diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libcrypto/evp/evp.h | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index 1aa2d6fb35..51011f2b14 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h | |||
| @@ -75,6 +75,10 @@ | |||
| 75 | #include <openssl/bio.h> | 75 | #include <openssl/bio.h> |
| 76 | #endif | 76 | #endif |
| 77 | 77 | ||
| 78 | #ifdef OPENSSL_FIPS | ||
| 79 | #include <openssl/fips.h> | ||
| 80 | #endif | ||
| 81 | |||
| 78 | /* | 82 | /* |
| 79 | #define EVP_RC2_KEY_SIZE 16 | 83 | #define EVP_RC2_KEY_SIZE 16 |
| 80 | #define EVP_RC4_KEY_SIZE 16 | 84 | #define EVP_RC4_KEY_SIZE 16 |
| @@ -250,9 +254,19 @@ typedef int evp_verify_method(int type,const unsigned char *m, | |||
| 250 | unsigned int m_length,const unsigned char *sigbuf, | 254 | unsigned int m_length,const unsigned char *sigbuf, |
| 251 | unsigned int siglen, void *key); | 255 | unsigned int siglen, void *key); |
| 252 | 256 | ||
| 257 | typedef struct | ||
| 258 | { | ||
| 259 | EVP_MD_CTX *mctx; | ||
| 260 | void *key; | ||
| 261 | } EVP_MD_SVCTX; | ||
| 262 | |||
| 253 | #define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single | 263 | #define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single |
| 254 | * block */ | 264 | * block */ |
| 255 | 265 | ||
| 266 | #define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */ | ||
| 267 | |||
| 268 | #define EVP_MD_FLAG_SVCTX 0x0800 /* pass EVP_MD_SVCTX to sign/verify */ | ||
| 269 | |||
| 256 | #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} | 270 | #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} |
| 257 | 271 | ||
| 258 | #ifndef OPENSSL_NO_DSA | 272 | #ifndef OPENSSL_NO_DSA |
| @@ -306,6 +320,15 @@ struct env_md_ctx_st | |||
| 306 | #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest | 320 | #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest |
| 307 | * in FIPS mode */ | 321 | * in FIPS mode */ |
| 308 | 322 | ||
| 323 | #define EVP_MD_CTX_FLAG_PAD_MASK 0xF0 /* RSA mode to use */ | ||
| 324 | #define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */ | ||
| 325 | #define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */ | ||
| 326 | #define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */ | ||
| 327 | #define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \ | ||
| 328 | ((ctx->flags>>16) &0xFFFF) /* seed length */ | ||
| 329 | #define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF /* salt len same as digest */ | ||
| 330 | #define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE /* salt max or auto recovered */ | ||
| 331 | |||
| 309 | struct evp_cipher_st | 332 | struct evp_cipher_st |
| 310 | { | 333 | { |
| 311 | int nid; | 334 | int nid; |
| @@ -349,6 +372,14 @@ struct evp_cipher_st | |||
| 349 | #define EVP_CIPH_NO_PADDING 0x100 | 372 | #define EVP_CIPH_NO_PADDING 0x100 |
| 350 | /* cipher handles random key generation */ | 373 | /* cipher handles random key generation */ |
| 351 | #define EVP_CIPH_RAND_KEY 0x200 | 374 | #define EVP_CIPH_RAND_KEY 0x200 |
| 375 | /* Note if suitable for use in FIPS mode */ | ||
| 376 | #define EVP_CIPH_FLAG_FIPS 0x400 | ||
| 377 | /* Allow non FIPS cipher in FIPS mode */ | ||
| 378 | #define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 | ||
| 379 | /* Allow use default ASN1 get/set iv */ | ||
| 380 | #define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 | ||
| 381 | /* Buffer length in bits not bytes: CFB1 mode only */ | ||
| 382 | #define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 | ||
| 352 | 383 | ||
| 353 | /* ctrl() values */ | 384 | /* ctrl() values */ |
| 354 | 385 | ||
| @@ -432,6 +463,18 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 432 | #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) | 463 | #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) |
| 433 | #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) | 464 | #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) |
| 434 | 465 | ||
| 466 | /* Macros to reduce FIPS dependencies: do NOT use in applications */ | ||
| 467 | #define M_EVP_MD_size(e) ((e)->md_size) | ||
| 468 | #define M_EVP_MD_block_size(e) ((e)->block_size) | ||
| 469 | #define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) | ||
| 470 | #define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) | ||
| 471 | #define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) | ||
| 472 | #define M_EVP_MD_type(e) ((e)->type) | ||
| 473 | #define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e)) | ||
| 474 | #define M_EVP_MD_CTX_md(e) ((e)->digest) | ||
| 475 | |||
| 476 | #define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) | ||
| 477 | |||
| 435 | int EVP_MD_type(const EVP_MD *md); | 478 | int EVP_MD_type(const EVP_MD *md); |
| 436 | #define EVP_MD_nid(e) EVP_MD_type(e) | 479 | #define EVP_MD_nid(e) EVP_MD_type(e) |
| 437 | #define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) | 480 | #define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) |
| @@ -527,6 +570,10 @@ int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, | |||
| 527 | const unsigned char *salt, const unsigned char *data, | 570 | const unsigned char *salt, const unsigned char *data, |
| 528 | int datal, int count, unsigned char *key,unsigned char *iv); | 571 | int datal, int count, unsigned char *key,unsigned char *iv); |
| 529 | 572 | ||
| 573 | void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); | ||
| 574 | void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); | ||
| 575 | int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags); | ||
| 576 | |||
| 530 | int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, | 577 | int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, |
| 531 | const unsigned char *key, const unsigned char *iv); | 578 | const unsigned char *key, const unsigned char *iv); |
| 532 | int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, | 579 | int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, |
| @@ -885,6 +932,24 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, | |||
| 885 | EVP_PBE_KEYGEN *keygen); | 932 | EVP_PBE_KEYGEN *keygen); |
| 886 | void EVP_PBE_cleanup(void); | 933 | void EVP_PBE_cleanup(void); |
| 887 | 934 | ||
| 935 | #ifdef OPENSSL_FIPS | ||
| 936 | #ifndef OPENSSL_NO_ENGINE | ||
| 937 | void int_EVP_MD_set_engine_callbacks( | ||
| 938 | int (*eng_md_init)(ENGINE *impl), | ||
| 939 | int (*eng_md_fin)(ENGINE *impl), | ||
| 940 | int (*eng_md_evp) | ||
| 941 | (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)); | ||
| 942 | void int_EVP_MD_init_engine_callbacks(void); | ||
| 943 | void int_EVP_CIPHER_set_engine_callbacks( | ||
| 944 | int (*eng_ciph_fin)(ENGINE *impl), | ||
| 945 | int (*eng_ciph_evp) | ||
| 946 | (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl)); | ||
| 947 | void int_EVP_CIPHER_init_engine_callbacks(void); | ||
| 948 | #endif | ||
| 949 | #endif | ||
| 950 | |||
| 951 | void EVP_add_alg_module(void); | ||
| 952 | |||
| 888 | /* BEGIN ERROR CODES */ | 953 | /* BEGIN ERROR CODES */ |
| 889 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 954 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
| 890 | * made after this point may be overwritten when the script is next run. | 955 | * made after this point may be overwritten when the script is next run. |
| @@ -895,16 +960,23 @@ void ERR_load_EVP_strings(void); | |||
| 895 | 960 | ||
| 896 | /* Function codes. */ | 961 | /* Function codes. */ |
| 897 | #define EVP_F_AES_INIT_KEY 133 | 962 | #define EVP_F_AES_INIT_KEY 133 |
| 963 | #define EVP_F_ALG_MODULE_INIT 138 | ||
| 898 | #define EVP_F_CAMELLIA_INIT_KEY 159 | 964 | #define EVP_F_CAMELLIA_INIT_KEY 159 |
| 899 | #define EVP_F_D2I_PKEY 100 | 965 | #define EVP_F_D2I_PKEY 100 |
| 966 | #define EVP_F_DO_EVP_ENC_ENGINE 140 | ||
| 967 | #define EVP_F_DO_EVP_ENC_ENGINE_FULL 141 | ||
| 968 | #define EVP_F_DO_EVP_MD_ENGINE 139 | ||
| 969 | #define EVP_F_DO_EVP_MD_ENGINE_FULL 142 | ||
| 900 | #define EVP_F_DSAPKEY2PKCS8 134 | 970 | #define EVP_F_DSAPKEY2PKCS8 134 |
| 901 | #define EVP_F_DSA_PKEY2PKCS8 135 | 971 | #define EVP_F_DSA_PKEY2PKCS8 135 |
| 902 | #define EVP_F_ECDSA_PKEY2PKCS8 129 | 972 | #define EVP_F_ECDSA_PKEY2PKCS8 129 |
| 903 | #define EVP_F_ECKEY_PKEY2PKCS8 132 | 973 | #define EVP_F_ECKEY_PKEY2PKCS8 132 |
| 974 | #define EVP_F_EVP_CIPHERINIT 137 | ||
| 904 | #define EVP_F_EVP_CIPHERINIT_EX 123 | 975 | #define EVP_F_EVP_CIPHERINIT_EX 123 |
| 905 | #define EVP_F_EVP_CIPHER_CTX_CTRL 124 | 976 | #define EVP_F_EVP_CIPHER_CTX_CTRL 124 |
| 906 | #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 | 977 | #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 |
| 907 | #define EVP_F_EVP_DECRYPTFINAL_EX 101 | 978 | #define EVP_F_EVP_DECRYPTFINAL_EX 101 |
| 979 | #define EVP_F_EVP_DIGESTINIT 136 | ||
| 908 | #define EVP_F_EVP_DIGESTINIT_EX 128 | 980 | #define EVP_F_EVP_DIGESTINIT_EX 128 |
| 909 | #define EVP_F_EVP_ENCRYPTFINAL_EX 127 | 981 | #define EVP_F_EVP_ENCRYPTFINAL_EX 127 |
| 910 | #define EVP_F_EVP_MD_CTX_COPY_EX 110 | 982 | #define EVP_F_EVP_MD_CTX_COPY_EX 110 |
| @@ -946,15 +1018,20 @@ void ERR_load_EVP_strings(void); | |||
| 946 | #define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 | 1018 | #define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 |
| 947 | #define EVP_R_DECODE_ERROR 114 | 1019 | #define EVP_R_DECODE_ERROR 114 |
| 948 | #define EVP_R_DIFFERENT_KEY_TYPES 101 | 1020 | #define EVP_R_DIFFERENT_KEY_TYPES 101 |
| 1021 | #define EVP_R_DISABLED_FOR_FIPS 144 | ||
| 949 | #define EVP_R_ENCODE_ERROR 115 | 1022 | #define EVP_R_ENCODE_ERROR 115 |
| 1023 | #define EVP_R_ERROR_LOADING_SECTION 145 | ||
| 1024 | #define EVP_R_ERROR_SETTING_FIPS_MODE 146 | ||
| 950 | #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 | 1025 | #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 |
| 951 | #define EVP_R_EXPECTING_AN_RSA_KEY 127 | 1026 | #define EVP_R_EXPECTING_AN_RSA_KEY 127 |
| 952 | #define EVP_R_EXPECTING_A_DH_KEY 128 | 1027 | #define EVP_R_EXPECTING_A_DH_KEY 128 |
| 953 | #define EVP_R_EXPECTING_A_DSA_KEY 129 | 1028 | #define EVP_R_EXPECTING_A_DSA_KEY 129 |
| 954 | #define EVP_R_EXPECTING_A_ECDSA_KEY 141 | 1029 | #define EVP_R_EXPECTING_A_ECDSA_KEY 141 |
| 955 | #define EVP_R_EXPECTING_A_EC_KEY 142 | 1030 | #define EVP_R_EXPECTING_A_EC_KEY 142 |
| 1031 | #define EVP_R_FIPS_MODE_NOT_SUPPORTED 147 | ||
| 956 | #define EVP_R_INITIALIZATION_ERROR 134 | 1032 | #define EVP_R_INITIALIZATION_ERROR 134 |
| 957 | #define EVP_R_INPUT_NOT_INITIALIZED 111 | 1033 | #define EVP_R_INPUT_NOT_INITIALIZED 111 |
| 1034 | #define EVP_R_INVALID_FIPS_MODE 148 | ||
| 958 | #define EVP_R_INVALID_KEY_LENGTH 130 | 1035 | #define EVP_R_INVALID_KEY_LENGTH 130 |
| 959 | #define EVP_R_IV_TOO_LARGE 102 | 1036 | #define EVP_R_IV_TOO_LARGE 102 |
| 960 | #define EVP_R_KEYGEN_FAILURE 120 | 1037 | #define EVP_R_KEYGEN_FAILURE 120 |
| @@ -966,6 +1043,7 @@ void ERR_load_EVP_strings(void); | |||
| 966 | #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 | 1043 | #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 |
| 967 | #define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 | 1044 | #define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 |
| 968 | #define EVP_R_PUBLIC_KEY_NOT_RSA 106 | 1045 | #define EVP_R_PUBLIC_KEY_NOT_RSA 106 |
| 1046 | #define EVP_R_UNKNOWN_OPTION 149 | ||
| 969 | #define EVP_R_UNKNOWN_PBE_ALGORITHM 121 | 1047 | #define EVP_R_UNKNOWN_PBE_ALGORITHM 121 |
| 970 | #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 | 1048 | #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 |
| 971 | #define EVP_R_UNSUPPORTED_CIPHER 107 | 1049 | #define EVP_R_UNSUPPORTED_CIPHER 107 |