1 /* 2 * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #ifndef OSSL_CRYPTO_EVP_H 11 # define OSSL_CRYPTO_EVP_H 12 # pragma once 13 14 # include <openssl/evp.h> 15 # include <openssl/core_dispatch.h> 16 # include "internal/refcount.h" 17 # include "crypto/ecx.h" 18 19 /* 20 * Default PKCS5 PBE KDF salt lengths 21 * In RFC 8018, PBE1 uses 8 bytes (64 bits) for its salt length. 22 * It also specifies to use at least 8 bytes for PBES2. 23 * The NIST requirement for PBKDF2 is 128 bits so we use this as the 24 * default for PBE2 (scrypt and HKDF2) 25 */ 26 # define PKCS5_DEFAULT_PBE1_SALT_LEN PKCS5_SALT_LEN 27 # define PKCS5_DEFAULT_PBE2_SALT_LEN 16 28 /* 29 * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag 30 * values in evp.h 31 */ 32 #define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400 33 #define EVP_MD_CTX_FLAG_FINALISED 0x0800 34 35 #define evp_pkey_ctx_is_legacy(ctx) \ 36 ((ctx)->keymgmt == NULL) 37 #define evp_pkey_ctx_is_provided(ctx) \ 38 (!evp_pkey_ctx_is_legacy(ctx)) 39 40 struct evp_pkey_ctx_st { 41 /* Actual operation */ 42 int operation; 43 44 /* 45 * Library context, property query, keytype and keymgmt associated with 46 * this context 47 */ 48 OSSL_LIB_CTX *libctx; 49 char *propquery; 50 const char *keytype; 51 /* If |pkey| below is set, this field is always a reference to its keymgmt */ 52 EVP_KEYMGMT *keymgmt; 53 54 union { 55 struct { 56 void *genctx; 57 } keymgmt; 58 59 struct { 60 EVP_KEYEXCH *exchange; 61 /* 62 * Opaque ctx returned from a providers exchange algorithm 63 * implementation OSSL_FUNC_keyexch_newctx() 64 */ 65 void *algctx; 66 } kex; 67 68 struct { 69 EVP_SIGNATURE *signature; 70 /* 71 * Opaque ctx returned from a providers signature algorithm 72 * implementation OSSL_FUNC_signature_newctx() 73 */ 74 void *algctx; 75 } sig; 76 77 struct { 78 EVP_ASYM_CIPHER *cipher; 79 /* 80 * Opaque ctx returned from a providers asymmetric cipher algorithm 81 * implementation OSSL_FUNC_asym_cipher_newctx() 82 */ 83 void *algctx; 84 } ciph; 85 struct { 86 EVP_KEM *kem; 87 /* 88 * Opaque ctx returned from a providers KEM algorithm 89 * implementation OSSL_FUNC_kem_newctx() 90 */ 91 void *algctx; 92 } encap; 93 } op; 94 95 /* 96 * Cached parameters. Inits of operations that depend on these should 97 * call evp_pkey_ctx_use_delayed_data() when the operation has been set 98 * up properly. 99 */ 100 struct { 101 /* Distinguishing Identifier, ISO/IEC 15946-3, FIPS 196 */ 102 char *dist_id_name; /* The name used with EVP_PKEY_CTX_ctrl_str() */ 103 void *dist_id; /* The distinguishing ID itself */ 104 size_t dist_id_len; /* The length of the distinguishing ID */ 105 106 /* Indicators of what has been set. Keep them together! */ 107 unsigned int dist_id_set : 1; 108 } cached_parameters; 109 110 /* Application specific data, usually used by the callback */ 111 void *app_data; 112 /* Keygen callback */ 113 EVP_PKEY_gen_cb *pkey_gencb; 114 /* implementation specific keygen data */ 115 int *keygen_info; 116 int keygen_info_count; 117 118 /* Legacy fields below */ 119 120 /* EVP_PKEY identity */ 121 int legacy_keytype; 122 /* Method associated with this operation */ 123 const EVP_PKEY_METHOD *pmeth; 124 /* Engine that implements this method or NULL if builtin */ 125 ENGINE *engine; 126 /* Key: may be NULL */ 127 EVP_PKEY *pkey; 128 /* Peer key for key agreement, may be NULL */ 129 EVP_PKEY *peerkey; 130 /* Algorithm specific data */ 131 void *data; 132 /* Indicator if digest_custom needs to be called */ 133 unsigned int flag_call_digest_custom:1; 134 /* 135 * Used to support taking custody of memory in the case of a provider being 136 * used with the deprecated EVP_PKEY_CTX_set_rsa_keygen_pubexp() API. This 137 * member should NOT be used for any other purpose and should be removed 138 * when said deprecated API is excised completely. 139 */ 140 BIGNUM *rsa_pubexp; 141 } /* EVP_PKEY_CTX */ ; 142 143 #define EVP_PKEY_FLAG_DYNAMIC 1 144 145 struct evp_pkey_method_st { 146 int pkey_id; 147 int flags; 148 int (*init) (EVP_PKEY_CTX *ctx); 149 int (*copy) (EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); 150 void (*cleanup) (EVP_PKEY_CTX *ctx); 151 int (*paramgen_init) (EVP_PKEY_CTX *ctx); 152 int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); 153 int (*keygen_init) (EVP_PKEY_CTX *ctx); 154 int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); 155 int (*sign_init) (EVP_PKEY_CTX *ctx); 156 int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 157 const unsigned char *tbs, size_t tbslen); 158 int (*verify_init) (EVP_PKEY_CTX *ctx); 159 int (*verify) (EVP_PKEY_CTX *ctx, 160 const unsigned char *sig, size_t siglen, 161 const unsigned char *tbs, size_t tbslen); 162 int (*verify_recover_init) (EVP_PKEY_CTX *ctx); 163 int (*verify_recover) (EVP_PKEY_CTX *ctx, 164 unsigned char *rout, size_t *routlen, 165 const unsigned char *sig, size_t siglen); 166 int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); 167 int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 168 EVP_MD_CTX *mctx); 169 int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); 170 int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, 171 EVP_MD_CTX *mctx); 172 int (*encrypt_init) (EVP_PKEY_CTX *ctx); 173 int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, 174 const unsigned char *in, size_t inlen); 175 int (*decrypt_init) (EVP_PKEY_CTX *ctx); 176 int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, 177 const unsigned char *in, size_t inlen); 178 int (*derive_init) (EVP_PKEY_CTX *ctx); 179 int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); 180 int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 181 int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); 182 int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, 183 const unsigned char *tbs, size_t tbslen); 184 int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, 185 size_t siglen, const unsigned char *tbs, 186 size_t tbslen); 187 int (*check) (EVP_PKEY *pkey); 188 int (*public_check) (EVP_PKEY *pkey); 189 int (*param_check) (EVP_PKEY *pkey); 190 191 int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); 192 } /* EVP_PKEY_METHOD */ ; 193 194 DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD) 195 196 void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); 197 198 const EVP_PKEY_METHOD *ossl_dh_pkey_method(void); 199 const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void); 200 const EVP_PKEY_METHOD *ossl_dsa_pkey_method(void); 201 const EVP_PKEY_METHOD *ossl_ec_pkey_method(void); 202 const EVP_PKEY_METHOD *ossl_ecx25519_pkey_method(void); 203 const EVP_PKEY_METHOD *ossl_ecx448_pkey_method(void); 204 const EVP_PKEY_METHOD *ossl_ed25519_pkey_method(void); 205 const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void); 206 const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void); 207 const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void); 208 209 struct evp_mac_st { 210 OSSL_PROVIDER *prov; 211 int name_id; 212 char *type_name; 213 const char *description; 214 215 CRYPTO_REF_COUNT refcnt; 216 217 OSSL_FUNC_mac_newctx_fn *newctx; 218 OSSL_FUNC_mac_dupctx_fn *dupctx; 219 OSSL_FUNC_mac_freectx_fn *freectx; 220 OSSL_FUNC_mac_init_fn *init; 221 OSSL_FUNC_mac_update_fn *update; 222 OSSL_FUNC_mac_final_fn *final; 223 OSSL_FUNC_mac_gettable_params_fn *gettable_params; 224 OSSL_FUNC_mac_gettable_ctx_params_fn *gettable_ctx_params; 225 OSSL_FUNC_mac_settable_ctx_params_fn *settable_ctx_params; 226 OSSL_FUNC_mac_get_params_fn *get_params; 227 OSSL_FUNC_mac_get_ctx_params_fn *get_ctx_params; 228 OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params; 229 }; 230 231 struct evp_kdf_st { 232 OSSL_PROVIDER *prov; 233 int name_id; 234 char *type_name; 235 const char *description; 236 CRYPTO_REF_COUNT refcnt; 237 238 OSSL_FUNC_kdf_newctx_fn *newctx; 239 OSSL_FUNC_kdf_dupctx_fn *dupctx; 240 OSSL_FUNC_kdf_freectx_fn *freectx; 241 OSSL_FUNC_kdf_reset_fn *reset; 242 OSSL_FUNC_kdf_derive_fn *derive; 243 OSSL_FUNC_kdf_gettable_params_fn *gettable_params; 244 OSSL_FUNC_kdf_gettable_ctx_params_fn *gettable_ctx_params; 245 OSSL_FUNC_kdf_settable_ctx_params_fn *settable_ctx_params; 246 OSSL_FUNC_kdf_get_params_fn *get_params; 247 OSSL_FUNC_kdf_get_ctx_params_fn *get_ctx_params; 248 OSSL_FUNC_kdf_set_ctx_params_fn *set_ctx_params; 249 }; 250 251 #define EVP_ORIG_DYNAMIC 0 252 #define EVP_ORIG_GLOBAL 1 253 #define EVP_ORIG_METH 2 254 255 struct evp_md_st { 256 /* nid */ 257 int type; 258 259 /* Legacy structure members */ 260 int pkey_type; 261 int md_size; 262 unsigned long flags; 263 int origin; 264 int (*init) (EVP_MD_CTX *ctx); 265 int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); 266 int (*final) (EVP_MD_CTX *ctx, unsigned char *md); 267 int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); 268 int (*cleanup) (EVP_MD_CTX *ctx); 269 int block_size; 270 int ctx_size; /* how big does the ctx->md_data need to be */ 271 /* control function */ 272 int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); 273 274 /* New structure members */ 275 /* Above comment to be removed when legacy has gone */ 276 int name_id; 277 char *type_name; 278 const char *description; 279 OSSL_PROVIDER *prov; 280 CRYPTO_REF_COUNT refcnt; 281 OSSL_FUNC_digest_newctx_fn *newctx; 282 OSSL_FUNC_digest_init_fn *dinit; 283 OSSL_FUNC_digest_update_fn *dupdate; 284 OSSL_FUNC_digest_final_fn *dfinal; 285 OSSL_FUNC_digest_squeeze_fn *dsqueeze; 286 OSSL_FUNC_digest_digest_fn *digest; 287 OSSL_FUNC_digest_freectx_fn *freectx; 288 OSSL_FUNC_digest_dupctx_fn *dupctx; 289 OSSL_FUNC_digest_get_params_fn *get_params; 290 OSSL_FUNC_digest_set_ctx_params_fn *set_ctx_params; 291 OSSL_FUNC_digest_get_ctx_params_fn *get_ctx_params; 292 OSSL_FUNC_digest_gettable_params_fn *gettable_params; 293 OSSL_FUNC_digest_settable_ctx_params_fn *settable_ctx_params; 294 OSSL_FUNC_digest_gettable_ctx_params_fn *gettable_ctx_params; 295 296 } /* EVP_MD */ ; 297 298 struct evp_cipher_st { 299 int nid; 300 301 int block_size; 302 /* Default value for variable length ciphers */ 303 int key_len; 304 int iv_len; 305 306 /* Legacy structure members */ 307 /* Various flags */ 308 unsigned long flags; 309 /* How the EVP_CIPHER was created. */ 310 int origin; 311 /* init key */ 312 int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, 313 const unsigned char *iv, int enc); 314 /* encrypt/decrypt data */ 315 int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, 316 const unsigned char *in, size_t inl); 317 /* cleanup ctx */ 318 int (*cleanup) (EVP_CIPHER_CTX *); 319 /* how big ctx->cipher_data needs to be */ 320 int ctx_size; 321 /* Populate a ASN1_TYPE with parameters */ 322 int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); 323 /* Get parameters from a ASN1_TYPE */ 324 int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); 325 /* Miscellaneous operations */ 326 int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); 327 /* Application data */ 328 void *app_data; 329 330 /* New structure members */ 331 /* Above comment to be removed when legacy has gone */ 332 int name_id; 333 char *type_name; 334 const char *description; 335 OSSL_PROVIDER *prov; 336 CRYPTO_REF_COUNT refcnt; 337 OSSL_FUNC_cipher_newctx_fn *newctx; 338 OSSL_FUNC_cipher_encrypt_init_fn *einit; 339 OSSL_FUNC_cipher_decrypt_init_fn *dinit; 340 OSSL_FUNC_cipher_update_fn *cupdate; 341 OSSL_FUNC_cipher_final_fn *cfinal; 342 OSSL_FUNC_cipher_cipher_fn *ccipher; 343 OSSL_FUNC_cipher_freectx_fn *freectx; 344 OSSL_FUNC_cipher_dupctx_fn *dupctx; 345 OSSL_FUNC_cipher_get_params_fn *get_params; 346 OSSL_FUNC_cipher_get_ctx_params_fn *get_ctx_params; 347 OSSL_FUNC_cipher_set_ctx_params_fn *set_ctx_params; 348 OSSL_FUNC_cipher_gettable_params_fn *gettable_params; 349 OSSL_FUNC_cipher_gettable_ctx_params_fn *gettable_ctx_params; 350 OSSL_FUNC_cipher_settable_ctx_params_fn *settable_ctx_params; 351 } /* EVP_CIPHER */ ; 352 353 /* Macros to code block cipher wrappers */ 354 355 /* Wrapper functions for each cipher mode */ 356 357 #define EVP_C_DATA(kstruct, ctx) \ 358 ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx)) 359 360 #define BLOCK_CIPHER_ecb_loop() \ 361 size_t i, bl; \ 362 bl = EVP_CIPHER_CTX_get0_cipher(ctx)->block_size; \ 363 if (inl < bl) return 1;\ 364 inl -= bl; \ 365 for (i=0; i <= inl; i+=bl) 366 367 #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ 368 static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ 369 {\ 370 BLOCK_CIPHER_ecb_loop() \ 371 cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_is_encrypting(ctx)); \ 372 return 1;\ 373 } 374 375 #define EVP_MAXCHUNK ((size_t)1 << 30) 376 377 #define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ 378 static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ 379 {\ 380 while(inl>=EVP_MAXCHUNK) {\ 381 int num = EVP_CIPHER_CTX_get_num(ctx);\ 382 cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \ 383 EVP_CIPHER_CTX_set_num(ctx, num);\ 384 inl-=EVP_MAXCHUNK;\ 385 in +=EVP_MAXCHUNK;\ 386 out+=EVP_MAXCHUNK;\ 387 }\ 388 if (inl) {\ 389 int num = EVP_CIPHER_CTX_get_num(ctx);\ 390 cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \ 391 EVP_CIPHER_CTX_set_num(ctx, num);\ 392 }\ 393 return 1;\ 394 } 395 396 #define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ 397 static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ 398 {\ 399 while(inl>=EVP_MAXCHUNK) {\ 400 cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\ 401 inl-=EVP_MAXCHUNK;\ 402 in +=EVP_MAXCHUNK;\ 403 out+=EVP_MAXCHUNK;\ 404 }\ 405 if (inl)\ 406 cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\ 407 return 1;\ 408 } 409 410 #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ 411 static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ 412 {\ 413 size_t chunk = EVP_MAXCHUNK;\ 414 if (cbits == 1) chunk >>= 3;\ 415 if (inl < chunk) chunk = inl;\ 416 while (inl && inl >= chunk) {\ 417 int num = EVP_CIPHER_CTX_get_num(ctx);\ 418 cprefix##_cfb##cbits##_encrypt(in, out, (long) \ 419 ((cbits == 1) \ 420 && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \ 421 ? chunk*8 : chunk), \ 422 &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv,\ 423 &num, EVP_CIPHER_CTX_is_encrypting(ctx));\ 424 EVP_CIPHER_CTX_set_num(ctx, num);\ 425 inl -= chunk;\ 426 in += chunk;\ 427 out += chunk;\ 428 if (inl < chunk) chunk = inl;\ 429 }\ 430 return 1;\ 431 } 432 433 #define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ 434 BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ 435 BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ 436 BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ 437 BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) 438 439 #define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \ 440 key_len, iv_len, flags, init_key, cleanup, \ 441 set_asn1, get_asn1, ctrl) \ 442 static const EVP_CIPHER cname##_##mode = { \ 443 nid##_##nmode, block_size, key_len, iv_len, \ 444 flags | EVP_CIPH_##MODE##_MODE, \ 445 EVP_ORIG_GLOBAL, \ 446 init_key, \ 447 cname##_##mode##_cipher, \ 448 cleanup, \ 449 sizeof(kstruct), \ 450 set_asn1, get_asn1,\ 451 ctrl, \ 452 NULL \ 453 }; \ 454 const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; } 455 456 #define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \ 457 iv_len, flags, init_key, cleanup, set_asn1, \ 458 get_asn1, ctrl) \ 459 BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ 460 iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) 461 462 #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ 463 iv_len, cbits, flags, init_key, cleanup, \ 464 set_asn1, get_asn1, ctrl) \ 465 BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \ 466 key_len, iv_len, flags, init_key, cleanup, set_asn1, \ 467 get_asn1, ctrl) 468 469 #define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \ 470 iv_len, cbits, flags, init_key, cleanup, \ 471 set_asn1, get_asn1, ctrl) \ 472 BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \ 473 key_len, iv_len, flags, init_key, cleanup, set_asn1, \ 474 get_asn1, ctrl) 475 476 #define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \ 477 flags, init_key, cleanup, set_asn1, \ 478 get_asn1, ctrl) \ 479 BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ 480 0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) 481 482 #define BLOCK_CIPHER_defs(cname, kstruct, \ 483 nid, block_size, key_len, iv_len, cbits, flags, \ 484 init_key, cleanup, set_asn1, get_asn1, ctrl) \ 485 BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ 486 init_key, cleanup, set_asn1, get_asn1, ctrl) \ 487 BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \ 488 flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ 489 BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \ 490 flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ 491 BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \ 492 init_key, cleanup, set_asn1, get_asn1, ctrl) 493 494 /*- 495 #define BLOCK_CIPHER_defs(cname, kstruct, \ 496 nid, block_size, key_len, iv_len, flags,\ 497 init_key, cleanup, set_asn1, get_asn1, ctrl)\ 498 static const EVP_CIPHER cname##_cbc = {\ 499 nid##_cbc, block_size, key_len, iv_len, \ 500 flags | EVP_CIPH_CBC_MODE,\ 501 EVP_ORIG_GLOBAL,\ 502 init_key,\ 503 cname##_cbc_cipher,\ 504 cleanup,\ 505 sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ 506 sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ 507 set_asn1, get_asn1,\ 508 ctrl, \ 509 NULL \ 510 };\ 511 const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ 512 static const EVP_CIPHER cname##_cfb = {\ 513 nid##_cfb64, 1, key_len, iv_len, \ 514 flags | EVP_CIPH_CFB_MODE,\ 515 EVP_ORIG_GLOBAL,\ 516 init_key,\ 517 cname##_cfb_cipher,\ 518 cleanup,\ 519 sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ 520 sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ 521 set_asn1, get_asn1,\ 522 ctrl,\ 523 NULL \ 524 };\ 525 const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ 526 static const EVP_CIPHER cname##_ofb = {\ 527 nid##_ofb64, 1, key_len, iv_len, \ 528 flags | EVP_CIPH_OFB_MODE,\ 529 EVP_ORIG_GLOBAL,\ 530 init_key,\ 531 cname##_ofb_cipher,\ 532 cleanup,\ 533 sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ 534 sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ 535 set_asn1, get_asn1,\ 536 ctrl,\ 537 NULL \ 538 };\ 539 const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ 540 static const EVP_CIPHER cname##_ecb = {\ 541 nid##_ecb, block_size, key_len, iv_len, \ 542 flags | EVP_CIPH_ECB_MODE,\ 543 EVP_ORIG_GLOBAL,\ 544 init_key,\ 545 cname##_ecb_cipher,\ 546 cleanup,\ 547 sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ 548 sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ 549 set_asn1, get_asn1,\ 550 ctrl,\ 551 NULL \ 552 };\ 553 const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } 554 */ 555 556 #define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ 557 block_size, key_len, iv_len, cbits, \ 558 flags, init_key, \ 559 cleanup, set_asn1, get_asn1, ctrl) \ 560 BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ 561 BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ 562 cbits, flags, init_key, cleanup, set_asn1, \ 563 get_asn1, ctrl) 564 565 #define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \ 566 BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ 567 BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ 568 NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ 569 (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \ 570 cipher##_init_key, NULL, NULL, NULL, NULL) 571 572 typedef struct { 573 unsigned char iv[EVP_MAX_IV_LENGTH]; 574 unsigned int iv_len; 575 unsigned int tag_len; 576 } evp_cipher_aead_asn1_params; 577 578 int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, 579 evp_cipher_aead_asn1_params *params); 580 581 int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, 582 evp_cipher_aead_asn1_params *params); 583 584 /* 585 * To support transparent execution of operation in backends other 586 * than the "origin" key, we support transparent export/import to 587 * those providers, and maintain a cache of the imported keydata, 588 * so we don't need to redo the export/import every time we perform 589 * the same operation in that same provider. 590 * This requires that the "origin" backend (whether it's a legacy or a 591 * provider "origin") implements exports, and that the target provider 592 * has an EVP_KEYMGMT that implements import. 593 */ 594 typedef struct { 595 EVP_KEYMGMT *keymgmt; 596 void *keydata; 597 int selection; 598 } OP_CACHE_ELEM; 599 600 DEFINE_STACK_OF(OP_CACHE_ELEM) 601 602 /* 603 * An EVP_PKEY can have the following states: 604 * 605 * untyped & empty: 606 * 607 * type == EVP_PKEY_NONE && keymgmt == NULL 608 * 609 * typed & empty: 610 * 611 * (type != EVP_PKEY_NONE && pkey.ptr == NULL) ## legacy (libcrypto only) 612 * || (keymgmt != NULL && keydata == NULL) ## provider side 613 * 614 * fully assigned: 615 * 616 * (type != EVP_PKEY_NONE && pkey.ptr != NULL) ## legacy (libcrypto only) 617 * || (keymgmt != NULL && keydata != NULL) ## provider side 618 * 619 * The easiest way to detect a legacy key is: 620 * 621 * keymgmt == NULL && type != EVP_PKEY_NONE 622 * 623 * The easiest way to detect a provider side key is: 624 * 625 * keymgmt != NULL 626 */ 627 #define evp_pkey_is_blank(pk) \ 628 ((pk)->type == EVP_PKEY_NONE && (pk)->keymgmt == NULL) 629 #define evp_pkey_is_typed(pk) \ 630 ((pk)->type != EVP_PKEY_NONE || (pk)->keymgmt != NULL) 631 #ifndef FIPS_MODULE 632 # define evp_pkey_is_assigned(pk) \ 633 ((pk)->pkey.ptr != NULL || (pk)->keydata != NULL) 634 #else 635 # define evp_pkey_is_assigned(pk) \ 636 ((pk)->keydata != NULL) 637 #endif 638 #define evp_pkey_is_legacy(pk) \ 639 ((pk)->type != EVP_PKEY_NONE && (pk)->keymgmt == NULL) 640 #define evp_pkey_is_provided(pk) \ 641 ((pk)->keymgmt != NULL) 642 643 union legacy_pkey_st { 644 void *ptr; 645 struct rsa_st *rsa; /* RSA */ 646 # ifndef OPENSSL_NO_DSA 647 struct dsa_st *dsa; /* DSA */ 648 # endif 649 # ifndef OPENSSL_NO_DH 650 struct dh_st *dh; /* DH */ 651 # endif 652 # ifndef OPENSSL_NO_EC 653 struct ec_key_st *ec; /* ECC */ 654 # ifndef OPENSSL_NO_ECX 655 ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */ 656 # endif 657 # endif 658 }; 659 660 struct evp_pkey_st { 661 /* == Legacy attributes == */ 662 int type; 663 int save_type; 664 665 # ifndef FIPS_MODULE 666 /* 667 * Legacy key "origin" is composed of a pointer to an EVP_PKEY_ASN1_METHOD, 668 * a pointer to a low level key and possibly a pointer to an engine. 669 */ 670 const EVP_PKEY_ASN1_METHOD *ameth; 671 ENGINE *engine; 672 ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */ 673 674 /* Union to store the reference to an origin legacy key */ 675 union legacy_pkey_st pkey; 676 677 /* Union to store the reference to a non-origin legacy key */ 678 union legacy_pkey_st legacy_cache_pkey; 679 # endif 680 681 /* == Common attributes == */ 682 CRYPTO_REF_COUNT references; 683 CRYPTO_RWLOCK *lock; 684 #ifndef FIPS_MODULE 685 STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ 686 int save_parameters; 687 unsigned int foreign:1; /* the low-level key is using an engine or an app-method */ 688 CRYPTO_EX_DATA ex_data; 689 #endif 690 691 /* == Provider attributes == */ 692 693 /* 694 * Provider keydata "origin" is composed of a pointer to an EVP_KEYMGMT 695 * and a pointer to the provider side key data. This is never used at 696 * the same time as the legacy key data above. 697 */ 698 EVP_KEYMGMT *keymgmt; 699 void *keydata; 700 /* 701 * If any libcrypto code does anything that may modify the keydata 702 * contents, this dirty counter must be incremented. 703 */ 704 size_t dirty_cnt; 705 706 /* 707 * To support transparent execution of operation in backends other 708 * than the "origin" key, we support transparent export/import to 709 * those providers, and maintain a cache of the imported keydata, 710 * so we don't need to redo the export/import every time we perform 711 * the same operation in that same provider. 712 */ 713 STACK_OF(OP_CACHE_ELEM) *operation_cache; 714 715 /* 716 * We keep a copy of that "origin"'s dirty count, so we know if the 717 * operation cache needs flushing. 718 */ 719 size_t dirty_cnt_copy; 720 721 /* Cache of key object information */ 722 struct { 723 int bits; 724 int security_bits; 725 int size; 726 } cache; 727 }; /* EVP_PKEY */ 728 729 /* The EVP_PKEY_OP_TYPE_ macros are found in include/openssl/evp.h */ 730 731 # define EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) \ 732 (((ctx)->operation & EVP_PKEY_OP_TYPE_SIG) != 0) 733 734 # define EVP_PKEY_CTX_IS_DERIVE_OP(ctx) \ 735 (((ctx)->operation & EVP_PKEY_OP_TYPE_DERIVE) != 0) 736 737 # define EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) \ 738 (((ctx)->operation & EVP_PKEY_OP_TYPE_CRYPT) != 0) 739 740 # define EVP_PKEY_CTX_IS_GEN_OP(ctx) \ 741 (((ctx)->operation & EVP_PKEY_OP_TYPE_GEN) != 0) 742 743 # define EVP_PKEY_CTX_IS_FROMDATA_OP(ctx) \ 744 (((ctx)->operation & EVP_PKEY_OP_TYPE_DATA) != 0) 745 746 # define EVP_PKEY_CTX_IS_KEM_OP(ctx) \ 747 (((ctx)->operation & EVP_PKEY_OP_TYPE_KEM) != 0) 748 749 void openssl_add_all_ciphers_int(void); 750 void openssl_add_all_digests_int(void); 751 void evp_cleanup_int(void); 752 void evp_app_cleanup_int(void); 753 void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx, 754 EVP_KEYMGMT **keymgmt, 755 const char *propquery); 756 #ifndef FIPS_MODULE 757 int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src); 758 void *evp_pkey_get_legacy(EVP_PKEY *pk); 759 void evp_pkey_free_legacy(EVP_PKEY *x); 760 EVP_PKEY *evp_pkcs82pkey_legacy(const PKCS8_PRIV_KEY_INFO *p8inf, 761 OSSL_LIB_CTX *libctx, const char *propq); 762 #endif 763 764 /* 765 * KEYMGMT utility functions 766 */ 767 768 /* 769 * Key import structure and helper function, to be used as an export callback 770 */ 771 struct evp_keymgmt_util_try_import_data_st { 772 EVP_KEYMGMT *keymgmt; 773 void *keydata; 774 775 int selection; 776 }; 777 int evp_keymgmt_util_try_import(const OSSL_PARAM params[], void *arg); 778 int evp_keymgmt_util_assign_pkey(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt, 779 void *keydata); 780 EVP_PKEY *evp_keymgmt_util_make_pkey(EVP_KEYMGMT *keymgmt, void *keydata); 781 782 int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection, 783 OSSL_CALLBACK *export_cb, void *export_cbarg); 784 void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, 785 int selection); 786 OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, 787 EVP_KEYMGMT *keymgmt, 788 int selection); 789 int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk); 790 int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, 791 void *keydata, int selection); 792 void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk); 793 void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, 794 int selection, const OSSL_PARAM params[]); 795 int evp_keymgmt_util_has(EVP_PKEY *pk, int selection); 796 int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection); 797 int evp_keymgmt_util_copy(EVP_PKEY *to, EVP_PKEY *from, int selection); 798 void *evp_keymgmt_util_gen(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, 799 void *genctx, OSSL_CALLBACK *cb, void *cbarg); 800 int evp_keymgmt_util_get_deflt_digest_name(EVP_KEYMGMT *keymgmt, 801 void *keydata, 802 char *mdname, size_t mdname_sz); 803 const char *evp_keymgmt_util_query_operation_name(EVP_KEYMGMT *keymgmt, 804 int op_id); 805 806 /* 807 * KEYMGMT provider interface functions 808 */ 809 void *evp_keymgmt_newdata(const EVP_KEYMGMT *keymgmt); 810 void evp_keymgmt_freedata(const EVP_KEYMGMT *keymgmt, void *keyddata); 811 int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt, 812 void *keydata, OSSL_PARAM params[]); 813 int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt, 814 void *keydata, const OSSL_PARAM params[]); 815 void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection, 816 const OSSL_PARAM params[]); 817 int evp_keymgmt_gen_set_template(const EVP_KEYMGMT *keymgmt, void *genctx, 818 void *templ); 819 int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx, 820 const OSSL_PARAM params[]); 821 int evp_keymgmt_gen_get_params(const EVP_KEYMGMT *keymgmt, 822 void *genctx, OSSL_PARAM params[]); 823 void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx, 824 OSSL_CALLBACK *cb, void *cbarg); 825 void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx); 826 827 int evp_keymgmt_has_load(const EVP_KEYMGMT *keymgmt); 828 void *evp_keymgmt_load(const EVP_KEYMGMT *keymgmt, 829 const void *objref, size_t objref_sz); 830 831 int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keyddata, int selection); 832 int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata, 833 int selection, int checktype); 834 int evp_keymgmt_match(const EVP_KEYMGMT *keymgmt, 835 const void *keydata1, const void *keydata2, 836 int selection); 837 838 int evp_keymgmt_import(const EVP_KEYMGMT *keymgmt, void *keydata, 839 int selection, const OSSL_PARAM params[]); 840 const OSSL_PARAM *evp_keymgmt_import_types(const EVP_KEYMGMT *keymgmt, 841 int selection); 842 int evp_keymgmt_export(const EVP_KEYMGMT *keymgmt, void *keydata, 843 int selection, OSSL_CALLBACK *param_cb, void *cbarg); 844 const OSSL_PARAM *evp_keymgmt_export_types(const EVP_KEYMGMT *keymgmt, 845 int selection); 846 void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt, 847 const void *keydata_from, int selection); 848 EVP_KEYMGMT *evp_keymgmt_fetch_from_prov(OSSL_PROVIDER *prov, 849 const char *name, 850 const char *properties); 851 852 /* Pulling defines out of C source files */ 853 854 # define EVP_RC4_KEY_SIZE 16 855 # ifndef TLS1_1_VERSION 856 # define TLS1_1_VERSION 0x0302 857 # endif 858 859 void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags); 860 861 /* EVP_ENCODE_CTX flags */ 862 /* Don't generate new lines when encoding */ 863 #define EVP_ENCODE_CTX_NO_NEWLINES 1 864 /* Use the SRP base64 alphabet instead of the standard one */ 865 #define EVP_ENCODE_CTX_USE_SRP_ALPHABET 2 866 867 const EVP_CIPHER *evp_get_cipherbyname_ex(OSSL_LIB_CTX *libctx, 868 const char *name); 869 const EVP_MD *evp_get_digestbyname_ex(OSSL_LIB_CTX *libctx, 870 const char *name); 871 872 int ossl_pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen, 873 const unsigned char *salt, int saltlen, int iter, 874 const EVP_MD *digest, int keylen, 875 unsigned char *out, 876 OSSL_LIB_CTX *libctx, const char *propq); 877 878 # ifndef FIPS_MODULE 879 /* 880 * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params(). 881 * 882 * Return 1 on success, 0 or negative for errors. 883 * 884 * In particular they return -2 if any of the params is not supported. 885 * 886 * They are not available in FIPS_MODULE as they depend on 887 * - EVP_PKEY_CTX_{get,set}_params() 888 * - EVP_PKEY_CTX_{gettable,settable}_params() 889 * 890 */ 891 int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); 892 int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); 893 894 EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id, 895 OSSL_LIB_CTX *libctx, const char *propq); 896 int evp_pkey_name2type(const char *name); 897 const char *evp_pkey_type2name(int type); 898 899 int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx); 900 # endif /* !defined(FIPS_MODULE) */ 901 902 int evp_method_store_cache_flush(OSSL_LIB_CTX *libctx); 903 int evp_method_store_remove_all_provided(const OSSL_PROVIDER *prov); 904 905 int evp_default_properties_enable_fips_int(OSSL_LIB_CTX *libctx, int enable, 906 int loadconfig); 907 int evp_set_default_properties_int(OSSL_LIB_CTX *libctx, const char *propq, 908 int loadconfig, int mirrored); 909 char *evp_get_global_properties_str(OSSL_LIB_CTX *libctx, int loadconfig); 910 911 void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force, int keep_digest); 912 /* just free the algctx if set, returns 0 on inconsistent state of ctx */ 913 int evp_md_ctx_free_algctx(EVP_MD_CTX *ctx); 914 915 /* Three possible states: */ 916 # define EVP_PKEY_STATE_UNKNOWN 0 917 # define EVP_PKEY_STATE_LEGACY 1 918 # define EVP_PKEY_STATE_PROVIDER 2 919 int evp_pkey_ctx_state(const EVP_PKEY_CTX *ctx); 920 921 /* These two must ONLY be called for provider side operations */ 922 int evp_pkey_ctx_ctrl_to_param(EVP_PKEY_CTX *ctx, 923 int keytype, int optype, 924 int cmd, int p1, void *p2); 925 int evp_pkey_ctx_ctrl_str_to_param(EVP_PKEY_CTX *ctx, 926 const char *name, const char *value); 927 928 /* These two must ONLY be called for legacy operations */ 929 int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params); 930 int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); 931 932 /* This must ONLY be called for legacy EVP_PKEYs */ 933 int evp_pkey_get_params_to_ctrl(const EVP_PKEY *pkey, OSSL_PARAM *params); 934 935 /* Same as the public get0 functions but are not const */ 936 # ifndef OPENSSL_NO_DEPRECATED_3_0 937 DH *evp_pkey_get0_DH_int(const EVP_PKEY *pkey); 938 EC_KEY *evp_pkey_get0_EC_KEY_int(const EVP_PKEY *pkey); 939 RSA *evp_pkey_get0_RSA_int(const EVP_PKEY *pkey); 940 # endif 941 942 /* Get internal identification number routines */ 943 int evp_asym_cipher_get_number(const EVP_ASYM_CIPHER *cipher); 944 int evp_cipher_get_number(const EVP_CIPHER *cipher); 945 int evp_kdf_get_number(const EVP_KDF *kdf); 946 int evp_kem_get_number(const EVP_KEM *wrap); 947 int evp_keyexch_get_number(const EVP_KEYEXCH *keyexch); 948 int evp_keymgmt_get_number(const EVP_KEYMGMT *keymgmt); 949 int evp_keymgmt_get_legacy_alg(const EVP_KEYMGMT *keymgmt); 950 int evp_mac_get_number(const EVP_MAC *mac); 951 int evp_md_get_number(const EVP_MD *md); 952 int evp_rand_get_number(const EVP_RAND *rand); 953 int evp_rand_can_seed(EVP_RAND_CTX *ctx); 954 size_t evp_rand_get_seed(EVP_RAND_CTX *ctx, 955 unsigned char **buffer, 956 int entropy, size_t min_len, size_t max_len, 957 int prediction_resistance, 958 const unsigned char *adin, size_t adin_len); 959 void evp_rand_clear_seed(EVP_RAND_CTX *ctx, 960 unsigned char *buffer, size_t b_len); 961 int evp_signature_get_number(const EVP_SIGNATURE *signature); 962 963 int evp_pkey_decrypt_alloc(EVP_PKEY_CTX *ctx, unsigned char **outp, 964 size_t *outlenp, size_t expected_outlen, 965 const unsigned char *in, size_t inlen); 966 967 int ossl_md2hmacnid(int mdnid); 968 int ossl_hmac2mdnid(int hmac_nid); 969 970 #endif /* OSSL_CRYPTO_EVP_H */ 971
