diff --git a/crypto/fipsmodule/evp/internal.h b/crypto/fipsmodule/evp/internal.h index 81915824312..c995380a7c0 100644 --- a/crypto/fipsmodule/evp/internal.h +++ b/crypto/fipsmodule/evp/internal.h @@ -61,6 +61,7 @@ #include #include +#include #if defined(__cplusplus) extern "C" { @@ -77,61 +78,9 @@ extern "C" { // This is an implementation detail of |EVP_PKEY_HMAC|. #define EVP_MD_CTX_HMAC 0x0800 -typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; + typedef struct evp_pkey_method_st EVP_PKEY_METHOD; -struct evp_pkey_asn1_method_st { - int pkey_id; - uint8_t oid[11]; - uint8_t oid_len; - - // pub_decode decodes |params| and |key| as a SubjectPublicKeyInfo - // and writes the result into |out|. It returns one on success and zero on - // error. |params| is the AlgorithmIdentifier after the OBJECT IDENTIFIER - // type field, and |key| is the contents of the subjectPublicKey with the - // leading padding byte checked and removed. Although X.509 uses BIT STRINGs - // to represent SubjectPublicKeyInfo, every key type defined encodes the key - // as a byte string with the same conversion to BIT STRING. - int (*pub_decode)(EVP_PKEY *out, CBS *params, CBS *key); - - // pub_encode encodes |key| as a SubjectPublicKeyInfo and appends the result - // to |out|. It returns one on success and zero on error. - int (*pub_encode)(CBB *out, const EVP_PKEY *key); - - int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b); - - // priv_decode decodes |params| and |key| as a PrivateKeyInfo and writes the - // result into |out|. It returns one on success and zero on error. |params| is - // the AlgorithmIdentifier after the OBJECT IDENTIFIER type field, and |key| - // is the contents of the OCTET STRING privateKey field. - int (*priv_decode)(EVP_PKEY *out, CBS *params, CBS *key, CBS *pubkey); - - // priv_encode encodes |key| as a PrivateKeyInfo and appends the result to - // |out|. It returns one on success and zero on error. - int (*priv_encode)(CBB *out, const EVP_PKEY *key); - - // priv_encode_v2 encodes |key| as a OneAsymmetricKey (RFC 5958) and appends - // the result to |out|. It returns one on success and zero on error. - int (*priv_encode_v2)(CBB *out, const EVP_PKEY *key); - - int (*set_priv_raw)(EVP_PKEY *pkey, const uint8_t *privkey, size_t privkey_len, const uint8_t *pubkey, size_t pubkey_len); - int (*set_pub_raw)(EVP_PKEY *pkey, const uint8_t *in, size_t len); - int (*get_priv_raw)(const EVP_PKEY *pkey, uint8_t *out, size_t *out_len); - int (*get_pub_raw)(const EVP_PKEY *pkey, uint8_t *out, size_t *out_len); - - // pkey_opaque returns 1 if the |pk| is opaque. Opaque keys are backed by - // custom implementations which do not expose key material and parameters. - int (*pkey_opaque)(const EVP_PKEY *pk); - - int (*pkey_size)(const EVP_PKEY *pk); - int (*pkey_bits)(const EVP_PKEY *pk); - - int (*param_missing)(const EVP_PKEY *pk); - int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from); - int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b); - - void (*pkey_free)(EVP_PKEY *pkey); -}; // EVP_PKEY_ASN1_METHOD struct evp_pkey_st { CRYPTO_refcount_t references; diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 9be4ea6aa68..ee29e94557e 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -928,6 +928,110 @@ OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_kem_new_raw_key(int nid, // to the secret key in |key|. OPENSSL_EXPORT int EVP_PKEY_kem_check_key(EVP_PKEY *key); +/******************** + + WORK IN PROGRESS + +vvvvvvvvvvvvvvvvvvvvv + +********************/ + + +// OpenSSL Docs: https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_ASN1_METHOD.html + +typedef struct evp_pkey_asn1_method_st { + int pkey_id; + uint8_t oid[11]; + uint8_t oid_len; + + // pub_decode decodes |params| and |key| as a SubjectPublicKeyInfo + // and writes the result into |out|. It returns one on success and zero on + // error. |params| is the AlgorithmIdentifier after the OBJECT IDENTIFIER + // type field, and |key| is the contents of the subjectPublicKey with the + // leading padding byte checked and removed. Although X.509 uses BIT STRINGs + // to represent SubjectPublicKeyInfo, every key type defined encodes the key + // as a byte string with the same conversion to BIT STRING. + int (*pub_decode)(EVP_PKEY *out, CBS *params, CBS *key); + + // pub_encode encodes |key| as a SubjectPublicKeyInfo and appends the result + // to |out|. It returns one on success and zero on error. + int (*pub_encode)(CBB *out, const EVP_PKEY *key); + + int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b); + + // priv_decode decodes |params| and |key| as a PrivateKeyInfo and writes the + // result into |out|. It returns one on success and zero on error. |params| is + // the AlgorithmIdentifier after the OBJECT IDENTIFIER type field, and |key| + // is the contents of the OCTET STRING privateKey field. + int (*priv_decode)(EVP_PKEY *out, CBS *params, CBS *key, CBS *pubkey); + + // priv_encode encodes |key| as a PrivateKeyInfo and appends the result to + // |out|. It returns one on success and zero on error. + int (*priv_encode)(CBB *out, const EVP_PKEY *key); + + // priv_encode_v2 encodes |key| as a OneAsymmetricKey (RFC 5958) and appends + // the result to |out|. It returns one on success and zero on error. + int (*priv_encode_v2)(CBB *out, const EVP_PKEY *key); + + int (*set_priv_raw)(EVP_PKEY *pkey, const uint8_t *privkey, size_t privkey_len, const uint8_t *pubkey, size_t pubkey_len); + int (*set_pub_raw)(EVP_PKEY *pkey, const uint8_t *in, size_t len); + int (*get_priv_raw)(const EVP_PKEY *pkey, uint8_t *out, size_t *out_len); + int (*get_pub_raw)(const EVP_PKEY *pkey, uint8_t *out, size_t *out_len); + + // pkey_opaque returns 1 if the |pk| is opaque. Opaque keys are backed by + // custom implementations which do not expose key material and parameters. + int (*pkey_opaque)(const EVP_PKEY *pk); + + int (*pkey_size)(const EVP_PKEY *pk); + int (*pkey_bits)(const EVP_PKEY *pk); + + int (*param_missing)(const EVP_PKEY *pk); + int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from); + int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b); + + void (*pkey_free)(EVP_PKEY *pkey); +} EVP_PKEY_ASN1_METHOD; + +// OpenSSL Docs: https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_asn1_find_str.html +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, + const char *str, int len); +int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, + int *ppkey_flags, const char **pinfo, + const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth); + +// OpenSSL Docs: https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_CTX_ctrl_str.html +int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); + + +// OpenSSL Docs: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_get_app_data.html +void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); +int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); +void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); + +// OpenSSL Docs: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_gen_cb.html +typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); + +// EVP_PKEY_get0 returns NULL. This function is provided for compatibility with +// OpenSSL but does not return anything. Use the typed |EVP_PKEY_get0_*| +// functions instead. +// +// Note: In OpenSSL, the returned type will be different depending on the type +// of |EVP_PKEY| consumed. This leads to misuage very easily and has been +// deprecated as a no-op to avoid so. +OPENSSL_EXPORT OPENSSL_DEPRECATED void *EVP_PKEY_get0(const EVP_PKEY *pkey); + +/******************** + +^^^^^^^^^^^^^^^^^^^^^ + + WORK IN PROGRESS + +********************/ + + // Deprecated functions. // EVP_PKEY_RSA2 was historically an alternate form for RSA public keys (OID @@ -1144,14 +1248,6 @@ OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *engine, // General No-op Functions [Deprecated]. -// EVP_PKEY_get0 returns NULL. This function is provided for compatibility with -// OpenSSL but does not return anything. Use the typed |EVP_PKEY_get0_*| -// functions instead. -// -// Note: In OpenSSL, the returned type will be different depending on the type -// of |EVP_PKEY| consumed. This leads to misuage very easily and has been -// deprecated as a no-op to avoid so. -OPENSSL_EXPORT OPENSSL_DEPRECATED void *EVP_PKEY_get0(const EVP_PKEY *pkey); // OpenSSL_add_all_algorithms does nothing. This has been deprecated since // OpenSSL 1.1.0.