summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2025-04-14 17:32:06 +0000
committercvs2svn <admin@example.com>2025-04-14 17:32:06 +0000
commitb1ddde874c215cc8891531ed92876f091b7eb83e (patch)
treeedb6da6af7e865d488dc1a29309f1e1ec226e603 /src/lib/libcrypto/evp
parentf0a36529837a161734c802ae4c42e84e42347be2 (diff)
downloadopenbsd-tb_20250414.tar.gz
openbsd-tb_20250414.tar.bz2
openbsd-tb_20250414.zip
This commit was manufactured by cvs2git to create tag 'tb_20250414'.tb_20250414
Diffstat (limited to 'src/lib/libcrypto/evp')
-rw-r--r--src/lib/libcrypto/evp/bio_b64.c572
-rw-r--r--src/lib/libcrypto/evp/bio_enc.c433
-rw-r--r--src/lib/libcrypto/evp/bio_md.c281
-rw-r--r--src/lib/libcrypto/evp/e_aes.c2639
-rw-r--r--src/lib/libcrypto/evp/e_bf.c247
-rw-r--r--src/lib/libcrypto/evp/e_camellia.c823
-rw-r--r--src/lib/libcrypto/evp/e_cast.c247
-rw-r--r--src/lib/libcrypto/evp/e_chacha.c77
-rw-r--r--src/lib/libcrypto/evp/e_chacha20poly1305.c621
-rw-r--r--src/lib/libcrypto/evp/e_des.c355
-rw-r--r--src/lib/libcrypto/evp/e_des3.c497
-rw-r--r--src/lib/libcrypto/evp/e_idea.c266
-rw-r--r--src/lib/libcrypto/evp/e_null.c109
-rw-r--r--src/lib/libcrypto/evp/e_rc2.c411
-rw-r--r--src/lib/libcrypto/evp/e_rc4.c144
-rw-r--r--src/lib/libcrypto/evp/e_sm4.c267
-rw-r--r--src/lib/libcrypto/evp/e_xcbc_d.c139
-rw-r--r--src/lib/libcrypto/evp/evp.h1292
-rw-r--r--src/lib/libcrypto/evp/evp_aead.c170
-rw-r--r--src/lib/libcrypto/evp/evp_cipher.c1238
-rw-r--r--src/lib/libcrypto/evp/evp_digest.c500
-rw-r--r--src/lib/libcrypto/evp/evp_encode.c424
-rw-r--r--src/lib/libcrypto/evp/evp_err.c169
-rw-r--r--src/lib/libcrypto/evp/evp_key.c223
-rw-r--r--src/lib/libcrypto/evp/evp_local.h373
-rw-r--r--src/lib/libcrypto/evp/evp_names.c1691
-rw-r--r--src/lib/libcrypto/evp/evp_pbe.c647
-rw-r--r--src/lib/libcrypto/evp/evp_pkey.c144
-rw-r--r--src/lib/libcrypto/evp/m_md4.c114
-rw-r--r--src/lib/libcrypto/evp/m_md5.c114
-rw-r--r--src/lib/libcrypto/evp/m_md5_sha1.c90
-rw-r--r--src/lib/libcrypto/evp/m_null.c104
-rw-r--r--src/lib/libcrypto/evp/m_ripemd.c114
-rw-r--r--src/lib/libcrypto/evp/m_sha1.c358
-rw-r--r--src/lib/libcrypto/evp/m_sha3.c177
-rw-r--r--src/lib/libcrypto/evp/m_sigver.c271
-rw-r--r--src/lib/libcrypto/evp/m_sm3.c69
-rw-r--r--src/lib/libcrypto/evp/p_legacy.c200
-rw-r--r--src/lib/libcrypto/evp/p_lib.c854
-rw-r--r--src/lib/libcrypto/evp/p_sign.c107
-rw-r--r--src/lib/libcrypto/evp/p_verify.c99
-rw-r--r--src/lib/libcrypto/evp/pmeth_fn.c344
-rw-r--r--src/lib/libcrypto/evp/pmeth_gn.c227
-rw-r--r--src/lib/libcrypto/evp/pmeth_lib.c366
44 files changed, 0 insertions, 18607 deletions
diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c
deleted file mode 100644
index 32cd1f06df..0000000000
--- a/src/lib/libcrypto/evp/bio_b64.c
+++ /dev/null
@@ -1,572 +0,0 @@
1/* $OpenBSD: bio_b64.c,v 1.29 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <errno.h>
60#include <stdio.h>
61#include <string.h>
62
63#include <openssl/buffer.h>
64#include <openssl/evp.h>
65
66#include "bio_local.h"
67#include "evp_local.h"
68
69static int b64_write(BIO *h, const char *buf, int num);
70static int b64_read(BIO *h, char *buf, int size);
71static int b64_puts(BIO *h, const char *str);
72/*static int b64_gets(BIO *h, char *str, int size); */
73static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
74static int b64_new(BIO *h);
75static int b64_free(BIO *data);
76static long b64_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
77#define B64_BLOCK_SIZE 1024
78#define B64_BLOCK_SIZE2 768
79#define B64_NONE 0
80#define B64_ENCODE 1
81#define B64_DECODE 2
82
83typedef struct b64_struct {
84 /*BIO *bio; moved to the BIO structure */
85 int buf_len;
86 int buf_off;
87 int tmp_len; /* used to find the start when decoding */
88 int tmp_nl; /* If true, scan until '\n' */
89 int encode;
90 int start; /* have we started decoding yet? */
91 int cont; /* <= 0 when finished */
92 EVP_ENCODE_CTX base64;
93 char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE) + 10];
94 char tmp[B64_BLOCK_SIZE];
95} BIO_B64_CTX;
96
97static const BIO_METHOD methods_b64 = {
98 .type = BIO_TYPE_BASE64,
99 .name = "base64 encoding",
100 .bwrite = b64_write,
101 .bread = b64_read,
102 .bputs = b64_puts,
103 .ctrl = b64_ctrl,
104 .create = b64_new,
105 .destroy = b64_free,
106 .callback_ctrl = b64_callback_ctrl
107};
108
109const BIO_METHOD *
110BIO_f_base64(void)
111{
112 return (&methods_b64);
113}
114LCRYPTO_ALIAS(BIO_f_base64);
115
116static int
117b64_new(BIO *bi)
118{
119 BIO_B64_CTX *ctx;
120
121 ctx = malloc(sizeof(BIO_B64_CTX));
122 if (ctx == NULL)
123 return (0);
124
125 ctx->buf_len = 0;
126 ctx->tmp_len = 0;
127 ctx->tmp_nl = 0;
128 ctx->buf_off = 0;
129 ctx->cont = 1;
130 ctx->start = 1;
131 ctx->encode = 0;
132
133 bi->init = 1;
134 bi->ptr = (char *)ctx;
135 bi->flags = 0;
136 bi->num = 0;
137 return (1);
138}
139
140static int
141b64_free(BIO *a)
142{
143 if (a == NULL)
144 return (0);
145 free(a->ptr);
146 a->ptr = NULL;
147 a->init = 0;
148 a->flags = 0;
149 return (1);
150}
151
152static int
153b64_read(BIO *b, char *out, int outl)
154{
155 int ret = 0, i, ii, j, k, x, n, num, ret_code = 0;
156 BIO_B64_CTX *ctx;
157 unsigned char *p, *q;
158
159 if (out == NULL)
160 return (0);
161 ctx = (BIO_B64_CTX *)b->ptr;
162
163 if ((ctx == NULL) || (b->next_bio == NULL))
164 return (0);
165
166 BIO_clear_retry_flags(b);
167
168 if (ctx->encode != B64_DECODE) {
169 ctx->encode = B64_DECODE;
170 ctx->buf_len = 0;
171 ctx->buf_off = 0;
172 ctx->tmp_len = 0;
173 EVP_DecodeInit(&(ctx->base64));
174 }
175
176 /* First check if there are bytes decoded/encoded */
177 if (ctx->buf_len > 0) {
178 OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
179 i = ctx->buf_len - ctx->buf_off;
180 if (i > outl)
181 i = outl;
182 OPENSSL_assert(ctx->buf_off + i < (int)sizeof(ctx->buf));
183 memcpy(out, &(ctx->buf[ctx->buf_off]), i);
184 ret = i;
185 out += i;
186 outl -= i;
187 ctx->buf_off += i;
188 if (ctx->buf_len == ctx->buf_off) {
189 ctx->buf_len = 0;
190 ctx->buf_off = 0;
191 }
192 }
193
194 /* At this point, we have room of outl bytes and an empty
195 * buffer, so we should read in some more. */
196
197 ret_code = 0;
198 while (outl > 0) {
199 if (ctx->cont <= 0)
200 break;
201
202 i = BIO_read(b->next_bio, &(ctx->tmp[ctx->tmp_len]),
203 B64_BLOCK_SIZE - ctx->tmp_len);
204
205 if (i <= 0) {
206 ret_code = i;
207
208 /* Should we continue next time we are called? */
209 if (!BIO_should_retry(b->next_bio)) {
210 ctx->cont = i;
211 /* If buffer empty break */
212 if (ctx->tmp_len == 0)
213 break;
214 /* Fall through and process what we have */
215 else
216 i = 0;
217 }
218 /* else we retry and add more data to buffer */
219 else
220 break;
221 }
222 i += ctx->tmp_len;
223 ctx->tmp_len = i;
224
225 /* We need to scan, a line at a time until we
226 * have a valid line if we are starting. */
227 if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)) {
228 /* ctx->start=1; */
229 ctx->tmp_len = 0;
230 } else if (ctx->start) {
231 q = p =(unsigned char *)ctx->tmp;
232 num = 0;
233 for (j = 0; j < i; j++) {
234 if (*(q++) != '\n')
235 continue;
236
237 /* due to a previous very long line,
238 * we need to keep on scanning for a '\n'
239 * before we even start looking for
240 * base64 encoded stuff. */
241 if (ctx->tmp_nl) {
242 p = q;
243 ctx->tmp_nl = 0;
244 continue;
245 }
246
247 k = EVP_DecodeUpdate(&(ctx->base64),
248 (unsigned char *)ctx->buf,
249 &num, p, q - p);
250 if ((k <= 0) && (num == 0) && (ctx->start))
251 EVP_DecodeInit(&ctx->base64);
252 else {
253 if (p != (unsigned char *)
254 &(ctx->tmp[0])) {
255 i -= (p - (unsigned char *)
256 &(ctx->tmp[0]));
257 for (x = 0; x < i; x++)
258 ctx->tmp[x] = p[x];
259 }
260 EVP_DecodeInit(&ctx->base64);
261 ctx->start = 0;
262 break;
263 }
264 p = q;
265 }
266
267 /* we fell off the end without starting */
268 if ((j == i) && (num == 0)) {
269 /* Is this is one long chunk?, if so, keep on
270 * reading until a new line. */
271 if (p == (unsigned char *)&(ctx->tmp[0])) {
272 /* Check buffer full */
273 if (i == B64_BLOCK_SIZE) {
274 ctx->tmp_nl = 1;
275 ctx->tmp_len = 0;
276 }
277 }
278 else if (p != q) /* finished on a '\n' */
279 {
280 n = q - p;
281 for (ii = 0; ii < n; ii++)
282 ctx->tmp[ii] = p[ii];
283 ctx->tmp_len = n;
284 }
285 /* else finished on a '\n' */
286 continue;
287 } else {
288 ctx->tmp_len = 0;
289 }
290 } else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) {
291 /* If buffer isn't full and we can retry then
292 * restart to read in more data.
293 */
294 continue;
295 }
296
297 if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
298 int z, jj;
299
300 jj = i & ~3; /* process per 4 */
301 z = EVP_DecodeBlock((unsigned char *)ctx->buf,
302 (unsigned char *)ctx->tmp, jj);
303 if (jj > 2) {
304 if (ctx->tmp[jj-1] == '=') {
305 z--;
306 if (ctx->tmp[jj-2] == '=')
307 z--;
308 }
309 }
310 /* z is now number of output bytes and jj is the
311 * number consumed */
312 if (jj != i) {
313 memmove(ctx->tmp, &ctx->tmp[jj], i - jj);
314 ctx->tmp_len = i - jj;
315 }
316 ctx->buf_len = 0;
317 if (z > 0) {
318 ctx->buf_len = z;
319 }
320 i = z;
321 } else {
322 i = EVP_DecodeUpdate(&(ctx->base64),
323 (unsigned char *)ctx->buf, &ctx->buf_len,
324 (unsigned char *)ctx->tmp, i);
325 ctx->tmp_len = 0;
326 }
327 ctx->buf_off = 0;
328 if (i < 0) {
329 ret_code = 0;
330 ctx->buf_len = 0;
331 break;
332 }
333
334 if (ctx->buf_len <= outl)
335 i = ctx->buf_len;
336 else
337 i = outl;
338
339 memcpy(out, ctx->buf, i);
340 ret += i;
341 ctx->buf_off = i;
342 if (ctx->buf_off == ctx->buf_len) {
343 ctx->buf_len = 0;
344 ctx->buf_off = 0;
345 }
346 outl -= i;
347 out += i;
348 }
349 /* BIO_clear_retry_flags(b); */
350 BIO_copy_next_retry(b);
351 return ((ret == 0) ? ret_code : ret);
352}
353
354static int
355b64_write(BIO *b, const char *in, int inl)
356{
357 int ret = 0;
358 int n;
359 int i;
360 BIO_B64_CTX *ctx;
361
362 ctx = (BIO_B64_CTX *)b->ptr;
363 BIO_clear_retry_flags(b);
364
365 if (ctx->encode != B64_ENCODE) {
366 ctx->encode = B64_ENCODE;
367 ctx->buf_len = 0;
368 ctx->buf_off = 0;
369 ctx->tmp_len = 0;
370 EVP_EncodeInit(&(ctx->base64));
371 }
372
373 OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
374 OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
375 OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
376 n = ctx->buf_len - ctx->buf_off;
377 while (n > 0) {
378 i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
379 if (i <= 0) {
380 BIO_copy_next_retry(b);
381 return (i);
382 }
383 OPENSSL_assert(i <= n);
384 ctx->buf_off += i;
385 OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
386 OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
387 n -= i;
388 }
389 /* at this point all pending data has been written */
390 ctx->buf_off = 0;
391 ctx->buf_len = 0;
392
393 if ((in == NULL) || (inl <= 0))
394 return (0);
395
396 while (inl > 0) {
397 n = (inl > B64_BLOCK_SIZE) ? B64_BLOCK_SIZE : inl;
398
399 if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
400 if (ctx->tmp_len > 0) {
401 OPENSSL_assert(ctx->tmp_len <= 3);
402 n = 3 - ctx->tmp_len;
403 /* There's a theoretical possibility for this */
404 if (n > inl)
405 n = inl;
406 memcpy(&(ctx->tmp[ctx->tmp_len]), in, n);
407 ctx->tmp_len += n;
408 ret += n;
409 if (ctx->tmp_len < 3)
410 break;
411 ctx->buf_len = EVP_EncodeBlock(
412 (unsigned char *)ctx->buf,
413 (unsigned char *)ctx->tmp, ctx->tmp_len);
414 OPENSSL_assert(ctx->buf_len <=
415 (int)sizeof(ctx->buf));
416 OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
417 /* Since we're now done using the temporary
418 buffer, the length should be 0'd */
419 ctx->tmp_len = 0;
420 } else {
421 if (n < 3) {
422 memcpy(ctx->tmp, in, n);
423 ctx->tmp_len = n;
424 ret += n;
425 break;
426 }
427 n -= n % 3;
428 ctx->buf_len = EVP_EncodeBlock(
429 (unsigned char *)ctx->buf,
430 (const unsigned char *)in, n);
431 OPENSSL_assert(ctx->buf_len <=
432 (int)sizeof(ctx->buf));
433 OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
434 ret += n;
435 }
436 } else {
437 if (!EVP_EncodeUpdate(&(ctx->base64),
438 (unsigned char *)ctx->buf, &ctx->buf_len,
439 (unsigned char *)in, n))
440 return ((ret == 0) ? -1 : ret);
441 OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
442 OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
443 ret += n;
444 }
445 inl -= n;
446 in += n;
447
448 ctx->buf_off = 0;
449 n = ctx->buf_len;
450 while (n > 0) {
451 i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
452 if (i <= 0) {
453 BIO_copy_next_retry(b);
454 return ((ret == 0) ? i : ret);
455 }
456 OPENSSL_assert(i <= n);
457 n -= i;
458 ctx->buf_off += i;
459 OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
460 OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
461 }
462 ctx->buf_len = 0;
463 ctx->buf_off = 0;
464 }
465 return (ret);
466}
467
468static long
469b64_ctrl(BIO *b, int cmd, long num, void *ptr)
470{
471 BIO_B64_CTX *ctx;
472 long ret = 1;
473 int i;
474
475 ctx = (BIO_B64_CTX *)b->ptr;
476
477 switch (cmd) {
478 case BIO_CTRL_RESET:
479 ctx->cont = 1;
480 ctx->start = 1;
481 ctx->encode = B64_NONE;
482 ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
483 break;
484 case BIO_CTRL_EOF: /* More to read */
485 if (ctx->cont <= 0)
486 ret = 1;
487 else
488 ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
489 break;
490 case BIO_CTRL_WPENDING: /* More to write in buffer */
491 OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
492 ret = ctx->buf_len - ctx->buf_off;
493 if ((ret == 0) && (ctx->encode != B64_NONE) &&
494 (ctx->base64.num != 0))
495 ret = 1;
496 else if (ret <= 0)
497 ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
498 break;
499 case BIO_CTRL_PENDING: /* More to read in buffer */
500 OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
501 ret = ctx->buf_len - ctx->buf_off;
502 if (ret <= 0)
503 ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
504 break;
505 case BIO_CTRL_FLUSH:
506 /* do a final write */
507again:
508 while (ctx->buf_len != ctx->buf_off) {
509 i = b64_write(b, NULL, 0);
510 if (i < 0)
511 return i;
512 }
513 if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
514 if (ctx->tmp_len != 0) {
515 ctx->buf_len = EVP_EncodeBlock(
516 (unsigned char *)ctx->buf,
517 (unsigned char *)ctx->tmp,
518 ctx->tmp_len);
519 ctx->buf_off = 0;
520 ctx->tmp_len = 0;
521 goto again;
522 }
523 } else if (ctx->encode != B64_NONE && ctx->base64.num != 0) {
524 ctx->buf_off = 0;
525 EVP_EncodeFinal(&(ctx->base64),
526 (unsigned char *)ctx->buf,
527 &(ctx->buf_len));
528 /* push out the bytes */
529 goto again;
530 }
531 /* Finally flush the underlying BIO */
532 ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
533 break;
534
535 case BIO_C_DO_STATE_MACHINE:
536 BIO_clear_retry_flags(b);
537 ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
538 BIO_copy_next_retry(b);
539 break;
540
541 case BIO_CTRL_DUP:
542 break;
543 case BIO_CTRL_INFO:
544 case BIO_CTRL_GET:
545 case BIO_CTRL_SET:
546 default:
547 ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
548 break;
549 }
550 return (ret);
551}
552
553static long
554b64_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
555{
556 long ret = 1;
557
558 if (b->next_bio == NULL)
559 return (0);
560 switch (cmd) {
561 default:
562 ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
563 break;
564 }
565 return (ret);
566}
567
568static int
569b64_puts(BIO *b, const char *str)
570{
571 return b64_write(b, str, strlen(str));
572}
diff --git a/src/lib/libcrypto/evp/bio_enc.c b/src/lib/libcrypto/evp/bio_enc.c
deleted file mode 100644
index 30baf93517..0000000000
--- a/src/lib/libcrypto/evp/bio_enc.c
+++ /dev/null
@@ -1,433 +0,0 @@
1/* $OpenBSD: bio_enc.c,v 1.33 2024/04/12 11:10:34 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <errno.h>
60#include <stdio.h>
61#include <stdlib.h>
62#include <string.h>
63
64#include <openssl/buffer.h>
65#include <openssl/evp.h>
66
67#include "bio_local.h"
68#include "evp_local.h"
69
70static int enc_write(BIO *h, const char *buf, int num);
71static int enc_read(BIO *h, char *buf, int size);
72/*static int enc_puts(BIO *h, const char *str); */
73/*static int enc_gets(BIO *h, char *str, int size); */
74static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2);
75static int enc_new(BIO *h);
76static int enc_free(BIO *data);
77static long enc_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fps);
78#define ENC_BLOCK_SIZE (1024*4)
79#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2)
80
81typedef struct enc_struct {
82 int buf_len;
83 int buf_off;
84 int cont; /* <= 0 when finished */
85 int finished;
86 int ok; /* bad decrypt */
87 EVP_CIPHER_CTX *cipher_ctx;
88 /* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate
89 * can return up to a block more data than is presented to it
90 */
91 char buf[ENC_BLOCK_SIZE + BUF_OFFSET + 2];
92} BIO_ENC_CTX;
93
94static const BIO_METHOD methods_enc = {
95 .type = BIO_TYPE_CIPHER,
96 .name = "cipher",
97 .bwrite = enc_write,
98 .bread = enc_read,
99 .ctrl = enc_ctrl,
100 .create = enc_new,
101 .destroy = enc_free,
102 .callback_ctrl = enc_callback_ctrl
103};
104
105const BIO_METHOD *
106BIO_f_cipher(void)
107{
108 return &methods_enc;
109}
110LCRYPTO_ALIAS(BIO_f_cipher);
111
112static void
113bio_enc_ctx_free(BIO_ENC_CTX *ctx)
114{
115 if (ctx == NULL)
116 return;
117
118 EVP_CIPHER_CTX_free(ctx->cipher_ctx);
119 freezero(ctx, sizeof(*ctx));
120}
121
122static int
123enc_new(BIO *bio)
124{
125 BIO_ENC_CTX *ctx;
126 int ret = 0;
127
128 if ((ctx = calloc(1, sizeof(BIO_ENC_CTX))) == NULL)
129 goto err;
130 if ((ctx->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
131 goto err;
132
133 ctx->cont = 1;
134 ctx->ok = 1;
135
136 bio->ptr = ctx;
137 ctx = NULL;
138
139 ret = 1;
140
141 err:
142 bio_enc_ctx_free(ctx);
143
144 return ret;
145}
146
147static int
148enc_free(BIO *bio)
149{
150 if (bio == NULL)
151 return 0;
152
153 bio_enc_ctx_free(bio->ptr);
154 explicit_bzero(bio, sizeof(*bio));
155
156 return 1;
157}
158
159static int
160enc_read(BIO *bio, char *out, int outl)
161{
162 BIO_ENC_CTX *ctx;
163 int ret = 0, i;
164
165 if (out == NULL)
166 return 0;
167 ctx = bio->ptr;
168
169 if (ctx == NULL || bio->next_bio == NULL)
170 return 0;
171
172 /* First check if there are bytes decoded/encoded */
173 if (ctx->buf_len > 0) {
174 i = ctx->buf_len - ctx->buf_off;
175 if (i > outl)
176 i = outl;
177 memcpy(out, &(ctx->buf[ctx->buf_off]), i);
178 ret = i;
179 out += i;
180 outl -= i;
181 ctx->buf_off += i;
182 if (ctx->buf_len == ctx->buf_off) {
183 ctx->buf_len = 0;
184 ctx->buf_off = 0;
185 }
186 }
187
188 /* At this point, we have room of outl bytes and an empty
189 * buffer, so we should read in some more. */
190
191 while (outl > 0) {
192 if (ctx->cont <= 0)
193 break;
194
195 /* read in at IV offset, read the EVP_Cipher
196 * documentation about why */
197 i = BIO_read(bio->next_bio, &ctx->buf[BUF_OFFSET],
198 ENC_BLOCK_SIZE);
199
200 if (i <= 0) {
201 /* Should be continue next time we are called? */
202 if (!BIO_should_retry(bio->next_bio)) {
203 ctx->cont = i;
204 i = EVP_CipherFinal_ex(ctx->cipher_ctx,
205 (unsigned char *)ctx->buf,
206 &(ctx->buf_len));
207 ctx->ok = i;
208 ctx->buf_off = 0;
209 } else {
210 ret = (ret == 0) ? i : ret;
211 break;
212 }
213 } else {
214 EVP_CipherUpdate(ctx->cipher_ctx,
215 (unsigned char *)ctx->buf, &ctx->buf_len,
216 (unsigned char *)&ctx->buf[BUF_OFFSET], i);
217 ctx->cont = 1;
218 /* Note: it is possible for EVP_CipherUpdate to
219 * decrypt zero bytes because this is or looks like
220 * the final block: if this happens we should retry
221 * and either read more data or decrypt the final
222 * block
223 */
224 if (ctx->buf_len == 0)
225 continue;
226 }
227
228 if (ctx->buf_len <= outl)
229 i = ctx->buf_len;
230 else
231 i = outl;
232 if (i <= 0)
233 break;
234 memcpy(out, ctx->buf, i);
235 ret += i;
236 ctx->buf_off = i;
237 outl -= i;
238 out += i;
239 }
240
241 BIO_clear_retry_flags(bio);
242 BIO_copy_next_retry(bio);
243 return ret == 0 ? ctx->cont : ret;
244}
245
246static int
247enc_write(BIO *bio, const char *in, int inl)
248{
249 BIO_ENC_CTX *ctx;
250 int ret = 0, n, i;
251
252 ctx = bio->ptr;
253 ret = inl;
254
255 BIO_clear_retry_flags(bio);
256 n = ctx->buf_len - ctx->buf_off;
257 while (n > 0) {
258 i = BIO_write(bio->next_bio, &(ctx->buf[ctx->buf_off]), n);
259 if (i <= 0) {
260 BIO_copy_next_retry(bio);
261 return i;
262 }
263 ctx->buf_off += i;
264 n -= i;
265 }
266 /* at this point all pending data has been written */
267
268 if (in == NULL || inl <= 0)
269 return 0;
270
271 ctx->buf_off = 0;
272 while (inl > 0) {
273 n = inl > ENC_BLOCK_SIZE ? ENC_BLOCK_SIZE : inl;
274 EVP_CipherUpdate(ctx->cipher_ctx,
275 (unsigned char *)ctx->buf, &ctx->buf_len,
276 (unsigned char *)in, n);
277 inl -= n;
278 in += n;
279
280 ctx->buf_off = 0;
281 n = ctx->buf_len;
282 while (n > 0) {
283 i = BIO_write(bio->next_bio, &ctx->buf[ctx->buf_off], n);
284 if (i <= 0) {
285 BIO_copy_next_retry(bio);
286 return ret == inl ? i : ret - inl;
287 }
288 n -= i;
289 ctx->buf_off += i;
290 }
291 ctx->buf_len = 0;
292 ctx->buf_off = 0;
293 }
294 BIO_copy_next_retry(bio);
295
296 return ret;
297}
298
299static long
300enc_ctrl(BIO *bio, int cmd, long num, void *ptr)
301{
302 BIO *dbio;
303 BIO_ENC_CTX *ctx, *dctx;
304 EVP_CIPHER_CTX **c_ctx;
305 int i;
306 long ret = 1;
307
308 ctx = bio->ptr;
309
310 switch (cmd) {
311 case BIO_CTRL_RESET:
312 ctx->ok = 1;
313 ctx->finished = 0;
314 EVP_CipherInit_ex(ctx->cipher_ctx, NULL, NULL, NULL, NULL,
315 ctx->cipher_ctx->encrypt);
316 ret = BIO_ctrl(bio->next_bio, cmd, num, ptr);
317 break;
318 case BIO_CTRL_EOF: /* More to read */
319 if (ctx->cont <= 0)
320 ret = 1;
321 else
322 ret = BIO_ctrl(bio->next_bio, cmd, num, ptr);
323 break;
324 case BIO_CTRL_WPENDING:
325 ret = ctx->buf_len - ctx->buf_off;
326 if (ret <= 0)
327 ret = BIO_ctrl(bio->next_bio, cmd, num, ptr);
328 break;
329 case BIO_CTRL_PENDING: /* More to read in buffer */
330 ret = ctx->buf_len - ctx->buf_off;
331 if (ret <= 0)
332 ret = BIO_ctrl(bio->next_bio, cmd, num, ptr);
333 break;
334 case BIO_CTRL_FLUSH:
335 /* do a final write */
336 again:
337 while (ctx->buf_len != ctx->buf_off) {
338 i = enc_write(bio, NULL, 0);
339 if (i < 0)
340 return i;
341 }
342
343 if (!ctx->finished) {
344 ctx->finished = 1;
345 ctx->buf_off = 0;
346 ret = EVP_CipherFinal_ex(ctx->cipher_ctx,
347 (unsigned char *)ctx->buf,
348 &ctx->buf_len);
349 ctx->ok = (int)ret;
350 if (ret <= 0)
351 break;
352
353 /* push out the bytes */
354 goto again;
355 }
356
357 /* Finally flush the underlying BIO */
358 ret = BIO_ctrl(bio->next_bio, cmd, num, ptr);
359 break;
360 case BIO_C_GET_CIPHER_STATUS:
361 ret = (long)ctx->ok;
362 break;
363 case BIO_C_DO_STATE_MACHINE:
364 BIO_clear_retry_flags(bio);
365 ret = BIO_ctrl(bio->next_bio, cmd, num, ptr);
366 BIO_copy_next_retry(bio);
367 break;
368 case BIO_C_GET_CIPHER_CTX:
369 c_ctx = ptr;
370 *c_ctx = ctx->cipher_ctx;
371 bio->init = 1;
372 break;
373 case BIO_CTRL_DUP:
374 dbio = ptr;
375 dctx = dbio->ptr;
376 ret = EVP_CIPHER_CTX_copy(dctx->cipher_ctx, ctx->cipher_ctx);
377 if (ret)
378 dbio->init = 1;
379 break;
380 default:
381 ret = BIO_ctrl(bio->next_bio, cmd, num, ptr);
382 break;
383 }
384
385 return ret;
386}
387
388static long
389enc_callback_ctrl(BIO *bio, int cmd, BIO_info_cb *fp)
390{
391 long ret = 1;
392
393 if (bio->next_bio == NULL)
394 return 0;
395
396 switch (cmd) {
397 default:
398 ret = BIO_callback_ctrl(bio->next_bio, cmd, fp);
399 break;
400 }
401
402 return ret;
403}
404
405int
406BIO_set_cipher(BIO *bio, const EVP_CIPHER *c, const unsigned char *k,
407 const unsigned char *i, int e)
408{
409 BIO_ENC_CTX *ctx;
410 long (*cb)(BIO *, int, const char *, int, long, long);
411
412 if (bio == NULL)
413 return 0;
414
415 if ((ctx = BIO_get_data(bio)) == NULL)
416 return 0;
417
418 if ((cb = BIO_get_callback(bio)) != NULL) {
419 if (cb(bio, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 0L) <= 0)
420 return 0;
421 }
422
423 BIO_set_init(bio, 1);
424
425 if (!EVP_CipherInit_ex(ctx->cipher_ctx, c, NULL, k, i, e))
426 return 0;
427
428 if (cb != NULL)
429 return cb(bio, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L);
430
431 return 1;
432}
433LCRYPTO_ALIAS(BIO_set_cipher);
diff --git a/src/lib/libcrypto/evp/bio_md.c b/src/lib/libcrypto/evp/bio_md.c
deleted file mode 100644
index 420192d23c..0000000000
--- a/src/lib/libcrypto/evp/bio_md.c
+++ /dev/null
@@ -1,281 +0,0 @@
1/* $OpenBSD: bio_md.c,v 1.22 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <errno.h>
61
62#include <openssl/buffer.h>
63#include <openssl/evp.h>
64
65#include "bio_local.h"
66#include "evp_local.h"
67
68/* BIO_put and BIO_get both add to the digest,
69 * BIO_gets returns the digest */
70
71static int md_write(BIO *h, char const *buf, int num);
72static int md_read(BIO *h, char *buf, int size);
73/*static int md_puts(BIO *h, const char *str); */
74static int md_gets(BIO *h, char *str, int size);
75static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2);
76static int md_new(BIO *h);
77static int md_free(BIO *data);
78static long md_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
79
80static const BIO_METHOD methods_md = {
81 .type = BIO_TYPE_MD,
82 .name = "message digest",
83 .bwrite = md_write,
84 .bread = md_read,
85 .bgets = md_gets,
86 .ctrl = md_ctrl,
87 .create = md_new,
88 .destroy = md_free,
89 .callback_ctrl = md_callback_ctrl
90};
91
92const BIO_METHOD *
93BIO_f_md(void)
94{
95 return (&methods_md);
96}
97LCRYPTO_ALIAS(BIO_f_md);
98
99static int
100md_new(BIO *bi)
101{
102 EVP_MD_CTX *ctx;
103
104 ctx = EVP_MD_CTX_create();
105 if (ctx == NULL)
106 return (0);
107
108 bi->init = 0;
109 bi->ptr = (char *)ctx;
110 bi->flags = 0;
111 return (1);
112}
113
114static int
115md_free(BIO *a)
116{
117 if (a == NULL)
118 return (0);
119 EVP_MD_CTX_destroy(a->ptr);
120 a->ptr = NULL;
121 a->init = 0;
122 a->flags = 0;
123 return (1);
124}
125
126static int
127md_read(BIO *b, char *out, int outl)
128{
129 int ret = 0;
130 EVP_MD_CTX *ctx;
131
132 if (out == NULL)
133 return (0);
134 ctx = b->ptr;
135
136 if ((ctx == NULL) || (b->next_bio == NULL))
137 return (0);
138
139 ret = BIO_read(b->next_bio, out, outl);
140 if (b->init) {
141 if (ret > 0) {
142 if (EVP_DigestUpdate(ctx, (unsigned char *)out,
143 (unsigned int)ret) <= 0)
144 return (-1);
145 }
146 }
147 BIO_clear_retry_flags(b);
148 BIO_copy_next_retry(b);
149 return (ret);
150}
151
152static int
153md_write(BIO *b, const char *in, int inl)
154{
155 int ret = 0;
156 EVP_MD_CTX *ctx;
157
158 if ((in == NULL) || (inl <= 0))
159 return (0);
160 ctx = b->ptr;
161
162 if ((ctx != NULL) && (b->next_bio != NULL))
163 ret = BIO_write(b->next_bio, in, inl);
164 if (b->init) {
165 if (ret > 0) {
166 if (!EVP_DigestUpdate(ctx, (const unsigned char *)in,
167 (unsigned int)ret)) {
168 BIO_clear_retry_flags(b);
169 return 0;
170 }
171 }
172 }
173 if (b->next_bio != NULL) {
174 BIO_clear_retry_flags(b);
175 BIO_copy_next_retry(b);
176 }
177 return (ret);
178}
179
180static long
181md_ctrl(BIO *b, int cmd, long num, void *ptr)
182{
183 EVP_MD_CTX *ctx, *dctx, **pctx;
184 const EVP_MD **ppmd;
185 EVP_MD *md;
186 long ret = 1;
187 BIO *dbio;
188
189 ctx = b->ptr;
190
191 switch (cmd) {
192 case BIO_CTRL_RESET:
193 if (b->init)
194 ret = EVP_DigestInit_ex(ctx, ctx->digest, NULL);
195 else
196 ret = 0;
197 if (ret > 0)
198 ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
199 break;
200 case BIO_C_GET_MD:
201 if (b->init) {
202 ppmd = ptr;
203 *ppmd = ctx->digest;
204 } else
205 ret = 0;
206 break;
207 case BIO_C_GET_MD_CTX:
208 pctx = ptr;
209 *pctx = ctx;
210 b->init = 1;
211 break;
212 case BIO_C_SET_MD_CTX:
213 if (b->init)
214 b->ptr = ptr;
215 else
216 ret = 0;
217 break;
218 case BIO_C_DO_STATE_MACHINE:
219 BIO_clear_retry_flags(b);
220 ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
221 BIO_copy_next_retry(b);
222 break;
223
224 case BIO_C_SET_MD:
225 md = ptr;
226 ret = EVP_DigestInit_ex(ctx, md, NULL);
227 if (ret > 0)
228 b->init = 1;
229 break;
230 case BIO_CTRL_DUP:
231 dbio = ptr;
232 dctx = dbio->ptr;
233 if (!EVP_MD_CTX_copy_ex(dctx, ctx))
234 return 0;
235 b->init = 1;
236 break;
237 default:
238 ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
239 break;
240 }
241 return (ret);
242}
243
244static long
245md_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
246{
247 long ret = 1;
248
249 if (b->next_bio == NULL)
250 return (0);
251 switch (cmd) {
252 default:
253 ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
254 break;
255 }
256 return (ret);
257}
258
259static int
260md_gets(BIO *bp, char *buf, int size)
261{
262 EVP_MD_CTX *ctx;
263 unsigned int ret;
264
265 ctx = bp->ptr;
266 if (size < ctx->digest->md_size)
267 return (0);
268 if (EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret) <= 0)
269 return -1;
270
271 return ((int)ret);
272}
273
274/*
275static int md_puts(bp,str)
276BIO *bp;
277char *str;
278 {
279 return(-1);
280 }
281*/
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
deleted file mode 100644
index 7753c18c15..0000000000
--- a/src/lib/libcrypto/evp/e_aes.c
+++ /dev/null
@@ -1,2639 +0,0 @@
1/* $OpenBSD: e_aes.c,v 1.59 2024/09/06 09:57:32 tb Exp $ */
2/* ====================================================================
3 * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 */
51
52#include <limits.h>
53#include <stdlib.h>
54#include <string.h>
55
56#include <openssl/opensslconf.h>
57
58#include "crypto_internal.h"
59
60#ifndef OPENSSL_NO_AES
61#include <openssl/aes.h>
62#include <openssl/err.h>
63#include <openssl/evp.h>
64
65#include "evp_local.h"
66#include "modes_local.h"
67
68typedef struct {
69 AES_KEY ks;
70 block128_f block;
71 union {
72 cbc128_f cbc;
73 ctr128_f ctr;
74 } stream;
75} EVP_AES_KEY;
76
77typedef struct {
78 AES_KEY ks; /* AES key schedule to use */
79 int key_set; /* Set if key initialised */
80 int iv_set; /* Set if an iv is set */
81 GCM128_CONTEXT gcm;
82 unsigned char *iv; /* Temporary IV store */
83 int ivlen; /* IV length */
84 int taglen;
85 int iv_gen; /* It is OK to generate IVs */
86 int tls_aad_len; /* TLS AAD length */
87 ctr128_f ctr;
88} EVP_AES_GCM_CTX;
89
90typedef struct {
91 AES_KEY ks1, ks2; /* AES key schedules to use */
92 XTS128_CONTEXT xts;
93 void (*stream)(const unsigned char *in, unsigned char *out,
94 size_t length, const AES_KEY *key1, const AES_KEY *key2,
95 const unsigned char iv[16]);
96} EVP_AES_XTS_CTX;
97
98typedef struct {
99 AES_KEY ks; /* AES key schedule to use */
100 int key_set; /* Set if key initialised */
101 int iv_set; /* Set if an iv is set */
102 int tag_set; /* Set if tag is valid */
103 int len_set; /* Set if message length set */
104 int L, M; /* L and M parameters from RFC3610 */
105 CCM128_CONTEXT ccm;
106 ccm128_f str;
107} EVP_AES_CCM_CTX;
108
109#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))
110
111#ifdef VPAES_ASM
112int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
113 AES_KEY *key);
114int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
115 AES_KEY *key);
116
117void vpaes_encrypt(const unsigned char *in, unsigned char *out,
118 const AES_KEY *key);
119void vpaes_decrypt(const unsigned char *in, unsigned char *out,
120 const AES_KEY *key);
121
122void vpaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
123 size_t length, const AES_KEY *key, unsigned char *ivec, int enc);
124#endif
125#ifdef BSAES_ASM
126void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
127 size_t length, const AES_KEY *key, unsigned char ivec[16], int enc);
128void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
129 size_t len, const AES_KEY *key, const unsigned char ivec[16]);
130void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
131 size_t len, const AES_KEY *key1, const AES_KEY *key2,
132 const unsigned char iv[16]);
133void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
134 size_t len, const AES_KEY *key1, const AES_KEY *key2,
135 const unsigned char iv[16]);
136#endif
137#ifdef AES_CTR_ASM
138void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
139 size_t blocks, const AES_KEY *key,
140 const unsigned char ivec[AES_BLOCK_SIZE]);
141#endif
142#ifdef AES_XTS_ASM
143void AES_xts_encrypt(const char *inp, char *out, size_t len,
144 const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]);
145void AES_xts_decrypt(const char *inp, char *out, size_t len,
146 const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]);
147#endif
148
149#if defined(AES_ASM) && ( \
150 ((defined(__i386) || defined(__i386__) || \
151 defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
152 defined(__x86_64) || defined(__x86_64__) || \
153 defined(_M_AMD64) || defined(_M_X64) || \
154 defined(__INTEL__) )
155
156#include "x86_arch.h"
157
158#ifdef VPAES_ASM
159#define VPAES_CAPABLE (crypto_cpu_caps_ia32() & CPUCAP_MASK_SSSE3)
160#endif
161#ifdef BSAES_ASM
162#define BSAES_CAPABLE VPAES_CAPABLE
163#endif
164/*
165 * AES-NI section
166 */
167#define AESNI_CAPABLE (crypto_cpu_caps_ia32() & CPUCAP_MASK_AESNI)
168
169int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
170 AES_KEY *key);
171int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
172 AES_KEY *key);
173
174void aesni_encrypt(const unsigned char *in, unsigned char *out,
175 const AES_KEY *key);
176void aesni_decrypt(const unsigned char *in, unsigned char *out,
177 const AES_KEY *key);
178
179void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out,
180 size_t length, const AES_KEY *key, int enc);
181void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out,
182 size_t length, const AES_KEY *key, unsigned char *ivec, int enc);
183
184void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
185 size_t blocks, const void *key, const unsigned char *ivec);
186
187void aesni_xts_encrypt(const unsigned char *in, unsigned char *out,
188 size_t length, const AES_KEY *key1, const AES_KEY *key2,
189 const unsigned char iv[16]);
190
191void aesni_xts_decrypt(const unsigned char *in, unsigned char *out,
192 size_t length, const AES_KEY *key1, const AES_KEY *key2,
193 const unsigned char iv[16]);
194
195void aesni_ccm64_encrypt_blocks (const unsigned char *in, unsigned char *out,
196 size_t blocks, const void *key, const unsigned char ivec[16],
197 unsigned char cmac[16]);
198
199void aesni_ccm64_decrypt_blocks (const unsigned char *in, unsigned char *out,
200 size_t blocks, const void *key, const unsigned char ivec[16],
201 unsigned char cmac[16]);
202
203static int
204aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
205 const unsigned char *iv, int enc)
206{
207 int ret, mode;
208 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
209
210 mode = ctx->cipher->flags & EVP_CIPH_MODE;
211 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) &&
212 !enc) {
213 ret = aesni_set_decrypt_key(key, ctx->key_len * 8,
214 ctx->cipher_data);
215 dat->block = (block128_f)aesni_decrypt;
216 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
217 (cbc128_f)aesni_cbc_encrypt : NULL;
218 } else {
219 ret = aesni_set_encrypt_key(key, ctx->key_len * 8,
220 ctx->cipher_data);
221 dat->block = (block128_f)aesni_encrypt;
222 if (mode == EVP_CIPH_CBC_MODE)
223 dat->stream.cbc = (cbc128_f)aesni_cbc_encrypt;
224 else if (mode == EVP_CIPH_CTR_MODE)
225 dat->stream.ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
226 else
227 dat->stream.cbc = NULL;
228 }
229
230 if (ret < 0) {
231 EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
232 return 0;
233 }
234
235 return 1;
236}
237
238static int
239aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
240 const unsigned char *in, size_t len)
241{
242 aesni_cbc_encrypt(in, out, len, ctx->cipher_data, ctx->iv,
243 ctx->encrypt);
244
245 return 1;
246}
247
248static int
249aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
250 const unsigned char *in, size_t len)
251{
252 size_t bl = ctx->cipher->block_size;
253
254 if (len < bl)
255 return 1;
256
257 aesni_ecb_encrypt(in, out, len, ctx->cipher_data, ctx->encrypt);
258
259 return 1;
260}
261
262static int
263aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
264 const unsigned char *iv, int enc)
265{
266 EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
267
268 if (!iv && !key)
269 return 1;
270 if (key) {
271 aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
272 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
273 (block128_f)aesni_encrypt);
274 gctx->ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
275 /* If we have an iv can set it directly, otherwise use
276 * saved IV.
277 */
278 if (iv == NULL && gctx->iv_set)
279 iv = gctx->iv;
280 if (iv) {
281 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
282 gctx->iv_set = 1;
283 }
284 gctx->key_set = 1;
285 } else {
286 /* If key set use IV, otherwise copy */
287 if (gctx->key_set)
288 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
289 else
290 memcpy(gctx->iv, iv, gctx->ivlen);
291 gctx->iv_set = 1;
292 gctx->iv_gen = 0;
293 }
294 return 1;
295}
296
297static int
298aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
299 const unsigned char *iv, int enc)
300{
301 EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
302
303 if (!iv && !key)
304 return 1;
305
306 if (key) {
307 /* key_len is two AES keys */
308 if (enc) {
309 aesni_set_encrypt_key(key, ctx->key_len * 4,
310 &xctx->ks1);
311 xctx->xts.block1 = (block128_f)aesni_encrypt;
312 xctx->stream = aesni_xts_encrypt;
313 } else {
314 aesni_set_decrypt_key(key, ctx->key_len * 4,
315 &xctx->ks1);
316 xctx->xts.block1 = (block128_f)aesni_decrypt;
317 xctx->stream = aesni_xts_decrypt;
318 }
319
320 aesni_set_encrypt_key(key + ctx->key_len / 2,
321 ctx->key_len * 4, &xctx->ks2);
322 xctx->xts.block2 = (block128_f)aesni_encrypt;
323
324 xctx->xts.key1 = &xctx->ks1;
325 }
326
327 if (iv) {
328 xctx->xts.key2 = &xctx->ks2;
329 memcpy(ctx->iv, iv, 16);
330 }
331
332 return 1;
333}
334
335static int
336aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
337 const unsigned char *iv, int enc)
338{
339 EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
340
341 if (!iv && !key)
342 return 1;
343 if (key) {
344 aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
345 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
346 &cctx->ks, (block128_f)aesni_encrypt);
347 cctx->str = enc ? (ccm128_f)aesni_ccm64_encrypt_blocks :
348 (ccm128_f)aesni_ccm64_decrypt_blocks;
349 cctx->key_set = 1;
350 }
351 if (iv) {
352 memcpy(ctx->iv, iv, 15 - cctx->L);
353 cctx->iv_set = 1;
354 }
355 return 1;
356}
357
358#endif
359
360static int
361aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
362 const unsigned char *iv, int enc)
363{
364 int ret, mode;
365 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
366
367 mode = ctx->cipher->flags & EVP_CIPH_MODE;
368 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) &&
369 !enc)
370#ifdef BSAES_CAPABLE
371 if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) {
372 ret = AES_set_decrypt_key(key, ctx->key_len * 8,
373 &dat->ks);
374 dat->block = (block128_f)AES_decrypt;
375 dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt;
376 } else
377#endif
378#ifdef VPAES_CAPABLE
379 if (VPAES_CAPABLE) {
380 ret = vpaes_set_decrypt_key(key, ctx->key_len * 8,
381 &dat->ks);
382 dat->block = (block128_f)vpaes_decrypt;
383 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
384 (cbc128_f)vpaes_cbc_encrypt : NULL;
385 } else
386#endif
387 {
388 ret = AES_set_decrypt_key(key, ctx->key_len * 8,
389 &dat->ks);
390 dat->block = (block128_f)AES_decrypt;
391 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
392 (cbc128_f)AES_cbc_encrypt : NULL;
393 } else
394#ifdef BSAES_CAPABLE
395 if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) {
396 ret = AES_set_encrypt_key(key, ctx->key_len * 8,
397 &dat->ks);
398 dat->block = (block128_f)AES_encrypt;
399 dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks;
400 } else
401#endif
402#ifdef VPAES_CAPABLE
403 if (VPAES_CAPABLE) {
404 ret = vpaes_set_encrypt_key(key, ctx->key_len * 8,
405 &dat->ks);
406 dat->block = (block128_f)vpaes_encrypt;
407 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
408 (cbc128_f)vpaes_cbc_encrypt : NULL;
409 } else
410#endif
411 {
412 ret = AES_set_encrypt_key(key, ctx->key_len * 8,
413 &dat->ks);
414 dat->block = (block128_f)AES_encrypt;
415 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
416 (cbc128_f)AES_cbc_encrypt : NULL;
417#ifdef AES_CTR_ASM
418 if (mode == EVP_CIPH_CTR_MODE)
419 dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt;
420#endif
421 }
422
423 if (ret < 0) {
424 EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
425 return 0;
426 }
427
428 return 1;
429}
430
431static int
432aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
433 const unsigned char *in, size_t len)
434{
435 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
436
437 if (dat->stream.cbc)
438 (*dat->stream.cbc)(in, out, len, &dat->ks, ctx->iv,
439 ctx->encrypt);
440 else if (ctx->encrypt)
441 CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv,
442 dat->block);
443 else
444 CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv,
445 dat->block);
446
447 return 1;
448}
449
450static int
451aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
452 const unsigned char *in, size_t len)
453{
454 size_t bl = ctx->cipher->block_size;
455 size_t i;
456 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
457
458 if (len < bl)
459 return 1;
460
461 for (i = 0, len -= bl; i <= len; i += bl)
462 (*dat->block)(in + i, out + i, &dat->ks);
463
464 return 1;
465}
466
467static int
468aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
469 const unsigned char *in, size_t len)
470{
471 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
472
473 CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num,
474 dat->block);
475 return 1;
476}
477
478static int
479aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
480 const unsigned char *in, size_t len)
481{
482 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
483
484 CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num,
485 ctx->encrypt, dat->block);
486 return 1;
487}
488
489static int
490aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
491 const unsigned char *in, size_t len)
492{
493 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
494
495 CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num,
496 ctx->encrypt, dat->block);
497 return 1;
498}
499
500static int
501aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
502 const unsigned char *in, size_t len)
503{
504 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
505
506 if (ctx->flags&EVP_CIPH_FLAG_LENGTH_BITS) {
507 CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, ctx->iv,
508 &ctx->num, ctx->encrypt, dat->block);
509 return 1;
510 }
511
512 while (len >= MAXBITCHUNK) {
513 CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK*8, &dat->ks,
514 ctx->iv, &ctx->num, ctx->encrypt, dat->block);
515 len -= MAXBITCHUNK;
516 in += MAXBITCHUNK;
517 out += MAXBITCHUNK;
518 }
519 if (len)
520 CRYPTO_cfb128_1_encrypt(in, out, len*8, &dat->ks,
521 ctx->iv, &ctx->num, ctx->encrypt, dat->block);
522
523 return 1;
524}
525
526static int
527aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
528 const unsigned char *in, size_t len)
529{
530 unsigned int num = ctx->num;
531 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
532
533 if (dat->stream.ctr)
534 CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
535 ctx->iv, ctx->buf, &num, dat->stream.ctr);
536 else
537 CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
538 ctx->iv, ctx->buf, &num, dat->block);
539 ctx->num = (size_t)num;
540 return 1;
541}
542
543
544#ifdef AESNI_CAPABLE
545static const EVP_CIPHER aesni_128_cbc = {
546 .nid = NID_aes_128_cbc,
547 .block_size = 16,
548 .key_len = 16,
549 .iv_len = 16,
550 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
551 .init = aesni_init_key,
552 .do_cipher = aesni_cbc_cipher,
553 .ctx_size = sizeof(EVP_AES_KEY),
554};
555#endif
556
557static const EVP_CIPHER aes_128_cbc = {
558 .nid = NID_aes_128_cbc,
559 .block_size = 16,
560 .key_len = 16,
561 .iv_len = 16,
562 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
563 .init = aes_init_key,
564 .do_cipher = aes_cbc_cipher,
565 .ctx_size = sizeof(EVP_AES_KEY),
566};
567
568const EVP_CIPHER *
569EVP_aes_128_cbc(void)
570{
571#ifdef AESNI_CAPABLE
572 return AESNI_CAPABLE ? &aesni_128_cbc : &aes_128_cbc;
573#else
574 return &aes_128_cbc;
575#endif
576}
577LCRYPTO_ALIAS(EVP_aes_128_cbc);
578
579#ifdef AESNI_CAPABLE
580static const EVP_CIPHER aesni_128_ecb = {
581 .nid = NID_aes_128_ecb,
582 .block_size = 16,
583 .key_len = 16,
584 .iv_len = 0,
585 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
586 .init = aesni_init_key,
587 .do_cipher = aesni_ecb_cipher,
588 .ctx_size = sizeof(EVP_AES_KEY),
589};
590#endif
591
592static const EVP_CIPHER aes_128_ecb = {
593 .nid = NID_aes_128_ecb,
594 .block_size = 16,
595 .key_len = 16,
596 .iv_len = 0,
597 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
598 .init = aes_init_key,
599 .do_cipher = aes_ecb_cipher,
600 .ctx_size = sizeof(EVP_AES_KEY),
601};
602
603const EVP_CIPHER *
604EVP_aes_128_ecb(void)
605{
606#ifdef AESNI_CAPABLE
607 return AESNI_CAPABLE ? &aesni_128_ecb : &aes_128_ecb;
608#else
609 return &aes_128_ecb;
610#endif
611}
612LCRYPTO_ALIAS(EVP_aes_128_ecb);
613
614#ifdef AESNI_CAPABLE
615static const EVP_CIPHER aesni_128_ofb = {
616 .nid = NID_aes_128_ofb128,
617 .block_size = 1,
618 .key_len = 16,
619 .iv_len = 16,
620 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
621 .init = aesni_init_key,
622 .do_cipher = aes_ofb_cipher,
623 .ctx_size = sizeof(EVP_AES_KEY),
624};
625#endif
626
627static const EVP_CIPHER aes_128_ofb = {
628 .nid = NID_aes_128_ofb128,
629 .block_size = 1,
630 .key_len = 16,
631 .iv_len = 16,
632 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
633 .init = aes_init_key,
634 .do_cipher = aes_ofb_cipher,
635 .ctx_size = sizeof(EVP_AES_KEY),
636};
637
638const EVP_CIPHER *
639EVP_aes_128_ofb(void)
640{
641#ifdef AESNI_CAPABLE
642 return AESNI_CAPABLE ? &aesni_128_ofb : &aes_128_ofb;
643#else
644 return &aes_128_ofb;
645#endif
646}
647LCRYPTO_ALIAS(EVP_aes_128_ofb);
648
649#ifdef AESNI_CAPABLE
650static const EVP_CIPHER aesni_128_cfb = {
651 .nid = NID_aes_128_cfb128,
652 .block_size = 1,
653 .key_len = 16,
654 .iv_len = 16,
655 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
656 .init = aesni_init_key,
657 .do_cipher = aes_cfb_cipher,
658 .ctx_size = sizeof(EVP_AES_KEY),
659};
660#endif
661
662static const EVP_CIPHER aes_128_cfb = {
663 .nid = NID_aes_128_cfb128,
664 .block_size = 1,
665 .key_len = 16,
666 .iv_len = 16,
667 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
668 .init = aes_init_key,
669 .do_cipher = aes_cfb_cipher,
670 .ctx_size = sizeof(EVP_AES_KEY),
671};
672
673const EVP_CIPHER *
674EVP_aes_128_cfb128(void)
675{
676#ifdef AESNI_CAPABLE
677 return AESNI_CAPABLE ? &aesni_128_cfb : &aes_128_cfb;
678#else
679 return &aes_128_cfb;
680#endif
681}
682LCRYPTO_ALIAS(EVP_aes_128_cfb128);
683
684#ifdef AESNI_CAPABLE
685static const EVP_CIPHER aesni_128_cfb1 = {
686 .nid = NID_aes_128_cfb1,
687 .block_size = 1,
688 .key_len = 16,
689 .iv_len = 16,
690 .flags = EVP_CIPH_CFB_MODE,
691 .init = aesni_init_key,
692 .do_cipher = aes_cfb1_cipher,
693 .ctx_size = sizeof(EVP_AES_KEY),
694};
695#endif
696
697static const EVP_CIPHER aes_128_cfb1 = {
698 .nid = NID_aes_128_cfb1,
699 .block_size = 1,
700 .key_len = 16,
701 .iv_len = 16,
702 .flags = EVP_CIPH_CFB_MODE,
703 .init = aes_init_key,
704 .do_cipher = aes_cfb1_cipher,
705 .ctx_size = sizeof(EVP_AES_KEY),
706};
707
708const EVP_CIPHER *
709EVP_aes_128_cfb1(void)
710{
711#ifdef AESNI_CAPABLE
712 return AESNI_CAPABLE ? &aesni_128_cfb1 : &aes_128_cfb1;
713#else
714 return &aes_128_cfb1;
715#endif
716}
717LCRYPTO_ALIAS(EVP_aes_128_cfb1);
718
719#ifdef AESNI_CAPABLE
720static const EVP_CIPHER aesni_128_cfb8 = {
721 .nid = NID_aes_128_cfb8,
722 .block_size = 1,
723 .key_len = 16,
724 .iv_len = 16,
725 .flags = EVP_CIPH_CFB_MODE,
726 .init = aesni_init_key,
727 .do_cipher = aes_cfb8_cipher,
728 .ctx_size = sizeof(EVP_AES_KEY),
729};
730#endif
731
732static const EVP_CIPHER aes_128_cfb8 = {
733 .nid = NID_aes_128_cfb8,
734 .block_size = 1,
735 .key_len = 16,
736 .iv_len = 16,
737 .flags = EVP_CIPH_CFB_MODE,
738 .init = aes_init_key,
739 .do_cipher = aes_cfb8_cipher,
740 .ctx_size = sizeof(EVP_AES_KEY),
741};
742
743const EVP_CIPHER *
744EVP_aes_128_cfb8(void)
745{
746#ifdef AESNI_CAPABLE
747 return AESNI_CAPABLE ? &aesni_128_cfb8 : &aes_128_cfb8;
748#else
749 return &aes_128_cfb8;
750#endif
751}
752LCRYPTO_ALIAS(EVP_aes_128_cfb8);
753
754#ifdef AESNI_CAPABLE
755static const EVP_CIPHER aesni_128_ctr = {
756 .nid = NID_aes_128_ctr,
757 .block_size = 1,
758 .key_len = 16,
759 .iv_len = 16,
760 .flags = EVP_CIPH_CTR_MODE,
761 .init = aesni_init_key,
762 .do_cipher = aes_ctr_cipher,
763 .ctx_size = sizeof(EVP_AES_KEY),
764};
765#endif
766
767static const EVP_CIPHER aes_128_ctr = {
768 .nid = NID_aes_128_ctr,
769 .block_size = 1,
770 .key_len = 16,
771 .iv_len = 16,
772 .flags = EVP_CIPH_CTR_MODE,
773 .init = aes_init_key,
774 .do_cipher = aes_ctr_cipher,
775 .ctx_size = sizeof(EVP_AES_KEY),
776};
777
778const EVP_CIPHER *
779EVP_aes_128_ctr(void)
780{
781#ifdef AESNI_CAPABLE
782 return AESNI_CAPABLE ? &aesni_128_ctr : &aes_128_ctr;
783#else
784 return &aes_128_ctr;
785#endif
786}
787LCRYPTO_ALIAS(EVP_aes_128_ctr);
788
789
790#ifdef AESNI_CAPABLE
791static const EVP_CIPHER aesni_192_cbc = {
792 .nid = NID_aes_192_cbc,
793 .block_size = 16,
794 .key_len = 24,
795 .iv_len = 16,
796 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
797 .init = aesni_init_key,
798 .do_cipher = aesni_cbc_cipher,
799 .ctx_size = sizeof(EVP_AES_KEY),
800};
801#endif
802
803static const EVP_CIPHER aes_192_cbc = {
804 .nid = NID_aes_192_cbc,
805 .block_size = 16,
806 .key_len = 24,
807 .iv_len = 16,
808 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
809 .init = aes_init_key,
810 .do_cipher = aes_cbc_cipher,
811 .ctx_size = sizeof(EVP_AES_KEY),
812};
813
814const EVP_CIPHER *
815EVP_aes_192_cbc(void)
816{
817#ifdef AESNI_CAPABLE
818 return AESNI_CAPABLE ? &aesni_192_cbc : &aes_192_cbc;
819#else
820 return &aes_192_cbc;
821#endif
822}
823LCRYPTO_ALIAS(EVP_aes_192_cbc);
824
825#ifdef AESNI_CAPABLE
826static const EVP_CIPHER aesni_192_ecb = {
827 .nid = NID_aes_192_ecb,
828 .block_size = 16,
829 .key_len = 24,
830 .iv_len = 0,
831 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
832 .init = aesni_init_key,
833 .do_cipher = aesni_ecb_cipher,
834 .ctx_size = sizeof(EVP_AES_KEY),
835};
836#endif
837
838static const EVP_CIPHER aes_192_ecb = {
839 .nid = NID_aes_192_ecb,
840 .block_size = 16,
841 .key_len = 24,
842 .iv_len = 0,
843 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
844 .init = aes_init_key,
845 .do_cipher = aes_ecb_cipher,
846 .ctx_size = sizeof(EVP_AES_KEY),
847};
848
849const EVP_CIPHER *
850EVP_aes_192_ecb(void)
851{
852#ifdef AESNI_CAPABLE
853 return AESNI_CAPABLE ? &aesni_192_ecb : &aes_192_ecb;
854#else
855 return &aes_192_ecb;
856#endif
857}
858LCRYPTO_ALIAS(EVP_aes_192_ecb);
859
860#ifdef AESNI_CAPABLE
861static const EVP_CIPHER aesni_192_ofb = {
862 .nid = NID_aes_192_ofb128,
863 .block_size = 1,
864 .key_len = 24,
865 .iv_len = 16,
866 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
867 .init = aesni_init_key,
868 .do_cipher = aes_ofb_cipher,
869 .ctx_size = sizeof(EVP_AES_KEY),
870};
871#endif
872
873static const EVP_CIPHER aes_192_ofb = {
874 .nid = NID_aes_192_ofb128,
875 .block_size = 1,
876 .key_len = 24,
877 .iv_len = 16,
878 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
879 .init = aes_init_key,
880 .do_cipher = aes_ofb_cipher,
881 .ctx_size = sizeof(EVP_AES_KEY),
882};
883
884const EVP_CIPHER *
885EVP_aes_192_ofb(void)
886{
887#ifdef AESNI_CAPABLE
888 return AESNI_CAPABLE ? &aesni_192_ofb : &aes_192_ofb;
889#else
890 return &aes_192_ofb;
891#endif
892}
893LCRYPTO_ALIAS(EVP_aes_192_ofb);
894
895#ifdef AESNI_CAPABLE
896static const EVP_CIPHER aesni_192_cfb = {
897 .nid = NID_aes_192_cfb128,
898 .block_size = 1,
899 .key_len = 24,
900 .iv_len = 16,
901 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
902 .init = aesni_init_key,
903 .do_cipher = aes_cfb_cipher,
904 .ctx_size = sizeof(EVP_AES_KEY),
905};
906#endif
907
908static const EVP_CIPHER aes_192_cfb = {
909 .nid = NID_aes_192_cfb128,
910 .block_size = 1,
911 .key_len = 24,
912 .iv_len = 16,
913 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
914 .init = aes_init_key,
915 .do_cipher = aes_cfb_cipher,
916 .ctx_size = sizeof(EVP_AES_KEY),
917};
918
919const EVP_CIPHER *
920EVP_aes_192_cfb128(void)
921{
922#ifdef AESNI_CAPABLE
923 return AESNI_CAPABLE ? &aesni_192_cfb : &aes_192_cfb;
924#else
925 return &aes_192_cfb;
926#endif
927}
928LCRYPTO_ALIAS(EVP_aes_192_cfb128);
929
930#ifdef AESNI_CAPABLE
931static const EVP_CIPHER aesni_192_cfb1 = {
932 .nid = NID_aes_192_cfb1,
933 .block_size = 1,
934 .key_len = 24,
935 .iv_len = 16,
936 .flags = EVP_CIPH_CFB_MODE,
937 .init = aesni_init_key,
938 .do_cipher = aes_cfb1_cipher,
939 .ctx_size = sizeof(EVP_AES_KEY),
940};
941#endif
942
943static const EVP_CIPHER aes_192_cfb1 = {
944 .nid = NID_aes_192_cfb1,
945 .block_size = 1,
946 .key_len = 24,
947 .iv_len = 16,
948 .flags = EVP_CIPH_CFB_MODE,
949 .init = aes_init_key,
950 .do_cipher = aes_cfb1_cipher,
951 .ctx_size = sizeof(EVP_AES_KEY),
952};
953
954const EVP_CIPHER *
955EVP_aes_192_cfb1(void)
956{
957#ifdef AESNI_CAPABLE
958 return AESNI_CAPABLE ? &aesni_192_cfb1 : &aes_192_cfb1;
959#else
960 return &aes_192_cfb1;
961#endif
962}
963LCRYPTO_ALIAS(EVP_aes_192_cfb1);
964
965#ifdef AESNI_CAPABLE
966static const EVP_CIPHER aesni_192_cfb8 = {
967 .nid = NID_aes_192_cfb8,
968 .block_size = 1,
969 .key_len = 24,
970 .iv_len = 16,
971 .flags = EVP_CIPH_CFB_MODE,
972 .init = aesni_init_key,
973 .do_cipher = aes_cfb8_cipher,
974 .ctx_size = sizeof(EVP_AES_KEY),
975};
976#endif
977
978static const EVP_CIPHER aes_192_cfb8 = {
979 .nid = NID_aes_192_cfb8,
980 .block_size = 1,
981 .key_len = 24,
982 .iv_len = 16,
983 .flags = EVP_CIPH_CFB_MODE,
984 .init = aes_init_key,
985 .do_cipher = aes_cfb8_cipher,
986 .ctx_size = sizeof(EVP_AES_KEY),
987};
988
989const EVP_CIPHER *
990EVP_aes_192_cfb8(void)
991{
992#ifdef AESNI_CAPABLE
993 return AESNI_CAPABLE ? &aesni_192_cfb8 : &aes_192_cfb8;
994#else
995 return &aes_192_cfb8;
996#endif
997}
998LCRYPTO_ALIAS(EVP_aes_192_cfb8);
999
1000#ifdef AESNI_CAPABLE
1001static const EVP_CIPHER aesni_192_ctr = {
1002 .nid = NID_aes_192_ctr,
1003 .block_size = 1,
1004 .key_len = 24,
1005 .iv_len = 16,
1006 .flags = EVP_CIPH_CTR_MODE,
1007 .init = aesni_init_key,
1008 .do_cipher = aes_ctr_cipher,
1009 .ctx_size = sizeof(EVP_AES_KEY),
1010};
1011#endif
1012
1013static const EVP_CIPHER aes_192_ctr = {
1014 .nid = NID_aes_192_ctr,
1015 .block_size = 1,
1016 .key_len = 24,
1017 .iv_len = 16,
1018 .flags = EVP_CIPH_CTR_MODE,
1019 .init = aes_init_key,
1020 .do_cipher = aes_ctr_cipher,
1021 .ctx_size = sizeof(EVP_AES_KEY),
1022};
1023
1024const EVP_CIPHER *
1025EVP_aes_192_ctr(void)
1026{
1027#ifdef AESNI_CAPABLE
1028 return AESNI_CAPABLE ? &aesni_192_ctr : &aes_192_ctr;
1029#else
1030 return &aes_192_ctr;
1031#endif
1032}
1033LCRYPTO_ALIAS(EVP_aes_192_ctr);
1034
1035
1036#ifdef AESNI_CAPABLE
1037static const EVP_CIPHER aesni_256_cbc = {
1038 .nid = NID_aes_256_cbc,
1039 .block_size = 16,
1040 .key_len = 32,
1041 .iv_len = 16,
1042 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
1043 .init = aesni_init_key,
1044 .do_cipher = aesni_cbc_cipher,
1045 .ctx_size = sizeof(EVP_AES_KEY),
1046};
1047#endif
1048
1049static const EVP_CIPHER aes_256_cbc = {
1050 .nid = NID_aes_256_cbc,
1051 .block_size = 16,
1052 .key_len = 32,
1053 .iv_len = 16,
1054 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
1055 .init = aes_init_key,
1056 .do_cipher = aes_cbc_cipher,
1057 .ctx_size = sizeof(EVP_AES_KEY),
1058};
1059
1060const EVP_CIPHER *
1061EVP_aes_256_cbc(void)
1062{
1063#ifdef AESNI_CAPABLE
1064 return AESNI_CAPABLE ? &aesni_256_cbc : &aes_256_cbc;
1065#else
1066 return &aes_256_cbc;
1067#endif
1068}
1069LCRYPTO_ALIAS(EVP_aes_256_cbc);
1070
1071#ifdef AESNI_CAPABLE
1072static const EVP_CIPHER aesni_256_ecb = {
1073 .nid = NID_aes_256_ecb,
1074 .block_size = 16,
1075 .key_len = 32,
1076 .iv_len = 0,
1077 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
1078 .init = aesni_init_key,
1079 .do_cipher = aesni_ecb_cipher,
1080 .ctx_size = sizeof(EVP_AES_KEY),
1081};
1082#endif
1083
1084static const EVP_CIPHER aes_256_ecb = {
1085 .nid = NID_aes_256_ecb,
1086 .block_size = 16,
1087 .key_len = 32,
1088 .iv_len = 0,
1089 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
1090 .init = aes_init_key,
1091 .do_cipher = aes_ecb_cipher,
1092 .ctx_size = sizeof(EVP_AES_KEY),
1093};
1094
1095const EVP_CIPHER *
1096EVP_aes_256_ecb(void)
1097{
1098#ifdef AESNI_CAPABLE
1099 return AESNI_CAPABLE ? &aesni_256_ecb : &aes_256_ecb;
1100#else
1101 return &aes_256_ecb;
1102#endif
1103}
1104LCRYPTO_ALIAS(EVP_aes_256_ecb);
1105
1106#ifdef AESNI_CAPABLE
1107static const EVP_CIPHER aesni_256_ofb = {
1108 .nid = NID_aes_256_ofb128,
1109 .block_size = 1,
1110 .key_len = 32,
1111 .iv_len = 16,
1112 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
1113 .init = aesni_init_key,
1114 .do_cipher = aes_ofb_cipher,
1115 .ctx_size = sizeof(EVP_AES_KEY),
1116};
1117#endif
1118
1119static const EVP_CIPHER aes_256_ofb = {
1120 .nid = NID_aes_256_ofb128,
1121 .block_size = 1,
1122 .key_len = 32,
1123 .iv_len = 16,
1124 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
1125 .init = aes_init_key,
1126 .do_cipher = aes_ofb_cipher,
1127 .ctx_size = sizeof(EVP_AES_KEY),
1128};
1129
1130const EVP_CIPHER *
1131EVP_aes_256_ofb(void)
1132{
1133#ifdef AESNI_CAPABLE
1134 return AESNI_CAPABLE ? &aesni_256_ofb : &aes_256_ofb;
1135#else
1136 return &aes_256_ofb;
1137#endif
1138}
1139LCRYPTO_ALIAS(EVP_aes_256_ofb);
1140
1141#ifdef AESNI_CAPABLE
1142static const EVP_CIPHER aesni_256_cfb = {
1143 .nid = NID_aes_256_cfb128,
1144 .block_size = 1,
1145 .key_len = 32,
1146 .iv_len = 16,
1147 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
1148 .init = aesni_init_key,
1149 .do_cipher = aes_cfb_cipher,
1150 .ctx_size = sizeof(EVP_AES_KEY),
1151};
1152#endif
1153
1154static const EVP_CIPHER aes_256_cfb = {
1155 .nid = NID_aes_256_cfb128,
1156 .block_size = 1,
1157 .key_len = 32,
1158 .iv_len = 16,
1159 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
1160 .init = aes_init_key,
1161 .do_cipher = aes_cfb_cipher,
1162 .ctx_size = sizeof(EVP_AES_KEY),
1163};
1164
1165const EVP_CIPHER *
1166EVP_aes_256_cfb128(void)
1167{
1168#ifdef AESNI_CAPABLE
1169 return AESNI_CAPABLE ? &aesni_256_cfb : &aes_256_cfb;
1170#else
1171 return &aes_256_cfb;
1172#endif
1173}
1174LCRYPTO_ALIAS(EVP_aes_256_cfb128);
1175
1176#ifdef AESNI_CAPABLE
1177static const EVP_CIPHER aesni_256_cfb1 = {
1178 .nid = NID_aes_256_cfb1,
1179 .block_size = 1,
1180 .key_len = 32,
1181 .iv_len = 16,
1182 .flags = EVP_CIPH_CFB_MODE,
1183 .init = aesni_init_key,
1184 .do_cipher = aes_cfb1_cipher,
1185 .ctx_size = sizeof(EVP_AES_KEY),
1186};
1187#endif
1188
1189static const EVP_CIPHER aes_256_cfb1 = {
1190 .nid = NID_aes_256_cfb1,
1191 .block_size = 1,
1192 .key_len = 32,
1193 .iv_len = 16,
1194 .flags = EVP_CIPH_CFB_MODE,
1195 .init = aes_init_key,
1196 .do_cipher = aes_cfb1_cipher,
1197 .ctx_size = sizeof(EVP_AES_KEY),
1198};
1199
1200const EVP_CIPHER *
1201EVP_aes_256_cfb1(void)
1202{
1203#ifdef AESNI_CAPABLE
1204 return AESNI_CAPABLE ? &aesni_256_cfb1 : &aes_256_cfb1;
1205#else
1206 return &aes_256_cfb1;
1207#endif
1208}
1209LCRYPTO_ALIAS(EVP_aes_256_cfb1);
1210
1211#ifdef AESNI_CAPABLE
1212static const EVP_CIPHER aesni_256_cfb8 = {
1213 .nid = NID_aes_256_cfb8,
1214 .block_size = 1,
1215 .key_len = 32,
1216 .iv_len = 16,
1217 .flags = EVP_CIPH_CFB_MODE,
1218 .init = aesni_init_key,
1219 .do_cipher = aes_cfb8_cipher,
1220 .ctx_size = sizeof(EVP_AES_KEY),
1221};
1222#endif
1223
1224static const EVP_CIPHER aes_256_cfb8 = {
1225 .nid = NID_aes_256_cfb8,
1226 .block_size = 1,
1227 .key_len = 32,
1228 .iv_len = 16,
1229 .flags = EVP_CIPH_CFB_MODE,
1230 .init = aes_init_key,
1231 .do_cipher = aes_cfb8_cipher,
1232 .ctx_size = sizeof(EVP_AES_KEY),
1233};
1234
1235const EVP_CIPHER *
1236EVP_aes_256_cfb8(void)
1237{
1238#ifdef AESNI_CAPABLE
1239 return AESNI_CAPABLE ? &aesni_256_cfb8 : &aes_256_cfb8;
1240#else
1241 return &aes_256_cfb8;
1242#endif
1243}
1244LCRYPTO_ALIAS(EVP_aes_256_cfb8);
1245
1246#ifdef AESNI_CAPABLE
1247static const EVP_CIPHER aesni_256_ctr = {
1248 .nid = NID_aes_256_ctr,
1249 .block_size = 1,
1250 .key_len = 32,
1251 .iv_len = 16,
1252 .flags = EVP_CIPH_CTR_MODE,
1253 .init = aesni_init_key,
1254 .do_cipher = aes_ctr_cipher,
1255 .ctx_size = sizeof(EVP_AES_KEY),
1256};
1257#endif
1258
1259static const EVP_CIPHER aes_256_ctr = {
1260 .nid = NID_aes_256_ctr,
1261 .block_size = 1,
1262 .key_len = 32,
1263 .iv_len = 16,
1264 .flags = EVP_CIPH_CTR_MODE,
1265 .init = aes_init_key,
1266 .do_cipher = aes_ctr_cipher,
1267 .ctx_size = sizeof(EVP_AES_KEY),
1268};
1269
1270const EVP_CIPHER *
1271EVP_aes_256_ctr(void)
1272{
1273#ifdef AESNI_CAPABLE
1274 return AESNI_CAPABLE ? &aesni_256_ctr : &aes_256_ctr;
1275#else
1276 return &aes_256_ctr;
1277#endif
1278}
1279LCRYPTO_ALIAS(EVP_aes_256_ctr);
1280
1281static int
1282aes_gcm_cleanup(EVP_CIPHER_CTX *c)
1283{
1284 EVP_AES_GCM_CTX *gctx = c->cipher_data;
1285
1286 if (gctx->iv != c->iv)
1287 free(gctx->iv);
1288
1289 explicit_bzero(gctx, sizeof(*gctx));
1290
1291 return 1;
1292}
1293
1294/* increment counter (64-bit int) by 1 */
1295static void
1296ctr64_inc(unsigned char *counter)
1297{
1298 int n = 8;
1299 unsigned char c;
1300
1301 do {
1302 --n;
1303 c = counter[n];
1304 ++c;
1305 counter[n] = c;
1306 if (c)
1307 return;
1308 } while (n);
1309}
1310
1311static int
1312aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
1313{
1314 EVP_AES_GCM_CTX *gctx = c->cipher_data;
1315
1316 switch (type) {
1317 case EVP_CTRL_INIT:
1318 gctx->key_set = 0;
1319 gctx->iv_set = 0;
1320 if (c->cipher->iv_len == 0) {
1321 EVPerror(EVP_R_INVALID_IV_LENGTH);
1322 return 0;
1323 }
1324 gctx->ivlen = c->cipher->iv_len;
1325 gctx->iv = c->iv;
1326 gctx->taglen = -1;
1327 gctx->iv_gen = 0;
1328 gctx->tls_aad_len = -1;
1329 return 1;
1330
1331 case EVP_CTRL_AEAD_GET_IVLEN:
1332 *(int *)ptr = gctx->ivlen;
1333 return 1;
1334
1335 case EVP_CTRL_AEAD_SET_IVLEN:
1336 if (arg <= 0)
1337 return 0;
1338 /* Allocate memory for IV if needed */
1339 if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
1340 if (gctx->iv != c->iv)
1341 free(gctx->iv);
1342 gctx->iv = malloc(arg);
1343 if (!gctx->iv)
1344 return 0;
1345 }
1346 gctx->ivlen = arg;
1347 return 1;
1348
1349 case EVP_CTRL_GCM_SET_TAG:
1350 if (arg <= 0 || arg > 16 || c->encrypt)
1351 return 0;
1352 memcpy(c->buf, ptr, arg);
1353 gctx->taglen = arg;
1354 return 1;
1355
1356 case EVP_CTRL_GCM_GET_TAG:
1357 if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0)
1358 return 0;
1359 memcpy(ptr, c->buf, arg);
1360 return 1;
1361
1362 case EVP_CTRL_GCM_SET_IV_FIXED:
1363 /* Special case: -1 length restores whole IV */
1364 if (arg == -1) {
1365 memcpy(gctx->iv, ptr, gctx->ivlen);
1366 gctx->iv_gen = 1;
1367 return 1;
1368 }
1369 /* Fixed field must be at least 4 bytes and invocation field
1370 * at least 8.
1371 */
1372 if ((arg < 4) || (gctx->ivlen - arg) < 8)
1373 return 0;
1374 if (arg)
1375 memcpy(gctx->iv, ptr, arg);
1376 if (c->encrypt)
1377 arc4random_buf(gctx->iv + arg, gctx->ivlen - arg);
1378 gctx->iv_gen = 1;
1379 return 1;
1380
1381 case EVP_CTRL_GCM_IV_GEN:
1382 if (gctx->iv_gen == 0 || gctx->key_set == 0)
1383 return 0;
1384 CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
1385 if (arg <= 0 || arg > gctx->ivlen)
1386 arg = gctx->ivlen;
1387 memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
1388 /* Invocation field will be at least 8 bytes in size and
1389 * so no need to check wrap around or increment more than
1390 * last 8 bytes.
1391 */
1392 ctr64_inc(gctx->iv + gctx->ivlen - 8);
1393 gctx->iv_set = 1;
1394 return 1;
1395
1396 case EVP_CTRL_GCM_SET_IV_INV:
1397 if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt)
1398 return 0;
1399 memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
1400 CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
1401 gctx->iv_set = 1;
1402 return 1;
1403
1404 case EVP_CTRL_AEAD_TLS1_AAD:
1405 /* Save the AAD for later use */
1406 if (arg != 13)
1407 return 0;
1408 memcpy(c->buf, ptr, arg);
1409 gctx->tls_aad_len = arg;
1410 {
1411 unsigned int len = c->buf[arg - 2] << 8 |
1412 c->buf[arg - 1];
1413
1414 /* Correct length for explicit IV */
1415 if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
1416 return 0;
1417 len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
1418
1419 /* If decrypting correct for tag too */
1420 if (!c->encrypt) {
1421 if (len < EVP_GCM_TLS_TAG_LEN)
1422 return 0;
1423 len -= EVP_GCM_TLS_TAG_LEN;
1424 }
1425 c->buf[arg - 2] = len >> 8;
1426 c->buf[arg - 1] = len & 0xff;
1427 }
1428 /* Extra padding: tag appended to record */
1429 return EVP_GCM_TLS_TAG_LEN;
1430
1431 case EVP_CTRL_COPY:
1432 {
1433 EVP_CIPHER_CTX *out = ptr;
1434 EVP_AES_GCM_CTX *gctx_out = out->cipher_data;
1435
1436 if (gctx->gcm.key) {
1437 if (gctx->gcm.key != &gctx->ks)
1438 return 0;
1439 gctx_out->gcm.key = &gctx_out->ks;
1440 }
1441
1442 if (gctx->iv == c->iv) {
1443 gctx_out->iv = out->iv;
1444 } else {
1445 if ((gctx_out->iv = calloc(1, gctx->ivlen)) == NULL)
1446 return 0;
1447 memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
1448 }
1449 return 1;
1450 }
1451
1452 default:
1453 return -1;
1454
1455 }
1456}
1457
1458static ctr128_f
1459aes_gcm_set_key(AES_KEY *aes_key, GCM128_CONTEXT *gcm_ctx,
1460 const unsigned char *key, size_t key_len)
1461{
1462#ifdef BSAES_CAPABLE
1463 if (BSAES_CAPABLE) {
1464 AES_set_encrypt_key(key, key_len * 8, aes_key);
1465 CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);
1466 return (ctr128_f)bsaes_ctr32_encrypt_blocks;
1467 } else
1468#endif
1469#ifdef VPAES_CAPABLE
1470 if (VPAES_CAPABLE) {
1471 vpaes_set_encrypt_key(key, key_len * 8, aes_key);
1472 CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)vpaes_encrypt);
1473 return NULL;
1474 } else
1475#endif
1476 (void)0; /* terminate potentially open 'else' */
1477
1478 AES_set_encrypt_key(key, key_len * 8, aes_key);
1479 CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);
1480#ifdef AES_CTR_ASM
1481 return (ctr128_f)AES_ctr32_encrypt;
1482#else
1483 return NULL;
1484#endif
1485}
1486
1487static int
1488aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1489 const unsigned char *iv, int enc)
1490{
1491 EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
1492
1493 if (!iv && !key)
1494 return 1;
1495 if (key) {
1496 gctx->ctr = aes_gcm_set_key(&gctx->ks, &gctx->gcm,
1497 key, ctx->key_len);
1498
1499 /* If we have an iv can set it directly, otherwise use
1500 * saved IV.
1501 */
1502 if (iv == NULL && gctx->iv_set)
1503 iv = gctx->iv;
1504 if (iv) {
1505 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
1506 gctx->iv_set = 1;
1507 }
1508 gctx->key_set = 1;
1509 } else {
1510 /* If key set use IV, otherwise copy */
1511 if (gctx->key_set)
1512 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
1513 else
1514 memcpy(gctx->iv, iv, gctx->ivlen);
1515 gctx->iv_set = 1;
1516 gctx->iv_gen = 0;
1517 }
1518 return 1;
1519}
1520
1521/* Handle TLS GCM packet format. This consists of the last portion of the IV
1522 * followed by the payload and finally the tag. On encrypt generate IV,
1523 * encrypt payload and write the tag. On verify retrieve IV, decrypt payload
1524 * and verify tag.
1525 */
1526
1527static int
1528aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1529 const unsigned char *in, size_t len)
1530{
1531 EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
1532 int rv = -1;
1533
1534 /* Encrypt/decrypt must be performed in place */
1535 if (out != in ||
1536 len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
1537 return -1;
1538
1539 /* Set IV from start of buffer or generate IV and write to start
1540 * of buffer.
1541 */
1542 if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
1543 EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
1544 EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
1545 goto err;
1546
1547 /* Use saved AAD */
1548 if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len))
1549 goto err;
1550
1551 /* Fix buffer and length to point to payload */
1552 in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
1553 out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
1554 len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
1555 if (ctx->encrypt) {
1556 /* Encrypt payload */
1557 if (gctx->ctr) {
1558 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, in, out,
1559 len, gctx->ctr))
1560 goto err;
1561 } else {
1562 if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
1563 goto err;
1564 }
1565 out += len;
1566
1567 /* Finally write tag */
1568 CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
1569 rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
1570 } else {
1571 /* Decrypt */
1572 if (gctx->ctr) {
1573 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, in, out,
1574 len, gctx->ctr))
1575 goto err;
1576 } else {
1577 if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
1578 goto err;
1579 }
1580 /* Retrieve tag */
1581 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);
1582
1583 /* If tag mismatch wipe buffer */
1584 if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
1585 explicit_bzero(out, len);
1586 goto err;
1587 }
1588 rv = len;
1589 }
1590
1591err:
1592 gctx->iv_set = 0;
1593 gctx->tls_aad_len = -1;
1594 return rv;
1595}
1596
1597static int
1598aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1599 const unsigned char *in, size_t len)
1600{
1601 EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
1602
1603 /* If not set up, return error */
1604 if (!gctx->key_set)
1605 return -1;
1606
1607 if (gctx->tls_aad_len >= 0)
1608 return aes_gcm_tls_cipher(ctx, out, in, len);
1609
1610 if (!gctx->iv_set)
1611 return -1;
1612
1613 if (in) {
1614 if (out == NULL) {
1615 if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
1616 return -1;
1617 } else if (ctx->encrypt) {
1618 if (gctx->ctr) {
1619 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
1620 in, out, len, gctx->ctr))
1621 return -1;
1622 } else {
1623 if (CRYPTO_gcm128_encrypt(&gctx->gcm,
1624 in, out, len))
1625 return -1;
1626 }
1627 } else {
1628 if (gctx->ctr) {
1629 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
1630 in, out, len, gctx->ctr))
1631 return -1;
1632 } else {
1633 if (CRYPTO_gcm128_decrypt(&gctx->gcm,
1634 in, out, len))
1635 return -1;
1636 }
1637 }
1638 return len;
1639 } else {
1640 if (!ctx->encrypt) {
1641 if (gctx->taglen < 0)
1642 return -1;
1643 if (CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf,
1644 gctx->taglen) != 0)
1645 return -1;
1646 gctx->iv_set = 0;
1647 return 0;
1648 }
1649 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16);
1650 gctx->taglen = 16;
1651
1652 /* Don't reuse the IV */
1653 gctx->iv_set = 0;
1654 return 0;
1655 }
1656
1657}
1658
1659#define CUSTOM_FLAGS \
1660 ( EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV | \
1661 EVP_CIPH_FLAG_CUSTOM_IV_LENGTH | \
1662 EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | \
1663 EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY )
1664
1665
1666#ifdef AESNI_CAPABLE
1667static const EVP_CIPHER aesni_128_gcm = {
1668 .nid = NID_aes_128_gcm,
1669 .block_size = 1,
1670 .key_len = 16,
1671 .iv_len = 12,
1672 .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
1673 .init = aesni_gcm_init_key,
1674 .do_cipher = aes_gcm_cipher,
1675 .cleanup = aes_gcm_cleanup,
1676 .ctx_size = sizeof(EVP_AES_GCM_CTX),
1677 .ctrl = aes_gcm_ctrl,
1678};
1679#endif
1680
1681static const EVP_CIPHER aes_128_gcm = {
1682 .nid = NID_aes_128_gcm,
1683 .block_size = 1,
1684 .key_len = 16,
1685 .iv_len = 12,
1686 .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
1687 .init = aes_gcm_init_key,
1688 .do_cipher = aes_gcm_cipher,
1689 .cleanup = aes_gcm_cleanup,
1690 .ctx_size = sizeof(EVP_AES_GCM_CTX),
1691 .ctrl = aes_gcm_ctrl,
1692};
1693
1694const EVP_CIPHER *
1695EVP_aes_128_gcm(void)
1696{
1697#ifdef AESNI_CAPABLE
1698 return AESNI_CAPABLE ? &aesni_128_gcm : &aes_128_gcm;
1699#else
1700 return &aes_128_gcm;
1701#endif
1702}
1703LCRYPTO_ALIAS(EVP_aes_128_gcm);
1704
1705#ifdef AESNI_CAPABLE
1706static const EVP_CIPHER aesni_192_gcm = {
1707 .nid = NID_aes_192_gcm,
1708 .block_size = 1,
1709 .key_len = 24,
1710 .iv_len = 12,
1711 .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
1712 .init = aesni_gcm_init_key,
1713 .do_cipher = aes_gcm_cipher,
1714 .cleanup = aes_gcm_cleanup,
1715 .ctx_size = sizeof(EVP_AES_GCM_CTX),
1716 .ctrl = aes_gcm_ctrl,
1717};
1718#endif
1719
1720static const EVP_CIPHER aes_192_gcm = {
1721 .nid = NID_aes_192_gcm,
1722 .block_size = 1,
1723 .key_len = 24,
1724 .iv_len = 12,
1725 .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
1726 .init = aes_gcm_init_key,
1727 .do_cipher = aes_gcm_cipher,
1728 .cleanup = aes_gcm_cleanup,
1729 .ctx_size = sizeof(EVP_AES_GCM_CTX),
1730 .ctrl = aes_gcm_ctrl,
1731};
1732
1733const EVP_CIPHER *
1734EVP_aes_192_gcm(void)
1735{
1736#ifdef AESNI_CAPABLE
1737 return AESNI_CAPABLE ? &aesni_192_gcm : &aes_192_gcm;
1738#else
1739 return &aes_192_gcm;
1740#endif
1741}
1742LCRYPTO_ALIAS(EVP_aes_192_gcm);
1743
1744#ifdef AESNI_CAPABLE
1745static const EVP_CIPHER aesni_256_gcm = {
1746 .nid = NID_aes_256_gcm,
1747 .block_size = 1,
1748 .key_len = 32,
1749 .iv_len = 12,
1750 .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
1751 .init = aesni_gcm_init_key,
1752 .do_cipher = aes_gcm_cipher,
1753 .cleanup = aes_gcm_cleanup,
1754 .ctx_size = sizeof(EVP_AES_GCM_CTX),
1755 .ctrl = aes_gcm_ctrl,
1756};
1757#endif
1758
1759static const EVP_CIPHER aes_256_gcm = {
1760 .nid = NID_aes_256_gcm,
1761 .block_size = 1,
1762 .key_len = 32,
1763 .iv_len = 12,
1764 .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
1765 .init = aes_gcm_init_key,
1766 .do_cipher = aes_gcm_cipher,
1767 .cleanup = aes_gcm_cleanup,
1768 .ctx_size = sizeof(EVP_AES_GCM_CTX),
1769 .ctrl = aes_gcm_ctrl,
1770};
1771
1772const EVP_CIPHER *
1773EVP_aes_256_gcm(void)
1774{
1775#ifdef AESNI_CAPABLE
1776 return AESNI_CAPABLE ? &aesni_256_gcm : &aes_256_gcm;
1777#else
1778 return &aes_256_gcm;
1779#endif
1780}
1781LCRYPTO_ALIAS(EVP_aes_256_gcm);
1782
1783static int
1784aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
1785{
1786 EVP_AES_XTS_CTX *xctx = c->cipher_data;
1787
1788 switch (type) {
1789 case EVP_CTRL_INIT:
1790 /*
1791 * key1 and key2 are used as an indicator both key and IV
1792 * are set
1793 */
1794 xctx->xts.key1 = NULL;
1795 xctx->xts.key2 = NULL;
1796 return 1;
1797
1798 case EVP_CTRL_COPY:
1799 {
1800 EVP_CIPHER_CTX *out = ptr;
1801 EVP_AES_XTS_CTX *xctx_out = out->cipher_data;
1802
1803 if (xctx->xts.key1) {
1804 if (xctx->xts.key1 != &xctx->ks1)
1805 return 0;
1806 xctx_out->xts.key1 = &xctx_out->ks1;
1807 }
1808 if (xctx->xts.key2) {
1809 if (xctx->xts.key2 != &xctx->ks2)
1810 return 0;
1811 xctx_out->xts.key2 = &xctx_out->ks2;
1812 }
1813 return 1;
1814 }
1815 }
1816 return -1;
1817}
1818
1819static int
1820aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1821 const unsigned char *iv, int enc)
1822{
1823 EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
1824
1825 if (!iv && !key)
1826 return 1;
1827
1828 if (key) do {
1829#ifdef AES_XTS_ASM
1830 xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
1831#else
1832 xctx->stream = NULL;
1833#endif
1834 /* key_len is two AES keys */
1835#ifdef BSAES_CAPABLE
1836 if (BSAES_CAPABLE)
1837 xctx->stream = enc ? bsaes_xts_encrypt :
1838 bsaes_xts_decrypt;
1839 else
1840#endif
1841#ifdef VPAES_CAPABLE
1842 if (VPAES_CAPABLE) {
1843 if (enc) {
1844 vpaes_set_encrypt_key(key, ctx->key_len * 4,
1845 &xctx->ks1);
1846 xctx->xts.block1 = (block128_f)vpaes_encrypt;
1847 } else {
1848 vpaes_set_decrypt_key(key, ctx->key_len * 4,
1849 &xctx->ks1);
1850 xctx->xts.block1 = (block128_f)vpaes_decrypt;
1851 }
1852
1853 vpaes_set_encrypt_key(key + ctx->key_len / 2,
1854 ctx->key_len * 4, &xctx->ks2);
1855 xctx->xts.block2 = (block128_f)vpaes_encrypt;
1856
1857 xctx->xts.key1 = &xctx->ks1;
1858 break;
1859 } else
1860#endif
1861 (void)0; /* terminate potentially open 'else' */
1862
1863 if (enc) {
1864 AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
1865 xctx->xts.block1 = (block128_f)AES_encrypt;
1866 } else {
1867 AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
1868 xctx->xts.block1 = (block128_f)AES_decrypt;
1869 }
1870
1871 AES_set_encrypt_key(key + ctx->key_len / 2,
1872 ctx->key_len * 4, &xctx->ks2);
1873 xctx->xts.block2 = (block128_f)AES_encrypt;
1874
1875 xctx->xts.key1 = &xctx->ks1;
1876 } while (0);
1877
1878 if (iv) {
1879 xctx->xts.key2 = &xctx->ks2;
1880 memcpy(ctx->iv, iv, 16);
1881 }
1882
1883 return 1;
1884}
1885
1886static int
1887aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1888 const unsigned char *in, size_t len)
1889{
1890 EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
1891
1892 if (!xctx->xts.key1 || !xctx->xts.key2)
1893 return 0;
1894 if (!out || !in || len < AES_BLOCK_SIZE)
1895 return 0;
1896
1897 if (xctx->stream)
1898 (*xctx->stream)(in, out, len, xctx->xts.key1, xctx->xts.key2,
1899 ctx->iv);
1900 else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
1901 ctx->encrypt))
1902 return 0;
1903 return 1;
1904}
1905
1906#define XTS_FLAGS \
1907 ( EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV | \
1908 EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY )
1909
1910
1911#ifdef AESNI_CAPABLE
1912static const EVP_CIPHER aesni_128_xts = {
1913 .nid = NID_aes_128_xts,
1914 .block_size = 1,
1915 .key_len = 2 * 16,
1916 .iv_len = 16,
1917 .flags = XTS_FLAGS | EVP_CIPH_XTS_MODE,
1918 .init = aesni_xts_init_key,
1919 .do_cipher = aes_xts_cipher,
1920 .cleanup = NULL,
1921 .ctx_size = sizeof(EVP_AES_XTS_CTX),
1922 .ctrl = aes_xts_ctrl,
1923};
1924#endif
1925
1926static const EVP_CIPHER aes_128_xts = {
1927 .nid = NID_aes_128_xts,
1928 .block_size = 1,
1929 .key_len = 2 * 16,
1930 .iv_len = 16,
1931 .flags = XTS_FLAGS | EVP_CIPH_XTS_MODE,
1932 .init = aes_xts_init_key,
1933 .do_cipher = aes_xts_cipher,
1934 .cleanup = NULL,
1935 .ctx_size = sizeof(EVP_AES_XTS_CTX),
1936 .ctrl = aes_xts_ctrl,
1937};
1938
1939const EVP_CIPHER *
1940EVP_aes_128_xts(void)
1941{
1942#ifdef AESNI_CAPABLE
1943 return AESNI_CAPABLE ? &aesni_128_xts : &aes_128_xts;
1944#else
1945 return &aes_128_xts;
1946#endif
1947}
1948LCRYPTO_ALIAS(EVP_aes_128_xts);
1949
1950#ifdef AESNI_CAPABLE
1951static const EVP_CIPHER aesni_256_xts = {
1952 .nid = NID_aes_256_xts,
1953 .block_size = 1,
1954 .key_len = 2 * 32,
1955 .iv_len = 16,
1956 .flags = XTS_FLAGS | EVP_CIPH_XTS_MODE,
1957 .init = aesni_xts_init_key,
1958 .do_cipher = aes_xts_cipher,
1959 .cleanup = NULL,
1960 .ctx_size = sizeof(EVP_AES_XTS_CTX),
1961 .ctrl = aes_xts_ctrl,
1962};
1963#endif
1964
1965static const EVP_CIPHER aes_256_xts = {
1966 .nid = NID_aes_256_xts,
1967 .block_size = 1,
1968 .key_len = 2 * 32,
1969 .iv_len = 16,
1970 .flags = XTS_FLAGS | EVP_CIPH_XTS_MODE,
1971 .init = aes_xts_init_key,
1972 .do_cipher = aes_xts_cipher,
1973 .cleanup = NULL,
1974 .ctx_size = sizeof(EVP_AES_XTS_CTX),
1975 .ctrl = aes_xts_ctrl,
1976};
1977
1978const EVP_CIPHER *
1979EVP_aes_256_xts(void)
1980{
1981#ifdef AESNI_CAPABLE
1982 return AESNI_CAPABLE ? &aesni_256_xts : &aes_256_xts;
1983#else
1984 return &aes_256_xts;
1985#endif
1986}
1987LCRYPTO_ALIAS(EVP_aes_256_xts);
1988
1989static int
1990aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
1991{
1992 EVP_AES_CCM_CTX *cctx = c->cipher_data;
1993
1994 switch (type) {
1995 case EVP_CTRL_INIT:
1996 cctx->key_set = 0;
1997 cctx->iv_set = 0;
1998 cctx->L = 8;
1999 cctx->M = 12;
2000 cctx->tag_set = 0;
2001 cctx->len_set = 0;
2002 return 1;
2003
2004 case EVP_CTRL_AEAD_GET_IVLEN:
2005 *(int *)ptr = 15 - cctx->L;
2006 return 1;
2007
2008 case EVP_CTRL_AEAD_SET_IVLEN:
2009 arg = 15 - arg;
2010
2011 case EVP_CTRL_CCM_SET_L:
2012 if (arg < 2 || arg > 8)
2013 return 0;
2014 cctx->L = arg;
2015 return 1;
2016
2017 case EVP_CTRL_CCM_SET_TAG:
2018 if ((arg & 1) || arg < 4 || arg > 16)
2019 return 0;
2020 if ((c->encrypt && ptr) || (!c->encrypt && !ptr))
2021 return 0;
2022 if (ptr) {
2023 cctx->tag_set = 1;
2024 memcpy(c->buf, ptr, arg);
2025 }
2026 cctx->M = arg;
2027 return 1;
2028
2029 case EVP_CTRL_CCM_GET_TAG:
2030 if (!c->encrypt || !cctx->tag_set)
2031 return 0;
2032 if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
2033 return 0;
2034 cctx->tag_set = 0;
2035 cctx->iv_set = 0;
2036 cctx->len_set = 0;
2037 return 1;
2038
2039 case EVP_CTRL_COPY:
2040 {
2041 EVP_CIPHER_CTX *out = ptr;
2042 EVP_AES_CCM_CTX *cctx_out = out->cipher_data;
2043
2044 if (cctx->ccm.key) {
2045 if (cctx->ccm.key != &cctx->ks)
2046 return 0;
2047 cctx_out->ccm.key = &cctx_out->ks;
2048 }
2049 return 1;
2050 }
2051
2052 default:
2053 return -1;
2054 }
2055}
2056
2057static int
2058aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
2059 const unsigned char *iv, int enc)
2060{
2061 EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
2062
2063 if (!iv && !key)
2064 return 1;
2065 if (key) do {
2066#ifdef VPAES_CAPABLE
2067 if (VPAES_CAPABLE) {
2068 vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
2069 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
2070 &cctx->ks, (block128_f)vpaes_encrypt);
2071 cctx->str = NULL;
2072 cctx->key_set = 1;
2073 break;
2074 }
2075#endif
2076 AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
2077 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
2078 &cctx->ks, (block128_f)AES_encrypt);
2079 cctx->str = NULL;
2080 cctx->key_set = 1;
2081 } while (0);
2082 if (iv) {
2083 memcpy(ctx->iv, iv, 15 - cctx->L);
2084 cctx->iv_set = 1;
2085 }
2086 return 1;
2087}
2088
2089static int
2090aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
2091 const unsigned char *in, size_t len)
2092{
2093 EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
2094 CCM128_CONTEXT *ccm = &cctx->ccm;
2095
2096 /* If not set up, return error */
2097 if (!cctx->iv_set && !cctx->key_set)
2098 return -1;
2099 if (!ctx->encrypt && !cctx->tag_set)
2100 return -1;
2101
2102 if (!out) {
2103 if (!in) {
2104 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L,
2105 len))
2106 return -1;
2107 cctx->len_set = 1;
2108 return len;
2109 }
2110 /* If have AAD need message length */
2111 if (!cctx->len_set && len)
2112 return -1;
2113 CRYPTO_ccm128_aad(ccm, in, len);
2114 return len;
2115 }
2116 /* EVP_*Final() doesn't return any data */
2117 if (!in)
2118 return 0;
2119 /* If not set length yet do it */
2120 if (!cctx->len_set) {
2121 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
2122 return -1;
2123 cctx->len_set = 1;
2124 }
2125 if (ctx->encrypt) {
2126 if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
2127 cctx->str) : CRYPTO_ccm128_encrypt(ccm, in, out, len))
2128 return -1;
2129 cctx->tag_set = 1;
2130 return len;
2131 } else {
2132 int rv = -1;
2133 if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
2134 cctx->str) : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
2135 unsigned char tag[16];
2136 if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
2137 if (!memcmp(tag, ctx->buf, cctx->M))
2138 rv = len;
2139 }
2140 }
2141 if (rv == -1)
2142 explicit_bzero(out, len);
2143 cctx->iv_set = 0;
2144 cctx->tag_set = 0;
2145 cctx->len_set = 0;
2146 return rv;
2147 }
2148
2149}
2150
2151#ifdef AESNI_CAPABLE
2152static const EVP_CIPHER aesni_128_ccm = {
2153 .nid = NID_aes_128_ccm,
2154 .block_size = 1,
2155 .key_len = 16,
2156 .iv_len = 12,
2157 .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
2158 .init = aesni_ccm_init_key,
2159 .do_cipher = aes_ccm_cipher,
2160 .cleanup = NULL,
2161 .ctx_size = sizeof(EVP_AES_CCM_CTX),
2162 .ctrl = aes_ccm_ctrl,
2163};
2164#endif
2165
2166static const EVP_CIPHER aes_128_ccm = {
2167 .nid = NID_aes_128_ccm,
2168 .block_size = 1,
2169 .key_len = 16,
2170 .iv_len = 12,
2171 .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
2172 .init = aes_ccm_init_key,
2173 .do_cipher = aes_ccm_cipher,
2174 .cleanup = NULL,
2175 .ctx_size = sizeof(EVP_AES_CCM_CTX),
2176 .ctrl = aes_ccm_ctrl,
2177};
2178
2179const EVP_CIPHER *
2180EVP_aes_128_ccm(void)
2181{
2182#ifdef AESNI_CAPABLE
2183 return AESNI_CAPABLE ? &aesni_128_ccm : &aes_128_ccm;
2184#else
2185 return &aes_128_ccm;
2186#endif
2187}
2188LCRYPTO_ALIAS(EVP_aes_128_ccm);
2189
2190#ifdef AESNI_CAPABLE
2191static const EVP_CIPHER aesni_192_ccm = {
2192 .nid = NID_aes_192_ccm,
2193 .block_size = 1,
2194 .key_len = 24,
2195 .iv_len = 12,
2196 .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
2197 .init = aesni_ccm_init_key,
2198 .do_cipher = aes_ccm_cipher,
2199 .cleanup = NULL,
2200 .ctx_size = sizeof(EVP_AES_CCM_CTX),
2201 .ctrl = aes_ccm_ctrl,
2202};
2203#endif
2204
2205static const EVP_CIPHER aes_192_ccm = {
2206 .nid = NID_aes_192_ccm,
2207 .block_size = 1,
2208 .key_len = 24,
2209 .iv_len = 12,
2210 .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
2211 .init = aes_ccm_init_key,
2212 .do_cipher = aes_ccm_cipher,
2213 .cleanup = NULL,
2214 .ctx_size = sizeof(EVP_AES_CCM_CTX),
2215 .ctrl = aes_ccm_ctrl,
2216};
2217
2218const EVP_CIPHER *
2219EVP_aes_192_ccm(void)
2220{
2221#ifdef AESNI_CAPABLE
2222 return AESNI_CAPABLE ? &aesni_192_ccm : &aes_192_ccm;
2223#else
2224 return &aes_192_ccm;
2225#endif
2226}
2227LCRYPTO_ALIAS(EVP_aes_192_ccm);
2228
2229#ifdef AESNI_CAPABLE
2230static const EVP_CIPHER aesni_256_ccm = {
2231 .nid = NID_aes_256_ccm,
2232 .block_size = 1,
2233 .key_len = 32,
2234 .iv_len = 12,
2235 .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
2236 .init = aesni_ccm_init_key,
2237 .do_cipher = aes_ccm_cipher,
2238 .cleanup = NULL,
2239 .ctx_size = sizeof(EVP_AES_CCM_CTX),
2240 .ctrl = aes_ccm_ctrl,
2241};
2242#endif
2243
2244static const EVP_CIPHER aes_256_ccm = {
2245 .nid = NID_aes_256_ccm,
2246 .block_size = 1,
2247 .key_len = 32,
2248 .iv_len = 12,
2249 .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
2250 .init = aes_ccm_init_key,
2251 .do_cipher = aes_ccm_cipher,
2252 .cleanup = NULL,
2253 .ctx_size = sizeof(EVP_AES_CCM_CTX),
2254 .ctrl = aes_ccm_ctrl,
2255};
2256
2257const EVP_CIPHER *
2258EVP_aes_256_ccm(void)
2259{
2260#ifdef AESNI_CAPABLE
2261 return AESNI_CAPABLE ? &aesni_256_ccm : &aes_256_ccm;
2262#else
2263 return &aes_256_ccm;
2264#endif
2265}
2266LCRYPTO_ALIAS(EVP_aes_256_ccm);
2267
2268#define EVP_AEAD_AES_GCM_TAG_LEN 16
2269
2270struct aead_aes_gcm_ctx {
2271 union {
2272 double align;
2273 AES_KEY ks;
2274 } ks;
2275 GCM128_CONTEXT gcm;
2276 ctr128_f ctr;
2277 unsigned char tag_len;
2278};
2279
2280static int
2281aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const unsigned char *key, size_t key_len,
2282 size_t tag_len)
2283{
2284 struct aead_aes_gcm_ctx *gcm_ctx;
2285 const size_t key_bits = key_len * 8;
2286
2287 /* EVP_AEAD_CTX_init should catch this. */
2288 if (key_bits != 128 && key_bits != 256) {
2289 EVPerror(EVP_R_BAD_KEY_LENGTH);
2290 return 0;
2291 }
2292
2293 if (tag_len == EVP_AEAD_DEFAULT_TAG_LENGTH)
2294 tag_len = EVP_AEAD_AES_GCM_TAG_LEN;
2295
2296 if (tag_len > EVP_AEAD_AES_GCM_TAG_LEN) {
2297 EVPerror(EVP_R_TAG_TOO_LARGE);
2298 return 0;
2299 }
2300
2301 if ((gcm_ctx = calloc(1, sizeof(struct aead_aes_gcm_ctx))) == NULL)
2302 return 0;
2303
2304#ifdef AESNI_CAPABLE
2305 if (AESNI_CAPABLE) {
2306 aesni_set_encrypt_key(key, key_bits, &gcm_ctx->ks.ks);
2307 CRYPTO_gcm128_init(&gcm_ctx->gcm, &gcm_ctx->ks.ks,
2308 (block128_f)aesni_encrypt);
2309 gcm_ctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
2310 } else
2311#endif
2312 {
2313 gcm_ctx->ctr = aes_gcm_set_key(&gcm_ctx->ks.ks, &gcm_ctx->gcm,
2314 key, key_len);
2315 }
2316 gcm_ctx->tag_len = tag_len;
2317 ctx->aead_state = gcm_ctx;
2318
2319 return 1;
2320}
2321
2322static void
2323aead_aes_gcm_cleanup(EVP_AEAD_CTX *ctx)
2324{
2325 struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state;
2326
2327 freezero(gcm_ctx, sizeof(*gcm_ctx));
2328}
2329
2330static int
2331aead_aes_gcm_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
2332 size_t max_out_len, const unsigned char *nonce, size_t nonce_len,
2333 const unsigned char *in, size_t in_len, const unsigned char *ad,
2334 size_t ad_len)
2335{
2336 const struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state;
2337 GCM128_CONTEXT gcm;
2338 size_t bulk = 0;
2339
2340 if (max_out_len < in_len + gcm_ctx->tag_len) {
2341 EVPerror(EVP_R_BUFFER_TOO_SMALL);
2342 return 0;
2343 }
2344
2345 memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
2346
2347 if (nonce_len == 0) {
2348 EVPerror(EVP_R_INVALID_IV_LENGTH);
2349 return 0;
2350 }
2351 CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len);
2352
2353 if (ad_len > 0 && CRYPTO_gcm128_aad(&gcm, ad, ad_len))
2354 return 0;
2355
2356 if (gcm_ctx->ctr) {
2357 if (CRYPTO_gcm128_encrypt_ctr32(&gcm, in + bulk, out + bulk,
2358 in_len - bulk, gcm_ctx->ctr))
2359 return 0;
2360 } else {
2361 if (CRYPTO_gcm128_encrypt(&gcm, in + bulk, out + bulk,
2362 in_len - bulk))
2363 return 0;
2364 }
2365
2366 CRYPTO_gcm128_tag(&gcm, out + in_len, gcm_ctx->tag_len);
2367 *out_len = in_len + gcm_ctx->tag_len;
2368
2369 return 1;
2370}
2371
2372static int
2373aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
2374 size_t max_out_len, const unsigned char *nonce, size_t nonce_len,
2375 const unsigned char *in, size_t in_len, const unsigned char *ad,
2376 size_t ad_len)
2377{
2378 const struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state;
2379 unsigned char tag[EVP_AEAD_AES_GCM_TAG_LEN];
2380 GCM128_CONTEXT gcm;
2381 size_t plaintext_len;
2382 size_t bulk = 0;
2383
2384 if (in_len < gcm_ctx->tag_len) {
2385 EVPerror(EVP_R_BAD_DECRYPT);
2386 return 0;
2387 }
2388
2389 plaintext_len = in_len - gcm_ctx->tag_len;
2390
2391 if (max_out_len < plaintext_len) {
2392 EVPerror(EVP_R_BUFFER_TOO_SMALL);
2393 return 0;
2394 }
2395
2396 memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
2397
2398 if (nonce_len == 0) {
2399 EVPerror(EVP_R_INVALID_IV_LENGTH);
2400 return 0;
2401 }
2402 CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len);
2403
2404 if (CRYPTO_gcm128_aad(&gcm, ad, ad_len))
2405 return 0;
2406
2407 if (gcm_ctx->ctr) {
2408 if (CRYPTO_gcm128_decrypt_ctr32(&gcm, in + bulk, out + bulk,
2409 in_len - bulk - gcm_ctx->tag_len, gcm_ctx->ctr))
2410 return 0;
2411 } else {
2412 if (CRYPTO_gcm128_decrypt(&gcm, in + bulk, out + bulk,
2413 in_len - bulk - gcm_ctx->tag_len))
2414 return 0;
2415 }
2416
2417 CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len);
2418 if (timingsafe_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {
2419 EVPerror(EVP_R_BAD_DECRYPT);
2420 return 0;
2421 }
2422
2423 *out_len = plaintext_len;
2424
2425 return 1;
2426}
2427
2428static const EVP_AEAD aead_aes_128_gcm = {
2429 .key_len = 16,
2430 .nonce_len = 12,
2431 .overhead = EVP_AEAD_AES_GCM_TAG_LEN,
2432 .max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN,
2433
2434 .init = aead_aes_gcm_init,
2435 .cleanup = aead_aes_gcm_cleanup,
2436 .seal = aead_aes_gcm_seal,
2437 .open = aead_aes_gcm_open,
2438};
2439
2440static const EVP_AEAD aead_aes_256_gcm = {
2441 .key_len = 32,
2442 .nonce_len = 12,
2443 .overhead = EVP_AEAD_AES_GCM_TAG_LEN,
2444 .max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN,
2445
2446 .init = aead_aes_gcm_init,
2447 .cleanup = aead_aes_gcm_cleanup,
2448 .seal = aead_aes_gcm_seal,
2449 .open = aead_aes_gcm_open,
2450};
2451
2452const EVP_AEAD *
2453EVP_aead_aes_128_gcm(void)
2454{
2455 return &aead_aes_128_gcm;
2456}
2457LCRYPTO_ALIAS(EVP_aead_aes_128_gcm);
2458
2459const EVP_AEAD *
2460EVP_aead_aes_256_gcm(void)
2461{
2462 return &aead_aes_256_gcm;
2463}
2464LCRYPTO_ALIAS(EVP_aead_aes_256_gcm);
2465
2466typedef struct {
2467 union {
2468 double align;
2469 AES_KEY ks;
2470 } ks;
2471 unsigned char *iv;
2472} EVP_AES_WRAP_CTX;
2473
2474static int
2475aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
2476 const unsigned char *iv, int enc)
2477{
2478 EVP_AES_WRAP_CTX *wctx = (EVP_AES_WRAP_CTX *)ctx->cipher_data;
2479
2480 if (iv == NULL && key == NULL)
2481 return 1;
2482
2483 if (key != NULL) {
2484 if (ctx->encrypt)
2485 AES_set_encrypt_key(key, 8 * ctx->key_len,
2486 &wctx->ks.ks);
2487 else
2488 AES_set_decrypt_key(key, 8 * ctx->key_len,
2489 &wctx->ks.ks);
2490
2491 if (iv == NULL)
2492 wctx->iv = NULL;
2493 }
2494
2495 if (iv != NULL) {
2496 int iv_len = EVP_CIPHER_CTX_iv_length(ctx);
2497
2498 if (iv_len < 0 || iv_len > sizeof(ctx->iv))
2499 return 0;
2500 memcpy(ctx->iv, iv, iv_len);
2501 wctx->iv = ctx->iv;
2502 }
2503
2504 return 1;
2505}
2506
2507static int
2508aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
2509 const unsigned char *in, size_t inlen)
2510{
2511 EVP_AES_WRAP_CTX *wctx = ctx->cipher_data;
2512 int ret;
2513
2514 if (in == NULL)
2515 return 0;
2516
2517 if (inlen % 8 != 0)
2518 return -1;
2519 if (ctx->encrypt && inlen < 8)
2520 return -1;
2521 if (!ctx->encrypt && inlen < 16)
2522 return -1;
2523 if (inlen > INT_MAX)
2524 return -1;
2525
2526 if (out == NULL) {
2527 if (ctx->encrypt)
2528 return inlen + 8;
2529 else
2530 return inlen - 8;
2531 }
2532
2533 if (ctx->encrypt)
2534 ret = AES_wrap_key(&wctx->ks.ks, wctx->iv, out, in,
2535 (unsigned int)inlen);
2536 else
2537 ret = AES_unwrap_key(&wctx->ks.ks, wctx->iv, out, in,
2538 (unsigned int)inlen);
2539
2540 return ret != 0 ? ret : -1;
2541}
2542
2543static int
2544aes_wrap_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
2545{
2546 EVP_AES_WRAP_CTX *wctx = c->cipher_data;
2547
2548 switch (type) {
2549 case EVP_CTRL_COPY:
2550 {
2551 EVP_CIPHER_CTX *out = ptr;
2552 EVP_AES_WRAP_CTX *wctx_out = out->cipher_data;
2553
2554 if (wctx->iv != NULL) {
2555 if (c->iv != wctx->iv)
2556 return 0;
2557
2558 wctx_out->iv = out->iv;
2559 }
2560
2561 return 1;
2562 }
2563 }
2564
2565 return -1;
2566}
2567
2568#define WRAP_FLAGS \
2569 ( EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER | \
2570 EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1 | \
2571 EVP_CIPH_CUSTOM_COPY )
2572
2573static const EVP_CIPHER aes_128_wrap = {
2574 .nid = NID_id_aes128_wrap,
2575 .block_size = 8,
2576 .key_len = 16,
2577 .iv_len = 8,
2578 .flags = WRAP_FLAGS,
2579 .init = aes_wrap_init_key,
2580 .do_cipher = aes_wrap_cipher,
2581 .cleanup = NULL,
2582 .ctx_size = sizeof(EVP_AES_WRAP_CTX),
2583 .set_asn1_parameters = NULL,
2584 .get_asn1_parameters = NULL,
2585 .ctrl = aes_wrap_ctrl,
2586};
2587
2588const EVP_CIPHER *
2589EVP_aes_128_wrap(void)
2590{
2591 return &aes_128_wrap;
2592}
2593LCRYPTO_ALIAS(EVP_aes_128_wrap);
2594
2595static const EVP_CIPHER aes_192_wrap = {
2596 .nid = NID_id_aes192_wrap,
2597 .block_size = 8,
2598 .key_len = 24,
2599 .iv_len = 8,
2600 .flags = WRAP_FLAGS,
2601 .init = aes_wrap_init_key,
2602 .do_cipher = aes_wrap_cipher,
2603 .cleanup = NULL,
2604 .ctx_size = sizeof(EVP_AES_WRAP_CTX),
2605 .set_asn1_parameters = NULL,
2606 .get_asn1_parameters = NULL,
2607 .ctrl = aes_wrap_ctrl,
2608};
2609
2610const EVP_CIPHER *
2611EVP_aes_192_wrap(void)
2612{
2613 return &aes_192_wrap;
2614}
2615LCRYPTO_ALIAS(EVP_aes_192_wrap);
2616
2617static const EVP_CIPHER aes_256_wrap = {
2618 .nid = NID_id_aes256_wrap,
2619 .block_size = 8,
2620 .key_len = 32,
2621 .iv_len = 8,
2622 .flags = WRAP_FLAGS,
2623 .init = aes_wrap_init_key,
2624 .do_cipher = aes_wrap_cipher,
2625 .cleanup = NULL,
2626 .ctx_size = sizeof(EVP_AES_WRAP_CTX),
2627 .set_asn1_parameters = NULL,
2628 .get_asn1_parameters = NULL,
2629 .ctrl = aes_wrap_ctrl,
2630};
2631
2632const EVP_CIPHER *
2633EVP_aes_256_wrap(void)
2634{
2635 return &aes_256_wrap;
2636}
2637LCRYPTO_ALIAS(EVP_aes_256_wrap);
2638
2639#endif
diff --git a/src/lib/libcrypto/evp/e_bf.c b/src/lib/libcrypto/evp/e_bf.c
deleted file mode 100644
index 4f3799975b..0000000000
--- a/src/lib/libcrypto/evp/e_bf.c
+++ /dev/null
@@ -1,247 +0,0 @@
1/* $OpenBSD: e_bf.c,v 1.19 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <limits.h>
60#include <stdio.h>
61
62#include <openssl/opensslconf.h>
63
64#ifndef OPENSSL_NO_BF
65
66#include <openssl/blowfish.h>
67#include <openssl/evp.h>
68#include <openssl/objects.h>
69
70#include "evp_local.h"
71
72typedef struct {
73 BF_KEY ks;
74} EVP_BF_KEY;
75
76#define data(ctx) ((EVP_BF_KEY *)(ctx)->cipher_data)
77
78static int
79bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
80 const unsigned char *iv, int enc)
81{
82 BF_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
83 return 1;
84}
85
86static int
87bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
88{
89 size_t chunk = LONG_MAX & ~0xff;
90
91 while (inl >= chunk) {
92 BF_cbc_encrypt(in, out, (long)chunk, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
93 inl -= chunk;
94 in += chunk;
95 out += chunk;
96 }
97
98 if (inl)
99 BF_cbc_encrypt(in, out, (long)inl, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
100
101 return 1;
102}
103
104static int
105bf_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
106{
107 size_t chunk = LONG_MAX & ~0xff;
108
109 if (inl < chunk)
110 chunk = inl;
111
112 while (inl && inl >= chunk) {
113 BF_cfb64_encrypt(in, out, (long)chunk, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
114 inl -= chunk;
115 in += chunk;
116 out += chunk;
117 if (inl < chunk)
118 chunk = inl;
119 }
120
121 return 1;
122}
123
124static int
125bf_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
126{
127 size_t i, bl;
128
129 bl = ctx->cipher->block_size;
130
131 if (inl < bl)
132 return 1;
133
134 inl -= bl;
135
136 for (i = 0; i <= inl; i += bl)
137 BF_ecb_encrypt(in + i, out + i, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->encrypt);
138
139 return 1;
140}
141
142static int
143bf_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
144{
145 size_t chunk = LONG_MAX & ~0xff;
146
147 while (inl >= chunk) {
148 BF_ofb64_encrypt(in, out, (long)chunk, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
149 inl -= chunk;
150 in += chunk;
151 out += chunk;
152 }
153
154 if (inl)
155 BF_ofb64_encrypt(in, out, (long)inl, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
156
157 return 1;
158}
159
160static const EVP_CIPHER bf_cbc = {
161 .nid = NID_bf_cbc,
162 .block_size = 8,
163 .key_len = 16,
164 .iv_len = 8,
165 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CBC_MODE,
166 .init = bf_init_key,
167 .do_cipher = bf_cbc_cipher,
168 .cleanup = NULL,
169 .ctx_size = sizeof(EVP_BF_KEY),
170 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
171 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
172 .ctrl = NULL,
173};
174
175const EVP_CIPHER *
176EVP_bf_cbc(void)
177{
178 return &bf_cbc;
179}
180LCRYPTO_ALIAS(EVP_bf_cbc);
181
182static const EVP_CIPHER bf_cfb64 = {
183 .nid = NID_bf_cfb64,
184 .block_size = 1,
185 .key_len = 16,
186 .iv_len = 8,
187 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CFB_MODE,
188 .init = bf_init_key,
189 .do_cipher = bf_cfb64_cipher,
190 .cleanup = NULL,
191 .ctx_size = sizeof(EVP_BF_KEY),
192 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
193 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
194 .ctrl = NULL,
195};
196
197const EVP_CIPHER *
198EVP_bf_cfb64(void)
199{
200 return &bf_cfb64;
201}
202LCRYPTO_ALIAS(EVP_bf_cfb64);
203
204static const EVP_CIPHER bf_ofb = {
205 .nid = NID_bf_ofb64,
206 .block_size = 1,
207 .key_len = 16,
208 .iv_len = 8,
209 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_OFB_MODE,
210 .init = bf_init_key,
211 .do_cipher = bf_ofb_cipher,
212 .cleanup = NULL,
213 .ctx_size = sizeof(EVP_BF_KEY),
214 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
215 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
216 .ctrl = NULL,
217};
218
219const EVP_CIPHER *
220EVP_bf_ofb(void)
221{
222 return &bf_ofb;
223}
224LCRYPTO_ALIAS(EVP_bf_ofb);
225
226static const EVP_CIPHER bf_ecb = {
227 .nid = NID_bf_ecb,
228 .block_size = 8,
229 .key_len = 16,
230 .iv_len = 0,
231 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ECB_MODE,
232 .init = bf_init_key,
233 .do_cipher = bf_ecb_cipher,
234 .cleanup = NULL,
235 .ctx_size = sizeof(EVP_BF_KEY),
236 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
237 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
238 .ctrl = NULL,
239};
240
241const EVP_CIPHER *
242EVP_bf_ecb(void)
243{
244 return &bf_ecb;
245}
246LCRYPTO_ALIAS(EVP_bf_ecb);
247#endif
diff --git a/src/lib/libcrypto/evp/e_camellia.c b/src/lib/libcrypto/evp/e_camellia.c
deleted file mode 100644
index 55dcc79922..0000000000
--- a/src/lib/libcrypto/evp/e_camellia.c
+++ /dev/null
@@ -1,823 +0,0 @@
1/* $OpenBSD: e_camellia.c,v 1.20 2024/04/09 13:52:41 beck Exp $ */
2/* ====================================================================
3 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <string.h>
57
58#include <openssl/opensslconf.h>
59
60#ifndef OPENSSL_NO_CAMELLIA
61#include <openssl/evp.h>
62#include <openssl/err.h>
63#include <openssl/camellia.h>
64
65#include "evp_local.h"
66
67/* Camellia subkey Structure */
68typedef struct {
69 CAMELLIA_KEY ks;
70} EVP_CAMELLIA_KEY;
71
72/* Attribute operation for Camellia */
73#define data(ctx) ((EVP_CAMELLIA_KEY *)(ctx)->cipher_data)
74
75static int
76camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
77 const unsigned char *iv, int enc)
78{
79 int ret;
80
81 ret = Camellia_set_key(key, ctx->key_len * 8, ctx->cipher_data);
82
83 if (ret < 0) {
84 EVPerror(EVP_R_CAMELLIA_KEY_SETUP_FAILED);
85 return 0;
86 }
87
88 return 1;
89}
90
91static int
92camellia_128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
93{
94 while (inl >= EVP_MAXCHUNK) {
95 Camellia_cbc_encrypt(in, out, EVP_MAXCHUNK, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
96 inl -= EVP_MAXCHUNK;
97 in += EVP_MAXCHUNK;
98 out += EVP_MAXCHUNK;
99 }
100
101 if (inl)
102 Camellia_cbc_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
103
104 return 1;
105}
106
107static int
108camellia_128_cfb128_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
109{
110 size_t chunk = EVP_MAXCHUNK;
111
112 if (inl < chunk)
113 chunk = inl;
114
115 while (inl && inl >= chunk) {
116 Camellia_cfb128_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
117 inl -= chunk;
118 in += chunk;
119 out += chunk;
120 if (inl < chunk)
121 chunk = inl;
122 }
123
124 return 1;
125}
126
127static int
128camellia_128_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
129{
130 size_t i, bl;
131
132 bl = ctx->cipher->block_size;
133
134 if (inl < bl)
135 return 1;
136
137 inl -= bl;
138
139 for (i = 0; i <= inl; i += bl)
140 Camellia_ecb_encrypt(in + i, out + i, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->encrypt);
141
142 return 1;
143}
144
145static int
146camellia_128_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
147{
148 while (inl >= EVP_MAXCHUNK) {
149 Camellia_ofb128_encrypt(in, out, EVP_MAXCHUNK, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
150 inl -= EVP_MAXCHUNK;
151 in += EVP_MAXCHUNK;
152 out += EVP_MAXCHUNK;
153 }
154
155 if (inl)
156 Camellia_ofb128_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
157
158 return 1;
159}
160
161static const EVP_CIPHER camellia_128_cbc = {
162 .nid = NID_camellia_128_cbc,
163 .block_size = 16,
164 .key_len = 16,
165 .iv_len = 16,
166 .flags = 0 | EVP_CIPH_CBC_MODE,
167 .init = camellia_init_key,
168 .do_cipher = camellia_128_cbc_cipher,
169 .cleanup = NULL,
170 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
171 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
172 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
173 .ctrl = NULL,
174};
175
176const EVP_CIPHER *
177EVP_camellia_128_cbc(void)
178{
179 return &camellia_128_cbc;
180}
181LCRYPTO_ALIAS(EVP_camellia_128_cbc);
182
183static const EVP_CIPHER camellia_128_cfb128 = {
184 .nid = NID_camellia_128_cfb128,
185 .block_size = 1,
186 .key_len = 16,
187 .iv_len = 16,
188 .flags = 0 | EVP_CIPH_CFB_MODE,
189 .init = camellia_init_key,
190 .do_cipher = camellia_128_cfb128_cipher,
191 .cleanup = NULL,
192 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
193 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
194 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
195 .ctrl = NULL,
196};
197
198const EVP_CIPHER *
199EVP_camellia_128_cfb128(void)
200{
201 return &camellia_128_cfb128;
202}
203LCRYPTO_ALIAS(EVP_camellia_128_cfb128);
204
205static const EVP_CIPHER camellia_128_ofb = {
206 .nid = NID_camellia_128_ofb128,
207 .block_size = 1,
208 .key_len = 16,
209 .iv_len = 16,
210 .flags = 0 | EVP_CIPH_OFB_MODE,
211 .init = camellia_init_key,
212 .do_cipher = camellia_128_ofb_cipher,
213 .cleanup = NULL,
214 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
215 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
216 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
217 .ctrl = NULL,
218};
219
220const EVP_CIPHER *
221EVP_camellia_128_ofb(void)
222{
223 return &camellia_128_ofb;
224}
225LCRYPTO_ALIAS(EVP_camellia_128_ofb);
226
227static const EVP_CIPHER camellia_128_ecb = {
228 .nid = NID_camellia_128_ecb,
229 .block_size = 16,
230 .key_len = 16,
231 .iv_len = 0,
232 .flags = 0 | EVP_CIPH_ECB_MODE,
233 .init = camellia_init_key,
234 .do_cipher = camellia_128_ecb_cipher,
235 .cleanup = NULL,
236 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
237 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
238 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
239 .ctrl = NULL,
240};
241
242const EVP_CIPHER *
243EVP_camellia_128_ecb(void)
244{
245 return &camellia_128_ecb;
246}
247LCRYPTO_ALIAS(EVP_camellia_128_ecb);
248
249static int
250camellia_192_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
251{
252 while (inl >= EVP_MAXCHUNK) {
253 Camellia_cbc_encrypt(in, out, EVP_MAXCHUNK, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
254 inl -= EVP_MAXCHUNK;
255 in += EVP_MAXCHUNK;
256 out += EVP_MAXCHUNK;
257 }
258
259 if (inl)
260 Camellia_cbc_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
261
262 return 1;
263}
264
265static int
266camellia_192_cfb128_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
267{
268 size_t chunk = EVP_MAXCHUNK;
269
270 if (inl < chunk)
271 chunk = inl;
272
273 while (inl && inl >= chunk) {
274 Camellia_cfb128_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
275 inl -= chunk;
276 in += chunk;
277 out += chunk;
278 if (inl < chunk)
279 chunk = inl;
280 }
281
282 return 1;
283}
284
285static int
286camellia_192_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
287{
288 size_t i, bl;
289
290 bl = ctx->cipher->block_size;
291
292 if (inl < bl)
293 return 1;
294
295 inl -= bl;
296
297 for (i = 0; i <= inl; i += bl)
298 Camellia_ecb_encrypt(in + i, out + i, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->encrypt);
299
300 return 1;
301}
302
303static int
304camellia_192_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
305{
306 while (inl >= EVP_MAXCHUNK) {
307 Camellia_ofb128_encrypt(in, out, EVP_MAXCHUNK, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
308 inl -= EVP_MAXCHUNK;
309 in += EVP_MAXCHUNK;
310 out += EVP_MAXCHUNK;
311 }
312
313 if (inl)
314 Camellia_ofb128_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
315
316 return 1;
317}
318
319static const EVP_CIPHER camellia_192_cbc = {
320 .nid = NID_camellia_192_cbc,
321 .block_size = 16,
322 .key_len = 24,
323 .iv_len = 16,
324 .flags = 0 | EVP_CIPH_CBC_MODE,
325 .init = camellia_init_key,
326 .do_cipher = camellia_192_cbc_cipher,
327 .cleanup = NULL,
328 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
329 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
330 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
331 .ctrl = NULL,
332};
333
334const EVP_CIPHER *
335EVP_camellia_192_cbc(void)
336{
337 return &camellia_192_cbc;
338}
339LCRYPTO_ALIAS(EVP_camellia_192_cbc);
340
341static const EVP_CIPHER camellia_192_cfb128 = {
342 .nid = NID_camellia_192_cfb128,
343 .block_size = 1,
344 .key_len = 24,
345 .iv_len = 16,
346 .flags = 0 | EVP_CIPH_CFB_MODE,
347 .init = camellia_init_key,
348 .do_cipher = camellia_192_cfb128_cipher,
349 .cleanup = NULL,
350 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
351 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
352 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
353 .ctrl = NULL,
354};
355
356const EVP_CIPHER *
357EVP_camellia_192_cfb128(void)
358{
359 return &camellia_192_cfb128;
360}
361LCRYPTO_ALIAS(EVP_camellia_192_cfb128);
362
363static const EVP_CIPHER camellia_192_ofb = {
364 .nid = NID_camellia_192_ofb128,
365 .block_size = 1,
366 .key_len = 24,
367 .iv_len = 16,
368 .flags = 0 | EVP_CIPH_OFB_MODE,
369 .init = camellia_init_key,
370 .do_cipher = camellia_192_ofb_cipher,
371 .cleanup = NULL,
372 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
373 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
374 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
375 .ctrl = NULL,
376};
377
378const EVP_CIPHER *
379EVP_camellia_192_ofb(void)
380{
381 return &camellia_192_ofb;
382}
383LCRYPTO_ALIAS(EVP_camellia_192_ofb);
384
385static const EVP_CIPHER camellia_192_ecb = {
386 .nid = NID_camellia_192_ecb,
387 .block_size = 16,
388 .key_len = 24,
389 .iv_len = 0,
390 .flags = 0 | EVP_CIPH_ECB_MODE,
391 .init = camellia_init_key,
392 .do_cipher = camellia_192_ecb_cipher,
393 .cleanup = NULL,
394 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
395 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
396 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
397 .ctrl = NULL,
398};
399
400const EVP_CIPHER *
401EVP_camellia_192_ecb(void)
402{
403 return &camellia_192_ecb;
404}
405LCRYPTO_ALIAS(EVP_camellia_192_ecb);
406
407static int
408camellia_256_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
409{
410 while (inl >= EVP_MAXCHUNK) {
411 Camellia_cbc_encrypt(in, out, EVP_MAXCHUNK, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
412 inl -= EVP_MAXCHUNK;
413 in += EVP_MAXCHUNK;
414 out += EVP_MAXCHUNK;
415 }
416
417 if (inl)
418 Camellia_cbc_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
419
420 return 1;
421}
422
423static int
424camellia_256_cfb128_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
425{
426 size_t chunk = EVP_MAXCHUNK;
427
428 if (inl < chunk)
429 chunk = inl;
430
431 while (inl && inl >= chunk) {
432 Camellia_cfb128_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
433 inl -= chunk;
434 in += chunk;
435 out += chunk;
436 if (inl < chunk)
437 chunk = inl;
438 }
439
440 return 1;
441}
442
443static int
444camellia_256_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
445{
446 size_t i, bl;
447
448 bl = ctx->cipher->block_size;
449
450 if (inl < bl)
451 return 1;
452
453 inl -= bl;
454
455 for (i = 0; i <= inl; i += bl)
456 Camellia_ecb_encrypt(in + i, out + i, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->encrypt);
457
458 return 1;
459}
460
461static int
462camellia_256_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
463{
464 while (inl >= EVP_MAXCHUNK) {
465 Camellia_ofb128_encrypt(in, out, EVP_MAXCHUNK, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
466 inl -= EVP_MAXCHUNK;
467 in += EVP_MAXCHUNK;
468 out += EVP_MAXCHUNK;
469 }
470
471 if (inl)
472 Camellia_ofb128_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
473
474 return 1;
475}
476
477static const EVP_CIPHER camellia_256_cbc = {
478 .nid = NID_camellia_256_cbc,
479 .block_size = 16,
480 .key_len = 32,
481 .iv_len = 16,
482 .flags = 0 | EVP_CIPH_CBC_MODE,
483 .init = camellia_init_key,
484 .do_cipher = camellia_256_cbc_cipher,
485 .cleanup = NULL,
486 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
487 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
488 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
489 .ctrl = NULL,
490};
491
492const EVP_CIPHER *
493EVP_camellia_256_cbc(void)
494{
495 return &camellia_256_cbc;
496}
497LCRYPTO_ALIAS(EVP_camellia_256_cbc);
498
499static const EVP_CIPHER camellia_256_cfb128 = {
500 .nid = NID_camellia_256_cfb128,
501 .block_size = 1,
502 .key_len = 32,
503 .iv_len = 16,
504 .flags = 0 | EVP_CIPH_CFB_MODE,
505 .init = camellia_init_key,
506 .do_cipher = camellia_256_cfb128_cipher,
507 .cleanup = NULL,
508 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
509 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
510 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
511 .ctrl = NULL,
512};
513
514const EVP_CIPHER *
515EVP_camellia_256_cfb128(void)
516{
517 return &camellia_256_cfb128;
518}
519LCRYPTO_ALIAS(EVP_camellia_256_cfb128);
520
521static const EVP_CIPHER camellia_256_ofb = {
522 .nid = NID_camellia_256_ofb128,
523 .block_size = 1,
524 .key_len = 32,
525 .iv_len = 16,
526 .flags = 0 | EVP_CIPH_OFB_MODE,
527 .init = camellia_init_key,
528 .do_cipher = camellia_256_ofb_cipher,
529 .cleanup = NULL,
530 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
531 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
532 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
533 .ctrl = NULL,
534};
535
536const EVP_CIPHER *
537EVP_camellia_256_ofb(void)
538{
539 return &camellia_256_ofb;
540}
541LCRYPTO_ALIAS(EVP_camellia_256_ofb);
542
543static const EVP_CIPHER camellia_256_ecb = {
544 .nid = NID_camellia_256_ecb,
545 .block_size = 16,
546 .key_len = 32,
547 .iv_len = 0,
548 .flags = 0 | EVP_CIPH_ECB_MODE,
549 .init = camellia_init_key,
550 .do_cipher = camellia_256_ecb_cipher,
551 .cleanup = NULL,
552 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
553 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
554 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
555 .ctrl = NULL,
556};
557
558const EVP_CIPHER *
559EVP_camellia_256_ecb(void)
560{
561 return &camellia_256_ecb;
562}
563LCRYPTO_ALIAS(EVP_camellia_256_ecb);
564
565static int
566camellia_128_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
567{
568 size_t chunk = EVP_MAXCHUNK;
569
570 chunk >>= 3;
571
572 if (inl < chunk)
573 chunk = inl;
574
575 while (inl && inl >= chunk) {
576 Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? chunk * 8 : chunk), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
577 inl -= chunk;
578 in += chunk;
579 out += chunk;
580 if (inl < chunk)
581 chunk = inl;
582 }
583
584 return 1;
585}
586
587static const EVP_CIPHER camellia_128_cfb1 = {
588 .nid = NID_camellia_128_cfb1,
589 .block_size = 1,
590 .key_len = 128/8,
591 .iv_len = 16,
592 .flags = 0 | EVP_CIPH_CFB_MODE,
593 .init = camellia_init_key,
594 .do_cipher = camellia_128_cfb1_cipher,
595 .cleanup = NULL,
596 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
597 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
598 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
599 .ctrl = NULL,
600};
601
602const EVP_CIPHER *
603EVP_camellia_128_cfb1(void)
604{
605 return &camellia_128_cfb1;
606}
607LCRYPTO_ALIAS(EVP_camellia_128_cfb1);
608
609static int
610camellia_192_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
611{
612 size_t chunk = EVP_MAXCHUNK;
613
614 chunk >>= 3;
615
616 if (inl < chunk)
617 chunk = inl;
618
619 while (inl && inl >= chunk) {
620 Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? chunk * 8 : chunk), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
621 inl -= chunk;
622 in += chunk;
623 out += chunk;
624 if (inl < chunk)
625 chunk = inl;
626 }
627
628 return 1;
629}
630
631static const EVP_CIPHER camellia_192_cfb1 = {
632 .nid = NID_camellia_192_cfb1,
633 .block_size = 1,
634 .key_len = 192/8,
635 .iv_len = 16,
636 .flags = 0 | EVP_CIPH_CFB_MODE,
637 .init = camellia_init_key,
638 .do_cipher = camellia_192_cfb1_cipher,
639 .cleanup = NULL,
640 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
641 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
642 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
643 .ctrl = NULL,
644};
645
646const EVP_CIPHER *
647EVP_camellia_192_cfb1(void)
648{
649 return &camellia_192_cfb1;
650}
651LCRYPTO_ALIAS(EVP_camellia_192_cfb1);
652
653static int
654camellia_256_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
655{
656 size_t chunk = EVP_MAXCHUNK;
657
658 chunk >>= 3;
659
660 if (inl < chunk)
661 chunk = inl;
662
663 while (inl && inl >= chunk) {
664 Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? chunk * 8 : chunk), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
665 inl -= chunk;
666 in += chunk;
667 out += chunk;
668 if (inl < chunk)
669 chunk = inl;
670 }
671
672 return 1;
673}
674
675static const EVP_CIPHER camellia_256_cfb1 = {
676 .nid = NID_camellia_256_cfb1,
677 .block_size = 1,
678 .key_len = 256/8,
679 .iv_len = 16,
680 .flags = 0 | EVP_CIPH_CFB_MODE,
681 .init = camellia_init_key,
682 .do_cipher = camellia_256_cfb1_cipher,
683 .cleanup = NULL,
684 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
685 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
686 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
687 .ctrl = NULL,
688};
689
690const EVP_CIPHER *
691EVP_camellia_256_cfb1(void)
692{
693 return &camellia_256_cfb1;
694}
695LCRYPTO_ALIAS(EVP_camellia_256_cfb1);
696
697
698static int
699camellia_128_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
700{
701 size_t chunk = EVP_MAXCHUNK;
702
703 if (inl < chunk)
704 chunk = inl;
705
706 while (inl && inl >= chunk) {
707 Camellia_cfb8_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
708 inl -= chunk;
709 in += chunk;
710 out += chunk;
711 if (inl < chunk)
712 chunk = inl;
713 }
714
715 return 1;
716}
717
718static const EVP_CIPHER camellia_128_cfb8 = {
719 .nid = NID_camellia_128_cfb8,
720 .block_size = 1,
721 .key_len = 128/8,
722 .iv_len = 16,
723 .flags = 0 | EVP_CIPH_CFB_MODE,
724 .init = camellia_init_key,
725 .do_cipher = camellia_128_cfb8_cipher,
726 .cleanup = NULL,
727 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
728 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
729 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
730 .ctrl = NULL,
731};
732
733const EVP_CIPHER *
734EVP_camellia_128_cfb8(void)
735{
736 return &camellia_128_cfb8;
737}
738LCRYPTO_ALIAS(EVP_camellia_128_cfb8);
739
740static int
741camellia_192_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
742{
743 size_t chunk = EVP_MAXCHUNK;
744
745 if (inl < chunk)
746 chunk = inl;
747
748 while (inl && inl >= chunk) {
749 Camellia_cfb8_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
750 inl -= chunk;
751 in += chunk;
752 out += chunk;
753 if (inl < chunk)
754 chunk = inl;
755 }
756
757 return 1;
758}
759
760static const EVP_CIPHER camellia_192_cfb8 = {
761 .nid = NID_camellia_192_cfb8,
762 .block_size = 1,
763 .key_len = 192/8,
764 .iv_len = 16,
765 .flags = 0 | EVP_CIPH_CFB_MODE,
766 .init = camellia_init_key,
767 .do_cipher = camellia_192_cfb8_cipher,
768 .cleanup = NULL,
769 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
770 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
771 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
772 .ctrl = NULL,
773};
774
775const EVP_CIPHER *
776EVP_camellia_192_cfb8(void)
777{
778 return &camellia_192_cfb8;
779}
780LCRYPTO_ALIAS(EVP_camellia_192_cfb8);
781
782static int
783camellia_256_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
784{
785 size_t chunk = EVP_MAXCHUNK;
786
787 if (inl < chunk)
788 chunk = inl;
789
790 while (inl && inl >= chunk) {
791 Camellia_cfb8_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
792 inl -= chunk;
793 in += chunk;
794 out += chunk;
795 if (inl < chunk)
796 chunk = inl;
797 }
798
799 return 1;
800}
801
802static const EVP_CIPHER camellia_256_cfb8 = {
803 .nid = NID_camellia_256_cfb8,
804 .block_size = 1,
805 .key_len = 256/8,
806 .iv_len = 16,
807 .flags = 0 | EVP_CIPH_CFB_MODE,
808 .init = camellia_init_key,
809 .do_cipher = camellia_256_cfb8_cipher,
810 .cleanup = NULL,
811 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
812 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
813 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
814 .ctrl = NULL,
815};
816
817const EVP_CIPHER *
818EVP_camellia_256_cfb8(void)
819{
820 return &camellia_256_cfb8;
821}
822LCRYPTO_ALIAS(EVP_camellia_256_cfb8);
823#endif
diff --git a/src/lib/libcrypto/evp/e_cast.c b/src/lib/libcrypto/evp/e_cast.c
deleted file mode 100644
index 1575a7a5bb..0000000000
--- a/src/lib/libcrypto/evp/e_cast.c
+++ /dev/null
@@ -1,247 +0,0 @@
1/* $OpenBSD: e_cast.c,v 1.18 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <limits.h>
60#include <stdio.h>
61
62#include <openssl/opensslconf.h>
63
64#ifndef OPENSSL_NO_CAST
65
66#include <openssl/cast.h>
67#include <openssl/evp.h>
68#include <openssl/objects.h>
69
70#include "evp_local.h"
71
72typedef struct {
73 CAST_KEY ks;
74} EVP_CAST_KEY;
75
76#define data(ctx) ((EVP_CAST_KEY *)(ctx)->cipher_data)
77
78static int
79cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
80 const unsigned char *iv, int enc)
81{
82 CAST_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
83 return 1;
84}
85
86static int
87cast5_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
88{
89 size_t chunk = LONG_MAX & ~0xff;
90
91 while (inl >= chunk) {
92 CAST_cbc_encrypt(in, out, (long)chunk, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
93 inl -= chunk;
94 in += chunk;
95 out += chunk;
96 }
97
98 if (inl)
99 CAST_cbc_encrypt(in, out, (long)inl, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
100
101 return 1;
102}
103
104static int
105cast5_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
106{
107 size_t chunk = LONG_MAX & ~0xff;
108
109 if (inl < chunk)
110 chunk = inl;
111
112 while (inl && inl >= chunk) {
113 CAST_cfb64_encrypt(in, out, (long)chunk, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
114 inl -= chunk;
115 in += chunk;
116 out += chunk;
117 if (inl < chunk)
118 chunk = inl;
119 }
120
121 return 1;
122}
123
124static int
125cast5_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
126{
127 size_t i, bl;
128
129 bl = ctx->cipher->block_size;
130
131 if (inl < bl)
132 return 1;
133
134 inl -= bl;
135
136 for (i = 0; i <= inl; i += bl)
137 CAST_ecb_encrypt(in + i, out + i, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->encrypt);
138
139 return 1;
140}
141
142static int
143cast5_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
144{
145 size_t chunk = LONG_MAX & ~0xff;
146
147 while (inl >= chunk) {
148 CAST_ofb64_encrypt(in, out, (long)chunk, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
149 inl -= chunk;
150 in += chunk;
151 out += chunk;
152 }
153
154 if (inl)
155 CAST_ofb64_encrypt(in, out, (long)inl, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
156
157 return 1;
158}
159
160static const EVP_CIPHER cast5_cbc = {
161 .nid = NID_cast5_cbc,
162 .block_size = 8,
163 .key_len = CAST_KEY_LENGTH,
164 .iv_len = 8,
165 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CBC_MODE,
166 .init = cast_init_key,
167 .do_cipher = cast5_cbc_cipher,
168 .cleanup = NULL,
169 .ctx_size = sizeof(EVP_CAST_KEY),
170 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
171 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
172 .ctrl = NULL,
173};
174
175const EVP_CIPHER *
176EVP_cast5_cbc(void)
177{
178 return &cast5_cbc;
179}
180LCRYPTO_ALIAS(EVP_cast5_cbc);
181
182static const EVP_CIPHER cast5_cfb64 = {
183 .nid = NID_cast5_cfb64,
184 .block_size = 1,
185 .key_len = CAST_KEY_LENGTH,
186 .iv_len = 8,
187 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CFB_MODE,
188 .init = cast_init_key,
189 .do_cipher = cast5_cfb64_cipher,
190 .cleanup = NULL,
191 .ctx_size = sizeof(EVP_CAST_KEY),
192 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
193 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
194 .ctrl = NULL,
195};
196
197const EVP_CIPHER *
198EVP_cast5_cfb64(void)
199{
200 return &cast5_cfb64;
201}
202LCRYPTO_ALIAS(EVP_cast5_cfb64);
203
204static const EVP_CIPHER cast5_ofb = {
205 .nid = NID_cast5_ofb64,
206 .block_size = 1,
207 .key_len = CAST_KEY_LENGTH,
208 .iv_len = 8,
209 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_OFB_MODE,
210 .init = cast_init_key,
211 .do_cipher = cast5_ofb_cipher,
212 .cleanup = NULL,
213 .ctx_size = sizeof(EVP_CAST_KEY),
214 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
215 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
216 .ctrl = NULL,
217};
218
219const EVP_CIPHER *
220EVP_cast5_ofb(void)
221{
222 return &cast5_ofb;
223}
224LCRYPTO_ALIAS(EVP_cast5_ofb);
225
226static const EVP_CIPHER cast5_ecb = {
227 .nid = NID_cast5_ecb,
228 .block_size = 8,
229 .key_len = CAST_KEY_LENGTH,
230 .iv_len = 0,
231 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ECB_MODE,
232 .init = cast_init_key,
233 .do_cipher = cast5_ecb_cipher,
234 .cleanup = NULL,
235 .ctx_size = sizeof(EVP_CAST_KEY),
236 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
237 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
238 .ctrl = NULL,
239};
240
241const EVP_CIPHER *
242EVP_cast5_ecb(void)
243{
244 return &cast5_ecb;
245}
246LCRYPTO_ALIAS(EVP_cast5_ecb);
247#endif
diff --git a/src/lib/libcrypto/evp/e_chacha.c b/src/lib/libcrypto/evp/e_chacha.c
deleted file mode 100644
index 4c801b3920..0000000000
--- a/src/lib/libcrypto/evp/e_chacha.c
+++ /dev/null
@@ -1,77 +0,0 @@
1/* $OpenBSD: e_chacha.c,v 1.14 2024/04/09 13:52:41 beck Exp $ */
2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/opensslconf.h>
19
20#ifndef OPENSSL_NO_CHACHA
21
22#include <openssl/chacha.h>
23#include <openssl/evp.h>
24#include <openssl/objects.h>
25
26#include "evp_local.h"
27
28static int
29chacha_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
30 const unsigned char *openssl_iv, int enc)
31{
32 if (key != NULL)
33 ChaCha_set_key((ChaCha_ctx *)ctx->cipher_data, key,
34 EVP_CIPHER_CTX_key_length(ctx) * 8);
35 if (openssl_iv != NULL) {
36 const unsigned char *iv = openssl_iv + 8;
37 const unsigned char *counter = openssl_iv;
38
39 ChaCha_set_iv((ChaCha_ctx *)ctx->cipher_data, iv, counter);
40 }
41 return 1;
42}
43
44static int
45chacha_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
46 size_t len)
47{
48 ChaCha((ChaCha_ctx *)ctx->cipher_data, out, in, len);
49 return 1;
50}
51
52static const EVP_CIPHER chacha20_cipher = {
53 .nid = NID_chacha20,
54 .block_size = 1,
55 .key_len = 32,
56 /*
57 * The 16-byte EVP IV is split into 4 little-endian 4-byte words
58 * evpiv[15:12] evpiv[11:8] evpiv[7:4] evpiv[3:0]
59 * iv[1] iv[0] counter[1] counter[0]
60 * and passed as iv[] and counter[] to ChaCha_set_iv().
61 */
62 .iv_len = 16,
63 .flags = EVP_CIPH_STREAM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT |
64 EVP_CIPH_CUSTOM_IV,
65 .init = chacha_init,
66 .do_cipher = chacha_cipher,
67 .ctx_size = sizeof(ChaCha_ctx)
68};
69
70const EVP_CIPHER *
71EVP_chacha20(void)
72{
73 return (&chacha20_cipher);
74}
75LCRYPTO_ALIAS(EVP_chacha20);
76
77#endif
diff --git a/src/lib/libcrypto/evp/e_chacha20poly1305.c b/src/lib/libcrypto/evp/e_chacha20poly1305.c
deleted file mode 100644
index d176569f90..0000000000
--- a/src/lib/libcrypto/evp/e_chacha20poly1305.c
+++ /dev/null
@@ -1,621 +0,0 @@
1/* $OpenBSD: e_chacha20poly1305.c,v 1.37 2024/12/20 20:05:29 schwarze Exp $ */
2
3/*
4 * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
5 * Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>
6 * Copyright (c) 2014, Google Inc.
7 *
8 * Permission to use, copy, modify, and/or distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
15 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
17 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
18 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
20
21#include <limits.h>
22#include <stdint.h>
23#include <string.h>
24
25#include <openssl/opensslconf.h>
26
27#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
28
29#include <openssl/err.h>
30#include <openssl/evp.h>
31#include <openssl/chacha.h>
32#include <openssl/poly1305.h>
33
34#include "bytestring.h"
35#include "evp_local.h"
36
37#define POLY1305_TAG_LEN 16
38
39#define CHACHA20_CONSTANT_LEN 4
40#define CHACHA20_IV_LEN 8
41#define CHACHA20_NONCE_LEN (CHACHA20_CONSTANT_LEN + CHACHA20_IV_LEN)
42#define XCHACHA20_NONCE_LEN 24
43
44struct aead_chacha20_poly1305_ctx {
45 unsigned char key[32];
46 unsigned char tag_len;
47};
48
49static int
50aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const unsigned char *key,
51 size_t key_len, size_t tag_len)
52{
53 struct aead_chacha20_poly1305_ctx *c20_ctx;
54
55 if (tag_len == 0)
56 tag_len = POLY1305_TAG_LEN;
57
58 if (tag_len > POLY1305_TAG_LEN) {
59 EVPerror(EVP_R_TOO_LARGE);
60 return 0;
61 }
62
63 /* Internal error - EVP_AEAD_CTX_init should catch this. */
64 if (key_len != sizeof(c20_ctx->key))
65 return 0;
66
67 c20_ctx = malloc(sizeof(struct aead_chacha20_poly1305_ctx));
68 if (c20_ctx == NULL)
69 return 0;
70
71 memcpy(&c20_ctx->key[0], key, key_len);
72 c20_ctx->tag_len = tag_len;
73 ctx->aead_state = c20_ctx;
74
75 return 1;
76}
77
78static void
79aead_chacha20_poly1305_cleanup(EVP_AEAD_CTX *ctx)
80{
81 struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
82
83 freezero(c20_ctx, sizeof(*c20_ctx));
84}
85
86static void
87poly1305_update_with_length(poly1305_state *poly1305,
88 const unsigned char *data, size_t data_len)
89{
90 size_t j = data_len;
91 unsigned char length_bytes[8];
92 unsigned i;
93
94 for (i = 0; i < sizeof(length_bytes); i++) {
95 length_bytes[i] = j;
96 j >>= 8;
97 }
98
99 if (data != NULL)
100 CRYPTO_poly1305_update(poly1305, data, data_len);
101 CRYPTO_poly1305_update(poly1305, length_bytes, sizeof(length_bytes));
102}
103
104static void
105poly1305_pad16(poly1305_state *poly1305, size_t data_len)
106{
107 static const unsigned char zero_pad16[16];
108 size_t pad_len;
109
110 /* pad16() is defined in RFC 8439 2.8.1. */
111 if ((pad_len = data_len % 16) == 0)
112 return;
113
114 CRYPTO_poly1305_update(poly1305, zero_pad16, 16 - pad_len);
115}
116
117static void
118poly1305_update_with_pad16(poly1305_state *poly1305,
119 const unsigned char *data, size_t data_len)
120{
121 CRYPTO_poly1305_update(poly1305, data, data_len);
122 poly1305_pad16(poly1305, data_len);
123}
124
125static int
126aead_chacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, unsigned char *out,
127 size_t *out_len, size_t max_out_len, const unsigned char *nonce,
128 size_t nonce_len, const unsigned char *in, size_t in_len,
129 const unsigned char *ad, size_t ad_len)
130{
131 const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
132 unsigned char poly1305_key[32];
133 poly1305_state poly1305;
134 const unsigned char *iv;
135 uint64_t ctr;
136
137 if (max_out_len < in_len + c20_ctx->tag_len) {
138 EVPerror(EVP_R_BUFFER_TOO_SMALL);
139 return 0;
140 }
141
142 if (nonce_len != ctx->aead->nonce_len) {
143 EVPerror(EVP_R_IV_TOO_LARGE);
144 return 0;
145 }
146
147 ctr = (uint64_t)((uint32_t)(nonce[0]) | (uint32_t)(nonce[1]) << 8 |
148 (uint32_t)(nonce[2]) << 16 | (uint32_t)(nonce[3]) << 24) << 32;
149 iv = nonce + CHACHA20_CONSTANT_LEN;
150
151 memset(poly1305_key, 0, sizeof(poly1305_key));
152 CRYPTO_chacha_20(poly1305_key, poly1305_key,
153 sizeof(poly1305_key), c20_ctx->key, iv, ctr);
154
155 CRYPTO_poly1305_init(&poly1305, poly1305_key);
156 poly1305_update_with_pad16(&poly1305, ad, ad_len);
157 CRYPTO_chacha_20(out, in, in_len, c20_ctx->key, iv, ctr + 1);
158 poly1305_update_with_pad16(&poly1305, out, in_len);
159 poly1305_update_with_length(&poly1305, NULL, ad_len);
160 poly1305_update_with_length(&poly1305, NULL, in_len);
161
162 if (c20_ctx->tag_len != POLY1305_TAG_LEN) {
163 unsigned char tag[POLY1305_TAG_LEN];
164 CRYPTO_poly1305_finish(&poly1305, tag);
165 memcpy(out + in_len, tag, c20_ctx->tag_len);
166 *out_len = in_len + c20_ctx->tag_len;
167 return 1;
168 }
169
170 CRYPTO_poly1305_finish(&poly1305, out + in_len);
171 *out_len = in_len + POLY1305_TAG_LEN;
172 return 1;
173}
174
175static int
176aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out,
177 size_t *out_len, size_t max_out_len, const unsigned char *nonce,
178 size_t nonce_len, const unsigned char *in, size_t in_len,
179 const unsigned char *ad, size_t ad_len)
180{
181 const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
182 unsigned char mac[POLY1305_TAG_LEN];
183 unsigned char poly1305_key[32];
184 const unsigned char *iv = nonce;
185 poly1305_state poly1305;
186 size_t plaintext_len;
187 uint64_t ctr = 0;
188
189 if (in_len < c20_ctx->tag_len) {
190 EVPerror(EVP_R_BAD_DECRYPT);
191 return 0;
192 }
193
194 if (nonce_len != ctx->aead->nonce_len) {
195 EVPerror(EVP_R_IV_TOO_LARGE);
196 return 0;
197 }
198
199 plaintext_len = in_len - c20_ctx->tag_len;
200
201 if (max_out_len < plaintext_len) {
202 EVPerror(EVP_R_BUFFER_TOO_SMALL);
203 return 0;
204 }
205
206 ctr = (uint64_t)((uint32_t)(nonce[0]) | (uint32_t)(nonce[1]) << 8 |
207 (uint32_t)(nonce[2]) << 16 | (uint32_t)(nonce[3]) << 24) << 32;
208 iv = nonce + CHACHA20_CONSTANT_LEN;
209
210 memset(poly1305_key, 0, sizeof(poly1305_key));
211 CRYPTO_chacha_20(poly1305_key, poly1305_key,
212 sizeof(poly1305_key), c20_ctx->key, iv, ctr);
213
214 CRYPTO_poly1305_init(&poly1305, poly1305_key);
215 poly1305_update_with_pad16(&poly1305, ad, ad_len);
216 poly1305_update_with_pad16(&poly1305, in, plaintext_len);
217 poly1305_update_with_length(&poly1305, NULL, ad_len);
218 poly1305_update_with_length(&poly1305, NULL, plaintext_len);
219
220 CRYPTO_poly1305_finish(&poly1305, mac);
221
222 if (timingsafe_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) {
223 EVPerror(EVP_R_BAD_DECRYPT);
224 return 0;
225 }
226
227 CRYPTO_chacha_20(out, in, plaintext_len, c20_ctx->key, iv, ctr + 1);
228 *out_len = plaintext_len;
229 return 1;
230}
231
232static int
233aead_xchacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, unsigned char *out,
234 size_t *out_len, size_t max_out_len, const unsigned char *nonce,
235 size_t nonce_len, const unsigned char *in, size_t in_len,
236 const unsigned char *ad, size_t ad_len)
237{
238 const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
239 unsigned char poly1305_key[32];
240 unsigned char subkey[32];
241 poly1305_state poly1305;
242
243 if (max_out_len < in_len + c20_ctx->tag_len) {
244 EVPerror(EVP_R_BUFFER_TOO_SMALL);
245 return 0;
246 }
247
248 if (nonce_len != ctx->aead->nonce_len) {
249 EVPerror(EVP_R_IV_TOO_LARGE);
250 return 0;
251 }
252
253 CRYPTO_hchacha_20(subkey, c20_ctx->key, nonce);
254
255 CRYPTO_chacha_20(out, in, in_len, subkey, nonce + 16, 1);
256
257 memset(poly1305_key, 0, sizeof(poly1305_key));
258 CRYPTO_chacha_20(poly1305_key, poly1305_key, sizeof(poly1305_key),
259 subkey, nonce + 16, 0);
260
261 CRYPTO_poly1305_init(&poly1305, poly1305_key);
262 poly1305_update_with_pad16(&poly1305, ad, ad_len);
263 poly1305_update_with_pad16(&poly1305, out, in_len);
264 poly1305_update_with_length(&poly1305, NULL, ad_len);
265 poly1305_update_with_length(&poly1305, NULL, in_len);
266
267 if (c20_ctx->tag_len != POLY1305_TAG_LEN) {
268 unsigned char tag[POLY1305_TAG_LEN];
269 CRYPTO_poly1305_finish(&poly1305, tag);
270 memcpy(out + in_len, tag, c20_ctx->tag_len);
271 *out_len = in_len + c20_ctx->tag_len;
272 return 1;
273 }
274
275 CRYPTO_poly1305_finish(&poly1305, out + in_len);
276 *out_len = in_len + POLY1305_TAG_LEN;
277 return 1;
278}
279
280static int
281aead_xchacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out,
282 size_t *out_len, size_t max_out_len, const unsigned char *nonce,
283 size_t nonce_len, const unsigned char *in, size_t in_len,
284 const unsigned char *ad, size_t ad_len)
285{
286 const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
287 unsigned char mac[POLY1305_TAG_LEN];
288 unsigned char poly1305_key[32];
289 unsigned char subkey[32];
290 poly1305_state poly1305;
291 size_t plaintext_len;
292
293 if (in_len < c20_ctx->tag_len) {
294 EVPerror(EVP_R_BAD_DECRYPT);
295 return 0;
296 }
297
298 if (nonce_len != ctx->aead->nonce_len) {
299 EVPerror(EVP_R_IV_TOO_LARGE);
300 return 0;
301 }
302
303 plaintext_len = in_len - c20_ctx->tag_len;
304
305 if (max_out_len < plaintext_len) {
306 EVPerror(EVP_R_BUFFER_TOO_SMALL);
307 return 0;
308 }
309
310 CRYPTO_hchacha_20(subkey, c20_ctx->key, nonce);
311
312 memset(poly1305_key, 0, sizeof(poly1305_key));
313 CRYPTO_chacha_20(poly1305_key, poly1305_key, sizeof(poly1305_key),
314 subkey, nonce + 16, 0);
315
316 CRYPTO_poly1305_init(&poly1305, poly1305_key);
317 poly1305_update_with_pad16(&poly1305, ad, ad_len);
318 poly1305_update_with_pad16(&poly1305, in, plaintext_len);
319 poly1305_update_with_length(&poly1305, NULL, ad_len);
320 poly1305_update_with_length(&poly1305, NULL, plaintext_len);
321
322 CRYPTO_poly1305_finish(&poly1305, mac);
323 if (timingsafe_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) {
324 EVPerror(EVP_R_BAD_DECRYPT);
325 return 0;
326 }
327
328 CRYPTO_chacha_20(out, in, plaintext_len, subkey, nonce + 16, 1);
329
330 *out_len = plaintext_len;
331 return 1;
332}
333
334/* RFC 8439 */
335static const EVP_AEAD aead_chacha20_poly1305 = {
336 .key_len = 32,
337 .nonce_len = CHACHA20_NONCE_LEN,
338 .overhead = POLY1305_TAG_LEN,
339 .max_tag_len = POLY1305_TAG_LEN,
340
341 .init = aead_chacha20_poly1305_init,
342 .cleanup = aead_chacha20_poly1305_cleanup,
343 .seal = aead_chacha20_poly1305_seal,
344 .open = aead_chacha20_poly1305_open,
345};
346
347const EVP_AEAD *
348EVP_aead_chacha20_poly1305(void)
349{
350 return &aead_chacha20_poly1305;
351}
352LCRYPTO_ALIAS(EVP_aead_chacha20_poly1305);
353
354static const EVP_AEAD aead_xchacha20_poly1305 = {
355 .key_len = 32,
356 .nonce_len = XCHACHA20_NONCE_LEN,
357 .overhead = POLY1305_TAG_LEN,
358 .max_tag_len = POLY1305_TAG_LEN,
359
360 .init = aead_chacha20_poly1305_init,
361 .cleanup = aead_chacha20_poly1305_cleanup,
362 .seal = aead_xchacha20_poly1305_seal,
363 .open = aead_xchacha20_poly1305_open,
364};
365
366const EVP_AEAD *
367EVP_aead_xchacha20_poly1305(void)
368{
369 return &aead_xchacha20_poly1305;
370}
371LCRYPTO_ALIAS(EVP_aead_xchacha20_poly1305);
372
373struct chacha20_poly1305_ctx {
374 ChaCha_ctx chacha;
375 poly1305_state poly1305;
376
377 unsigned char key[32];
378 unsigned char nonce[CHACHA20_NONCE_LEN];
379 size_t nonce_len;
380 unsigned char tag[POLY1305_TAG_LEN];
381 size_t tag_len;
382
383 size_t ad_len;
384 size_t in_len;
385
386 int in_ad;
387 int started;
388};
389
390static int
391chacha20_poly1305_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
392 const unsigned char *iv, int encrypt)
393{
394 struct chacha20_poly1305_ctx *cpx = ctx->cipher_data;
395 uint8_t *data;
396 CBB cbb;
397 int ret = 0;
398
399 memset(&cbb, 0, sizeof(cbb));
400
401 if (key == NULL && iv == NULL)
402 goto done;
403
404 cpx->started = 0;
405
406 if (key != NULL)
407 memcpy(cpx->key, key, sizeof(cpx->key));
408
409 if (iv != NULL) {
410 /*
411 * Left zero pad if configured nonce length is less than ChaCha
412 * nonce length.
413 */
414 if (!CBB_init_fixed(&cbb, cpx->nonce, sizeof(cpx->nonce)))
415 goto err;
416 if (!CBB_add_space(&cbb, &data, sizeof(cpx->nonce) - cpx->nonce_len))
417 goto err;
418 if (!CBB_add_bytes(&cbb, iv, cpx->nonce_len))
419 goto err;
420 if (!CBB_finish(&cbb, NULL, NULL))
421 goto err;
422 }
423
424 done:
425 ret = 1;
426
427 err:
428 CBB_cleanup(&cbb);
429
430 return ret;
431}
432
433static int
434chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
435 const unsigned char *in, size_t len)
436{
437 struct chacha20_poly1305_ctx *cpx = ctx->cipher_data;
438
439 /*
440 * Since we're making AEAD work within the constraints of EVP_CIPHER...
441 * If in is non-NULL then this is an update, while if in is NULL then
442 * this is a final. If in is non-NULL but out is NULL, then the input
443 * being provided is associated data. Plus we have to handle encryption
444 * (sealing) and decryption (opening) in the same function.
445 */
446
447 if (!cpx->started) {
448 unsigned char poly1305_key[32];
449 const unsigned char *iv;
450 uint64_t ctr;
451
452 ctr = (uint64_t)((uint32_t)(cpx->nonce[0]) |
453 (uint32_t)(cpx->nonce[1]) << 8 |
454 (uint32_t)(cpx->nonce[2]) << 16 |
455 (uint32_t)(cpx->nonce[3]) << 24) << 32;
456 iv = cpx->nonce + CHACHA20_CONSTANT_LEN;
457
458 ChaCha_set_key(&cpx->chacha, cpx->key, 8 * sizeof(cpx->key));
459 ChaCha_set_iv(&cpx->chacha, iv, NULL);
460
461 /* See chacha.c for details re handling of counter. */
462 cpx->chacha.input[12] = (uint32_t)ctr;
463 cpx->chacha.input[13] = (uint32_t)(ctr >> 32);
464
465 memset(poly1305_key, 0, sizeof(poly1305_key));
466 ChaCha(&cpx->chacha, poly1305_key, poly1305_key,
467 sizeof(poly1305_key));
468 CRYPTO_poly1305_init(&cpx->poly1305, poly1305_key);
469
470 /* Mark remaining key block as used. */
471 cpx->chacha.unused = 0;
472
473 cpx->ad_len = 0;
474 cpx->in_len = 0;
475 cpx->in_ad = 0;
476
477 cpx->started = 1;
478 }
479
480 if (len > SIZE_MAX - cpx->in_len) {
481 EVPerror(EVP_R_TOO_LARGE);
482 return -1;
483 }
484
485 /* Disallow authenticated data after plaintext/ciphertext. */
486 if (cpx->in_len > 0 && in != NULL && out == NULL)
487 return -1;
488
489 if (cpx->in_ad && (in == NULL || out != NULL)) {
490 poly1305_pad16(&cpx->poly1305, cpx->ad_len);
491 cpx->in_ad = 0;
492 }
493
494 /* Update with AD or plaintext/ciphertext. */
495 if (in != NULL) {
496 if (!ctx->encrypt || out == NULL)
497 CRYPTO_poly1305_update(&cpx->poly1305, in, len);
498 if (out == NULL) {
499 cpx->ad_len += len;
500 cpx->in_ad = 1;
501 } else {
502 ChaCha(&cpx->chacha, out, in, len);
503 cpx->in_len += len;
504 }
505 if (ctx->encrypt && out != NULL)
506 CRYPTO_poly1305_update(&cpx->poly1305, out, len);
507
508 return len;
509 }
510
511 /* Final. */
512 poly1305_pad16(&cpx->poly1305, cpx->in_len);
513 poly1305_update_with_length(&cpx->poly1305, NULL, cpx->ad_len);
514 poly1305_update_with_length(&cpx->poly1305, NULL, cpx->in_len);
515
516 if (ctx->encrypt) {
517 CRYPTO_poly1305_finish(&cpx->poly1305, cpx->tag);
518 cpx->tag_len = sizeof(cpx->tag);
519 } else {
520 unsigned char tag[POLY1305_TAG_LEN];
521
522 /* Ensure that a tag has been provided. */
523 if (cpx->tag_len <= 0)
524 return -1;
525
526 CRYPTO_poly1305_finish(&cpx->poly1305, tag);
527 if (timingsafe_memcmp(tag, cpx->tag, cpx->tag_len) != 0)
528 return -1;
529 }
530
531 cpx->started = 0;
532
533 return len;
534}
535
536static int
537chacha20_poly1305_cleanup(EVP_CIPHER_CTX *ctx)
538{
539 struct chacha20_poly1305_ctx *cpx = ctx->cipher_data;
540
541 explicit_bzero(cpx, sizeof(*cpx));
542
543 return 1;
544}
545
546static int
547chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
548{
549 struct chacha20_poly1305_ctx *cpx = ctx->cipher_data;
550
551 switch (type) {
552 case EVP_CTRL_INIT:
553 memset(cpx, 0, sizeof(*cpx));
554 cpx->nonce_len = sizeof(cpx->nonce);
555 return 1;
556
557 case EVP_CTRL_AEAD_GET_IVLEN:
558 if (cpx->nonce_len > INT_MAX)
559 return 0;
560 *(int *)ptr = (int)cpx->nonce_len;
561 return 1;
562
563 case EVP_CTRL_AEAD_SET_IVLEN:
564 if (arg <= 0 || arg > sizeof(cpx->nonce))
565 return 0;
566 cpx->nonce_len = arg;
567 return 1;
568
569 case EVP_CTRL_AEAD_SET_TAG:
570 if (ctx->encrypt)
571 return 0;
572 if (arg <= 0 || arg > sizeof(cpx->tag))
573 return 0;
574 if (ptr != NULL) {
575 memcpy(cpx->tag, ptr, arg);
576 cpx->tag_len = arg;
577 }
578 return 1;
579
580 case EVP_CTRL_AEAD_GET_TAG:
581 if (!ctx->encrypt)
582 return 0;
583 if (arg <= 0 || arg > cpx->tag_len)
584 return 0;
585 memcpy(ptr, cpx->tag, arg);
586 return 1;
587
588 case EVP_CTRL_AEAD_SET_IV_FIXED:
589 if (arg != sizeof(cpx->nonce))
590 return 0;
591 memcpy(cpx->nonce, ptr, arg);
592 return 1;
593 }
594
595 return -1;
596}
597
598static const EVP_CIPHER cipher_chacha20_poly1305 = {
599 .nid = NID_chacha20_poly1305,
600 .block_size = 1,
601 .key_len = 32,
602 .iv_len = 12,
603 .flags = EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT |
604 EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_IV_LENGTH |
605 EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_CUSTOM_CIPHER |
606 EVP_CIPH_FLAG_DEFAULT_ASN1,
607 .init = chacha20_poly1305_init,
608 .do_cipher = chacha20_poly1305_cipher,
609 .cleanup = chacha20_poly1305_cleanup,
610 .ctx_size = sizeof(struct chacha20_poly1305_ctx),
611 .ctrl = chacha20_poly1305_ctrl,
612};
613
614const EVP_CIPHER *
615EVP_chacha20_poly1305(void)
616{
617 return &cipher_chacha20_poly1305;
618}
619LCRYPTO_ALIAS(EVP_chacha20_poly1305);
620
621#endif /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */
diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c
deleted file mode 100644
index fb335e95b1..0000000000
--- a/src/lib/libcrypto/evp/e_des.c
+++ /dev/null
@@ -1,355 +0,0 @@
1/* $OpenBSD: e_des.c,v 1.24 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <limits.h>
60#include <stdio.h>
61
62#include <openssl/opensslconf.h>
63
64#ifndef OPENSSL_NO_DES
65
66#include <openssl/evp.h>
67#include <openssl/des.h>
68#include <openssl/objects.h>
69
70#include "evp_local.h"
71
72static int
73des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
74 const unsigned char *iv, int enc)
75{
76 DES_cblock *deskey = (DES_cblock *)key;
77
78 DES_set_key_unchecked(deskey, ctx->cipher_data);
79 return 1;
80}
81
82static int
83des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
84{
85 switch (type) {
86 case EVP_CTRL_RAND_KEY:
87 if (DES_random_key((DES_cblock *)ptr) == 0)
88 return 0;
89 return 1;
90
91 default:
92 return -1;
93 }
94}
95
96static int
97des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
98 const unsigned char *in, size_t inl)
99{
100 size_t i, bl;
101
102 bl = ctx->cipher->block_size;
103
104 if (inl < bl)
105 return 1;
106
107 inl -= bl;
108
109 for (i = 0; i <= inl; i += bl)
110 DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
111 ctx->cipher_data, ctx->encrypt);
112
113 return 1;
114}
115
116static int
117des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
118 const unsigned char *in, size_t inl)
119{
120 size_t chunk = LONG_MAX & ~0xff;
121
122 while (inl >= chunk) {
123 DES_ofb64_encrypt(in, out, (long)chunk, ctx->cipher_data,
124 (DES_cblock *)ctx->iv, &ctx->num);
125 inl -= chunk;
126 in += chunk;
127 out += chunk;
128 }
129 if (inl)
130 DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data,
131 (DES_cblock *)ctx->iv, &ctx->num);
132 return 1;
133}
134
135static int
136des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
137 const unsigned char *in, size_t inl)
138{
139 size_t chunk = LONG_MAX & ~0xff;
140
141 while (inl >= chunk) {
142 DES_ncbc_encrypt(in, out, (long)chunk, ctx->cipher_data,
143 (DES_cblock *)ctx->iv, ctx->encrypt);
144 inl -= chunk;
145 in += chunk;
146 out += chunk;
147 }
148 if (inl)
149 DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
150 (DES_cblock *)ctx->iv, ctx->encrypt);
151 return 1;
152}
153
154static int
155des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
156 const unsigned char *in, size_t inl)
157{
158 size_t chunk = LONG_MAX & ~0xff;
159
160 while (inl >= chunk) {
161 DES_cfb64_encrypt(in, out, (long)chunk, ctx->cipher_data,
162 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
163 inl -= chunk;
164 in += chunk;
165 out += chunk;
166 }
167 if (inl)
168 DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
169 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
170 return 1;
171}
172
173/* Although we have a CFB-r implementation for DES, it doesn't pack the right
174 way, so wrap it here */
175static int
176des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
177 const unsigned char *in, size_t inl)
178{
179 unsigned char c[1], d[1];
180 size_t chunk = LONG_MAX / 8;
181 size_t n;
182
183 if (inl < chunk)
184 chunk = inl;
185
186 while (inl && inl >= chunk) {
187 for (n = 0; n < chunk*8; ++n) {
188 c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
189 DES_cfb_encrypt(c, d, 1, 1, ctx->cipher_data,
190 (DES_cblock *)ctx->iv, ctx->encrypt);
191 out[n / 8] = (out[n / 8] &
192 ~(0x80 >> (unsigned int)(n % 8))) |
193 ((d[0] & 0x80) >> (unsigned int)(n % 8));
194 }
195 inl -= chunk;
196 in += chunk;
197 out += chunk;
198 if (inl < chunk)
199 chunk = inl;
200 }
201
202 return 1;
203}
204
205static int
206des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
207 const unsigned char *in, size_t inl)
208{
209 size_t chunk = LONG_MAX & ~0xff;
210
211 while (inl >= chunk) {
212 DES_cfb_encrypt(in, out, 8, (long)chunk,
213 ctx->cipher_data, (DES_cblock *)ctx->iv, ctx->encrypt);
214 inl -= chunk;
215 in += chunk;
216 out += chunk;
217 }
218 if (inl)
219 DES_cfb_encrypt(in, out, 8, (long)inl, ctx->cipher_data,
220 (DES_cblock *)ctx->iv, ctx->encrypt);
221 return 1;
222}
223
224static const EVP_CIPHER des_cbc = {
225 .nid = NID_des_cbc,
226 .block_size = 8,
227 .key_len = 8,
228 .iv_len = 8,
229 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CBC_MODE,
230 .init = des_init_key,
231 .do_cipher = des_cbc_cipher,
232 .cleanup = NULL,
233 .ctx_size = sizeof(DES_key_schedule),
234 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
235 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
236 .ctrl = des_ctrl,
237};
238
239const EVP_CIPHER *
240EVP_des_cbc(void)
241{
242 return &des_cbc;
243}
244LCRYPTO_ALIAS(EVP_des_cbc);
245
246static const EVP_CIPHER des_cfb64 = {
247 .nid = NID_des_cfb64,
248 .block_size = 1,
249 .key_len = 8,
250 .iv_len = 8,
251 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE,
252 .init = des_init_key,
253 .do_cipher = des_cfb64_cipher,
254 .cleanup = NULL,
255 .ctx_size = sizeof(DES_key_schedule),
256 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
257 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
258 .ctrl = des_ctrl,
259};
260
261const EVP_CIPHER *
262EVP_des_cfb64(void)
263{
264 return &des_cfb64;
265}
266LCRYPTO_ALIAS(EVP_des_cfb64);
267
268static const EVP_CIPHER des_ofb = {
269 .nid = NID_des_ofb64,
270 .block_size = 1,
271 .key_len = 8,
272 .iv_len = 8,
273 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_OFB_MODE,
274 .init = des_init_key,
275 .do_cipher = des_ofb_cipher,
276 .cleanup = NULL,
277 .ctx_size = sizeof(DES_key_schedule),
278 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
279 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
280 .ctrl = des_ctrl,
281};
282
283const EVP_CIPHER *
284EVP_des_ofb(void)
285{
286 return &des_ofb;
287}
288LCRYPTO_ALIAS(EVP_des_ofb);
289
290static const EVP_CIPHER des_ecb = {
291 .nid = NID_des_ecb,
292 .block_size = 8,
293 .key_len = 8,
294 .iv_len = 0,
295 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ECB_MODE,
296 .init = des_init_key,
297 .do_cipher = des_ecb_cipher,
298 .cleanup = NULL,
299 .ctx_size = sizeof(DES_key_schedule),
300 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
301 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
302 .ctrl = des_ctrl,
303};
304
305const EVP_CIPHER *
306EVP_des_ecb(void)
307{
308 return &des_ecb;
309}
310LCRYPTO_ALIAS(EVP_des_ecb);
311
312static const EVP_CIPHER des_cfb1 = {
313 .nid = NID_des_cfb1,
314 .block_size = 1,
315 .key_len = 8,
316 .iv_len = 8,
317 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE,
318 .init = des_init_key,
319 .do_cipher = des_cfb1_cipher,
320 .cleanup = NULL,
321 .ctx_size = sizeof(DES_key_schedule),
322 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
323 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
324 .ctrl = des_ctrl,
325};
326
327const EVP_CIPHER *
328EVP_des_cfb1(void)
329{
330 return &des_cfb1;
331}
332LCRYPTO_ALIAS(EVP_des_cfb1);
333
334static const EVP_CIPHER des_cfb8 = {
335 .nid = NID_des_cfb8,
336 .block_size = 1,
337 .key_len = 8,
338 .iv_len = 8,
339 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE,
340 .init = des_init_key,
341 .do_cipher = des_cfb8_cipher,
342 .cleanup = NULL,
343 .ctx_size = sizeof(DES_key_schedule),
344 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
345 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
346 .ctrl = des_ctrl,
347};
348
349const EVP_CIPHER *
350EVP_des_cfb8(void)
351{
352 return &des_cfb8;
353}
354LCRYPTO_ALIAS(EVP_des_cfb8);
355#endif
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
deleted file mode 100644
index 48fbcdb366..0000000000
--- a/src/lib/libcrypto/evp/e_des3.c
+++ /dev/null
@@ -1,497 +0,0 @@
1/* $OpenBSD: e_des3.c,v 1.30 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <limits.h>
60#include <stdio.h>
61#include <string.h>
62
63#include <openssl/opensslconf.h>
64
65#ifndef OPENSSL_NO_DES
66
67#include <openssl/des.h>
68#include <openssl/evp.h>
69#include <openssl/objects.h>
70
71#include "evp_local.h"
72
73typedef struct {
74 DES_key_schedule ks1;/* key schedule */
75 DES_key_schedule ks2;/* key schedule (for ede) */
76 DES_key_schedule ks3;/* key schedule (for ede3) */
77} DES_EDE_KEY;
78
79#define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data)
80
81static int
82des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
83 const unsigned char *iv, int enc)
84{
85 DES_cblock *deskey = (DES_cblock *)key;
86
87 DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1);
88 DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2);
89 memcpy(&data(ctx)->ks3, &data(ctx)->ks1,
90 sizeof(data(ctx)->ks1));
91 return 1;
92}
93
94static int
95des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
96 const unsigned char *iv, int enc)
97{
98 DES_cblock *deskey = (DES_cblock *)key;
99
100
101 DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1);
102 DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2);
103 DES_set_key_unchecked(&deskey[2], &data(ctx)->ks3);
104 return 1;
105}
106
107static int
108des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
109{
110 DES_cblock *deskey = ptr;
111
112 switch (type) {
113 case EVP_CTRL_RAND_KEY:
114 if (DES_random_key(deskey) == 0)
115 return 0;
116 if (c->key_len >= 16 && DES_random_key(deskey + 1) == 0)
117 return 0;
118 if (c->key_len >= 24 && DES_random_key(deskey + 2) == 0)
119 return 0;
120 return 1;
121
122 default:
123 return -1;
124 }
125}
126
127static int
128des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
129 const unsigned char *in, size_t inl)
130{
131 size_t i, bl;
132
133 bl = ctx->cipher->block_size;
134
135 if (inl < bl)
136 return 1;
137
138 inl -= bl;
139
140 for (i = 0; i <= inl; i += bl)
141 DES_ecb3_encrypt((const_DES_cblock *)(in + i), (DES_cblock *)(out + i),
142 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ctx->encrypt);
143
144 return 1;
145}
146
147static int
148des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
149 const unsigned char *in, size_t inl)
150{
151 size_t chunk = LONG_MAX & ~0xff;
152
153 while (inl >= chunk) {
154 DES_ede3_ofb64_encrypt(in, out, (long)chunk,
155 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
156 (DES_cblock *)ctx->iv, &ctx->num);
157 inl -= chunk;
158 in += chunk;
159 out += chunk;
160 }
161 if (inl)
162 DES_ede3_ofb64_encrypt(in, out, (long)inl,
163 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
164 (DES_cblock *)ctx->iv, &ctx->num);
165
166 return 1;
167}
168
169static int
170des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
171 const unsigned char *in, size_t inl)
172{
173 size_t chunk = LONG_MAX & ~0xff;
174
175 while (inl >= chunk) {
176 DES_ede3_cbc_encrypt(in, out, (long)chunk,
177 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
178 (DES_cblock *)ctx->iv, ctx->encrypt);
179 inl -= chunk;
180 in += chunk;
181 out += chunk;
182 }
183 if (inl)
184 DES_ede3_cbc_encrypt(in, out, (long)inl,
185 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
186 (DES_cblock *)ctx->iv, ctx->encrypt);
187 return 1;
188}
189
190static int
191des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
192 const unsigned char *in, size_t inl)
193{
194 size_t chunk = LONG_MAX & ~0xff;
195
196 while (inl >= chunk) {
197 DES_ede3_cfb64_encrypt(in, out, (long)chunk,
198 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
199 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
200 inl -= chunk;
201 in += chunk;
202 out += chunk;
203 }
204 if (inl)
205 DES_ede3_cfb64_encrypt(in, out, (long)inl,
206 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
207 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
208 return 1;
209}
210
211/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right
212 way, so wrap it here */
213static int
214des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
215 const unsigned char *in, size_t inl)
216{
217 unsigned char c[1], d[1];
218 size_t n;
219
220 if (!(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS))
221 inl *= 8;
222
223 for (n = 0; n < inl; ++n) {
224 c[0] = (in[n/8]&(1 << (7 - n % 8))) ? 0x80 : 0;
225 DES_ede3_cfb_encrypt(c, d, 1, 1,
226 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
227 (DES_cblock *)ctx->iv, ctx->encrypt);
228 out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) |
229 ((d[0] & 0x80) >> (unsigned int)(n % 8));
230 }
231
232 return 1;
233}
234
235static int
236des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
237 const unsigned char *in, size_t inl)
238{
239 size_t chunk = LONG_MAX & ~0xff;
240
241 while (inl >= chunk) {
242 DES_ede3_cfb_encrypt(in, out, 8, (long)chunk,
243 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
244 (DES_cblock *)ctx->iv, ctx->encrypt);
245 inl -= chunk;
246 in += chunk;
247 out += chunk;
248 }
249 if (inl)
250 DES_ede3_cfb_encrypt(in, out, 8, (long)inl,
251 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
252 (DES_cblock *)ctx->iv, ctx->encrypt);
253 return 1;
254}
255
256static const EVP_CIPHER des_ede_cbc = {
257 .nid = NID_des_ede_cbc,
258 .block_size = 8,
259 .key_len = 16,
260 .iv_len = 8,
261 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CBC_MODE,
262 .init = des_ede_init_key,
263 .do_cipher = des_ede_cbc_cipher,
264 .cleanup = NULL,
265 .ctx_size = sizeof(DES_EDE_KEY),
266 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
267 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
268 .ctrl = des3_ctrl,
269};
270
271const EVP_CIPHER *
272EVP_des_ede_cbc(void)
273{
274 return &des_ede_cbc;
275}
276LCRYPTO_ALIAS(EVP_des_ede_cbc);
277
278static const EVP_CIPHER des_ede_cfb64 = {
279 .nid = NID_des_ede_cfb64,
280 .block_size = 1,
281 .key_len = 16,
282 .iv_len = 8,
283 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE,
284 .init = des_ede_init_key,
285 .do_cipher = des_ede_cfb64_cipher,
286 .cleanup = NULL,
287 .ctx_size = sizeof(DES_EDE_KEY),
288 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
289 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
290 .ctrl = des3_ctrl,
291};
292
293const EVP_CIPHER *
294EVP_des_ede_cfb64(void)
295{
296 return &des_ede_cfb64;
297}
298LCRYPTO_ALIAS(EVP_des_ede_cfb64);
299
300static const EVP_CIPHER des_ede_ofb = {
301 .nid = NID_des_ede_ofb64,
302 .block_size = 1,
303 .key_len = 16,
304 .iv_len = 8,
305 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_OFB_MODE,
306 .init = des_ede_init_key,
307 .do_cipher = des_ede_ofb_cipher,
308 .cleanup = NULL,
309 .ctx_size = sizeof(DES_EDE_KEY),
310 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
311 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
312 .ctrl = des3_ctrl,
313};
314
315const EVP_CIPHER *
316EVP_des_ede_ofb(void)
317{
318 return &des_ede_ofb;
319}
320LCRYPTO_ALIAS(EVP_des_ede_ofb);
321
322static const EVP_CIPHER des_ede_ecb = {
323 .nid = NID_des_ede_ecb,
324 .block_size = 8,
325 .key_len = 16,
326 .iv_len = 0,
327 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ECB_MODE,
328 .init = des_ede_init_key,
329 .do_cipher = des_ede_ecb_cipher,
330 .cleanup = NULL,
331 .ctx_size = sizeof(DES_EDE_KEY),
332 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
333 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
334 .ctrl = des3_ctrl,
335};
336
337const EVP_CIPHER *
338EVP_des_ede_ecb(void)
339{
340 return &des_ede_ecb;
341}
342LCRYPTO_ALIAS(EVP_des_ede_ecb);
343
344
345#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
346#define des_ede3_ofb_cipher des_ede_ofb_cipher
347#define des_ede3_cbc_cipher des_ede_cbc_cipher
348#define des_ede3_ecb_cipher des_ede_ecb_cipher
349
350static const EVP_CIPHER des_ede3_cbc = {
351 .nid = NID_des_ede3_cbc,
352 .block_size = 8,
353 .key_len = 24,
354 .iv_len = 8,
355 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CBC_MODE,
356 .init = des_ede3_init_key,
357 .do_cipher = des_ede3_cbc_cipher,
358 .cleanup = NULL,
359 .ctx_size = sizeof(DES_EDE_KEY),
360 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
361 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
362 .ctrl = des3_ctrl,
363};
364
365const EVP_CIPHER *
366EVP_des_ede3_cbc(void)
367{
368 return &des_ede3_cbc;
369}
370LCRYPTO_ALIAS(EVP_des_ede3_cbc);
371
372static const EVP_CIPHER des_ede3_cfb64 = {
373 .nid = NID_des_ede3_cfb64,
374 .block_size = 1,
375 .key_len = 24,
376 .iv_len = 8,
377 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE,
378 .init = des_ede3_init_key,
379 .do_cipher = des_ede3_cfb64_cipher,
380 .cleanup = NULL,
381 .ctx_size = sizeof(DES_EDE_KEY),
382 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
383 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
384 .ctrl = des3_ctrl,
385};
386
387const EVP_CIPHER *
388EVP_des_ede3_cfb64(void)
389{
390 return &des_ede3_cfb64;
391}
392LCRYPTO_ALIAS(EVP_des_ede3_cfb64);
393
394static const EVP_CIPHER des_ede3_ofb = {
395 .nid = NID_des_ede3_ofb64,
396 .block_size = 1,
397 .key_len = 24,
398 .iv_len = 8,
399 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_OFB_MODE,
400 .init = des_ede3_init_key,
401 .do_cipher = des_ede3_ofb_cipher,
402 .cleanup = NULL,
403 .ctx_size = sizeof(DES_EDE_KEY),
404 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
405 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
406 .ctrl = des3_ctrl,
407};
408
409const EVP_CIPHER *
410EVP_des_ede3_ofb(void)
411{
412 return &des_ede3_ofb;
413}
414LCRYPTO_ALIAS(EVP_des_ede3_ofb);
415
416static const EVP_CIPHER des_ede3_ecb = {
417 .nid = NID_des_ede3_ecb,
418 .block_size = 8,
419 .key_len = 24,
420 .iv_len = 0,
421 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ECB_MODE,
422 .init = des_ede3_init_key,
423 .do_cipher = des_ede3_ecb_cipher,
424 .cleanup = NULL,
425 .ctx_size = sizeof(DES_EDE_KEY),
426 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
427 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
428 .ctrl = des3_ctrl,
429};
430
431const EVP_CIPHER *
432EVP_des_ede3_ecb(void)
433{
434 return &des_ede3_ecb;
435}
436LCRYPTO_ALIAS(EVP_des_ede3_ecb);
437
438
439static const EVP_CIPHER des_ede3_cfb1 = {
440 .nid = NID_des_ede3_cfb1,
441 .block_size = 1,
442 .key_len = 24,
443 .iv_len = 8,
444 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE,
445 .init = des_ede3_init_key,
446 .do_cipher = des_ede3_cfb1_cipher,
447 .cleanup = NULL,
448 .ctx_size = sizeof(DES_EDE_KEY),
449 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
450 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
451 .ctrl = des3_ctrl,
452};
453
454const EVP_CIPHER *
455EVP_des_ede3_cfb1(void)
456{
457 return &des_ede3_cfb1;
458}
459LCRYPTO_ALIAS(EVP_des_ede3_cfb1);
460
461
462static const EVP_CIPHER des_ede3_cfb8 = {
463 .nid = NID_des_ede3_cfb8,
464 .block_size = 1,
465 .key_len = 24,
466 .iv_len = 8,
467 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE,
468 .init = des_ede3_init_key,
469 .do_cipher = des_ede3_cfb8_cipher,
470 .cleanup = NULL,
471 .ctx_size = sizeof(DES_EDE_KEY),
472 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
473 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
474 .ctrl = des3_ctrl,
475};
476
477const EVP_CIPHER *
478EVP_des_ede3_cfb8(void)
479{
480 return &des_ede3_cfb8;
481}
482LCRYPTO_ALIAS(EVP_des_ede3_cfb8);
483
484const EVP_CIPHER *
485EVP_des_ede(void)
486{
487 return &des_ede_ecb;
488}
489LCRYPTO_ALIAS(EVP_des_ede);
490
491const EVP_CIPHER *
492EVP_des_ede3(void)
493{
494 return &des_ede3_ecb;
495}
496LCRYPTO_ALIAS(EVP_des_ede3);
497#endif
diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c
deleted file mode 100644
index 86cf77602a..0000000000
--- a/src/lib/libcrypto/evp/e_idea.c
+++ /dev/null
@@ -1,266 +0,0 @@
1/* $OpenBSD: e_idea.c,v 1.22 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <limits.h>
60#include <stdio.h>
61#include <string.h>
62
63#include <openssl/opensslconf.h>
64
65#ifndef OPENSSL_NO_IDEA
66
67#include <openssl/evp.h>
68#include <openssl/idea.h>
69#include <openssl/objects.h>
70
71#include "evp_local.h"
72
73/* NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a special
74 * case
75 */
76
77static int
78idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
79 const unsigned char *iv, int enc)
80{
81 if (!enc) {
82 if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE)
83 enc = 1;
84 else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE)
85 enc = 1;
86 }
87 if (enc)
88 idea_set_encrypt_key(key, ctx->cipher_data);
89 else {
90 IDEA_KEY_SCHEDULE tmp;
91
92 idea_set_encrypt_key(key, &tmp);
93 idea_set_decrypt_key(&tmp, ctx->cipher_data);
94 explicit_bzero((unsigned char *)&tmp,
95 sizeof(IDEA_KEY_SCHEDULE));
96 }
97 return 1;
98}
99
100static int
101idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
102 const unsigned char *in, size_t inl)
103{
104 size_t i, bl;
105
106 bl = ctx->cipher->block_size;
107
108 if (inl < bl)
109 return 1;
110
111 inl -= bl;
112
113 for (i = 0; i <= inl; i += bl)
114 idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
115
116 return 1;
117}
118
119typedef struct {
120 IDEA_KEY_SCHEDULE ks;
121} EVP_IDEA_KEY;
122
123static int
124idea_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
125{
126 size_t chunk = LONG_MAX & ~0xff;
127
128 while (inl >= chunk) {
129 idea_cbc_encrypt(in, out, (long)chunk, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
130 inl -= chunk;
131 in += chunk;
132 out += chunk;
133 }
134
135 if (inl)
136 idea_cbc_encrypt(in, out, (long)inl, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
137
138 return 1;
139}
140
141static int
142idea_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
143{
144 size_t chunk = LONG_MAX & ~0xff;
145
146 while (inl >= chunk) {
147 idea_ofb64_encrypt(in, out, (long)chunk, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
148 inl -= chunk;
149 in += chunk;
150 out += chunk;
151 }
152
153 if (inl)
154 idea_ofb64_encrypt(in, out, (long)inl, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
155
156 return 1;
157}
158
159static int
160idea_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
161{
162 size_t chunk = LONG_MAX & ~0xff;
163
164 if (inl < chunk)
165 chunk = inl;
166
167 while (inl && inl >= chunk) {
168 idea_cfb64_encrypt(in, out, (long)chunk, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
169 inl -= chunk;
170 in += chunk;
171 out += chunk;
172 if (inl < chunk)
173 chunk = inl;
174 }
175
176 return 1;
177}
178
179static const EVP_CIPHER idea_cbc = {
180 .nid = NID_idea_cbc,
181 .block_size = 8,
182 .key_len = 16,
183 .iv_len = 8,
184 .flags = 0 | EVP_CIPH_CBC_MODE,
185 .init = idea_init_key,
186 .do_cipher = idea_cbc_cipher,
187 .cleanup = NULL,
188 .ctx_size = sizeof(IDEA_KEY_SCHEDULE),
189 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
190 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
191 .ctrl = NULL,
192};
193
194const EVP_CIPHER *
195EVP_idea_cbc(void)
196{
197 return &idea_cbc;
198}
199LCRYPTO_ALIAS(EVP_idea_cbc);
200
201static const EVP_CIPHER idea_cfb64 = {
202 .nid = NID_idea_cfb64,
203 .block_size = 1,
204 .key_len = 16,
205 .iv_len = 8,
206 .flags = 0 | EVP_CIPH_CFB_MODE,
207 .init = idea_init_key,
208 .do_cipher = idea_cfb64_cipher,
209 .cleanup = NULL,
210 .ctx_size = sizeof(IDEA_KEY_SCHEDULE),
211 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
212 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
213 .ctrl = NULL,
214};
215
216const EVP_CIPHER *
217EVP_idea_cfb64(void)
218{
219 return &idea_cfb64;
220}
221LCRYPTO_ALIAS(EVP_idea_cfb64);
222
223static const EVP_CIPHER idea_ofb = {
224 .nid = NID_idea_ofb64,
225 .block_size = 1,
226 .key_len = 16,
227 .iv_len = 8,
228 .flags = 0 | EVP_CIPH_OFB_MODE,
229 .init = idea_init_key,
230 .do_cipher = idea_ofb_cipher,
231 .cleanup = NULL,
232 .ctx_size = sizeof(IDEA_KEY_SCHEDULE),
233 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
234 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
235 .ctrl = NULL,
236};
237
238const EVP_CIPHER *
239EVP_idea_ofb(void)
240{
241 return &idea_ofb;
242}
243LCRYPTO_ALIAS(EVP_idea_ofb);
244
245static const EVP_CIPHER idea_ecb = {
246 .nid = NID_idea_ecb,
247 .block_size = 8,
248 .key_len = 16,
249 .iv_len = 0,
250 .flags = 0 | EVP_CIPH_ECB_MODE,
251 .init = idea_init_key,
252 .do_cipher = idea_ecb_cipher,
253 .cleanup = NULL,
254 .ctx_size = sizeof(IDEA_KEY_SCHEDULE),
255 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
256 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
257 .ctrl = NULL,
258};
259
260const EVP_CIPHER *
261EVP_idea_ecb(void)
262{
263 return &idea_ecb;
264}
265LCRYPTO_ALIAS(EVP_idea_ecb);
266#endif
diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c
deleted file mode 100644
index bcb8a1e560..0000000000
--- a/src/lib/libcrypto/evp/e_null.c
+++ /dev/null
@@ -1,109 +0,0 @@
1/* $OpenBSD: e_null.c,v 1.21 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61
62#include <openssl/evp.h>
63#include <openssl/objects.h>
64
65#include "evp_local.h"
66
67static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
68 const unsigned char *iv, int enc);
69static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
70 const unsigned char *in, size_t inl);
71
72static const EVP_CIPHER n_cipher = {
73 .nid = NID_undef,
74 .block_size = 1,
75 .key_len = 0,
76 .iv_len = 0,
77 .flags = 0,
78 .init = null_init_key,
79 .do_cipher = null_cipher,
80 .cleanup = NULL,
81 .ctx_size = 0,
82 .set_asn1_parameters = NULL,
83 .get_asn1_parameters = NULL,
84 .ctrl = NULL,
85};
86
87const EVP_CIPHER *
88EVP_enc_null(void)
89{
90 return (&n_cipher);
91}
92LCRYPTO_ALIAS(EVP_enc_null);
93
94static int
95null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
96 const unsigned char *iv, int enc)
97{
98 /* memset(&(ctx->c),0,sizeof(ctx->c));*/
99 return 1;
100}
101
102static int
103null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
104 const unsigned char *in, size_t inl)
105{
106 if (in != out)
107 memcpy((char *)out, (const char *)in, inl);
108 return 1;
109}
diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c
deleted file mode 100644
index dc404cff20..0000000000
--- a/src/lib/libcrypto/evp/e_rc2.c
+++ /dev/null
@@ -1,411 +0,0 @@
1/* $OpenBSD: e_rc2.c,v 1.29 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <limits.h>
60#include <stdio.h>
61
62#include <openssl/opensslconf.h>
63
64#ifndef OPENSSL_NO_RC2
65
66#include <openssl/err.h>
67#include <openssl/evp.h>
68#include <openssl/objects.h>
69#include <openssl/rc2.h>
70
71#include "evp_local.h"
72
73static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
74 const unsigned char *iv, int enc);
75static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx);
76static int rc2_magic_to_meth(int i);
77static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
78static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
79static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
80
81typedef struct {
82 int key_bits; /* effective key bits */
83 RC2_KEY ks; /* key schedule */
84} EVP_RC2_KEY;
85
86#define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data)
87
88static int
89rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
90{
91 size_t chunk = LONG_MAX & ~0xff;
92
93 while (inl >= chunk) {
94 RC2_cbc_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
95 inl -= chunk;
96 in += chunk;
97 out += chunk;
98 }
99
100 if (inl)
101 RC2_cbc_encrypt(in, out, (long)inl, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
102
103 return 1;
104}
105
106static int
107rc2_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
108{
109 size_t chunk = LONG_MAX & ~0xff;
110
111 if (inl < chunk)
112 chunk = inl;
113
114 while (inl && inl >= chunk) {
115 RC2_cfb64_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
116 inl -= chunk;
117 in += chunk;
118 out += chunk;
119 if (inl < chunk)
120 chunk = inl;
121 }
122
123 return 1;
124}
125
126static int
127rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
128{
129 size_t i, bl;
130
131 bl = ctx->cipher->block_size;
132
133 if (inl < bl)
134 return 1;
135
136 inl -= bl;
137
138 for (i = 0; i <= inl; i += bl)
139 RC2_ecb_encrypt(in + i, out + i, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->encrypt);
140
141 return 1;
142}
143
144static int
145rc2_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
146{
147 size_t chunk = LONG_MAX & ~0xff;
148
149 while (inl >= chunk) {
150 RC2_ofb64_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
151 inl -= chunk;
152 in += chunk;
153 out += chunk;
154 }
155
156 if (inl)
157 RC2_ofb64_encrypt(in, out, (long)inl, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
158
159 return 1;
160}
161
162static const EVP_CIPHER rc2_cbc = {
163 .nid = NID_rc2_cbc,
164 .block_size = 8,
165 .key_len = RC2_KEY_LENGTH,
166 .iv_len = 8,
167 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT | EVP_CIPH_CBC_MODE,
168 .init = rc2_init_key,
169 .do_cipher = rc2_cbc_cipher,
170 .cleanup = NULL,
171 .ctx_size = sizeof(EVP_RC2_KEY),
172 .set_asn1_parameters = rc2_set_asn1_type_and_iv,
173 .get_asn1_parameters = rc2_get_asn1_type_and_iv,
174 .ctrl = rc2_ctrl,
175};
176
177const EVP_CIPHER *
178EVP_rc2_cbc(void)
179{
180 return &rc2_cbc;
181}
182LCRYPTO_ALIAS(EVP_rc2_cbc);
183
184static const EVP_CIPHER rc2_cfb64 = {
185 .nid = NID_rc2_cfb64,
186 .block_size = 1,
187 .key_len = RC2_KEY_LENGTH,
188 .iv_len = 8,
189 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT | EVP_CIPH_CFB_MODE,
190 .init = rc2_init_key,
191 .do_cipher = rc2_cfb64_cipher,
192 .cleanup = NULL,
193 .ctx_size = sizeof(EVP_RC2_KEY),
194 .set_asn1_parameters = rc2_set_asn1_type_and_iv,
195 .get_asn1_parameters = rc2_get_asn1_type_and_iv,
196 .ctrl = rc2_ctrl,
197};
198
199const EVP_CIPHER *
200EVP_rc2_cfb64(void)
201{
202 return &rc2_cfb64;
203}
204LCRYPTO_ALIAS(EVP_rc2_cfb64);
205
206static const EVP_CIPHER rc2_ofb = {
207 .nid = NID_rc2_ofb64,
208 .block_size = 1,
209 .key_len = RC2_KEY_LENGTH,
210 .iv_len = 8,
211 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT | EVP_CIPH_OFB_MODE,
212 .init = rc2_init_key,
213 .do_cipher = rc2_ofb_cipher,
214 .cleanup = NULL,
215 .ctx_size = sizeof(EVP_RC2_KEY),
216 .set_asn1_parameters = rc2_set_asn1_type_and_iv,
217 .get_asn1_parameters = rc2_get_asn1_type_and_iv,
218 .ctrl = rc2_ctrl,
219};
220
221const EVP_CIPHER *
222EVP_rc2_ofb(void)
223{
224 return &rc2_ofb;
225}
226LCRYPTO_ALIAS(EVP_rc2_ofb);
227
228static const EVP_CIPHER rc2_ecb = {
229 .nid = NID_rc2_ecb,
230 .block_size = 8,
231 .key_len = RC2_KEY_LENGTH,
232 .iv_len = 0,
233 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT | EVP_CIPH_ECB_MODE,
234 .init = rc2_init_key,
235 .do_cipher = rc2_ecb_cipher,
236 .cleanup = NULL,
237 .ctx_size = sizeof(EVP_RC2_KEY),
238 .set_asn1_parameters = rc2_set_asn1_type_and_iv,
239 .get_asn1_parameters = rc2_get_asn1_type_and_iv,
240 .ctrl = rc2_ctrl,
241};
242
243const EVP_CIPHER *
244EVP_rc2_ecb(void)
245{
246 return &rc2_ecb;
247}
248LCRYPTO_ALIAS(EVP_rc2_ecb);
249
250#define RC2_40_MAGIC 0xa0
251#define RC2_64_MAGIC 0x78
252#define RC2_128_MAGIC 0x3a
253
254static const EVP_CIPHER r2_64_cbc_cipher = {
255 .nid = NID_rc2_64_cbc,
256 .block_size = 8,
257 .key_len = 8,
258 .iv_len = 8,
259 .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
260 .init = rc2_init_key,
261 .do_cipher = rc2_cbc_cipher,
262 .cleanup = NULL,
263 .ctx_size = sizeof(EVP_RC2_KEY),
264 .set_asn1_parameters = rc2_set_asn1_type_and_iv,
265 .get_asn1_parameters = rc2_get_asn1_type_and_iv,
266 .ctrl = rc2_ctrl,
267};
268
269static const EVP_CIPHER r2_40_cbc_cipher = {
270 .nid = NID_rc2_40_cbc,
271 .block_size = 8,
272 .key_len = 5,
273 .iv_len = 8,
274 .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
275 .init = rc2_init_key,
276 .do_cipher = rc2_cbc_cipher,
277 .cleanup = NULL,
278 .ctx_size = sizeof(EVP_RC2_KEY),
279 .set_asn1_parameters = rc2_set_asn1_type_and_iv,
280 .get_asn1_parameters = rc2_get_asn1_type_and_iv,
281 .ctrl = rc2_ctrl,
282};
283
284const EVP_CIPHER *
285EVP_rc2_64_cbc(void)
286{
287 return (&r2_64_cbc_cipher);
288}
289LCRYPTO_ALIAS(EVP_rc2_64_cbc);
290
291const EVP_CIPHER *
292EVP_rc2_40_cbc(void)
293{
294 return (&r2_40_cbc_cipher);
295}
296LCRYPTO_ALIAS(EVP_rc2_40_cbc);
297
298static int
299rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
300 const unsigned char *iv, int enc)
301{
302 RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
303 key, data(ctx)->key_bits);
304 return 1;
305}
306
307static int
308rc2_meth_to_magic(EVP_CIPHER_CTX *e)
309{
310 int i;
311
312 if (EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i) <= 0)
313 return (0);
314 if (i == 128)
315 return (RC2_128_MAGIC);
316 else if (i == 64)
317 return (RC2_64_MAGIC);
318 else if (i == 40)
319 return (RC2_40_MAGIC);
320 else
321 return (0);
322}
323
324static int
325rc2_magic_to_meth(int i)
326{
327 if (i == RC2_128_MAGIC)
328 return 128;
329 else if (i == RC2_64_MAGIC)
330 return 64;
331 else if (i == RC2_40_MAGIC)
332 return 40;
333 else {
334 EVPerror(EVP_R_UNSUPPORTED_KEY_SIZE);
335 return (0);
336 }
337}
338
339static int
340rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
341{
342 long num = 0;
343 int i = 0;
344 int key_bits;
345 int l;
346 unsigned char iv[EVP_MAX_IV_LENGTH];
347
348 if (type != NULL) {
349 l = EVP_CIPHER_CTX_iv_length(c);
350 if (l < 0 || l > sizeof(iv)) {
351 EVPerror(EVP_R_IV_TOO_LARGE);
352 return -1;
353 }
354 i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
355 if (i != l)
356 return (-1);
357 key_bits = rc2_magic_to_meth((int)num);
358 if (!key_bits)
359 return (-1);
360 if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1))
361 return -1;
362 if (EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS,
363 key_bits, NULL) <= 0)
364 return -1;
365 if (!EVP_CIPHER_CTX_set_key_length(c, key_bits / 8))
366 return -1;
367 }
368 return (i);
369}
370
371static int
372rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
373{
374 long num;
375 int i = 0, j;
376
377 if (type != NULL) {
378 num = rc2_meth_to_magic(c);
379 j = EVP_CIPHER_CTX_iv_length(c);
380 if (j < 0 || j > sizeof(c->oiv))
381 return 0;
382 i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j);
383 }
384 return (i);
385}
386
387static int
388rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
389{
390 switch (type) {
391 case EVP_CTRL_INIT:
392 data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
393 return 1;
394
395 case EVP_CTRL_GET_RC2_KEY_BITS:
396 *(int *)ptr = data(c)->key_bits;
397 return 1;
398
399 case EVP_CTRL_SET_RC2_KEY_BITS:
400 if (arg > 0) {
401 data(c)->key_bits = arg;
402 return 1;
403 }
404 return 0;
405
406 default:
407 return -1;
408 }
409}
410
411#endif
diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c
deleted file mode 100644
index df07483416..0000000000
--- a/src/lib/libcrypto/evp/e_rc4.c
+++ /dev/null
@@ -1,144 +0,0 @@
1/* $OpenBSD: e_rc4.c,v 1.20 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/opensslconf.h>
62
63#ifndef OPENSSL_NO_RC4
64
65#include <openssl/evp.h>
66#include <openssl/objects.h>
67#include <openssl/rc4.h>
68
69#include "evp_local.h"
70
71/* FIXME: surely this is available elsewhere? */
72#define EVP_RC4_KEY_SIZE 16
73
74typedef struct {
75 RC4_KEY ks; /* working key */
76} EVP_RC4_KEY;
77
78#define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data)
79
80static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
81 const unsigned char *iv, int enc);
82static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
83 const unsigned char *in, size_t inl);
84
85static const EVP_CIPHER r4_cipher = {
86 .nid = NID_rc4,
87 .block_size = 1,
88 .key_len = EVP_RC4_KEY_SIZE,
89 .iv_len = 0,
90 .flags = EVP_CIPH_VARIABLE_LENGTH,
91 .init = rc4_init_key,
92 .do_cipher = rc4_cipher,
93 .cleanup = NULL,
94 .ctx_size = sizeof(EVP_RC4_KEY),
95 .set_asn1_parameters = NULL,
96 .get_asn1_parameters = NULL,
97 .ctrl = NULL,
98};
99
100static const EVP_CIPHER r4_40_cipher = {
101 .nid = NID_rc4_40,
102 .block_size = 1,
103 .key_len = 5,
104 .iv_len = 0,
105 .flags = EVP_CIPH_VARIABLE_LENGTH,
106 .init = rc4_init_key,
107 .do_cipher = rc4_cipher,
108 .cleanup = NULL,
109 .ctx_size = sizeof(EVP_RC4_KEY),
110 .set_asn1_parameters = NULL,
111 .get_asn1_parameters = NULL,
112 .ctrl = NULL,
113};
114
115const EVP_CIPHER *
116EVP_rc4(void)
117{
118 return (&r4_cipher);
119}
120LCRYPTO_ALIAS(EVP_rc4);
121
122const EVP_CIPHER *
123EVP_rc4_40(void)
124{
125 return (&r4_40_cipher);
126}
127LCRYPTO_ALIAS(EVP_rc4_40);
128
129static int
130rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
131 const unsigned char *iv, int enc)
132{
133 RC4_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
134 return 1;
135}
136
137static int
138rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
139 const unsigned char *in, size_t inl)
140{
141 RC4(&data(ctx)->ks, inl, in, out);
142 return 1;
143}
144#endif
diff --git a/src/lib/libcrypto/evp/e_sm4.c b/src/lib/libcrypto/evp/e_sm4.c
deleted file mode 100644
index cde2f6c64b..0000000000
--- a/src/lib/libcrypto/evp/e_sm4.c
+++ /dev/null
@@ -1,267 +0,0 @@
1/* $OpenBSD: e_sm4.c,v 1.13 2024/04/09 13:52:41 beck Exp $ */
2/*
3 * Copyright (c) 2017, 2019 Ribose Inc
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/opensslconf.h>
19
20#ifndef OPENSSL_NO_SM4
21#include <openssl/evp.h>
22#include <openssl/modes.h>
23#include <openssl/sm4.h>
24
25#include "evp_local.h"
26
27typedef struct {
28 SM4_KEY ks;
29} EVP_SM4_KEY;
30
31static int
32sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
33 const unsigned char *iv, int enc)
34{
35 SM4_set_key(key, ctx->cipher_data);
36 return 1;
37}
38
39static void
40sm4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len,
41 const SM4_KEY *key, unsigned char *ivec, const int enc)
42{
43 if (enc)
44 CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
45 (block128_f)SM4_encrypt);
46 else
47 CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
48 (block128_f)SM4_decrypt);
49}
50
51static void
52sm4_cfb128_encrypt(const unsigned char *in, unsigned char *out, size_t length,
53 const SM4_KEY *key, unsigned char *ivec, int *num, const int enc)
54{
55 CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
56 (block128_f)SM4_encrypt);
57}
58
59static void
60sm4_ecb_encrypt(const unsigned char *in, unsigned char *out, const SM4_KEY *key,
61 const int enc)
62{
63 if (enc)
64 SM4_encrypt(in, out, key);
65 else
66 SM4_decrypt(in, out, key);
67}
68
69static void
70sm4_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t length,
71 const SM4_KEY *key, unsigned char *ivec, int *num)
72{
73 CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
74 (block128_f)SM4_encrypt);
75}
76
77static int
78sm4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
79{
80 while (inl >= EVP_MAXCHUNK) {
81 sm4_cbc_encrypt(in, out, EVP_MAXCHUNK, &((EVP_SM4_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
82 inl -= EVP_MAXCHUNK;
83 in += EVP_MAXCHUNK;
84 out += EVP_MAXCHUNK;
85 }
86
87 if (inl)
88 sm4_cbc_encrypt(in, out, inl, &((EVP_SM4_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
89
90 return 1;
91}
92
93static int
94sm4_cfb128_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
95{
96 size_t chunk = EVP_MAXCHUNK;
97
98 if (inl < chunk)
99 chunk = inl;
100
101 while (inl && inl >= chunk) {
102 sm4_cfb128_encrypt(in, out, chunk, &((EVP_SM4_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
103 inl -= chunk;
104 in += chunk;
105 out += chunk;
106 if (inl < chunk)
107 chunk = inl;
108 }
109
110 return 1;
111}
112
113static int
114sm4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
115{
116 size_t i, bl;
117
118 bl = ctx->cipher->block_size;
119
120 if (inl < bl)
121 return 1;
122
123 inl -= bl;
124
125 for (i = 0; i <= inl; i += bl)
126 sm4_ecb_encrypt(in + i, out + i, &((EVP_SM4_KEY *)ctx->cipher_data)->ks, ctx->encrypt);
127
128 return 1;
129}
130
131static int
132sm4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
133{
134 while (inl >= EVP_MAXCHUNK) {
135 sm4_ofb128_encrypt(in, out, EVP_MAXCHUNK, &((EVP_SM4_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
136 inl -= EVP_MAXCHUNK;
137 in += EVP_MAXCHUNK;
138 out += EVP_MAXCHUNK;
139 }
140
141 if (inl)
142 sm4_ofb128_encrypt(in, out, inl, &((EVP_SM4_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
143
144 return 1;
145}
146
147static const EVP_CIPHER sm4_cbc = {
148 .nid = NID_sm4_cbc,
149 .block_size = 16,
150 .key_len = 16,
151 .iv_len = 16,
152 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
153 .init = sm4_init_key,
154 .do_cipher = sm4_cbc_cipher,
155 .cleanup = NULL,
156 .ctx_size = sizeof(EVP_SM4_KEY),
157 .set_asn1_parameters = NULL,
158 .get_asn1_parameters = NULL,
159 .ctrl = NULL,
160};
161
162const EVP_CIPHER *
163EVP_sm4_cbc(void)
164{
165 return &sm4_cbc;
166}
167LCRYPTO_ALIAS(EVP_sm4_cbc);
168
169static const EVP_CIPHER sm4_cfb128 = {
170 .nid = NID_sm4_cfb128,
171 .block_size = 1,
172 .key_len = 16,
173 .iv_len = 16,
174 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
175 .init = sm4_init_key,
176 .do_cipher = sm4_cfb128_cipher,
177 .cleanup = NULL,
178 .ctx_size = sizeof(EVP_SM4_KEY),
179 .set_asn1_parameters = NULL,
180 .get_asn1_parameters = NULL,
181 .ctrl = NULL,
182};
183
184const EVP_CIPHER *
185EVP_sm4_cfb128(void)
186{
187 return &sm4_cfb128;
188}
189LCRYPTO_ALIAS(EVP_sm4_cfb128);
190
191static const EVP_CIPHER sm4_ofb = {
192 .nid = NID_sm4_ofb128,
193 .block_size = 1,
194 .key_len = 16,
195 .iv_len = 16,
196 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
197 .init = sm4_init_key,
198 .do_cipher = sm4_ofb_cipher,
199 .cleanup = NULL,
200 .ctx_size = sizeof(EVP_SM4_KEY),
201 .set_asn1_parameters = NULL,
202 .get_asn1_parameters = NULL,
203 .ctrl = NULL,
204};
205
206const EVP_CIPHER *
207EVP_sm4_ofb(void)
208{
209 return &sm4_ofb;
210}
211LCRYPTO_ALIAS(EVP_sm4_ofb);
212
213static const EVP_CIPHER sm4_ecb = {
214 .nid = NID_sm4_ecb,
215 .block_size = 16,
216 .key_len = 16,
217 .iv_len = 0,
218 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
219 .init = sm4_init_key,
220 .do_cipher = sm4_ecb_cipher,
221 .cleanup = NULL,
222 .ctx_size = sizeof(EVP_SM4_KEY),
223 .set_asn1_parameters = NULL,
224 .get_asn1_parameters = NULL,
225 .ctrl = NULL,
226};
227
228const EVP_CIPHER *
229EVP_sm4_ecb(void)
230{
231 return &sm4_ecb;
232}
233LCRYPTO_ALIAS(EVP_sm4_ecb);
234
235static int
236sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
237 size_t len)
238{
239 EVP_SM4_KEY *key = ((EVP_SM4_KEY *)(ctx)->cipher_data);
240
241 CRYPTO_ctr128_encrypt(in, out, len, &key->ks, ctx->iv, ctx->buf,
242 &ctx->num, (block128_f)SM4_encrypt);
243 return 1;
244}
245
246static const EVP_CIPHER sm4_ctr_mode = {
247 .nid = NID_sm4_ctr,
248 .block_size = 1,
249 .key_len = 16,
250 .iv_len = 16,
251 .flags = EVP_CIPH_CTR_MODE,
252 .init = sm4_init_key,
253 .do_cipher = sm4_ctr_cipher,
254 .cleanup = NULL,
255 .ctx_size = sizeof(EVP_SM4_KEY),
256 .set_asn1_parameters = NULL,
257 .get_asn1_parameters = NULL,
258 .ctrl = NULL,
259};
260
261const EVP_CIPHER *
262EVP_sm4_ctr(void)
263{
264 return &sm4_ctr_mode;
265}
266LCRYPTO_ALIAS(EVP_sm4_ctr);
267#endif
diff --git a/src/lib/libcrypto/evp/e_xcbc_d.c b/src/lib/libcrypto/evp/e_xcbc_d.c
deleted file mode 100644
index 1e3bee0791..0000000000
--- a/src/lib/libcrypto/evp/e_xcbc_d.c
+++ /dev/null
@@ -1,139 +0,0 @@
1/* $OpenBSD: e_xcbc_d.c,v 1.18 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61
62#include <openssl/opensslconf.h>
63
64#ifndef OPENSSL_NO_DES
65
66#include <openssl/des.h>
67#include <openssl/evp.h>
68#include <openssl/objects.h>
69
70#include "evp_local.h"
71
72static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
73 const unsigned char *iv, int enc);
74static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
75 const unsigned char *in, size_t inl);
76
77
78typedef struct {
79 DES_key_schedule ks;/* key schedule */
80 DES_cblock inw;
81 DES_cblock outw;
82} DESX_CBC_KEY;
83
84#define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data)
85
86static const EVP_CIPHER d_xcbc_cipher = {
87 .nid = NID_desx_cbc,
88 .block_size = 8,
89 .key_len = 24,
90 .iv_len = 8,
91 .flags = EVP_CIPH_CBC_MODE,
92 .init = desx_cbc_init_key,
93 .do_cipher = desx_cbc_cipher,
94 .cleanup = NULL,
95 .ctx_size = sizeof(DESX_CBC_KEY),
96 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv,
97 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv,
98 .ctrl = NULL,
99};
100
101const EVP_CIPHER *
102EVP_desx_cbc(void)
103{
104 return (&d_xcbc_cipher);
105}
106LCRYPTO_ALIAS(EVP_desx_cbc);
107
108static int
109desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
110 const unsigned char *iv, int enc)
111{
112 DES_cblock *deskey = (DES_cblock *)key;
113
114 DES_set_key_unchecked(deskey, &data(ctx)->ks);
115 memcpy(&data(ctx)->inw[0], &key[8], 8);
116 memcpy(&data(ctx)->outw[0], &key[16], 8);
117
118 return 1;
119}
120
121static int
122desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
123 const unsigned char *in, size_t inl)
124{
125 while (inl >= EVP_MAXCHUNK) {
126 DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks,
127 (DES_cblock *)&(ctx->iv[0]), &data(ctx)->inw,
128 &data(ctx)->outw, ctx->encrypt);
129 inl -= EVP_MAXCHUNK;
130 in += EVP_MAXCHUNK;
131 out += EVP_MAXCHUNK;
132 }
133 if (inl)
134 DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks,
135 (DES_cblock *)&(ctx->iv[0]), &data(ctx)->inw,
136 &data(ctx)->outw, ctx->encrypt);
137 return 1;
138}
139#endif
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
deleted file mode 100644
index c2b81d0576..0000000000
--- a/src/lib/libcrypto/evp/evp.h
+++ /dev/null
@@ -1,1292 +0,0 @@
1/* $OpenBSD: evp.h,v 1.137 2024/08/31 10:38:49 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_ENVELOPE_H
60#define HEADER_ENVELOPE_H
61
62#include <openssl/opensslconf.h>
63
64#include <openssl/ossl_typ.h>
65
66#ifndef OPENSSL_NO_BIO
67#include <openssl/bio.h>
68#endif
69
70/*
71#define EVP_RC2_KEY_SIZE 16
72#define EVP_RC4_KEY_SIZE 16
73#define EVP_BLOWFISH_KEY_SIZE 16
74#define EVP_CAST5_KEY_SIZE 16
75#define EVP_RC5_32_12_16_KEY_SIZE 16
76*/
77#define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */
78#define EVP_MAX_KEY_LENGTH 64
79#define EVP_MAX_IV_LENGTH 16
80#define EVP_MAX_BLOCK_LENGTH 32
81
82#define PKCS5_SALT_LEN 8
83/* Default PKCS#5 iteration count */
84#define PKCS5_DEFAULT_ITER 2048
85
86#include <openssl/objects.h>
87
88#define EVP_PK_RSA 0x0001
89#define EVP_PK_DSA 0x0002
90#define EVP_PK_DH 0x0004
91#define EVP_PK_EC 0x0008
92#define EVP_PKT_SIGN 0x0010
93#define EVP_PKT_ENC 0x0020
94#define EVP_PKT_EXCH 0x0040
95#define EVP_PKS_RSA 0x0100
96#define EVP_PKS_DSA 0x0200
97#define EVP_PKS_EC 0x0400
98#define EVP_PKT_EXP 0x1000 /* <= 512 bit key */
99
100#define EVP_PKEY_NONE NID_undef
101#define EVP_PKEY_RSA NID_rsaEncryption
102#define EVP_PKEY_RSA_PSS NID_rsassaPss
103#define EVP_PKEY_RSA2 NID_rsa
104#define EVP_PKEY_DSA NID_dsa
105#define EVP_PKEY_DSA1 NID_dsa_2
106#define EVP_PKEY_DSA2 NID_dsaWithSHA
107#define EVP_PKEY_DSA3 NID_dsaWithSHA1
108#define EVP_PKEY_DSA4 NID_dsaWithSHA1_2
109#define EVP_PKEY_DH NID_dhKeyAgreement
110#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey
111#define EVP_PKEY_GOSTR01 NID_id_GostR3410_2001
112#define EVP_PKEY_GOSTIMIT NID_id_Gost28147_89_MAC
113#define EVP_PKEY_HMAC NID_hmac
114#define EVP_PKEY_CMAC NID_cmac
115#define EVP_PKEY_HKDF NID_hkdf
116#define EVP_PKEY_TLS1_PRF NID_tls1_prf
117#define EVP_PKEY_GOSTR12_256 NID_id_tc26_gost3410_2012_256
118#define EVP_PKEY_GOSTR12_512 NID_id_tc26_gost3410_2012_512
119#define EVP_PKEY_ED25519 NID_ED25519
120#define EVP_PKEY_X25519 NID_X25519
121
122#ifdef __cplusplus
123extern "C" {
124#endif
125
126#define EVP_PKEY_MO_SIGN 0x0001
127#define EVP_PKEY_MO_VERIFY 0x0002
128#define EVP_PKEY_MO_ENCRYPT 0x0004
129#define EVP_PKEY_MO_DECRYPT 0x0008
130
131#ifndef EVP_MD
132#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single
133 * block */
134
135/* DigestAlgorithmIdentifier flags... */
136
137#define EVP_MD_FLAG_DIGALGID_MASK 0x0018
138
139/* NULL or absent parameter accepted. Use NULL */
140
141#define EVP_MD_FLAG_DIGALGID_NULL 0x0000
142
143/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */
144
145#define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008
146
147/* Custom handling via ctrl */
148
149#define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018
150
151#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */
152
153/* Digest ctrls */
154
155#define EVP_MD_CTRL_DIGALGID 0x1
156#define EVP_MD_CTRL_MICALG 0x2
157#define EVP_MD_CTRL_SET_KEY 0x3
158#define EVP_MD_CTRL_GOST_SET_SBOX 0x4
159
160/* Minimum Algorithm specific ctrl value */
161
162#define EVP_MD_CTRL_ALG_CTRL 0x1000
163
164#endif /* !EVP_MD */
165
166/* values for EVP_MD_CTX flags */
167
168#define EVP_MD_CTX_FLAG_ONESHOT 0x0001 /* digest update will be called
169 * once only */
170#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been
171 * cleaned */
172#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
173 * in EVP_MD_CTX_cleanup */
174/* FIPS and pad options are ignored in 1.0.0, definitions are here
175 * so we don't accidentally reuse the values for other purposes.
176 */
177
178#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest
179 * in FIPS mode */
180
181/* The following PAD options are also currently ignored in 1.0.0, digest
182 * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*()
183 * instead.
184 */
185#define EVP_MD_CTX_FLAG_PAD_MASK 0xF0 /* RSA mode to use */
186#define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */
187#define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */
188
189#define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */
190
191/* Values for cipher flags */
192
193/* Modes for ciphers */
194
195#define EVP_CIPH_STREAM_CIPHER 0x0
196#define EVP_CIPH_ECB_MODE 0x1
197#define EVP_CIPH_CBC_MODE 0x2
198#define EVP_CIPH_CFB_MODE 0x3
199#define EVP_CIPH_OFB_MODE 0x4
200#define EVP_CIPH_CTR_MODE 0x5
201#define EVP_CIPH_GCM_MODE 0x6
202#define EVP_CIPH_CCM_MODE 0x7
203#define EVP_CIPH_XTS_MODE 0x10001
204#define EVP_CIPH_WRAP_MODE 0x10002
205#define EVP_CIPH_MODE 0xF0007
206/* Set if variable length cipher */
207#define EVP_CIPH_VARIABLE_LENGTH 0x8
208/* Set if the iv handling should be done by the cipher itself */
209#define EVP_CIPH_CUSTOM_IV 0x10
210/* Set if the cipher's init() function should be called if key is NULL */
211#define EVP_CIPH_ALWAYS_CALL_INIT 0x20
212/* Call ctrl() to init cipher parameters */
213#define EVP_CIPH_CTRL_INIT 0x40
214/* Don't use standard block padding */
215#define EVP_CIPH_NO_PADDING 0x100
216/* cipher handles random key generation */
217#define EVP_CIPH_RAND_KEY 0x200
218/* cipher has its own additional copying logic */
219#define EVP_CIPH_CUSTOM_COPY 0x400
220/* Allow use default ASN1 get/set iv */
221#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000
222/* Buffer length in bits not bytes: CFB1 mode only */
223#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
224/* Note if suitable for use in FIPS mode */
225#define EVP_CIPH_FLAG_FIPS 0x4000
226/* Allow non FIPS cipher in FIPS mode */
227#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000
228/* Cipher handles any and all padding logic as well
229 * as finalisation.
230 */
231#define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000
232#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
233
234/*
235 * Cipher context flag to indicate that we can handle wrap mode: if allowed in
236 * older applications, it could overflow buffers.
237 */
238#define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1
239
240/* ctrl() values */
241
242#define EVP_CTRL_INIT 0x0
243#define EVP_CTRL_GET_RC2_KEY_BITS 0x2
244#define EVP_CTRL_SET_RC2_KEY_BITS 0x3
245#define EVP_CTRL_GET_RC5_ROUNDS 0x4
246#define EVP_CTRL_SET_RC5_ROUNDS 0x5
247#define EVP_CTRL_RAND_KEY 0x6
248#define EVP_CTRL_PBE_PRF_NID 0x7
249#define EVP_CTRL_COPY 0x8
250#define EVP_CTRL_AEAD_SET_IVLEN 0x9
251#define EVP_CTRL_AEAD_GET_TAG 0x10
252#define EVP_CTRL_AEAD_SET_TAG 0x11
253#define EVP_CTRL_AEAD_SET_IV_FIXED 0x12
254#define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN
255#define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG
256#define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG
257#define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED
258#define EVP_CTRL_GCM_IV_GEN 0x13
259#define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN
260#define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG
261#define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG
262#define EVP_CTRL_CCM_SET_L 0x14
263#define EVP_CTRL_CCM_SET_MSGLEN 0x15
264/* AEAD cipher deduces payload length and returns number of bytes
265 * required to store MAC and eventual padding. Subsequent call to
266 * EVP_Cipher even appends/verifies MAC.
267 */
268#define EVP_CTRL_AEAD_TLS1_AAD 0x16
269/* Used by composite AEAD ciphers, no-op in GCM, CCM... */
270#define EVP_CTRL_AEAD_SET_MAC_KEY 0x17
271/* Set the GCM invocation field, decrypt only */
272#define EVP_CTRL_GCM_SET_IV_INV 0x18
273/* Set the S-BOX NID for GOST ciphers */
274#define EVP_CTRL_GOST_SET_SBOX 0x19
275
276/* GCM TLS constants */
277/* Length of fixed part of IV derived from PRF */
278#define EVP_GCM_TLS_FIXED_IV_LEN 4
279/* Length of explicit part of IV part of TLS records */
280#define EVP_GCM_TLS_EXPLICIT_IV_LEN 8
281/* Length of tag for TLS */
282#define EVP_GCM_TLS_TAG_LEN 16
283
284/* CCM TLS constants */
285/* Length of fixed part of IV derived from PRF */
286#define EVP_CCM_TLS_FIXED_IV_LEN 4
287/* Length of explicit part of IV part of TLS records */
288#define EVP_CCM_TLS_EXPLICIT_IV_LEN 8
289/* Total length of CCM IV length for TLS */
290#define EVP_CCM_TLS_IV_LEN 12
291/* Length of tag for TLS */
292#define EVP_CCM_TLS_TAG_LEN 16
293/* Length of CCM8 tag for TLS */
294#define EVP_CCM8_TLS_TAG_LEN 8
295
296/* Length of tag for TLS */
297#define EVP_CHACHAPOLY_TLS_TAG_LEN 16
298
299/* XXX - do we want to expose these? */
300#if defined(LIBRESSL_INTERNAL)
301#define ED25519_KEYLEN 32
302#define X25519_KEYLEN 32
303#endif
304
305typedef struct evp_cipher_info_st {
306 const EVP_CIPHER *cipher;
307 unsigned char iv[EVP_MAX_IV_LENGTH];
308} EVP_CIPHER_INFO;
309
310/* Password based encryption function */
311typedef int EVP_PBE_KEYGEN(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
312 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de);
313
314#ifndef OPENSSL_NO_RSA
315#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
316 (char *)(rsa))
317#endif
318
319#ifndef OPENSSL_NO_DSA
320#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
321 (char *)(dsa))
322#endif
323
324#ifndef OPENSSL_NO_DH
325#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
326 (char *)(dh))
327#endif
328
329#ifndef OPENSSL_NO_EC
330#define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\
331 (char *)(eckey))
332#endif
333
334/* Add some extra combinations */
335#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
336#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
337#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
338#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
339
340int EVP_MD_type(const EVP_MD *md);
341#define EVP_MD_nid(e) EVP_MD_type(e)
342#define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e))
343int EVP_MD_pkey_type(const EVP_MD *md);
344int EVP_MD_size(const EVP_MD *md);
345int EVP_MD_block_size(const EVP_MD *md);
346unsigned long EVP_MD_flags(const EVP_MD *md);
347
348const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
349void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
350EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
351void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx);
352#define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e))
353#define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e))
354#define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e))
355
356int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
357#define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
358int EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
359int EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
360int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
361unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher);
362#define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE)
363
364const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
365int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx);
366int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
367int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
368int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
369int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
370int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx,
371 unsigned char *iv, size_t len);
372int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,
373 const unsigned char *iv, size_t len);
374int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
375void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
376void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
377void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx);
378void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data);
379unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx);
380#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
381unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
382#define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)
383
384EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
385EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher);
386void EVP_CIPHER_meth_free(EVP_CIPHER *cipher);
387
388int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len);
389int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags);
390int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size);
391int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
392 int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
393 const unsigned char *iv, int enc));
394int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
395 int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
396 const unsigned char *in, size_t inl));
397int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
398 int (*cleanup)(EVP_CIPHER_CTX *));
399int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
400 int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *));
401int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
402 int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *));
403int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
404 int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr));
405
406EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *engine,
407 const unsigned char *private_key, size_t len);
408EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *engine,
409 const unsigned char *public_key, size_t len);
410int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey,
411 unsigned char *out_private_key, size_t *out_len);
412int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey,
413 unsigned char *out_public_key, size_t *out_len);
414
415#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80)
416#define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80)
417
418#define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c)
419#define EVP_SignInit(a,b) EVP_DigestInit(a,b)
420#define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
421#define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c)
422#define EVP_VerifyInit(a,b) EVP_DigestInit(a,b)
423#define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
424#define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e)
425#define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e)
426#define EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
427#define EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
428
429#define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md)
430#define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp)
431#define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp)
432#define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp)
433#define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
434#define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)
435
436int EVP_Cipher(EVP_CIPHER_CTX *c, unsigned char *out, const unsigned char *in,
437 unsigned int inl);
438
439EVP_MD_CTX *EVP_MD_CTX_new(void);
440void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
441int EVP_MD_CTX_init(EVP_MD_CTX *ctx);
442int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
443EVP_MD_CTX *EVP_MD_CTX_create(void);
444void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
445int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
446int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
447void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
448void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
449int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr);
450int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
451
452int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
453int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
454int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
455int EVP_Digest(const void *data, size_t count, unsigned char *md,
456 unsigned int *size, const EVP_MD *type, ENGINE *impl);
457
458int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
459int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
460int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
461
462int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify);
463int EVP_read_pw_string_min(char *buf, int minlen, int maxlen,
464 const char *prompt, int verify);
465void EVP_set_pw_prompt(const char *prompt);
466char *EVP_get_pw_prompt(void);
467
468int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
469 const unsigned char *salt, const unsigned char *data, int datal, int count,
470 unsigned char *key, unsigned char *iv);
471
472void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
473void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
474int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
475
476int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
477 const unsigned char *key, const unsigned char *iv);
478int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
479 ENGINE *impl, const unsigned char *key, const unsigned char *iv);
480int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
481 const unsigned char *in, int inl);
482int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
483int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
484
485int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
486 const unsigned char *key, const unsigned char *iv);
487int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
488 ENGINE *impl, const unsigned char *key, const unsigned char *iv);
489int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
490 const unsigned char *in, int inl);
491int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
492int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
493
494int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
495 const unsigned char *key, const unsigned char *iv, int enc);
496int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
497 ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc);
498int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
499 const unsigned char *in, int inl);
500int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
501int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
502
503int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
504 EVP_PKEY *pkey);
505
506int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
507 unsigned int siglen, EVP_PKEY *pkey);
508
509int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
510 const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
511int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen);
512
513int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
514 const unsigned char *tbs, size_t tbslen);
515
516int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
517 const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
518int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
519 size_t siglen);
520
521int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
522 size_t siglen, const unsigned char *tbs, size_t tbslen);
523
524int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
525 const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv);
526int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
527
528int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
529 unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk,
530 int npubk);
531int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
532
533EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
534void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
535void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
536int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
537 const unsigned char *in, int inl);
538void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
539int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
540
541void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
542int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
543 const unsigned char *in, int inl);
544int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
545int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
546
547int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
548int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
549EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
550void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a);
551int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *a);
552int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
553int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
554int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
555int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
556
557#ifndef OPENSSL_NO_BIO
558const BIO_METHOD *BIO_f_md(void);
559const BIO_METHOD *BIO_f_base64(void);
560const BIO_METHOD *BIO_f_cipher(void);
561int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
562 const unsigned char *i, int enc);
563#endif
564
565const EVP_MD *EVP_md_null(void);
566#ifndef OPENSSL_NO_MD4
567const EVP_MD *EVP_md4(void);
568#endif
569#ifndef OPENSSL_NO_MD5
570const EVP_MD *EVP_md5(void);
571const EVP_MD *EVP_md5_sha1(void);
572#endif
573#ifndef OPENSSL_NO_SHA
574const EVP_MD *EVP_sha1(void);
575#endif
576#ifndef OPENSSL_NO_SHA256
577const EVP_MD *EVP_sha224(void);
578const EVP_MD *EVP_sha256(void);
579#endif
580#ifndef OPENSSL_NO_SHA512
581const EVP_MD *EVP_sha384(void);
582const EVP_MD *EVP_sha512(void);
583const EVP_MD *EVP_sha512_224(void);
584const EVP_MD *EVP_sha512_256(void);
585#endif
586#ifndef OPENSSL_NO_SHA3
587const EVP_MD *EVP_sha3_224(void);
588const EVP_MD *EVP_sha3_256(void);
589const EVP_MD *EVP_sha3_384(void);
590const EVP_MD *EVP_sha3_512(void);
591#endif
592#ifndef OPENSSL_NO_SM3
593const EVP_MD *EVP_sm3(void);
594#endif
595#ifndef OPENSSL_NO_RIPEMD
596const EVP_MD *EVP_ripemd160(void);
597#endif
598const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
599#ifndef OPENSSL_NO_DES
600const EVP_CIPHER *EVP_des_ecb(void);
601const EVP_CIPHER *EVP_des_ede(void);
602const EVP_CIPHER *EVP_des_ede3(void);
603const EVP_CIPHER *EVP_des_ede_ecb(void);
604const EVP_CIPHER *EVP_des_ede3_ecb(void);
605const EVP_CIPHER *EVP_des_cfb64(void);
606# define EVP_des_cfb EVP_des_cfb64
607const EVP_CIPHER *EVP_des_cfb1(void);
608const EVP_CIPHER *EVP_des_cfb8(void);
609const EVP_CIPHER *EVP_des_ede_cfb64(void);
610# define EVP_des_ede_cfb EVP_des_ede_cfb64
611const EVP_CIPHER *EVP_des_ede3_cfb64(void);
612# define EVP_des_ede3_cfb EVP_des_ede3_cfb64
613const EVP_CIPHER *EVP_des_ede3_cfb1(void);
614const EVP_CIPHER *EVP_des_ede3_cfb8(void);
615const EVP_CIPHER *EVP_des_ofb(void);
616const EVP_CIPHER *EVP_des_ede_ofb(void);
617const EVP_CIPHER *EVP_des_ede3_ofb(void);
618const EVP_CIPHER *EVP_des_cbc(void);
619const EVP_CIPHER *EVP_des_ede_cbc(void);
620const EVP_CIPHER *EVP_des_ede3_cbc(void);
621const EVP_CIPHER *EVP_desx_cbc(void);
622#endif
623#ifndef OPENSSL_NO_RC4
624const EVP_CIPHER *EVP_rc4(void);
625const EVP_CIPHER *EVP_rc4_40(void);
626#endif
627#ifndef OPENSSL_NO_IDEA
628const EVP_CIPHER *EVP_idea_ecb(void);
629const EVP_CIPHER *EVP_idea_cfb64(void);
630# define EVP_idea_cfb EVP_idea_cfb64
631const EVP_CIPHER *EVP_idea_ofb(void);
632const EVP_CIPHER *EVP_idea_cbc(void);
633#endif
634#ifndef OPENSSL_NO_RC2
635const EVP_CIPHER *EVP_rc2_ecb(void);
636const EVP_CIPHER *EVP_rc2_cbc(void);
637const EVP_CIPHER *EVP_rc2_40_cbc(void);
638const EVP_CIPHER *EVP_rc2_64_cbc(void);
639const EVP_CIPHER *EVP_rc2_cfb64(void);
640# define EVP_rc2_cfb EVP_rc2_cfb64
641const EVP_CIPHER *EVP_rc2_ofb(void);
642#endif
643#ifndef OPENSSL_NO_BF
644const EVP_CIPHER *EVP_bf_ecb(void);
645const EVP_CIPHER *EVP_bf_cbc(void);
646const EVP_CIPHER *EVP_bf_cfb64(void);
647# define EVP_bf_cfb EVP_bf_cfb64
648const EVP_CIPHER *EVP_bf_ofb(void);
649#endif
650#ifndef OPENSSL_NO_CAST
651const EVP_CIPHER *EVP_cast5_ecb(void);
652const EVP_CIPHER *EVP_cast5_cbc(void);
653const EVP_CIPHER *EVP_cast5_cfb64(void);
654# define EVP_cast5_cfb EVP_cast5_cfb64
655const EVP_CIPHER *EVP_cast5_ofb(void);
656#endif
657#ifndef OPENSSL_NO_AES
658const EVP_CIPHER *EVP_aes_128_ecb(void);
659const EVP_CIPHER *EVP_aes_128_cbc(void);
660const EVP_CIPHER *EVP_aes_128_cfb1(void);
661const EVP_CIPHER *EVP_aes_128_cfb8(void);
662const EVP_CIPHER *EVP_aes_128_cfb128(void);
663# define EVP_aes_128_cfb EVP_aes_128_cfb128
664const EVP_CIPHER *EVP_aes_128_ofb(void);
665const EVP_CIPHER *EVP_aes_128_ctr(void);
666const EVP_CIPHER *EVP_aes_128_ccm(void);
667const EVP_CIPHER *EVP_aes_128_gcm(void);
668const EVP_CIPHER *EVP_aes_128_wrap(void);
669const EVP_CIPHER *EVP_aes_128_xts(void);
670const EVP_CIPHER *EVP_aes_192_ecb(void);
671const EVP_CIPHER *EVP_aes_192_cbc(void);
672const EVP_CIPHER *EVP_aes_192_cfb1(void);
673const EVP_CIPHER *EVP_aes_192_cfb8(void);
674const EVP_CIPHER *EVP_aes_192_cfb128(void);
675# define EVP_aes_192_cfb EVP_aes_192_cfb128
676const EVP_CIPHER *EVP_aes_192_ofb(void);
677const EVP_CIPHER *EVP_aes_192_ctr(void);
678const EVP_CIPHER *EVP_aes_192_ccm(void);
679const EVP_CIPHER *EVP_aes_192_gcm(void);
680const EVP_CIPHER *EVP_aes_192_wrap(void);
681const EVP_CIPHER *EVP_aes_256_ecb(void);
682const EVP_CIPHER *EVP_aes_256_cbc(void);
683const EVP_CIPHER *EVP_aes_256_cfb1(void);
684const EVP_CIPHER *EVP_aes_256_cfb8(void);
685const EVP_CIPHER *EVP_aes_256_cfb128(void);
686# define EVP_aes_256_cfb EVP_aes_256_cfb128
687const EVP_CIPHER *EVP_aes_256_ofb(void);
688const EVP_CIPHER *EVP_aes_256_ctr(void);
689const EVP_CIPHER *EVP_aes_256_ccm(void);
690const EVP_CIPHER *EVP_aes_256_gcm(void);
691const EVP_CIPHER *EVP_aes_256_wrap(void);
692const EVP_CIPHER *EVP_aes_256_xts(void);
693#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
694const EVP_CIPHER *EVP_chacha20_poly1305(void);
695#endif
696#endif
697#ifndef OPENSSL_NO_CAMELLIA
698const EVP_CIPHER *EVP_camellia_128_ecb(void);
699const EVP_CIPHER *EVP_camellia_128_cbc(void);
700const EVP_CIPHER *EVP_camellia_128_cfb1(void);
701const EVP_CIPHER *EVP_camellia_128_cfb8(void);
702const EVP_CIPHER *EVP_camellia_128_cfb128(void);
703# define EVP_camellia_128_cfb EVP_camellia_128_cfb128
704const EVP_CIPHER *EVP_camellia_128_ofb(void);
705const EVP_CIPHER *EVP_camellia_192_ecb(void);
706const EVP_CIPHER *EVP_camellia_192_cbc(void);
707const EVP_CIPHER *EVP_camellia_192_cfb1(void);
708const EVP_CIPHER *EVP_camellia_192_cfb8(void);
709const EVP_CIPHER *EVP_camellia_192_cfb128(void);
710# define EVP_camellia_192_cfb EVP_camellia_192_cfb128
711const EVP_CIPHER *EVP_camellia_192_ofb(void);
712const EVP_CIPHER *EVP_camellia_256_ecb(void);
713const EVP_CIPHER *EVP_camellia_256_cbc(void);
714const EVP_CIPHER *EVP_camellia_256_cfb1(void);
715const EVP_CIPHER *EVP_camellia_256_cfb8(void);
716const EVP_CIPHER *EVP_camellia_256_cfb128(void);
717# define EVP_camellia_256_cfb EVP_camellia_256_cfb128
718const EVP_CIPHER *EVP_camellia_256_ofb(void);
719#endif
720
721#ifndef OPENSSL_NO_CHACHA
722const EVP_CIPHER *EVP_chacha20(void);
723#endif
724
725#ifndef OPENSSL_NO_SM4
726const EVP_CIPHER *EVP_sm4_ecb(void);
727const EVP_CIPHER *EVP_sm4_cbc(void);
728const EVP_CIPHER *EVP_sm4_cfb128(void);
729#define EVP_sm4_cfb EVP_sm4_cfb128
730const EVP_CIPHER *EVP_sm4_ofb(void);
731const EVP_CIPHER *EVP_sm4_ctr(void);
732#endif
733
734void OPENSSL_add_all_algorithms_noconf(void);
735void OPENSSL_add_all_algorithms_conf(void);
736
737#ifdef OPENSSL_LOAD_CONF
738#define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_conf()
739#else
740#define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_noconf()
741#endif
742
743void OpenSSL_add_all_ciphers(void);
744void OpenSSL_add_all_digests(void);
745
746#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms()
747#define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers()
748#define SSLeay_add_all_digests() OpenSSL_add_all_digests()
749
750const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
751const EVP_MD *EVP_get_digestbyname(const char *name);
752void EVP_cleanup(void);
753
754void EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph, const char *from,
755 const char *to, void *x), void *arg);
756void EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph,
757 const char *from, const char *to, void *x), void *arg);
758
759void EVP_MD_do_all(void (*fn)(const EVP_MD *ciph, const char *from,
760 const char *to, void *x), void *arg);
761void EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *ciph, const char *from,
762 const char *to, void *x), void *arg);
763
764int EVP_PKEY_decrypt_old(unsigned char *dec_key, const unsigned char *enc_key,
765 int enc_key_len, EVP_PKEY *private_key);
766int EVP_PKEY_encrypt_old(unsigned char *enc_key, const unsigned char *key,
767 int key_len, EVP_PKEY *pub_key);
768int EVP_PKEY_type(int type);
769int EVP_PKEY_id(const EVP_PKEY *pkey);
770int EVP_PKEY_base_id(const EVP_PKEY *pkey);
771int EVP_PKEY_bits(const EVP_PKEY *pkey);
772int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
773int EVP_PKEY_size(const EVP_PKEY *pkey);
774int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
775int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
776int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
777void *EVP_PKEY_get0(const EVP_PKEY *pkey);
778const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
779
780#ifndef OPENSSL_NO_RSA
781struct rsa_st;
782struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
783struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
784int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
785#endif
786#ifndef OPENSSL_NO_DSA
787struct dsa_st;
788struct dsa_st *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
789struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
790int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key);
791#endif
792#ifndef OPENSSL_NO_DH
793struct dh_st;
794struct dh_st *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
795struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
796int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key);
797#endif
798#ifndef OPENSSL_NO_EC
799struct ec_key_st;
800struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey);
801struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
802int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
803#endif
804
805EVP_PKEY *EVP_PKEY_new(void);
806void EVP_PKEY_free(EVP_PKEY *pkey);
807int EVP_PKEY_up_ref(EVP_PKEY *pkey);
808
809EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
810 long length);
811int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
812
813EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
814 long length);
815EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
816 long length);
817int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
818
819int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
820int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
821int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode);
822int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
823
824int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
825
826int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int indent,
827 ASN1_PCTX *pctx);
828int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, int indent,
829 ASN1_PCTX *pctx);
830int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, int indent,
831 ASN1_PCTX *pctx);
832
833int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
834
835int EVP_CIPHER_type(const EVP_CIPHER *ctx);
836
837/* PKCS5 password based encryption */
838int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
839 const unsigned char *salt, int saltlen, int iter, int keylen,
840 unsigned char *out);
841int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt,
842 int saltlen, int iter, const EVP_MD *digest, int keylen,
843 unsigned char *out);
844
845#define ASN1_PKEY_ALIAS 0x1
846#define ASN1_PKEY_DYNAMIC 0x2
847#define ASN1_PKEY_SIGPARAM_NULL 0x4
848
849#define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1
850#define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2
851#define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3
852#define ASN1_PKEY_CTRL_CMS_SIGN 0x5
853#define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7
854#define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8
855
856int EVP_PKEY_asn1_get_count(void);
857const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
858const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type);
859const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
860 const char *str, int len);
861int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, int *ppkey_flags,
862 const char **pinfo, const char **ppem_str,
863 const EVP_PKEY_ASN1_METHOD *ameth);
864
865const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey);
866
867#define EVP_PKEY_OP_UNDEFINED 0
868#define EVP_PKEY_OP_PARAMGEN (1<<1)
869#define EVP_PKEY_OP_KEYGEN (1<<2)
870#define EVP_PKEY_OP_SIGN (1<<3)
871#define EVP_PKEY_OP_VERIFY (1<<4)
872#define EVP_PKEY_OP_VERIFYRECOVER (1<<5)
873#define EVP_PKEY_OP_SIGNCTX (1<<6)
874#define EVP_PKEY_OP_VERIFYCTX (1<<7)
875#define EVP_PKEY_OP_ENCRYPT (1<<8)
876#define EVP_PKEY_OP_DECRYPT (1<<9)
877#define EVP_PKEY_OP_DERIVE (1<<10)
878
879#define EVP_PKEY_OP_TYPE_SIG \
880 (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \
881 | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX)
882
883#define EVP_PKEY_OP_TYPE_CRYPT \
884 (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)
885
886#define EVP_PKEY_OP_TYPE_NOGEN \
887 (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE)
888
889#define EVP_PKEY_OP_TYPE_GEN \
890 (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
891
892#define EVP_PKEY_CTX_set_signature_md(ctx, md) \
893 EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \
894 EVP_PKEY_CTRL_MD, 0, (void *)md)
895
896#define EVP_PKEY_CTX_get_signature_md(ctx, pmd) \
897 EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \
898 EVP_PKEY_CTRL_GET_MD, 0, (void *)(pmd))
899
900#define EVP_PKEY_CTRL_MD 1
901#define EVP_PKEY_CTRL_PEER_KEY 2
902
903#define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3
904#define EVP_PKEY_CTRL_PKCS7_DECRYPT 4
905
906#define EVP_PKEY_CTRL_PKCS7_SIGN 5
907
908#define EVP_PKEY_CTRL_SET_MAC_KEY 6
909
910#define EVP_PKEY_CTRL_DIGESTINIT 7
911
912/* Used by GOST key encryption in TLS */
913#define EVP_PKEY_CTRL_SET_IV 8
914
915#define EVP_PKEY_CTRL_CMS_ENCRYPT 9
916#define EVP_PKEY_CTRL_CMS_DECRYPT 10
917#define EVP_PKEY_CTRL_CMS_SIGN 11
918
919#define EVP_PKEY_CTRL_CIPHER 12
920
921#define EVP_PKEY_CTRL_GET_MD 13
922
923#define EVP_PKEY_ALG_CTRL 0x1000
924
925
926#define EVP_PKEY_FLAG_AUTOARGLEN 2
927/* Method handles all operations: don't assume any digest related
928 * defaults.
929 */
930#define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4
931
932EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
933EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
934EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);
935void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
936
937int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd,
938 int p1, void *p2);
939int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
940 const char *value);
941
942int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx);
943void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
944
945EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key,
946 int keylen);
947EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
948 size_t len, const EVP_CIPHER *cipher);
949
950void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
951void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
952EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx);
953
954EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx);
955
956void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
957void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
958
959int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
960int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
961 const unsigned char *tbs, size_t tbslen);
962int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
963int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
964 const unsigned char *tbs, size_t tbslen);
965int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
966int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, unsigned char *rout,
967 size_t *routlen, const unsigned char *sig, size_t siglen);
968int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
969int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
970 const unsigned char *in, size_t inlen);
971int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
972int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
973 const unsigned char *in, size_t inlen);
974
975int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
976int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
977int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
978
979typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
980
981int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
982int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
983int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
984int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
985
986void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
987EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
988
989int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
990
991/* Authenticated Encryption with Additional Data.
992 *
993 * AEAD couples confidentiality and integrity in a single primtive. AEAD
994 * algorithms take a key and then can seal and open individual messages. Each
995 * message has a unique, per-message nonce and, optionally, additional data
996 * which is authenticated but not included in the output. */
997
998typedef struct evp_aead_st EVP_AEAD;
999
1000#ifndef OPENSSL_NO_AES
1001/* EVP_aes_128_gcm is AES-128 in Galois Counter Mode. */
1002const EVP_AEAD *EVP_aead_aes_128_gcm(void);
1003/* EVP_aes_256_gcm is AES-256 in Galois Counter Mode. */
1004const EVP_AEAD *EVP_aead_aes_256_gcm(void);
1005#endif
1006
1007#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1008/* EVP_aead_chacha20_poly1305 is ChaCha20 with a Poly1305 authenticator. */
1009const EVP_AEAD *EVP_aead_chacha20_poly1305(void);
1010/* EVP_aead_xchacha20_poly1305 is XChaCha20 with a Poly1305 authenticator. */
1011const EVP_AEAD *EVP_aead_xchacha20_poly1305(void);
1012#endif
1013
1014/* EVP_AEAD_key_length returns the length of the keys used. */
1015size_t EVP_AEAD_key_length(const EVP_AEAD *aead);
1016
1017/* EVP_AEAD_nonce_length returns the length of the per-message nonce. */
1018size_t EVP_AEAD_nonce_length(const EVP_AEAD *aead);
1019
1020/* EVP_AEAD_max_overhead returns the maximum number of additional bytes added
1021 * by the act of sealing data with the AEAD. */
1022size_t EVP_AEAD_max_overhead(const EVP_AEAD *aead);
1023
1024/* EVP_AEAD_max_tag_len returns the maximum tag length when using this AEAD.
1025 * This * is the largest value that can be passed as a tag length to
1026 * EVP_AEAD_CTX_init. */
1027size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead);
1028
1029/* An EVP_AEAD_CTX represents an AEAD algorithm configured with a specific key
1030 * and message-independent IV. */
1031typedef struct evp_aead_ctx_st EVP_AEAD_CTX;
1032
1033/* EVP_AEAD_MAX_TAG_LENGTH is the maximum tag length used by any AEAD
1034 * defined in this header. */
1035#define EVP_AEAD_MAX_TAG_LENGTH 16
1036
1037/* EVP_AEAD_DEFAULT_TAG_LENGTH is a magic value that can be passed to
1038 * EVP_AEAD_CTX_init to indicate that the default tag length for an AEAD
1039 * should be used. */
1040#define EVP_AEAD_DEFAULT_TAG_LENGTH 0
1041
1042/* EVP_AEAD_CTX_new allocates a new context for use with EVP_AEAD_CTX_init.
1043 * It can be cleaned up for reuse with EVP_AEAD_CTX_cleanup and must be freed
1044 * with EVP_AEAD_CTX_free. */
1045EVP_AEAD_CTX *EVP_AEAD_CTX_new(void);
1046
1047/* EVP_AEAD_CTX_free releases all memory owned by the context. */
1048void EVP_AEAD_CTX_free(EVP_AEAD_CTX *ctx);
1049
1050/* EVP_AEAD_CTX_init initializes the context for the given AEAD algorithm.
1051 * The implementation argument may be NULL to choose the default implementation.
1052 * Authentication tags may be truncated by passing a tag length. A tag length
1053 * of zero indicates the default tag length should be used. */
1054int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
1055 const unsigned char *key, size_t key_len, size_t tag_len, ENGINE *impl);
1056
1057/* EVP_AEAD_CTX_cleanup frees any data allocated for this context. */
1058void EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx);
1059
1060/* EVP_AEAD_CTX_seal encrypts and authenticates the input and authenticates
1061 * any additional data (AD), the result being written as output. One is
1062 * returned on success, otherwise zero.
1063 *
1064 * This function may be called (with the same EVP_AEAD_CTX) concurrently with
1065 * itself or EVP_AEAD_CTX_open.
1066 *
1067 * At most max_out_len bytes are written as output and, in order to ensure
1068 * success, this value should be the length of the input plus the result of
1069 * EVP_AEAD_overhead. On successful return, out_len is set to the actual
1070 * number of bytes written.
1071 *
1072 * The length of the nonce is must be equal to the result of
1073 * EVP_AEAD_nonce_length for this AEAD.
1074 *
1075 * EVP_AEAD_CTX_seal never results in a partial output. If max_out_len is
1076 * insufficient, zero will be returned and out_len will be set to zero.
1077 *
1078 * If the input and output are aliased then out must be <= in. */
1079int EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, unsigned char *out,
1080 size_t *out_len, size_t max_out_len, const unsigned char *nonce,
1081 size_t nonce_len, const unsigned char *in, size_t in_len,
1082 const unsigned char *ad, size_t ad_len);
1083
1084/* EVP_AEAD_CTX_open authenticates the input and additional data, decrypting
1085 * the input and writing it as output. One is returned on success, otherwise
1086 * zero.
1087 *
1088 * This function may be called (with the same EVP_AEAD_CTX) concurrently with
1089 * itself or EVP_AEAD_CTX_seal.
1090 *
1091 * At most the number of input bytes are written as output. In order to ensure
1092 * success, max_out_len should be at least the same as the input length. On
1093 * successful return out_len is set to the actual number of bytes written.
1094 *
1095 * The length of nonce must be equal to the result of EVP_AEAD_nonce_length
1096 * for this AEAD.
1097 *
1098 * EVP_AEAD_CTX_open never results in a partial output. If max_out_len is
1099 * insufficient, zero will be returned and out_len will be set to zero.
1100 *
1101 * If the input and output are aliased then out must be <= in. */
1102int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, unsigned char *out,
1103 size_t *out_len, size_t max_out_len, const unsigned char *nonce,
1104 size_t nonce_len, const unsigned char *in, size_t in_len,
1105 const unsigned char *ad, size_t ad_len);
1106
1107void ERR_load_EVP_strings(void);
1108
1109/* Error codes for the EVP functions. */
1110
1111/* Function codes. */
1112#define EVP_F_AEAD_AES_GCM_INIT 187
1113#define EVP_F_AEAD_AES_GCM_OPEN 188
1114#define EVP_F_AEAD_AES_GCM_SEAL 189
1115#define EVP_F_AEAD_CHACHA20_POLY1305_INIT 192
1116#define EVP_F_AEAD_CHACHA20_POLY1305_OPEN 193
1117#define EVP_F_AEAD_CHACHA20_POLY1305_SEAL 194
1118#define EVP_F_AEAD_CTX_OPEN 185
1119#define EVP_F_AEAD_CTX_SEAL 186
1120#define EVP_F_AESNI_INIT_KEY 165
1121#define EVP_F_AESNI_XTS_CIPHER 176
1122#define EVP_F_AES_INIT_KEY 133
1123#define EVP_F_AES_XTS 172
1124#define EVP_F_AES_XTS_CIPHER 175
1125#define EVP_F_ALG_MODULE_INIT 177
1126#define EVP_F_CAMELLIA_INIT_KEY 159
1127#define EVP_F_CMAC_INIT 173
1128#define EVP_F_D2I_PKEY 100
1129#define EVP_F_DO_SIGVER_INIT 161
1130#define EVP_F_DSAPKEY2PKCS8 134
1131#define EVP_F_DSA_PKEY2PKCS8 135
1132#define EVP_F_ECDSA_PKEY2PKCS8 129
1133#define EVP_F_ECKEY_PKEY2PKCS8 132
1134#define EVP_F_EVP_AEAD_CTX_INIT 180
1135#define EVP_F_EVP_AEAD_CTX_OPEN 190
1136#define EVP_F_EVP_AEAD_CTX_SEAL 191
1137#define EVP_F_EVP_BYTESTOKEY 200
1138#define EVP_F_EVP_CIPHERINIT_EX 123
1139#define EVP_F_EVP_CIPHER_CTX_COPY 163
1140#define EVP_F_EVP_CIPHER_CTX_CTRL 124
1141#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
1142#define EVP_F_EVP_CIPHER_GET_ASN1_IV 201
1143#define EVP_F_EVP_CIPHER_SET_ASN1_IV 202
1144#define EVP_F_EVP_DECRYPTFINAL_EX 101
1145#define EVP_F_EVP_DECRYPTUPDATE 199
1146#define EVP_F_EVP_DIGESTFINAL_EX 196
1147#define EVP_F_EVP_DIGESTINIT_EX 128
1148#define EVP_F_EVP_ENCRYPTFINAL_EX 127
1149#define EVP_F_EVP_ENCRYPTUPDATE 198
1150#define EVP_F_EVP_MD_CTX_COPY_EX 110
1151#define EVP_F_EVP_MD_CTX_CTRL 195
1152#define EVP_F_EVP_MD_SIZE 162
1153#define EVP_F_EVP_OPENINIT 102
1154#define EVP_F_EVP_PBE_ALG_ADD 115
1155#define EVP_F_EVP_PBE_ALG_ADD_TYPE 160
1156#define EVP_F_EVP_PBE_CIPHERINIT 116
1157#define EVP_F_EVP_PKCS82PKEY 111
1158#define EVP_F_EVP_PKCS82PKEY_BROKEN 136
1159#define EVP_F_EVP_PKEY2PKCS8_BROKEN 113
1160#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103
1161#define EVP_F_EVP_PKEY_CTX_CTRL 137
1162#define EVP_F_EVP_PKEY_CTX_CTRL_STR 150
1163#define EVP_F_EVP_PKEY_CTX_DUP 156
1164#define EVP_F_EVP_PKEY_DECRYPT 104
1165#define EVP_F_EVP_PKEY_DECRYPT_INIT 138
1166#define EVP_F_EVP_PKEY_DECRYPT_OLD 151
1167#define EVP_F_EVP_PKEY_DERIVE 153
1168#define EVP_F_EVP_PKEY_DERIVE_INIT 154
1169#define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155
1170#define EVP_F_EVP_PKEY_ENCRYPT 105
1171#define EVP_F_EVP_PKEY_ENCRYPT_INIT 139
1172#define EVP_F_EVP_PKEY_ENCRYPT_OLD 152
1173#define EVP_F_EVP_PKEY_GET1_DH 119
1174#define EVP_F_EVP_PKEY_GET1_DSA 120
1175#define EVP_F_EVP_PKEY_GET1_ECDSA 130
1176#define EVP_F_EVP_PKEY_GET1_EC_KEY 131
1177#define EVP_F_EVP_PKEY_GET1_RSA 121
1178#define EVP_F_EVP_PKEY_KEYGEN 146
1179#define EVP_F_EVP_PKEY_KEYGEN_INIT 147
1180#define EVP_F_EVP_PKEY_NEW 106
1181#define EVP_F_EVP_PKEY_PARAMGEN 148
1182#define EVP_F_EVP_PKEY_PARAMGEN_INIT 149
1183#define EVP_F_EVP_PKEY_SIGN 140
1184#define EVP_F_EVP_PKEY_SIGN_INIT 141
1185#define EVP_F_EVP_PKEY_VERIFY 142
1186#define EVP_F_EVP_PKEY_VERIFY_INIT 143
1187#define EVP_F_EVP_PKEY_VERIFY_RECOVER 144
1188#define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145
1189#define EVP_F_EVP_RIJNDAEL 126
1190#define EVP_F_EVP_SIGNFINAL 107
1191#define EVP_F_EVP_VERIFYFINAL 108
1192#define EVP_F_FIPS_CIPHERINIT 166
1193#define EVP_F_FIPS_CIPHER_CTX_COPY 170
1194#define EVP_F_FIPS_CIPHER_CTX_CTRL 167
1195#define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH 171
1196#define EVP_F_FIPS_DIGESTINIT 168
1197#define EVP_F_FIPS_MD_CTX_COPY 169
1198#define EVP_F_HMAC_INIT_EX 174
1199#define EVP_F_INT_CTX_NEW 157
1200#define EVP_F_PKCS5_PBE_KEYIVGEN 117
1201#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118
1202#define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164
1203#define EVP_F_PKCS8_SET_BROKEN 112
1204#define EVP_F_PKEY_SET_TYPE 158
1205#define EVP_F_RC2_GET_ASN1_TYPE_AND_IV 197
1206#define EVP_F_RC2_MAGIC_TO_METH 109
1207#define EVP_F_RC5_CTRL 125
1208
1209/* Reason codes. */
1210#define EVP_R_AES_IV_SETUP_FAILED 162
1211#define EVP_R_AES_KEY_SETUP_FAILED 143
1212#define EVP_R_ASN1_LIB 140
1213#define EVP_R_BAD_BLOCK_LENGTH 136
1214#define EVP_R_BAD_DECRYPT 100
1215#define EVP_R_BAD_KEY_LENGTH 137
1216#define EVP_R_BN_DECODE_ERROR 112
1217#define EVP_R_BN_PUBKEY_ERROR 113
1218#define EVP_R_BUFFER_TOO_SMALL 155
1219#define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157
1220#define EVP_R_CIPHER_PARAMETER_ERROR 122
1221#define EVP_R_COMMAND_NOT_SUPPORTED 147
1222#define EVP_R_CTRL_NOT_IMPLEMENTED 132
1223#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133
1224#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
1225#define EVP_R_DECODE_ERROR 114
1226#define EVP_R_DIFFERENT_KEY_TYPES 101
1227#define EVP_R_DIFFERENT_PARAMETERS 153
1228#define EVP_R_DISABLED_FOR_FIPS 163
1229#define EVP_R_ENCODE_ERROR 115
1230#define EVP_R_ERROR_LOADING_SECTION 165
1231#define EVP_R_ERROR_SETTING_FIPS_MODE 166
1232#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
1233#define EVP_R_EXPECTING_AN_HMAC_KEY 174
1234#define EVP_R_EXPECTING_AN_RSA_KEY 127
1235#define EVP_R_EXPECTING_A_DH_KEY 128
1236#define EVP_R_EXPECTING_A_DSA_KEY 129
1237#define EVP_R_EXPECTING_A_ECDSA_KEY 141
1238#define EVP_R_EXPECTING_A_EC_KEY 142
1239#define EVP_R_FIPS_MODE_NOT_SUPPORTED 167
1240#define EVP_R_GET_RAW_KEY_FAILED 182
1241#define EVP_R_INITIALIZATION_ERROR 134
1242#define EVP_R_INPUT_NOT_INITIALIZED 111
1243#define EVP_R_INVALID_DIGEST 152
1244#define EVP_R_INVALID_FIPS_MODE 168
1245#define EVP_R_INVALID_IV_LENGTH 194
1246#define EVP_R_INVALID_KEY_LENGTH 130
1247#define EVP_R_INVALID_OPERATION 148
1248#define EVP_R_IV_TOO_LARGE 102
1249#define EVP_R_KEYGEN_FAILURE 120
1250#define EVP_R_KEY_SETUP_FAILED 180
1251#define EVP_R_MESSAGE_DIGEST_IS_NULL 159
1252#define EVP_R_METHOD_NOT_SUPPORTED 144
1253#define EVP_R_MISSING_PARAMETERS 103
1254#define EVP_R_NO_CIPHER_SET 131
1255#define EVP_R_NO_DEFAULT_DIGEST 158
1256#define EVP_R_NO_DIGEST_SET 139
1257#define EVP_R_NO_DSA_PARAMETERS 116
1258#define EVP_R_NO_KEY_SET 154
1259#define EVP_R_NO_OPERATION_SET 149
1260#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104
1261#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105
1262#define EVP_R_ONLY_ONESHOT_SUPPORTED 177
1263#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
1264#define EVP_R_OPERATON_NOT_INITIALIZED 151
1265#define EVP_R_OUTPUT_ALIASES_INPUT 172
1266#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117
1267#define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
1268#define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
1269#define EVP_R_PUBLIC_KEY_NOT_RSA 106
1270#define EVP_R_TAG_TOO_LARGE 171
1271#define EVP_R_TOO_LARGE 164
1272#define EVP_R_UNKNOWN_CIPHER 160
1273#define EVP_R_UNKNOWN_DIGEST 161
1274#define EVP_R_UNKNOWN_OPTION 169
1275#define EVP_R_UNKNOWN_PBE_ALGORITHM 121
1276#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135
1277#define EVP_R_UNSUPPORTED_ALGORITHM 156
1278#define EVP_R_UNSUPPORTED_CIPHER 107
1279#define EVP_R_UNSUPPORTED_KEYLENGTH 123
1280#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124
1281#define EVP_R_UNSUPPORTED_KEY_SIZE 108
1282#define EVP_R_UNSUPPORTED_PRF 125
1283#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118
1284#define EVP_R_WRAP_MODE_NOT_ALLOWED 170
1285#define EVP_R_UNSUPPORTED_SALT_TYPE 126
1286#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
1287#define EVP_R_WRONG_PUBLIC_KEY_TYPE 110
1288
1289#ifdef __cplusplus
1290}
1291#endif
1292#endif
diff --git a/src/lib/libcrypto/evp/evp_aead.c b/src/lib/libcrypto/evp/evp_aead.c
deleted file mode 100644
index b35f5157ed..0000000000
--- a/src/lib/libcrypto/evp/evp_aead.c
+++ /dev/null
@@ -1,170 +0,0 @@
1/* $OpenBSD: evp_aead.c,v 1.11 2024/04/09 13:52:41 beck Exp $ */
2/*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <limits.h>
19#include <string.h>
20
21#include <openssl/evp.h>
22#include <openssl/err.h>
23
24#include "evp_local.h"
25
26size_t
27EVP_AEAD_key_length(const EVP_AEAD *aead)
28{
29 return aead->key_len;
30}
31LCRYPTO_ALIAS(EVP_AEAD_key_length);
32
33size_t
34EVP_AEAD_nonce_length(const EVP_AEAD *aead)
35{
36 return aead->nonce_len;
37}
38LCRYPTO_ALIAS(EVP_AEAD_nonce_length);
39
40size_t
41EVP_AEAD_max_overhead(const EVP_AEAD *aead)
42{
43 return aead->overhead;
44}
45LCRYPTO_ALIAS(EVP_AEAD_max_overhead);
46
47size_t
48EVP_AEAD_max_tag_len(const EVP_AEAD *aead)
49{
50 return aead->max_tag_len;
51}
52LCRYPTO_ALIAS(EVP_AEAD_max_tag_len);
53
54int
55EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
56 const unsigned char *key, size_t key_len, size_t tag_len, ENGINE *impl)
57{
58 ctx->aead = aead;
59 if (key_len != aead->key_len) {
60 EVPerror(EVP_R_UNSUPPORTED_KEY_SIZE);
61 return 0;
62 }
63 return aead->init(ctx, key, key_len, tag_len);
64}
65LCRYPTO_ALIAS(EVP_AEAD_CTX_init);
66
67void
68EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx)
69{
70 if (ctx->aead == NULL)
71 return;
72 ctx->aead->cleanup(ctx);
73 ctx->aead = NULL;
74}
75LCRYPTO_ALIAS(EVP_AEAD_CTX_cleanup);
76
77EVP_AEAD_CTX *
78EVP_AEAD_CTX_new(void)
79{
80 return calloc(1, sizeof(EVP_AEAD_CTX));
81}
82LCRYPTO_ALIAS(EVP_AEAD_CTX_new);
83
84void
85EVP_AEAD_CTX_free(EVP_AEAD_CTX *ctx)
86{
87 if (ctx == NULL)
88 return;
89
90 EVP_AEAD_CTX_cleanup(ctx);
91 free(ctx);
92}
93LCRYPTO_ALIAS(EVP_AEAD_CTX_free);
94
95/* check_alias returns 0 if out points within the buffer determined by in
96 * and in_len and 1 otherwise.
97 *
98 * When processing, there's only an issue if out points within in[:in_len]
99 * and isn't equal to in. If that's the case then writing the output will
100 * stomp input that hasn't been read yet.
101 *
102 * This function checks for that case. */
103static int
104check_alias(const unsigned char *in, size_t in_len, const unsigned char *out)
105{
106 if (out <= in)
107 return 1;
108 if (in + in_len <= out)
109 return 1;
110 return 0;
111}
112
113int
114EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
115 size_t max_out_len, const unsigned char *nonce, size_t nonce_len,
116 const unsigned char *in, size_t in_len, const unsigned char *ad,
117 size_t ad_len)
118{
119 size_t possible_out_len = in_len + ctx->aead->overhead;
120
121 /* Overflow. */
122 if (possible_out_len < in_len) {
123 EVPerror(EVP_R_TOO_LARGE);
124 goto error;
125 }
126
127 if (!check_alias(in, in_len, out)) {
128 EVPerror(EVP_R_OUTPUT_ALIASES_INPUT);
129 goto error;
130 }
131
132 if (ctx->aead->seal(ctx, out, out_len, max_out_len, nonce, nonce_len,
133 in, in_len, ad, ad_len)) {
134 return 1;
135 }
136
137error:
138 /* In the event of an error, clear the output buffer so that a caller
139 * that doesn't check the return value doesn't send raw data. */
140 memset(out, 0, max_out_len);
141 *out_len = 0;
142 return 0;
143}
144LCRYPTO_ALIAS(EVP_AEAD_CTX_seal);
145
146int
147EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
148 size_t max_out_len, const unsigned char *nonce, size_t nonce_len,
149 const unsigned char *in, size_t in_len, const unsigned char *ad,
150 size_t ad_len)
151{
152 if (!check_alias(in, in_len, out)) {
153 EVPerror(EVP_R_OUTPUT_ALIASES_INPUT);
154 goto error;
155 }
156
157 if (ctx->aead->open(ctx, out, out_len, max_out_len, nonce, nonce_len,
158 in, in_len, ad, ad_len)) {
159 return 1;
160 }
161
162error:
163 /* In the event of an error, clear the output buffer so that a caller
164 * that doesn't check the return value doesn't try and process bad
165 * data. */
166 memset(out, 0, max_out_len);
167 *out_len = 0;
168 return 0;
169}
170LCRYPTO_ALIAS(EVP_AEAD_CTX_open);
diff --git a/src/lib/libcrypto/evp/evp_cipher.c b/src/lib/libcrypto/evp/evp_cipher.c
deleted file mode 100644
index e9c266d1b9..0000000000
--- a/src/lib/libcrypto/evp/evp_cipher.c
+++ /dev/null
@@ -1,1238 +0,0 @@
1/* $OpenBSD: evp_cipher.c,v 1.23 2024/04/10 15:00:38 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * licensing@OpenSSL.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <limits.h>
113#include <stdio.h>
114#include <stdlib.h>
115#include <string.h>
116
117#include <openssl/asn1.h>
118#include <openssl/err.h>
119#include <openssl/evp.h>
120
121#include "asn1_local.h"
122#include "evp_local.h"
123
124int
125EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
126 const unsigned char *key, const unsigned char *iv, int enc)
127{
128 return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
129}
130LCRYPTO_ALIAS(EVP_CipherInit);
131
132int
133EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *engine,
134 const unsigned char *key, const unsigned char *iv, int enc)
135{
136 if (enc == -1)
137 enc = ctx->encrypt;
138 if (enc != 0)
139 enc = 1;
140 ctx->encrypt = enc;
141
142 if (cipher == NULL && ctx->cipher == NULL) {
143 EVPerror(EVP_R_NO_CIPHER_SET);
144 return 0;
145 }
146
147 /*
148 * Set up cipher and context. Allocate cipher data and initialize ctx.
149 * On ctx reuse only retain encryption direction and key wrap flag.
150 */
151 if (cipher != NULL) {
152 unsigned long flags = ctx->flags;
153
154 EVP_CIPHER_CTX_cleanup(ctx);
155 ctx->encrypt = enc;
156 ctx->flags = flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
157
158 ctx->cipher = cipher;
159 ctx->key_len = cipher->key_len;
160
161 if (ctx->cipher->ctx_size != 0) {
162 ctx->cipher_data = calloc(1, ctx->cipher->ctx_size);
163 if (ctx->cipher_data == NULL) {
164 EVPerror(ERR_R_MALLOC_FAILURE);
165 return 0;
166 }
167 }
168
169 if ((ctx->cipher->flags & EVP_CIPH_CTRL_INIT) != 0) {
170 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
171 EVPerror(EVP_R_INITIALIZATION_ERROR);
172 return 0;
173 }
174 }
175 }
176
177 /* Block sizes must be a power of 2 due to the use of block_mask. */
178 if (ctx->cipher->block_size != 1 &&
179 ctx->cipher->block_size != 8 &&
180 ctx->cipher->block_size != 16) {
181 EVPerror(EVP_R_BAD_BLOCK_LENGTH);
182 return 0;
183 }
184
185 if ((ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW) == 0 &&
186 EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) {
187 EVPerror(EVP_R_WRAP_MODE_NOT_ALLOWED);
188 return 0;
189 }
190
191 if ((EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV) == 0) {
192 int iv_len;
193
194 switch (EVP_CIPHER_CTX_mode(ctx)) {
195
196 case EVP_CIPH_STREAM_CIPHER:
197 case EVP_CIPH_ECB_MODE:
198 break;
199
200 case EVP_CIPH_CFB_MODE:
201 case EVP_CIPH_OFB_MODE:
202
203 ctx->num = 0;
204 /* fall-through */
205
206 case EVP_CIPH_CBC_MODE:
207 iv_len = EVP_CIPHER_CTX_iv_length(ctx);
208 if (iv_len < 0 || iv_len > sizeof(ctx->oiv) ||
209 iv_len > sizeof(ctx->iv)) {
210 EVPerror(EVP_R_IV_TOO_LARGE);
211 return 0;
212 }
213 if (iv != NULL)
214 memcpy(ctx->oiv, iv, iv_len);
215 memcpy(ctx->iv, ctx->oiv, iv_len);
216 break;
217
218 case EVP_CIPH_CTR_MODE:
219 ctx->num = 0;
220 iv_len = EVP_CIPHER_CTX_iv_length(ctx);
221 if (iv_len < 0 || iv_len > sizeof(ctx->iv)) {
222 EVPerror(EVP_R_IV_TOO_LARGE);
223 return 0;
224 }
225 /* Don't reuse IV for CTR mode */
226 if (iv != NULL)
227 memcpy(ctx->iv, iv, iv_len);
228 break;
229
230 default:
231 return 0;
232 break;
233 }
234 }
235
236 if (key != NULL || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT) != 0) {
237 if (!ctx->cipher->init(ctx, key, iv, enc))
238 return 0;
239 }
240
241 ctx->partial_len = 0;
242 ctx->final_used = 0;
243
244 return 1;
245}
246LCRYPTO_ALIAS(EVP_CipherInit_ex);
247
248int
249EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len,
250 const unsigned char *in, int in_len)
251{
252 if (ctx->encrypt)
253 return EVP_EncryptUpdate(ctx, out, out_len, in, in_len);
254
255 return EVP_DecryptUpdate(ctx, out, out_len, in, in_len);
256}
257LCRYPTO_ALIAS(EVP_CipherUpdate);
258
259int
260EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len)
261{
262 if (ctx->encrypt)
263 return EVP_EncryptFinal_ex(ctx, out, out_len);
264
265 return EVP_DecryptFinal_ex(ctx, out, out_len);
266}
267LCRYPTO_ALIAS(EVP_CipherFinal);
268
269int
270EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len)
271{
272 if (ctx->encrypt)
273 return EVP_EncryptFinal_ex(ctx, out, out_len);
274
275 return EVP_DecryptFinal_ex(ctx, out, out_len);
276}
277LCRYPTO_ALIAS(EVP_CipherFinal_ex);
278
279int
280EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
281 const unsigned char *key, const unsigned char *iv)
282{
283 return EVP_CipherInit(ctx, cipher, key, iv, 1);
284}
285LCRYPTO_ALIAS(EVP_EncryptInit);
286
287int
288EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *engine,
289 const unsigned char *key, const unsigned char *iv)
290{
291 return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1);
292}
293LCRYPTO_ALIAS(EVP_EncryptInit_ex);
294
295/*
296 * EVP_Cipher() is an implementation detail of EVP_Cipher{Update,Final}().
297 * Behavior depends on EVP_CIPH_FLAG_CUSTOM_CIPHER being set on ctx->cipher.
298 *
299 * If the flag is set, do_cipher() operates in update mode if in != NULL and
300 * in final mode if in == NULL. It returns the number of bytes written to out
301 * (which may be 0) or -1 on error.
302 *
303 * If the flag is not set, do_cipher() assumes properly aligned data and that
304 * padding is handled correctly by the caller. Most do_cipher() methods will
305 * silently produce garbage and succeed. Returns 1 on success, 0 on error.
306 */
307int
308EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
309 unsigned int in_len)
310{
311 return ctx->cipher->do_cipher(ctx, out, in, in_len);
312}
313LCRYPTO_ALIAS(EVP_Cipher);
314
315static int
316evp_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len,
317 const unsigned char *in, int in_len)
318{
319 int len;
320
321 *out_len = 0;
322
323 if (in_len < 0)
324 return 0;
325
326 if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0) {
327 if ((len = ctx->cipher->do_cipher(ctx, out, in, in_len)) < 0)
328 return 0;
329
330 *out_len = len;
331 return 1;
332 }
333
334 if (!ctx->cipher->do_cipher(ctx, out, in, in_len))
335 return 0;
336
337 *out_len = in_len;
338
339 return 1;
340}
341
342int
343EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len,
344 const unsigned char *in, int in_len)
345{
346 const int block_size = ctx->cipher->block_size;
347 const int block_mask = block_size - 1;
348 int partial_len = ctx->partial_len;
349 int len = 0, total_len = 0;
350
351 *out_len = 0;
352
353 if ((block_size & block_mask) != 0)
354 return 0;
355
356 if (in_len < 0)
357 return 0;
358
359 if (in_len == 0 && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)
360 return 1;
361
362 if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0)
363 return evp_cipher(ctx, out, out_len, in, in_len);
364
365 if (partial_len == 0 && (in_len & block_mask) == 0)
366 return evp_cipher(ctx, out, out_len, in, in_len);
367
368 if (partial_len < 0 || partial_len >= block_size ||
369 block_size > sizeof(ctx->buf)) {
370 EVPerror(EVP_R_BAD_BLOCK_LENGTH);
371 return 0;
372 }
373
374 if (partial_len > 0) {
375 int partial_needed;
376
377 if ((partial_needed = block_size - partial_len) > in_len) {
378 memcpy(&ctx->buf[partial_len], in, in_len);
379 ctx->partial_len += in_len;
380 return 1;
381 }
382
383 /*
384 * Once the first partial_needed bytes from in are processed,
385 * the number of multiples of block_size of data remaining is
386 * (in_len - partial_needed) & ~block_mask. Ensure that this
387 * plus the block processed from ctx->buf doesn't overflow.
388 */
389 if (((in_len - partial_needed) & ~block_mask) > INT_MAX - block_size) {
390 EVPerror(EVP_R_TOO_LARGE);
391 return 0;
392 }
393 memcpy(&ctx->buf[partial_len], in, partial_needed);
394
395 len = 0;
396 if (!evp_cipher(ctx, out, &len, ctx->buf, block_size))
397 return 0;
398 total_len = len;
399
400 in_len -= partial_needed;
401 in += partial_needed;
402 out += len;
403 }
404
405 partial_len = in_len & block_mask;
406 if ((in_len -= partial_len) > 0) {
407 if (INT_MAX - in_len < total_len)
408 return 0;
409 len = 0;
410 if (!evp_cipher(ctx, out, &len, in, in_len))
411 return 0;
412 if (INT_MAX - len < total_len)
413 return 0;
414 total_len += len;
415 }
416
417 if ((ctx->partial_len = partial_len) > 0)
418 memcpy(ctx->buf, &in[in_len], partial_len);
419
420 *out_len = total_len;
421
422 return 1;
423}
424LCRYPTO_ALIAS(EVP_EncryptUpdate);
425
426int
427EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len)
428{
429 return EVP_EncryptFinal_ex(ctx, out, out_len);
430}
431LCRYPTO_ALIAS(EVP_EncryptFinal);
432
433int
434EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len)
435{
436 const int block_size = ctx->cipher->block_size;
437 int partial_len = ctx->partial_len;
438 int pad;
439
440 *out_len = 0;
441
442 if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0)
443 return evp_cipher(ctx, out, out_len, NULL, 0);
444
445 if (partial_len < 0 || partial_len >= block_size ||
446 block_size > sizeof(ctx->buf)) {
447 EVPerror(EVP_R_BAD_BLOCK_LENGTH);
448 return 0;
449 }
450 if (block_size == 1)
451 return 1;
452
453 if ((ctx->flags & EVP_CIPH_NO_PADDING) != 0) {
454 if (partial_len != 0) {
455 EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
456 return 0;
457 }
458 return 1;
459 }
460
461 pad = block_size - partial_len;
462 memset(&ctx->buf[partial_len], pad, pad);
463
464 return evp_cipher(ctx, out, out_len, ctx->buf, block_size);
465}
466LCRYPTO_ALIAS(EVP_EncryptFinal_ex);
467
468int
469EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
470 const unsigned char *key, const unsigned char *iv)
471{
472 return EVP_CipherInit(ctx, cipher, key, iv, 0);
473}
474LCRYPTO_ALIAS(EVP_DecryptInit);
475
476int
477EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *engine,
478 const unsigned char *key, const unsigned char *iv)
479{
480 return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0);
481}
482LCRYPTO_ALIAS(EVP_DecryptInit_ex);
483
484int
485EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len,
486 const unsigned char *in, int in_len)
487{
488 const int block_size = ctx->cipher->block_size;
489 const int block_mask = block_size - 1;
490 int len = 0, total_len = 0;
491
492 *out_len = 0;
493
494 if ((block_size & block_mask) != 0)
495 return 0;
496
497 if (in_len < 0)
498 return 0;
499
500 if (in_len == 0 && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)
501 return 1;
502
503 if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0)
504 return evp_cipher(ctx, out, out_len, in, in_len);
505
506 if ((ctx->flags & EVP_CIPH_NO_PADDING) != 0)
507 return EVP_EncryptUpdate(ctx, out, out_len, in, in_len);
508
509 if (block_size > sizeof(ctx->final)) {
510 EVPerror(EVP_R_BAD_BLOCK_LENGTH);
511 return 0;
512 }
513
514 if (ctx->final_used) {
515 /*
516 * final_used is only set if partial_len is 0. Therefore the
517 * output from EVP_EncryptUpdate() is in_len & ~block_mask.
518 * Ensure (in_len & ~block_mask) + block_size doesn't overflow.
519 */
520 if ((in_len & ~block_mask) > INT_MAX - block_size) {
521 EVPerror(EVP_R_TOO_LARGE);
522 return 0;
523 }
524 memcpy(out, ctx->final, block_size);
525 out += block_size;
526 total_len = block_size;
527 }
528
529 ctx->final_used = 0;
530
531 len = 0;
532 if (!EVP_EncryptUpdate(ctx, out, &len, in, in_len))
533 return 0;
534
535 /* Keep copy of last block if a multiple of block_size was decrypted. */
536 if (block_size > 1 && ctx->partial_len == 0) {
537 if (len < block_size)
538 return 0;
539 len -= block_size;
540 memcpy(ctx->final, &out[len], block_size);
541 ctx->final_used = 1;
542 }
543
544 if (len > INT_MAX - total_len)
545 return 0;
546 total_len += len;
547
548 *out_len = total_len;
549
550 return 1;
551}
552LCRYPTO_ALIAS(EVP_DecryptUpdate);
553
554int
555EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len)
556{
557 return EVP_DecryptFinal_ex(ctx, out, out_len);
558}
559LCRYPTO_ALIAS(EVP_DecryptFinal);
560
561int
562EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len)
563{
564 const int block_size = ctx->cipher->block_size;
565 int partial_len = ctx->partial_len;
566 int i, pad, plain_len;
567
568 *out_len = 0;
569
570 if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0)
571 return evp_cipher(ctx, out, out_len, NULL, 0);
572
573 if ((ctx->flags & EVP_CIPH_NO_PADDING) != 0) {
574 if (partial_len != 0) {
575 EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
576 return 0;
577 }
578 return 1;
579 }
580
581 if (block_size == 1)
582 return 1;
583
584 if (partial_len != 0 || !ctx->final_used) {
585 EVPerror(EVP_R_WRONG_FINAL_BLOCK_LENGTH);
586 return 0;
587 }
588
589 if (block_size > sizeof(ctx->final)) {
590 EVPerror(EVP_R_BAD_BLOCK_LENGTH);
591 return 0;
592 }
593
594 pad = ctx->final[block_size - 1];
595 if (pad <= 0 || pad > block_size) {
596 EVPerror(EVP_R_BAD_DECRYPT);
597 return 0;
598 }
599 plain_len = block_size - pad;
600 for (i = plain_len; i < block_size; i++) {
601 if (ctx->final[i] != pad) {
602 EVPerror(EVP_R_BAD_DECRYPT);
603 return 0;
604 }
605 }
606
607 memcpy(out, ctx->final, plain_len);
608 *out_len = plain_len;
609
610 return 1;
611}
612LCRYPTO_ALIAS(EVP_DecryptFinal_ex);
613
614EVP_CIPHER_CTX *
615EVP_CIPHER_CTX_new(void)
616{
617 return calloc(1, sizeof(EVP_CIPHER_CTX));
618}
619LCRYPTO_ALIAS(EVP_CIPHER_CTX_new);
620
621void
622EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
623{
624 if (ctx == NULL)
625 return;
626
627 EVP_CIPHER_CTX_cleanup(ctx);
628
629 free(ctx);
630}
631LCRYPTO_ALIAS(EVP_CIPHER_CTX_free);
632
633void
634EVP_CIPHER_CTX_legacy_clear(EVP_CIPHER_CTX *ctx)
635{
636 memset(ctx, 0, sizeof(*ctx));
637}
638
639int
640EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
641{
642 return EVP_CIPHER_CTX_cleanup(ctx);
643}
644LCRYPTO_ALIAS(EVP_CIPHER_CTX_init);
645
646int
647EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
648{
649 return EVP_CIPHER_CTX_cleanup(ctx);
650}
651LCRYPTO_ALIAS(EVP_CIPHER_CTX_reset);
652
653int
654EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *ctx)
655{
656 if (ctx == NULL)
657 return 1;
658
659 if (ctx->cipher != NULL) {
660 /* XXX - Avoid leaks, so ignore return value of cleanup()... */
661 if (ctx->cipher->cleanup != NULL)
662 ctx->cipher->cleanup(ctx);
663 if (ctx->cipher_data != NULL)
664 explicit_bzero(ctx->cipher_data, ctx->cipher->ctx_size);
665 }
666
667 /* XXX - store size of cipher_data so we can always freezero(). */
668 free(ctx->cipher_data);
669
670 explicit_bzero(ctx, sizeof(EVP_CIPHER_CTX));
671
672 return 1;
673}
674LCRYPTO_ALIAS(EVP_CIPHER_CTX_cleanup);
675
676int
677EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
678{
679 int ret;
680
681 if (!ctx->cipher) {
682 EVPerror(EVP_R_NO_CIPHER_SET);
683 return 0;
684 }
685
686 if (!ctx->cipher->ctrl) {
687 EVPerror(EVP_R_CTRL_NOT_IMPLEMENTED);
688 return 0;
689 }
690
691 ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
692 if (ret == -1) {
693 EVPerror(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
694 return 0;
695 }
696 return ret;
697}
698LCRYPTO_ALIAS(EVP_CIPHER_CTX_ctrl);
699
700int
701EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
702{
703 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
704 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
705 arc4random_buf(key, ctx->key_len);
706 return 1;
707}
708LCRYPTO_ALIAS(EVP_CIPHER_CTX_rand_key);
709
710int
711EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
712{
713 if (in == NULL || in->cipher == NULL) {
714 EVPerror(EVP_R_INPUT_NOT_INITIALIZED);
715 return 0;
716 }
717
718 EVP_CIPHER_CTX_cleanup(out);
719 memcpy(out, in, sizeof *out);
720
721 if (in->cipher_data && in->cipher->ctx_size) {
722 out->cipher_data = calloc(1, in->cipher->ctx_size);
723 if (out->cipher_data == NULL) {
724 EVPerror(ERR_R_MALLOC_FAILURE);
725 return 0;
726 }
727 memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
728 }
729
730 if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) {
731 if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY,
732 0, out)) {
733 /*
734 * If the custom copy control failed, assume that there
735 * may still be pointers copied in the cipher_data that
736 * we do not own. This may result in a leak from a bad
737 * custom copy control, but that's preferable to a
738 * double free...
739 */
740 freezero(out->cipher_data, in->cipher->ctx_size);
741 out->cipher_data = NULL;
742 return 0;
743 }
744 }
745
746 return 1;
747}
748LCRYPTO_ALIAS(EVP_CIPHER_CTX_copy);
749
750/*
751 * EVP_CIPHER_CTX accessors.
752 */
753
754const EVP_CIPHER *
755EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
756{
757 return ctx->cipher;
758}
759LCRYPTO_ALIAS(EVP_CIPHER_CTX_cipher);
760
761int
762EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
763{
764 return ctx->encrypt;
765}
766LCRYPTO_ALIAS(EVP_CIPHER_CTX_encrypting);
767
768int
769EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len)
770{
771 if (ctx == NULL || len != EVP_CIPHER_CTX_iv_length(ctx))
772 return 0;
773 if (len > EVP_MAX_IV_LENGTH)
774 return 0; /* sanity check; shouldn't happen */
775 /*
776 * Skip the memcpy entirely when the requested IV length is zero,
777 * since the iv pointer may be NULL or invalid.
778 */
779 if (len != 0) {
780 if (iv == NULL)
781 return 0;
782 memcpy(iv, ctx->iv, len);
783 }
784 return 1;
785}
786LCRYPTO_ALIAS(EVP_CIPHER_CTX_get_iv);
787
788int
789EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len)
790{
791 if (ctx == NULL || len != EVP_CIPHER_CTX_iv_length(ctx))
792 return 0;
793 if (len > EVP_MAX_IV_LENGTH)
794 return 0; /* sanity check; shouldn't happen */
795 /*
796 * Skip the memcpy entirely when the requested IV length is zero,
797 * since the iv pointer may be NULL or invalid.
798 */
799 if (len != 0) {
800 if (iv == NULL)
801 return 0;
802 memcpy(ctx->iv, iv, len);
803 }
804 return 1;
805}
806LCRYPTO_ALIAS(EVP_CIPHER_CTX_set_iv);
807
808unsigned char *
809EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
810{
811 return ctx->buf;
812}
813LCRYPTO_ALIAS(EVP_CIPHER_CTX_buf_noconst);
814
815void *
816EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
817{
818 return ctx->app_data;
819}
820LCRYPTO_ALIAS(EVP_CIPHER_CTX_get_app_data);
821
822void
823EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
824{
825 ctx->app_data = data;
826}
827LCRYPTO_ALIAS(EVP_CIPHER_CTX_set_app_data);
828
829int
830EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
831{
832 return ctx->key_len;
833}
834LCRYPTO_ALIAS(EVP_CIPHER_CTX_key_length);
835
836int
837EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *ctx, int key_len)
838{
839 if (ctx->key_len == key_len)
840 return 1;
841 if (key_len > 0 && (ctx->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
842 ctx->key_len = key_len;
843 return 1;
844 }
845 EVPerror(EVP_R_INVALID_KEY_LENGTH);
846 return 0;
847}
848LCRYPTO_ALIAS(EVP_CIPHER_CTX_set_key_length);
849
850int
851EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
852{
853 if (pad)
854 ctx->flags &= ~EVP_CIPH_NO_PADDING;
855 else
856 ctx->flags |= EVP_CIPH_NO_PADDING;
857 return 1;
858}
859LCRYPTO_ALIAS(EVP_CIPHER_CTX_set_padding);
860
861void
862EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags)
863{
864 ctx->flags |= flags;
865}
866LCRYPTO_ALIAS(EVP_CIPHER_CTX_set_flags);
867
868void
869EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags)
870{
871 ctx->flags &= ~flags;
872}
873LCRYPTO_ALIAS(EVP_CIPHER_CTX_clear_flags);
874
875int
876EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
877{
878 return (ctx->flags & flags);
879}
880LCRYPTO_ALIAS(EVP_CIPHER_CTX_test_flags);
881
882void *
883EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx)
884{
885 return ctx->cipher_data;
886}
887LCRYPTO_ALIAS(EVP_CIPHER_CTX_get_cipher_data);
888
889void *
890EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data)
891{
892 void *old_cipher_data;
893
894 old_cipher_data = ctx->cipher_data;
895 ctx->cipher_data = cipher_data;
896
897 return old_cipher_data;
898}
899LCRYPTO_ALIAS(EVP_CIPHER_CTX_set_cipher_data);
900
901/*
902 * EVP_CIPHER_CTX getters that reach into the cipher attached to the context.
903 */
904
905int
906EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
907{
908 return ctx->cipher->nid;
909}
910LCRYPTO_ALIAS(EVP_CIPHER_CTX_nid);
911
912int
913EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
914{
915 return ctx->cipher->block_size;
916}
917LCRYPTO_ALIAS(EVP_CIPHER_CTX_block_size);
918
919int
920EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
921{
922 int iv_length = 0;
923
924 if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_IV_LENGTH) == 0)
925 return ctx->cipher->iv_len;
926
927 /*
928 * XXX - sanity would suggest to pass the size of the pointer along,
929 * but unfortunately we have to match the other crowd.
930 */
931 if (EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, 0,
932 &iv_length) != 1)
933 return -1;
934
935 return iv_length;
936}
937LCRYPTO_ALIAS(EVP_CIPHER_CTX_iv_length);
938
939unsigned long
940EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
941{
942 return ctx->cipher->flags;
943}
944LCRYPTO_ALIAS(EVP_CIPHER_CTX_flags);
945
946/*
947 * Used by CMS and its predecessors. Only GOST and RC2 have a custom method.
948 */
949
950int
951EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
952{
953 int iv_len;
954
955 if (type == NULL)
956 return 0;
957
958 iv_len = EVP_CIPHER_CTX_iv_length(ctx);
959 if (iv_len < 0 || iv_len > sizeof(ctx->oiv) || iv_len > sizeof(ctx->iv)) {
960 EVPerror(EVP_R_IV_TOO_LARGE);
961 return 0; /* XXX */
962 }
963 if (ASN1_TYPE_get_octetstring(type, ctx->oiv, iv_len) != iv_len)
964 return -1;
965
966 if (iv_len > 0)
967 memcpy(ctx->iv, ctx->oiv, iv_len);
968
969 return iv_len;
970}
971
972int
973EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
974{
975 if (ctx->cipher->get_asn1_parameters != NULL)
976 return ctx->cipher->get_asn1_parameters(ctx, type);
977
978 if ((ctx->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) != 0)
979 return EVP_CIPHER_get_asn1_iv(ctx, type);
980
981 return -1;
982}
983
984int
985EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
986{
987 int iv_len;
988
989 if (type == NULL)
990 return 0;
991
992 iv_len = EVP_CIPHER_CTX_iv_length(ctx);
993 if (iv_len < 0 || iv_len > sizeof(ctx->oiv)) {
994 EVPerror(EVP_R_IV_TOO_LARGE);
995 return 0;
996 }
997
998 return ASN1_TYPE_set_octetstring(type, ctx->oiv, iv_len);
999}
1000
1001int
1002EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
1003{
1004 if (ctx->cipher->set_asn1_parameters != NULL)
1005 return ctx->cipher->set_asn1_parameters(ctx, type);
1006
1007 if ((ctx->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) != 0)
1008 return EVP_CIPHER_set_asn1_iv(ctx, type);
1009
1010 return -1;
1011}
1012
1013/* Convert the various cipher NIDs and dummies to a proper OID NID */
1014int
1015EVP_CIPHER_type(const EVP_CIPHER *cipher)
1016{
1017 ASN1_OBJECT *aobj;
1018 int nid;
1019
1020 nid = EVP_CIPHER_nid(cipher);
1021 switch (nid) {
1022 case NID_rc2_cbc:
1023 case NID_rc2_64_cbc:
1024 case NID_rc2_40_cbc:
1025 return NID_rc2_cbc;
1026
1027 case NID_rc4:
1028 case NID_rc4_40:
1029 return NID_rc4;
1030
1031 case NID_aes_128_cfb128:
1032 case NID_aes_128_cfb8:
1033 case NID_aes_128_cfb1:
1034 return NID_aes_128_cfb128;
1035
1036 case NID_aes_192_cfb128:
1037 case NID_aes_192_cfb8:
1038 case NID_aes_192_cfb1:
1039 return NID_aes_192_cfb128;
1040
1041 case NID_aes_256_cfb128:
1042 case NID_aes_256_cfb8:
1043 case NID_aes_256_cfb1:
1044 return NID_aes_256_cfb128;
1045
1046 case NID_des_cfb64:
1047 case NID_des_cfb8:
1048 case NID_des_cfb1:
1049 return NID_des_cfb64;
1050
1051 case NID_des_ede3_cfb64:
1052 case NID_des_ede3_cfb8:
1053 case NID_des_ede3_cfb1:
1054 return NID_des_cfb64;
1055
1056 default:
1057 /* Check it has an OID and it is valid */
1058 if (((aobj = OBJ_nid2obj(nid)) == NULL) || aobj->data == NULL)
1059 nid = NID_undef;
1060
1061 ASN1_OBJECT_free(aobj);
1062
1063 return nid;
1064 }
1065}
1066LCRYPTO_ALIAS(EVP_CIPHER_type);
1067
1068/*
1069 * Accessors. First the trivial getters, then the setters for the method API.
1070 */
1071
1072int
1073EVP_CIPHER_nid(const EVP_CIPHER *cipher)
1074{
1075 return cipher->nid;
1076}
1077LCRYPTO_ALIAS(EVP_CIPHER_nid);
1078
1079int
1080EVP_CIPHER_block_size(const EVP_CIPHER *cipher)
1081{
1082 return cipher->block_size;
1083}
1084LCRYPTO_ALIAS(EVP_CIPHER_block_size);
1085
1086int
1087EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
1088{
1089 return cipher->key_len;
1090}
1091LCRYPTO_ALIAS(EVP_CIPHER_key_length);
1092
1093int
1094EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
1095{
1096 return cipher->iv_len;
1097}
1098LCRYPTO_ALIAS(EVP_CIPHER_iv_length);
1099
1100unsigned long
1101EVP_CIPHER_flags(const EVP_CIPHER *cipher)
1102{
1103 return cipher->flags;
1104}
1105LCRYPTO_ALIAS(EVP_CIPHER_flags);
1106
1107EVP_CIPHER *
1108EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
1109{
1110 EVP_CIPHER *cipher;
1111
1112 if (cipher_type < 0 || key_len < 0)
1113 return NULL;
1114
1115 /* EVP_CipherInit() will fail for any other value. */
1116 if (block_size != 1 && block_size != 8 && block_size != 16)
1117 return NULL;
1118
1119 if ((cipher = calloc(1, sizeof(*cipher))) == NULL)
1120 return NULL;
1121
1122 cipher->nid = cipher_type;
1123 cipher->block_size = block_size;
1124 cipher->key_len = key_len;
1125
1126 return cipher;
1127}
1128LCRYPTO_ALIAS(EVP_CIPHER_meth_new);
1129
1130EVP_CIPHER *
1131EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher)
1132{
1133 EVP_CIPHER *copy;
1134
1135 if ((copy = calloc(1, sizeof(*copy))) == NULL)
1136 return NULL;
1137
1138 *copy = *cipher;
1139
1140 return copy;
1141}
1142LCRYPTO_ALIAS(EVP_CIPHER_meth_dup);
1143
1144void
1145EVP_CIPHER_meth_free(EVP_CIPHER *cipher)
1146{
1147 free(cipher);
1148}
1149LCRYPTO_ALIAS(EVP_CIPHER_meth_free);
1150
1151int
1152EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len)
1153{
1154 cipher->iv_len = iv_len;
1155
1156 return 1;
1157}
1158LCRYPTO_ALIAS(EVP_CIPHER_meth_set_iv_length);
1159
1160int
1161EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags)
1162{
1163 cipher->flags = flags;
1164
1165 return 1;
1166}
1167LCRYPTO_ALIAS(EVP_CIPHER_meth_set_flags);
1168
1169int
1170EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size)
1171{
1172 cipher->ctx_size = ctx_size;
1173
1174 return 1;
1175}
1176LCRYPTO_ALIAS(EVP_CIPHER_meth_set_impl_ctx_size);
1177
1178int
1179EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
1180 int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1181 const unsigned char *iv, int enc))
1182{
1183 cipher->init = init;
1184
1185 return 1;
1186}
1187LCRYPTO_ALIAS(EVP_CIPHER_meth_set_init);
1188
1189int
1190EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
1191 int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
1192 const unsigned char *in, size_t inl))
1193{
1194 cipher->do_cipher = do_cipher;
1195
1196 return 1;
1197}
1198LCRYPTO_ALIAS(EVP_CIPHER_meth_set_do_cipher);
1199
1200int
1201EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
1202 int (*cleanup)(EVP_CIPHER_CTX *))
1203{
1204 cipher->cleanup = cleanup;
1205
1206 return 1;
1207}
1208LCRYPTO_ALIAS(EVP_CIPHER_meth_set_cleanup);
1209
1210int
1211EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
1212 int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *))
1213{
1214 cipher->set_asn1_parameters = set_asn1_parameters;
1215
1216 return 1;
1217}
1218LCRYPTO_ALIAS(EVP_CIPHER_meth_set_set_asn1_params);
1219
1220int
1221EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
1222 int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *))
1223{
1224 cipher->get_asn1_parameters = get_asn1_parameters;
1225
1226 return 1;
1227}
1228LCRYPTO_ALIAS(EVP_CIPHER_meth_set_get_asn1_params);
1229
1230int
1231EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
1232 int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr))
1233{
1234 cipher->ctrl = ctrl;
1235
1236 return 1;
1237}
1238LCRYPTO_ALIAS(EVP_CIPHER_meth_set_ctrl);
diff --git a/src/lib/libcrypto/evp/evp_digest.c b/src/lib/libcrypto/evp/evp_digest.c
deleted file mode 100644
index 0a97d25c7d..0000000000
--- a/src/lib/libcrypto/evp/evp_digest.c
+++ /dev/null
@@ -1,500 +0,0 @@
1/* $OpenBSD: evp_digest.c,v 1.14 2024/04/10 15:00:38 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113#include <string.h>
114
115#include <openssl/opensslconf.h>
116
117#include <openssl/err.h>
118#include <openssl/evp.h>
119#include <openssl/objects.h>
120
121#include "evp_local.h"
122
123int
124EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
125{
126 EVP_MD_CTX_legacy_clear(ctx);
127 return EVP_DigestInit_ex(ctx, type, NULL);
128}
129LCRYPTO_ALIAS(EVP_DigestInit);
130
131int
132EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
133{
134 EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
135
136 if (ctx->digest != type) {
137 if (ctx->digest && ctx->digest->ctx_size && ctx->md_data &&
138 !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
139 freezero(ctx->md_data, ctx->digest->ctx_size);
140 ctx->md_data = NULL;
141 }
142 ctx->digest = type;
143 if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
144 ctx->update = type->update;
145 ctx->md_data = calloc(1, type->ctx_size);
146 if (ctx->md_data == NULL) {
147 EVP_PKEY_CTX_free(ctx->pctx);
148 ctx->pctx = NULL;
149 EVPerror(ERR_R_MALLOC_FAILURE);
150 return 0;
151 }
152 }
153 }
154 if (ctx->pctx) {
155 int r;
156 r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
157 EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
158 if (r <= 0 && (r != -2))
159 return 0;
160 }
161 if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
162 return 1;
163 return ctx->digest->init(ctx);
164}
165LCRYPTO_ALIAS(EVP_DigestInit_ex);
166
167int
168EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
169{
170 return ctx->update(ctx, data, count);
171}
172LCRYPTO_ALIAS(EVP_DigestUpdate);
173
174/* The caller can assume that this removes any secret data from the context */
175int
176EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
177{
178 int ret;
179
180 ret = EVP_DigestFinal_ex(ctx, md, size);
181 EVP_MD_CTX_cleanup(ctx);
182 return ret;
183}
184LCRYPTO_ALIAS(EVP_DigestFinal);
185
186/* The caller can assume that this removes any secret data from the context */
187int
188EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
189{
190 int ret;
191
192 if ((size_t)ctx->digest->md_size > EVP_MAX_MD_SIZE) {
193 EVPerror(EVP_R_TOO_LARGE);
194 return 0;
195 }
196 ret = ctx->digest->final(ctx, md);
197 if (size != NULL)
198 *size = ctx->digest->md_size;
199 if (ctx->digest->cleanup) {
200 ctx->digest->cleanup(ctx);
201 EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
202 }
203 memset(ctx->md_data, 0, ctx->digest->ctx_size);
204 return ret;
205}
206LCRYPTO_ALIAS(EVP_DigestFinal_ex);
207
208int
209EVP_Digest(const void *data, size_t count,
210 unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl)
211{
212 EVP_MD_CTX ctx;
213 int ret;
214
215 EVP_MD_CTX_legacy_clear(&ctx);
216 EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT);
217 ret = EVP_DigestInit_ex(&ctx, type, NULL) &&
218 EVP_DigestUpdate(&ctx, data, count) &&
219 EVP_DigestFinal_ex(&ctx, md, size);
220 EVP_MD_CTX_cleanup(&ctx);
221
222 return ret;
223}
224LCRYPTO_ALIAS(EVP_Digest);
225
226EVP_MD_CTX *
227EVP_MD_CTX_new(void)
228{
229 return calloc(1, sizeof(EVP_MD_CTX));
230}
231LCRYPTO_ALIAS(EVP_MD_CTX_new);
232
233void
234EVP_MD_CTX_free(EVP_MD_CTX *ctx)
235{
236 if (ctx == NULL)
237 return;
238
239 EVP_MD_CTX_cleanup(ctx);
240
241 free(ctx);
242}
243LCRYPTO_ALIAS(EVP_MD_CTX_free);
244
245EVP_MD_CTX *
246EVP_MD_CTX_create(void)
247{
248 return EVP_MD_CTX_new();
249}
250LCRYPTO_ALIAS(EVP_MD_CTX_create);
251
252void
253EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
254{
255 EVP_MD_CTX_free(ctx);
256}
257LCRYPTO_ALIAS(EVP_MD_CTX_destroy);
258
259void
260EVP_MD_CTX_legacy_clear(EVP_MD_CTX *ctx)
261{
262 memset(ctx, 0, sizeof(*ctx));
263}
264
265int
266EVP_MD_CTX_init(EVP_MD_CTX *ctx)
267{
268 return EVP_MD_CTX_cleanup(ctx);
269}
270LCRYPTO_ALIAS(EVP_MD_CTX_init);
271
272int
273EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
274{
275 return EVP_MD_CTX_cleanup(ctx);
276}
277LCRYPTO_ALIAS(EVP_MD_CTX_reset);
278
279int
280EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
281{
282 if (ctx == NULL)
283 return 1;
284
285 /*
286 * Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
287 * because sometimes only copies of the context are ever finalised.
288 */
289 if (ctx->digest && ctx->digest->cleanup &&
290 !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
291 ctx->digest->cleanup(ctx);
292 if (ctx->digest && ctx->digest->ctx_size && ctx->md_data &&
293 !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
294 freezero(ctx->md_data, ctx->digest->ctx_size);
295 /*
296 * If EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set, EVP_MD_CTX_set_pkey() was
297 * called and its strange API contract implies we don't own ctx->pctx.
298 */
299 if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
300 EVP_PKEY_CTX_free(ctx->pctx);
301 memset(ctx, 0, sizeof(*ctx));
302
303 return 1;
304}
305LCRYPTO_ALIAS(EVP_MD_CTX_cleanup);
306
307int
308EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
309{
310 EVP_MD_CTX_legacy_clear(out);
311 return EVP_MD_CTX_copy_ex(out, in);
312}
313LCRYPTO_ALIAS(EVP_MD_CTX_copy);
314
315int
316EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
317{
318 unsigned char *tmp_buf;
319
320 if ((in == NULL) || (in->digest == NULL)) {
321 EVPerror(EVP_R_INPUT_NOT_INITIALIZED);
322 return 0;
323 }
324
325 if (out->digest == in->digest) {
326 tmp_buf = out->md_data;
327 EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE);
328 } else
329 tmp_buf = NULL;
330 EVP_MD_CTX_cleanup(out);
331 memcpy(out, in, sizeof *out);
332 out->md_data = NULL;
333 out->pctx = NULL;
334
335 /*
336 * Because of the EVP_PKEY_CTX_dup() below, EVP_MD_CTX_cleanup() needs
337 * to free out->pctx in all cases (even if this flag is set on in).
338 */
339 EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
340
341 if (in->md_data && out->digest->ctx_size) {
342 if (tmp_buf) {
343 out->md_data = tmp_buf;
344 } else {
345 out->md_data = calloc(1, out->digest->ctx_size);
346 if (out->md_data == NULL) {
347 EVPerror(ERR_R_MALLOC_FAILURE);
348 return 0;
349 }
350 }
351 memcpy(out->md_data, in->md_data, out->digest->ctx_size);
352 }
353
354 out->update = in->update;
355
356 if (in->pctx) {
357 out->pctx = EVP_PKEY_CTX_dup(in->pctx);
358 if (!out->pctx) {
359 EVP_MD_CTX_cleanup(out);
360 return 0;
361 }
362 }
363
364 if (out->digest->copy)
365 return out->digest->copy(out, in);
366
367 return 1;
368}
369LCRYPTO_ALIAS(EVP_MD_CTX_copy_ex);
370
371int
372EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr)
373{
374 int ret;
375
376 if (!ctx->digest) {
377 EVPerror(EVP_R_NO_CIPHER_SET);
378 return 0;
379 }
380
381 if (!ctx->digest->md_ctrl) {
382 EVPerror(EVP_R_CTRL_NOT_IMPLEMENTED);
383 return 0;
384 }
385
386 ret = ctx->digest->md_ctrl(ctx, type, arg, ptr);
387 if (ret == -1) {
388 EVPerror(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
389 return 0;
390 }
391 return ret;
392}
393LCRYPTO_ALIAS(EVP_MD_CTX_ctrl);
394
395const EVP_MD *
396EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
397{
398 if (!ctx)
399 return NULL;
400 return ctx->digest;
401}
402LCRYPTO_ALIAS(EVP_MD_CTX_md);
403
404void
405EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags)
406{
407 ctx->flags &= ~flags;
408}
409LCRYPTO_ALIAS(EVP_MD_CTX_clear_flags);
410
411void
412EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags)
413{
414 ctx->flags |= flags;
415}
416LCRYPTO_ALIAS(EVP_MD_CTX_set_flags);
417
418int
419EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags)
420{
421 return (ctx->flags & flags);
422}
423LCRYPTO_ALIAS(EVP_MD_CTX_test_flags);
424
425void *
426EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx)
427{
428 return ctx->md_data;
429}
430LCRYPTO_ALIAS(EVP_MD_CTX_md_data);
431
432EVP_PKEY_CTX *
433EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx)
434{
435 return ctx->pctx;
436}
437LCRYPTO_ALIAS(EVP_MD_CTX_pkey_ctx);
438
439void
440EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx)
441{
442 if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) {
443 EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
444 } else {
445 EVP_PKEY_CTX_free(ctx->pctx);
446 }
447
448 ctx->pctx = pctx;
449
450 if (pctx != NULL) {
451 /*
452 * For unclear reasons it was decided that the caller keeps
453 * ownership of pctx. So a flag was invented to make sure we
454 * don't free it in EVP_MD_CTX_cleanup(). We also need to
455 * unset it in EVP_MD_CTX_copy_ex(). Fortunately, the flag
456 * isn't public...
457 */
458 EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
459 }
460}
461LCRYPTO_ALIAS(EVP_MD_CTX_set_pkey_ctx);
462
463int
464EVP_MD_type(const EVP_MD *md)
465{
466 return md->type;
467}
468LCRYPTO_ALIAS(EVP_MD_type);
469
470int
471EVP_MD_pkey_type(const EVP_MD *md)
472{
473 return md->pkey_type;
474}
475LCRYPTO_ALIAS(EVP_MD_pkey_type);
476
477int
478EVP_MD_size(const EVP_MD *md)
479{
480 if (!md) {
481 EVPerror(EVP_R_MESSAGE_DIGEST_IS_NULL);
482 return -1;
483 }
484 return md->md_size;
485}
486LCRYPTO_ALIAS(EVP_MD_size);
487
488unsigned long
489EVP_MD_flags(const EVP_MD *md)
490{
491 return md->flags;
492}
493LCRYPTO_ALIAS(EVP_MD_flags);
494
495int
496EVP_MD_block_size(const EVP_MD *md)
497{
498 return md->block_size;
499}
500LCRYPTO_ALIAS(EVP_MD_block_size);
diff --git a/src/lib/libcrypto/evp/evp_encode.c b/src/lib/libcrypto/evp/evp_encode.c
deleted file mode 100644
index ae6ec476e3..0000000000
--- a/src/lib/libcrypto/evp/evp_encode.c
+++ /dev/null
@@ -1,424 +0,0 @@
1/* $OpenBSD: evp_encode.c,v 1.3 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <limits.h>
60#include <stdio.h>
61#include <string.h>
62
63#include <openssl/evp.h>
64
65#include "evp_local.h"
66
67static unsigned char conv_ascii2bin(unsigned char a);
68#define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f])
69
70/* 64 char lines
71 * pad input with 0
72 * left over chars are set to =
73 * 1 byte => xx==
74 * 2 bytes => xxx=
75 * 3 bytes => xxxx
76 */
77#define BIN_PER_LINE (64/4*3)
78#define CHUNKS_PER_LINE (64/4)
79#define CHAR_PER_LINE (64+1)
80
81static const unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ\
82abcdefghijklmnopqrstuvwxyz0123456789+/";
83
84/* 0xF0 is a EOLN
85 * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing).
86 * 0xF2 is EOF
87 * 0xE0 is ignore at start of line.
88 * 0xFF is error
89 */
90
91#define B64_EOLN 0xF0
92#define B64_CR 0xF1
93#define B64_EOF 0xF2
94#define B64_WS 0xE0
95#define B64_ERROR 0xFF
96#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3)
97#define B64_BASE64(a) !B64_NOT_BASE64(a)
98
99static const unsigned char data_ascii2bin[128] = {
100 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
101 0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF,
102 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
103 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
104 0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
105 0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F,
106 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B,
107 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF,
108 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
109 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
110 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
111 0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
112 0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
113 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
114 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
115 0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
116};
117
118static unsigned char
119conv_ascii2bin(unsigned char a)
120{
121 if (a & 0x80)
122 return B64_ERROR;
123 return data_ascii2bin[a];
124}
125
126EVP_ENCODE_CTX *
127EVP_ENCODE_CTX_new(void)
128{
129 return calloc(1, sizeof(EVP_ENCODE_CTX));
130}
131LCRYPTO_ALIAS(EVP_ENCODE_CTX_new);
132
133void
134EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx)
135{
136 free(ctx);
137}
138LCRYPTO_ALIAS(EVP_ENCODE_CTX_free);
139
140void
141EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
142{
143 ctx->length = 48;
144 ctx->num = 0;
145 ctx->line_num = 0;
146}
147LCRYPTO_ALIAS(EVP_EncodeInit);
148
149int
150EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
151 const unsigned char *in, int inl)
152{
153 int i, j;
154 size_t total = 0;
155
156 *outl = 0;
157 if (inl <= 0)
158 return 0;
159 OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
160 if (ctx->length - ctx->num > inl) {
161 memcpy(&(ctx->enc_data[ctx->num]), in, inl);
162 ctx->num += inl;
163 return 1;
164 }
165 if (ctx->num != 0) {
166 i = ctx->length - ctx->num;
167 memcpy(&(ctx->enc_data[ctx->num]), in, i);
168 in += i;
169 inl -= i;
170 j = EVP_EncodeBlock(out, ctx->enc_data, ctx->length);
171 ctx->num = 0;
172 out += j;
173 *(out++) = '\n';
174 *out = '\0';
175 total = j + 1;
176 }
177 while (inl >= ctx->length && total <= INT_MAX) {
178 j = EVP_EncodeBlock(out, in, ctx->length);
179 in += ctx->length;
180 inl -= ctx->length;
181 out += j;
182 *(out++) = '\n';
183 *out = '\0';
184 total += j + 1;
185 }
186 if (total > INT_MAX) {
187 /* Too much output data! */
188 *outl = 0;
189 return 0;
190 }
191 if (inl != 0)
192 memcpy(&(ctx->enc_data[0]), in, inl);
193 ctx->num = inl;
194 *outl = total;
195
196 return 1;
197}
198LCRYPTO_ALIAS(EVP_EncodeUpdate);
199
200void
201EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
202{
203 unsigned int ret = 0;
204
205 if (ctx->num != 0) {
206 ret = EVP_EncodeBlock(out, ctx->enc_data, ctx->num);
207 out[ret++] = '\n';
208 out[ret] = '\0';
209 ctx->num = 0;
210 }
211 *outl = ret;
212}
213LCRYPTO_ALIAS(EVP_EncodeFinal);
214
215int
216EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
217{
218 int i, ret = 0;
219 unsigned long l;
220
221 for (i = dlen; i > 0; i -= 3) {
222 if (i >= 3) {
223 l = (((unsigned long)f[0]) << 16L) |
224 (((unsigned long)f[1]) << 8L) | f[2];
225 *(t++) = conv_bin2ascii(l >> 18L);
226 *(t++) = conv_bin2ascii(l >> 12L);
227 *(t++) = conv_bin2ascii(l >> 6L);
228 *(t++) = conv_bin2ascii(l );
229 } else {
230 l = ((unsigned long)f[0]) << 16L;
231 if (i == 2)
232 l |= ((unsigned long)f[1] << 8L);
233
234 *(t++) = conv_bin2ascii(l >> 18L);
235 *(t++) = conv_bin2ascii(l >> 12L);
236 *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L);
237 *(t++) = '=';
238 }
239 ret += 4;
240 f += 3;
241 }
242
243 *t = '\0';
244 return (ret);
245}
246LCRYPTO_ALIAS(EVP_EncodeBlock);
247
248void
249EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
250{
251 ctx->num = 0;
252 ctx->length = 0;
253 ctx->line_num = 0;
254 ctx->expect_nl = 0;
255}
256LCRYPTO_ALIAS(EVP_DecodeInit);
257
258int
259EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
260 const unsigned char *in, int inl)
261{
262 int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len;
263 unsigned char *d;
264
265 n = ctx->num;
266 d = ctx->enc_data;
267
268 if (n > 0 && d[n - 1] == '=') {
269 eof++;
270 if (n > 1 && d[n - 2] == '=')
271 eof++;
272 }
273
274 /* Legacy behaviour: an empty input chunk signals end of input. */
275 if (inl == 0) {
276 rv = 0;
277 goto end;
278 }
279
280 for (i = 0; i < inl; i++) {
281 tmp = *(in++);
282 v = conv_ascii2bin(tmp);
283 if (v == B64_ERROR) {
284 rv = -1;
285 goto end;
286 }
287
288 if (tmp == '=') {
289 eof++;
290 } else if (eof > 0 && B64_BASE64(v)) {
291 /* More data after padding. */
292 rv = -1;
293 goto end;
294 }
295
296 if (eof > 2) {
297 rv = -1;
298 goto end;
299 }
300
301 if (v == B64_EOF) {
302 seof = 1;
303 goto tail;
304 }
305
306 /* Only save valid base64 characters. */
307 if (B64_BASE64(v)) {
308 if (n >= 64) {
309 /*
310 * We increment n once per loop, and empty the
311 * buffer as soon as we reach 64 characters, so
312 * this can only happen if someone's manually
313 * messed with the ctx. Refuse to write any
314 * more data.
315 */
316 rv = -1;
317 goto end;
318 }
319 OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
320 d[n++] = tmp;
321 }
322
323 if (n == 64) {
324 decoded_len = EVP_DecodeBlock(out, d, n);
325 n = 0;
326 if (decoded_len < 0 || eof > decoded_len) {
327 rv = -1;
328 goto end;
329 }
330 ret += decoded_len - eof;
331 out += decoded_len - eof;
332 }
333 }
334
335 /*
336 * Legacy behaviour: if the current line is a full base64-block (i.e.,
337 * has 0 mod 4 base64 characters), it is processed immediately. We keep
338 * this behaviour as applications may not be calling EVP_DecodeFinal
339 * properly.
340 */
341 tail:
342 if (n > 0) {
343 if ((n & 3) == 0) {
344 decoded_len = EVP_DecodeBlock(out, d, n);
345 n = 0;
346 if (decoded_len < 0 || eof > decoded_len) {
347 rv = -1;
348 goto end;
349 }
350 ret += (decoded_len - eof);
351 } else if (seof) {
352 /* EOF in the middle of a base64 block. */
353 rv = -1;
354 goto end;
355 }
356 }
357
358 rv = seof || (n == 0 && eof) ? 0 : 1;
359 end:
360 /* Legacy behaviour. This should probably rather be zeroed on error. */
361 *outl = ret;
362 ctx->num = n;
363 return (rv);
364}
365LCRYPTO_ALIAS(EVP_DecodeUpdate);
366
367int
368EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
369{
370 int i, ret = 0, a, b, c, d;
371 unsigned long l;
372
373 /* trim white space from the start of the line. */
374 while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) {
375 f++;
376 n--;
377 }
378
379 /* strip off stuff at the end of the line
380 * ascii2bin values B64_WS, B64_EOLN, B64_EOLN and B64_EOF */
381 while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1]))))
382 n--;
383
384 if (n % 4 != 0)
385 return (-1);
386
387 for (i = 0; i < n; i += 4) {
388 a = conv_ascii2bin(*(f++));
389 b = conv_ascii2bin(*(f++));
390 c = conv_ascii2bin(*(f++));
391 d = conv_ascii2bin(*(f++));
392 if ((a & 0x80) || (b & 0x80) ||
393 (c & 0x80) || (d & 0x80))
394 return (-1);
395 l = ((((unsigned long)a) << 18L) |
396 (((unsigned long)b) << 12L) |
397 (((unsigned long)c) << 6L) |
398 (((unsigned long)d)));
399 *(t++) = (unsigned char)(l >> 16L) & 0xff;
400 *(t++) = (unsigned char)(l >> 8L) & 0xff;
401 *(t++) = (unsigned char)(l) & 0xff;
402 ret += 3;
403 }
404 return (ret);
405}
406LCRYPTO_ALIAS(EVP_DecodeBlock);
407
408int
409EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
410{
411 int i;
412
413 *outl = 0;
414 if (ctx->num != 0) {
415 i = EVP_DecodeBlock(out, ctx->enc_data, ctx->num);
416 if (i < 0)
417 return (-1);
418 ctx->num = 0;
419 *outl = i;
420 return (1);
421 } else
422 return (1);
423}
424LCRYPTO_ALIAS(EVP_DecodeFinal);
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c
deleted file mode 100644
index a41339c775..0000000000
--- a/src/lib/libcrypto/evp/evp_err.c
+++ /dev/null
@@ -1,169 +0,0 @@
1/* $OpenBSD: evp_err.c,v 1.34 2024/06/24 06:43:22 tb Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <stdio.h>
57
58#include <openssl/opensslconf.h>
59
60#include <openssl/err.h>
61#include <openssl/evp.h>
62
63#include "err_local.h"
64
65#ifndef OPENSSL_NO_ERR
66
67#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0)
68#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason)
69
70static const ERR_STRING_DATA EVP_str_functs[] = {
71 {ERR_FUNC(0xfff), "CRYPTO_internal"},
72 {0, NULL}
73};
74
75static const ERR_STRING_DATA EVP_str_reasons[] = {
76 {ERR_REASON(EVP_R_AES_IV_SETUP_FAILED) , "aes iv setup failed"},
77 {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) , "aes key setup failed"},
78 {ERR_REASON(EVP_R_ASN1_LIB) , "asn1 lib"},
79 {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) , "bad block length"},
80 {ERR_REASON(EVP_R_BAD_DECRYPT) , "bad decrypt"},
81 {ERR_REASON(EVP_R_BAD_KEY_LENGTH) , "bad key length"},
82 {ERR_REASON(EVP_R_BN_DECODE_ERROR) , "bn decode error"},
83 {ERR_REASON(EVP_R_BN_PUBKEY_ERROR) , "bn pubkey error"},
84 {ERR_REASON(EVP_R_BUFFER_TOO_SMALL) , "buffer too small"},
85 {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), "camellia key setup failed"},
86 {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"},
87 {ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED) , "command not supported"},
88 {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) , "ctrl not implemented"},
89 {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED), "ctrl operation not implemented"},
90 {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH), "data not multiple of block length"},
91 {ERR_REASON(EVP_R_DECODE_ERROR) , "decode error"},
92 {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) , "different key types"},
93 {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS) , "different parameters"},
94 {ERR_REASON(EVP_R_DISABLED_FOR_FIPS) , "disabled for fips"},
95 {ERR_REASON(EVP_R_ENCODE_ERROR) , "encode error"},
96 {ERR_REASON(EVP_R_ERROR_LOADING_SECTION) , "error loading section"},
97 {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"},
98 {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR), "evp pbe cipherinit error"},
99 {ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"},
100 {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) , "expecting an rsa key"},
101 {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) , "expecting a dh key"},
102 {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) , "expecting a dsa key"},
103 {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) , "expecting a ecdsa key"},
104 {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) , "expecting a ec key"},
105 {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"},
106 {ERR_REASON(EVP_R_GET_RAW_KEY_FAILED) , "get raw key failed"},
107 {ERR_REASON(EVP_R_INITIALIZATION_ERROR) , "initialization error"},
108 {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) , "input not initialized"},
109 {ERR_REASON(EVP_R_INVALID_DIGEST) , "invalid digest"},
110 {ERR_REASON(EVP_R_INVALID_FIPS_MODE) , "invalid fips mode"},
111 {ERR_REASON(EVP_R_INVALID_IV_LENGTH) , "invalid iv length"},
112 {ERR_REASON(EVP_R_INVALID_KEY_LENGTH) , "invalid key length"},
113 {ERR_REASON(EVP_R_INVALID_OPERATION) , "invalid operation"},
114 {ERR_REASON(EVP_R_IV_TOO_LARGE) , "iv too large"},
115 {ERR_REASON(EVP_R_KEYGEN_FAILURE) , "keygen failure"},
116 {ERR_REASON(EVP_R_KEY_SETUP_FAILED) , "key setup failed"},
117 {ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"},
118 {ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED) , "method not supported"},
119 {ERR_REASON(EVP_R_MISSING_PARAMETERS) , "missing parameters"},
120 {ERR_REASON(EVP_R_NO_CIPHER_SET) , "no cipher set"},
121 {ERR_REASON(EVP_R_NO_DEFAULT_DIGEST) , "no default digest"},
122 {ERR_REASON(EVP_R_NO_DIGEST_SET) , "no digest set"},
123 {ERR_REASON(EVP_R_NO_DSA_PARAMETERS) , "no dsa parameters"},
124 {ERR_REASON(EVP_R_NO_KEY_SET) , "no key set"},
125 {ERR_REASON(EVP_R_NO_OPERATION_SET) , "no operation set"},
126 {ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED), "no sign function configured"},
127 {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED), "no verify function configured"},
128 {ERR_REASON(EVP_R_ONLY_ONESHOT_SUPPORTED), "only oneshot supported"},
129 {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"},
130 {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"},
131 {ERR_REASON(EVP_R_OUTPUT_ALIASES_INPUT) , "output aliases input"},
132 {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), "pkcs8 unknown broken type"},
133 {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"},
134 {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"},
135 {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) , "public key not rsa"},
136 {ERR_REASON(EVP_R_TAG_TOO_LARGE) , "tag too large"},
137 {ERR_REASON(EVP_R_TOO_LARGE) , "too large"},
138 {ERR_REASON(EVP_R_UNKNOWN_CIPHER) , "unknown cipher"},
139 {ERR_REASON(EVP_R_UNKNOWN_DIGEST) , "unknown digest"},
140 {ERR_REASON(EVP_R_UNKNOWN_OPTION) , "unknown option"},
141 {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) , "unknown pbe algorithm"},
142 {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS), "unsuported number of rounds"},
143 {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) , "unsupported algorithm"},
144 {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) , "unsupported cipher"},
145 {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) , "unsupported keylength"},
146 {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION), "unsupported key derivation function"},
147 {ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE) , "unsupported key size"},
148 {ERR_REASON(EVP_R_UNSUPPORTED_PRF) , "unsupported prf"},
149 {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM), "unsupported private key algorithm"},
150 {ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE) , "unsupported salt type"},
151 {ERR_REASON(EVP_R_WRAP_MODE_NOT_ALLOWED), "wrap mode not allowed"},
152 {ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"},
153 {ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) , "wrong public key type"},
154 {0, NULL}
155};
156
157#endif
158
159void
160ERR_load_EVP_strings(void)
161{
162#ifndef OPENSSL_NO_ERR
163 if (ERR_func_error_string(EVP_str_functs[0].error) == NULL) {
164 ERR_load_const_strings(EVP_str_functs);
165 ERR_load_const_strings(EVP_str_reasons);
166 }
167#endif
168}
169LCRYPTO_ALIAS(ERR_load_EVP_strings);
diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c
deleted file mode 100644
index e7c7ec3294..0000000000
--- a/src/lib/libcrypto/evp/evp_key.c
+++ /dev/null
@@ -1,223 +0,0 @@
1/* $OpenBSD: evp_key.c,v 1.36 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61
62#include <openssl/err.h>
63#include <openssl/evp.h>
64#include <openssl/objects.h>
65#include <openssl/ui.h>
66#include <openssl/x509.h>
67
68#include "evp_local.h"
69
70/* should be init to zeros. */
71static char prompt_string[80];
72
73void
74EVP_set_pw_prompt(const char *prompt)
75{
76 if (prompt == NULL)
77 prompt_string[0] = '\0';
78 else
79 strlcpy(prompt_string, prompt, sizeof(prompt_string));
80}
81LCRYPTO_ALIAS(EVP_set_pw_prompt);
82
83char *
84EVP_get_pw_prompt(void)
85{
86 if (prompt_string[0] == '\0')
87 return NULL;
88
89 return prompt_string;
90}
91LCRYPTO_ALIAS(EVP_get_pw_prompt);
92
93int
94EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
95{
96 return EVP_read_pw_string_min(buf, 0, len, prompt, verify);
97}
98LCRYPTO_ALIAS(EVP_read_pw_string);
99
100int
101EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
102 int verify)
103{
104 UI *ui = NULL;
105 char buff[BUFSIZ];
106 int ret = -1;
107
108 if (len > BUFSIZ)
109 len = BUFSIZ;
110 /* Ensure that 0 <= min <= len - 1. In particular, 1 <= len. */
111 if (min < 0 || len - 1 < min)
112 goto err;
113
114 if (prompt == NULL && prompt_string[0] != '\0')
115 prompt = prompt_string;
116
117 if ((ui = UI_new()) == NULL)
118 goto err;
119 if (UI_add_input_string(ui, prompt, 0, buf, min, len - 1) < 0)
120 goto err;
121 if (verify) {
122 if (UI_add_verify_string(ui, prompt, 0, buff, min, len - 1,
123 buf) < 0)
124 goto err;
125 }
126
127 ret = UI_process(ui);
128
129 err:
130 UI_free(ui);
131 explicit_bzero(buff, BUFSIZ);
132
133 return ret;
134}
135LCRYPTO_ALIAS(EVP_read_pw_string_min);
136
137int
138EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
139 const unsigned char *salt, const unsigned char *data, int datal,
140 int count, unsigned char *key, unsigned char *iv)
141{
142 EVP_MD_CTX *md_ctx;
143 unsigned char md_buf[EVP_MAX_MD_SIZE];
144 int niv, nkey, addmd = 0;
145 unsigned int mds = 0, i;
146 int rv = 0;
147
148 nkey = type->key_len;
149 niv = type->iv_len;
150
151 if ((size_t)nkey > EVP_MAX_KEY_LENGTH) {
152 EVPerror(EVP_R_BAD_KEY_LENGTH);
153 return 0;
154 }
155 if ((size_t)niv > EVP_MAX_IV_LENGTH) {
156 EVPerror(EVP_R_IV_TOO_LARGE);
157 return 0;
158 }
159
160 if (data == NULL)
161 return nkey;
162
163 if ((md_ctx = EVP_MD_CTX_new()) == NULL)
164 goto err;
165
166 for (;;) {
167 if (!EVP_DigestInit_ex(md_ctx, md, NULL))
168 goto err;
169 if (addmd++)
170 if (!EVP_DigestUpdate(md_ctx, &(md_buf[0]), mds))
171 goto err;
172 if (!EVP_DigestUpdate(md_ctx, data, datal))
173 goto err;
174 if (salt != NULL)
175 if (!EVP_DigestUpdate(md_ctx, salt, PKCS5_SALT_LEN))
176 goto err;
177 if (!EVP_DigestFinal_ex(md_ctx, &(md_buf[0]), &mds))
178 goto err;
179
180 for (i = 1; i < (unsigned int)count; i++) {
181 if (!EVP_DigestInit_ex(md_ctx, md, NULL))
182 goto err;
183 if (!EVP_DigestUpdate(md_ctx, &(md_buf[0]), mds))
184 goto err;
185 if (!EVP_DigestFinal_ex(md_ctx, &(md_buf[0]), &mds))
186 goto err;
187 }
188 i = 0;
189 if (nkey) {
190 for (;;) {
191 if (nkey == 0)
192 break;
193 if (i == mds)
194 break;
195 if (key != NULL)
196 *(key++) = md_buf[i];
197 nkey--;
198 i++;
199 }
200 }
201 if (niv && (i != mds)) {
202 for (;;) {
203 if (niv == 0)
204 break;
205 if (i == mds)
206 break;
207 if (iv != NULL)
208 *(iv++) = md_buf[i];
209 niv--;
210 i++;
211 }
212 }
213 if ((nkey == 0) && (niv == 0))
214 break;
215 }
216 rv = type->key_len;
217
218err:
219 EVP_MD_CTX_free(md_ctx);
220 explicit_bzero(md_buf, sizeof md_buf);
221 return rv;
222}
223LCRYPTO_ALIAS(EVP_BytesToKey);
diff --git a/src/lib/libcrypto/evp/evp_local.h b/src/lib/libcrypto/evp/evp_local.h
deleted file mode 100644
index 54cd65d0af..0000000000
--- a/src/lib/libcrypto/evp/evp_local.h
+++ /dev/null
@@ -1,373 +0,0 @@
1/* $OpenBSD: evp_local.h,v 1.25 2024/08/29 16:58:19 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#ifndef HEADER_EVP_LOCAL_H
60#define HEADER_EVP_LOCAL_H
61
62__BEGIN_HIDDEN_DECLS
63
64/* XXX - move these to evp.h after unlock. */
65#define EVP_CTRL_GET_IVLEN 0x25
66#define EVP_CIPH_FLAG_CUSTOM_IV_LENGTH 0x400000
67
68#define EVP_CTRL_AEAD_GET_IVLEN EVP_CTRL_GET_IVLEN
69
70/*
71 * Don't free md_ctx->pctx in EVP_MD_CTX_cleanup(). Needed for ownership
72 * handling in EVP_MD_CTX_set_pkey_ctx().
73 */
74#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400
75
76typedef int evp_sign_method(int type, const unsigned char *m,
77 unsigned int m_length, unsigned char *sigret, unsigned int *siglen,
78 void *key);
79typedef int evp_verify_method(int type, const unsigned char *m,
80 unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen,
81 void *key);
82
83struct ecx_key_st {
84 int nid;
85 int key_len;
86 uint8_t *priv_key;
87 size_t priv_key_len;
88 uint8_t *pub_key;
89 size_t pub_key_len;
90};
91
92struct evp_pkey_asn1_method_st {
93 const EVP_PKEY_ASN1_METHOD *base_method;
94 int pkey_id;
95 unsigned long pkey_flags;
96
97 char *pem_str;
98 char *info;
99
100 int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub);
101 int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk);
102 int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
103 int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent,
104 ASN1_PCTX *pctx);
105
106 int (*priv_decode)(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf);
107 int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
108 int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,
109 ASN1_PCTX *pctx);
110
111 int (*pkey_size)(const EVP_PKEY *pk);
112 int (*pkey_bits)(const EVP_PKEY *pk);
113 int (*pkey_security_bits)(const EVP_PKEY *pk);
114
115 int (*signature_info)(const X509_ALGOR *sig_alg, int *out_md_nid,
116 int *out_pkey_nid, int *out_security_bits, uint32_t *out_flags);
117
118 int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder,
119 int derlen);
120 int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder);
121 int (*param_missing)(const EVP_PKEY *pk);
122 int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from);
123 int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
124 int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent,
125 ASN1_PCTX *pctx);
126 int (*sig_print)(BIO *out, const X509_ALGOR *sigalg,
127 const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx);
128
129 void (*pkey_free)(EVP_PKEY *pkey);
130 int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2);
131
132 /* Legacy functions for old PEM */
133
134 int (*old_priv_decode)(EVP_PKEY *pkey, const unsigned char **pder,
135 int derlen);
136 int (*old_priv_encode)(const EVP_PKEY *pkey, unsigned char **pder);
137 /* Custom ASN1 signature verification */
138 int (*item_verify)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
139 X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey);
140 int (*item_sign)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
141 X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig);
142
143 int (*set_priv_key)(EVP_PKEY *pk, const unsigned char *private_key,
144 size_t len);
145 int (*set_pub_key)(EVP_PKEY *pk, const unsigned char *public_key,
146 size_t len);
147 int (*get_priv_key)(const EVP_PKEY *pk, unsigned char *out_private_key,
148 size_t *out_len);
149 int (*get_pub_key)(const EVP_PKEY *pk, unsigned char *out_public_key,
150 size_t *out_len);
151} /* EVP_PKEY_ASN1_METHOD */;
152
153/* Type needs to be a bit field
154 * Sub-type needs to be for variations on the method, as in, can it do
155 * arbitrary encryption.... */
156struct evp_pkey_st {
157 int type;
158 int references;
159 const EVP_PKEY_ASN1_METHOD *ameth;
160 union {
161 void *ptr;
162#ifndef OPENSSL_NO_RSA
163 struct rsa_st *rsa; /* RSA */
164#endif
165#ifndef OPENSSL_NO_DSA
166 struct dsa_st *dsa; /* DSA */
167#endif
168#ifndef OPENSSL_NO_DH
169 struct dh_st *dh; /* DH */
170#endif
171#ifndef OPENSSL_NO_EC
172 struct ec_key_st *ec; /* ECC */
173 struct ecx_key_st *ecx; /* ECX */
174#endif
175 } pkey;
176 int save_parameters;
177} /* EVP_PKEY */;
178
179struct evp_md_st {
180 int type;
181 int pkey_type;
182 int md_size;
183 unsigned long flags;
184 int (*init)(EVP_MD_CTX *ctx);
185 int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
186 int (*final)(EVP_MD_CTX *ctx, unsigned char *md);
187 int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from);
188 int (*cleanup)(EVP_MD_CTX *ctx);
189
190 int block_size;
191 int ctx_size; /* how big does the ctx->md_data need to be */
192 /* control function */
193 int (*md_ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
194} /* EVP_MD */;
195
196struct evp_md_ctx_st {
197 const EVP_MD *digest;
198 unsigned long flags;
199 void *md_data;
200 /* Public key context for sign/verify */
201 EVP_PKEY_CTX *pctx;
202 /* Update function: usually copied from EVP_MD */
203 int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
204} /* EVP_MD_CTX */;
205
206struct evp_cipher_st {
207 int nid;
208 int block_size;
209 int key_len; /* Default value for variable length ciphers */
210 int iv_len;
211 unsigned long flags; /* Various flags */
212 int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
213 const unsigned char *iv, int enc); /* init key */
214 int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
215 const unsigned char *in, size_t inl);/* encrypt/decrypt data */
216 int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
217 int ctx_size; /* how big ctx->cipher_data needs to be */
218 int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */
219 int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */
220 int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */
221} /* EVP_CIPHER */;
222
223struct evp_cipher_ctx_st {
224 const EVP_CIPHER *cipher;
225 int encrypt; /* encrypt or decrypt */
226 int partial_len; /* number of bytes written to buf */
227
228 unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */
229 unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */
230 unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */
231 int num; /* used by cfb/ofb/ctr mode */
232
233 void *app_data; /* application stuff */
234 int key_len; /* May change for variable length cipher */
235 unsigned long flags; /* Various flags */
236 void *cipher_data; /* per EVP data */
237 int final_used;
238 unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */
239} /* EVP_CIPHER_CTX */;
240
241struct evp_Encode_Ctx_st {
242
243 int num; /* number saved in a partial encode/decode */
244 int length; /* The length is either the output line length
245 * (in input bytes) or the shortest input line
246 * length that is ok. Once decoding begins,
247 * the length is adjusted up each time a longer
248 * line is decoded */
249 unsigned char enc_data[80]; /* data to encode */
250 int line_num; /* number read on current line */
251 int expect_nl;
252} /* EVP_ENCODE_CTX */;
253
254#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2))
255
256struct evp_pkey_ctx_st {
257 /* Method associated with this operation */
258 const EVP_PKEY_METHOD *pmeth;
259 /* Key: may be NULL */
260 EVP_PKEY *pkey;
261 /* Peer key for key agreement, may be NULL */
262 EVP_PKEY *peerkey;
263 /* Actual operation */
264 int operation;
265 /* Algorithm specific data */
266 void *data;
267 /* Application specific data */
268 void *app_data;
269 /* Keygen callback */
270 EVP_PKEY_gen_cb *pkey_gencb;
271 /* implementation specific keygen data */
272 int *keygen_info;
273 int keygen_info_count;
274} /* EVP_PKEY_CTX */;
275
276struct evp_pkey_method_st {
277 int pkey_id;
278 int flags;
279
280 int (*init)(EVP_PKEY_CTX *ctx);
281 int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
282 void (*cleanup)(EVP_PKEY_CTX *ctx);
283
284 int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
285
286 int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
287
288 int (*sign_init)(EVP_PKEY_CTX *ctx);
289 int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
290 const unsigned char *tbs, size_t tbslen);
291
292 int (*verify_init)(EVP_PKEY_CTX *ctx);
293 int (*verify)(EVP_PKEY_CTX *ctx,
294 const unsigned char *sig, size_t siglen,
295 const unsigned char *tbs, size_t tbslen);
296
297 int (*verify_recover)(EVP_PKEY_CTX *ctx,
298 unsigned char *rout, size_t *routlen,
299 const unsigned char *sig, size_t siglen);
300
301 int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
302 int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
303 EVP_MD_CTX *mctx);
304
305 int (*encrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
306 const unsigned char *in, size_t inlen);
307
308 int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
309 const unsigned char *in, size_t inlen);
310
311 int (*derive_init)(EVP_PKEY_CTX *ctx);
312 int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
313
314 int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
315 int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value);
316
317 int (*digestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
318 const unsigned char *tbs, size_t tbslen);
319 int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
320 size_t siglen, const unsigned char *tbs, size_t tbslen);
321} /* EVP_PKEY_METHOD */;
322
323void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
324
325/* EVP_AEAD represents a specific AEAD algorithm. */
326struct evp_aead_st {
327 unsigned char key_len;
328 unsigned char nonce_len;
329 unsigned char overhead;
330 unsigned char max_tag_len;
331
332 int (*init)(struct evp_aead_ctx_st*, const unsigned char *key,
333 size_t key_len, size_t tag_len);
334 void (*cleanup)(struct evp_aead_ctx_st*);
335
336 int (*seal)(const struct evp_aead_ctx_st *ctx, unsigned char *out,
337 size_t *out_len, size_t max_out_len, const unsigned char *nonce,
338 size_t nonce_len, const unsigned char *in, size_t in_len,
339 const unsigned char *ad, size_t ad_len);
340
341 int (*open)(const struct evp_aead_ctx_st *ctx, unsigned char *out,
342 size_t *out_len, size_t max_out_len, const unsigned char *nonce,
343 size_t nonce_len, const unsigned char *in, size_t in_len,
344 const unsigned char *ad, size_t ad_len);
345};
346
347/* An EVP_AEAD_CTX represents an AEAD algorithm configured with a specific key
348 * and message-independent IV. */
349struct evp_aead_ctx_st {
350 const EVP_AEAD *aead;
351 /* aead_state is an opaque pointer to the AEAD specific state. */
352 void *aead_state;
353};
354
355/* Legacy EVP_CIPHER methods used by CMS and its predecessors. */
356int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *cipher, ASN1_TYPE *type);
357int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *cipher, ASN1_TYPE *type);
358int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *cipher, ASN1_TYPE *type);
359int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *cipher, ASN1_TYPE *type);
360
361int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
362 ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
363
364int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str);
365int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex);
366int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md_name);
367
368void EVP_CIPHER_CTX_legacy_clear(EVP_CIPHER_CTX *ctx);
369void EVP_MD_CTX_legacy_clear(EVP_MD_CTX *ctx);
370
371__END_HIDDEN_DECLS
372
373#endif /* !HEADER_EVP_LOCAL_H */
diff --git a/src/lib/libcrypto/evp/evp_names.c b/src/lib/libcrypto/evp/evp_names.c
deleted file mode 100644
index 817d33602c..0000000000
--- a/src/lib/libcrypto/evp/evp_names.c
+++ /dev/null
@@ -1,1691 +0,0 @@
1/* $OpenBSD: evp_names.c,v 1.18 2024/08/31 10:38:49 tb Exp $ */
2/*
3 * Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/err.h>
19#include <openssl/evp.h>
20#include <openssl/objects.h>
21
22#include <stdlib.h>
23#include <string.h>
24
25/*
26 * In the following two structs, .name is the lookup name that is used
27 * for EVP_get_cipherbyname() and EVP_get_digestbyname(), while .alias
28 * keeps track of the aliased name.
29 */
30
31struct cipher_name {
32 const char *name;
33 const EVP_CIPHER *(*cipher)(void);
34 const char *alias;
35};
36
37struct digest_name {
38 const char *name;
39 const EVP_MD *(*digest)(void);
40 const char *alias;
41};
42
43/*
44 * Keep this table alphabetically sorted by increasing .name.
45 * regress/lib/libcrypto/evp/evp_test.c checks that.
46 */
47
48static const struct cipher_name cipher_names[] = {
49 {
50 .name = SN_aes_128_cbc,
51 .cipher = EVP_aes_128_cbc,
52 },
53 {
54 .name = SN_aes_128_cfb128,
55 .cipher = EVP_aes_128_cfb128,
56 },
57 {
58 .name = SN_aes_128_cfb1,
59 .cipher = EVP_aes_128_cfb1,
60 },
61 {
62 .name = SN_aes_128_cfb8,
63 .cipher = EVP_aes_128_cfb8,
64 },
65 {
66 .name = SN_aes_128_ctr,
67 .cipher = EVP_aes_128_ctr,
68 },
69 {
70 .name = SN_aes_128_ecb,
71 .cipher = EVP_aes_128_ecb,
72 },
73 {
74 .name = SN_aes_128_ofb128,
75 .cipher = EVP_aes_128_ofb,
76 },
77 {
78 .name = SN_aes_128_xts,
79 .cipher = EVP_aes_128_xts,
80 },
81
82 {
83 .name = SN_aes_192_cbc,
84 .cipher = EVP_aes_192_cbc,
85 },
86 {
87 .name = SN_aes_192_cfb128,
88 .cipher = EVP_aes_192_cfb128,
89 },
90 {
91 .name = SN_aes_192_cfb1,
92 .cipher = EVP_aes_192_cfb1,
93 },
94 {
95 .name = SN_aes_192_cfb8,
96 .cipher = EVP_aes_192_cfb8,
97 },
98 {
99 .name = SN_aes_192_ctr,
100 .cipher = EVP_aes_192_ctr,
101 },
102 {
103 .name = SN_aes_192_ecb,
104 .cipher = EVP_aes_192_ecb,
105 },
106 {
107 .name = SN_aes_192_ofb128,
108 .cipher = EVP_aes_192_ofb,
109 },
110
111 {
112 .name = SN_aes_256_cbc,
113 .cipher = EVP_aes_256_cbc,
114 },
115 {
116 .name = SN_aes_256_cfb128,
117 .cipher = EVP_aes_256_cfb128,
118 },
119 {
120 .name = SN_aes_256_cfb1,
121 .cipher = EVP_aes_256_cfb1,
122 },
123 {
124 .name = SN_aes_256_cfb8,
125 .cipher = EVP_aes_256_cfb8,
126 },
127 {
128 .name = SN_aes_256_ctr,
129 .cipher = EVP_aes_256_ctr,
130 },
131 {
132 .name = SN_aes_256_ecb,
133 .cipher = EVP_aes_256_ecb,
134 },
135 {
136 .name = SN_aes_256_ofb128,
137 .cipher = EVP_aes_256_ofb,
138 },
139 {
140 .name = SN_aes_256_xts,
141 .cipher = EVP_aes_256_xts,
142 },
143
144 {
145 .name = "AES128",
146 .cipher = EVP_aes_128_cbc,
147 .alias = SN_aes_128_cbc,
148 },
149 {
150 .name = "AES192",
151 .cipher = EVP_aes_192_cbc,
152 .alias = SN_aes_192_cbc,
153 },
154 {
155 .name = "AES256",
156 .cipher = EVP_aes_256_cbc,
157 .alias = SN_aes_256_cbc,
158 },
159
160 {
161 .name = "BF",
162 .cipher = EVP_bf_cbc,
163 .alias = SN_bf_cbc,
164 },
165
166 {
167 .name = SN_bf_cbc,
168 .cipher = EVP_bf_cbc,
169 },
170 {
171 .name = SN_bf_cfb64,
172 .cipher = EVP_bf_cfb64,
173 },
174 {
175 .name = SN_bf_ecb,
176 .cipher = EVP_bf_ecb,
177 },
178 {
179 .name = SN_bf_ofb64,
180 .cipher = EVP_bf_ofb,
181 },
182
183 {
184 .name = SN_camellia_128_cbc,
185 .cipher = EVP_camellia_128_cbc,
186 },
187 {
188 .name = SN_camellia_128_cfb128,
189 .cipher = EVP_camellia_128_cfb128,
190 },
191 {
192 .name = SN_camellia_128_cfb1,
193 .cipher = EVP_camellia_128_cfb1,
194 },
195 {
196 .name = SN_camellia_128_cfb8,
197 .cipher = EVP_camellia_128_cfb8,
198 },
199 {
200 .name = SN_camellia_128_ecb,
201 .cipher = EVP_camellia_128_ecb,
202 },
203 {
204 .name = SN_camellia_128_ofb128,
205 .cipher = EVP_camellia_128_ofb,
206 },
207
208 {
209 .name = SN_camellia_192_cbc,
210 .cipher = EVP_camellia_192_cbc,
211 },
212 {
213 .name = SN_camellia_192_cfb128,
214 .cipher = EVP_camellia_192_cfb128,
215 },
216 {
217 .name = SN_camellia_192_cfb1,
218 .cipher = EVP_camellia_192_cfb1,
219 },
220 {
221 .name = SN_camellia_192_cfb8,
222 .cipher = EVP_camellia_192_cfb8,
223 },
224 {
225 .name = SN_camellia_192_ecb,
226 .cipher = EVP_camellia_192_ecb,
227 },
228 {
229 .name = SN_camellia_192_ofb128,
230 .cipher = EVP_camellia_192_ofb,
231 },
232
233 {
234 .name = SN_camellia_256_cbc,
235 .cipher = EVP_camellia_256_cbc,
236 },
237 {
238 .name = SN_camellia_256_cfb128,
239 .cipher = EVP_camellia_256_cfb128,
240 },
241 {
242 .name = SN_camellia_256_cfb1,
243 .cipher = EVP_camellia_256_cfb1,
244 },
245 {
246 .name = SN_camellia_256_cfb8,
247 .cipher = EVP_camellia_256_cfb8,
248 },
249 {
250 .name = SN_camellia_256_ecb,
251 .cipher = EVP_camellia_256_ecb,
252 },
253 {
254 .name = SN_camellia_256_ofb128,
255 .cipher = EVP_camellia_256_ofb,
256 },
257
258 {
259 .name = "CAMELLIA128",
260 .cipher = EVP_camellia_128_cbc,
261 .alias = SN_camellia_128_cbc,
262 },
263 {
264 .name = "CAMELLIA192",
265 .cipher = EVP_camellia_192_cbc,
266 .alias = SN_camellia_192_cbc,
267 },
268 {
269 .name = "CAMELLIA256",
270 .cipher = EVP_camellia_256_cbc,
271 .alias = SN_camellia_256_cbc,
272 },
273
274 {
275 .name = "CAST",
276 .cipher = EVP_cast5_cbc,
277 .alias = SN_cast5_cbc,
278 },
279 {
280 .name = "CAST-cbc",
281 .cipher = EVP_cast5_cbc,
282 .alias = SN_cast5_cbc,
283 },
284
285 {
286 .name = SN_cast5_cbc,
287 .cipher = EVP_cast5_cbc,
288 },
289 {
290 .name = SN_cast5_cfb64,
291 .cipher = EVP_cast5_cfb,
292 },
293 {
294 .name = SN_cast5_ecb,
295 .cipher = EVP_cast5_ecb,
296 },
297 {
298 .name = SN_cast5_ofb64,
299 .cipher = EVP_cast5_ofb,
300 },
301
302 {
303 .name = SN_chacha20,
304 .cipher = EVP_chacha20,
305 },
306 {
307 .name = "ChaCha20",
308 .cipher = EVP_chacha20,
309 .alias = SN_chacha20,
310 },
311
312 {
313 .name = SN_chacha20_poly1305,
314 .cipher = EVP_chacha20_poly1305,
315 },
316
317 {
318 .name = "DES",
319 .cipher = EVP_des_cbc,
320 .alias = SN_des_cbc,
321 },
322
323 {
324 .name = SN_des_cbc,
325 .cipher = EVP_des_cbc,
326 },
327 {
328 .name = SN_des_cfb64,
329 .cipher = EVP_des_cfb64,
330 },
331 {
332 .name = SN_des_cfb1,
333 .cipher = EVP_des_cfb1,
334 },
335 {
336 .name = SN_des_cfb8,
337 .cipher = EVP_des_cfb8,
338 },
339 {
340 .name = SN_des_ecb,
341 .cipher = EVP_des_ecb,
342 },
343 {
344 .name = SN_des_ede_ecb,
345 .cipher = EVP_des_ede,
346 },
347 {
348 .name = SN_des_ede_cbc,
349 .cipher = EVP_des_ede_cbc,
350 },
351 {
352 .name = SN_des_ede_cfb64,
353 .cipher = EVP_des_ede_cfb64,
354 },
355 {
356 .name = SN_des_ede_ofb64,
357 .cipher = EVP_des_ede_ofb,
358 },
359 {
360 .name = SN_des_ede3_ecb,
361 .cipher = EVP_des_ede3_ecb,
362 },
363 {
364 .name = SN_des_ede3_cbc,
365 .cipher = EVP_des_ede3_cbc,
366 },
367 {
368 .name = SN_des_ede3_cfb64,
369 .cipher = EVP_des_ede3_cfb,
370 },
371 {
372 .name = SN_des_ede3_cfb1,
373 .cipher = EVP_des_ede3_cfb1,
374 },
375 {
376 .name = SN_des_ede3_cfb8,
377 .cipher = EVP_des_ede3_cfb8,
378 },
379 {
380 .name = SN_des_ede3_ofb64,
381 .cipher = EVP_des_ede3_ofb,
382 },
383 {
384 .name = SN_des_ofb64,
385 .cipher = EVP_des_ofb,
386 },
387
388 {
389 .name = "DES3",
390 .cipher = EVP_des_ede3_cbc,
391 .alias = SN_des_ede3_cbc,
392 },
393
394 {
395 .name = "DESX",
396 .cipher = EVP_desx_cbc,
397 .alias = SN_desx_cbc,
398 },
399 {
400 .name = SN_desx_cbc,
401 .cipher = EVP_desx_cbc,
402 },
403
404 {
405 .name = "IDEA",
406 .cipher = EVP_idea_cbc,
407 .alias = SN_idea_cbc,
408 },
409
410 {
411 .name = SN_idea_cbc,
412 .cipher = EVP_idea_cbc,
413 },
414 {
415 .name = SN_idea_cfb64,
416 .cipher = EVP_idea_cfb64,
417 },
418 {
419 .name = SN_idea_ecb,
420 .cipher = EVP_idea_ecb,
421 },
422 {
423 .name = SN_idea_ofb64,
424 .cipher = EVP_idea_ofb,
425 },
426
427 {
428 .name = "RC2",
429 .cipher = EVP_rc2_cbc,
430 .alias = SN_rc2_cbc,
431 },
432
433 {
434 .name = SN_rc2_40_cbc,
435 .cipher = EVP_rc2_40_cbc,
436 },
437 {
438 .name = SN_rc2_64_cbc,
439 .cipher = EVP_rc2_64_cbc,
440 },
441 {
442 .name = SN_rc2_cbc,
443 .cipher = EVP_rc2_cbc,
444 },
445 {
446 .name = SN_rc2_cfb64,
447 .cipher = EVP_rc2_cfb64,
448 },
449 {
450 .name = SN_rc2_ecb,
451 .cipher = EVP_rc2_ecb,
452 },
453 {
454 .name = SN_rc2_ofb64,
455 .cipher = EVP_rc2_ofb,
456 },
457
458 {
459 .name = SN_rc4,
460 .cipher = EVP_rc4,
461 },
462 {
463 .name = SN_rc4_40,
464 .cipher = EVP_rc4_40,
465 },
466
467 {
468 .name = "SM4",
469 .cipher = EVP_sm4_cbc,
470 .alias = SN_sm4_cbc,
471 },
472
473 {
474 .name = SN_sm4_cbc,
475 .cipher = EVP_sm4_cbc,
476 },
477 {
478 .name = SN_sm4_cfb128,
479 .cipher = EVP_sm4_cfb128,
480 },
481 {
482 .name = SN_sm4_ctr,
483 .cipher = EVP_sm4_ctr,
484 },
485 {
486 .name = SN_sm4_ecb,
487 .cipher = EVP_sm4_ecb,
488 },
489 {
490 .name = SN_sm4_ofb128,
491 .cipher = EVP_sm4_ofb,
492 },
493
494 {
495 .name = LN_aes_128_cbc,
496 .cipher = EVP_aes_128_cbc,
497 },
498 {
499 .name = LN_aes_128_ccm,
500 .cipher = EVP_aes_128_ccm,
501 },
502 {
503 .name = LN_aes_128_cfb128,
504 .cipher = EVP_aes_128_cfb128,
505 },
506 {
507 .name = LN_aes_128_cfb1,
508 .cipher = EVP_aes_128_cfb1,
509 },
510 {
511 .name = LN_aes_128_cfb8,
512 .cipher = EVP_aes_128_cfb8,
513 },
514 {
515 .name = LN_aes_128_ctr,
516 .cipher = EVP_aes_128_ctr,
517 },
518 {
519 .name = LN_aes_128_ecb,
520 .cipher = EVP_aes_128_ecb,
521 },
522 {
523 .name = LN_aes_128_gcm,
524 .cipher = EVP_aes_128_gcm,
525 },
526 {
527 .name = LN_aes_128_ofb128,
528 .cipher = EVP_aes_128_ofb,
529 },
530 {
531 .name = LN_aes_128_xts,
532 .cipher = EVP_aes_128_xts,
533 },
534
535 {
536 .name = LN_aes_192_cbc,
537 .cipher = EVP_aes_192_cbc,
538 },
539 {
540 .name = LN_aes_192_ccm,
541 .cipher = EVP_aes_192_ccm,
542 },
543 {
544 .name = LN_aes_192_cfb128,
545 .cipher = EVP_aes_192_cfb128,
546 },
547 {
548 .name = LN_aes_192_cfb1,
549 .cipher = EVP_aes_192_cfb1,
550 },
551 {
552 .name = LN_aes_192_cfb8,
553 .cipher = EVP_aes_192_cfb8,
554 },
555 {
556 .name = LN_aes_192_ctr,
557 .cipher = EVP_aes_192_ctr,
558 },
559 {
560 .name = LN_aes_192_ecb,
561 .cipher = EVP_aes_192_ecb,
562 },
563 {
564 .name = LN_aes_192_gcm,
565 .cipher = EVP_aes_192_gcm,
566 },
567 {
568 .name = LN_aes_192_ofb128,
569 .cipher = EVP_aes_192_ofb,
570 },
571
572 {
573 .name = LN_aes_256_cbc,
574 .cipher = EVP_aes_256_cbc,
575 },
576 {
577 .name = LN_aes_256_ccm,
578 .cipher = EVP_aes_256_ccm,
579 },
580 {
581 .name = LN_aes_256_cfb128,
582 .cipher = EVP_aes_256_cfb128,
583 },
584 {
585 .name = LN_aes_256_cfb1,
586 .cipher = EVP_aes_256_cfb1,
587 },
588 {
589 .name = LN_aes_256_cfb8,
590 .cipher = EVP_aes_256_cfb8,
591 },
592 {
593 .name = LN_aes_256_ctr,
594 .cipher = EVP_aes_256_ctr,
595 },
596 {
597 .name = LN_aes_256_ecb,
598 .cipher = EVP_aes_256_ecb,
599 },
600 {
601 .name = LN_aes_256_gcm,
602 .cipher = EVP_aes_256_gcm,
603 },
604 {
605 .name = LN_aes_256_ofb128,
606 .cipher = EVP_aes_256_ofb,
607 },
608 {
609 .name = LN_aes_256_xts,
610 .cipher = EVP_aes_256_xts,
611 },
612
613 {
614 .name = "aes128",
615 .cipher = EVP_aes_128_cbc,
616 .alias = SN_aes_128_cbc,
617 },
618 {
619 .name = "aes192",
620 .cipher = EVP_aes_192_cbc,
621 .alias = SN_aes_192_cbc,
622 },
623 {
624 .name = "aes256",
625 .cipher = EVP_aes_256_cbc,
626 .alias = SN_aes_256_cbc,
627 },
628
629 {
630 .name = "bf",
631 .cipher = EVP_bf_cbc,
632 .alias = SN_bf_cbc,
633 },
634
635 {
636 .name = LN_bf_cbc,
637 .cipher = EVP_bf_cbc,
638 },
639 {
640 .name = LN_bf_cfb64,
641 .cipher = EVP_bf_cfb64,
642 },
643 {
644 .name = LN_bf_ecb,
645 .cipher = EVP_bf_ecb,
646 },
647 {
648 .name = LN_bf_ofb64,
649 .cipher = EVP_bf_ofb,
650 },
651
652 {
653 .name = "blowfish",
654 .cipher = EVP_bf_cbc,
655 .alias = SN_bf_cbc,
656 },
657
658 {
659 .name = LN_camellia_128_cbc,
660 .cipher = EVP_camellia_128_cbc,
661 },
662 {
663 .name = LN_camellia_128_cfb128,
664 .cipher = EVP_camellia_128_cfb128,
665 },
666 {
667 .name = LN_camellia_128_cfb1,
668 .cipher = EVP_camellia_128_cfb1,
669 },
670 {
671 .name = LN_camellia_128_cfb8,
672 .cipher = EVP_camellia_128_cfb8,
673 },
674 {
675 .name = LN_camellia_128_ecb,
676 .cipher = EVP_camellia_128_ecb,
677 },
678 {
679 .name = LN_camellia_128_ofb128,
680 .cipher = EVP_camellia_128_ofb,
681 },
682
683 {
684 .name = LN_camellia_192_cbc,
685 .cipher = EVP_camellia_192_cbc,
686 },
687 {
688 .name = LN_camellia_192_cfb128,
689 .cipher = EVP_camellia_192_cfb128,
690 },
691 {
692 .name = LN_camellia_192_cfb1,
693 .cipher = EVP_camellia_192_cfb1,
694 },
695 {
696 .name = LN_camellia_192_cfb8,
697 .cipher = EVP_camellia_192_cfb8,
698 },
699 {
700 .name = LN_camellia_192_ecb,
701 .cipher = EVP_camellia_192_ecb,
702 },
703 {
704 .name = LN_camellia_192_ofb128,
705 .cipher = EVP_camellia_192_ofb,
706 },
707
708 {
709 .name = LN_camellia_256_cbc,
710 .cipher = EVP_camellia_256_cbc,
711 },
712 {
713 .name = LN_camellia_256_cfb128,
714 .cipher = EVP_camellia_256_cfb128,
715 },
716 {
717 .name = LN_camellia_256_cfb1,
718 .cipher = EVP_camellia_256_cfb1,
719 },
720 {
721 .name = LN_camellia_256_cfb8,
722 .cipher = EVP_camellia_256_cfb8,
723 },
724 {
725 .name = LN_camellia_256_ecb,
726 .cipher = EVP_camellia_256_ecb,
727 },
728 {
729 .name = LN_camellia_256_ofb128,
730 .cipher = EVP_camellia_256_ofb,
731 },
732
733 {
734 .name = "camellia128",
735 .cipher = EVP_camellia_128_cbc,
736 .alias = SN_camellia_128_cbc,
737 },
738 {
739 .name = "camellia192",
740 .cipher = EVP_camellia_192_cbc,
741 .alias = SN_camellia_192_cbc,
742 },
743 {
744 .name = "camellia256",
745 .cipher = EVP_camellia_256_cbc,
746 .alias = SN_camellia_256_cbc,
747 },
748
749 {
750 .name = "cast",
751 .cipher = EVP_cast5_cbc,
752 .alias = SN_cast5_cbc,
753 },
754 {
755 .name = "cast-cbc",
756 .cipher = EVP_cast5_cbc,
757 .alias = SN_cast5_cbc,
758 },
759
760 {
761 .name = LN_cast5_cbc,
762 .cipher = EVP_cast5_cbc,
763 },
764 {
765 .name = LN_cast5_cfb64,
766 .cipher = EVP_cast5_cfb,
767 },
768 {
769 .name = LN_cast5_ecb,
770 .cipher = EVP_cast5_ecb,
771 },
772 {
773 .name = LN_cast5_ofb64,
774 .cipher = EVP_cast5_ofb,
775 },
776
777 {
778 .name = LN_chacha20,
779 .cipher = EVP_chacha20,
780 },
781 {
782 .name = "chacha20",
783 .cipher = EVP_chacha20,
784 .alias = LN_chacha20,
785 },
786
787 {
788 .name = LN_chacha20_poly1305,
789 .cipher = EVP_chacha20_poly1305,
790 },
791
792 {
793 .name = "des",
794 .cipher = EVP_des_cbc,
795 .alias = SN_des_cbc,
796 },
797
798 {
799 .name = LN_des_cbc,
800 .cipher = EVP_des_cbc,
801 },
802 {
803 .name = LN_des_cfb64,
804 .cipher = EVP_des_cfb64,
805 },
806 {
807 .name = LN_des_cfb1,
808 .cipher = EVP_des_cfb1,
809 },
810 {
811 .name = LN_des_cfb8,
812 .cipher = EVP_des_cfb8,
813 },
814 {
815 .name = LN_des_ecb,
816 .cipher = EVP_des_ecb,
817 },
818 {
819 .name = LN_des_ede_ecb,
820 .cipher = EVP_des_ede,
821 },
822 {
823 .name = LN_des_ede_cbc,
824 .cipher = EVP_des_ede_cbc,
825 },
826 {
827 .name = LN_des_ede_cfb64,
828 .cipher = EVP_des_ede_cfb64,
829 },
830 {
831 .name = LN_des_ede_ofb64,
832 .cipher = EVP_des_ede_ofb,
833 },
834 {
835 .name = LN_des_ede3_ecb,
836 .cipher = EVP_des_ede3_ecb,
837 },
838 {
839 .name = LN_des_ede3_cbc,
840 .cipher = EVP_des_ede3_cbc,
841 },
842 {
843 .name = LN_des_ede3_cfb64,
844 .cipher = EVP_des_ede3_cfb,
845 },
846 {
847 .name = LN_des_ede3_cfb1,
848 .cipher = EVP_des_ede3_cfb1,
849 },
850 {
851 .name = LN_des_ede3_cfb8,
852 .cipher = EVP_des_ede3_cfb8,
853 },
854 {
855 .name = LN_des_ede3_ofb64,
856 .cipher = EVP_des_ede3_ofb,
857 },
858 {
859 .name = LN_des_ofb64,
860 .cipher = EVP_des_ofb,
861 },
862
863 {
864 .name = "des3",
865 .cipher = EVP_des_ede3_cbc,
866 .alias = SN_des_ede3_cbc,
867 },
868
869 {
870 .name = "desx",
871 .cipher = EVP_desx_cbc,
872 .alias = SN_desx_cbc,
873 },
874 {
875 .name = LN_desx_cbc,
876 .cipher = EVP_desx_cbc,
877 },
878
879 {
880 .name = SN_aes_128_ccm,
881 .cipher = EVP_aes_128_ccm,
882 },
883 {
884 .name = SN_aes_128_gcm,
885 .cipher = EVP_aes_128_gcm,
886 },
887 {
888 .name = SN_id_aes128_wrap,
889 .cipher = EVP_aes_128_wrap,
890 },
891
892 {
893 .name = SN_aes_192_ccm,
894 .cipher = EVP_aes_192_ccm,
895 },
896 {
897 .name = SN_aes_192_gcm,
898 .cipher = EVP_aes_192_gcm,
899 },
900 {
901 .name = SN_id_aes192_wrap,
902 .cipher = EVP_aes_192_wrap,
903 },
904
905 {
906 .name = SN_aes_256_ccm,
907 .cipher = EVP_aes_256_ccm,
908 },
909 {
910 .name = SN_aes_256_gcm,
911 .cipher = EVP_aes_256_gcm,
912 },
913 {
914 .name = SN_id_aes256_wrap,
915 .cipher = EVP_aes_256_wrap,
916 },
917
918 {
919 .name = "idea",
920 .cipher = EVP_idea_cbc,
921 .alias = SN_idea_cbc,
922 },
923
924 {
925 .name = LN_idea_cbc,
926 .cipher = EVP_idea_cbc,
927 },
928 {
929 .name = LN_idea_cfb64,
930 .cipher = EVP_idea_cfb64,
931 },
932 {
933 .name = LN_idea_ecb,
934 .cipher = EVP_idea_ecb,
935 },
936 {
937 .name = LN_idea_ofb64,
938 .cipher = EVP_idea_ofb,
939 },
940
941 {
942 .name = "rc2",
943 .cipher = EVP_rc2_cbc,
944 .alias = SN_rc2_cbc,
945 },
946
947 {
948 .name = LN_rc2_40_cbc,
949 .cipher = EVP_rc2_40_cbc,
950 },
951 {
952 .name = LN_rc2_64_cbc,
953 .cipher = EVP_rc2_64_cbc,
954 },
955 {
956 .name = LN_rc2_cbc,
957 .cipher = EVP_rc2_cbc,
958 },
959 {
960 .name = LN_rc2_cfb64,
961 .cipher = EVP_rc2_cfb64,
962 },
963 {
964 .name = LN_rc2_ecb,
965 .cipher = EVP_rc2_ecb,
966 },
967 {
968 .name = LN_rc2_ofb64,
969 .cipher = EVP_rc2_ofb,
970 },
971
972 {
973 .name = LN_rc4,
974 .cipher = EVP_rc4,
975 },
976 {
977 .name = LN_rc4_40,
978 .cipher = EVP_rc4_40,
979 },
980
981 {
982 .name = "sm4",
983 .cipher = EVP_sm4_cbc,
984 .alias = SN_sm4_cbc,
985 },
986
987 {
988 .name = LN_sm4_cbc,
989 .cipher = EVP_sm4_cbc,
990 },
991 {
992 .name = LN_sm4_cfb128,
993 .cipher = EVP_sm4_cfb128,
994 },
995 {
996 .name = LN_sm4_ctr,
997 .cipher = EVP_sm4_ctr,
998 },
999 {
1000 .name = LN_sm4_ecb,
1001 .cipher = EVP_sm4_ecb,
1002 },
1003 {
1004 .name = LN_sm4_ofb128,
1005 .cipher = EVP_sm4_ofb,
1006 },
1007};
1008
1009#define N_CIPHER_NAMES (sizeof(cipher_names) / sizeof(cipher_names[0]))
1010
1011/*
1012 * Keep this table alphabetically sorted by increasing .name.
1013 * regress/lib/libcrypto/evp/evp_test.c checks that.
1014 */
1015
1016static const struct digest_name digest_names[] = {
1017 {
1018 .name = SN_dsaWithSHA1,
1019 .digest = EVP_sha1,
1020 .alias = SN_sha1,
1021 },
1022
1023 {
1024 .name = SN_md4,
1025 .digest = EVP_md4,
1026 },
1027
1028 {
1029 .name = SN_md5,
1030 .digest = EVP_md5,
1031 },
1032
1033 {
1034 .name = SN_md5_sha1,
1035 .digest = EVP_md5_sha1,
1036 },
1037
1038 {
1039 .name = SN_ripemd160,
1040 .digest = EVP_ripemd160,
1041 },
1042
1043 {
1044 .name = SN_md4WithRSAEncryption,
1045 .digest = EVP_md4,
1046 .alias = SN_md4,
1047 },
1048 {
1049 .name = SN_md5WithRSAEncryption,
1050 .digest = EVP_md5,
1051 .alias = SN_md5,
1052 },
1053 {
1054 .name = SN_ripemd160WithRSA,
1055 .digest = EVP_ripemd160,
1056 .alias = SN_ripemd160,
1057 },
1058 {
1059 .name = SN_sha1WithRSAEncryption,
1060 .digest = EVP_sha1,
1061 .alias = SN_sha1,
1062 },
1063 {
1064 .name = SN_sha1WithRSA,
1065 .digest = EVP_sha1,
1066 .alias = SN_sha1, /* XXX - alias to SN_sha1WithRSAEncryption? */
1067 },
1068 {
1069 .name = SN_sha224WithRSAEncryption,
1070 .digest = EVP_sha224,
1071 .alias = SN_sha224,
1072 },
1073 {
1074 .name = SN_sha256WithRSAEncryption,
1075 .digest = EVP_sha256,
1076 .alias = SN_sha256,
1077 },
1078 {
1079 .name = LN_RSA_SHA3_224,
1080 .digest = EVP_sha3_224,
1081 .alias = SN_sha3_224,
1082 },
1083 {
1084 .name = LN_RSA_SHA3_256,
1085 .digest = EVP_sha3_256,
1086 .alias = SN_sha3_256,
1087 },
1088 {
1089 .name = LN_RSA_SHA3_384,
1090 .digest = EVP_sha3_384,
1091 .alias = SN_sha3_384,
1092 },
1093 {
1094 .name = LN_RSA_SHA3_512,
1095 .digest = EVP_sha3_512,
1096 .alias = SN_sha3_512,
1097 },
1098 {
1099 .name = SN_sha384WithRSAEncryption,
1100 .digest = EVP_sha384,
1101 .alias = SN_sha384,
1102 },
1103 {
1104 .name = SN_sha512WithRSAEncryption,
1105 .digest = EVP_sha512,
1106 .alias = SN_sha512,
1107 },
1108 {
1109 .name = SN_sha512_224WithRSAEncryption,
1110 .digest = EVP_sha512_224,
1111 .alias = SN_sha512_224,
1112 },
1113 {
1114 .name = SN_sha512_256WithRSAEncryption,
1115 .digest = EVP_sha512_256,
1116 .alias = SN_sha512_256,
1117 },
1118 {
1119 .name = SN_sm3WithRSAEncryption,
1120 .digest = EVP_sm3,
1121 .alias = SN_sm3,
1122 },
1123
1124 {
1125 .name = SN_sha1,
1126 .digest = EVP_sha1,
1127 },
1128 {
1129 .name = SN_sha224,
1130 .digest = EVP_sha224,
1131 },
1132 {
1133 .name = SN_sha256,
1134 .digest = EVP_sha256,
1135 },
1136 {
1137 .name = SN_sha3_224,
1138 .digest = EVP_sha3_224,
1139 },
1140 {
1141 .name = SN_sha3_256,
1142 .digest = EVP_sha3_256,
1143 },
1144 {
1145 .name = SN_sha3_384,
1146 .digest = EVP_sha3_384,
1147 },
1148 {
1149 .name = SN_sha3_512,
1150 .digest = EVP_sha3_512,
1151 },
1152
1153 {
1154 .name = SN_sha384,
1155 .digest = EVP_sha384,
1156 },
1157 {
1158 .name = SN_sha512,
1159 .digest = EVP_sha512,
1160 },
1161 {
1162 .name = SN_sha512_224,
1163 .digest = EVP_sha512_224,
1164 },
1165 {
1166 .name = SN_sha512_256,
1167 .digest = EVP_sha512_256,
1168 },
1169
1170 {
1171 .name = SN_sm3,
1172 .digest = EVP_sm3,
1173 },
1174
1175 {
1176 .name = LN_dsaWithSHA1,
1177 .digest = EVP_sha1,
1178 .alias = SN_sha1,
1179 },
1180
1181 {
1182 .name = LN_dsa_with_SHA224,
1183 .digest = EVP_sha224,
1184 .alias = SN_sha224,
1185 },
1186 {
1187 .name = LN_dsa_with_SHA256,
1188 .digest = EVP_sha256,
1189 .alias = SN_sha256,
1190 },
1191 {
1192 .name = LN_dsa_with_SHA384,
1193 .digest = EVP_sha384,
1194 .alias = SN_sha384,
1195 },
1196 {
1197 .name = LN_dsa_with_SHA512,
1198 .digest = EVP_sha512,
1199 .alias = SN_sha512,
1200 },
1201
1202 {
1203 .name = SN_ecdsa_with_SHA1,
1204 .digest = EVP_sha1,
1205 .alias = SN_sha1,
1206 },
1207
1208 {
1209 .name = SN_ecdsa_with_SHA224,
1210 .digest = EVP_sha224,
1211 .alias = SN_sha224,
1212 },
1213 {
1214 .name = SN_ecdsa_with_SHA256,
1215 .digest = EVP_sha256,
1216 .alias = SN_sha256,
1217 },
1218 {
1219 .name = SN_ecdsa_with_SHA384,
1220 .digest = EVP_sha384,
1221 .alias = SN_sha384,
1222 },
1223 {
1224 .name = SN_ecdsa_with_SHA512,
1225 .digest = EVP_sha512,
1226 .alias = SN_sha512,
1227 },
1228
1229 {
1230 .name = SN_dsa_with_SHA224,
1231 .digest = EVP_sha224,
1232 .alias = SN_sha224,
1233 },
1234 {
1235 .name = SN_dsa_with_SHA256,
1236 .digest = EVP_sha256,
1237 .alias = SN_sha256,
1238 },
1239
1240 {
1241 .name = SN_dsa_with_SHA3_224,
1242 .digest = EVP_sha3_224,
1243 .alias = SN_sha3_224,
1244 },
1245 {
1246 .name = SN_dsa_with_SHA3_256,
1247 .digest = EVP_sha3_256,
1248 .alias = SN_sha3_256,
1249 },
1250 {
1251 .name = SN_dsa_with_SHA3_384,
1252 .digest = EVP_sha3_384,
1253 .alias = SN_sha3_384,
1254 },
1255 {
1256 .name = SN_dsa_with_SHA3_512,
1257 .digest = EVP_sha3_512,
1258 .alias = SN_sha3_512,
1259 },
1260
1261 {
1262 .name = SN_dsa_with_SHA384,
1263 .digest = EVP_sha384,
1264 .alias = SN_sha384,
1265 },
1266 {
1267 .name = SN_dsa_with_SHA512,
1268 .digest = EVP_sha512,
1269 .alias = SN_sha512,
1270 },
1271
1272 {
1273 .name = SN_ecdsa_with_SHA3_224,
1274 .digest = EVP_sha3_224,
1275 .alias = SN_sha3_224,
1276 },
1277 {
1278 .name = SN_ecdsa_with_SHA3_256,
1279 .digest = EVP_sha3_256,
1280 .alias = SN_sha3_256,
1281 },
1282 {
1283 .name = SN_ecdsa_with_SHA3_384,
1284 .digest = EVP_sha3_384,
1285 .alias = SN_sha3_384,
1286 },
1287 {
1288 .name = SN_ecdsa_with_SHA3_512,
1289 .digest = EVP_sha3_512,
1290 .alias = SN_sha3_512,
1291 },
1292
1293 {
1294 .name = SN_RSA_SHA3_224,
1295 .digest = EVP_sha3_224,
1296 .alias = SN_sha3_224,
1297 },
1298 {
1299 .name = SN_RSA_SHA3_256,
1300 .digest = EVP_sha3_256,
1301 .alias = SN_sha3_256,
1302 },
1303 {
1304 .name = SN_RSA_SHA3_384,
1305 .digest = EVP_sha3_384,
1306 .alias = SN_sha3_384,
1307 },
1308 {
1309 .name = SN_RSA_SHA3_512,
1310 .digest = EVP_sha3_512,
1311 .alias = SN_sha3_512,
1312 },
1313
1314 {
1315 .name = LN_md4,
1316 .digest = EVP_md4,
1317 },
1318 {
1319 .name = LN_md4WithRSAEncryption,
1320 .digest = EVP_md4,
1321 .alias = SN_md4,
1322 },
1323
1324 {
1325 .name = LN_md5,
1326 .digest = EVP_md5,
1327 },
1328 {
1329 .name = LN_md5_sha1,
1330 .digest = EVP_md5_sha1,
1331 },
1332 {
1333 .name = LN_md5WithRSAEncryption,
1334 .digest = EVP_md5,
1335 .alias = SN_md5,
1336 },
1337
1338 {
1339 .name = "ripemd",
1340 .digest = EVP_ripemd160,
1341 .alias = SN_ripemd160,
1342 },
1343 {
1344 .name = LN_ripemd160,
1345 .digest = EVP_ripemd160,
1346 },
1347 {
1348 .name = LN_ripemd160WithRSA,
1349 .digest = EVP_ripemd160,
1350 .alias = SN_ripemd160,
1351 },
1352 {
1353 .name = "rmd160",
1354 .digest = EVP_ripemd160,
1355 .alias = SN_ripemd160,
1356 },
1357
1358 {
1359 .name = LN_sha1,
1360 .digest = EVP_sha1,
1361 },
1362 {
1363 .name = LN_sha1WithRSAEncryption,
1364 .digest = EVP_sha1,
1365 .alias = SN_sha1,
1366 },
1367
1368 {
1369 .name = LN_sha224,
1370 .digest = EVP_sha224,
1371 },
1372 {
1373 .name = LN_sha224WithRSAEncryption,
1374 .digest = EVP_sha224,
1375 .alias = SN_sha224,
1376 },
1377 {
1378 .name = LN_sha256,
1379 .digest = EVP_sha256,
1380 },
1381 {
1382 .name = LN_sha256WithRSAEncryption,
1383 .digest = EVP_sha256,
1384 .alias = SN_sha256,
1385 },
1386
1387 {
1388 .name = LN_sha3_224,
1389 .digest = EVP_sha3_224,
1390 },
1391 {
1392 .name = LN_sha3_256,
1393 .digest = EVP_sha3_256,
1394 },
1395 {
1396 .name = LN_sha3_384,
1397 .digest = EVP_sha3_384,
1398 },
1399 {
1400 .name = LN_sha3_512,
1401 .digest = EVP_sha3_512,
1402 },
1403
1404 {
1405 .name = LN_sha384,
1406 .digest = EVP_sha384,
1407 },
1408 {
1409 .name = LN_sha384WithRSAEncryption,
1410 .digest = EVP_sha384,
1411 .alias = SN_sha384,
1412 },
1413 {
1414 .name = LN_sha512,
1415 .digest = EVP_sha512,
1416 },
1417 {
1418 .name = LN_sha512_224,
1419 .digest = EVP_sha512_224,
1420 },
1421 {
1422 .name = LN_sha512_224WithRSAEncryption,
1423 .digest = EVP_sha512_224,
1424 .alias = SN_sha512_224,
1425 },
1426 {
1427 .name = LN_sha512_256,
1428 .digest = EVP_sha512_256,
1429 },
1430 {
1431 .name = LN_sha512_256WithRSAEncryption,
1432 .digest = EVP_sha512_256,
1433 .alias = SN_sha512_256,
1434 },
1435 {
1436 .name = LN_sha512WithRSAEncryption,
1437 .digest = EVP_sha512,
1438 .alias = SN_sha512,
1439 },
1440
1441 {
1442 .name = LN_sm3,
1443 .digest = EVP_sm3,
1444 },
1445 {
1446 .name = LN_sm3WithRSAEncryption,
1447 .digest = EVP_sm3,
1448 .alias = SN_sm3,
1449 },
1450
1451 {
1452 .name = "ssl2-md5",
1453 .digest = EVP_md5,
1454 .alias = SN_md5,
1455 },
1456 {
1457 .name = "ssl3-md5",
1458 .digest = EVP_md5,
1459 .alias = SN_md5,
1460 },
1461
1462 {
1463 .name = "ssl3-sha1",
1464 .digest = EVP_sha1,
1465 .alias = SN_sha1,
1466 },
1467};
1468
1469#define N_DIGEST_NAMES (sizeof(digest_names) / sizeof(digest_names[0]))
1470
1471void
1472EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *, const char *,
1473 const char *, void *), void *arg)
1474{
1475 size_t i;
1476
1477 /* Prayer and clean living lets you ignore errors, OpenSSL style. */
1478 (void)OPENSSL_init_crypto(0, NULL);
1479
1480 for (i = 0; i < N_CIPHER_NAMES; i++) {
1481 const struct cipher_name *cipher = &cipher_names[i];
1482 const EVP_CIPHER *evp_cipher;
1483
1484 if ((evp_cipher = cipher->cipher()) == NULL)
1485 continue;
1486
1487 if (cipher->alias != NULL)
1488 fn(NULL, cipher->name, cipher->alias, arg);
1489 else
1490 fn(evp_cipher, cipher->name, NULL, arg);
1491 }
1492}
1493LCRYPTO_ALIAS(EVP_CIPHER_do_all_sorted);
1494
1495void
1496EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *, const char *, const char *,
1497 void *), void *arg)
1498{
1499 EVP_CIPHER_do_all_sorted(fn, arg);
1500}
1501LCRYPTO_ALIAS(EVP_CIPHER_do_all);
1502
1503void
1504EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *, const char *, const char *,
1505 void *), void *arg)
1506{
1507 size_t i;
1508
1509 /* Prayer and clean living lets you ignore errors, OpenSSL style. */
1510 (void)OPENSSL_init_crypto(0, NULL);
1511
1512 for (i = 0; i < N_DIGEST_NAMES; i++) {
1513 const struct digest_name *digest = &digest_names[i];
1514 const EVP_MD *evp_md;
1515
1516 if ((evp_md = digest->digest()) == NULL)
1517 continue;
1518
1519 if (digest->alias != NULL)
1520 fn(NULL, digest->name, digest->alias, arg);
1521 else
1522 fn(evp_md, digest->name, NULL, arg);
1523 }
1524}
1525LCRYPTO_ALIAS(EVP_MD_do_all_sorted);
1526
1527void
1528EVP_MD_do_all(void (*fn)(const EVP_MD *, const char *, const char *, void *),
1529 void *arg)
1530{
1531 EVP_MD_do_all_sorted(fn, arg);
1532}
1533LCRYPTO_ALIAS(EVP_MD_do_all);
1534
1535/*
1536 * The OBJ_NAME API is completely misnamed. It has little to do with objects
1537 * and a lot to do with EVP. Therefore we implement a saner replacement for
1538 * the part of the old madness that we need to keep in the evp directory.
1539 */
1540
1541static int
1542OBJ_NAME_from_cipher_name(OBJ_NAME *obj_name, const struct cipher_name *cipher)
1543{
1544 const EVP_CIPHER *evp_cipher;
1545
1546 if ((evp_cipher = cipher->cipher()) == NULL)
1547 return 0;
1548
1549 obj_name->type = OBJ_NAME_TYPE_CIPHER_METH;
1550 obj_name->name = cipher->name;
1551 if (cipher->alias != NULL) {
1552 obj_name->alias = OBJ_NAME_ALIAS;
1553 obj_name->data = cipher->alias;
1554 } else {
1555 obj_name->alias = 0;
1556 obj_name->data = evp_cipher;
1557 }
1558
1559 return 1;
1560}
1561
1562static void
1563OBJ_NAME_do_all_ciphers(void (*fn)(const OBJ_NAME *, void *), void *arg)
1564{
1565 size_t i;
1566
1567 for (i = 0; i < N_CIPHER_NAMES; i++) {
1568 const struct cipher_name *cipher = &cipher_names[i];
1569 OBJ_NAME name;
1570
1571 if (OBJ_NAME_from_cipher_name(&name, cipher))
1572 fn(&name, arg);
1573 }
1574}
1575
1576static int
1577OBJ_NAME_from_digest_name(OBJ_NAME *obj_name, const struct digest_name *digest)
1578{
1579 const EVP_MD *evp_md;
1580
1581 if ((evp_md = digest->digest()) == NULL)
1582 return 0;
1583
1584 obj_name->type = OBJ_NAME_TYPE_MD_METH;
1585 obj_name->name = digest->name;
1586 if (digest->alias != NULL) {
1587 obj_name->alias = OBJ_NAME_ALIAS;
1588 obj_name->data = digest->alias;
1589 } else {
1590 obj_name->alias = 0;
1591 obj_name->data = evp_md;
1592 }
1593
1594 return 1;
1595}
1596
1597static void
1598OBJ_NAME_do_all_digests(void (*fn)(const OBJ_NAME *, void *), void *arg)
1599{
1600 size_t i;
1601
1602 for (i = 0; i < N_DIGEST_NAMES; i++) {
1603 const struct digest_name *digest = &digest_names[i];
1604 OBJ_NAME name;
1605
1606 if (OBJ_NAME_from_digest_name(&name, digest))
1607 fn(&name, arg);
1608 }
1609}
1610
1611void
1612OBJ_NAME_do_all_sorted(int type, void (*fn)(const OBJ_NAME *, void *), void *arg)
1613{
1614 /* Prayer and clean living lets you ignore errors, OpenSSL style. */
1615 (void)OPENSSL_init_crypto(0, NULL);
1616
1617 if (type == OBJ_NAME_TYPE_CIPHER_METH)
1618 OBJ_NAME_do_all_ciphers(fn, arg);
1619 if (type == OBJ_NAME_TYPE_MD_METH)
1620 OBJ_NAME_do_all_digests(fn, arg);
1621}
1622LCRYPTO_ALIAS(OBJ_NAME_do_all_sorted);
1623
1624void
1625OBJ_NAME_do_all(int type, void (*fn)(const OBJ_NAME *, void *), void *arg)
1626{
1627 OBJ_NAME_do_all_sorted(type, fn, arg);
1628}
1629LCRYPTO_ALIAS(OBJ_NAME_do_all);
1630
1631static int
1632cipher_cmp(const void *a, const void *b)
1633{
1634 return strcmp(a, ((const struct cipher_name *)b)->name);
1635}
1636
1637const EVP_CIPHER *
1638EVP_get_cipherbyname(const char *name)
1639{
1640 const struct cipher_name *cipher;
1641
1642 if (!OPENSSL_init_crypto(0, NULL))
1643 return NULL;
1644
1645 if (name == NULL)
1646 return NULL;
1647
1648 if ((cipher = bsearch(name, cipher_names, N_CIPHER_NAMES,
1649 sizeof(*cipher), cipher_cmp)) == NULL)
1650 return NULL;
1651
1652 return cipher->cipher();
1653}
1654LCRYPTO_ALIAS(EVP_get_cipherbyname);
1655
1656static int
1657digest_cmp(const void *a, const void *b)
1658{
1659 return strcmp(a, ((const struct digest_name *)b)->name);
1660}
1661
1662const EVP_MD *
1663EVP_get_digestbyname(const char *name)
1664{
1665 const struct digest_name *digest;
1666
1667 if (!OPENSSL_init_crypto(0, NULL))
1668 return NULL;
1669
1670 if (name == NULL)
1671 return NULL;
1672
1673 if ((digest = bsearch(name, digest_names, N_DIGEST_NAMES,
1674 sizeof(*digest), digest_cmp)) == NULL)
1675 return NULL;
1676
1677 return digest->digest();
1678}
1679LCRYPTO_ALIAS(EVP_get_digestbyname);
1680
1681/*
1682 * XXX - this is here because most of its job was to clean up the dynamic
1683 * tables of ciphers and digests. If we get an evp_lib.c again, it should
1684 * probably move there.
1685 */
1686
1687void
1688EVP_cleanup(void)
1689{
1690}
1691LCRYPTO_ALIAS(EVP_cleanup);
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
deleted file mode 100644
index 88ceb14033..0000000000
--- a/src/lib/libcrypto/evp/evp_pbe.c
+++ /dev/null
@@ -1,647 +0,0 @@
1/* $OpenBSD: evp_pbe.c,v 1.50 2024/04/09 13:52:41 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <string.h>
61
62#include <openssl/asn1.h>
63#include <openssl/err.h>
64#include <openssl/evp.h>
65#include <openssl/hmac.h>
66#include <openssl/objects.h>
67#include <openssl/pkcs12.h>
68#include <openssl/x509.h>
69
70#include "evp_local.h"
71#include "hmac_local.h"
72#include "pkcs12_local.h"
73#include "x509_local.h"
74
75/* Password based encryption (PBE) functions */
76int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
77 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de);
78int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
79 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de);
80int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
81 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,
82 int en_de);
83int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
84 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de);
85
86static const struct pbe_config {
87 int pbe_nid;
88 int cipher_nid;
89 int md_nid;
90 EVP_PBE_KEYGEN *keygen;
91} pbe_outer[] = {
92 {
93 .pbe_nid = NID_pbeWithMD2AndDES_CBC,
94 .cipher_nid = NID_des_cbc,
95 .md_nid = NID_md2,
96 .keygen = PKCS5_PBE_keyivgen,
97 },
98 {
99 .pbe_nid = NID_pbeWithMD5AndDES_CBC,
100 .cipher_nid = NID_des_cbc,
101 .md_nid = NID_md5,
102 .keygen = PKCS5_PBE_keyivgen,
103 },
104 {
105 .pbe_nid = NID_pbeWithSHA1AndRC2_CBC,
106 .cipher_nid = NID_rc2_64_cbc,
107 .md_nid = NID_sha1,
108 .keygen = PKCS5_PBE_keyivgen,
109 },
110 {
111 .pbe_nid = NID_id_pbkdf2,
112 .cipher_nid = -1,
113 .md_nid = -1,
114 .keygen = PKCS5_v2_PBKDF2_keyivgen,
115 },
116 {
117 .pbe_nid = NID_pbe_WithSHA1And128BitRC4,
118 .cipher_nid = NID_rc4,
119 .md_nid = NID_sha1,
120 .keygen = PKCS12_PBE_keyivgen,
121 },
122 {
123 .pbe_nid = NID_pbe_WithSHA1And40BitRC4,
124 .cipher_nid = NID_rc4_40,
125 .md_nid = NID_sha1,
126 .keygen = PKCS12_PBE_keyivgen,
127 },
128 {
129 .pbe_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
130 .cipher_nid = NID_des_ede3_cbc,
131 .md_nid = NID_sha1,
132 .keygen = PKCS12_PBE_keyivgen,
133 },
134 {
135 .pbe_nid = NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
136 .cipher_nid = NID_des_ede_cbc,
137 .md_nid = NID_sha1,
138 .keygen = PKCS12_PBE_keyivgen,
139 },
140 {
141 .pbe_nid = NID_pbe_WithSHA1And128BitRC2_CBC,
142 .cipher_nid = NID_rc2_cbc,
143 .md_nid = NID_sha1,
144 .keygen = PKCS12_PBE_keyivgen,
145 },
146 {
147 .pbe_nid = NID_pbe_WithSHA1And40BitRC2_CBC,
148 .cipher_nid = NID_rc2_40_cbc,
149 .md_nid = NID_sha1,
150 .keygen = PKCS12_PBE_keyivgen,
151 },
152 {
153 .pbe_nid = NID_pbes2,
154 .cipher_nid = -1,
155 .md_nid = -1,
156 .keygen = PKCS5_v2_PBE_keyivgen,
157 },
158 {
159 .pbe_nid = NID_pbeWithMD2AndRC2_CBC,
160 .cipher_nid = NID_rc2_64_cbc,
161 .md_nid = NID_md2,
162 .keygen = PKCS5_PBE_keyivgen,
163 },
164 {
165 .pbe_nid = NID_pbeWithMD5AndRC2_CBC,
166 .cipher_nid = NID_rc2_64_cbc,
167 .md_nid = NID_md5,
168 .keygen = PKCS5_PBE_keyivgen,
169 },
170 {
171 .pbe_nid = NID_pbeWithSHA1AndDES_CBC,
172 .cipher_nid = NID_des_cbc,
173 .md_nid = NID_sha1,
174 .keygen = PKCS5_PBE_keyivgen,
175 },
176};
177
178#define N_PBE_OUTER (sizeof(pbe_outer) / sizeof(pbe_outer[0]))
179
180int
181EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
182 ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
183{
184 const struct pbe_config *cfg = NULL;
185 const EVP_CIPHER *cipher = NULL;
186 const EVP_MD *md = NULL;
187 int pbe_nid;
188 size_t i;
189
190 if ((pbe_nid = OBJ_obj2nid(pbe_obj)) == NID_undef) {
191 EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM);
192 return 0;
193 }
194
195 for (i = 0; i < N_PBE_OUTER; i++) {
196 if (pbe_nid == pbe_outer[i].pbe_nid) {
197 cfg = &pbe_outer[i];
198 break;
199 }
200 }
201 if (cfg == NULL) {
202 EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM);
203 ERR_asprintf_error_data("NID=%d", pbe_nid);
204 return 0;
205 }
206
207 if (pass == NULL)
208 passlen = 0;
209 if (passlen == -1)
210 passlen = strlen(pass);
211
212 if (cfg->cipher_nid != -1) {
213 if ((cipher = EVP_get_cipherbynid(cfg->cipher_nid)) == NULL) {
214 EVPerror(EVP_R_UNKNOWN_CIPHER);
215 return 0;
216 }
217 }
218 if (cfg->md_nid != -1) {
219 if ((md = EVP_get_digestbynid(cfg->md_nid)) == NULL) {
220 EVPerror(EVP_R_UNKNOWN_DIGEST);
221 return 0;
222 }
223 }
224
225 if (!cfg->keygen(ctx, pass, passlen, param, cipher, md, en_de)) {
226 EVPerror(EVP_R_KEYGEN_FAILURE);
227 return 0;
228 }
229
230 return 1;
231}
232
233int
234PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
235 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
236{
237 EVP_MD_CTX *md_ctx;
238 unsigned char md_tmp[EVP_MAX_MD_SIZE];
239 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
240 int i;
241 PBEPARAM *pbe;
242 int saltlen, iter;
243 unsigned char *salt;
244 const unsigned char *pbuf;
245 int mdsize;
246 int ret = 0;
247
248 /* Extract useful info from parameter */
249 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
250 param->value.sequence == NULL) {
251 EVPerror(EVP_R_DECODE_ERROR);
252 return 0;
253 }
254
255 mdsize = EVP_MD_size(md);
256 if (mdsize < 0)
257 return 0;
258
259 pbuf = param->value.sequence->data;
260 if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
261 EVPerror(EVP_R_DECODE_ERROR);
262 return 0;
263 }
264
265 if (!pbe->iter)
266 iter = 1;
267 else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
268 EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
269 PBEPARAM_free(pbe);
270 return 0;
271 }
272 salt = pbe->salt->data;
273 saltlen = pbe->salt->length;
274
275 if (!pass)
276 passlen = 0;
277 else if (passlen == -1)
278 passlen = strlen(pass);
279
280 if ((md_ctx = EVP_MD_CTX_new()) == NULL)
281 goto err;
282
283 if (!EVP_DigestInit_ex(md_ctx, md, NULL))
284 goto err;
285 if (!EVP_DigestUpdate(md_ctx, pass, passlen))
286 goto err;
287 if (!EVP_DigestUpdate(md_ctx, salt, saltlen))
288 goto err;
289 if (!EVP_DigestFinal_ex(md_ctx, md_tmp, NULL))
290 goto err;
291 for (i = 1; i < iter; i++) {
292 if (!EVP_DigestInit_ex(md_ctx, md, NULL))
293 goto err;
294 if (!EVP_DigestUpdate(md_ctx, md_tmp, mdsize))
295 goto err;
296 if (!EVP_DigestFinal_ex(md_ctx, md_tmp, NULL))
297 goto err;
298 }
299 if ((size_t)EVP_CIPHER_key_length(cipher) > sizeof(md_tmp)) {
300 EVPerror(EVP_R_BAD_KEY_LENGTH);
301 goto err;
302 }
303 memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
304 if ((size_t)EVP_CIPHER_iv_length(cipher) > 16) {
305 EVPerror(EVP_R_IV_TOO_LARGE);
306 goto err;
307 }
308 memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
309 EVP_CIPHER_iv_length(cipher));
310 if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
311 goto err;
312 explicit_bzero(md_tmp, EVP_MAX_MD_SIZE);
313 explicit_bzero(key, EVP_MAX_KEY_LENGTH);
314 explicit_bzero(iv, EVP_MAX_IV_LENGTH);
315
316 ret = 1;
317
318 err:
319 EVP_MD_CTX_free(md_ctx);
320 PBEPARAM_free(pbe);
321
322 return ret;
323}
324
325/*
326 * PKCS#5 v2.0 password based encryption key derivation function PBKDF2.
327 */
328
329int
330PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt,
331 int saltlen, int iter, const EVP_MD *digest, int keylen, unsigned char *out)
332{
333 unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
334 int cplen, j, k, tkeylen, mdlen;
335 unsigned long i = 1;
336 HMAC_CTX hctx_tpl, hctx;
337
338 mdlen = EVP_MD_size(digest);
339 if (mdlen < 0)
340 return 0;
341
342 HMAC_CTX_init(&hctx_tpl);
343 p = out;
344 tkeylen = keylen;
345 if (!pass)
346 passlen = 0;
347 else if (passlen == -1)
348 passlen = strlen(pass);
349 if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) {
350 HMAC_CTX_cleanup(&hctx_tpl);
351 return 0;
352 }
353 while (tkeylen) {
354 if (tkeylen > mdlen)
355 cplen = mdlen;
356 else
357 cplen = tkeylen;
358 /*
359 * We are unlikely to ever use more than 256 blocks (5120 bits!)
360 * but just in case...
361 */
362 itmp[0] = (unsigned char)((i >> 24) & 0xff);
363 itmp[1] = (unsigned char)((i >> 16) & 0xff);
364 itmp[2] = (unsigned char)((i >> 8) & 0xff);
365 itmp[3] = (unsigned char)(i & 0xff);
366 if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {
367 HMAC_CTX_cleanup(&hctx_tpl);
368 return 0;
369 }
370 if (!HMAC_Update(&hctx, salt, saltlen) ||
371 !HMAC_Update(&hctx, itmp, 4) ||
372 !HMAC_Final(&hctx, digtmp, NULL)) {
373 HMAC_CTX_cleanup(&hctx_tpl);
374 HMAC_CTX_cleanup(&hctx);
375 return 0;
376 }
377 HMAC_CTX_cleanup(&hctx);
378 memcpy(p, digtmp, cplen);
379 for (j = 1; j < iter; j++) {
380 if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {
381 HMAC_CTX_cleanup(&hctx_tpl);
382 return 0;
383 }
384 if (!HMAC_Update(&hctx, digtmp, mdlen) ||
385 !HMAC_Final(&hctx, digtmp, NULL)) {
386 HMAC_CTX_cleanup(&hctx_tpl);
387 HMAC_CTX_cleanup(&hctx);
388 return 0;
389 }
390 HMAC_CTX_cleanup(&hctx);
391 for (k = 0; k < cplen; k++)
392 p[k] ^= digtmp[k];
393 }
394 tkeylen -= cplen;
395 i++;
396 p += cplen;
397 }
398 HMAC_CTX_cleanup(&hctx_tpl);
399 return 1;
400}
401LCRYPTO_ALIAS(PKCS5_PBKDF2_HMAC);
402
403int
404PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, const unsigned char *salt,
405 int saltlen, int iter, int keylen, unsigned char *out)
406{
407 return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter,
408 EVP_sha1(), keylen, out);
409}
410LCRYPTO_ALIAS(PKCS5_PBKDF2_HMAC_SHA1);
411
412/*
413 * Now the key derivation function itself. This is a bit evil because
414 * it has to check the ASN1 parameters are valid: and there are quite a
415 * few of them...
416 */
417
418int
419PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
420 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de)
421{
422 const unsigned char *pbuf;
423 int plen;
424 PBE2PARAM *pbe2 = NULL;
425 const EVP_CIPHER *cipher;
426 int ret = 0;
427
428 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
429 param->value.sequence == NULL) {
430 EVPerror(EVP_R_DECODE_ERROR);
431 goto err;
432 }
433
434 pbuf = param->value.sequence->data;
435 plen = param->value.sequence->length;
436 if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
437 EVPerror(EVP_R_DECODE_ERROR);
438 goto err;
439 }
440
441 /* See if we recognise the key derivation function */
442
443 if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
444 EVPerror(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
445 goto err;
446 }
447
448 /* Let's see if we recognise the encryption algorithm. */
449 cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm);
450 if (!cipher) {
451 EVPerror(EVP_R_UNSUPPORTED_CIPHER);
452 goto err;
453 }
454
455 /* Fixup cipher based on AlgorithmIdentifier */
456 if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
457 goto err;
458 if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
459 EVPerror(EVP_R_CIPHER_PARAMETER_ERROR);
460 goto err;
461 }
462
463 ret = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen,
464 pbe2->keyfunc->parameter, c, md, en_de);
465
466 err:
467 PBE2PARAM_free(pbe2);
468
469 return ret;
470}
471
472static int
473md_nid_from_prf_nid(int nid)
474{
475 switch (nid) {
476 case NID_hmacWithMD5:
477 return NID_md5;
478 case NID_hmacWithSHA1:
479 return NID_sha1;
480 case NID_hmacWithSHA224:
481 return NID_sha224;
482 case NID_hmacWithSHA256:
483 return NID_sha256;
484 case NID_hmacWithSHA384:
485 return NID_sha384;
486 case NID_hmacWithSHA512:
487 return NID_sha512;
488 case NID_hmacWithSHA512_224:
489 return NID_sha512_224;
490 case NID_hmacWithSHA512_256:
491 return NID_sha512_256;
492 case NID_hmac_sha3_224:
493 return NID_sha3_224;
494 case NID_hmac_sha3_256:
495 return NID_sha3_256;
496 case NID_hmac_sha3_384:
497 return NID_sha3_384;
498 case NID_hmac_sha3_512:
499 return NID_sha3_512;
500 default:
501 return NID_undef;
502 }
503}
504
505int
506PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
507 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de)
508{
509 unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
510 const unsigned char *pbuf;
511 int saltlen, iter, plen;
512 unsigned int keylen = 0;
513 int prf_nid, hmac_md_nid;
514 PBKDF2PARAM *kdf = NULL;
515 const EVP_MD *prfmd;
516 int ret = 0;
517
518 if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
519 EVPerror(EVP_R_NO_CIPHER_SET);
520 return 0;
521 }
522 keylen = EVP_CIPHER_CTX_key_length(ctx);
523 if (keylen > sizeof key) {
524 EVPerror(EVP_R_BAD_KEY_LENGTH);
525 return 0;
526 }
527
528 /* Decode parameter */
529
530 if (!param || (param->type != V_ASN1_SEQUENCE)) {
531 EVPerror(EVP_R_DECODE_ERROR);
532 return 0;
533 }
534
535 pbuf = param->value.sequence->data;
536 plen = param->value.sequence->length;
537
538 if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
539 EVPerror(EVP_R_DECODE_ERROR);
540 return 0;
541 }
542
543 /* Now check the parameters of the kdf */
544
545 if (kdf->keylength &&
546 (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){
547 EVPerror(EVP_R_UNSUPPORTED_KEYLENGTH);
548 goto err;
549 }
550
551 if (kdf->prf)
552 prf_nid = OBJ_obj2nid(kdf->prf->algorithm);
553 else
554 prf_nid = NID_hmacWithSHA1;
555
556 if ((hmac_md_nid = md_nid_from_prf_nid(prf_nid)) == NID_undef) {
557 EVPerror(EVP_R_UNSUPPORTED_PRF);
558 goto err;
559 }
560
561 prfmd = EVP_get_digestbynid(hmac_md_nid);
562 if (prfmd == NULL) {
563 EVPerror(EVP_R_UNSUPPORTED_PRF);
564 goto err;
565 }
566
567 if (kdf->salt->type != V_ASN1_OCTET_STRING) {
568 EVPerror(EVP_R_UNSUPPORTED_SALT_TYPE);
569 goto err;
570 }
571
572 /* it seems that its all OK */
573 salt = kdf->salt->value.octet_string->data;
574 saltlen = kdf->salt->value.octet_string->length;
575 if ((iter = ASN1_INTEGER_get(kdf->iter)) <= 0) {
576 EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
577 goto err;
578 }
579 if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
580 keylen, key))
581 goto err;
582
583 ret = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
584
585 err:
586 explicit_bzero(key, keylen);
587 PBKDF2PARAM_free(kdf);
588
589 return ret;
590}
591
592void
593PKCS12_PBE_add(void)
594{
595}
596LCRYPTO_ALIAS(PKCS12_PBE_add);
597
598int
599PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
600 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
601{
602 PBEPARAM *pbe;
603 int saltlen, iter, ret;
604 unsigned char *salt;
605 const unsigned char *pbuf;
606 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
607
608 /* Extract useful info from parameter */
609 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
610 param->value.sequence == NULL) {
611 PKCS12error(PKCS12_R_DECODE_ERROR);
612 return 0;
613 }
614
615 pbuf = param->value.sequence->data;
616 if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
617 PKCS12error(PKCS12_R_DECODE_ERROR);
618 return 0;
619 }
620
621 if (!pbe->iter)
622 iter = 1;
623 else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
624 PKCS12error(PKCS12_R_DECODE_ERROR);
625 PBEPARAM_free(pbe);
626 return 0;
627 }
628 salt = pbe->salt->data;
629 saltlen = pbe->salt->length;
630 if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
631 iter, EVP_CIPHER_key_length(cipher), key, md)) {
632 PKCS12error(PKCS12_R_KEY_GEN_ERROR);
633 PBEPARAM_free(pbe);
634 return 0;
635 }
636 if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID,
637 iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
638 PKCS12error(PKCS12_R_IV_GEN_ERROR);
639 PBEPARAM_free(pbe);
640 return 0;
641 }
642 PBEPARAM_free(pbe);
643 ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
644 explicit_bzero(key, EVP_MAX_KEY_LENGTH);
645 explicit_bzero(iv, EVP_MAX_IV_LENGTH);
646 return ret;
647}
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
deleted file mode 100644
index a1e127352a..0000000000
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ /dev/null
@@ -1,144 +0,0 @@
1/* $OpenBSD: evp_pkey.c,v 1.33 2025/02/04 04:51:34 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62
63#include <openssl/err.h>
64#include <openssl/x509.h>
65
66#include "asn1_local.h"
67#include "evp_local.h"
68
69/* Extract a private key from a PKCS8 structure */
70
71EVP_PKEY *
72EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8)
73{
74 EVP_PKEY *pkey = NULL;
75 const ASN1_OBJECT *algoid;
76 char obj_tmp[80];
77
78 if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8))
79 return NULL;
80
81 if (!(pkey = EVP_PKEY_new())) {
82 EVPerror(ERR_R_MALLOC_FAILURE);
83 return NULL;
84 }
85
86 if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid))) {
87 EVPerror(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
88 if (i2t_ASN1_OBJECT(obj_tmp, sizeof(obj_tmp), algoid) == 0)
89 (void)strlcpy(obj_tmp, "unknown", sizeof(obj_tmp));
90 ERR_asprintf_error_data("TYPE=%s", obj_tmp);
91 goto error;
92 }
93
94 if (pkey->ameth->priv_decode) {
95 if (!pkey->ameth->priv_decode(pkey, p8)) {
96 EVPerror(EVP_R_PRIVATE_KEY_DECODE_ERROR);
97 goto error;
98 }
99 } else {
100 EVPerror(EVP_R_METHOD_NOT_SUPPORTED);
101 goto error;
102 }
103
104 return pkey;
105
106error:
107 EVP_PKEY_free(pkey);
108 return NULL;
109}
110LCRYPTO_ALIAS(EVP_PKCS82PKEY);
111
112/* Turn a private key into a PKCS8 structure */
113
114PKCS8_PRIV_KEY_INFO *
115EVP_PKEY2PKCS8(EVP_PKEY *pkey)
116{
117 PKCS8_PRIV_KEY_INFO *p8;
118
119 if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {
120 EVPerror(ERR_R_MALLOC_FAILURE);
121 return NULL;
122 }
123
124 if (pkey->ameth) {
125 if (pkey->ameth->priv_encode) {
126 if (!pkey->ameth->priv_encode(p8, pkey)) {
127 EVPerror(EVP_R_PRIVATE_KEY_ENCODE_ERROR);
128 goto error;
129 }
130 } else {
131 EVPerror(EVP_R_METHOD_NOT_SUPPORTED);
132 goto error;
133 }
134 } else {
135 EVPerror(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
136 goto error;
137 }
138 return p8;
139
140error:
141 PKCS8_PRIV_KEY_INFO_free(p8);
142 return NULL;
143}
144LCRYPTO_ALIAS(EVP_PKEY2PKCS8);
diff --git a/src/lib/libcrypto/evp/m_md4.c b/src/lib/libcrypto/evp/m_md4.c
deleted file mode 100644
index a9d3150948..0000000000
--- a/src/lib/libcrypto/evp/m_md4.c
+++ /dev/null
@@ -1,114 +0,0 @@
1/* $OpenBSD: m_md4.c,v 1.22 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/opensslconf.h>
62
63#ifndef OPENSSL_NO_MD4
64
65#include <openssl/evp.h>
66#include <openssl/md4.h>
67#include <openssl/objects.h>
68#include <openssl/x509.h>
69
70#ifndef OPENSSL_NO_RSA
71#include <openssl/rsa.h>
72#endif
73
74#include "evp_local.h"
75
76static int
77init(EVP_MD_CTX *ctx)
78{
79 return MD4_Init(ctx->md_data);
80}
81
82static int
83update(EVP_MD_CTX *ctx, const void *data, size_t count)
84{
85 return MD4_Update(ctx->md_data, data, count);
86}
87
88static int
89final(EVP_MD_CTX *ctx, unsigned char *md)
90{
91 return MD4_Final(md, ctx->md_data);
92}
93
94static const EVP_MD md4_md = {
95 .type = NID_md4,
96 .pkey_type = NID_md4WithRSAEncryption,
97 .md_size = MD4_DIGEST_LENGTH,
98 .flags = 0,
99 .init = init,
100 .update = update,
101 .final = final,
102 .copy = NULL,
103 .cleanup = NULL,
104 .block_size = MD4_CBLOCK,
105 .ctx_size = sizeof(EVP_MD *) + sizeof(MD4_CTX),
106};
107
108const EVP_MD *
109EVP_md4(void)
110{
111 return (&md4_md);
112}
113LCRYPTO_ALIAS(EVP_md4);
114#endif
diff --git a/src/lib/libcrypto/evp/m_md5.c b/src/lib/libcrypto/evp/m_md5.c
deleted file mode 100644
index 1bba8c4e1b..0000000000
--- a/src/lib/libcrypto/evp/m_md5.c
+++ /dev/null
@@ -1,114 +0,0 @@
1/* $OpenBSD: m_md5.c,v 1.21 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/opensslconf.h>
62
63#ifndef OPENSSL_NO_MD5
64
65#include <openssl/evp.h>
66#include <openssl/md5.h>
67#include <openssl/objects.h>
68#include <openssl/x509.h>
69
70#ifndef OPENSSL_NO_RSA
71#include <openssl/rsa.h>
72#endif
73
74#include "evp_local.h"
75
76static int
77init(EVP_MD_CTX *ctx)
78{
79 return MD5_Init(ctx->md_data);
80}
81
82static int
83update(EVP_MD_CTX *ctx, const void *data, size_t count)
84{
85 return MD5_Update(ctx->md_data, data, count);
86}
87
88static int
89final(EVP_MD_CTX *ctx, unsigned char *md)
90{
91 return MD5_Final(md, ctx->md_data);
92}
93
94static const EVP_MD md5_md = {
95 .type = NID_md5,
96 .pkey_type = NID_md5WithRSAEncryption,
97 .md_size = MD5_DIGEST_LENGTH,
98 .flags = 0,
99 .init = init,
100 .update = update,
101 .final = final,
102 .copy = NULL,
103 .cleanup = NULL,
104 .block_size = MD5_CBLOCK,
105 .ctx_size = sizeof(EVP_MD *) + sizeof(MD5_CTX),
106};
107
108const EVP_MD *
109EVP_md5(void)
110{
111 return (&md5_md);
112}
113LCRYPTO_ALIAS(EVP_md5);
114#endif
diff --git a/src/lib/libcrypto/evp/m_md5_sha1.c b/src/lib/libcrypto/evp/m_md5_sha1.c
deleted file mode 100644
index 87a801f013..0000000000
--- a/src/lib/libcrypto/evp/m_md5_sha1.c
+++ /dev/null
@@ -1,90 +0,0 @@
1/* $OpenBSD: m_md5_sha1.c,v 1.9 2024/04/09 13:52:41 beck Exp $ */
2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/evp.h>
19#include <openssl/md5.h>
20#include <openssl/objects.h>
21#include <openssl/sha.h>
22
23#ifndef OPENSSL_NO_RSA
24#include <openssl/rsa.h>
25#endif
26
27#include "evp_local.h"
28
29struct md5_sha1_ctx {
30 MD5_CTX md5;
31 SHA_CTX sha1;
32};
33
34static int
35md5_sha1_init(EVP_MD_CTX *ctx)
36{
37 struct md5_sha1_ctx *mdctx = ctx->md_data;
38
39 if (!MD5_Init(&mdctx->md5))
40 return 0;
41 if (!SHA1_Init(&mdctx->sha1))
42 return 0;
43
44 return 1;
45}
46
47static int
48md5_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
49{
50 struct md5_sha1_ctx *mdctx = ctx->md_data;
51
52 if (!MD5_Update(&mdctx->md5, data, count))
53 return 0;
54 if (!SHA1_Update(&mdctx->sha1, data, count))
55 return 0;
56
57 return 1;
58}
59
60static int
61md5_sha1_final(EVP_MD_CTX *ctx, unsigned char *out)
62{
63 struct md5_sha1_ctx *mdctx = ctx->md_data;
64
65 if (!MD5_Final(out, &mdctx->md5))
66 return 0;
67 if (!SHA1_Final(out + MD5_DIGEST_LENGTH, &mdctx->sha1))
68 return 0;
69
70 return 1;
71}
72
73static const EVP_MD md5_sha1_md = {
74 .type = NID_md5_sha1,
75 .pkey_type = NID_md5_sha1,
76 .md_size = MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
77 .flags = 0,
78 .init = md5_sha1_init,
79 .update = md5_sha1_update,
80 .final = md5_sha1_final,
81 .block_size = MD5_CBLOCK, /* MD5_CBLOCK == SHA_CBLOCK */
82 .ctx_size = sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx),
83};
84
85const EVP_MD *
86EVP_md5_sha1(void)
87{
88 return &md5_sha1_md;
89}
90LCRYPTO_ALIAS(EVP_md5_sha1);
diff --git a/src/lib/libcrypto/evp/m_null.c b/src/lib/libcrypto/evp/m_null.c
deleted file mode 100644
index 65af387eaa..0000000000
--- a/src/lib/libcrypto/evp/m_null.c
+++ /dev/null
@@ -1,104 +0,0 @@
1/* $OpenBSD: m_null.c,v 1.15 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/evp.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64
65#include "evp_local.h"
66
67static int
68init(EVP_MD_CTX *ctx)
69{
70 return 1;
71}
72
73static int
74update(EVP_MD_CTX *ctx, const void *data, size_t count)
75{
76 return 1;
77}
78
79static int
80final(EVP_MD_CTX *ctx, unsigned char *md)
81{
82 return 1;
83}
84
85static const EVP_MD null_md = {
86 .type = NID_undef,
87 .pkey_type = NID_undef,
88 .md_size = 0,
89 .flags = 0,
90 .init = init,
91 .update = update,
92 .final = final,
93 .copy = NULL,
94 .cleanup = NULL,
95 .block_size = 0,
96 .ctx_size = sizeof(EVP_MD *),
97};
98
99const EVP_MD *
100EVP_md_null(void)
101{
102 return (&null_md);
103}
104LCRYPTO_ALIAS(EVP_md_null);
diff --git a/src/lib/libcrypto/evp/m_ripemd.c b/src/lib/libcrypto/evp/m_ripemd.c
deleted file mode 100644
index d771510868..0000000000
--- a/src/lib/libcrypto/evp/m_ripemd.c
+++ /dev/null
@@ -1,114 +0,0 @@
1/* $OpenBSD: m_ripemd.c,v 1.18 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/opensslconf.h>
62
63#ifndef OPENSSL_NO_RIPEMD
64
65#include <openssl/evp.h>
66#include <openssl/objects.h>
67#include <openssl/ripemd.h>
68#include <openssl/x509.h>
69
70#ifndef OPENSSL_NO_RSA
71#include <openssl/rsa.h>
72#endif
73
74#include "evp_local.h"
75
76static int
77init(EVP_MD_CTX *ctx)
78{
79 return RIPEMD160_Init(ctx->md_data);
80}
81
82static int
83update(EVP_MD_CTX *ctx, const void *data, size_t count)
84{
85 return RIPEMD160_Update(ctx->md_data, data, count);
86}
87
88static int
89final(EVP_MD_CTX *ctx, unsigned char *md)
90{
91 return RIPEMD160_Final(md, ctx->md_data);
92}
93
94static const EVP_MD ripemd160_md = {
95 .type = NID_ripemd160,
96 .pkey_type = NID_ripemd160WithRSA,
97 .md_size = RIPEMD160_DIGEST_LENGTH,
98 .flags = 0,
99 .init = init,
100 .update = update,
101 .final = final,
102 .copy = NULL,
103 .cleanup = NULL,
104 .block_size = RIPEMD160_CBLOCK,
105 .ctx_size = sizeof(EVP_MD *) + sizeof(RIPEMD160_CTX),
106};
107
108const EVP_MD *
109EVP_ripemd160(void)
110{
111 return (&ripemd160_md);
112}
113LCRYPTO_ALIAS(EVP_ripemd160);
114#endif
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c
deleted file mode 100644
index cdceb99aaf..0000000000
--- a/src/lib/libcrypto/evp/m_sha1.c
+++ /dev/null
@@ -1,358 +0,0 @@
1/* $OpenBSD: m_sha1.c,v 1.26 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/opensslconf.h>
62
63#ifndef OPENSSL_NO_SHA
64
65#include <openssl/evp.h>
66#include <openssl/objects.h>
67#include <openssl/sha.h>
68
69#ifndef OPENSSL_NO_RSA
70#include <openssl/rsa.h>
71#endif
72
73#include "evp_local.h"
74#include "sha_internal.h"
75
76static int
77sha1_init(EVP_MD_CTX *ctx)
78{
79 return SHA1_Init(ctx->md_data);
80}
81
82static int
83sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
84{
85 return SHA1_Update(ctx->md_data, data, count);
86}
87
88static int
89sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
90{
91 return SHA1_Final(md, ctx->md_data);
92}
93
94static const EVP_MD sha1_md = {
95 .type = NID_sha1,
96 .pkey_type = NID_sha1WithRSAEncryption,
97 .md_size = SHA_DIGEST_LENGTH,
98 .flags = EVP_MD_FLAG_DIGALGID_ABSENT,
99 .init = sha1_init,
100 .update = sha1_update,
101 .final = sha1_final,
102 .copy = NULL,
103 .cleanup = NULL,
104 .block_size = SHA_CBLOCK,
105 .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX),
106};
107
108const EVP_MD *
109EVP_sha1(void)
110{
111 return &sha1_md;
112}
113LCRYPTO_ALIAS(EVP_sha1);
114#endif
115
116#ifndef OPENSSL_NO_SHA256
117static int
118sha224_init(EVP_MD_CTX *ctx)
119{
120 return SHA224_Init(ctx->md_data);
121}
122
123static int
124sha224_update(EVP_MD_CTX *ctx, const void *data, size_t count)
125{
126 /*
127 * Even though there're separate SHA224_[Update|Final], we call
128 * SHA256 functions even in SHA224 context. This is what happens
129 * there anyway, so we can spare few CPU cycles:-)
130 */
131 return SHA256_Update(ctx->md_data, data, count);
132}
133
134static int
135sha224_final(EVP_MD_CTX *ctx, unsigned char *md)
136{
137 return SHA224_Final(md, ctx->md_data);
138}
139
140static const EVP_MD sha224_md = {
141 .type = NID_sha224,
142 .pkey_type = NID_sha224WithRSAEncryption,
143 .md_size = SHA224_DIGEST_LENGTH,
144 .flags = EVP_MD_FLAG_DIGALGID_ABSENT,
145 .init = sha224_init,
146 .update = sha224_update,
147 .final = sha224_final,
148 .copy = NULL,
149 .cleanup = NULL,
150 .block_size = SHA256_CBLOCK,
151 .ctx_size = sizeof(EVP_MD *) + sizeof(SHA256_CTX),
152};
153
154const EVP_MD *
155EVP_sha224(void)
156{
157 return &sha224_md;
158}
159LCRYPTO_ALIAS(EVP_sha224);
160
161static int
162sha256_init(EVP_MD_CTX *ctx)
163{
164 return SHA256_Init(ctx->md_data);
165}
166
167static int
168sha256_update(EVP_MD_CTX *ctx, const void *data, size_t count)
169{
170 return SHA256_Update(ctx->md_data, data, count);
171}
172
173static int
174sha256_final(EVP_MD_CTX *ctx, unsigned char *md)
175{
176 return SHA256_Final(md, ctx->md_data);
177}
178
179static const EVP_MD sha256_md = {
180 .type = NID_sha256,
181 .pkey_type = NID_sha256WithRSAEncryption,
182 .md_size = SHA256_DIGEST_LENGTH,
183 .flags = EVP_MD_FLAG_DIGALGID_ABSENT,
184 .init = sha256_init,
185 .update = sha256_update,
186 .final = sha256_final,
187 .copy = NULL,
188 .cleanup = NULL,
189 .block_size = SHA256_CBLOCK,
190 .ctx_size = sizeof(EVP_MD *) + sizeof(SHA256_CTX),
191};
192
193const EVP_MD *
194EVP_sha256(void)
195{
196 return &sha256_md;
197}
198LCRYPTO_ALIAS(EVP_sha256);
199#endif /* ifndef OPENSSL_NO_SHA256 */
200
201#ifndef OPENSSL_NO_SHA512
202static int
203sha384_init(EVP_MD_CTX *ctx)
204{
205 return SHA384_Init(ctx->md_data);
206}
207
208static int
209sha384_update(EVP_MD_CTX *ctx, const void *data, size_t count)
210{
211 /* See comment in SHA224/256 section */
212 return SHA512_Update(ctx->md_data, data, count);
213}
214
215static int
216sha384_final(EVP_MD_CTX *ctx, unsigned char *md)
217{
218 return SHA384_Final(md, ctx->md_data);
219}
220
221static const EVP_MD sha384_md = {
222 .type = NID_sha384,
223 .pkey_type = NID_sha384WithRSAEncryption,
224 .md_size = SHA384_DIGEST_LENGTH,
225 .flags = EVP_MD_FLAG_DIGALGID_ABSENT,
226 .init = sha384_init,
227 .update = sha384_update,
228 .final = sha384_final,
229 .copy = NULL,
230 .cleanup = NULL,
231 .block_size = SHA512_CBLOCK,
232 .ctx_size = sizeof(EVP_MD *) + sizeof(SHA512_CTX),
233};
234
235const EVP_MD *
236EVP_sha384(void)
237{
238 return &sha384_md;
239}
240LCRYPTO_ALIAS(EVP_sha384);
241
242static int
243sha512_init(EVP_MD_CTX *ctx)
244{
245 return SHA512_Init(ctx->md_data);
246}
247
248static int
249sha512_update(EVP_MD_CTX *ctx, const void *data, size_t count)
250{
251 return SHA512_Update(ctx->md_data, data, count);
252}
253
254static int
255sha512_final(EVP_MD_CTX *ctx, unsigned char *md)
256{
257 return SHA512_Final(md, ctx->md_data);
258}
259
260static const EVP_MD sha512_md = {
261 .type = NID_sha512,
262 .pkey_type = NID_sha512WithRSAEncryption,
263 .md_size = SHA512_DIGEST_LENGTH,
264 .flags = EVP_MD_FLAG_DIGALGID_ABSENT,
265 .init = sha512_init,
266 .update = sha512_update,
267 .final = sha512_final,
268 .copy = NULL,
269 .cleanup = NULL,
270 .block_size = SHA512_CBLOCK,
271 .ctx_size = sizeof(EVP_MD *) + sizeof(SHA512_CTX),
272};
273
274const EVP_MD *
275EVP_sha512(void)
276{
277 return &sha512_md;
278}
279LCRYPTO_ALIAS(EVP_sha512);
280
281static int
282sha512_224_init(EVP_MD_CTX *ctx)
283{
284 return SHA512_224_Init(ctx->md_data);
285}
286
287static int
288sha512_224_update(EVP_MD_CTX *ctx, const void *data, size_t count)
289{
290 return SHA512_224_Update(ctx->md_data, data, count);
291}
292
293static int
294sha512_224_final(EVP_MD_CTX *ctx, unsigned char *md)
295{
296 return SHA512_224_Final(md, ctx->md_data);
297}
298
299static const EVP_MD sha512_224_md = {
300 .type = NID_sha512_224,
301 .pkey_type = NID_sha512_224WithRSAEncryption,
302 .md_size = SHA512_224_DIGEST_LENGTH,
303 .flags = EVP_MD_FLAG_DIGALGID_ABSENT,
304 .init = sha512_224_init,
305 .update = sha512_224_update,
306 .final = sha512_224_final,
307 .copy = NULL,
308 .cleanup = NULL,
309 .block_size = SHA512_CBLOCK,
310 .ctx_size = sizeof(EVP_MD *) + sizeof(SHA512_CTX),
311};
312
313const EVP_MD *
314EVP_sha512_224(void)
315{
316 return &sha512_224_md;
317}
318LCRYPTO_ALIAS(EVP_sha512_224);
319
320static int
321sha512_256_init(EVP_MD_CTX *ctx)
322{
323 return SHA512_256_Init(ctx->md_data);
324}
325
326static int
327sha512_256_update(EVP_MD_CTX *ctx, const void *data, size_t count)
328{
329 return SHA512_256_Update(ctx->md_data, data, count);
330}
331
332static int
333sha512_256_final(EVP_MD_CTX *ctx, unsigned char *md)
334{
335 return SHA512_256_Final(md, ctx->md_data);
336}
337
338static const EVP_MD sha512_256_md = {
339 .type = NID_sha512_256,
340 .pkey_type = NID_sha512_256WithRSAEncryption,
341 .md_size = SHA512_256_DIGEST_LENGTH,
342 .flags = EVP_MD_FLAG_DIGALGID_ABSENT,
343 .init = sha512_256_init,
344 .update = sha512_256_update,
345 .final = sha512_256_final,
346 .copy = NULL,
347 .cleanup = NULL,
348 .block_size = SHA512_CBLOCK,
349 .ctx_size = sizeof(EVP_MD *) + sizeof(SHA512_CTX),
350};
351
352const EVP_MD *
353EVP_sha512_256(void)
354{
355 return &sha512_256_md;
356}
357LCRYPTO_ALIAS(EVP_sha512_256);
358#endif /* ifndef OPENSSL_NO_SHA512 */
diff --git a/src/lib/libcrypto/evp/m_sha3.c b/src/lib/libcrypto/evp/m_sha3.c
deleted file mode 100644
index a21833b605..0000000000
--- a/src/lib/libcrypto/evp/m_sha3.c
+++ /dev/null
@@ -1,177 +0,0 @@
1/* $OpenBSD: m_sha3.c,v 1.4 2024/04/09 13:52:41 beck Exp $ */
2/*
3 * Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/evp.h>
19
20#include "evp_local.h"
21#include "sha3_internal.h"
22
23static int
24sha3_224_init(EVP_MD_CTX *ctx)
25{
26 return sha3_init(ctx->md_data, SHA3_224_DIGEST_LENGTH);
27}
28
29static int
30sha3_224_update(EVP_MD_CTX *ctx, const void *data, size_t count)
31{
32 return sha3_update(ctx->md_data, data, count);
33}
34
35static int
36sha3_224_final(EVP_MD_CTX *ctx, unsigned char *md)
37{
38 return sha3_final(md, ctx->md_data);
39}
40
41static const EVP_MD sha3_224_md = {
42 .type = NID_sha3_224,
43 .pkey_type = NID_RSA_SHA3_224,
44 .md_size = SHA3_224_DIGEST_LENGTH,
45 .flags = EVP_MD_FLAG_DIGALGID_ABSENT,
46 .init = sha3_224_init,
47 .update = sha3_224_update,
48 .final = sha3_224_final,
49 .copy = NULL,
50 .cleanup = NULL,
51 .block_size = SHA3_224_BLOCK_SIZE,
52 .ctx_size = sizeof(EVP_MD *) + sizeof(sha3_ctx),
53};
54
55const EVP_MD *
56EVP_sha3_224(void)
57{
58 return &sha3_224_md;
59}
60LCRYPTO_ALIAS(EVP_sha3_224);
61
62static int
63sha3_256_init(EVP_MD_CTX *ctx)
64{
65 return sha3_init(ctx->md_data, SHA3_256_DIGEST_LENGTH);
66}
67
68static int
69sha3_256_update(EVP_MD_CTX *ctx, const void *data, size_t count)
70{
71 return sha3_update(ctx->md_data, data, count);
72}
73
74static int
75sha3_256_final(EVP_MD_CTX *ctx, unsigned char *md)
76{
77 return sha3_final(md, ctx->md_data);
78}
79
80static const EVP_MD sha3_256_md = {
81 .type = NID_sha3_256,
82 .pkey_type = NID_RSA_SHA3_256,
83 .md_size = SHA3_256_DIGEST_LENGTH,
84 .flags = EVP_MD_FLAG_DIGALGID_ABSENT,
85 .init = sha3_256_init,
86 .update = sha3_256_update,
87 .final = sha3_256_final,
88 .copy = NULL,
89 .cleanup = NULL,
90 .block_size = SHA3_256_BLOCK_SIZE,
91 .ctx_size = sizeof(EVP_MD *) + sizeof(sha3_ctx),
92};
93
94const EVP_MD *
95EVP_sha3_256(void)
96{
97 return &sha3_256_md;
98}
99LCRYPTO_ALIAS(EVP_sha3_256);
100
101static int
102sha3_384_init(EVP_MD_CTX *ctx)
103{
104 return sha3_init(ctx->md_data, SHA3_384_DIGEST_LENGTH);
105}
106
107static int
108sha3_384_update(EVP_MD_CTX *ctx, const void *data, size_t count)
109{
110 return sha3_update(ctx->md_data, data, count);
111}
112
113static int
114sha3_384_final(EVP_MD_CTX *ctx, unsigned char *md)
115{
116 return sha3_final(md, ctx->md_data);
117}
118
119static const EVP_MD sha3_384_md = {
120 .type = NID_sha3_384,
121 .pkey_type = NID_RSA_SHA3_384,
122 .md_size = SHA3_384_DIGEST_LENGTH,
123 .flags = EVP_MD_FLAG_DIGALGID_ABSENT,
124 .init = sha3_384_init,
125 .update = sha3_384_update,
126 .final = sha3_384_final,
127 .copy = NULL,
128 .cleanup = NULL,
129 .block_size = SHA3_384_BLOCK_SIZE,
130 .ctx_size = sizeof(EVP_MD *) + sizeof(sha3_ctx),
131};
132
133const EVP_MD *
134EVP_sha3_384(void)
135{
136 return &sha3_384_md;
137}
138LCRYPTO_ALIAS(EVP_sha3_384);
139
140static int
141sha3_512_init(EVP_MD_CTX *ctx)
142{
143 return sha3_init(ctx->md_data, SHA3_512_DIGEST_LENGTH);
144}
145
146static int
147sha3_512_update(EVP_MD_CTX *ctx, const void *data, size_t count)
148{
149 return sha3_update(ctx->md_data, data, count);
150}
151
152static int
153sha3_512_final(EVP_MD_CTX *ctx, unsigned char *md)
154{
155 return sha3_final(md, ctx->md_data);
156}
157
158static const EVP_MD sha3_512_md = {
159 .type = NID_sha3_512,
160 .pkey_type = NID_RSA_SHA3_512,
161 .md_size = SHA3_512_DIGEST_LENGTH,
162 .flags = EVP_MD_FLAG_DIGALGID_ABSENT,
163 .init = sha3_512_init,
164 .update = sha3_512_update,
165 .final = sha3_512_final,
166 .copy = NULL,
167 .cleanup = NULL,
168 .block_size = SHA3_512_BLOCK_SIZE,
169 .ctx_size = sizeof(EVP_MD *) + sizeof(sha3_ctx),
170};
171
172const EVP_MD *
173EVP_sha3_512(void)
174{
175 return &sha3_512_md;
176}
177LCRYPTO_ALIAS(EVP_sha3_512);
diff --git a/src/lib/libcrypto/evp/m_sigver.c b/src/lib/libcrypto/evp/m_sigver.c
deleted file mode 100644
index a3353854f1..0000000000
--- a/src/lib/libcrypto/evp/m_sigver.c
+++ /dev/null
@@ -1,271 +0,0 @@
1/* $OpenBSD: m_sigver.c,v 1.27 2024/04/09 13:52:41 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006.
4 */
5/* ====================================================================
6 * Copyright (c) 2006,2007 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/err.h>
62#include <openssl/evp.h>
63#include <openssl/objects.h>
64#include <openssl/x509.h>
65
66#include "evp_local.h"
67
68static int
69update_oneshot_only(EVP_MD_CTX *ctx, const void *data, size_t datalen)
70{
71 EVPerror(EVP_R_ONLY_ONESHOT_SUPPORTED);
72 return 0;
73}
74
75static int
76do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
77 EVP_PKEY *pkey, int ver)
78{
79 if (ctx->pctx == NULL)
80 ctx->pctx = EVP_PKEY_CTX_new(pkey, NULL);
81 if (ctx->pctx == NULL)
82 return 0;
83
84 if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) {
85 if (type == NULL) {
86 int def_nid;
87 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
88 type = EVP_get_digestbynid(def_nid);
89 }
90
91 if (type == NULL) {
92 EVPerror(EVP_R_NO_DEFAULT_DIGEST);
93 return 0;
94 }
95 }
96
97 if (ver) {
98 if (ctx->pctx->pmeth->digestverify != NULL) {
99 ctx->pctx->operation = EVP_PKEY_OP_VERIFY;
100 ctx->update = update_oneshot_only;
101 } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0)
102 return 0;
103 } else {
104 if (ctx->pctx->pmeth->signctx_init) {
105 if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0)
106 return 0;
107 ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
108 } else if (ctx->pctx->pmeth->digestsign != NULL) {
109 ctx->pctx->operation = EVP_PKEY_OP_SIGN;
110 ctx->update = update_oneshot_only;
111 } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0)
112 return 0;
113 }
114 if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
115 return 0;
116 if (pctx)
117 *pctx = ctx->pctx;
118 if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
119 return 1;
120 if (!EVP_DigestInit_ex(ctx, type, NULL))
121 return 0;
122 return 1;
123}
124
125int
126EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
127 ENGINE *e, EVP_PKEY *pkey)
128{
129 return do_sigver_init(ctx, pctx, type, pkey, 0);
130}
131LCRYPTO_ALIAS(EVP_DigestSignInit);
132
133int
134EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
135 ENGINE *e, EVP_PKEY *pkey)
136{
137 return do_sigver_init(ctx, pctx, type, pkey, 1);
138}
139LCRYPTO_ALIAS(EVP_DigestVerifyInit);
140
141static int
142evp_digestsignfinal_sigctx_custom(EVP_MD_CTX *ctx, unsigned char *sigret,
143 size_t *siglen)
144{
145 EVP_PKEY_CTX *pctx = ctx->pctx;
146 EVP_PKEY_CTX *dctx = NULL;
147 int ret = 0;
148
149 if (sigret == NULL)
150 return pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
151
152 /* XXX - support EVP_MD_CTX_FLAG_FINALISE? */
153 if ((dctx = EVP_PKEY_CTX_dup(pctx)) == NULL)
154 goto err;
155
156 if (!dctx->pmeth->signctx(dctx, sigret, siglen, ctx))
157 goto err;
158
159 ret = 1;
160
161 err:
162 EVP_PKEY_CTX_free(dctx);
163
164 return ret;
165}
166
167int
168EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
169{
170 EVP_PKEY_CTX *pctx = ctx->pctx;
171 EVP_MD_CTX *md_ctx = NULL;
172 unsigned char md[EVP_MAX_MD_SIZE];
173 unsigned int mdlen = 0;
174 int s;
175 int ret = 0;
176
177 if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
178 return evp_digestsignfinal_sigctx_custom(ctx, sigret, siglen);
179
180 if (sigret == NULL) {
181 if (ctx->pctx->pmeth->signctx != NULL) {
182 if (ctx->pctx->pmeth->signctx(ctx->pctx, NULL,
183 siglen, ctx) <= 0)
184 return 0;
185 return 1;
186 }
187
188 if ((s = EVP_MD_size(ctx->digest)) < 0)
189 return 0;
190 if (EVP_PKEY_sign(ctx->pctx, NULL, siglen, NULL, s) <= 0)
191 return 0;
192
193 return 1;
194 }
195
196 /* Use a copy since EVP_DigestFinal_ex() clears secrets. */
197 if ((md_ctx = EVP_MD_CTX_new()) == NULL)
198 goto err;
199 if (!EVP_MD_CTX_copy_ex(md_ctx, ctx))
200 goto err;
201 if (md_ctx->pctx->pmeth->signctx != NULL) {
202 if (md_ctx->pctx->pmeth->signctx(md_ctx->pctx,
203 sigret, siglen, md_ctx) <= 0)
204 goto err;
205 } else {
206 if (!EVP_DigestFinal_ex(md_ctx, md, &mdlen))
207 goto err;
208 /* Use the original ctx since secrets were cleared. */
209 if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0)
210 goto err;
211 }
212
213 ret = 1;
214
215 err:
216 EVP_MD_CTX_free(md_ctx);
217
218 return ret;
219}
220LCRYPTO_ALIAS(EVP_DigestSignFinal);
221
222int
223EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
224 const unsigned char *tbs, size_t tbslen)
225{
226 if (ctx->pctx->pmeth->digestsign != NULL)
227 return ctx->pctx->pmeth->digestsign(ctx, sigret, siglen,
228 tbs, tbslen);
229
230 if (sigret != NULL) {
231 if (EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0)
232 return 0;
233 }
234
235 return EVP_DigestSignFinal(ctx, sigret, siglen);
236}
237LCRYPTO_ALIAS(EVP_DigestSign);
238
239int
240EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen)
241{
242 EVP_MD_CTX tmp_ctx;
243 unsigned char md[EVP_MAX_MD_SIZE];
244 int r;
245 unsigned int mdlen = 0;
246
247 EVP_MD_CTX_legacy_clear(&tmp_ctx);
248 if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx))
249 return -1;
250 r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen);
251 EVP_MD_CTX_cleanup(&tmp_ctx);
252 if (!r)
253 return r;
254 return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen);
255}
256LCRYPTO_ALIAS(EVP_DigestVerifyFinal);
257
258int
259EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen,
260 const unsigned char *tbs, size_t tbslen)
261{
262 if (ctx->pctx->pmeth->digestverify != NULL)
263 return ctx->pctx->pmeth->digestverify(ctx, sigret, siglen,
264 tbs, tbslen);
265
266 if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0)
267 return -1;
268
269 return EVP_DigestVerifyFinal(ctx, sigret, siglen);
270}
271LCRYPTO_ALIAS(EVP_DigestVerify);
diff --git a/src/lib/libcrypto/evp/m_sm3.c b/src/lib/libcrypto/evp/m_sm3.c
deleted file mode 100644
index 672d06f9fd..0000000000
--- a/src/lib/libcrypto/evp/m_sm3.c
+++ /dev/null
@@ -1,69 +0,0 @@
1/* $OpenBSD: m_sm3.c,v 1.7 2024/04/09 13:52:41 beck Exp $ */
2/*
3 * Copyright (c) 2018, Ribose Inc
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/opensslconf.h>
19
20#ifndef OPENSSL_NO_SM3
21#include <openssl/evp.h>
22#include <openssl/sm3.h>
23
24#ifndef OPENSSL_NO_RSA
25#include <openssl/rsa.h>
26#endif
27
28#include "evp_local.h"
29
30static int
31sm3_init(EVP_MD_CTX *ctx)
32{
33 return SM3_Init(ctx->md_data);
34}
35
36static int
37sm3_update(EVP_MD_CTX *ctx, const void *data, size_t count)
38{
39 return SM3_Update(ctx->md_data, data, count);
40}
41
42static int
43sm3_final(EVP_MD_CTX *ctx, unsigned char *md)
44{
45 return SM3_Final(md, ctx->md_data);
46}
47
48static const EVP_MD sm3_md = {
49 .type = NID_sm3,
50 .pkey_type = NID_sm3WithRSAEncryption,
51 .md_size = SM3_DIGEST_LENGTH,
52 .flags = EVP_MD_FLAG_DIGALGID_ABSENT,
53 .init = sm3_init,
54 .update = sm3_update,
55 .final = sm3_final,
56 .copy = NULL,
57 .cleanup = NULL,
58 .block_size = SM3_CBLOCK,
59 .ctx_size = sizeof(EVP_MD *) + sizeof(SM3_CTX),
60};
61
62const EVP_MD *
63EVP_sm3(void)
64{
65 return &sm3_md;
66}
67LCRYPTO_ALIAS(EVP_sm3);
68
69#endif /* OPENSSL_NO_SM3 */
diff --git a/src/lib/libcrypto/evp/p_legacy.c b/src/lib/libcrypto/evp/p_legacy.c
deleted file mode 100644
index 01cfdbcd6a..0000000000
--- a/src/lib/libcrypto/evp/p_legacy.c
+++ /dev/null
@@ -1,200 +0,0 @@
1/* $OpenBSD: p_legacy.c,v 1.6 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdlib.h>
60
61#include <openssl/evp.h>
62#include <openssl/err.h>
63
64#include <openssl/rsa.h>
65
66#include "evp_local.h"
67
68int
69EVP_PKEY_decrypt_old(unsigned char *to, const unsigned char *from, int from_len,
70 EVP_PKEY *pkey)
71{
72 if (pkey->type != EVP_PKEY_RSA) {
73 EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA);
74 return -1;
75 }
76
77 return RSA_private_decrypt(from_len, from, to, pkey->pkey.rsa,
78 RSA_PKCS1_PADDING);
79}
80LCRYPTO_ALIAS(EVP_PKEY_decrypt_old);
81
82int
83EVP_PKEY_encrypt_old(unsigned char *to, const unsigned char *from, int from_len,
84 EVP_PKEY *pkey)
85{
86 if (pkey->type != EVP_PKEY_RSA) {
87 EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA);
88 return 0;
89 }
90
91 return RSA_public_encrypt(from_len, from, to, pkey->pkey.rsa,
92 RSA_PKCS1_PADDING);
93}
94LCRYPTO_ALIAS(EVP_PKEY_encrypt_old);
95
96int
97EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
98 const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv)
99{
100 unsigned char *key = NULL;
101 int i, size = 0, ret = 0;
102
103 if (type) {
104 if (!EVP_CIPHER_CTX_reset(ctx))
105 return 0;
106 if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL))
107 return 0;
108 }
109
110 if (!priv)
111 return 1;
112
113 if (priv->type != EVP_PKEY_RSA) {
114 EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA);
115 goto err;
116 }
117
118 size = RSA_size(priv->pkey.rsa);
119 key = malloc(size + 2);
120 if (key == NULL) {
121 /* ERROR */
122 EVPerror(ERR_R_MALLOC_FAILURE);
123 goto err;
124 }
125
126 i = EVP_PKEY_decrypt_old(key, ek, ekl, priv);
127 if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) {
128 /* ERROR */
129 goto err;
130 }
131 if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
132 goto err;
133
134 ret = 1;
135
136err:
137 freezero(key, size);
138 return (ret);
139}
140LCRYPTO_ALIAS(EVP_OpenInit);
141
142int
143EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
144{
145 int i;
146
147 i = EVP_DecryptFinal_ex(ctx, out, outl);
148 if (i)
149 i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
150 return (i);
151}
152LCRYPTO_ALIAS(EVP_OpenFinal);
153
154int
155EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
156 int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
157{
158 unsigned char key[EVP_MAX_KEY_LENGTH];
159 int i, iv_len;
160
161 if (type) {
162 if (!EVP_CIPHER_CTX_reset(ctx))
163 return 0;
164 if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
165 return 0;
166 }
167 if ((npubk <= 0) || !pubk)
168 return 1;
169 if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
170 return 0;
171 /* XXX - upper bound? */
172 if ((iv_len = EVP_CIPHER_CTX_iv_length(ctx)) < 0)
173 return 0;
174 if (iv_len > 0)
175 arc4random_buf(iv, iv_len);
176
177 if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
178 return 0;
179
180 for (i = 0; i < npubk; i++) {
181 ekl[i] = EVP_PKEY_encrypt_old(ek[i], key,
182 EVP_CIPHER_CTX_key_length(ctx), pubk[i]);
183 if (ekl[i] <= 0)
184 return (-1);
185 }
186 return (npubk);
187}
188LCRYPTO_ALIAS(EVP_SealInit);
189
190int
191EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
192{
193 int i;
194
195 i = EVP_EncryptFinal_ex(ctx, out, outl);
196 if (i)
197 i = EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL);
198 return i;
199}
200LCRYPTO_ALIAS(EVP_SealFinal);
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
deleted file mode 100644
index 95c7721303..0000000000
--- a/src/lib/libcrypto/evp/p_lib.c
+++ /dev/null
@@ -1,854 +0,0 @@
1/* $OpenBSD: p_lib.c,v 1.61 2024/08/22 12:24:24 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * licensing@OpenSSL.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 */
105
106#include <stdio.h>
107#include <stdlib.h>
108#include <string.h>
109
110#include <openssl/asn1.h>
111#include <openssl/bio.h>
112#include <openssl/cmac.h>
113#include <openssl/crypto.h>
114#include <openssl/err.h>
115#include <openssl/evp.h>
116#include <openssl/objects.h>
117#include <openssl/x509.h>
118
119#ifndef OPENSSL_NO_DH
120#include <openssl/dh.h>
121#endif
122#ifndef OPENSSL_NO_DSA
123#include <openssl/dsa.h>
124#endif
125#ifndef OPENSSL_NO_EC
126#include <openssl/ec.h>
127#endif
128#ifndef OPENSSL_NO_RSA
129#include <openssl/rsa.h>
130#endif
131
132#include "evp_local.h"
133
134extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
135extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
136extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meth;
137extern const EVP_PKEY_ASN1_METHOD dsa1_asn1_meth;
138extern const EVP_PKEY_ASN1_METHOD dsa2_asn1_meth;
139extern const EVP_PKEY_ASN1_METHOD dsa3_asn1_meth;
140extern const EVP_PKEY_ASN1_METHOD dsa4_asn1_meth;
141extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
142extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
143extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
144extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meth;
145extern const EVP_PKEY_ASN1_METHOD rsa2_asn1_meth;
146extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;
147extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth;
148
149static const EVP_PKEY_ASN1_METHOD *asn1_methods[] = {
150 &cmac_asn1_meth,
151 &dh_asn1_meth,
152 &dsa_asn1_meth,
153 &dsa1_asn1_meth,
154 &dsa2_asn1_meth,
155 &dsa3_asn1_meth,
156 &dsa4_asn1_meth,
157 &eckey_asn1_meth,
158 &ed25519_asn1_meth,
159 &hmac_asn1_meth,
160 &rsa_asn1_meth,
161 &rsa2_asn1_meth,
162 &rsa_pss_asn1_meth,
163 &x25519_asn1_meth,
164};
165
166#define N_ASN1_METHODS (sizeof(asn1_methods) / sizeof(asn1_methods[0]))
167
168int
169EVP_PKEY_asn1_get_count(void)
170{
171 return N_ASN1_METHODS;
172}
173LCRYPTO_ALIAS(EVP_PKEY_asn1_get_count);
174
175const EVP_PKEY_ASN1_METHOD *
176EVP_PKEY_asn1_get0(int idx)
177{
178 if (idx < 0 || idx >= N_ASN1_METHODS)
179 return NULL;
180
181 return asn1_methods[idx];
182}
183LCRYPTO_ALIAS(EVP_PKEY_asn1_get0);
184
185const EVP_PKEY_ASN1_METHOD *
186EVP_PKEY_asn1_find(ENGINE **engine, int pkey_id)
187{
188 size_t i;
189
190 if (engine != NULL)
191 *engine = NULL;
192
193 for (i = 0; i < N_ASN1_METHODS; i++) {
194 if (asn1_methods[i]->pkey_id == pkey_id)
195 return asn1_methods[i]->base_method;
196 }
197
198 return NULL;
199}
200LCRYPTO_ALIAS(EVP_PKEY_asn1_find);
201
202const EVP_PKEY_ASN1_METHOD *
203EVP_PKEY_asn1_find_str(ENGINE **engine, const char *str, int len)
204{
205 const EVP_PKEY_ASN1_METHOD *ameth;
206 size_t i, str_len;
207
208 if (engine != NULL)
209 *engine = NULL;
210
211 if (len < -1)
212 return NULL;
213 if (len == -1)
214 str_len = strlen(str);
215 else
216 str_len = len;
217
218 for (i = 0; i < N_ASN1_METHODS; i++) {
219 ameth = asn1_methods[i];
220 if ((ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0)
221 continue;
222 if (strlen(ameth->pem_str) != str_len)
223 continue;
224 if (strncasecmp(ameth->pem_str, str, str_len) == 0)
225 return ameth;
226 }
227
228 return NULL;
229}
230LCRYPTO_ALIAS(EVP_PKEY_asn1_find_str);
231
232int
233EVP_PKEY_asn1_get0_info(int *pkey_id, int *pkey_base_id, int *pkey_flags,
234 const char **info, const char **pem_str,
235 const EVP_PKEY_ASN1_METHOD *ameth)
236{
237 if (ameth == NULL)
238 return 0;
239
240 if (pkey_id != NULL)
241 *pkey_id = ameth->pkey_id;
242 if (pkey_base_id != NULL)
243 *pkey_base_id = ameth->base_method->pkey_id;
244 if (pkey_flags != NULL)
245 *pkey_flags = ameth->pkey_flags;
246 if (info != NULL)
247 *info = ameth->info;
248 if (pem_str != NULL)
249 *pem_str = ameth->pem_str;
250
251 return 1;
252}
253LCRYPTO_ALIAS(EVP_PKEY_asn1_get0_info);
254
255const EVP_PKEY_ASN1_METHOD*
256EVP_PKEY_get0_asn1(const EVP_PKEY *pkey)
257{
258 return pkey->ameth;
259}
260LCRYPTO_ALIAS(EVP_PKEY_get0_asn1);
261
262int
263EVP_PKEY_bits(const EVP_PKEY *pkey)
264{
265 if (pkey && pkey->ameth && pkey->ameth->pkey_bits)
266 return pkey->ameth->pkey_bits(pkey);
267 return 0;
268}
269LCRYPTO_ALIAS(EVP_PKEY_bits);
270
271int
272EVP_PKEY_security_bits(const EVP_PKEY *pkey)
273{
274 if (pkey == NULL)
275 return 0;
276 if (pkey->ameth == NULL || pkey->ameth->pkey_security_bits == NULL)
277 return -2;
278
279 return pkey->ameth->pkey_security_bits(pkey);
280}
281LCRYPTO_ALIAS(EVP_PKEY_security_bits);
282
283int
284EVP_PKEY_size(const EVP_PKEY *pkey)
285{
286 if (pkey && pkey->ameth && pkey->ameth->pkey_size)
287 return pkey->ameth->pkey_size(pkey);
288 return 0;
289}
290LCRYPTO_ALIAS(EVP_PKEY_size);
291
292int
293EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
294{
295#ifndef OPENSSL_NO_DSA
296 if (pkey->type == EVP_PKEY_DSA) {
297 int ret = pkey->save_parameters;
298
299 if (mode >= 0)
300 pkey->save_parameters = mode;
301 return (ret);
302 }
303#endif
304#ifndef OPENSSL_NO_EC
305 if (pkey->type == EVP_PKEY_EC) {
306 int ret = pkey->save_parameters;
307
308 if (mode >= 0)
309 pkey->save_parameters = mode;
310 return (ret);
311 }
312#endif
313 return (0);
314}
315LCRYPTO_ALIAS(EVP_PKEY_save_parameters);
316
317int
318EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
319{
320 if (to->type != from->type) {
321 EVPerror(EVP_R_DIFFERENT_KEY_TYPES);
322 goto err;
323 }
324
325 if (EVP_PKEY_missing_parameters(from)) {
326 EVPerror(EVP_R_MISSING_PARAMETERS);
327 goto err;
328 }
329 if (from->ameth && from->ameth->param_copy)
330 return from->ameth->param_copy(to, from);
331
332err:
333 return 0;
334}
335LCRYPTO_ALIAS(EVP_PKEY_copy_parameters);
336
337int
338EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
339{
340 if (pkey->ameth && pkey->ameth->param_missing)
341 return pkey->ameth->param_missing(pkey);
342 return 0;
343}
344LCRYPTO_ALIAS(EVP_PKEY_missing_parameters);
345
346int
347EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
348{
349 if (a->type != b->type)
350 return -1;
351 if (a->ameth && a->ameth->param_cmp)
352 return a->ameth->param_cmp(a, b);
353 return -2;
354}
355LCRYPTO_ALIAS(EVP_PKEY_cmp_parameters);
356
357int
358EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
359{
360 if (a->type != b->type)
361 return -1;
362
363 if (a->ameth) {
364 int ret;
365 /* Compare parameters if the algorithm has them */
366 if (a->ameth->param_cmp) {
367 ret = a->ameth->param_cmp(a, b);
368 if (ret <= 0)
369 return ret;
370 }
371
372 if (a->ameth->pub_cmp)
373 return a->ameth->pub_cmp(a, b);
374 }
375
376 return -2;
377}
378LCRYPTO_ALIAS(EVP_PKEY_cmp);
379
380EVP_PKEY *
381EVP_PKEY_new(void)
382{
383 EVP_PKEY *pkey;
384
385 if ((pkey = calloc(1, sizeof(*pkey))) == NULL) {
386 EVPerror(ERR_R_MALLOC_FAILURE);
387 return NULL;
388 }
389
390 pkey->type = EVP_PKEY_NONE;
391 pkey->references = 1;
392 pkey->save_parameters = 1;
393
394 return pkey;
395}
396LCRYPTO_ALIAS(EVP_PKEY_new);
397
398int
399EVP_PKEY_up_ref(EVP_PKEY *pkey)
400{
401 return CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY) > 1;
402}
403LCRYPTO_ALIAS(EVP_PKEY_up_ref);
404
405static void
406evp_pkey_free_pkey_ptr(EVP_PKEY *pkey)
407{
408 if (pkey == NULL || pkey->ameth == NULL || pkey->ameth->pkey_free == NULL)
409 return;
410
411 pkey->ameth->pkey_free(pkey);
412 pkey->pkey.ptr = NULL;
413}
414
415void
416EVP_PKEY_free(EVP_PKEY *pkey)
417{
418 if (pkey == NULL)
419 return;
420
421 if (CRYPTO_add(&pkey->references, -1, CRYPTO_LOCK_EVP_PKEY) > 0)
422 return;
423
424 evp_pkey_free_pkey_ptr(pkey);
425 freezero(pkey, sizeof(*pkey));
426}
427LCRYPTO_ALIAS(EVP_PKEY_free);
428
429int
430EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
431{
432 const EVP_PKEY_ASN1_METHOD *ameth;
433
434 evp_pkey_free_pkey_ptr(pkey);
435
436 if ((ameth = EVP_PKEY_asn1_find(NULL, type)) == NULL) {
437 EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
438 return 0;
439 }
440 if (pkey != NULL) {
441 pkey->ameth = ameth;
442 pkey->type = pkey->ameth->pkey_id;
443 }
444
445 return 1;
446}
447LCRYPTO_ALIAS(EVP_PKEY_set_type);
448
449int
450EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
451{
452 const EVP_PKEY_ASN1_METHOD *ameth;
453
454 evp_pkey_free_pkey_ptr(pkey);
455
456 if ((ameth = EVP_PKEY_asn1_find_str(NULL, str, len)) == NULL) {
457 EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
458 return 0;
459 }
460 if (pkey != NULL) {
461 pkey->ameth = ameth;
462 pkey->type = pkey->ameth->pkey_id;
463 }
464
465 return 1;
466}
467LCRYPTO_ALIAS(EVP_PKEY_set_type_str);
468
469int
470EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
471{
472 if (!EVP_PKEY_set_type(pkey, type))
473 return 0;
474
475 return (pkey->pkey.ptr = key) != NULL;
476}
477LCRYPTO_ALIAS(EVP_PKEY_assign);
478
479EVP_PKEY *
480EVP_PKEY_new_raw_private_key(int type, ENGINE *engine,
481 const unsigned char *private_key, size_t len)
482{
483 EVP_PKEY *pkey;
484
485 if ((pkey = EVP_PKEY_new()) == NULL)
486 goto err;
487
488 if (!EVP_PKEY_set_type(pkey, type))
489 goto err;
490
491 if (pkey->ameth->set_priv_key == NULL) {
492 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
493 goto err;
494 }
495 if (!pkey->ameth->set_priv_key(pkey, private_key, len)) {
496 EVPerror(EVP_R_KEY_SETUP_FAILED);
497 goto err;
498 }
499
500 return pkey;
501
502 err:
503 EVP_PKEY_free(pkey);
504
505 return NULL;
506}
507LCRYPTO_ALIAS(EVP_PKEY_new_raw_private_key);
508
509EVP_PKEY *
510EVP_PKEY_new_raw_public_key(int type, ENGINE *engine,
511 const unsigned char *public_key, size_t len)
512{
513 EVP_PKEY *pkey;
514
515 if ((pkey = EVP_PKEY_new()) == NULL)
516 goto err;
517
518 if (!EVP_PKEY_set_type(pkey, type))
519 goto err;
520
521 if (pkey->ameth->set_pub_key == NULL) {
522 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
523 goto err;
524 }
525 if (!pkey->ameth->set_pub_key(pkey, public_key, len)) {
526 EVPerror(EVP_R_KEY_SETUP_FAILED);
527 goto err;
528 }
529
530 return pkey;
531
532 err:
533 EVP_PKEY_free(pkey);
534
535 return NULL;
536}
537LCRYPTO_ALIAS(EVP_PKEY_new_raw_public_key);
538
539int
540EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey,
541 unsigned char *out_private_key, size_t *out_len)
542{
543 if (pkey->ameth->get_priv_key == NULL) {
544 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
545 return 0;
546 }
547 if (!pkey->ameth->get_priv_key(pkey, out_private_key, out_len)) {
548 EVPerror(EVP_R_GET_RAW_KEY_FAILED);
549 return 0;
550 }
551
552 return 1;
553}
554LCRYPTO_ALIAS(EVP_PKEY_get_raw_private_key);
555
556int
557EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey,
558 unsigned char *out_public_key, size_t *out_len)
559{
560 if (pkey->ameth->get_pub_key == NULL) {
561 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
562 return 0;
563 }
564 if (!pkey->ameth->get_pub_key(pkey, out_public_key, out_len)) {
565 EVPerror(EVP_R_GET_RAW_KEY_FAILED);
566 return 0;
567 }
568
569 return 1;
570}
571LCRYPTO_ALIAS(EVP_PKEY_get_raw_public_key);
572
573EVP_PKEY *
574EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len,
575 const EVP_CIPHER *cipher)
576{
577 EVP_PKEY *pkey = NULL;
578 CMAC_CTX *cmctx = NULL;
579
580 if ((pkey = EVP_PKEY_new()) == NULL)
581 goto err;
582 if ((cmctx = CMAC_CTX_new()) == NULL)
583 goto err;
584
585 if (!EVP_PKEY_set_type(pkey, EVP_PKEY_CMAC))
586 goto err;
587
588 if (!CMAC_Init(cmctx, priv, len, cipher, NULL)) {
589 EVPerror(EVP_R_KEY_SETUP_FAILED);
590 goto err;
591 }
592
593 pkey->pkey.ptr = cmctx;
594
595 return pkey;
596
597 err:
598 EVP_PKEY_free(pkey);
599 CMAC_CTX_free(cmctx);
600
601 return NULL;
602}
603LCRYPTO_ALIAS(EVP_PKEY_new_CMAC_key);
604
605void *
606EVP_PKEY_get0(const EVP_PKEY *pkey)
607{
608 return pkey->pkey.ptr;
609}
610LCRYPTO_ALIAS(EVP_PKEY_get0);
611
612const unsigned char *
613EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len)
614{
615 ASN1_OCTET_STRING *os;
616
617 if (pkey->type != EVP_PKEY_HMAC) {
618 EVPerror(EVP_R_EXPECTING_AN_HMAC_KEY);
619 return NULL;
620 }
621
622 os = EVP_PKEY_get0(pkey);
623 *len = os->length;
624
625 return os->data;
626}
627LCRYPTO_ALIAS(EVP_PKEY_get0_hmac);
628
629#ifndef OPENSSL_NO_RSA
630RSA *
631EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
632{
633 if (pkey->type == EVP_PKEY_RSA || pkey->type == EVP_PKEY_RSA_PSS)
634 return pkey->pkey.rsa;
635
636 EVPerror(EVP_R_EXPECTING_AN_RSA_KEY);
637 return NULL;
638}
639LCRYPTO_ALIAS(EVP_PKEY_get0_RSA);
640
641RSA *
642EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
643{
644 RSA *rsa;
645
646 if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL)
647 return NULL;
648
649 RSA_up_ref(rsa);
650
651 return rsa;
652}
653LCRYPTO_ALIAS(EVP_PKEY_get1_RSA);
654
655int
656EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
657{
658 int ret = EVP_PKEY_assign_RSA(pkey, key);
659 if (ret != 0)
660 RSA_up_ref(key);
661 return ret;
662}
663LCRYPTO_ALIAS(EVP_PKEY_set1_RSA);
664#endif
665
666#ifndef OPENSSL_NO_DSA
667DSA *
668EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
669{
670 if (pkey->type != EVP_PKEY_DSA) {
671 EVPerror(EVP_R_EXPECTING_A_DSA_KEY);
672 return NULL;
673 }
674 return pkey->pkey.dsa;
675}
676LCRYPTO_ALIAS(EVP_PKEY_get0_DSA);
677
678DSA *
679EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
680{
681 DSA *dsa;
682
683 if ((dsa = EVP_PKEY_get0_DSA(pkey)) == NULL)
684 return NULL;
685
686 DSA_up_ref(dsa);
687
688 return dsa;
689}
690LCRYPTO_ALIAS(EVP_PKEY_get1_DSA);
691
692int
693EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
694{
695 int ret = EVP_PKEY_assign_DSA(pkey, key);
696 if (ret != 0)
697 DSA_up_ref(key);
698 return ret;
699}
700LCRYPTO_ALIAS(EVP_PKEY_set1_DSA);
701#endif
702
703#ifndef OPENSSL_NO_EC
704EC_KEY *
705EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
706{
707 if (pkey->type != EVP_PKEY_EC) {
708 EVPerror(EVP_R_EXPECTING_A_EC_KEY);
709 return NULL;
710 }
711 return pkey->pkey.ec;
712}
713LCRYPTO_ALIAS(EVP_PKEY_get0_EC_KEY);
714
715EC_KEY *
716EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
717{
718 EC_KEY *key;
719
720 if ((key = EVP_PKEY_get0_EC_KEY(pkey)) == NULL)
721 return NULL;
722
723 EC_KEY_up_ref(key);
724
725 return key;
726}
727LCRYPTO_ALIAS(EVP_PKEY_get1_EC_KEY);
728
729int
730EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
731{
732 int ret = EVP_PKEY_assign_EC_KEY(pkey, key);
733 if (ret != 0)
734 EC_KEY_up_ref(key);
735 return ret;
736}
737LCRYPTO_ALIAS(EVP_PKEY_set1_EC_KEY);
738#endif
739
740
741#ifndef OPENSSL_NO_DH
742DH *
743EVP_PKEY_get0_DH(EVP_PKEY *pkey)
744{
745 if (pkey->type != EVP_PKEY_DH) {
746 EVPerror(EVP_R_EXPECTING_A_DH_KEY);
747 return NULL;
748 }
749 return pkey->pkey.dh;
750}
751LCRYPTO_ALIAS(EVP_PKEY_get0_DH);
752
753DH *
754EVP_PKEY_get1_DH(EVP_PKEY *pkey)
755{
756 DH *dh;
757
758 if ((dh = EVP_PKEY_get0_DH(pkey)) == NULL)
759 return NULL;
760
761 DH_up_ref(dh);
762
763 return dh;
764}
765LCRYPTO_ALIAS(EVP_PKEY_get1_DH);
766
767int
768EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
769{
770 int ret = EVP_PKEY_assign_DH(pkey, key);
771 if (ret != 0)
772 DH_up_ref(key);
773 return ret;
774}
775LCRYPTO_ALIAS(EVP_PKEY_set1_DH);
776#endif
777
778int
779EVP_PKEY_type(int type)
780{
781 const EVP_PKEY_ASN1_METHOD *ameth;
782
783 if ((ameth = EVP_PKEY_asn1_find(NULL, type)) != NULL)
784 return ameth->pkey_id;
785
786 return NID_undef;
787}
788LCRYPTO_ALIAS(EVP_PKEY_type);
789
790int
791EVP_PKEY_id(const EVP_PKEY *pkey)
792{
793 return pkey->type;
794}
795LCRYPTO_ALIAS(EVP_PKEY_id);
796
797int
798EVP_PKEY_base_id(const EVP_PKEY *pkey)
799{
800 return EVP_PKEY_type(pkey->type);
801}
802LCRYPTO_ALIAS(EVP_PKEY_base_id);
803
804static int
805unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent, const char *kstr)
806{
807 if (!BIO_indent(out, indent, 128))
808 return 0;
809 BIO_printf(out, "%s algorithm \"%s\" unsupported\n",
810 kstr, OBJ_nid2ln(pkey->type));
811 return 1;
812}
813
814int
815EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int indent,
816 ASN1_PCTX *pctx)
817{
818 if (pkey->ameth && pkey->ameth->pub_print)
819 return pkey->ameth->pub_print(out, pkey, indent, pctx);
820
821 return unsup_alg(out, pkey, indent, "Public Key");
822}
823LCRYPTO_ALIAS(EVP_PKEY_print_public);
824
825int
826EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, int indent,
827 ASN1_PCTX *pctx)
828{
829 if (pkey->ameth && pkey->ameth->priv_print)
830 return pkey->ameth->priv_print(out, pkey, indent, pctx);
831
832 return unsup_alg(out, pkey, indent, "Private Key");
833}
834LCRYPTO_ALIAS(EVP_PKEY_print_private);
835
836int
837EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, int indent,
838 ASN1_PCTX *pctx)
839{
840 if (pkey->ameth && pkey->ameth->param_print)
841 return pkey->ameth->param_print(out, pkey, indent, pctx);
842 return unsup_alg(out, pkey, indent, "Parameters");
843}
844LCRYPTO_ALIAS(EVP_PKEY_print_params);
845
846int
847EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
848{
849 if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
850 return -2;
851 return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID,
852 0, pnid);
853}
854LCRYPTO_ALIAS(EVP_PKEY_get_default_digest_nid);
diff --git a/src/lib/libcrypto/evp/p_sign.c b/src/lib/libcrypto/evp/p_sign.c
deleted file mode 100644
index 7f472ea716..0000000000
--- a/src/lib/libcrypto/evp/p_sign.c
+++ /dev/null
@@ -1,107 +0,0 @@
1/* $OpenBSD: p_sign.c,v 1.22 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/err.h>
62#include <openssl/evp.h>
63#include <openssl/objects.h>
64#include <openssl/x509.h>
65
66#include "evp_local.h"
67
68int
69EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
70 EVP_PKEY *pkey)
71{
72 unsigned char m[EVP_MAX_MD_SIZE];
73 unsigned int m_len;
74 EVP_MD_CTX *md_ctx;
75 EVP_PKEY_CTX *pkctx = NULL;
76 size_t sltmp;
77 int ret = 0;
78
79 *siglen = 0;
80
81 if ((md_ctx = EVP_MD_CTX_new()) == NULL)
82 goto err;
83 if (!EVP_MD_CTX_copy_ex(md_ctx, ctx))
84 goto err;
85 if (!EVP_DigestFinal_ex(md_ctx, &(m[0]), &m_len))
86 goto err;
87
88 sltmp = (size_t)EVP_PKEY_size(pkey);
89
90 if ((pkctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL)
91 goto err;
92 if (EVP_PKEY_sign_init(pkctx) <= 0)
93 goto err;
94 if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
95 goto err;
96 if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
97 goto err;
98 *siglen = sltmp;
99
100 ret = 1;
101
102 err:
103 EVP_MD_CTX_free(md_ctx);
104 EVP_PKEY_CTX_free(pkctx);
105 return ret;
106}
107LCRYPTO_ALIAS(EVP_SignFinal);
diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c
deleted file mode 100644
index 02132e2c38..0000000000
--- a/src/lib/libcrypto/evp/p_verify.c
+++ /dev/null
@@ -1,99 +0,0 @@
1/* $OpenBSD: p_verify.c,v 1.21 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/err.h>
62#include <openssl/evp.h>
63#include <openssl/objects.h>
64#include <openssl/x509.h>
65
66#include "evp_local.h"
67
68int
69EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
70 unsigned int siglen, EVP_PKEY *pkey)
71{
72 unsigned char m[EVP_MAX_MD_SIZE];
73 unsigned int m_len;
74 EVP_MD_CTX *md_ctx;
75 EVP_PKEY_CTX *pkctx = NULL;
76 int ret = 0;
77
78 if ((md_ctx = EVP_MD_CTX_new()) == NULL)
79 goto err;
80 if (!EVP_MD_CTX_copy_ex(md_ctx, ctx))
81 goto err;
82 if (!EVP_DigestFinal_ex(md_ctx, &(m[0]), &m_len))
83 goto err;
84
85 ret = -1;
86 if ((pkctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL)
87 goto err;
88 if (EVP_PKEY_verify_init(pkctx) <= 0)
89 goto err;
90 if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
91 goto err;
92 ret = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
93
94 err:
95 EVP_MD_CTX_free(md_ctx);
96 EVP_PKEY_CTX_free(pkctx);
97 return ret;
98}
99LCRYPTO_ALIAS(EVP_VerifyFinal);
diff --git a/src/lib/libcrypto/evp/pmeth_fn.c b/src/lib/libcrypto/evp/pmeth_fn.c
deleted file mode 100644
index 308c434f0d..0000000000
--- a/src/lib/libcrypto/evp/pmeth_fn.c
+++ /dev/null
@@ -1,344 +0,0 @@
1/* $OpenBSD: pmeth_fn.c,v 1.11 2024/04/12 09:41:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006.
4 */
5/* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61
62#include <openssl/err.h>
63#include <openssl/evp.h>
64#include <openssl/objects.h>
65
66#include "evp_local.h"
67
68#define M_check_autoarg(ctx, arg, arglen, err) \
69 if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \
70 { \
71 size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \
72 if (!arg) \
73 { \
74 *arglen = pksize; \
75 return 1; \
76 } \
77 else if (*arglen < pksize) \
78 { \
79 EVPerror(EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/\
80 return 0; \
81 } \
82 }
83
84int
85EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
86{
87 int ret;
88
89 if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) {
90 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
91 return -2;
92 }
93 ctx->operation = EVP_PKEY_OP_SIGN;
94 if (!ctx->pmeth->sign_init)
95 return 1;
96 ret = ctx->pmeth->sign_init(ctx);
97 if (ret <= 0)
98 ctx->operation = EVP_PKEY_OP_UNDEFINED;
99 return ret;
100}
101LCRYPTO_ALIAS(EVP_PKEY_sign_init);
102
103int
104EVP_PKEY_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
105 const unsigned char *tbs, size_t tbslen)
106{
107 if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) {
108 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
109 return -2;
110 }
111 if (ctx->operation != EVP_PKEY_OP_SIGN) {
112 EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
113 return -1;
114 }
115 M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
116 return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
117}
118LCRYPTO_ALIAS(EVP_PKEY_sign);
119
120int
121EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
122{
123 int ret;
124
125 if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) {
126 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
127 return -2;
128 }
129 ctx->operation = EVP_PKEY_OP_VERIFY;
130 if (!ctx->pmeth->verify_init)
131 return 1;
132 ret = ctx->pmeth->verify_init(ctx);
133 if (ret <= 0)
134 ctx->operation = EVP_PKEY_OP_UNDEFINED;
135 return ret;
136}
137LCRYPTO_ALIAS(EVP_PKEY_verify_init);
138
139int
140EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
141 const unsigned char *tbs, size_t tbslen)
142{
143 if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) {
144 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
145 return -2;
146 }
147 if (ctx->operation != EVP_PKEY_OP_VERIFY) {
148 EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
149 return -1;
150 }
151 return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
152}
153LCRYPTO_ALIAS(EVP_PKEY_verify);
154
155int
156EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
157{
158 if (ctx == NULL || ctx->pmeth == NULL ||
159 ctx->pmeth->verify_recover == NULL) {
160 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
161 return -2;
162 }
163
164 ctx->operation = EVP_PKEY_OP_VERIFYRECOVER;
165
166 return 1;
167}
168LCRYPTO_ALIAS(EVP_PKEY_verify_recover_init);
169
170int
171EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, unsigned char *rout, size_t *routlen,
172 const unsigned char *sig, size_t siglen)
173{
174 if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) {
175 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
176 return -2;
177 }
178 if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
179 EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
180 return -1;
181 }
182 M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
183 return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
184}
185LCRYPTO_ALIAS(EVP_PKEY_verify_recover);
186
187int
188EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx)
189{
190 if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->encrypt == NULL) {
191 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
192 return -2;
193 }
194
195 ctx->operation = EVP_PKEY_OP_ENCRYPT;
196
197 return 1;
198}
199LCRYPTO_ALIAS(EVP_PKEY_encrypt_init);
200
201int
202EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
203 const unsigned char *in, size_t inlen)
204{
205 if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {
206 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
207 return -2;
208 }
209 if (ctx->operation != EVP_PKEY_OP_ENCRYPT) {
210 EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
211 return -1;
212 }
213 M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT)
214 return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);
215}
216LCRYPTO_ALIAS(EVP_PKEY_encrypt);
217
218int
219EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx)
220{
221 if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->decrypt == NULL) {
222 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
223 return -2;
224 }
225
226 ctx->operation = EVP_PKEY_OP_DECRYPT;
227
228 return 1;
229}
230LCRYPTO_ALIAS(EVP_PKEY_decrypt_init);
231
232int
233EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
234 const unsigned char *in, size_t inlen)
235{
236 if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {
237 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
238 return -2;
239 }
240 if (ctx->operation != EVP_PKEY_OP_DECRYPT) {
241 EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
242 return -1;
243 }
244 M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
245 return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
246}
247LCRYPTO_ALIAS(EVP_PKEY_decrypt);
248
249int
250EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
251{
252 int ret;
253
254 if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {
255 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
256 return -2;
257 }
258 ctx->operation = EVP_PKEY_OP_DERIVE;
259 if (!ctx->pmeth->derive_init)
260 return 1;
261 ret = ctx->pmeth->derive_init(ctx);
262 if (ret <= 0)
263 ctx->operation = EVP_PKEY_OP_UNDEFINED;
264 return ret;
265}
266LCRYPTO_ALIAS(EVP_PKEY_derive_init);
267
268int
269EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
270{
271 int ret;
272
273 if (!ctx || !ctx->pmeth || !(ctx->pmeth->derive ||
274 ctx->pmeth->encrypt || ctx->pmeth->decrypt) ||
275 !ctx->pmeth->ctrl) {
276 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
277 return -2;
278 }
279 if (ctx->operation != EVP_PKEY_OP_DERIVE &&
280 ctx->operation != EVP_PKEY_OP_ENCRYPT &&
281 ctx->operation != EVP_PKEY_OP_DECRYPT) {
282 EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
283 return -1;
284 }
285
286 ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);
287
288 if (ret <= 0)
289 return ret;
290
291 if (ret == 2)
292 return 1;
293
294 if (!ctx->pkey) {
295 EVPerror(EVP_R_NO_KEY_SET);
296 return -1;
297 }
298
299 if (ctx->pkey->type != peer->type) {
300 EVPerror(EVP_R_DIFFERENT_KEY_TYPES);
301 return -1;
302 }
303
304 /* ran@cryptocom.ru: For clarity. The error is if parameters in peer are
305 * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return
306 * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1
307 * (different key types) is impossible here because it is checked earlier.
308 * -2 is OK for us here, as well as 1, so we can check for 0 only. */
309 if (!EVP_PKEY_missing_parameters(peer) &&
310 !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) {
311 EVPerror(EVP_R_DIFFERENT_PARAMETERS);
312 return -1;
313 }
314
315 EVP_PKEY_free(ctx->peerkey);
316 ctx->peerkey = peer;
317
318 ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
319
320 if (ret <= 0) {
321 ctx->peerkey = NULL;
322 return ret;
323 }
324
325 CRYPTO_add(&peer->references, 1, CRYPTO_LOCK_EVP_PKEY);
326 return 1;
327}
328LCRYPTO_ALIAS(EVP_PKEY_derive_set_peer);
329
330int
331EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
332{
333 if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {
334 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
335 return -2;
336 }
337 if (ctx->operation != EVP_PKEY_OP_DERIVE) {
338 EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
339 return -1;
340 }
341 M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
342 return ctx->pmeth->derive(ctx, key, pkeylen);
343}
344LCRYPTO_ALIAS(EVP_PKEY_derive);
diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c
deleted file mode 100644
index bc1c5bd7d2..0000000000
--- a/src/lib/libcrypto/evp/pmeth_gn.c
+++ /dev/null
@@ -1,227 +0,0 @@
1/* $OpenBSD: pmeth_gn.c,v 1.21 2024/08/31 09:14:21 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006.
4 */
5/* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61
62#include <openssl/bn.h>
63#include <openssl/err.h>
64#include <openssl/evp.h>
65#include <openssl/objects.h>
66
67#include "asn1_local.h"
68#include "bn_local.h"
69#include "evp_local.h"
70
71int
72EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
73{
74 if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->paramgen == NULL) {
75 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
76 return -2;
77 }
78
79 ctx->operation = EVP_PKEY_OP_PARAMGEN;
80
81 return 1;
82}
83LCRYPTO_ALIAS(EVP_PKEY_paramgen_init);
84
85int
86EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
87{
88 int ret;
89
90 if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->paramgen == NULL) {
91 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
92 return -2;
93 }
94
95 if (ctx->operation != EVP_PKEY_OP_PARAMGEN) {
96 EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
97 return -1;
98 }
99
100 if (ppkey == NULL)
101 return -1;
102
103 if (*ppkey == NULL)
104 *ppkey = EVP_PKEY_new();
105 if (*ppkey == NULL)
106 return -1;
107
108 if ((ret = ctx->pmeth->paramgen(ctx, *ppkey)) <= 0) {
109 EVP_PKEY_free(*ppkey);
110 *ppkey = NULL;
111 }
112
113 return ret;
114}
115LCRYPTO_ALIAS(EVP_PKEY_paramgen);
116
117int
118EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx)
119{
120 if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->keygen == NULL) {
121 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
122 return -2;
123 }
124
125 ctx->operation = EVP_PKEY_OP_KEYGEN;
126
127 return 1;
128}
129LCRYPTO_ALIAS(EVP_PKEY_keygen_init);
130
131int
132EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
133{
134 int ret;
135
136 if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->keygen == NULL) {
137 EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
138 return -2;
139 }
140 if (ctx->operation != EVP_PKEY_OP_KEYGEN) {
141 EVPerror(EVP_R_OPERATON_NOT_INITIALIZED);
142 return -1;
143 }
144
145 if (ppkey == NULL)
146 return -1;
147
148 if (*ppkey == NULL)
149 *ppkey = EVP_PKEY_new();
150 if (*ppkey == NULL)
151 return -1;
152
153 if ((ret = ctx->pmeth->keygen(ctx, *ppkey)) <= 0) {
154 EVP_PKEY_free(*ppkey);
155 *ppkey = NULL;
156 }
157
158 return ret;
159}
160LCRYPTO_ALIAS(EVP_PKEY_keygen);
161
162void
163EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb)
164{
165 ctx->pkey_gencb = cb;
166}
167LCRYPTO_ALIAS(EVP_PKEY_CTX_set_cb);
168
169EVP_PKEY_gen_cb *
170EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx)
171{
172 return ctx->pkey_gencb;
173}
174LCRYPTO_ALIAS(EVP_PKEY_CTX_get_cb);
175
176/* "translation callback" to call EVP_PKEY_CTX callbacks using BN_GENCB
177 * style callbacks.
178 */
179
180static int
181trans_cb(int a, int b, BN_GENCB *gcb)
182{
183 EVP_PKEY_CTX *ctx = gcb->arg;
184 ctx->keygen_info[0] = a;
185 ctx->keygen_info[1] = b;
186 return ctx->pkey_gencb(ctx);
187}
188
189void
190evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx)
191{
192 BN_GENCB_set(cb, trans_cb, ctx);
193}
194
195int
196EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx)
197{
198 if (idx == -1)
199 return ctx->keygen_info_count;
200 if (idx < 0 || idx >= ctx->keygen_info_count)
201 return 0;
202 return ctx->keygen_info[idx];
203}
204LCRYPTO_ALIAS(EVP_PKEY_CTX_get_keygen_info);
205
206EVP_PKEY *
207EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, int keylen)
208{
209 EVP_PKEY_CTX *mac_ctx = NULL;
210 EVP_PKEY *mac_key = NULL;
211
212 mac_ctx = EVP_PKEY_CTX_new_id(type, NULL);
213 if (!mac_ctx)
214 return NULL;
215 if (EVP_PKEY_keygen_init(mac_ctx) <= 0)
216 goto merr;
217 if (EVP_PKEY_CTX_ctrl(mac_ctx, -1, EVP_PKEY_OP_KEYGEN,
218 EVP_PKEY_CTRL_SET_MAC_KEY, keylen, (void *)key) <= 0)
219 goto merr;
220 if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0)
221 goto merr;
222
223merr:
224 EVP_PKEY_CTX_free(mac_ctx);
225 return mac_key;
226}
227LCRYPTO_ALIAS(EVP_PKEY_new_mac_key);
diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c
deleted file mode 100644
index fbf4057c38..0000000000
--- a/src/lib/libcrypto/evp/pmeth_lib.c
+++ /dev/null
@@ -1,366 +0,0 @@
1/* $OpenBSD: pmeth_lib.c,v 1.42 2025/01/20 12:57:28 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006.
4 */
5/* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <limits.h>
60#include <stdio.h>
61#include <stdlib.h>
62#include <string.h>
63
64#include <openssl/opensslconf.h>
65
66#include <openssl/err.h>
67#include <openssl/evp.h>
68#include <openssl/objects.h>
69#include <openssl/x509v3.h>
70
71#include "asn1_local.h"
72#include "evp_local.h"
73
74extern const EVP_PKEY_METHOD cmac_pkey_meth;
75extern const EVP_PKEY_METHOD dh_pkey_meth;
76extern const EVP_PKEY_METHOD dsa_pkey_meth;
77extern const EVP_PKEY_METHOD ec_pkey_meth;
78extern const EVP_PKEY_METHOD ed25519_pkey_meth;
79extern const EVP_PKEY_METHOD hkdf_pkey_meth;
80extern const EVP_PKEY_METHOD hmac_pkey_meth;
81extern const EVP_PKEY_METHOD rsa_pkey_meth;
82extern const EVP_PKEY_METHOD rsa_pss_pkey_meth;
83extern const EVP_PKEY_METHOD tls1_prf_pkey_meth;
84extern const EVP_PKEY_METHOD x25519_pkey_meth;
85
86static const EVP_PKEY_METHOD *pkey_methods[] = {
87 &cmac_pkey_meth,
88 &dh_pkey_meth,
89 &dsa_pkey_meth,
90 &ec_pkey_meth,
91 &ed25519_pkey_meth,
92 &hkdf_pkey_meth,
93 &hmac_pkey_meth,
94 &rsa_pkey_meth,
95 &rsa_pss_pkey_meth,
96 &tls1_prf_pkey_meth,
97 &x25519_pkey_meth,
98};
99
100#define N_PKEY_METHODS (sizeof(pkey_methods) / sizeof(pkey_methods[0]))
101
102static const EVP_PKEY_METHOD *
103evp_pkey_method_find(int nid)
104{
105 size_t i;
106
107 for (i = 0; i < N_PKEY_METHODS; i++) {
108 const EVP_PKEY_METHOD *pmeth = pkey_methods[i];
109 if (pmeth->pkey_id == nid)
110 return pmeth;
111 }
112
113 return NULL;
114}
115
116static EVP_PKEY_CTX *
117evp_pkey_ctx_new(EVP_PKEY *pkey, int nid)
118{
119 EVP_PKEY_CTX *pkey_ctx = NULL;
120 const EVP_PKEY_METHOD *pmeth;
121
122 if (nid == -1) {
123 if (pkey == NULL || pkey->ameth == NULL)
124 return NULL;
125 nid = pkey->ameth->pkey_id;
126 }
127
128 if ((pmeth = evp_pkey_method_find(nid)) == NULL) {
129 EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
130 goto err;
131 }
132
133 if ((pkey_ctx = calloc(1, sizeof(*pkey_ctx))) == NULL) {
134 EVPerror(ERR_R_MALLOC_FAILURE);
135 goto err;
136 }
137 pkey_ctx->pmeth = pmeth;
138 pkey_ctx->operation = EVP_PKEY_OP_UNDEFINED;
139 if ((pkey_ctx->pkey = pkey) != NULL)
140 EVP_PKEY_up_ref(pkey_ctx->pkey);
141
142 if (pmeth->init != NULL) {
143 if (pmeth->init(pkey_ctx) <= 0)
144 goto err;
145 }
146
147 return pkey_ctx;
148
149 err:
150 EVP_PKEY_CTX_free(pkey_ctx);
151
152 return NULL;
153}
154
155EVP_PKEY_CTX *
156EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *engine)
157{
158 return evp_pkey_ctx_new(pkey, -1);
159}
160LCRYPTO_ALIAS(EVP_PKEY_CTX_new);
161
162EVP_PKEY_CTX *
163EVP_PKEY_CTX_new_id(int nid, ENGINE *engine)
164{
165 return evp_pkey_ctx_new(NULL, nid);
166}
167LCRYPTO_ALIAS(EVP_PKEY_CTX_new_id);
168
169EVP_PKEY_CTX *
170EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
171{
172 EVP_PKEY_CTX *rctx = NULL;
173
174 if (pctx->pmeth == NULL || pctx->pmeth->copy == NULL)
175 goto err;
176 if ((rctx = calloc(1, sizeof(*rctx))) == NULL) {
177 EVPerror(ERR_R_MALLOC_FAILURE);
178 goto err;
179 }
180
181 rctx->pmeth = pctx->pmeth;
182
183 if ((rctx->pkey = pctx->pkey) != NULL)
184 EVP_PKEY_up_ref(rctx->pkey);
185 if ((rctx->peerkey = pctx->peerkey) != NULL)
186 EVP_PKEY_up_ref(rctx->peerkey);
187
188 rctx->operation = pctx->operation;
189
190 if (pctx->pmeth->copy(rctx, pctx) <= 0)
191 goto err;
192
193 return rctx;
194
195 err:
196 EVP_PKEY_CTX_free(rctx);
197 return NULL;
198}
199LCRYPTO_ALIAS(EVP_PKEY_CTX_dup);
200
201void
202EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx)
203{
204 if (ctx == NULL)
205 return;
206 if (ctx->pmeth && ctx->pmeth->cleanup)
207 ctx->pmeth->cleanup(ctx);
208 EVP_PKEY_free(ctx->pkey);
209 EVP_PKEY_free(ctx->peerkey);
210 free(ctx);
211}
212LCRYPTO_ALIAS(EVP_PKEY_CTX_free);
213
214int
215EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd,
216 int p1, void *p2)
217{
218 int ret;
219
220 if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) {
221 EVPerror(EVP_R_COMMAND_NOT_SUPPORTED);
222 return -2;
223 }
224 if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype))
225 return -1;
226
227 if (ctx->operation == EVP_PKEY_OP_UNDEFINED) {
228 EVPerror(EVP_R_NO_OPERATION_SET);
229 return -1;
230 }
231
232 if ((optype != -1) && !(ctx->operation & optype)) {
233 EVPerror(EVP_R_INVALID_OPERATION);
234 return -1;
235 }
236
237 ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2);
238
239 if (ret == -2)
240 EVPerror(EVP_R_COMMAND_NOT_SUPPORTED);
241
242 return ret;
243
244}
245LCRYPTO_ALIAS(EVP_PKEY_CTX_ctrl);
246
247/*
248 * This is practically unused and would best be a part of the openssl(1) code,
249 * but, unfortunately, openssl-ruby exposes this directly in an interface and
250 * it's currently the only way to do RSA-PSS in Ruby.
251 */
252int
253EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *name, const char *value)
254{
255 if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) {
256 EVPerror(EVP_R_COMMAND_NOT_SUPPORTED);
257 return -2;
258 }
259 if (!strcmp(name, "digest")) {
260 return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_TYPE_SIG,
261 EVP_PKEY_CTRL_MD, value);
262 }
263 return ctx->pmeth->ctrl_str(ctx, name, value);
264}
265LCRYPTO_ALIAS(EVP_PKEY_CTX_ctrl_str);
266
267int
268EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str)
269{
270 size_t len;
271
272 if ((len = strlen(str)) > INT_MAX)
273 return -1;
274
275 return ctx->pmeth->ctrl(ctx, cmd, len, (void *)str);
276}
277
278int
279EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hexstr)
280{
281 unsigned char *hex = NULL;
282 long length;
283 int ret = 0;
284
285 if ((hex = string_to_hex(hexstr, &length)) == NULL)
286 goto err;
287 if (length < 0 || length > INT_MAX) {
288 ret = -1;
289 goto err;
290 }
291
292 ret = ctx->pmeth->ctrl(ctx, cmd, length, hex);
293
294 err:
295 free(hex);
296 return ret;
297}
298
299int
300EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md_name)
301{
302 const EVP_MD *md;
303
304 if ((md = EVP_get_digestbyname(md_name)) == NULL) {
305 EVPerror(EVP_R_INVALID_DIGEST);
306 return 0;
307 }
308 return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, 0, (void *)md);
309}
310
311int
312EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx)
313{
314 return ctx->operation;
315}
316LCRYPTO_ALIAS(EVP_PKEY_CTX_get_operation);
317
318void
319EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen)
320{
321 ctx->keygen_info = dat;
322 ctx->keygen_info_count = datlen;
323}
324LCRYPTO_ALIAS(EVP_PKEY_CTX_set0_keygen_info);
325
326void
327EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data)
328{
329 ctx->data = data;
330}
331LCRYPTO_ALIAS(EVP_PKEY_CTX_set_data);
332
333void *
334EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx)
335{
336 return ctx->data;
337}
338LCRYPTO_ALIAS(EVP_PKEY_CTX_get_data);
339
340EVP_PKEY *
341EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx)
342{
343 return ctx->pkey;
344}
345LCRYPTO_ALIAS(EVP_PKEY_CTX_get0_pkey);
346
347EVP_PKEY *
348EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx)
349{
350 return ctx->peerkey;
351}
352LCRYPTO_ALIAS(EVP_PKEY_CTX_get0_peerkey);
353
354void
355EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data)
356{
357 ctx->app_data = data;
358}
359LCRYPTO_ALIAS(EVP_PKEY_CTX_set_app_data);
360
361void *
362EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx)
363{
364 return ctx->app_data;
365}
366LCRYPTO_ALIAS(EVP_PKEY_CTX_get_app_data);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-23 21:07:34 +0000