2 * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * Low level key APIs (DH etc) are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
19 # include <openssl/engine.h>
21 #include <openssl/evp.h>
22 #include <openssl/core_names.h>
23 #include <openssl/dh.h>
24 #include <openssl/rsa.h>
25 #include <openssl/kdf.h>
26 #include "internal/cryptlib.h"
28 # include "crypto/asn1.h"
30 #include "crypto/evp.h"
31 #include "crypto/dh.h"
32 #include "crypto/ec.h"
33 #include "internal/ffc.h"
34 #include "internal/numbers.h"
35 #include "internal/provider.h"
36 #include "evp_local.h"
40 static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX
*ctx
,
41 int keytype
, int optype
,
42 int cmd
, const char *name
,
43 const void *data
, size_t data_len
);
44 static void evp_pkey_ctx_free_cached_data(EVP_PKEY_CTX
*ctx
,
45 int cmd
, const char *name
);
46 static void evp_pkey_ctx_free_all_cached_data(EVP_PKEY_CTX
*ctx
);
48 typedef const EVP_PKEY_METHOD
*(*pmeth_fn
)(void);
49 typedef int sk_cmp_fn_type(const char *const *a
, const char *const *b
);
51 static STACK_OF(EVP_PKEY_METHOD
) *app_pkey_methods
= NULL
;
53 /* This array needs to be in order of NIDs */
54 static pmeth_fn standard_methods
[] = {
56 # ifndef OPENSSL_NO_DH
59 # ifndef OPENSSL_NO_DSA
62 # ifndef OPENSSL_NO_EC
65 ossl_rsa_pss_pkey_method
,
66 # ifndef OPENSSL_NO_DH
69 # ifndef OPENSSL_NO_ECX
70 ossl_ecx25519_pkey_method
,
71 ossl_ecx448_pkey_method
,
72 ossl_ed25519_pkey_method
,
73 ossl_ed448_pkey_method
,
77 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD
*, pmeth_fn
, pmeth_func
);
79 static int pmeth_func_cmp(const EVP_PKEY_METHOD
*const *a
, pmeth_fn
const *b
)
81 return ((*a
)->pkey_id
- ((**b
)())->pkey_id
);
84 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD
*, pmeth_fn
, pmeth_func
);
86 static int pmeth_cmp(const EVP_PKEY_METHOD
*const *a
,
87 const EVP_PKEY_METHOD
*const *b
)
89 return ((*a
)->pkey_id
- (*b
)->pkey_id
);
92 static const EVP_PKEY_METHOD
*evp_pkey_meth_find_added_by_application(int type
)
94 if (app_pkey_methods
!= NULL
) {
99 idx
= sk_EVP_PKEY_METHOD_find(app_pkey_methods
, &tmp
);
101 return sk_EVP_PKEY_METHOD_value(app_pkey_methods
, idx
);
106 const EVP_PKEY_METHOD
*EVP_PKEY_meth_find(int type
)
110 const EVP_PKEY_METHOD
*t
;
112 if ((t
= evp_pkey_meth_find_added_by_application(type
)) != NULL
)
117 ret
= OBJ_bsearch_pmeth_func(&t
, standard_methods
,
118 OSSL_NELEM(standard_methods
));
119 if (ret
== NULL
|| *ret
== NULL
)
124 EVP_PKEY_METHOD
*EVP_PKEY_meth_new(int id
, int flags
)
126 EVP_PKEY_METHOD
*pmeth
;
128 pmeth
= OPENSSL_zalloc(sizeof(*pmeth
));
133 pmeth
->flags
= flags
| EVP_PKEY_FLAG_DYNAMIC
;
137 static void help_get_legacy_alg_type_from_keymgmt(const char *keytype
,
142 if (*type
== NID_undef
)
143 *type
= evp_pkey_name2type(keytype
);
146 static int get_legacy_alg_type_from_keymgmt(const EVP_KEYMGMT
*keymgmt
)
148 int type
= NID_undef
;
150 EVP_KEYMGMT_names_do_all(keymgmt
, help_get_legacy_alg_type_from_keymgmt
,
154 #endif /* FIPS_MODULE */
156 int evp_pkey_ctx_state(const EVP_PKEY_CTX
*ctx
)
158 if (ctx
->operation
== EVP_PKEY_OP_UNDEFINED
)
159 return EVP_PKEY_STATE_UNKNOWN
;
161 if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
162 && ctx
->op
.kex
.algctx
!= NULL
)
163 || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
164 && ctx
->op
.sig
.algctx
!= NULL
)
165 || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
166 && ctx
->op
.ciph
.algctx
!= NULL
)
167 || (EVP_PKEY_CTX_IS_GEN_OP(ctx
)
168 && ctx
->op
.keymgmt
.genctx
!= NULL
)
169 || (EVP_PKEY_CTX_IS_KEM_OP(ctx
)
170 && ctx
->op
.encap
.algctx
!= NULL
))
171 return EVP_PKEY_STATE_PROVIDER
;
173 return EVP_PKEY_STATE_LEGACY
;
176 static EVP_PKEY_CTX
*int_ctx_new(OSSL_LIB_CTX
*libctx
,
177 EVP_PKEY
*pkey
, ENGINE
*e
,
178 const char *keytype
, const char *propquery
,
182 EVP_PKEY_CTX
*ret
= NULL
;
183 const EVP_PKEY_METHOD
*pmeth
= NULL
, *app_pmeth
= NULL
;
184 EVP_KEYMGMT
*keymgmt
= NULL
;
186 /* Code below to be removed when legacy support is dropped. */
189 if (pkey
!= NULL
&& !evp_pkey_is_provided(pkey
)) {
193 /* Must be provided if we get here */
194 keytype
= EVP_KEYMGMT_get0_name(pkey
->keymgmt
);
197 if (keytype
!= NULL
) {
198 id
= evp_pkey_name2type(keytype
);
205 /* If no ID was found here, we can only resort to find a keymgmt */
208 /* Using engine with a key without id will not work */
210 ERR_raise(ERR_LIB_EVP
, EVP_R_UNSUPPORTED_ALGORITHM
);
219 * Here, we extract what information we can for the purpose of
220 * supporting usage with implementations from providers, to make
221 * for a smooth transition from legacy stuff to provider based stuff.
223 * If an engine is given, this is entirely legacy, and we should not
224 * pretend anything else, so we clear the name.
228 if (e
== NULL
&& (pkey
== NULL
|| pkey
->foreign
== 0))
229 keytype
= OBJ_nid2sn(id
);
231 # ifndef OPENSSL_NO_ENGINE
232 if (e
== NULL
&& pkey
!= NULL
)
233 e
= pkey
->pmeth_engine
!= NULL
? pkey
->pmeth_engine
: pkey
->engine
;
234 /* Try to find an ENGINE which implements this method */
236 if (!ENGINE_init(e
)) {
237 ERR_raise(ERR_LIB_EVP
, ERR_R_ENGINE_LIB
);
241 e
= ENGINE_get_pkey_meth_engine(id
);
245 * If an ENGINE handled this method look it up. Otherwise use internal
249 pmeth
= ENGINE_get_pkey_meth(e
, id
);
250 else if (pkey
!= NULL
&& pkey
->foreign
)
251 pmeth
= EVP_PKEY_meth_find(id
);
254 app_pmeth
= pmeth
= evp_pkey_meth_find_added_by_application(id
);
257 #endif /* FIPS_MODULE */
260 * If there's no engine and no app supplied pmeth and there's a name, we try
261 * fetching a provider implementation.
263 if (e
== NULL
&& app_pmeth
== NULL
&& keytype
!= NULL
) {
265 * If |pkey| is given and is provided, we take a reference to its
266 * keymgmt. Otherwise, we fetch one for the keytype we got. This
267 * is to ensure that operation init functions can access what they
268 * need through this single pointer.
270 if (pkey
!= NULL
&& pkey
->keymgmt
!= NULL
) {
271 if (!EVP_KEYMGMT_up_ref(pkey
->keymgmt
))
272 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
274 keymgmt
= pkey
->keymgmt
;
276 keymgmt
= EVP_KEYMGMT_fetch(libctx
, keytype
, propquery
);
279 return NULL
; /* EVP_KEYMGMT_fetch() recorded an error */
283 * Chase down the legacy NID, as that might be needed for diverse
284 * purposes, such as ensure that EVP_PKEY_type() can return sensible
285 * values. We go through all keymgmt names, because the keytype
286 * that's passed to this function doesn't necessarily translate
289 if (keymgmt
!= NULL
) {
290 int tmp_id
= get_legacy_alg_type_from_keymgmt(keymgmt
);
292 if (tmp_id
!= NID_undef
) {
297 * It really really shouldn't differ. If it still does,
298 * something is very wrong.
300 if (!ossl_assert(id
== tmp_id
)) {
301 ERR_raise(ERR_LIB_EVP
, ERR_R_INTERNAL_ERROR
);
302 EVP_KEYMGMT_free(keymgmt
);
311 if (pmeth
== NULL
&& keymgmt
== NULL
) {
312 ERR_raise(ERR_LIB_EVP
, EVP_R_UNSUPPORTED_ALGORITHM
);
314 ret
= OPENSSL_zalloc(sizeof(*ret
));
317 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
318 if ((ret
== NULL
|| pmeth
== NULL
) && e
!= NULL
)
323 EVP_KEYMGMT_free(keymgmt
);
326 if (propquery
!= NULL
) {
327 ret
->propquery
= OPENSSL_strdup(propquery
);
328 if (ret
->propquery
== NULL
) {
330 EVP_KEYMGMT_free(keymgmt
);
334 ret
->libctx
= libctx
;
335 ret
->keytype
= keytype
;
336 ret
->keymgmt
= keymgmt
;
337 ret
->legacy_keytype
= id
;
340 ret
->operation
= EVP_PKEY_OP_UNDEFINED
;
343 EVP_PKEY_up_ref(pkey
);
345 if (pmeth
!= NULL
&& pmeth
->init
!= NULL
) {
346 if (pmeth
->init(ret
) <= 0) {
348 EVP_PKEY_CTX_free(ret
);
356 /*- All methods below can also be used in FIPS_MODULE */
358 EVP_PKEY_CTX
*EVP_PKEY_CTX_new_from_name(OSSL_LIB_CTX
*libctx
,
360 const char *propquery
)
362 return int_ctx_new(libctx
, NULL
, NULL
, name
, propquery
, -1);
365 EVP_PKEY_CTX
*EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX
*libctx
, EVP_PKEY
*pkey
,
366 const char *propquery
)
368 return int_ctx_new(libctx
, pkey
, NULL
, NULL
, propquery
, -1);
371 void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX
*ctx
)
373 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)) {
374 if (ctx
->op
.sig
.algctx
!= NULL
&& ctx
->op
.sig
.signature
!= NULL
)
375 ctx
->op
.sig
.signature
->freectx(ctx
->op
.sig
.algctx
);
376 EVP_SIGNATURE_free(ctx
->op
.sig
.signature
);
377 ctx
->op
.sig
.algctx
= NULL
;
378 ctx
->op
.sig
.signature
= NULL
;
379 } else if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)) {
380 if (ctx
->op
.kex
.algctx
!= NULL
&& ctx
->op
.kex
.exchange
!= NULL
)
381 ctx
->op
.kex
.exchange
->freectx(ctx
->op
.kex
.algctx
);
382 EVP_KEYEXCH_free(ctx
->op
.kex
.exchange
);
383 ctx
->op
.kex
.algctx
= NULL
;
384 ctx
->op
.kex
.exchange
= NULL
;
385 } else if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)) {
386 if (ctx
->op
.encap
.algctx
!= NULL
&& ctx
->op
.encap
.kem
!= NULL
)
387 ctx
->op
.encap
.kem
->freectx(ctx
->op
.encap
.algctx
);
388 EVP_KEM_free(ctx
->op
.encap
.kem
);
389 ctx
->op
.encap
.algctx
= NULL
;
390 ctx
->op
.encap
.kem
= NULL
;
392 else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)) {
393 if (ctx
->op
.ciph
.algctx
!= NULL
&& ctx
->op
.ciph
.cipher
!= NULL
)
394 ctx
->op
.ciph
.cipher
->freectx(ctx
->op
.ciph
.algctx
);
395 EVP_ASYM_CIPHER_free(ctx
->op
.ciph
.cipher
);
396 ctx
->op
.ciph
.algctx
= NULL
;
397 ctx
->op
.ciph
.cipher
= NULL
;
398 } else if (EVP_PKEY_CTX_IS_GEN_OP(ctx
)) {
399 if (ctx
->op
.keymgmt
.genctx
!= NULL
&& ctx
->keymgmt
!= NULL
)
400 evp_keymgmt_gen_cleanup(ctx
->keymgmt
, ctx
->op
.keymgmt
.genctx
);
404 void EVP_PKEY_CTX_free(EVP_PKEY_CTX
*ctx
)
408 if (ctx
->pmeth
&& ctx
->pmeth
->cleanup
)
409 ctx
->pmeth
->cleanup(ctx
);
411 evp_pkey_ctx_free_old_ops(ctx
);
413 evp_pkey_ctx_free_all_cached_data(ctx
);
415 EVP_KEYMGMT_free(ctx
->keymgmt
);
417 OPENSSL_free(ctx
->propquery
);
418 EVP_PKEY_free(ctx
->pkey
);
419 EVP_PKEY_free(ctx
->peerkey
);
420 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
421 ENGINE_finish(ctx
->engine
);
423 BN_free(ctx
->rsa_pubexp
);
429 void EVP_PKEY_meth_get0_info(int *ppkey_id
, int *pflags
,
430 const EVP_PKEY_METHOD
*meth
)
433 *ppkey_id
= meth
->pkey_id
;
435 *pflags
= meth
->flags
;
438 void EVP_PKEY_meth_copy(EVP_PKEY_METHOD
*dst
, const EVP_PKEY_METHOD
*src
)
440 int pkey_id
= dst
->pkey_id
;
441 int flags
= dst
->flags
;
445 /* We only copy the function pointers so restore the other values */
446 dst
->pkey_id
= pkey_id
;
450 void EVP_PKEY_meth_free(EVP_PKEY_METHOD
*pmeth
)
452 if (pmeth
&& (pmeth
->flags
& EVP_PKEY_FLAG_DYNAMIC
))
456 EVP_PKEY_CTX
*EVP_PKEY_CTX_new(EVP_PKEY
*pkey
, ENGINE
*e
)
458 return int_ctx_new(NULL
, pkey
, e
, NULL
, NULL
, -1);
461 EVP_PKEY_CTX
*EVP_PKEY_CTX_new_id(int id
, ENGINE
*e
)
463 return int_ctx_new(NULL
, NULL
, e
, NULL
, NULL
, id
);
466 EVP_PKEY_CTX
*EVP_PKEY_CTX_dup(const EVP_PKEY_CTX
*pctx
)
470 # ifndef OPENSSL_NO_ENGINE
471 /* Make sure it's safe to copy a pkey context using an ENGINE */
472 if (pctx
->engine
&& !ENGINE_init(pctx
->engine
)) {
473 ERR_raise(ERR_LIB_EVP
, ERR_R_ENGINE_LIB
);
477 rctx
= OPENSSL_zalloc(sizeof(*rctx
));
481 if (pctx
->pkey
!= NULL
)
482 EVP_PKEY_up_ref(pctx
->pkey
);
483 rctx
->pkey
= pctx
->pkey
;
484 rctx
->operation
= pctx
->operation
;
485 rctx
->libctx
= pctx
->libctx
;
486 rctx
->keytype
= pctx
->keytype
;
487 rctx
->propquery
= NULL
;
488 if (pctx
->propquery
!= NULL
) {
489 rctx
->propquery
= OPENSSL_strdup(pctx
->propquery
);
490 if (rctx
->propquery
== NULL
)
493 rctx
->legacy_keytype
= pctx
->legacy_keytype
;
495 if (EVP_PKEY_CTX_IS_DERIVE_OP(pctx
)) {
496 if (pctx
->op
.kex
.exchange
!= NULL
) {
497 rctx
->op
.kex
.exchange
= pctx
->op
.kex
.exchange
;
498 if (!EVP_KEYEXCH_up_ref(rctx
->op
.kex
.exchange
))
501 if (pctx
->op
.kex
.algctx
!= NULL
) {
502 if (!ossl_assert(pctx
->op
.kex
.exchange
!= NULL
))
505 if (pctx
->op
.kex
.exchange
->dupctx
!= NULL
)
507 = pctx
->op
.kex
.exchange
->dupctx(pctx
->op
.kex
.algctx
);
509 if (rctx
->op
.kex
.algctx
== NULL
) {
510 EVP_KEYEXCH_free(rctx
->op
.kex
.exchange
);
511 rctx
->op
.kex
.exchange
= NULL
;
516 } else if (EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx
)) {
517 if (pctx
->op
.sig
.signature
!= NULL
) {
518 rctx
->op
.sig
.signature
= pctx
->op
.sig
.signature
;
519 if (!EVP_SIGNATURE_up_ref(rctx
->op
.sig
.signature
))
522 if (pctx
->op
.sig
.algctx
!= NULL
) {
523 if (!ossl_assert(pctx
->op
.sig
.signature
!= NULL
))
526 if (pctx
->op
.sig
.signature
->dupctx
!= NULL
)
528 = pctx
->op
.sig
.signature
->dupctx(pctx
->op
.sig
.algctx
);
530 if (rctx
->op
.sig
.algctx
== NULL
) {
531 EVP_SIGNATURE_free(rctx
->op
.sig
.signature
);
532 rctx
->op
.sig
.signature
= NULL
;
537 } else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(pctx
)) {
538 if (pctx
->op
.ciph
.cipher
!= NULL
) {
539 rctx
->op
.ciph
.cipher
= pctx
->op
.ciph
.cipher
;
540 if (!EVP_ASYM_CIPHER_up_ref(rctx
->op
.ciph
.cipher
))
543 if (pctx
->op
.ciph
.algctx
!= NULL
) {
544 if (!ossl_assert(pctx
->op
.ciph
.cipher
!= NULL
))
547 if (pctx
->op
.ciph
.cipher
->dupctx
!= NULL
)
549 = pctx
->op
.ciph
.cipher
->dupctx(pctx
->op
.ciph
.algctx
);
551 if (rctx
->op
.ciph
.algctx
== NULL
) {
552 EVP_ASYM_CIPHER_free(rctx
->op
.ciph
.cipher
);
553 rctx
->op
.ciph
.cipher
= NULL
;
558 } else if (EVP_PKEY_CTX_IS_KEM_OP(pctx
)) {
559 if (pctx
->op
.encap
.kem
!= NULL
) {
560 rctx
->op
.encap
.kem
= pctx
->op
.encap
.kem
;
561 if (!EVP_KEM_up_ref(rctx
->op
.encap
.kem
))
564 if (pctx
->op
.encap
.algctx
!= NULL
) {
565 if (!ossl_assert(pctx
->op
.encap
.kem
!= NULL
))
568 if (pctx
->op
.encap
.kem
->dupctx
!= NULL
)
569 rctx
->op
.encap
.algctx
570 = pctx
->op
.encap
.kem
->dupctx(pctx
->op
.encap
.algctx
);
572 if (rctx
->op
.encap
.algctx
== NULL
) {
573 EVP_KEM_free(rctx
->op
.encap
.kem
);
574 rctx
->op
.encap
.kem
= NULL
;
579 } else if (EVP_PKEY_CTX_IS_GEN_OP(pctx
)) {
580 /* Not supported - This would need a gen_dupctx() to work */
584 rctx
->pmeth
= pctx
->pmeth
;
585 # ifndef OPENSSL_NO_ENGINE
586 rctx
->engine
= pctx
->engine
;
589 if (pctx
->peerkey
!= NULL
)
590 EVP_PKEY_up_ref(pctx
->peerkey
);
591 rctx
->peerkey
= pctx
->peerkey
;
593 if (pctx
->pmeth
== NULL
) {
594 if (rctx
->operation
== EVP_PKEY_OP_UNDEFINED
) {
595 EVP_KEYMGMT
*tmp_keymgmt
= pctx
->keymgmt
;
598 provkey
= evp_pkey_export_to_provider(pctx
->pkey
, pctx
->libctx
,
599 &tmp_keymgmt
, pctx
->propquery
);
602 if (!EVP_KEYMGMT_up_ref(tmp_keymgmt
))
604 EVP_KEYMGMT_free(rctx
->keymgmt
);
605 rctx
->keymgmt
= tmp_keymgmt
;
608 } else if (pctx
->pmeth
->copy(rctx
, pctx
) > 0) {
613 EVP_PKEY_CTX_free(rctx
);
617 int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD
*pmeth
)
619 if (app_pkey_methods
== NULL
) {
620 app_pkey_methods
= sk_EVP_PKEY_METHOD_new(pmeth_cmp
);
621 if (app_pkey_methods
== NULL
) {
622 ERR_raise(ERR_LIB_EVP
, ERR_R_CRYPTO_LIB
);
626 if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods
, pmeth
)) {
627 ERR_raise(ERR_LIB_EVP
, ERR_R_CRYPTO_LIB
);
630 sk_EVP_PKEY_METHOD_sort(app_pkey_methods
);
634 void evp_app_cleanup_int(void)
636 if (app_pkey_methods
!= NULL
)
637 sk_EVP_PKEY_METHOD_pop_free(app_pkey_methods
, EVP_PKEY_meth_free
);
640 int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD
*pmeth
)
642 const EVP_PKEY_METHOD
*ret
;
644 ret
= sk_EVP_PKEY_METHOD_delete_ptr(app_pkey_methods
, pmeth
);
646 return ret
== NULL
? 0 : 1;
649 size_t EVP_PKEY_meth_get_count(void)
651 size_t rv
= OSSL_NELEM(standard_methods
);
653 if (app_pkey_methods
)
654 rv
+= sk_EVP_PKEY_METHOD_num(app_pkey_methods
);
658 const EVP_PKEY_METHOD
*EVP_PKEY_meth_get0(size_t idx
)
660 if (idx
< OSSL_NELEM(standard_methods
))
661 return (standard_methods
[idx
])();
662 if (app_pkey_methods
== NULL
)
664 idx
-= OSSL_NELEM(standard_methods
);
665 if (idx
>= (size_t)sk_EVP_PKEY_METHOD_num(app_pkey_methods
))
667 return sk_EVP_PKEY_METHOD_value(app_pkey_methods
, idx
);
671 int EVP_PKEY_CTX_is_a(EVP_PKEY_CTX
*ctx
, const char *keytype
)
674 if (evp_pkey_ctx_is_legacy(ctx
))
675 return (ctx
->pmeth
->pkey_id
== evp_pkey_name2type(keytype
));
677 return EVP_KEYMGMT_is_a(ctx
->keymgmt
, keytype
);
680 int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX
*ctx
, const OSSL_PARAM
*params
)
682 switch (evp_pkey_ctx_state(ctx
)) {
683 case EVP_PKEY_STATE_PROVIDER
:
684 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
685 && ctx
->op
.kex
.exchange
!= NULL
686 && ctx
->op
.kex
.exchange
->set_ctx_params
!= NULL
)
688 ctx
->op
.kex
.exchange
->set_ctx_params(ctx
->op
.kex
.algctx
,
690 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
691 && ctx
->op
.sig
.signature
!= NULL
692 && ctx
->op
.sig
.signature
->set_ctx_params
!= NULL
)
694 ctx
->op
.sig
.signature
->set_ctx_params(ctx
->op
.sig
.algctx
,
696 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
697 && ctx
->op
.ciph
.cipher
!= NULL
698 && ctx
->op
.ciph
.cipher
->set_ctx_params
!= NULL
)
700 ctx
->op
.ciph
.cipher
->set_ctx_params(ctx
->op
.ciph
.algctx
,
702 if (EVP_PKEY_CTX_IS_GEN_OP(ctx
)
703 && ctx
->keymgmt
!= NULL
704 && ctx
->keymgmt
->gen_set_params
!= NULL
)
706 evp_keymgmt_gen_set_params(ctx
->keymgmt
, ctx
->op
.keymgmt
.genctx
,
708 if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)
709 && ctx
->op
.encap
.kem
!= NULL
710 && ctx
->op
.encap
.kem
->set_ctx_params
!= NULL
)
712 ctx
->op
.encap
.kem
->set_ctx_params(ctx
->op
.encap
.algctx
,
716 case EVP_PKEY_STATE_UNKNOWN
:
717 case EVP_PKEY_STATE_LEGACY
:
718 return evp_pkey_ctx_set_params_to_ctrl(ctx
, params
);
724 int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX
*ctx
, OSSL_PARAM
*params
)
726 switch (evp_pkey_ctx_state(ctx
)) {
727 case EVP_PKEY_STATE_PROVIDER
:
728 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
729 && ctx
->op
.kex
.exchange
!= NULL
730 && ctx
->op
.kex
.exchange
->get_ctx_params
!= NULL
)
732 ctx
->op
.kex
.exchange
->get_ctx_params(ctx
->op
.kex
.algctx
,
734 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
735 && ctx
->op
.sig
.signature
!= NULL
736 && ctx
->op
.sig
.signature
->get_ctx_params
!= NULL
)
738 ctx
->op
.sig
.signature
->get_ctx_params(ctx
->op
.sig
.algctx
,
740 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
741 && ctx
->op
.ciph
.cipher
!= NULL
742 && ctx
->op
.ciph
.cipher
->get_ctx_params
!= NULL
)
744 ctx
->op
.ciph
.cipher
->get_ctx_params(ctx
->op
.ciph
.algctx
,
746 if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)
747 && ctx
->op
.encap
.kem
!= NULL
748 && ctx
->op
.encap
.kem
->get_ctx_params
!= NULL
)
750 ctx
->op
.encap
.kem
->get_ctx_params(ctx
->op
.encap
.algctx
,
754 case EVP_PKEY_STATE_UNKNOWN
:
755 case EVP_PKEY_STATE_LEGACY
:
756 return evp_pkey_ctx_get_params_to_ctrl(ctx
, params
);
763 const OSSL_PARAM
*EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX
*ctx
)
767 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
768 && ctx
->op
.kex
.exchange
!= NULL
769 && ctx
->op
.kex
.exchange
->gettable_ctx_params
!= NULL
) {
770 provctx
= ossl_provider_ctx(EVP_KEYEXCH_get0_provider(ctx
->op
.kex
.exchange
));
771 return ctx
->op
.kex
.exchange
->gettable_ctx_params(ctx
->op
.kex
.algctx
,
774 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
775 && ctx
->op
.sig
.signature
!= NULL
776 && ctx
->op
.sig
.signature
->gettable_ctx_params
!= NULL
) {
777 provctx
= ossl_provider_ctx(
778 EVP_SIGNATURE_get0_provider(ctx
->op
.sig
.signature
));
779 return ctx
->op
.sig
.signature
->gettable_ctx_params(ctx
->op
.sig
.algctx
,
782 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
783 && ctx
->op
.ciph
.cipher
!= NULL
784 && ctx
->op
.ciph
.cipher
->gettable_ctx_params
!= NULL
) {
785 provctx
= ossl_provider_ctx(
786 EVP_ASYM_CIPHER_get0_provider(ctx
->op
.ciph
.cipher
));
787 return ctx
->op
.ciph
.cipher
->gettable_ctx_params(ctx
->op
.ciph
.algctx
,
790 if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)
791 && ctx
->op
.encap
.kem
!= NULL
792 && ctx
->op
.encap
.kem
->gettable_ctx_params
!= NULL
) {
793 provctx
= ossl_provider_ctx(EVP_KEM_get0_provider(ctx
->op
.encap
.kem
));
794 return ctx
->op
.encap
.kem
->gettable_ctx_params(ctx
->op
.encap
.algctx
,
800 const OSSL_PARAM
*EVP_PKEY_CTX_settable_params(const EVP_PKEY_CTX
*ctx
)
804 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
805 && ctx
->op
.kex
.exchange
!= NULL
806 && ctx
->op
.kex
.exchange
->settable_ctx_params
!= NULL
) {
807 provctx
= ossl_provider_ctx(EVP_KEYEXCH_get0_provider(ctx
->op
.kex
.exchange
));
808 return ctx
->op
.kex
.exchange
->settable_ctx_params(ctx
->op
.kex
.algctx
,
811 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
812 && ctx
->op
.sig
.signature
!= NULL
813 && ctx
->op
.sig
.signature
->settable_ctx_params
!= NULL
) {
814 provctx
= ossl_provider_ctx(
815 EVP_SIGNATURE_get0_provider(ctx
->op
.sig
.signature
));
816 return ctx
->op
.sig
.signature
->settable_ctx_params(ctx
->op
.sig
.algctx
,
819 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
820 && ctx
->op
.ciph
.cipher
!= NULL
821 && ctx
->op
.ciph
.cipher
->settable_ctx_params
!= NULL
) {
822 provctx
= ossl_provider_ctx(
823 EVP_ASYM_CIPHER_get0_provider(ctx
->op
.ciph
.cipher
));
824 return ctx
->op
.ciph
.cipher
->settable_ctx_params(ctx
->op
.ciph
.algctx
,
827 if (EVP_PKEY_CTX_IS_GEN_OP(ctx
)
828 && ctx
->keymgmt
!= NULL
829 && ctx
->keymgmt
->gen_settable_params
!= NULL
) {
830 provctx
= ossl_provider_ctx(EVP_KEYMGMT_get0_provider(ctx
->keymgmt
));
831 return ctx
->keymgmt
->gen_settable_params(ctx
->op
.keymgmt
.genctx
,
834 if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)
835 && ctx
->op
.encap
.kem
!= NULL
836 && ctx
->op
.encap
.kem
->settable_ctx_params
!= NULL
) {
837 provctx
= ossl_provider_ctx(EVP_KEM_get0_provider(ctx
->op
.encap
.kem
));
838 return ctx
->op
.encap
.kem
->settable_ctx_params(ctx
->op
.encap
.algctx
,
845 * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params().
847 * Return 1 on success, 0 or negative for errors.
849 * In particular they return -2 if any of the params is not supported.
851 * They are not available in FIPS_MODULE as they depend on
852 * - EVP_PKEY_CTX_{get,set}_params()
853 * - EVP_PKEY_CTX_{gettable,settable}_params()
856 int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX
*ctx
, OSSL_PARAM
*params
)
858 if (ctx
== NULL
|| params
== NULL
)
862 * We only check for provider side EVP_PKEY_CTX. For #legacy, we
863 * depend on the translation that happens in EVP_PKEY_CTX_set_params()
864 * call, and that the resulting ctrl call will return -2 if it doesn't
865 * known the ctrl command number.
867 if (evp_pkey_ctx_is_provided(ctx
)) {
868 const OSSL_PARAM
*settable
= EVP_PKEY_CTX_settable_params(ctx
);
871 for (p
= params
; p
->key
!= NULL
; p
++) {
872 /* Check the ctx actually understands this parameter */
873 if (OSSL_PARAM_locate_const(settable
, p
->key
) == NULL
)
878 return EVP_PKEY_CTX_set_params(ctx
, params
);
881 int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX
*ctx
, OSSL_PARAM
*params
)
883 if (ctx
== NULL
|| params
== NULL
)
887 * We only check for provider side EVP_PKEY_CTX. For #legacy, we
888 * depend on the translation that happens in EVP_PKEY_CTX_get_params()
889 * call, and that the resulting ctrl call will return -2 if it doesn't
890 * known the ctrl command number.
892 if (evp_pkey_ctx_is_provided(ctx
)) {
893 const OSSL_PARAM
*gettable
= EVP_PKEY_CTX_gettable_params(ctx
);
896 for (p
= params
; p
->key
!= NULL
; p
++) {
897 /* Check the ctx actually understands this parameter */
898 if (OSSL_PARAM_locate_const(gettable
, p
->key
) == NULL
)
903 return EVP_PKEY_CTX_get_params(ctx
, params
);
906 int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
**md
)
908 OSSL_PARAM sig_md_params
[2], *p
= sig_md_params
;
909 /* 80 should be big enough */
913 if (ctx
== NULL
|| !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)) {
914 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
915 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
919 if (ctx
->op
.sig
.algctx
== NULL
)
920 return EVP_PKEY_CTX_ctrl(ctx
, -1, EVP_PKEY_OP_TYPE_SIG
,
921 EVP_PKEY_CTRL_GET_MD
, 0, (void *)(md
));
923 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
926 *p
= OSSL_PARAM_construct_end();
928 if (!EVP_PKEY_CTX_get_params(ctx
, sig_md_params
))
931 tmp
= evp_get_digestbyname_ex(ctx
->libctx
, name
);
940 static int evp_pkey_ctx_set_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
*md
,
941 int fallback
, const char *param
, int op
,
944 OSSL_PARAM md_params
[2], *p
= md_params
;
947 if (ctx
== NULL
|| (ctx
->operation
& op
) == 0) {
948 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
949 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
954 return EVP_PKEY_CTX_ctrl(ctx
, -1, op
, ctrl
, 0, (void *)(md
));
959 name
= EVP_MD_get0_name(md
);
962 *p
++ = OSSL_PARAM_construct_utf8_string(param
,
964 * Cast away the const. This is read
965 * only so should be safe
968 *p
= OSSL_PARAM_construct_end();
970 return EVP_PKEY_CTX_set_params(ctx
, md_params
);
973 int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
*md
)
975 return evp_pkey_ctx_set_md(ctx
, md
, ctx
->op
.sig
.algctx
== NULL
,
976 OSSL_SIGNATURE_PARAM_DIGEST
,
977 EVP_PKEY_OP_TYPE_SIG
, EVP_PKEY_CTRL_MD
);
980 int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
*md
)
982 return evp_pkey_ctx_set_md(ctx
, md
, ctx
->op
.kex
.algctx
== NULL
,
983 OSSL_KDF_PARAM_DIGEST
,
984 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_TLS_MD
);
987 static int evp_pkey_ctx_set1_octet_string(EVP_PKEY_CTX
*ctx
, int fallback
,
988 const char *param
, int op
, int ctrl
,
989 const unsigned char *data
,
992 OSSL_PARAM octet_string_params
[2], *p
= octet_string_params
;
994 if (ctx
== NULL
|| (ctx
->operation
& op
) == 0) {
995 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
996 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1000 /* Code below to be removed when legacy support is dropped. */
1002 return EVP_PKEY_CTX_ctrl(ctx
, -1, op
, ctrl
, datalen
, (void *)(data
));
1003 /* end of legacy support */
1006 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_LENGTH
);
1010 *p
++ = OSSL_PARAM_construct_octet_string(param
,
1012 * Cast away the const. This is read
1013 * only so should be safe
1015 (unsigned char *)data
,
1017 *p
= OSSL_PARAM_construct_end();
1019 return EVP_PKEY_CTX_set_params(ctx
, octet_string_params
);
1022 int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX
*ctx
,
1023 const unsigned char *sec
, int seclen
)
1025 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.algctx
== NULL
,
1026 OSSL_KDF_PARAM_SECRET
,
1028 EVP_PKEY_CTRL_TLS_SECRET
,
1032 int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX
*ctx
,
1033 const unsigned char *seed
, int seedlen
)
1035 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.algctx
== NULL
,
1036 OSSL_KDF_PARAM_SEED
,
1038 EVP_PKEY_CTRL_TLS_SEED
,
1042 int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
*md
)
1044 return evp_pkey_ctx_set_md(ctx
, md
, ctx
->op
.kex
.algctx
== NULL
,
1045 OSSL_KDF_PARAM_DIGEST
,
1046 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_HKDF_MD
);
1049 int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX
*ctx
,
1050 const unsigned char *salt
, int saltlen
)
1052 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.algctx
== NULL
,
1053 OSSL_KDF_PARAM_SALT
,
1055 EVP_PKEY_CTRL_HKDF_SALT
,
1059 int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX
*ctx
,
1060 const unsigned char *key
, int keylen
)
1062 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.algctx
== NULL
,
1065 EVP_PKEY_CTRL_HKDF_KEY
,
1069 int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX
*ctx
,
1070 const unsigned char *info
, int infolen
)
1072 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.algctx
== NULL
,
1073 OSSL_KDF_PARAM_INFO
,
1075 EVP_PKEY_CTRL_HKDF_INFO
,
1079 int EVP_PKEY_CTX_set_hkdf_mode(EVP_PKEY_CTX
*ctx
, int mode
)
1081 OSSL_PARAM int_params
[2], *p
= int_params
;
1083 if (ctx
== NULL
|| !EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)) {
1084 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1085 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1089 /* Code below to be removed when legacy support is dropped. */
1090 if (ctx
->op
.kex
.algctx
== NULL
)
1091 return EVP_PKEY_CTX_ctrl(ctx
, -1, EVP_PKEY_OP_DERIVE
,
1092 EVP_PKEY_CTRL_HKDF_MODE
, mode
, NULL
);
1093 /* end of legacy support */
1096 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_VALUE
);
1100 *p
++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE
, &mode
);
1101 *p
= OSSL_PARAM_construct_end();
1103 return EVP_PKEY_CTX_set_params(ctx
, int_params
);
1106 int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX
*ctx
, const char *pass
,
1109 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.algctx
== NULL
,
1110 OSSL_KDF_PARAM_PASSWORD
,
1113 (const unsigned char *)pass
, passlen
);
1116 int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX
*ctx
,
1117 const unsigned char *salt
, int saltlen
)
1119 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.algctx
== NULL
,
1120 OSSL_KDF_PARAM_SALT
,
1122 EVP_PKEY_CTRL_SCRYPT_SALT
,
1126 static int evp_pkey_ctx_set_uint64(EVP_PKEY_CTX
*ctx
, const char *param
,
1127 int op
, int ctrl
, uint64_t val
)
1129 OSSL_PARAM uint64_params
[2], *p
= uint64_params
;
1131 if (ctx
== NULL
|| !EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)) {
1132 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1133 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1137 /* Code below to be removed when legacy support is dropped. */
1138 if (ctx
->op
.kex
.algctx
== NULL
)
1139 return EVP_PKEY_CTX_ctrl_uint64(ctx
, -1, op
, ctrl
, val
);
1140 /* end of legacy support */
1142 *p
++ = OSSL_PARAM_construct_uint64(param
, &val
);
1143 *p
= OSSL_PARAM_construct_end();
1145 return EVP_PKEY_CTX_set_params(ctx
, uint64_params
);
1148 int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX
*ctx
, uint64_t n
)
1150 return evp_pkey_ctx_set_uint64(ctx
, OSSL_KDF_PARAM_SCRYPT_N
,
1151 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_SCRYPT_N
,
1155 int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX
*ctx
, uint64_t r
)
1157 return evp_pkey_ctx_set_uint64(ctx
, OSSL_KDF_PARAM_SCRYPT_R
,
1158 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_SCRYPT_R
,
1162 int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX
*ctx
, uint64_t p
)
1164 return evp_pkey_ctx_set_uint64(ctx
, OSSL_KDF_PARAM_SCRYPT_P
,
1165 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_SCRYPT_P
,
1169 int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX
*ctx
,
1170 uint64_t maxmem_bytes
)
1172 return evp_pkey_ctx_set_uint64(ctx
, OSSL_KDF_PARAM_SCRYPT_MAXMEM
,
1174 EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES
,
1178 int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX
*ctx
, const unsigned char *key
,
1181 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.keymgmt
.genctx
== NULL
,
1182 OSSL_PKEY_PARAM_PRIV_KEY
,
1184 EVP_PKEY_CTRL_SET_MAC_KEY
,
1188 int EVP_PKEY_CTX_set_kem_op(EVP_PKEY_CTX
*ctx
, const char *op
)
1190 OSSL_PARAM params
[2], *p
= params
;
1192 if (ctx
== NULL
|| op
== NULL
) {
1193 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_VALUE
);
1196 if (!EVP_PKEY_CTX_IS_KEM_OP(ctx
)) {
1197 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1200 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_KEM_PARAM_OPERATION
,
1202 *p
= OSSL_PARAM_construct_end();
1203 return EVP_PKEY_CTX_set_params(ctx
, params
);
1206 int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX
*ctx
, const void *id
, int len
)
1208 return EVP_PKEY_CTX_ctrl(ctx
, -1, -1,
1209 EVP_PKEY_CTRL_SET1_ID
, (int)len
, (void*)(id
));
1212 int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX
*ctx
, void *id
)
1214 return EVP_PKEY_CTX_ctrl(ctx
, -1, -1, EVP_PKEY_CTRL_GET1_ID
, 0, (void*)id
);
1217 int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX
*ctx
, size_t *id_len
)
1219 return EVP_PKEY_CTX_ctrl(ctx
, -1, -1,
1220 EVP_PKEY_CTRL_GET1_ID_LEN
, 0, (void*)id_len
);
1223 static int evp_pkey_ctx_ctrl_int(EVP_PKEY_CTX
*ctx
, int keytype
, int optype
,
1224 int cmd
, int p1
, void *p2
)
1229 * If the method has a |digest_custom| function, we can relax the
1230 * operation type check, since this can be called before the operation
1233 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->digest_custom
== NULL
) {
1234 if (ctx
->operation
== EVP_PKEY_OP_UNDEFINED
) {
1235 ERR_raise(ERR_LIB_EVP
, EVP_R_NO_OPERATION_SET
);
1239 if ((optype
!= -1) && !(ctx
->operation
& optype
)) {
1240 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_OPERATION
);
1245 switch (evp_pkey_ctx_state(ctx
)) {
1246 case EVP_PKEY_STATE_PROVIDER
:
1247 return evp_pkey_ctx_ctrl_to_param(ctx
, keytype
, optype
, cmd
, p1
, p2
);
1248 case EVP_PKEY_STATE_UNKNOWN
:
1249 case EVP_PKEY_STATE_LEGACY
:
1250 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->ctrl
== NULL
) {
1251 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1254 if ((keytype
!= -1) && (ctx
->pmeth
->pkey_id
!= keytype
))
1257 ret
= ctx
->pmeth
->ctrl(ctx
, cmd
, p1
, p2
);
1260 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1266 int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX
*ctx
, int keytype
, int optype
,
1267 int cmd
, int p1
, void *p2
)
1272 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1275 /* If unsupported, we don't want that reported here */
1277 ret
= evp_pkey_ctx_store_cached_data(ctx
, keytype
, optype
,
1282 ERR_clear_last_mark();
1284 * If there was an error, there was an error.
1285 * If the operation isn't initialized yet, we also return, as
1286 * the saved values will be used then anyway.
1288 if (ret
< 1 || ctx
->operation
== EVP_PKEY_OP_UNDEFINED
)
1291 return evp_pkey_ctx_ctrl_int(ctx
, keytype
, optype
, cmd
, p1
, p2
);
1294 int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX
*ctx
, int keytype
, int optype
,
1295 int cmd
, uint64_t value
)
1297 return EVP_PKEY_CTX_ctrl(ctx
, keytype
, optype
, cmd
, 0, &value
);
1301 static int evp_pkey_ctx_ctrl_str_int(EVP_PKEY_CTX
*ctx
,
1302 const char *name
, const char *value
)
1307 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1311 switch (evp_pkey_ctx_state(ctx
)) {
1312 case EVP_PKEY_STATE_PROVIDER
:
1313 return evp_pkey_ctx_ctrl_str_to_param(ctx
, name
, value
);
1314 case EVP_PKEY_STATE_UNKNOWN
:
1315 case EVP_PKEY_STATE_LEGACY
:
1316 if (ctx
== NULL
|| ctx
->pmeth
== NULL
|| ctx
->pmeth
->ctrl_str
== NULL
) {
1317 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1320 if (strcmp(name
, "digest") == 0)
1321 ret
= EVP_PKEY_CTX_md(ctx
,
1322 EVP_PKEY_OP_TYPE_SIG
| EVP_PKEY_OP_TYPE_CRYPT
,
1323 EVP_PKEY_CTRL_MD
, value
);
1325 ret
= ctx
->pmeth
->ctrl_str(ctx
, name
, value
);
1332 int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX
*ctx
,
1333 const char *name
, const char *value
)
1337 /* If unsupported, we don't want that reported here */
1339 ret
= evp_pkey_ctx_store_cached_data(ctx
, -1, -1, -1,
1340 name
, value
, strlen(value
) + 1);
1344 ERR_clear_last_mark();
1346 * If there was an error, there was an error.
1347 * If the operation isn't initialized yet, we also return, as
1348 * the saved values will be used then anyway.
1350 if (ret
< 1 || ctx
->operation
== EVP_PKEY_OP_UNDEFINED
)
1354 return evp_pkey_ctx_ctrl_str_int(ctx
, name
, value
);
1357 static int decode_cmd(int cmd
, const char *name
)
1361 * The consequence of the assertion not being true is that this
1362 * function will return -1, which will cause the calling functions
1363 * to signal that the command is unsupported... in non-debug mode.
1365 if (ossl_assert(name
!= NULL
))
1366 if (strcmp(name
, "distid") == 0 || strcmp(name
, "hexdistid") == 0)
1367 cmd
= EVP_PKEY_CTRL_SET1_ID
;
1373 static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX
*ctx
,
1374 int keytype
, int optype
,
1375 int cmd
, const char *name
,
1376 const void *data
, size_t data_len
)
1379 * Check that it's one of the supported commands. The ctrl commands
1380 * number cases here must correspond to the cases in the bottom switch
1383 switch (cmd
= decode_cmd(cmd
, name
)) {
1384 case EVP_PKEY_CTRL_SET1_ID
:
1387 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1391 if (keytype
!= -1) {
1392 switch (evp_pkey_ctx_state(ctx
)) {
1393 case EVP_PKEY_STATE_PROVIDER
:
1394 if (ctx
->keymgmt
== NULL
) {
1395 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1398 if (!EVP_KEYMGMT_is_a(ctx
->keymgmt
,
1399 evp_pkey_type2name(keytype
))) {
1400 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_OPERATION
);
1404 case EVP_PKEY_STATE_UNKNOWN
:
1405 case EVP_PKEY_STATE_LEGACY
:
1406 if (ctx
->pmeth
== NULL
) {
1407 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1410 if (EVP_PKEY_type(ctx
->pmeth
->pkey_id
) != EVP_PKEY_type(keytype
)) {
1411 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_OPERATION
);
1417 if (optype
!= -1 && (ctx
->operation
& optype
) == 0) {
1418 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_OPERATION
);
1423 case EVP_PKEY_CTRL_SET1_ID
:
1424 evp_pkey_ctx_free_cached_data(ctx
, cmd
, name
);
1426 ctx
->cached_parameters
.dist_id_name
= OPENSSL_strdup(name
);
1427 if (ctx
->cached_parameters
.dist_id_name
== NULL
)
1431 ctx
->cached_parameters
.dist_id
= OPENSSL_memdup(data
, data_len
);
1432 if (ctx
->cached_parameters
.dist_id
== NULL
)
1435 ctx
->cached_parameters
.dist_id_set
= 1;
1436 ctx
->cached_parameters
.dist_id_len
= data_len
;
1442 static void evp_pkey_ctx_free_cached_data(EVP_PKEY_CTX
*ctx
,
1443 int cmd
, const char *name
)
1445 cmd
= decode_cmd(cmd
, name
);
1447 case EVP_PKEY_CTRL_SET1_ID
:
1448 OPENSSL_free(ctx
->cached_parameters
.dist_id
);
1449 OPENSSL_free(ctx
->cached_parameters
.dist_id_name
);
1450 ctx
->cached_parameters
.dist_id
= NULL
;
1451 ctx
->cached_parameters
.dist_id_name
= NULL
;
1456 static void evp_pkey_ctx_free_all_cached_data(EVP_PKEY_CTX
*ctx
)
1458 evp_pkey_ctx_free_cached_data(ctx
, EVP_PKEY_CTRL_SET1_ID
, NULL
);
1461 int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX
*ctx
)
1465 if (ret
&& ctx
->cached_parameters
.dist_id_set
) {
1466 const char *name
= ctx
->cached_parameters
.dist_id_name
;
1467 const void *val
= ctx
->cached_parameters
.dist_id
;
1468 size_t len
= ctx
->cached_parameters
.dist_id_len
;
1471 ret
= evp_pkey_ctx_ctrl_str_int(ctx
, name
, val
);
1473 ret
= evp_pkey_ctx_ctrl_int(ctx
, -1, ctx
->operation
,
1474 EVP_PKEY_CTRL_SET1_ID
,
1475 (int)len
, (void *)val
);
1481 OSSL_LIB_CTX
*EVP_PKEY_CTX_get0_libctx(EVP_PKEY_CTX
*ctx
)
1486 const char *EVP_PKEY_CTX_get0_propq(const EVP_PKEY_CTX
*ctx
)
1488 return ctx
->propquery
;
1491 const OSSL_PROVIDER
*EVP_PKEY_CTX_get0_provider(const EVP_PKEY_CTX
*ctx
)
1493 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)) {
1494 if (ctx
->op
.sig
.signature
!= NULL
)
1495 return EVP_SIGNATURE_get0_provider(ctx
->op
.sig
.signature
);
1496 } else if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)) {
1497 if (ctx
->op
.kex
.exchange
!= NULL
)
1498 return EVP_KEYEXCH_get0_provider(ctx
->op
.kex
.exchange
);
1499 } else if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)) {
1500 if (ctx
->op
.encap
.kem
!= NULL
)
1501 return EVP_KEM_get0_provider(ctx
->op
.encap
.kem
);
1502 } else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)) {
1503 if (ctx
->op
.ciph
.cipher
!= NULL
)
1504 return EVP_ASYM_CIPHER_get0_provider(ctx
->op
.ciph
.cipher
);
1505 } else if (EVP_PKEY_CTX_IS_GEN_OP(ctx
)) {
1506 if (ctx
->keymgmt
!= NULL
)
1507 return EVP_KEYMGMT_get0_provider(ctx
->keymgmt
);
1513 /* Utility functions to send a string of hex string to a ctrl */
1515 int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX
*ctx
, int cmd
, const char *str
)
1522 return ctx
->pmeth
->ctrl(ctx
, cmd
, len
, (void *)str
);
1525 int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX
*ctx
, int cmd
, const char *hex
)
1531 bin
= OPENSSL_hexstr2buf(hex
, &binlen
);
1534 if (binlen
<= INT_MAX
)
1535 rv
= ctx
->pmeth
->ctrl(ctx
, cmd
, binlen
, bin
);
1540 /* Pass a message digest to a ctrl */
1541 int EVP_PKEY_CTX_md(EVP_PKEY_CTX
*ctx
, int optype
, int cmd
, const char *md
)
1545 if (md
== NULL
|| (m
= EVP_get_digestbyname(md
)) == NULL
) {
1546 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_DIGEST
);
1549 return EVP_PKEY_CTX_ctrl(ctx
, -1, optype
, cmd
, 0, (void *)m
);
1552 int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX
*ctx
)
1554 return ctx
->operation
;
1557 void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX
*ctx
, int *dat
, int datlen
)
1559 ctx
->keygen_info
= dat
;
1560 ctx
->keygen_info_count
= datlen
;
1563 void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX
*ctx
, void *data
)
1568 void *EVP_PKEY_CTX_get_data(const EVP_PKEY_CTX
*ctx
)
1573 EVP_PKEY
*EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX
*ctx
)
1578 EVP_PKEY
*EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX
*ctx
)
1580 return ctx
->peerkey
;
1583 void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX
*ctx
, void *data
)
1585 ctx
->app_data
= data
;
1588 void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX
*ctx
)
1590 return ctx
->app_data
;
1593 void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD
*pmeth
,
1594 int (*init
) (EVP_PKEY_CTX
*ctx
))
1599 void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD
*pmeth
,
1600 int (*copy
) (EVP_PKEY_CTX
*dst
,
1601 const EVP_PKEY_CTX
*src
))
1606 void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD
*pmeth
,
1607 void (*cleanup
) (EVP_PKEY_CTX
*ctx
))
1609 pmeth
->cleanup
= cleanup
;
1612 void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD
*pmeth
,
1613 int (*paramgen_init
) (EVP_PKEY_CTX
*ctx
),
1614 int (*paramgen
) (EVP_PKEY_CTX
*ctx
,
1617 pmeth
->paramgen_init
= paramgen_init
;
1618 pmeth
->paramgen
= paramgen
;
1621 void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD
*pmeth
,
1622 int (*keygen_init
) (EVP_PKEY_CTX
*ctx
),
1623 int (*keygen
) (EVP_PKEY_CTX
*ctx
,
1626 pmeth
->keygen_init
= keygen_init
;
1627 pmeth
->keygen
= keygen
;
1630 void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD
*pmeth
,
1631 int (*sign_init
) (EVP_PKEY_CTX
*ctx
),
1632 int (*sign
) (EVP_PKEY_CTX
*ctx
,
1633 unsigned char *sig
, size_t *siglen
,
1634 const unsigned char *tbs
,
1637 pmeth
->sign_init
= sign_init
;
1641 void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD
*pmeth
,
1642 int (*verify_init
) (EVP_PKEY_CTX
*ctx
),
1643 int (*verify
) (EVP_PKEY_CTX
*ctx
,
1644 const unsigned char *sig
,
1646 const unsigned char *tbs
,
1649 pmeth
->verify_init
= verify_init
;
1650 pmeth
->verify
= verify
;
1653 void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD
*pmeth
,
1654 int (*verify_recover_init
) (EVP_PKEY_CTX
1656 int (*verify_recover
) (EVP_PKEY_CTX
1665 pmeth
->verify_recover_init
= verify_recover_init
;
1666 pmeth
->verify_recover
= verify_recover
;
1669 void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD
*pmeth
,
1670 int (*signctx_init
) (EVP_PKEY_CTX
*ctx
,
1672 int (*signctx
) (EVP_PKEY_CTX
*ctx
,
1677 pmeth
->signctx_init
= signctx_init
;
1678 pmeth
->signctx
= signctx
;
1681 void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD
*pmeth
,
1682 int (*verifyctx_init
) (EVP_PKEY_CTX
*ctx
,
1684 int (*verifyctx
) (EVP_PKEY_CTX
*ctx
,
1685 const unsigned char *sig
,
1689 pmeth
->verifyctx_init
= verifyctx_init
;
1690 pmeth
->verifyctx
= verifyctx
;
1693 void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD
*pmeth
,
1694 int (*encrypt_init
) (EVP_PKEY_CTX
*ctx
),
1695 int (*encryptfn
) (EVP_PKEY_CTX
*ctx
,
1698 const unsigned char *in
,
1701 pmeth
->encrypt_init
= encrypt_init
;
1702 pmeth
->encrypt
= encryptfn
;
1705 void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD
*pmeth
,
1706 int (*decrypt_init
) (EVP_PKEY_CTX
*ctx
),
1707 int (*decrypt
) (EVP_PKEY_CTX
*ctx
,
1710 const unsigned char *in
,
1713 pmeth
->decrypt_init
= decrypt_init
;
1714 pmeth
->decrypt
= decrypt
;
1717 void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD
*pmeth
,
1718 int (*derive_init
) (EVP_PKEY_CTX
*ctx
),
1719 int (*derive
) (EVP_PKEY_CTX
*ctx
,
1723 pmeth
->derive_init
= derive_init
;
1724 pmeth
->derive
= derive
;
1727 void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD
*pmeth
,
1728 int (*ctrl
) (EVP_PKEY_CTX
*ctx
, int type
, int p1
,
1730 int (*ctrl_str
) (EVP_PKEY_CTX
*ctx
,
1735 pmeth
->ctrl_str
= ctrl_str
;
1738 void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD
*pmeth
,
1739 int (*digestsign
) (EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
1740 const unsigned char *tbs
, size_t tbslen
))
1742 pmeth
->digestsign
= digestsign
;
1745 void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD
*pmeth
,
1746 int (*digestverify
) (EVP_MD_CTX
*ctx
, const unsigned char *sig
,
1747 size_t siglen
, const unsigned char *tbs
,
1750 pmeth
->digestverify
= digestverify
;
1753 void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD
*pmeth
,
1754 int (*check
) (EVP_PKEY
*pkey
))
1756 pmeth
->check
= check
;
1759 void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD
*pmeth
,
1760 int (*check
) (EVP_PKEY
*pkey
))
1762 pmeth
->public_check
= check
;
1765 void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD
*pmeth
,
1766 int (*check
) (EVP_PKEY
*pkey
))
1768 pmeth
->param_check
= check
;
1771 void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD
*pmeth
,
1772 int (*digest_custom
) (EVP_PKEY_CTX
*ctx
,
1775 pmeth
->digest_custom
= digest_custom
;
1778 void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD
*pmeth
,
1779 int (**pinit
) (EVP_PKEY_CTX
*ctx
))
1781 *pinit
= pmeth
->init
;
1784 void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD
*pmeth
,
1785 int (**pcopy
) (EVP_PKEY_CTX
*dst
,
1786 const EVP_PKEY_CTX
*src
))
1788 *pcopy
= pmeth
->copy
;
1791 void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD
*pmeth
,
1792 void (**pcleanup
) (EVP_PKEY_CTX
*ctx
))
1794 *pcleanup
= pmeth
->cleanup
;
1797 void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD
*pmeth
,
1798 int (**pparamgen_init
) (EVP_PKEY_CTX
*ctx
),
1799 int (**pparamgen
) (EVP_PKEY_CTX
*ctx
,
1803 *pparamgen_init
= pmeth
->paramgen_init
;
1805 *pparamgen
= pmeth
->paramgen
;
1808 void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD
*pmeth
,
1809 int (**pkeygen_init
) (EVP_PKEY_CTX
*ctx
),
1810 int (**pkeygen
) (EVP_PKEY_CTX
*ctx
,
1814 *pkeygen_init
= pmeth
->keygen_init
;
1816 *pkeygen
= pmeth
->keygen
;
1819 void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD
*pmeth
,
1820 int (**psign_init
) (EVP_PKEY_CTX
*ctx
),
1821 int (**psign
) (EVP_PKEY_CTX
*ctx
,
1822 unsigned char *sig
, size_t *siglen
,
1823 const unsigned char *tbs
,
1827 *psign_init
= pmeth
->sign_init
;
1829 *psign
= pmeth
->sign
;
1832 void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD
*pmeth
,
1833 int (**pverify_init
) (EVP_PKEY_CTX
*ctx
),
1834 int (**pverify
) (EVP_PKEY_CTX
*ctx
,
1835 const unsigned char *sig
,
1837 const unsigned char *tbs
,
1841 *pverify_init
= pmeth
->verify_init
;
1843 *pverify
= pmeth
->verify
;
1846 void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD
*pmeth
,
1847 int (**pverify_recover_init
) (EVP_PKEY_CTX
1849 int (**pverify_recover
) (EVP_PKEY_CTX
1858 if (pverify_recover_init
)
1859 *pverify_recover_init
= pmeth
->verify_recover_init
;
1860 if (pverify_recover
)
1861 *pverify_recover
= pmeth
->verify_recover
;
1864 void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD
*pmeth
,
1865 int (**psignctx_init
) (EVP_PKEY_CTX
*ctx
,
1867 int (**psignctx
) (EVP_PKEY_CTX
*ctx
,
1873 *psignctx_init
= pmeth
->signctx_init
;
1875 *psignctx
= pmeth
->signctx
;
1878 void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD
*pmeth
,
1879 int (**pverifyctx_init
) (EVP_PKEY_CTX
*ctx
,
1881 int (**pverifyctx
) (EVP_PKEY_CTX
*ctx
,
1882 const unsigned char *sig
,
1886 if (pverifyctx_init
)
1887 *pverifyctx_init
= pmeth
->verifyctx_init
;
1889 *pverifyctx
= pmeth
->verifyctx
;
1892 void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD
*pmeth
,
1893 int (**pencrypt_init
) (EVP_PKEY_CTX
*ctx
),
1894 int (**pencryptfn
) (EVP_PKEY_CTX
*ctx
,
1897 const unsigned char *in
,
1901 *pencrypt_init
= pmeth
->encrypt_init
;
1903 *pencryptfn
= pmeth
->encrypt
;
1906 void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD
*pmeth
,
1907 int (**pdecrypt_init
) (EVP_PKEY_CTX
*ctx
),
1908 int (**pdecrypt
) (EVP_PKEY_CTX
*ctx
,
1911 const unsigned char *in
,
1915 *pdecrypt_init
= pmeth
->decrypt_init
;
1917 *pdecrypt
= pmeth
->decrypt
;
1920 void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD
*pmeth
,
1921 int (**pderive_init
) (EVP_PKEY_CTX
*ctx
),
1922 int (**pderive
) (EVP_PKEY_CTX
*ctx
,
1927 *pderive_init
= pmeth
->derive_init
;
1929 *pderive
= pmeth
->derive
;
1932 void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD
*pmeth
,
1933 int (**pctrl
) (EVP_PKEY_CTX
*ctx
, int type
, int p1
,
1935 int (**pctrl_str
) (EVP_PKEY_CTX
*ctx
,
1940 *pctrl
= pmeth
->ctrl
;
1942 *pctrl_str
= pmeth
->ctrl_str
;
1945 void EVP_PKEY_meth_get_digestsign(const EVP_PKEY_METHOD
*pmeth
,
1946 int (**digestsign
) (EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
1947 const unsigned char *tbs
, size_t tbslen
))
1950 *digestsign
= pmeth
->digestsign
;
1953 void EVP_PKEY_meth_get_digestverify(const EVP_PKEY_METHOD
*pmeth
,
1954 int (**digestverify
) (EVP_MD_CTX
*ctx
, const unsigned char *sig
,
1955 size_t siglen
, const unsigned char *tbs
,
1959 *digestverify
= pmeth
->digestverify
;
1962 void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD
*pmeth
,
1963 int (**pcheck
) (EVP_PKEY
*pkey
))
1966 *pcheck
= pmeth
->check
;
1969 void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD
*pmeth
,
1970 int (**pcheck
) (EVP_PKEY
*pkey
))
1973 *pcheck
= pmeth
->public_check
;
1976 void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD
*pmeth
,
1977 int (**pcheck
) (EVP_PKEY
*pkey
))
1980 *pcheck
= pmeth
->param_check
;
1983 void EVP_PKEY_meth_get_digest_custom(const EVP_PKEY_METHOD
*pmeth
,
1984 int (**pdigest_custom
) (EVP_PKEY_CTX
*ctx
,
1987 if (pdigest_custom
!= NULL
)
1988 *pdigest_custom
= pmeth
->digest_custom
;
1991 #endif /* FIPS_MODULE */