
1091
EVP_MD_CTX_update_fn(EVP_MD_CTX * ctx)1092 int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
1093 const void *data, size_t count)
1094 {
1095 return ctx->update;
1096 }
1097
EVP_MD_CTX_set_update_fn(EVP_MD_CTX * ctx,int (* update)(EVP_MD_CTX * ctx,const void * data,size_t count))1098 void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
1099 int (*update) (EVP_MD_CTX *ctx,
1100 const void *data, size_t count))
1101 {
1102 ctx->update = update;
1103 }
1104
EVP_MD_CTX_set_flags(EVP_MD_CTX * ctx,int flags)1105 void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags)
1106 {
1107 ctx->flags |= flags;
1108 }
1109
EVP_MD_CTX_clear_flags(EVP_MD_CTX * ctx,int flags)1110 void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags)
1111 {
1112 ctx->flags &= ~flags;
1113 }
1114
EVP_MD_CTX_test_flags(const EVP_MD_CTX * ctx,int flags)1115 int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags)
1116 {
1117 return (ctx->flags & flags);
1118 }
1119
evp_cipher_ctx_enable_use_bits(EVP_CIPHER_CTX * ctx,unsigned int enable)1120 static int evp_cipher_ctx_enable_use_bits(EVP_CIPHER_CTX *ctx,
1121 unsigned int enable)
1122 {
1123 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
1124
1125 params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_USE_BITS, &enable);
1126 return EVP_CIPHER_CTX_set_params(ctx, params);
1127 }
1128
EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX * ctx,int flags)1129 void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags)
1130 {
1131 int oldflags = ctx->flags;
1132
1133 ctx->flags |= flags;
1134 if (((oldflags ^ ctx->flags) & EVP_CIPH_FLAG_LENGTH_BITS) != 0)
1135 evp_cipher_ctx_enable_use_bits(ctx, 1);
1136 }
1137
EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX * ctx,int flags)1138 void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags)
1139 {
1140 int oldflags = ctx->flags;
1141
1142 ctx->flags &= ~flags;
1143 if (((oldflags ^ ctx->flags) & EVP_CIPH_FLAG_LENGTH_BITS) != 0)
1144 evp_cipher_ctx_enable_use_bits(ctx, 0);
1145 }
1146
EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX * ctx,int flags)1147 int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
1148 {
1149 return (ctx->flags & flags);
1150 }
1151
1152 #if !defined(FIPS_MODULE)
1153
EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX * ctx,const char * name)1154 int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name)
1155 {
1156 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
1157
1158 if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
1159 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1160 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1161 return -2;
1162 }
1163
1164 if (name == NULL)
1165 return -1;
1166
1167 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
1168 (char *)name, 0);
1169 return EVP_PKEY_CTX_set_params(ctx, params);
1170 }
1171
EVP_PKEY_CTX_get_group_name(EVP_PKEY_CTX * ctx,char * name,size_t namelen)1172 int EVP_PKEY_CTX_get_group_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen)
1173 {
1174 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
1175 OSSL_PARAM *p = params;
1176
1177 if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
1178 /* There is no legacy support for this */
1179 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1180 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1181 return -2;
1182 }
1183
1184 if (name == NULL)
1185 return -1;
1186
1187 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
1188 name, namelen);
1189 if (!EVP_PKEY_CTX_get_params(ctx, params))
1190 return -1;
1191 return 1;
1192 }
1193
1194 /*
1195 * evp_pkey_keygen() abstracts from the explicit use of B<EVP_PKEY_CTX>
1196 * while providing a generic way of generating a new asymmetric key pair
1197 * of algorithm type I<name> (e.g., C<RSA> or C<EC>).
1198 * The library context I<libctx> and property query I<propq>
1199 * are used when fetching algorithms from providers.
1200 * The I<params> specify algorithm-specific parameters
1201 * such as the RSA modulus size or the name of an EC curve.
1202 */
evp_pkey_keygen(OSSL_LIB_CTX * libctx,const char * name,const char * propq,const OSSL_PARAM * params)1203 static EVP_PKEY *evp_pkey_keygen(OSSL_LIB_CTX *libctx, const char *name,
1204 const char *propq, const OSSL_PARAM *params)
1205 {
1206 EVP_PKEY *pkey = NULL;
1207 EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(libctx, name, propq);
1208
1209 if (ctx != NULL
1210 && EVP_PKEY_keygen_init(ctx) > 0
1211 && EVP_PKEY_CTX_set_params(ctx, params))
1212 (void)EVP_PKEY_generate(ctx, &pkey);
1213
1214 EVP_PKEY_CTX_free(ctx);
1215 return pkey;
1216 }
1217
EVP_PKEY_Q_keygen(OSSL_LIB_CTX * libctx,const char * propq,const char * type,...)1218 EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
1219 const char *type, ...)
1220 {
1221 va_list args;
1222 size_t bits;
1223 char *name;
1224 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
1225 EVP_PKEY *ret = NULL;
1226
1227 va_start(args, type);
1228
1229 if (OPENSSL_strcasecmp(type, "RSA") == 0) {
1230 bits = va_arg(args, size_t);
1231 params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits);
1232 } else if (OPENSSL_strcasecmp(type, "EC") == 0) {
1233 name = va_arg(args, char *);
1234 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
1235 name, 0);
1236 } else if (OPENSSL_strcasecmp(type, "ED25519") != 0
1237 && OPENSSL_strcasecmp(type, "X25519") != 0
1238 && OPENSSL_strcasecmp(type, "ED448") != 0
1239 && OPENSSL_strcasecmp(type, "X448") != 0
1240 && OPENSSL_strcasecmp(type, "SM2") != 0) {
1241 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT);
1242 goto end;
1243 }
1244 ret = evp_pkey_keygen(libctx, type, propq, params);
1245
1246 end:
1247 va_end(args);
1248 return ret;
1249 }
1250
1251 #endif /* !defined(FIPS_MODULE) */
1252