public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/providers/common/include/prov/provider_util.h
Shane Lontis 0d2bfe52bb Add AES_CBC_HMAC_SHA ciphers to providers. 
Also Add ability for providers to dynamically exclude cipher algorithms.
Cipher algorithms are only returned from providers if their capable() method is either NULL,
or the method returns 1.
This is mainly required for ciphers that only have hardware implementations.
If there is no hardware support, then the algorithm needs to be not available.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10146)
2020-01-06 13:02:16 +10:00

115 lines
4.5 KiB
C
Raw Blame History

/*
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/provider.h>
#include <openssl/engine.h>
typedef struct {
/*
* References to the underlying cipher implementation. |cipher| caches
* the cipher, always. |alloc_cipher| only holds a reference to an
* explicitly fetched cipher.
*/
const EVP_CIPHER *cipher; /* cipher */
EVP_CIPHER *alloc_cipher; /* fetched cipher */
/* Conditions for legacy EVP_CIPHER uses */
ENGINE *engine; /* cipher engine */
} PROV_CIPHER;
typedef struct {
/*
* References to the underlying digest implementation. |md| caches
* the digest, always. |alloc_md| only holds a reference to an explicitly
* fetched digest.
*/
const EVP_MD *md; /* digest */
EVP_MD *alloc_md; /* fetched digest */
/* Conditions for legacy EVP_MD uses */
ENGINE *engine; /* digest engine */
} PROV_DIGEST;
/* Cipher functions */
/*
* Load a cipher from the specified parameters with the specified context.
* The params "properties", "engine" and "cipher" are used to determine the
* implementation used. If a provider cannot be found, it falls back to trying
* non-provider based implementations.
*/
int ossl_prov_cipher_load_from_params(PROV_CIPHER *pc,
const OSSL_PARAM params[],
OPENSSL_CTX *ctx);
/* Reset the PROV_CIPHER fields and free any allocated cipher reference */
void ossl_prov_cipher_reset(PROV_CIPHER *pc);
/* Clone a PROV_CIPHER structure into a second */
int ossl_prov_cipher_copy(PROV_CIPHER *dst, const PROV_CIPHER *src);
/* Query the cipher and associated engine (if any) */
const EVP_CIPHER *ossl_prov_cipher_cipher(const PROV_CIPHER *pc);
ENGINE *ossl_prov_cipher_engine(const PROV_CIPHER *pc);
/* Digest functions */
/*
* Load a digest from the specified parameters with the specified context.
* The params "properties", "engine" and "digest" are used to determine the
* implementation used. If a provider cannot be found, it falls back to trying
* non-provider based implementations.
*/
int ossl_prov_digest_load_from_params(PROV_DIGEST *pd,
const OSSL_PARAM params[],
OPENSSL_CTX *ctx);
/* Reset the PROV_DIGEST fields and free any allocated digest reference */
void ossl_prov_digest_reset(PROV_DIGEST *pd);
/* Clone a PROV_DIGEST structure into a second */
int ossl_prov_digest_copy(PROV_DIGEST *dst, const PROV_DIGEST *src);
/* Query the digest and associated engine (if any) */
const EVP_MD *ossl_prov_digest_md(const PROV_DIGEST *pd);
ENGINE *ossl_prov_digest_engine(const PROV_DIGEST *pd);
/* MAC functions */
/*
* Load an EVP_MAC_CTX* from the specified parameters with the specified
* library context.
* The params "mac" and "properties" are used to determine the implementation
* used, and the parameters "digest", "cipher", "engine" and "properties" are
* passed to the MAC via the created MAC context if they are given.
* If there is already a created MAC context, it will be replaced if the "mac"
* parameter is found, otherwise it will simply be used as is, and passed the
* parameters to pilfer as it sees fit.
*
* As an option, a MAC name may be explicitly given, and if it is, the "mac"
* parameter will be ignored.
* Similarly, as an option, a cipher name or a digest name may be explicitly
* given, and if any of them is, the "digest" and "cipher" parameters are
* ignored.
*/
int ossl_prov_macctx_load_from_params(EVP_MAC_CTX **macctx,
const OSSL_PARAM params[],
const char *macname,
const char *ciphername,
const char *mdname,
OPENSSL_CTX *ctx);
typedef struct ag_capable_st {
OSSL_ALGORITHM alg;
int (*capable)(void);
} OSSL_ALGORITHM_CAPABLE;
/*
* Dynamically select algorithms by calling a capable() method.
* If this method is NULL or the method returns 1 then the algorithm is added.
*/
void ossl_prov_cache_exported_algorithms(const OSSL_ALGORITHM_CAPABLE *in,
OSSL_ALGORITHM *out);
Reference in a new issue View git blame Copy permalink