1 # This file is dual licensed under the terms of the Apache License, Version 2 # 2.0, and the BSD License. See the LICENSE file in the root of this repository 3 # for complete details. 4 5 from __future__ import absolute_import, division, print_function 6 7 INCLUDES = """ 8 #include <openssl/evp.h> 9 """ 10 11 TYPES = """ 12 typedef ... EVP_CIPHER; 13 typedef ... EVP_CIPHER_CTX; 14 typedef ... EVP_MD; 15 typedef ... EVP_MD_CTX; 16 17 typedef ... EVP_PKEY; 18 typedef ... EVP_PKEY_CTX; 19 static const int EVP_PKEY_RSA; 20 static const int EVP_PKEY_DSA; 21 static const int EVP_PKEY_DH; 22 static const int EVP_PKEY_DHX; 23 static const int EVP_PKEY_EC; 24 static const int EVP_PKEY_X25519; 25 static const int EVP_PKEY_ED25519; 26 static const int EVP_PKEY_X448; 27 static const int EVP_PKEY_ED448; 28 static const int EVP_MAX_MD_SIZE; 29 static const int EVP_CTRL_AEAD_SET_IVLEN; 30 static const int EVP_CTRL_AEAD_GET_TAG; 31 static const int EVP_CTRL_AEAD_SET_TAG; 32 33 static const int Cryptography_HAS_GCM; 34 static const int Cryptography_HAS_PBKDF2_HMAC; 35 static const int Cryptography_HAS_PKEY_CTX; 36 static const int Cryptography_HAS_SCRYPT; 37 static const int Cryptography_HAS_EVP_PKEY_DHX; 38 static const int Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint; 39 static const int Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY; 40 static const long Cryptography_HAS_RAW_KEY; 41 static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF; 42 """ 43 44 FUNCTIONS = """ 45 const EVP_CIPHER *EVP_get_cipherbyname(const char *); 46 int EVP_EncryptInit_ex(EVP_CIPHER_CTX *, const EVP_CIPHER *, ENGINE *, 47 const unsigned char *, const unsigned char *); 48 int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *, int); 49 int EVP_EncryptUpdate(EVP_CIPHER_CTX *, unsigned char *, int *, 50 const unsigned char *, int); 51 int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *, unsigned char *, int *); 52 int EVP_DecryptInit_ex(EVP_CIPHER_CTX *, const EVP_CIPHER *, ENGINE *, 53 const unsigned char *, const unsigned char *); 54 int EVP_DecryptUpdate(EVP_CIPHER_CTX *, unsigned char *, int *, 55 const unsigned char *, int); 56 int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *, unsigned char *, int *); 57 int EVP_CipherInit_ex(EVP_CIPHER_CTX *, const EVP_CIPHER *, ENGINE *, 58 const unsigned char *, const unsigned char *, int); 59 int EVP_CipherUpdate(EVP_CIPHER_CTX *, unsigned char *, int *, 60 const unsigned char *, int); 61 int EVP_CipherFinal_ex(EVP_CIPHER_CTX *, unsigned char *, int *); 62 int EVP_CIPHER_block_size(const EVP_CIPHER *); 63 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); 64 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); 65 void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *); 66 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int); 67 const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *); 68 69 int EVP_MD_CTX_copy_ex(EVP_MD_CTX *, const EVP_MD_CTX *); 70 int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, ENGINE *); 71 int EVP_DigestUpdate(EVP_MD_CTX *, const void *, size_t); 72 int EVP_DigestFinal_ex(EVP_MD_CTX *, unsigned char *, unsigned int *); 73 int EVP_DigestFinalXOF(EVP_MD_CTX *, unsigned char *, size_t); 74 const EVP_MD *EVP_get_digestbyname(const char *); 75 const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *); 76 int EVP_MD_size(const EVP_MD *); 77 78 EVP_PKEY *EVP_PKEY_new(void); 79 void EVP_PKEY_free(EVP_PKEY *); 80 int EVP_PKEY_type(int); 81 int EVP_PKEY_size(EVP_PKEY *); 82 RSA *EVP_PKEY_get1_RSA(EVP_PKEY *); 83 DSA *EVP_PKEY_get1_DSA(EVP_PKEY *); 84 DH *EVP_PKEY_get1_DH(EVP_PKEY *); 85 86 int EVP_PKEY_encrypt(EVP_PKEY_CTX *, unsigned char *, size_t *, 87 const unsigned char *, size_t); 88 int EVP_PKEY_decrypt(EVP_PKEY_CTX *, unsigned char *, size_t *, 89 const unsigned char *, size_t); 90 91 int EVP_SignInit(EVP_MD_CTX *, const EVP_MD *); 92 int EVP_SignUpdate(EVP_MD_CTX *, const void *, size_t); 93 int EVP_SignFinal(EVP_MD_CTX *, unsigned char *, unsigned int *, EVP_PKEY *); 94 95 int EVP_VerifyInit(EVP_MD_CTX *, const EVP_MD *); 96 int EVP_VerifyUpdate(EVP_MD_CTX *, const void *, size_t); 97 int EVP_VerifyFinal(EVP_MD_CTX *, const unsigned char *, unsigned int, 98 EVP_PKEY *); 99 100 const EVP_MD *EVP_md5(void); 101 const EVP_MD *EVP_sha1(void); 102 const EVP_MD *EVP_ripemd160(void); 103 const EVP_MD *EVP_sha224(void); 104 const EVP_MD *EVP_sha256(void); 105 const EVP_MD *EVP_sha384(void); 106 const EVP_MD *EVP_sha512(void); 107 108 int EVP_DigestSignInit(EVP_MD_CTX *, EVP_PKEY_CTX **, const EVP_MD *, 109 ENGINE *, EVP_PKEY *); 110 int EVP_DigestVerifyInit(EVP_MD_CTX *, EVP_PKEY_CTX **, const EVP_MD *, 111 ENGINE *, EVP_PKEY *); 112 113 114 int PKCS5_PBKDF2_HMAC_SHA1(const char *, int, const unsigned char *, int, int, 115 int, unsigned char *); 116 117 EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *, ENGINE *); 118 EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int, ENGINE *); 119 EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *); 120 void EVP_PKEY_CTX_free(EVP_PKEY_CTX *); 121 int EVP_PKEY_sign_init(EVP_PKEY_CTX *); 122 int EVP_PKEY_sign(EVP_PKEY_CTX *, unsigned char *, size_t *, 123 const unsigned char *, size_t); 124 int EVP_PKEY_verify_init(EVP_PKEY_CTX *); 125 int EVP_PKEY_verify(EVP_PKEY_CTX *, const unsigned char *, size_t, 126 const unsigned char *, size_t); 127 int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *); 128 int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *); 129 130 int EVP_PKEY_set1_RSA(EVP_PKEY *, RSA *); 131 int EVP_PKEY_set1_DSA(EVP_PKEY *, DSA *); 132 int EVP_PKEY_set1_DH(EVP_PKEY *, DH *); 133 134 int EVP_PKEY_get_attr_count(const EVP_PKEY *); 135 int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *, int, int); 136 X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *, int); 137 X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *, int); 138 int EVP_PKEY_add1_attr(EVP_PKEY *, X509_ATTRIBUTE *); 139 int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *, const ASN1_OBJECT *, int, 140 const unsigned char *, int); 141 int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *, int, int, 142 const unsigned char *, int); 143 int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *, const char *, int, 144 const unsigned char *, int); 145 146 int EVP_PKEY_cmp(const EVP_PKEY *, const EVP_PKEY *); 147 148 int EVP_PKEY_keygen_init(EVP_PKEY_CTX *); 149 int EVP_PKEY_keygen(EVP_PKEY_CTX *, EVP_PKEY **); 150 int EVP_PKEY_derive_init(EVP_PKEY_CTX *); 151 int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *, EVP_PKEY *); 152 int EVP_PKEY_derive(EVP_PKEY_CTX *, unsigned char *, size_t *); 153 int EVP_PKEY_set_type(EVP_PKEY *, int); 154 155 int EVP_PKEY_id(const EVP_PKEY *); 156 int Cryptography_EVP_PKEY_id(const EVP_PKEY *); 157 158 /* in 1.1.0 _create and _destroy were renamed to _new and _free. The following 159 two functions wrap both the old and new functions so we can call them 160 without worrying about what OpenSSL we're running against. */ 161 EVP_MD_CTX *Cryptography_EVP_MD_CTX_new(void); 162 void Cryptography_EVP_MD_CTX_free(EVP_MD_CTX *); 163 /* Added in 1.1.1 */ 164 int EVP_DigestSign(EVP_MD_CTX *, unsigned char *, size_t *, 165 const unsigned char *, size_t); 166 int EVP_DigestVerify(EVP_MD_CTX *, const unsigned char *, size_t, 167 const unsigned char *, size_t); 168 /* Added in 1.1.0 */ 169 size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *, unsigned char **); 170 int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *, const unsigned char *, 171 size_t); 172 173 /* PKCS8_PRIV_KEY_INFO * became const in 1.1.0 */ 174 EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *); 175 176 /* EVP_PKEY * became const in 1.1.0 */ 177 int EVP_PKEY_bits(EVP_PKEY *); 178 179 /* became a macro in 1.1.0 */ 180 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *); 181 182 void OpenSSL_add_all_algorithms(void); 183 int EVP_PKEY_assign_RSA(EVP_PKEY *, RSA *); 184 int EVP_PKEY_assign_DSA(EVP_PKEY *, DSA *); 185 186 int EVP_PKEY_assign_EC_KEY(EVP_PKEY *, EC_KEY *); 187 EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *); 188 int EVP_PKEY_set1_EC_KEY(EVP_PKEY *, EC_KEY *); 189 190 int EVP_MD_CTX_block_size(const EVP_MD_CTX *); 191 int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *); 192 int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *, int, int, void *); 193 194 int PKCS5_PBKDF2_HMAC(const char *, int, const unsigned char *, int, int, 195 const EVP_MD *, int, unsigned char *); 196 197 int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *, const EVP_MD *); 198 199 int EVP_PBE_scrypt(const char *, size_t, const unsigned char *, size_t, 200 uint64_t, uint64_t, uint64_t, uint64_t, unsigned char *, 201 size_t); 202 203 EVP_PKEY *EVP_PKEY_new_raw_private_key(int, ENGINE *, const unsigned char *, 204 size_t); 205 EVP_PKEY *EVP_PKEY_new_raw_public_key(int, ENGINE *, const unsigned char *, 206 size_t); 207 int EVP_PKEY_get_raw_private_key(const EVP_PKEY *, unsigned char *, size_t *); 208 int EVP_PKEY_get_raw_public_key(const EVP_PKEY *, unsigned char *, size_t *); 209 """ 210 211 CUSTOMIZATIONS = """ 212 const long Cryptography_HAS_GCM = 1; 213 214 const long Cryptography_HAS_PBKDF2_HMAC = 1; 215 const long Cryptography_HAS_PKEY_CTX = 1; 216 217 #ifdef EVP_PKEY_DHX 218 const long Cryptography_HAS_EVP_PKEY_DHX = 1; 219 #else 220 const long Cryptography_HAS_EVP_PKEY_DHX = 0; 221 const long EVP_PKEY_DHX = -1; 222 #endif 223 224 int Cryptography_EVP_PKEY_id(const EVP_PKEY *key) { 225 return EVP_PKEY_id(key); 226 } 227 228 EVP_MD_CTX *Cryptography_EVP_MD_CTX_new(void) { 229 #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 230 return EVP_MD_CTX_create(); 231 #else 232 return EVP_MD_CTX_new(); 233 #endif 234 } 235 void Cryptography_EVP_MD_CTX_free(EVP_MD_CTX *ctx) { 236 #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 237 EVP_MD_CTX_destroy(ctx); 238 #else 239 EVP_MD_CTX_free(ctx); 240 #endif 241 } 242 #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || defined(OPENSSL_NO_SCRYPT) 243 static const long Cryptography_HAS_SCRYPT = 0; 244 int (*EVP_PBE_scrypt)(const char *, size_t, const unsigned char *, size_t, 245 uint64_t, uint64_t, uint64_t, uint64_t, unsigned char *, 246 size_t) = NULL; 247 #else 248 static const long Cryptography_HAS_SCRYPT = 1; 249 #endif 250 251 #if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER 252 static const long Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint = 1; 253 #else 254 static const long Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint = 0; 255 size_t (*EVP_PKEY_get1_tls_encodedpoint)(EVP_PKEY *, unsigned char **) = NULL; 256 int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, const unsigned char *, 257 size_t) = NULL; 258 #endif 259 260 #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 261 static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 0; 262 static const long Cryptography_HAS_RAW_KEY = 0; 263 static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0; 264 int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL; 265 int (*EVP_DigestSign)(EVP_MD_CTX *, unsigned char *, size_t *, 266 const unsigned char *tbs, size_t) = NULL; 267 int (*EVP_DigestVerify)(EVP_MD_CTX *, const unsigned char *, size_t, 268 const unsigned char *, size_t) = NULL; 269 EVP_PKEY *(*EVP_PKEY_new_raw_private_key)(int, ENGINE *, const unsigned char *, 270 size_t) = NULL; 271 EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(int, ENGINE *, const unsigned char *, 272 size_t) = NULL; 273 int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, unsigned char *, 274 size_t *) = NULL; 275 int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *, 276 size_t *) = NULL; 277 #else 278 static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1; 279 static const long Cryptography_HAS_RAW_KEY = 1; 280 static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 1; 281 #endif 282 283 /* OpenSSL 1.1.0+ does this define for us, but if not present we'll do it */ 284 #if !defined(EVP_CTRL_AEAD_SET_IVLEN) 285 # define EVP_CTRL_AEAD_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN 286 #endif 287 #if !defined(EVP_CTRL_AEAD_GET_TAG) 288 # define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG 289 #endif 290 #if !defined(EVP_CTRL_AEAD_SET_TAG) 291 # define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG 292 #endif 293 294 /* This is tied to X25519 support so we reuse the Cryptography_HAS_X25519 295 conditional to remove it. OpenSSL 1.1.0 didn't have this define, but 296 1.1.1 will when it is released. We can remove this in the distant 297 future when we drop 1.1.0 support. */ 298 #ifndef EVP_PKEY_X25519 299 #define EVP_PKEY_X25519 NID_X25519 300 #endif 301 302 /* This is tied to X448 support so we reuse the Cryptography_HAS_X448 303 conditional to remove it. OpenSSL 1.1.1 adds this define. We can remove 304 this in the distant future when we drop 1.1.0 support. */ 305 #ifndef EVP_PKEY_X448 306 #define EVP_PKEY_X448 NID_X448 307 #endif 308 309 /* This is tied to ED25519 support so we reuse the Cryptography_HAS_ED25519 310 conditional to remove it. */ 311 #ifndef EVP_PKEY_ED25519 312 #define EVP_PKEY_ED25519 NID_ED25519 313 #endif 314 315 /* This is tied to ED448 support so we reuse the Cryptography_HAS_ED448 316 conditional to remove it. */ 317 #ifndef EVP_PKEY_ED448 318 #define EVP_PKEY_ED448 NID_ED448 319 #endif 320 """ 321