/*
* Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef OSSL_CRYPTO_EVP_H
# define OSSL_CRYPTO_EVP_H
# pragma once
# include <openssl/evp.h>
# include <openssl/core_dispatch.h>
# include "internal/refcount.h"
# include "crypto/ecx.h"
/*
* Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag
* values in evp.h
*/
#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400
#define EVP_MD_CTX_FLAG_FINALISED 0x0800
#define evp_pkey_ctx_is_legacy(ctx) \
((ctx)->keymgmt == NULL)
#define evp_pkey_ctx_is_provided(ctx) \
(!evp_pkey_ctx_is_legacy(ctx))
struct evp_pkey_ctx_st {
/* Actual operation */
int operation;
/*
* Library context, property query, keytype and keymgmt associated with
* this context
*/
OSSL_LIB_CTX *libctx;
char *propquery;
const char *keytype;
/* If |pkey| below is set, this field is always a reference to its keymgmt */
EVP_KEYMGMT *keymgmt;
union {
struct {
void *genctx;
} keymgmt;
struct {
EVP_KEYEXCH *exchange;
/*
* Opaque ctx returned from a providers exchange algorithm
* implementation OSSL_FUNC_keyexch_newctx()
*/
void *algctx;
} kex;
struct {
EVP_SIGNATURE *signature;
/*
* Opaque ctx returned from a providers signature algorithm
* implementation OSSL_FUNC_signature_newctx()
*/
void *algctx;
} sig;
struct {
EVP_ASYM_CIPHER *cipher;
/*
* Opaque ctx returned from a providers asymmetric cipher algorithm
* implementation OSSL_FUNC_asym_cipher_newctx()
*/
void *algctx;
} ciph;
struct {
EVP_KEM *kem;
/*
* Opaque ctx returned from a providers KEM algorithm
* implementation OSSL_FUNC_kem_newctx()
*/
void *algctx;
} encap;
} op;
/*
* Cached parameters. Inits of operations that depend on these should
* call evp_pkey_ctx_use_delayed_data() when the operation has been set
* up properly.
*/
struct {
/* Distinguishing Identifier, ISO/IEC 15946-3, FIPS 196 */
char *dist_id_name; /* The name used with EVP_PKEY_CTX_ctrl_str() */
void *dist_id; /* The distinguishing ID itself */
size_t dist_id_len; /* The length of the distinguishing ID */
/* Indicators of what has been set. Keep them together! */
unsigned int dist_id_set : 1;
} cached_parameters;
/* Application specific data, usually used by the callback */
void *app_data;
/* Keygen callback */
EVP_PKEY_gen_cb *pkey_gencb;
/* implementation specific keygen data */
int *keygen_info;
int keygen_info_count;
/* Legacy fields below */
/* EVP_PKEY identity */
int legacy_keytype;
/* Method associated with this operation */
const EVP_PKEY_METHOD *pmeth;
/* Engine that implements this method or NULL if builtin */
ENGINE *engine;
/* Key: may be NULL */
EVP_PKEY *pkey;
/* Peer key for key agreement, may be NULL */
EVP_PKEY *peerkey;
/* Algorithm specific data */
void *data;
/* Indicator if digest_custom needs to be called */
unsigned int flag_call_digest_custom:1;
/*
* Used to support taking custody of memory in the case of a provider being
* used with the deprecated EVP_PKEY_CTX_set_rsa_keygen_pubexp() API. This
* member should NOT be used for any other purpose and should be removed
* when said deprecated API is excised completely.
*/
BIGNUM *rsa_pubexp;
} /* EVP_PKEY_CTX */ ;
#define EVP_PKEY_FLAG_DYNAMIC 1
struct evp_pkey_method_st {
int pkey_id;
int flags;
int (*init) (EVP_PKEY_CTX *ctx);
int (*copy) (EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
void (*cleanup) (EVP_PKEY_CTX *ctx);
int (*paramgen_init) (EVP_PKEY_CTX *ctx);
int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
int (*keygen_init) (EVP_PKEY_CTX *ctx);
int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
int (*sign_init) (EVP_PKEY_CTX *ctx);
int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
const unsigned char *tbs, size_t tbslen);
int (*verify_init) (EVP_PKEY_CTX *ctx);
int (*verify) (EVP_PKEY_CTX *ctx,
const unsigned char *sig, size_t siglen,
const unsigned char *tbs, size_t tbslen);
int (*verify_recover_init) (EVP_PKEY_CTX *ctx);
int (*verify_recover) (EVP_PKEY_CTX *ctx,
unsigned char *rout, size_t *routlen,
const unsigned char *sig, size_t siglen);
int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
EVP_MD_CTX *mctx);
int (*verifyctx_init) (EVP_PKEY_CTX *ctx<