EVP module documentation pass
Replace ECDH_KDF_X9_62() with internal ecdh_KDF_X9_63() Signed-off-by: Antoine Salon <asalon@vmware.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7345)
This commit is contained in:
Antoine Salon
Nicola Tuveri
parent
aeec793b4b
commit
ffd89124bd
23 changed files with 436 additions and 60 deletions
5
CHANGES
5
CHANGES
|
|
@ -9,6 +9,11 @@
|
|||
|
||||
Changes between 1.1.1 and 1.1.2 [xx XXX xxxx]
|
||||
|
||||
*) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
|
||||
the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
|
||||
are retained for backwards compatibility.
|
||||
[Antoine Salon]
|
||||
|
||||
*) AES-XTS mode now enforces that its two keys are different to mitigate
|
||||
the attacked described in "Efficient Instantiations of Tweakable
|
||||
Blockciphers and Refinements to Modes OCB and PMAC" by Phillip Rogaway.
|
||||
|
|
|
|||
|
|
@ -699,7 +699,7 @@ static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, int eckdf_nid)
|
|||
if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0)
|
||||
return 0;
|
||||
|
||||
if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0)
|
||||
if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0)
|
||||
return 0;
|
||||
|
||||
kdf_md = EVP_get_digestbynid(kdfmd_nid);
|
||||
|
|
@ -864,7 +864,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
|
|||
ecdh_nid = NID_dh_cofactor_kdf;
|
||||
|
||||
if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {
|
||||
kdf_type = EVP_PKEY_ECDH_KDF_X9_62;
|
||||
kdf_type = EVP_PKEY_ECDH_KDF_X9_63;
|
||||
if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
|
||||
goto err;
|
||||
} else
|
||||
|
|
|
|||
|
|
@ -209,7 +209,7 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,
|
|||
if (!pkey_ec_derive(ctx, ktmp, &ktmplen))
|
||||
goto err;
|
||||
/* Do KDF stuff */
|
||||
if (!ECDH_KDF_X9_62(key, *keylen, ktmp, ktmplen,
|
||||
if (!ecdh_KDF_X9_63(key, *keylen, ktmp, ktmplen,
|
||||
dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))
|
||||
goto err;
|
||||
rv = 1;
|
||||
|
|
@ -281,7 +281,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
|
|||
case EVP_PKEY_CTRL_EC_KDF_TYPE:
|
||||
if (p1 == -2)
|
||||
return dctx->kdf_type;
|
||||
if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_62)
|
||||
if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_63)
|
||||
return -2;
|
||||
dctx->kdf_type = p1;
|
||||
return 1;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
|
@ -10,12 +10,13 @@
|
|||
#include <string.h>
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/evp.h>
|
||||
#include "ec_lcl.h"
|
||||
|
||||
/* Key derivation function from X9.62/SECG */
|
||||
/* Key derivation function from X9.63/SECG */
|
||||
/* Way more than we will ever need */
|
||||
#define ECDH_KDF_MAX (1 << 30)
|
||||
|
||||
int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
|
||||
int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
|
||||
const unsigned char *Z, size_t Zlen,
|
||||
const unsigned char *sinfo, size_t sinfolen,
|
||||
const EVP_MD *md)
|
||||
|
|
@ -66,3 +67,15 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
|
|||
EVP_MD_CTX_free(mctx);
|
||||
return rv;
|
||||
}
|
||||
|
||||
/*-
|
||||
* The old name for ecdh_KDF_X9_63
|
||||
* Retained for ABI compatibility
|
||||
*/
|
||||
int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
|
||||
const unsigned char *Z, size_t Zlen,
|
||||
const unsigned char *sinfo, size_t sinfolen,
|
||||
const EVP_MD *md)
|
||||
{
|
||||
return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -41,5 +41,13 @@
|
|||
__owur int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res,
|
||||
const BIGNUM *x, BN_CTX *ctx);
|
||||
|
||||
/*-
|
||||
* ECDH Key Derivation Function as defined in ANSI X9.63
|
||||
*/
|
||||
int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
|
||||
const unsigned char *Z, size_t Zlen,
|
||||
const unsigned char *sinfo, size_t sinfolen,
|
||||
const EVP_MD *md);
|
||||
|
||||
# endif /* OPENSSL_NO_EC */
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@
|
|||
|
||||
#include "internal/sm2.h"
|
||||
#include "internal/sm2err.h"
|
||||
#include "internal/ec_int.h" /* ecdh_KDF_X9_63() */
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/bn.h>
|
||||
|
|
@ -203,7 +204,7 @@ int sm2_encrypt(const EC_KEY *key,
|
|||
}
|
||||
|
||||
/* X9.63 with no salt happens to match the KDF used in SM2 */
|
||||
if (!ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
|
||||
if (!ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
|
||||
digest)) {
|
||||
SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB);
|
||||
goto done;
|
||||
|
|
@ -344,7 +345,7 @@ int sm2_decrypt(const EC_KEY *key,
|
|||
|
||||
if (BN_bn2binpad(x2, x2y2, field_size) < 0
|
||||
|| BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0
|
||||
|| !ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
|
||||
|| !ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
|
||||
digest)) {
|
||||
SM2err(SM2_F_SM2_DECRYPT, ERR_R_INTERNAL_ERROR);
|
||||
goto done;
|
||||
|
|
|
|||
|
|
@ -4,20 +4,55 @@
|
|||
|
||||
EVP_PKEY_CTX_ctrl,
|
||||
EVP_PKEY_CTX_ctrl_str,
|
||||
EVP_PKEY_CTX_ctrl_uint64,
|
||||
EVP_PKEY_CTX_md,
|
||||
EVP_PKEY_CTX_set_signature_md,
|
||||
EVP_PKEY_CTX_get_signature_md,
|
||||
EVP_PKEY_CTX_set_mac_key,
|
||||
EVP_PKEY_CTX_set_rsa_padding,
|
||||
EVP_PKEY_CTX_get_rsa_padding,
|
||||
EVP_PKEY_CTX_set_rsa_pss_saltlen,
|
||||
EVP_PKEY_CTX_get_rsa_pss_saltlen,
|
||||
EVP_PKEY_CTX_set_rsa_keygen_bits,
|
||||
EVP_PKEY_CTX_set_rsa_keygen_pubexp,
|
||||
EVP_PKEY_CTX_set_rsa_keygen_primes,
|
||||
EVP_PKEY_CTX_set_rsa_mgf1_md,
|
||||
EVP_PKEY_CTX_get_rsa_mgf1_md,
|
||||
EVP_PKEY_CTX_set_rsa_oaep_md,
|
||||
EVP_PKEY_CTX_get_rsa_oaep_md,
|
||||
EVP_PKEY_CTX_set0_rsa_oaep_label,
|
||||
EVP_PKEY_CTX_get0_rsa_oaep_label,
|
||||
EVP_PKEY_CTX_set_dsa_paramgen_bits,
|
||||
EVP_PKEY_CTX_set_dh_paramgen_prime_len,
|
||||
EVP_PKEY_CTX_set_dh_paramgen_subprime_len,
|
||||
EVP_PKEY_CTX_set_dh_paramgen_generator,
|
||||
EVP_PKEY_CTX_set_dh_paramgen_type,
|
||||
EVP_PKEY_CTX_set_dh_rfc5114,
|
||||
EVP_PKEY_CTX_set_dhx_rfc5114,
|
||||
EVP_PKEY_CTX_set_dh_pad,
|
||||
EVP_PKEY_CTX_set_dh_nid,
|
||||
EVP_PKEY_CTX_set_dh_kdf_type,
|
||||
EVP_PKEY_CTX_get_dh_kdf_type,
|
||||
EVP_PKEY_CTX_set0_dh_kdf_oid,
|
||||
EVP_PKEY_CTX_get0_dh_kdf_oid,
|
||||
EVP_PKEY_CTX_set_dh_kdf_md,
|
||||
EVP_PKEY_CTX_get_dh_kdf_md,
|
||||
EVP_PKEY_CTX_set_dh_kdf_outlen,
|
||||
EVP_PKEY_CTX_get_dh_kdf_outlen,
|
||||
EVP_PKEY_CTX_set0_dh_kdf_ukm,
|
||||
EVP_PKEY_CTX_get0_dh_kdf_ukm,
|
||||
EVP_PKEY_CTX_set_ec_paramgen_curve_nid,
|
||||
EVP_PKEY_CTX_set_ec_param_enc,
|
||||
EVP_PKEY_CTX_set_ecdh_cofactor_mode,
|
||||
EVP_PKEY_CTX_get_ecdh_cofactor_mode,
|
||||
EVP_PKEY_CTX_set_ecdh_kdf_type,
|
||||
EVP_PKEY_CTX_get_ecdh_kdf_type,
|
||||
EVP_PKEY_CTX_set_ecdh_kdf_md,
|
||||
EVP_PKEY_CTX_get_ecdh_kdf_md,
|
||||
EVP_PKEY_CTX_set_ecdh_kdf_outlen,
|
||||
EVP_PKEY_CTX_get_ecdh_kdf_outlen,
|
||||
EVP_PKEY_CTX_set0_ecdh_kdf_ukm,
|
||||
EVP_PKEY_CTX_get0_ecdh_kdf_ukm,
|
||||
EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len
|
||||
- algorithm specific control operations
|
||||
|
||||
|
|
@ -27,9 +62,13 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len
|
|||
|
||||
int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
|
||||
int cmd, int p1, void *p2);
|
||||
int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
|
||||
int cmd, uint64_t value);
|
||||
int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
|
||||
const char *value);
|
||||
|
||||
int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md);
|
||||
|
||||
int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
|
||||
int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd);
|
||||
|
||||
|
|
@ -38,22 +77,58 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len
|
|||
#include <openssl/rsa.h>
|
||||
|
||||
int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad);
|
||||
int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad);
|
||||
int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len);
|
||||
int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *len);
|
||||
int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits);
|
||||
int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
|
||||
int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes);
|
||||
int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
|
||||
int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
|
||||
int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
|
||||
int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
|
||||
int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, int len);
|
||||
int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
|
||||
|
||||
#include <openssl/dsa.h>
|
||||
|
||||
int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
|
||||
|
||||
#include <openssl/dh.h>
|
||||
|
||||
int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len);
|
||||
int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int len);
|
||||
int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen);
|
||||
int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int type);
|
||||
int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad);
|
||||
int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid);
|
||||
int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114);
|
||||
int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114);
|
||||
int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
|
||||
int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx);
|
||||
int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid);
|
||||
int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid);
|
||||
int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
|
||||
int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
|
||||
int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
|
||||
int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
|
||||
int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len);
|
||||
int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
|
||||
|
||||
#include <openssl/ec.h>
|
||||
|
||||
int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
|
||||
int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc);
|
||||
int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode);
|
||||
int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx);
|
||||
int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
|
||||
int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx);
|
||||
int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
|
||||
int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
|
||||
int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
|
||||
int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
|
||||
int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len);
|
||||
int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
|
||||
|
||||
int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, void *id, size_t id_len);
|
||||
int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id);
|
||||
|
|
@ -73,6 +148,9 @@ and B<p2> is MAC key. This is used by Poly1305, SipHash, HMAC and CMAC.
|
|||
Applications will not normally call EVP_PKEY_CTX_ctrl() directly but will
|
||||
instead call one of the algorithm specific macros below.
|
||||
|
||||
The function EVP_PKEY_CTX_ctrl_uint64() is a wrapper that directly passes a
|
||||
uint64 value as B<p2> to EVP_PKEY_CTX_ctrl().
|
||||
|
||||
The function EVP_PKEY_CTX_ctrl_str() allows an application to send an algorithm
|
||||
specific control operation to a context B<ctx> in string form. This is
|
||||
intended to be used for options specified on the command line or in text
|
||||
|
|
@ -80,6 +158,9 @@ files. The commands supported are documented in the openssl utility
|
|||
command line pages for the option B<-pkeyopt> which is supported by the
|
||||
B<pkeyutl>, B<genpkey> and B<req> commands.
|
||||
|
||||
The function EVP_PKEY_CTX_md() sends a message digest control operation
|
||||
to the context B<ctx>. The message digest is specified by its name B<md>.
|
||||
|
||||
All the remaining "functions" are implemented as macros.
|
||||
|
||||
The EVP_PKEY_CTX_set_signature_md() macro sets the message digest type used
|
||||
|
|
@ -99,12 +180,14 @@ L<EVP_PKEY_new_raw_private_key(3)> or similar functions instead of this macro.
|
|||
The EVP_PKEY_CTX_set_mac_key() macro can be used with any of the algorithms
|
||||
supported by the L<EVP_PKEY_new_raw_private_key(3)> function.
|
||||
|
||||
The macro EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for B<ctx>.
|
||||
The B<pad> parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding,
|
||||
RSA_SSLV23_PADDING for SSLv23 padding, RSA_NO_PADDING for no padding,
|
||||
RSA_PKCS1_OAEP_PADDING for OAEP padding (encrypt and decrypt only),
|
||||
RSA_X931_PADDING for X9.31 padding (signature operations only) and
|
||||
RSA_PKCS1_PSS_PADDING (sign and verify only).
|
||||
=head2 RSA parameters
|
||||
|
||||
The EVP_PKEY_CTX_set_rsa_padding() macro sets the RSA padding mode for B<ctx>.
|
||||
The B<pad> parameter can take the value B<RSA_PKCS1_PADDING> for PKCS#1
|
||||
padding, B<RSA_SSLV23_PADDING> for SSLv23 padding, B<RSA_NO_PADDING> for
|
||||
no padding, B<RSA_PKCS1_OAEP_PADDING> for OAEP padding (encrypt and
|
||||
decrypt only), B<RSA_X931_PADDING> for X9.31 padding (signature operations
|
||||
only) and B<RSA_PKCS1_PSS_PADDING> (sign and verify only).
|
||||
|
||||
Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md()
|
||||
is used. If this macro is called for PKCS#1 padding the plaintext buffer is
|
||||
|
|
@ -116,41 +199,154 @@ padding for RSA the algorithm identifier byte is added or checked and removed
|
|||
if this control is called. If it is not called then the first byte of the plaintext
|
||||
buffer is expected to be the algorithm identifier byte.
|
||||
|
||||
The EVP_PKEY_CTX_get_rsa_padding() macro gets the RSA padding mode for B<ctx>.
|
||||
|
||||
The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro sets the RSA PSS salt length to
|
||||
B<len> as its name implies it is only supported for PSS padding. Three special
|
||||
values are supported: RSA_PSS_SALTLEN_DIGEST sets the salt length to the
|
||||
digest length, RSA_PSS_SALTLEN_MAX sets the salt length to the maximum
|
||||
permissible value. When verifying RSA_PSS_SALTLEN_AUTO causes the salt length
|
||||
B<len>. As its name implies it is only supported for PSS padding. Three special
|
||||
values are supported: B<RSA_PSS_SALTLEN_DIGEST> sets the salt length to the
|
||||
digest length, B<RSA_PSS_SALTLEN_MAX> sets the salt length to the maximum
|
||||
permissible value. When verifying B<RSA_PSS_SALTLEN_AUTO> causes the salt length
|
||||
to be automatically determined based on the B<PSS> block structure. If this
|
||||
macro is not called maximum salt length is used when signing and auto detection
|
||||
when verifying is used by default.
|
||||
|
||||
The EVP_PKEY_CTX_get_rsa_pss_saltlen() macro gets the RSA PSS salt length
|
||||
for B<ctx>. The padding mode must have been set to B<RSA_PKCS1_PSS_PADDING>.
|
||||
|
||||
The EVP_PKEY_CTX_set_rsa_keygen_bits() macro sets the RSA key length for
|
||||
RSA key generation to B<bits>. If not specified 1024 bits is used.
|
||||
|
||||
The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value
|
||||
for RSA key generation to B<pubexp> currently it should be an odd integer. The
|
||||
for RSA key generation to B<pubexp>. Currently it should be an odd integer. The
|
||||
B<pubexp> pointer is used internally by this function so it should not be
|
||||
modified or free after the call. If this macro is not called then 65537 is used.
|
||||
modified or freed after the call. If not specified 65537 is used.
|
||||
|
||||
The macro EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used
|
||||
The EVP_PKEY_CTX_set_rsa_keygen_primes() macro sets the number of primes for
|
||||
RSA key generation to B<primes>. If not specified 2 is used.
|
||||
|
||||
The EVP_PKEY_CTX_set_rsa_mgf1_md() macro sets the MGF1 digest for RSA padding
|
||||
schemes to B<md>. If not explicitly set the signing digest is used. The
|
||||
padding mode must have been set to B<RSA_PKCS1_OAEP_PADDING>
|
||||
or B<RSA_PKCS1_PSS_PADDING>.
|
||||
|
||||
The EVP_PKEY_CTX_get_rsa_mgf1_md() macro gets the MGF1 digest for B<ctx>.
|
||||
If not explicitly set the signing digest is used. The padding mode must have
|
||||
been set to B<RSA_PKCS1_OAEP_PADDING> or B<RSA_PKCS1_PSS_PADDING>.
|
||||
|
||||
The EVP_PKEY_CTX_set_rsa_oaep_md() macro sets the message digest type used
|
||||
in RSA OAEP to B<md>. The padding mode must have been set to
|
||||
B<RSA_PKCS1_OAEP_PADDING>.
|
||||
|
||||
The EVP_PKEY_CTX_get_rsa_oaep_md() macro gets the message digest type used
|
||||
in RSA OAEP to B<md>. The padding mode must have been set to
|
||||
B<RSA_PKCS1_OAEP_PADDING>.
|
||||
|
||||
The EVP_PKEY_CTX_set0_rsa_oaep_label() macro sets the RSA OAEP label to
|
||||
B<label> and its length to B<len>. If B<label> is NULL or B<len> is 0,
|
||||
the label is cleared. The library takes ownership of the label so the
|
||||
caller should not free the original memory pointed to by B<label>.
|
||||
The padding mode must have been set to B<RSA_PKCS1_OAEP_PADDING>.
|
||||
|
||||
The EVP_PKEY_CTX_get0_rsa_oaep_label() macro gets the RSA OAEP label to
|
||||
B<label>. The return value is the label length. The padding mode
|
||||
must have been set to B<RSA_PKCS1_OAEP_PADDING>. The resulting pointer is owned
|
||||
by the library and should not be freed by the caller.
|
||||
|
||||
=head2 DSA parameters
|
||||
|
||||
The EVP_PKEY_CTX_set_dsa_paramgen_bits() macro sets the number of bits used
|
||||
for DSA parameter generation to B<bits>. If not specified 1024 is used.
|
||||
|
||||
The macro EVP_PKEY_CTX_set_dh_paramgen_prime_len() sets the length of the DH
|
||||
=head2 DH parameters
|
||||
|
||||
The EVP_PKEY_CTX_set_dh_paramgen_prime_len() macro sets the length of the DH
|
||||
prime parameter B<p> for DH parameter generation. If this macro is not called
|
||||
then 1024 is used.
|
||||
then 1024 is used. Only accepts lengths greater than or equal to 256.
|
||||
|
||||
The EVP_PKEY_CTX_set_dh_paramgen_subprime_len() macro sets the length of the DH
|
||||
optional subprime parameter B<q> for DH parameter generation. The default is
|
||||
256 if the prime is at least 2048 bits long or 160 otherwise. The DH
|
||||
paramgen type must have been set to x9.42.
|
||||
|
||||
The EVP_PKEY_CTX_set_dh_paramgen_generator() macro sets DH generator to B<gen>
|
||||
for DH parameter generation. If not specified 2 is used.
|
||||
|
||||
The EVP_PKEY_CTX_set_dh_paramgen_type() macro sets the key type for DH
|
||||
parameter generation. Use 0 for PKCS#3 DH and 1 for X9.42 DH.
|
||||
The default is 0.
|
||||
|
||||
The EVP_PKEY_CTX_set_dh_pad() macro sets the DH padding mode. If B<pad> is
|
||||
1 the shared secret is padded with zeroes up to the size of the DH prime B<p>.
|
||||
If B<pad> is zero (the default) then no padding is performed.
|
||||
|
||||
EVP_PKEY_CTX_set_dh_nid() sets the DH parameters to values corresponding to
|
||||
B<nid>. The B<nid> parameter must be B<NID_ffdhe2048>, B<NID_ffdhe3072>,
|
||||
B<NID_ffdhe4096>, B<NID_ffdhe6144> or B<NID_ffdhe8192>. This macro can be
|
||||
called during parameter or key generation.
|
||||
B<nid> as defined in RFC7919. The B<nid> parameter must be B<NID_ffdhe2048>,
|
||||
B<NID_ffdhe3072>, B<NID_ffdhe4096>, B<NID_ffdhe6144>, B<NID_ffdhe8192>
|
||||
or B<NID_undef> to clear the stored value. This macro can be called during
|
||||
parameter or key generation.
|
||||
The nid parameter and the rfc5114 parameter are mutually exclusive.
|
||||
|
||||
The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are
|
||||
synonymous. They set the DH parameters to the values defined in RFC5114. The
|
||||
B<rfc5114> parameter must be 1, 2 or 3 corresponding to RFC5114 sections
|
||||
2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called
|
||||
during parameter generation. The B<ctx> must have a key type of
|
||||
B<EVP_PKEY_DHX>.
|
||||
The rfc5114 parameter and the nid parameter are mutually exclusive.
|
||||
|
||||
=head2 DH key derivation function parameters
|
||||
|
||||
Note that all of the following functions require that the B<ctx> parameter has
|
||||
a private key type of B<EVP_PKEY_DHX>. When using key derivation, the output of
|
||||
EVP_PKEY_derive() is the output of the KDF instead of the DH shared secret.
|
||||
The KDF output is typically used as a Key Encryption Key (KEK) that in turn
|
||||
encrypts a Content Encryption Key (CEK).
|
||||
|
||||
The EVP_PKEY_CTX_set_dh_kdf_type() macro sets the key derivation function type
|
||||
to B<kdf> for DH key derivation. Possible values are B<EVP_PKEY_DH_KDF_NONE>
|
||||
and B<EVP_PKEY_DH_KDF_X9_42> which uses the key derivation specified in RFC2631
|
||||
(based on the keying algorithm described in X9.42). When using key derivation,
|
||||
the B<kdf_oid>, B<kdf_md> and B<kdf_outlen> parameters must also be specified.
|
||||
|
||||
The EVP_PKEY_CTX_get_dh_kdf_type() macro gets the key derivation function type
|
||||
for B<ctx> used for DH key derivation. Possible values are B<EVP_PKEY_DH_KDF_NONE>
|
||||
and B<EVP_PKEY_DH_KDF_X9_42>.
|
||||
|
||||
The EVP_PKEY_CTX_set0_dh_kdf_oid() macro sets the key derivation function
|
||||
object identifier to B<oid> for DH key derivation. This OID should identify
|
||||
the algorithm to be used with the Content Encryption Key.
|
||||
The library takes ownership of the object identifier so the caller should not
|
||||
free the original memory pointed to by B<oid>.
|
||||
|
||||
The EVP_PKEY_CTX_get0_dh_kdf_oid() macro gets the key derivation function oid
|
||||
for B<ctx> used for DH key derivation. The resulting pointer is owned by the
|
||||
library and should not be freed by the caller.
|
||||
|
||||
The EVP_PKEY_CTX_set_dh_kdf_md() macro sets the key derivation function
|
||||
message digest to B<md> for DH key derivation. Note that RFC2631 specifies
|
||||
that this digest should be SHA1 but OpenSSL tolerates other digests.
|
||||
|
||||
The EVP_PKEY_CTX_get_dh_kdf_md() macro gets the key derivation function
|
||||
message digest for B<ctx> used for DH key derivation.
|
||||
|
||||
The EVP_PKEY_CTX_set_dh_kdf_outlen() macro sets the key derivation function
|
||||
output length to B<len> for DH key derivation.
|
||||
|
||||
The EVP_PKEY_CTX_get_dh_kdf_outlen() macro gets the key derivation function
|
||||
output length for B<ctx> used for DH key derivation.
|
||||
|
||||
The EVP_PKEY_CTX_set0_dh_kdf_ukm() macro sets the user key material to
|
||||
B<ukm> and its length to B<len> for DH key derivation. This parameter is optional
|
||||
and corresponds to the partyAInfo field in RFC2631 terms. The specification
|
||||
requires that it is 512 bits long but this is not enforced by OpenSSL.
|
||||
The library takes ownership of the user key material so the caller should not
|
||||
free the original memory pointed to by B<ukm>.
|
||||
|
||||
The EVP_PKEY_CTX_get0_dh_kdf_ukm() macro gets the user key material for B<ctx>.
|
||||
The return value is the user key material length. The resulting pointer is owned
|
||||
by the library and should not be freed by the caller.
|
||||
|
||||
=head2 EC parameters
|
||||
|
||||
The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter
|
||||
generation to B<nid>. For EC parameter generation this macro must be called
|
||||
|
|
@ -158,7 +354,7 @@ or an error occurs because there is no default curve.
|
|||
This function can also be called to set the curve explicitly when
|
||||
generating an EC key.
|
||||
|
||||
The EVP_PKEY_CTX_set_ec_param_enc() sets the EC parameter encoding to
|
||||
The EVP_PKEY_CTX_set_ec_param_enc() macro sets the EC parameter encoding to
|
||||
B<param_enc> when generating EC parameters or an EC key. The encoding can be
|
||||
B<OPENSSL_EC_EXPLICIT_CURVE> for explicit parameters (the default in versions
|
||||
of OpenSSL before 1.1.0) or B<OPENSSL_EC_NAMED_CURVE> to use named curve form.
|
||||
|
|
@ -166,6 +362,53 @@ For maximum compatibility the named curve form should be used. Note: the
|
|||
B<OPENSSL_EC_NAMED_CURVE> value was only added to OpenSSL 1.1.0; previous
|
||||
versions should use 0 instead.
|
||||
|
||||
=head2 ECDH parameters
|
||||
|
||||
The EVP_PKEY_CTX_set_ecdh_cofactor_mode() macro sets the cofactor mode to
|
||||
B<cofactor_mode> for ECDH key derivation. Possible values are 1 to enable
|
||||
cofactor key derivation, 0 to disable it and -1 to clear the stored cofactor
|
||||
mode and fallback to the private key cofactor mode.
|
||||
|
||||
The EVP_PKEY_CTX_get_ecdh_cofactor_mode() macro returns the cofactor mode for
|
||||
B<ctx> used for ECDH key derivation. Possible values are 1 when cofactor key
|
||||
derivation is enabled and 0 otherwise.
|
||||
|
||||
=head2 ECDH key derivation function parameters
|
||||
|
||||
The EVP_PKEY_CTX_set_ecdh_kdf_type() macro sets the key derivation function type
|
||||
to B<kdf> for ECDH key derivation. Possible values are B<EVP_PKEY_ECDH_KDF_NONE>
|
||||
and B<EVP_PKEY_ECDH_KDF_X9_63> which uses the key derivation specified in X9.63.
|
||||
When using key derivation, the B<kdf_md> and B<kdf_outlen> parameters must
|
||||
also be specified.
|
||||
|
||||
The EVP_PKEY_CTX_get_ecdh_kdf_type() macro returns the key derivation function
|
||||
type for B<ctx> used for ECDH key derivation. Possible values are
|
||||
B<EVP_PKEY_ECDH_KDF_NONE> and B<EVP_PKEY_ECDH_KDF_X9_63>.
|
||||
|
||||
The EVP_PKEY_CTX_set_ecdh_kdf_md() macro sets the key derivation function
|
||||
message digest to B<md> for ECDH key derivation. Note that X9.63 specifies
|
||||
that this digest should be SHA1 but OpenSSL tolerates other digests.
|
||||
|
||||
The EVP_PKEY_CTX_get_ecdh_kdf_md() macro gets the key derivation function
|
||||
message digest for B<ctx> used for ECDH key derivation.
|
||||
|
||||
The EVP_PKEY_CTX_set_ecdh_kdf_outlen() macro sets the key derivation function
|
||||
output length to B<len> for ECDH key derivation.
|
||||
|
||||
The EVP_PKEY_CTX_get_ecdh_kdf_outlen() macro gets the key derivation function
|
||||
output length for B<ctx> used for ECDH key derivation.
|
||||
|
||||
The EVP_PKEY_CTX_set0_ecdh_kdf_ukm() macro sets the user key material to B<ukm>
|
||||
for ECDH key derivation. This parameter is optional and corresponds to the
|
||||
shared info in X9.63 terms. The library takes ownership of the user key material
|
||||
so the caller should not free the original memory pointed to by B<ukm>.
|
||||
|
||||
The EVP_PKEY_CTX_get0_ecdh_kdf_ukm() macro gets the user key material for B<ctx>.
|
||||
The return value is the user key material length. The resulting pointer is owned
|
||||
by the library and should not be freed by the caller.
|
||||
|
||||
=head2 Other parameters
|
||||
|
||||
The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len()
|
||||
macros are used to manipulate the special identifier field for specific signature
|
||||
algorithms such as SM2. The EVP_PKEY_CTX_set1_id() sets an ID pointed by B<id> with
|
||||
|
|
@ -191,7 +434,7 @@ L<EVP_PKEY_decrypt(3)>,
|
|||
L<EVP_PKEY_sign(3)>,
|
||||
L<EVP_PKEY_verify(3)>,
|
||||
L<EVP_PKEY_verify_recover(3)>,
|
||||
L<EVP_PKEY_derive(3)>
|
||||
L<EVP_PKEY_derive(3)>,
|
||||
L<EVP_PKEY_keygen(3)>
|
||||
|
||||
=head1 HISTORY
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro is used to set the salt length.
|
|||
If the key has usage restrictions then an error is returned if an attempt is
|
||||
made to set the salt length below the minimum value. It is otherwise similar
|
||||
to the B<RSA> operation except detection of the salt length (using
|
||||
RSA_PSS_SALTLEN_AUTO is not supported for verification if the key has
|
||||
RSA_PSS_SALTLEN_AUTO) is not supported for verification if the key has
|
||||
usage restrictions.
|
||||
|
||||
The EVP_PKEY_CTX_set_signature_md() and EVP_PKEY_CTX_set_rsa_mgf1_md() macros
|
||||
|
|
@ -43,7 +43,7 @@ similar to the B<RSA> versions.
|
|||
|
||||
=head2 Key Generation
|
||||
|
||||
As with RSA key generation the EVP_PKEY_CTX_set_rsa_rsa_keygen_bits()
|
||||
As with RSA key generation the EVP_PKEY_CTX_set_rsa_keygen_bits()
|
||||
and EVP_PKEY_CTX_set_rsa_keygen_pubexp() macros are supported for RSA-PSS:
|
||||
they have exactly the same meaning as for the RSA algorithm.
|
||||
|
||||
|
|
|
|||
|
|
@ -6,8 +6,10 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
|
|||
EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
|
||||
EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
|
||||
EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
|
||||
EVP_PKEY_assign_EC_KEY, EVP_PKEY_get0_hmac, EVP_PKEY_type, EVP_PKEY_id,
|
||||
EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine - EVP_PKEY assignment functions
|
||||
EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH,
|
||||
EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash,
|
||||
EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type,
|
||||
EVP_PKEY_set1_engine - EVP_PKEY assignment functions
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
|
|
@ -24,6 +26,8 @@ EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine - EVP_PKEY assig
|
|||
EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
|
||||
|
||||
const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
|
||||
const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
|
||||
const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
|
||||
RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
|
||||
DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
|
||||
DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
|
||||
|
|
@ -33,6 +37,8 @@ EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine - EVP_PKEY assig
|
|||
int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
|
||||
int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
|
||||
int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
|
||||
int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
|
||||
int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
|
||||
|
||||
int EVP_PKEY_id(const EVP_PKEY *pkey);
|
||||
int EVP_PKEY_base_id(const EVP_PKEY *pkey);
|
||||
|
|
@ -50,14 +56,15 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
|
|||
EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or
|
||||
B<NULL> if the key is not of the correct type.
|
||||
|
||||
EVP_PKEY_get0_hmac(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
|
||||
EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() also return the
|
||||
referenced key in B<pkey> or B<NULL> if the key is not of the
|
||||
correct type but the reference count of the returned key is
|
||||
B<not> incremented and so must not be freed up after use.
|
||||
EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(),
|
||||
EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH()
|
||||
and EVP_PKEY_get0_EC_KEY() also return the referenced key in B<pkey> or B<NULL>
|
||||
if the key is not of the correct type but the reference count of the
|
||||
returned key is B<not> incremented and so must not be freed up after use.
|
||||
|
||||
EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
|
||||
and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key>
|
||||
EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
|
||||
EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and
|
||||
EVP_PKEY_assign_SIPHASH() also set the referenced key to B<key>
|
||||
however these use the supplied B<key> internally and so B<key>
|
||||
will be freed when the parent B<pkey> is freed.
|
||||
|
||||
|
|
@ -89,8 +96,9 @@ In accordance with the OpenSSL naming convention the key obtained
|
|||
from or assigned to the B<pkey> using the B<1> functions must be
|
||||
freed as well as B<pkey>.
|
||||
|
||||
EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
|
||||
and EVP_PKEY_assign_EC_KEY() are implemented as macros.
|
||||
EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
|
||||
EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305()
|
||||
and EVP_PKEY_assign_SIPHASH() are implemented as macros.
|
||||
|
||||
Most applications wishing to know a key type will simply call
|
||||
EVP_PKEY_base_id() and will not care about the actual type:
|
||||
|
|
@ -119,8 +127,9 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
|
|||
EVP_PKEY_get1_EC_KEY() return the referenced key or B<NULL> if
|
||||
an error occurred.
|
||||
|
||||
EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
|
||||
and EVP_PKEY_assign_EC_KEY() return 1 for success and 0 for failure.
|
||||
EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
|
||||
EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305()
|
||||
and EVP_PKEY_assign_SIPHASH() return 1 for success and 0 for failure.
|
||||
|
||||
EVP_PKEY_base_id(), EVP_PKEY_id() and EVP_PKEY_type() return a key
|
||||
type or B<NID_undef> (equivalently B<EVP_PKEY_NONE>) on error.
|
||||
|
|
|
|||
|
|
@ -14,6 +14,9 @@ EVP_aes_256_cfb1,
|
|||
EVP_aes_128_cfb8,
|
||||
EVP_aes_192_cfb8,
|
||||
EVP_aes_256_cfb8,
|
||||
EVP_aes_128_cfb128,
|
||||
EVP_aes_192_cfb128,
|
||||
EVP_aes_256_cfb128,
|
||||
EVP_aes_128_ctr,
|
||||
EVP_aes_192_ctr,
|
||||
EVP_aes_256_ctr,
|
||||
|
|
@ -75,6 +78,9 @@ EVP_aes_256_cfb1(),
|
|||
EVP_aes_128_cfb8(),
|
||||
EVP_aes_192_cfb8(),
|
||||
EVP_aes_256_cfb8(),
|
||||
EVP_aes_128_cfb128(),
|
||||
EVP_aes_192_cfb128(),
|
||||
EVP_aes_256_cfb128(),
|
||||
EVP_aes_128_ctr(),
|
||||
EVP_aes_192_ctr(),
|
||||
EVP_aes_256_ctr(),
|
||||
|
|
|
|||
|
|
@ -14,6 +14,9 @@ EVP_aria_256_cfb1,
|
|||
EVP_aria_128_cfb8,
|
||||
EVP_aria_192_cfb8,
|
||||
EVP_aria_256_cfb8,
|
||||
EVP_aria_128_cfb128,
|
||||
EVP_aria_192_cfb128,
|
||||
EVP_aria_256_cfb128,
|
||||
EVP_aria_128_ctr,
|
||||
EVP_aria_192_ctr,
|
||||
EVP_aria_256_ctr,
|
||||
|
|
@ -60,6 +63,9 @@ EVP_aria_256_cfb1(),
|
|||
EVP_aria_128_cfb8(),
|
||||
EVP_aria_192_cfb8(),
|
||||
EVP_aria_256_cfb8(),
|
||||
EVP_aria_128_cfb128(),
|
||||
EVP_aria_192_cfb128(),
|
||||
EVP_aria_256_cfb128(),
|
||||
EVP_aria_128_ctr(),
|
||||
EVP_aria_192_ctr(),
|
||||
EVP_aria_256_ctr(),
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@
|
|||
|
||||
EVP_bf_cbc,
|
||||
EVP_bf_cfb,
|
||||
EVP_bf_cfb64,
|
||||
EVP_bf_ecb,
|
||||
EVP_bf_ofb
|
||||
- EVP Blowfish cipher
|
||||
|
|
@ -14,6 +15,7 @@ EVP_bf_ofb
|
|||
|
||||
const EVP_CIPHER *EVP_bf_cbc(void)
|
||||
const EVP_CIPHER *EVP_bf_cfb(void)
|
||||
const EVP_CIPHER *EVP_bf_cfb64(void)
|
||||
const EVP_CIPHER *EVP_bf_ecb(void)
|
||||
const EVP_CIPHER *EVP_bf_ofb(void)
|
||||
|
||||
|
|
@ -27,6 +29,7 @@ This is a variable key length cipher.
|
|||
|
||||
=item EVP_bf_cbc(),
|
||||
EVP_bf_cfb(),
|
||||
EVP_bf_cfb64(),
|
||||
EVP_bf_ecb(),
|
||||
EVP_bf_ofb()
|
||||
|
||||
|
|
|
|||
|
|
@ -14,6 +14,9 @@ EVP_camellia_256_cfb1,
|
|||
EVP_camellia_128_cfb8,
|
||||
EVP_camellia_192_cfb8,
|
||||
EVP_camellia_256_cfb8,
|
||||
EVP_camellia_128_cfb128,
|
||||
EVP_camellia_192_cfb128,
|
||||
EVP_camellia_256_cfb128,
|
||||
EVP_camellia_128_ctr,
|
||||
EVP_camellia_192_ctr,
|
||||
EVP_camellia_256_ctr,
|
||||
|
|
@ -54,6 +57,9 @@ EVP_camellia_256_cfb1(),
|
|||
EVP_camellia_128_cfb8(),
|
||||
EVP_camellia_192_cfb8(),
|
||||
EVP_camellia_256_cfb8(),
|
||||
EVP_camellia_128_cfb128(),
|
||||
EVP_camellia_192_cfb128(),
|
||||
EVP_camellia_256_cfb128(),
|
||||
EVP_camellia_128_ctr(),
|
||||
EVP_camellia_192_ctr(),
|
||||
EVP_camellia_256_ctr(),
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@
|
|||
|
||||
EVP_cast5_cbc,
|
||||
EVP_cast5_cfb,
|
||||
EVP_cast5_cfb64,
|
||||
EVP_cast5_ecb,
|
||||
EVP_cast5_ofb
|
||||
- EVP CAST cipher
|
||||
|
|
@ -14,6 +15,7 @@ EVP_cast5_ofb
|
|||
|
||||
const EVP_CIPHER *EVP_cast5_cbc(void)
|
||||
const EVP_CIPHER *EVP_cast5_cfb(void)
|
||||
const EVP_CIPHER *EVP_cast5_cfb64(void)
|
||||
const EVP_CIPHER *EVP_cast5_ecb(void)
|
||||
const EVP_CIPHER *EVP_cast5_ofb(void)
|
||||
|
||||
|
|
@ -28,6 +30,7 @@ This is a variable key length cipher.
|
|||
=item EVP_cast5_cbc(),
|
||||
EVP_cast5_ecb(),
|
||||
EVP_cast5_cfb(),
|
||||
EVP_cast5_cfb64(),
|
||||
EVP_cast5_ofb()
|
||||
|
||||
CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
|
||||
|
|
|
|||
|
|
@ -6,19 +6,24 @@ EVP_des_cbc,
|
|||
EVP_des_cfb,
|
||||
EVP_des_cfb1,
|
||||
EVP_des_cfb8,
|
||||
EVP_des_cfb64,
|
||||
EVP_des_ecb,
|
||||
EVP_des_ede,
|
||||
EVP_des_ede_cfb,
|
||||
EVP_des_ede_ofb,
|
||||
EVP_des_ofb,
|
||||
EVP_des_ede,
|
||||
EVP_des_ede_cbc,
|
||||
EVP_des_ede_cfb,
|
||||
EVP_des_ede_cfb64,
|
||||
EVP_des_ede_ecb,
|
||||
EVP_des_ede_ofb,
|
||||
EVP_des_ede3,
|
||||
EVP_des_ede3_cbc,
|
||||
EVP_des_ede3_cfb,
|
||||
EVP_des_ede3_cfb1,
|
||||
EVP_des_ede3_cfb8,
|
||||
EVP_des_ede3_cfb64,
|
||||
EVP_des_ede3_ecb,
|
||||
EVP_des_ede3_ofb,
|
||||
EVP_des_ede3_wrap,
|
||||
EVP_des_ede_cbc
|
||||
EVP_des_ede3_wrap
|
||||
- EVP DES cipher
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
|
@ -43,27 +48,32 @@ EVP_des_ecb(),
|
|||
EVP_des_cfb(),
|
||||
EVP_des_cfb1(),
|
||||
EVP_des_cfb8(),
|
||||
EVP_des_cfb64(),
|
||||
EVP_des_ofb()
|
||||
|
||||
DES in CBC, ECB, CFB with 128-bit shift, CFB with 1-bit shift, CFB with 8-bit
|
||||
shift and OFB modes respectively.
|
||||
DES in CBC, ECB, CFB with 64-bit shift, CFB with 1-bit shift, CFB with 8-bit
|
||||
shift and OFB modes.
|
||||
|
||||
=item EVP_des_ede(),
|
||||
EVP_des_ede_cbc(),
|
||||
EVP_des_ede_ofb(),
|
||||
EVP_des_ede_cfb()
|
||||
EVP_des_ede_cfb(),
|
||||
EVP_des_ede_cfb64(),
|
||||
EVP_des_ede_ecb(),
|
||||
EVP_des_ede_ofb()
|
||||
|
||||
Two key triple DES in ECB, CBC, CFB and OFB modes respectively.
|
||||
Two key triple DES in ECB, CBC, CFB with 64-bit shift and OFB modes.
|
||||
|
||||
=item EVP_des_ede3(),
|
||||
EVP_des_ede3_cbc(),
|
||||
EVP_des_ede3_cfb(),
|
||||
EVP_des_ede3_cfb1(),
|
||||
EVP_des_ede3_cfb8(),
|
||||
EVP_des_ede3_cfb64(),
|
||||
EVP_des_ede3_ecb(),
|
||||
EVP_des_ede3_ofb()
|
||||
|
||||
Three-key triple DES in ECB, CBC, CFB with 128-bit shift, CFB with 1-bit shift,
|
||||
CFB with 8-bit shift and OFB modes respectively.
|
||||
Three-key triple DES in ECB, CBC, CFB with 64-bit shift, CFB with 1-bit shift,
|
||||
CFB with 8-bit shift and OFB modes.
|
||||
|
||||
=item EVP_des_ede3_wrap()
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@
|
|||
|
||||
EVP_idea_cbc,
|
||||
EVP_idea_cfb,
|
||||
EVP_idea_cfb64,
|
||||
EVP_idea_ecb,
|
||||
EVP_idea_ofb
|
||||
- EVP IDEA cipher
|
||||
|
|
@ -14,6 +15,7 @@ EVP_idea_ofb
|
|||
|
||||
const EVP_CIPHER *EVP_idea_cbc(void)
|
||||
const EVP_CIPHER *EVP_idea_cfb(void)
|
||||
const EVP_CIPHER *EVP_idea_cfb64(void)
|
||||
const EVP_CIPHER *EVP_idea_ecb(void)
|
||||
const EVP_CIPHER *EVP_idea_ofb(void)
|
||||
|
||||
|
|
@ -25,6 +27,7 @@ The IDEA encryption algorithm for EVP.
|
|||
|
||||
=item EVP_idea_cbc(),
|
||||
EVP_idea_cfb(),
|
||||
EVP_idea_cfb64(),
|
||||
EVP_idea_ecb(),
|
||||
EVP_idea_ofb()
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,8 @@
|
|||
|
||||
=head1 NAME
|
||||
|
||||
EVP_md5
|
||||
EVP_md5,
|
||||
EVP_md5_sha1
|
||||
- MD5 For EVP
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
|
@ -10,6 +11,7 @@ EVP_md5
|
|||
#include <openssl/evp.h>
|
||||
|
||||
const EVP_MD *EVP_md5(void);
|
||||
const EVP_MD *EVP_md5_sha1(void);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@
|
|||
|
||||
EVP_rc2_cbc,
|
||||
EVP_rc2_cfb,
|
||||
EVP_rc2_cfb64,
|
||||
EVP_rc2_ecb,
|
||||
EVP_rc2_ofb,
|
||||
EVP_rc2_40_cbc,
|
||||
|
|
@ -16,6 +17,7 @@ EVP_rc2_64_cbc
|
|||
|
||||
const EVP_CIPHER *EVP_rc2_cbc(void)
|
||||
const EVP_CIPHER *EVP_rc2_cfb(void)
|
||||
const EVP_CIPHER *EVP_rc2_cfb64(void)
|
||||
const EVP_CIPHER *EVP_rc2_ecb(void)
|
||||
const EVP_CIPHER *EVP_rc2_ofb(void)
|
||||
const EVP_CIPHER *EVP_rc2_40_cbc(void)
|
||||
|
|
@ -29,6 +31,7 @@ The RC2 encryption algorithm for EVP.
|
|||
|
||||
=item EVP_rc2_cbc(),
|
||||
EVP_rc2_cfb(),
|
||||
EVP_rc2_cfb64(),
|
||||
EVP_rc2_ecb(),
|
||||
EVP_rc2_ofb()
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@
|
|||
|
||||
EVP_rc5_32_12_16_cbc,
|
||||
EVP_rc5_32_12_16_cfb,
|
||||
EVP_rc5_32_12_16_cfb64,
|
||||
EVP_rc5_32_12_16_ecb,
|
||||
EVP_rc5_32_12_16_ofb
|
||||
- EVP RC5 cipher
|
||||
|
|
@ -14,6 +15,7 @@ EVP_rc5_32_12_16_ofb
|
|||
|
||||
const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void)
|
||||
const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
|
||||
const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void)
|
||||
const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void)
|
||||
const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void)
|
||||
|
||||
|
|
@ -25,6 +27,7 @@ The RC5 encryption algorithm for EVP.
|
|||
|
||||
=item EVP_rc5_32_12_16_cbc(),
|
||||
EVP_rc5_32_12_16_cfb(),
|
||||
EVP_rc5_32_12_16_cfb64(),
|
||||
EVP_rc5_32_12_16_ecb(),
|
||||
EVP_rc5_32_12_16_ofb()
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@
|
|||
|
||||
EVP_seed_cbc,
|
||||
EVP_seed_cfb,
|
||||
EVP_seed_cfb128,
|
||||
EVP_seed_ecb,
|
||||
EVP_seed_ofb
|
||||
- EVP SEED cipher
|
||||
|
|
@ -14,6 +15,7 @@ EVP_seed_ofb
|
|||
|
||||
const EVP_CIPHER *EVP_seed_cbc(void)
|
||||
const EVP_CIPHER *EVP_seed_cfb(void)
|
||||
const EVP_CIPHER *EVP_seed_cfb128(void)
|
||||
const EVP_CIPHER *EVP_seed_ecb(void)
|
||||
const EVP_CIPHER *EVP_seed_ofb(void)
|
||||
|
||||
|
|
@ -27,6 +29,7 @@ All modes below use a key length of 128 bits and acts on blocks of 128-bits.
|
|||
|
||||
=item EVP_seed_cbc(),
|
||||
EVP_seed_cfb(),
|
||||
EVP_seed_cfb128(),
|
||||
EVP_seed_ecb(),
|
||||
EVP_seed_ofb()
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
EVP_sm4_cbc,
|
||||
EVP_sm4_ecb,
|
||||
EVP_sm4_cfb,
|
||||
EVP_sm4_cfb128,
|
||||
EVP_sm4_ofb,
|
||||
EVP_sm4_ctr
|
||||
- EVP SM4 cipher
|
||||
|
|
@ -16,6 +17,7 @@ EVP_sm4_ctr
|
|||
const EVP_CIPHER *EVP_sm4_cbc(void);
|
||||
const EVP_CIPHER *EVP_sm4_ecb(void);
|
||||
const EVP_CIPHER *EVP_sm4_cfb(void);
|
||||
const EVP_CIPHER *EVP_sm4_cfb128(void);
|
||||
const EVP_CIPHER *EVP_sm4_ofb(void);
|
||||
const EVP_CIPHER *EVP_sm4_ctr(void);
|
||||
|
||||
|
|
@ -30,6 +32,7 @@ All modes below use a key length of 128 bits and acts on blocks of 128 bits.
|
|||
=item EVP_sm4_cbc(),
|
||||
EVP_sm4_ecb(),
|
||||
EVP_sm4_cfb(),
|
||||
EVP_sm4_cfb128(),
|
||||
EVP_sm4_ofb(),
|
||||
EVP_sm4_ctr()
|
||||
|
||||
|
|
|
|||
|
|
@ -1107,6 +1107,11 @@ const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
|
|||
int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
|
||||
EC_KEY *EC_KEY_new_method(ENGINE *engine);
|
||||
|
||||
/** The old name for ecdh_KDF_X9_63
|
||||
* The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
|
||||
* it is actually specified in ANSI X9.63.
|
||||
* This identifier is retained for backwards compatibility
|
||||
*/
|
||||
int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
|
||||
const unsigned char *Z, size_t Zlen,
|
||||
const unsigned char *sinfo, size_t sinfolen,
|
||||
|
|
@ -1457,7 +1462,13 @@ void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
|
|||
# define EVP_PKEY_CTRL_GET1_ID_LEN (EVP_PKEY_ALG_CTRL + 13)
|
||||
/* KDF types */
|
||||
# define EVP_PKEY_ECDH_KDF_NONE 1
|
||||
# define EVP_PKEY_ECDH_KDF_X9_62 2
|
||||
# define EVP_PKEY_ECDH_KDF_X9_63 2
|
||||
/** The old name for EVP_PKEY_ECDH_KDF_X9_63
|
||||
* The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
|
||||
* it is actually specified in ANSI X9.63.
|
||||
* This identifier is retained for backwards compatibility
|
||||
*/
|
||||
# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63
|
||||
|
||||
|
||||
# ifdef __cplusplus
|
||||
|
|
|
|||
|
|
@ -190,8 +190,27 @@ EVP_MD_CTX_type define
|
|||
EVP_OpenUpdate define
|
||||
EVP_PKEY_CTX_add1_hkdf_info define
|
||||
EVP_PKEY_CTX_add1_tls1_prf_seed define
|
||||
EVP_PKEY_CTX_get0_dh_kdf_oid define
|
||||
EVP_PKEY_CTX_get0_dh_kdf_ukm define
|
||||
EVP_PKEY_CTX_get0_ecdh_kdf_ukm define
|
||||
EVP_PKEY_CTX_get0_rsa_oaep_label define
|
||||
EVP_PKEY_CTX_get_dh_kdf_md define
|
||||
EVP_PKEY_CTX_get_dh_kdf_outlen define
|
||||
EVP_PKEY_CTX_get_dh_kdf_type define
|
||||
EVP_PKEY_CTX_get_ecdh_cofactor_mode define
|
||||
EVP_PKEY_CTX_get_ecdh_kdf_md define
|
||||
EVP_PKEY_CTX_get_ecdh_kdf_outlen define
|
||||
EVP_PKEY_CTX_get_ecdh_kdf_type define
|
||||
EVP_PKEY_CTX_get_rsa_mgf1_md define
|
||||
EVP_PKEY_CTX_get_rsa_oaep_md define
|
||||
EVP_PKEY_CTX_get_rsa_padding define
|
||||
EVP_PKEY_CTX_get_rsa_pss_saltlen define
|
||||
EVP_PKEY_CTX_get_signature_md define
|
||||
EVP_PKEY_CTX_hkdf_mode define
|
||||
EVP_PKEY_CTX_set0_dh_kdf_oid define
|
||||
EVP_PKEY_CTX_set0_dh_kdf_ukm define
|
||||
EVP_PKEY_CTX_set0_ecdh_kdf_ukm define
|
||||
EVP_PKEY_CTX_set0_rsa_oaep_label define
|
||||
EVP_PKEY_CTX_set1_hkdf_key define
|
||||
EVP_PKEY_CTX_set1_hkdf_salt define
|
||||
EVP_PKEY_CTX_set1_pbe_pass define
|
||||
|
|
@ -199,14 +218,29 @@ EVP_PKEY_CTX_set1_scrypt_salt define
|
|||
EVP_PKEY_CTX_set1_tls1_prf_secret define
|
||||
EVP_PKEY_CTX_set_dh_paramgen_generator define
|
||||
EVP_PKEY_CTX_set_dh_paramgen_prime_len define
|
||||
EVP_PKEY_CTX_set_dh_pad define
|
||||
EVP_PKEY_CTX_set_dh_paramgen_subprime_len define
|
||||
EVP_PKEY_CTX_set_dh_paramgen_type define
|
||||
EVP_PKEY_CTX_set_dh_kdf_md define
|
||||
EVP_PKEY_CTX_set_dh_kdf_outlen define
|
||||
EVP_PKEY_CTX_set_dh_kdf_type define
|
||||
EVP_PKEY_CTX_set_dh_nid define
|
||||
EVP_PKEY_CTX_set_dh_pad define
|
||||
EVP_PKEY_CTX_set_dh_rfc5114 define
|
||||
EVP_PKEY_CTX_set_dhx_rfc5114 define
|
||||
EVP_PKEY_CTX_set_dsa_paramgen_bits define
|
||||
EVP_PKEY_CTX_set_ec_param_enc define
|
||||
EVP_PKEY_CTX_set_ec_paramgen_curve_nid define
|
||||
EVP_PKEY_CTX_set_ecdh_cofactor_mode define
|
||||
EVP_PKEY_CTX_set_ecdh_kdf_md define
|
||||
EVP_PKEY_CTX_set_ecdh_kdf_outlen define
|
||||
EVP_PKEY_CTX_set_ecdh_kdf_type define
|
||||
EVP_PKEY_CTX_set_hkdf_md define
|
||||
EVP_PKEY_CTX_set_mac_key define
|
||||
EVP_PKEY_CTX_set_rsa_keygen_bits define
|
||||
EVP_PKEY_CTX_set_rsa_keygen_pubexp define
|
||||
EVP_PKEY_CTX_set_rsa_keygen_primes define
|
||||
EVP_PKEY_CTX_set_rsa_mgf1_md define
|
||||
EVP_PKEY_CTX_set_rsa_oaep_md define
|
||||
EVP_PKEY_CTX_set_rsa_padding define
|
||||
EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md define
|
||||
EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen define
|
||||
|
|
@ -221,7 +255,9 @@ EVP_PKEY_CTX_set_tls1_prf_md define
|
|||
EVP_PKEY_assign_DH define
|
||||
EVP_PKEY_assign_DSA define
|
||||
EVP_PKEY_assign_EC_KEY define
|
||||
EVP_PKEY_assign_POLY1305 define
|
||||
EVP_PKEY_assign_RSA define
|
||||
EVP_PKEY_assign_SIPHASH define
|
||||
EVP_SealUpdate define
|
||||
EVP_SignInit define
|
||||
EVP_SignInit_ex define
|
||||
|
|
@ -269,7 +305,6 @@ PEM_FLAG_ONLY_B64 define
|
|||
PEM_FLAG_SECURE define
|
||||
RAND_cleanup define deprecated 1.1.0
|
||||
RAND_DRBG_get_ex_new_index define
|
||||
EVP_PKEY_CTX_set_rsa_keygen_bits define
|
||||
SSL_COMP_free_compression_methods define deprecated 1.1.0
|
||||
SSL_CTX_add0_chain_cert define
|
||||
SSL_CTX_add1_chain_cert define
|
||||
|
|
|
|||
Loading…
Reference in a new issue