]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/evp/pmeth_lib.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Remove some of the TODO 3.0 in crypto/evp related to legacy support.
[thirdparty/openssl.git] / crypto / evp / pmeth_lib.c
1 /*
2 * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * Low level key APIs (DH etc) are deprecated for public use, but still ok for
12 * internal use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <stdio.h>
17 #include <stdlib.h>
18 #include <openssl/engine.h>
19 #include <openssl/evp.h>
20 #include <openssl/x509v3.h>
21 #include <openssl/core_names.h>
22 #include <openssl/dh.h>
23 #include <openssl/rsa.h>
24 #include <openssl/kdf.h>
25 #include "internal/cryptlib.h"
26 #include "crypto/asn1.h"
27 #include "crypto/evp.h"
28 #include "crypto/dh.h"
29 #include "crypto/ec.h"
30 #include "internal/ffc.h"
31 #include "internal/numbers.h"
32 #include "internal/provider.h"
33 #include "evp_local.h"
34
35 #ifndef FIPS_MODULE
36
37 static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx,
38 int keytype, int optype,
39 int cmd, const char *name,
40 const void *data, size_t data_len);
41 static void evp_pkey_ctx_free_cached_data(EVP_PKEY_CTX *ctx,
42 int cmd, const char *name);
43 static void evp_pkey_ctx_free_all_cached_data(EVP_PKEY_CTX *ctx);
44
45 typedef const EVP_PKEY_METHOD *(*pmeth_fn)(void);
46 typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
47
48 static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
49
50 /* This array needs to be in order of NIDs */
51 static pmeth_fn standard_methods[] = {
52 ossl_rsa_pkey_method,
53 # ifndef OPENSSL_NO_DH
54 ossl_dh_pkey_method,
55 # endif
56 # ifndef OPENSSL_NO_DSA
57 ossl_dsa_pkey_method,
58 # endif
59 # ifndef OPENSSL_NO_EC
60 ossl_ec_pkey_method,
61 # endif
62 ossl_rsa_pss_pkey_method,
63 # ifndef OPENSSL_NO_DH
64 ossl_dhx_pkey_method,
65 # endif
66 # ifndef OPENSSL_NO_EC
67 ossl_ecx25519_pkey_method,
68 ossl_ecx448_pkey_method,
69 # endif
70 # ifndef OPENSSL_NO_EC
71 ossl_ed25519_pkey_method,
72 ossl_ed448_pkey_method,
73 # endif
74 };
75
76 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, pmeth_fn, pmeth_func);
77
78 static int pmeth_func_cmp(const EVP_PKEY_METHOD *const *a, pmeth_fn const *b)
79 {
80 return ((*a)->pkey_id - ((**b)())->pkey_id);
81 }
82
83 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, pmeth_fn, pmeth_func);
84
85 static int pmeth_cmp(const EVP_PKEY_METHOD *const *a,
86 const EVP_PKEY_METHOD *const *b)
87 {
88 return ((*a)->pkey_id - (*b)->pkey_id);
89 }
90
91 static const EVP_PKEY_METHOD *evp_pkey_meth_find_added_by_application(int type)
92 {
93 if (app_pkey_methods != NULL) {
94 int idx;
95 EVP_PKEY_METHOD tmp;
96
97 tmp.pkey_id = type;
98 idx = sk_EVP_PKEY_METHOD_find(app_pkey_methods, &tmp);
99 if (idx >= 0)
100 return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
101 }
102 return NULL;
103 }
104
105 const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
106 {
107 pmeth_fn *ret;
108 EVP_PKEY_METHOD tmp;
109 const EVP_PKEY_METHOD *t;
110
111 if ((t = evp_pkey_meth_find_added_by_application(type)) != NULL)
112 return t;
113
114 tmp.pkey_id = type;
115 t = &tmp;
116 ret = OBJ_bsearch_pmeth_func(&t, standard_methods,
117 OSSL_NELEM(standard_methods));
118 if (ret == NULL || *ret == NULL)
119 return NULL;
120 return (**ret)();
121 }
122
123 EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
124 {
125 EVP_PKEY_METHOD *pmeth;
126
127 pmeth = OPENSSL_zalloc(sizeof(*pmeth));
128 if (pmeth == NULL) {
129 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
130 return NULL;
131 }
132
133 pmeth->pkey_id = id;
134 pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
135 return pmeth;
136 }
137
138 static void help_get_legacy_alg_type_from_keymgmt(const char *keytype,
139 void *arg)
140 {
141 int *type = arg;
142
143 if (*type == NID_undef)
144 *type = evp_pkey_name2type(keytype);
145 }
146
147 static int get_legacy_alg_type_from_keymgmt(const EVP_KEYMGMT *keymgmt)
148 {
149 int type = NID_undef;
150
151 EVP_KEYMGMT_names_do_all(keymgmt, help_get_legacy_alg_type_from_keymgmt,
152 &type);
153 return type;
154 }
155 #endif /* FIPS_MODULE */
156
157 int evp_pkey_ctx_state(const EVP_PKEY_CTX *ctx)
158 {
159 if (ctx->operation == EVP_PKEY_OP_UNDEFINED)
160 return EVP_PKEY_STATE_UNKNOWN;
161
162 if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
163 && ctx->op.kex.exchprovctx != NULL)
164 || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
165 && ctx->op.sig.sigprovctx != NULL)
166 || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)
167 && ctx->op.ciph.ciphprovctx != NULL)
168 || (EVP_PKEY_CTX_IS_GEN_OP(ctx)
169 && ctx->op.keymgmt.genctx != NULL)
170 || (EVP_PKEY_CTX_IS_KEM_OP(ctx)
171 && ctx->op.encap.kemprovctx != NULL))
172 return EVP_PKEY_STATE_PROVIDER;
173
174 return EVP_PKEY_STATE_LEGACY;
175 }
176
177 static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx,
178 EVP_PKEY *pkey, ENGINE *e,
179 const char *keytype, const char *propquery,
180 int id)
181
182 {
183 EVP_PKEY_CTX *ret = NULL;
184 const EVP_PKEY_METHOD *pmeth = NULL;
185 EVP_KEYMGMT *keymgmt = NULL;
186
187 /*
188 * If the given |pkey| is provided, we extract the keytype from its
189 * keymgmt and skip over the legacy code.
190 */
191 if (pkey != NULL && evp_pkey_is_provided(pkey)) {
192 /* If we have an engine, something went wrong somewhere... */
193 if (!ossl_assert(e == NULL))
194 return NULL;
195 keytype = evp_first_name(pkey->keymgmt->prov, pkey->keymgmt->name_id);
196 goto common;
197 }
198
199 #ifndef FIPS_MODULE
200 /* Code below to be removed when legacy support is dropped. */
201 /* BEGIN legacy */
202 if (id == -1) {
203 if (pkey != NULL)
204 id = pkey->type;
205 else if (keytype != NULL)
206 id = evp_pkey_name2type(keytype);
207 if (id == NID_undef)
208 id = -1;
209 }
210 /* If no ID was found here, we can only resort to find a keymgmt */
211 if (id == -1)
212 goto common;
213
214 /*
215 * Here, we extract what information we can for the purpose of
216 * supporting usage with implementations from providers, to make
217 * for a smooth transition from legacy stuff to provider based stuff.
218 *
219 * If an engine is given, this is entirely legacy, and we should not
220 * pretend anything else, so we only set the name when no engine is
221 * given. If both are already given, someone made a mistake, and
222 * since that can only happen internally, it's safe to make an
223 * assertion.
224 */
225 if (!ossl_assert(e == NULL || keytype == NULL))
226 return NULL;
227 if (e == NULL)
228 keytype = OBJ_nid2sn(id);
229
230 # ifndef OPENSSL_NO_ENGINE
231 if (e == NULL && pkey != NULL)
232 e = pkey->pmeth_engine != NULL ? pkey->pmeth_engine : pkey->engine;
233 /* Try to find an ENGINE which implements this method */
234 if (e) {
235 if (!ENGINE_init(e)) {
236 ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB);
237 return NULL;
238 }
239 } else {
240 e = ENGINE_get_pkey_meth_engine(id);
241 }
242
243 /*
244 * If an ENGINE handled this method look it up. Otherwise use internal
245 * tables.
246 */
247 if (e != NULL)
248 pmeth = ENGINE_get_pkey_meth(e, id);
249 else
250 # endif
251 pmeth = evp_pkey_meth_find_added_by_application(id);
252
253 /* END legacy */
254 #endif /* FIPS_MODULE */
255 common:
256 /*
257 * If there's no engine and there's a name, we try fetching a provider
258 * implementation.
259 */
260 if (e == NULL && keytype != NULL) {
261 keymgmt = EVP_KEYMGMT_fetch(libctx, keytype, propquery);
262 if (keymgmt == NULL)
263 return NULL; /* EVP_KEYMGMT_fetch() recorded an error */
264
265 #ifndef FIPS_MODULE
266 /*
267 * Chase down the legacy NID, as that might be needed for diverse
268 * purposes, such as ensure that EVP_PKEY_type() can return sensible
269 * values, or that there's a better chance to "downgrade" a key when
270 * needed. We go through all keymgmt names, because the keytype
271 * that's passed to this function doesn't necessarily translate
272 * directly.
273 * TODO: Remove this when #legacy keys are gone.
274 */
275 if (keymgmt != NULL) {
276 int tmp_id = get_legacy_alg_type_from_keymgmt(keymgmt);
277
278 if (tmp_id != NID_undef) {
279 if (id == -1) {
280 id = tmp_id;
281 } else {
282 /*
283 * It really really shouldn't differ. If it still does,
284 * something is very wrong.
285 */
286 if (!ossl_assert(id == tmp_id)) {
287 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
288 EVP_KEYMGMT_free(keymgmt);
289 return NULL;
290 }
291 }
292 }
293 }
294 #endif
295 }
296
297 if (pmeth == NULL && keymgmt == NULL) {
298 ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_ALGORITHM);
299 } else {
300 ret = OPENSSL_zalloc(sizeof(*ret));
301 if (ret == NULL)
302 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
303 }
304
305 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
306 if ((ret == NULL || pmeth == NULL) && e != NULL)
307 ENGINE_finish(e);
308 #endif
309
310 if (ret == NULL) {
311 EVP_KEYMGMT_free(keymgmt);
312 return NULL;
313 }
314 if (propquery != NULL) {
315 ret->propquery = OPENSSL_strdup(propquery);
316 if (ret->propquery == NULL) {
317 EVP_KEYMGMT_free(keymgmt);
318 return NULL;
319 }
320 }
321 ret->libctx = libctx;
322 ret->keytype = keytype;
323 ret->keymgmt = keymgmt;
324 ret->legacy_keytype = id; /* TODO: Remove when #legacy key are gone */
325 ret->engine = e;
326 ret->pmeth = pmeth;
327 ret->operation = EVP_PKEY_OP_UNDEFINED;
328 ret->pkey = pkey;
329 if (pkey != NULL)
330 EVP_PKEY_up_ref(pkey);
331
332 if (pmeth != NULL && pmeth->init != NULL) {
333 if (pmeth->init(ret) <= 0) {
334 ret->pmeth = NULL;
335 EVP_PKEY_CTX_free(ret);
336 return NULL;
337 }
338 }
339
340 return ret;
341 }
342
343 /*- All methods below can also be used in FIPS_MODULE */
344
345 EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OSSL_LIB_CTX *libctx,
346 const char *name,
347 const char *propquery)
348 {
349 return int_ctx_new(libctx, NULL, NULL, name, propquery, -1);
350 }
351
352 EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX *libctx, EVP_PKEY *pkey,
353 const char *propquery)
354 {
355 return int_ctx_new(libctx, pkey, NULL, NULL, propquery, -1);
356 }
357
358 void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx)
359 {
360 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) {
361 if (ctx->op.sig.sigprovctx != NULL && ctx->op.sig.signature != NULL)
362 ctx->op.sig.signature->freectx(ctx->op.sig.sigprovctx);
363 EVP_SIGNATURE_free(ctx->op.sig.signature);
364 ctx->op.sig.sigprovctx = NULL;
365 ctx->op.sig.signature = NULL;
366 } else if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
367 if (ctx->op.kex.exchprovctx != NULL && ctx->op.kex.exchange != NULL)
368 ctx->op.kex.exchange->freectx(ctx->op.kex.exchprovctx);
369 EVP_KEYEXCH_free(ctx->op.kex.exchange);
370 ctx->op.kex.exchprovctx = NULL;
371 ctx->op.kex.exchange = NULL;
372 } else if (EVP_PKEY_CTX_IS_KEM_OP(ctx)) {
373 if (ctx->op.encap.kemprovctx != NULL && ctx->op.encap.kem != NULL)
374 ctx->op.encap.kem->freectx(ctx->op.encap.kemprovctx);
375 EVP_KEM_free(ctx->op.encap.kem);
376 ctx->op.encap.kemprovctx = NULL;
377 ctx->op.encap.kem = NULL;
378 }
379 else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) {
380 if (ctx->op.ciph.ciphprovctx != NULL && ctx->op.ciph.cipher != NULL)
381 ctx->op.ciph.cipher->freectx(ctx->op.ciph.ciphprovctx);
382 EVP_ASYM_CIPHER_free(ctx->op.ciph.cipher);
383 ctx->op.ciph.ciphprovctx = NULL;
384 ctx->op.ciph.cipher = NULL;
385 } else if (EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
386 if (ctx->op.keymgmt.genctx != NULL && ctx->keymgmt != NULL)
387 evp_keymgmt_gen_cleanup(ctx->keymgmt, ctx->op.keymgmt.genctx);
388 }
389 }
390
391 void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx)
392 {
393 if (ctx == NULL)
394 return;
395 if (ctx->pmeth && ctx->pmeth->cleanup)
396 ctx->pmeth->cleanup(ctx);
397
398 evp_pkey_ctx_free_old_ops(ctx);
399 #ifndef FIPS_MODULE
400 evp_pkey_ctx_free_all_cached_data(ctx);
401 #endif
402 EVP_KEYMGMT_free(ctx->keymgmt);
403
404 OPENSSL_free(ctx->propquery);
405 EVP_PKEY_free(ctx->pkey);
406 EVP_PKEY_free(ctx->peerkey);
407 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
408 ENGINE_finish(ctx->engine);
409 #endif
410 BN_free(ctx->rsa_pubexp);
411 OPENSSL_free(ctx);
412 }
413
414 #ifndef FIPS_MODULE
415
416 void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
417 const EVP_PKEY_METHOD *meth)
418 {
419 if (ppkey_id)
420 *ppkey_id = meth->pkey_id;
421 if (pflags)
422 *pflags = meth->flags;
423 }
424
425 void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src)
426 {
427 int pkey_id = dst->pkey_id;
428 int flags = dst->flags;
429
430 *dst = *src;
431
432 /* We only copy the function pointers so restore the other values */
433 dst->pkey_id = pkey_id;
434 dst->flags = flags;
435 }
436
437 void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth)
438 {
439 if (pmeth && (pmeth->flags & EVP_PKEY_FLAG_DYNAMIC))
440 OPENSSL_free(pmeth);
441 }
442
443 EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e)
444 {
445 return int_ctx_new(NULL, pkey, e, NULL, NULL, -1);
446 }
447
448 EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e)
449 {
450 return int_ctx_new(NULL, NULL, e, NULL, NULL, id);
451 }
452
453 EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
454 {
455 EVP_PKEY_CTX *rctx;
456
457 # ifndef OPENSSL_NO_ENGINE
458 /* Make sure it's safe to copy a pkey context using an ENGINE */
459 if (pctx->engine && !ENGINE_init(pctx->engine)) {
460 ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB);
461 return 0;
462 }
463 # endif
464 rctx = OPENSSL_zalloc(sizeof(*rctx));
465 if (rctx == NULL) {
466 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
467 return NULL;
468 }
469
470 if (pctx->pkey != NULL)
471 EVP_PKEY_up_ref(pctx->pkey);
472 rctx->pkey = pctx->pkey;
473 rctx->operation = pctx->operation;
474 rctx->libctx = pctx->libctx;
475 rctx->keytype = pctx->keytype;
476 rctx->propquery = NULL;
477 if (pctx->propquery != NULL) {
478 rctx->propquery = OPENSSL_strdup(pctx->propquery);
479 if (rctx->propquery == NULL)
480 goto err;
481 }
482 rctx->legacy_keytype = pctx->legacy_keytype;
483
484 if (EVP_PKEY_CTX_IS_DERIVE_OP(pctx)) {
485 if (pctx->op.kex.exchange != NULL) {
486 rctx->op.kex.exchange = pctx->op.kex.exchange;
487 if (!EVP_KEYEXCH_up_ref(rctx->op.kex.exchange))
488 goto err;
489 }
490 if (pctx->op.kex.exchprovctx != NULL) {
491 if (!ossl_assert(pctx->op.kex.exchange != NULL))
492 goto err;
493 rctx->op.kex.exchprovctx
494 = pctx->op.kex.exchange->dupctx(pctx->op.kex.exchprovctx);
495 if (rctx->op.kex.exchprovctx == NULL) {
496 EVP_KEYEXCH_free(rctx->op.kex.exchange);
497 goto err;
498 }
499 return rctx;
500 }
501 } else if (EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx)) {
502 if (pctx->op.sig.signature != NULL) {
503 rctx->op.sig.signature = pctx->op.sig.signature;
504 if (!EVP_SIGNATURE_up_ref(rctx->op.sig.signature))
505 goto err;
506 }
507 if (pctx->op.sig.sigprovctx != NULL) {
508 if (!ossl_assert(pctx->op.sig.signature != NULL))
509 goto err;
510 rctx->op.sig.sigprovctx
511 = pctx->op.sig.signature->dupctx(pctx->op.sig.sigprovctx);
512 if (rctx->op.sig.sigprovctx == NULL) {
513 EVP_SIGNATURE_free(rctx->op.sig.signature);
514 goto err;
515 }
516 return rctx;
517 }
518 } else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(pctx)) {
519 if (pctx->op.ciph.cipher != NULL) {
520 rctx->op.ciph.cipher = pctx->op.ciph.cipher;
521 if (!EVP_ASYM_CIPHER_up_ref(rctx->op.ciph.cipher))
522 goto err;
523 }
524 if (pctx->op.ciph.ciphprovctx != NULL) {
525 if (!ossl_assert(pctx->op.ciph.cipher != NULL))
526 goto err;
527 rctx->op.ciph.ciphprovctx
528 = pctx->op.ciph.cipher->dupctx(pctx->op.ciph.ciphprovctx);
529 if (rctx->op.ciph.ciphprovctx == NULL) {
530 EVP_ASYM_CIPHER_free(rctx->op.ciph.cipher);
531 goto err;
532 }
533 return rctx;
534 }
535 } else if (EVP_PKEY_CTX_IS_KEM_OP(pctx)) {
536 if (pctx->op.encap.kem != NULL) {
537 rctx->op.encap.kem = pctx->op.encap.kem;
538 if (!EVP_KEM_up_ref(rctx->op.encap.kem))
539 goto err;
540 }
541 if (pctx->op.encap.kemprovctx != NULL) {
542 if (!ossl_assert(pctx->op.encap.kem != NULL))
543 goto err;
544 rctx->op.encap.kemprovctx
545 = pctx->op.encap.kem->dupctx(pctx->op.encap.kemprovctx);
546 if (rctx->op.encap.kemprovctx == NULL) {
547 EVP_KEM_free(rctx->op.encap.kem);
548 goto err;
549 }
550 return rctx;
551 }
552 } else if (EVP_PKEY_CTX_IS_GEN_OP(pctx)) {
553 /* Not supported - This would need a gen_dupctx() to work */
554 goto err;
555 }
556
557 rctx->pmeth = pctx->pmeth;
558 # ifndef OPENSSL_NO_ENGINE
559 rctx->engine = pctx->engine;
560 # endif
561
562 if (pctx->peerkey != NULL)
563 EVP_PKEY_up_ref(pctx->peerkey);
564 rctx->peerkey = pctx->peerkey;
565
566 if (pctx->pmeth == NULL) {
567 if (rctx->operation == EVP_PKEY_OP_UNDEFINED) {
568 EVP_KEYMGMT *tmp_keymgmt = pctx->keymgmt;
569 void *provkey;
570
571 provkey = evp_pkey_export_to_provider(pctx->pkey, pctx->libctx,
572 &tmp_keymgmt, pctx->propquery);
573 if (provkey == NULL)
574 goto err;
575 if (!EVP_KEYMGMT_up_ref(tmp_keymgmt))
576 goto err;
577 EVP_KEYMGMT_free(rctx->keymgmt);
578 rctx->keymgmt = tmp_keymgmt;
579 return rctx;
580 }
581 } else if (pctx->pmeth->copy(rctx, pctx) > 0) {
582 return rctx;
583 }
584 err:
585 rctx->pmeth = NULL;
586 EVP_PKEY_CTX_free(rctx);
587 return NULL;
588 }
589
590 int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
591 {
592 if (app_pkey_methods == NULL) {
593 app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp);
594 if (app_pkey_methods == NULL){
595 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
596 return 0;
597 }
598 }
599 if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) {
600 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
601 return 0;
602 }
603 sk_EVP_PKEY_METHOD_sort(app_pkey_methods);
604 return 1;
605 }
606
607 void evp_app_cleanup_int(void)
608 {
609 if (app_pkey_methods != NULL)
610 sk_EVP_PKEY_METHOD_pop_free(app_pkey_methods, EVP_PKEY_meth_free);
611 }
612
613 int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth)
614 {
615 const EVP_PKEY_METHOD *ret;
616
617 ret = sk_EVP_PKEY_METHOD_delete_ptr(app_pkey_methods, pmeth);
618
619 return ret == NULL ? 0 : 1;
620 }
621
622 size_t EVP_PKEY_meth_get_count(void)
623 {
624 size_t rv = OSSL_NELEM(standard_methods);
625
626 if (app_pkey_methods)
627 rv += sk_EVP_PKEY_METHOD_num(app_pkey_methods);
628 return rv;
629 }
630
631 const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx)
632 {
633 if (idx < OSSL_NELEM(standard_methods))
634 return (standard_methods[idx])();
635 if (app_pkey_methods == NULL)
636 return NULL;
637 idx -= OSSL_NELEM(standard_methods);
638 if (idx >= (size_t)sk_EVP_PKEY_METHOD_num(app_pkey_methods))
639 return NULL;
640 return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
641 }
642 #endif
643
644 int EVP_PKEY_CTX_is_a(EVP_PKEY_CTX *ctx, const char *keytype)
645 {
646 #ifndef FIPS_MODULE
647 if (evp_pkey_ctx_is_legacy(ctx))
648 return (ctx->pmeth->pkey_id == evp_pkey_name2type(keytype));
649 #endif
650 return EVP_KEYMGMT_is_a(ctx->keymgmt, keytype);
651 }
652
653 int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
654 {
655 switch (evp_pkey_ctx_state(ctx)) {
656 case EVP_PKEY_STATE_PROVIDER:
657 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
658 && ctx->op.kex.exchange != NULL
659 && ctx->op.kex.exchange->set_ctx_params != NULL)
660 return
661 ctx->op.kex.exchange->set_ctx_params(ctx->op.kex.exchprovctx,
662 params);
663 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
664 && ctx->op.sig.signature != NULL
665 && ctx->op.sig.signature->set_ctx_params != NULL)
666 return
667 ctx->op.sig.signature->set_ctx_params(ctx->op.sig.sigprovctx,
668 params);
669 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)
670 && ctx->op.ciph.cipher != NULL
671 && ctx->op.ciph.cipher->set_ctx_params != NULL)
672 return
673 ctx->op.ciph.cipher->set_ctx_params(ctx->op.ciph.ciphprovctx,
674 params);
675 if (EVP_PKEY_CTX_IS_GEN_OP(ctx)
676 && ctx->keymgmt != NULL
677 && ctx->keymgmt->gen_set_params != NULL)
678 return
679 evp_keymgmt_gen_set_params(ctx->keymgmt, ctx->op.keymgmt.genctx,
680 params);
681 if (EVP_PKEY_CTX_IS_KEM_OP(ctx)
682 && ctx->op.encap.kem != NULL
683 && ctx->op.encap.kem->set_ctx_params != NULL)
684 return
685 ctx->op.encap.kem->set_ctx_params(ctx->op.encap.kemprovctx,
686 params);
687 break;
688 #ifndef FIPS_MODULE
689 case EVP_PKEY_STATE_UNKNOWN:
690 case EVP_PKEY_STATE_LEGACY:
691 return evp_pkey_ctx_set_params_to_ctrl(ctx, params);
692 #endif
693 }
694 return 0;
695 }
696
697 int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
698 {
699 switch (evp_pkey_ctx_state(ctx)) {
700 case EVP_PKEY_STATE_PROVIDER:
701 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
702 && ctx->op.kex.exchange != NULL
703 && ctx->op.kex.exchange->get_ctx_params != NULL)
704 return
705 ctx->op.kex.exchange->get_ctx_params(ctx->op.kex.exchprovctx,
706 params);
707 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
708 && ctx->op.sig.signature != NULL
709 && ctx->op.sig.signature->get_ctx_params != NULL)
710 return
711 ctx->op.sig.signature->get_ctx_params(ctx->op.sig.sigprovctx,
712 params);
713 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)
714 && ctx->op.ciph.cipher != NULL
715 && ctx->op.ciph.cipher->get_ctx_params != NULL)
716 return
717 ctx->op.ciph.cipher->get_ctx_params(ctx->op.ciph.ciphprovctx,
718 params);
719 if (EVP_PKEY_CTX_IS_KEM_OP(ctx)
720 && ctx->op.encap.kem != NULL
721 && ctx->op.encap.kem->get_ctx_params != NULL)
722 return
723 ctx->op.encap.kem->get_ctx_params(ctx->op.encap.kemprovctx,
724 params);
725 break;
726 #ifndef FIPS_MODULE
727 case EVP_PKEY_STATE_UNKNOWN:
728 case EVP_PKEY_STATE_LEGACY:
729 return evp_pkey_ctx_get_params_to_ctrl(ctx, params);
730 #endif
731 }
732 return 0;
733 }
734
735 #ifndef FIPS_MODULE
736 const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx)
737 {
738 void *provctx;
739
740 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
741 && ctx->op.kex.exchange != NULL
742 && ctx->op.kex.exchange->gettable_ctx_params != NULL) {
743 provctx = ossl_provider_ctx(EVP_KEYEXCH_provider(ctx->op.kex.exchange));
744 return ctx->op.kex.exchange->gettable_ctx_params(ctx->op.kex.exchprovctx,
745 provctx);
746 }
747 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
748 && ctx->op.sig.signature != NULL
749 && ctx->op.sig.signature->gettable_ctx_params != NULL) {
750 provctx = ossl_provider_ctx(
751 EVP_SIGNATURE_provider(ctx->op.sig.signature));
752 return ctx->op.sig.signature->gettable_ctx_params(ctx->op.sig.sigprovctx,
753 provctx);
754 }
755 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)
756 && ctx->op.ciph.cipher != NULL
757 && ctx->op.ciph.cipher->gettable_ctx_params != NULL) {
758 provctx = ossl_provider_ctx(
759 EVP_ASYM_CIPHER_provider(ctx->op.ciph.cipher));
760 return ctx->op.ciph.cipher->gettable_ctx_params(ctx->op.ciph.ciphprovctx,
761 provctx);
762 }
763 if (EVP_PKEY_CTX_IS_KEM_OP(ctx)
764 && ctx->op.encap.kem != NULL
765 && ctx->op.encap.kem->gettable_ctx_params != NULL) {
766 provctx = ossl_provider_ctx(EVP_KEM_provider(ctx->op.encap.kem));
767 return ctx->op.encap.kem->gettable_ctx_params(ctx->op.encap.kemprovctx,
768 provctx);
769 }
770 return NULL;
771 }
772
773 const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx)
774 {
775 void *provctx;
776
777 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
778 && ctx->op.kex.exchange != NULL
779 && ctx->op.kex.exchange->settable_ctx_params != NULL) {
780 provctx = ossl_provider_ctx(EVP_KEYEXCH_provider(ctx->op.kex.exchange));
781 return ctx->op.kex.exchange->settable_ctx_params(ctx->op.kex.exchprovctx,
782 provctx);
783 }
784 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
785 && ctx->op.sig.signature != NULL
786 && ctx->op.sig.signature->settable_ctx_params != NULL) {
787 provctx = ossl_provider_ctx(
788 EVP_SIGNATURE_provider(ctx->op.sig.signature));
789 return ctx->op.sig.signature->settable_ctx_params(ctx->op.sig.sigprovctx,
790 provctx);
791 }
792 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)
793 && ctx->op.ciph.cipher != NULL
794 && ctx->op.ciph.cipher->settable_ctx_params != NULL) {
795 provctx = ossl_provider_ctx(
796 EVP_ASYM_CIPHER_provider(ctx->op.ciph.cipher));
797 return ctx->op.ciph.cipher->settable_ctx_params(ctx->op.ciph.ciphprovctx,
798 provctx);
799 }
800 if (EVP_PKEY_CTX_IS_GEN_OP(ctx)
801 && ctx->keymgmt != NULL
802 && ctx->keymgmt->gen_settable_params != NULL) {
803 provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(ctx->keymgmt));
804 return ctx->keymgmt->gen_settable_params(ctx->op.keymgmt.genctx,
805 provctx);
806 }
807 if (EVP_PKEY_CTX_IS_KEM_OP(ctx)
808 && ctx->op.encap.kem != NULL
809 && ctx->op.encap.kem->settable_ctx_params != NULL) {
810 provctx = ossl_provider_ctx(EVP_KEM_provider(ctx->op.encap.kem));
811 return ctx->op.encap.kem->settable_ctx_params(ctx->op.encap.kemprovctx,
812 provctx);
813 }
814 return NULL;
815 }
816
817 /*
818 * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params().
819 *
820 * Return 1 on success, 0 or negative for errors.
821 *
822 * In particular they return -2 if any of the params is not supported.
823 *
824 * They are not available in FIPS_MODULE as they depend on
825 * - EVP_PKEY_CTX_{get,set}_params()
826 * - EVP_PKEY_CTX_{gettable,settable}_params()
827 *
828 */
829 int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
830 {
831 if (ctx == NULL || params == NULL)
832 return 0;
833
834 /*
835 * We only check for provider side EVP_PKEY_CTX. For #legacy, we
836 * depend on the translation that happens in EVP_PKEY_CTX_set_params()
837 * call, and that the resulting ctrl call will return -2 if it doesn't
838 * known the ctrl command number.
839 */
840 if (evp_pkey_ctx_is_provided(ctx)) {
841 const OSSL_PARAM *settable = EVP_PKEY_CTX_settable_params(ctx);
842 const OSSL_PARAM *p;
843
844 for (p = params; p->key != NULL; p++) {
845 /* Check the ctx actually understands this parameter */
846 if (OSSL_PARAM_locate_const(settable, p->key) == NULL )
847 return -2;
848 }
849 }
850
851 return EVP_PKEY_CTX_set_params(ctx, params);
852 }
853
854 int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
855 {
856 if (ctx == NULL || params == NULL)
857 return 0;
858
859 /*
860 * We only check for provider side EVP_PKEY_CTX. For #legacy, we
861 * depend on the translation that happens in EVP_PKEY_CTX_get_params()
862 * call, and that the resulting ctrl call will return -2 if it doesn't
863 * known the ctrl command number.
864 */
865 if (evp_pkey_ctx_is_provided(ctx)) {
866 const OSSL_PARAM *gettable = EVP_PKEY_CTX_gettable_params(ctx);
867 const OSSL_PARAM *p;
868
869 for (p = params; p->key != NULL; p++ ) {
870 /* Check the ctx actually understands this parameter */
871 if (OSSL_PARAM_locate_const(gettable, p->key) == NULL )
872 return -2;
873 }
874 }
875
876 return EVP_PKEY_CTX_get_params(ctx, params);
877 }
878
879 /* TODO(3.0): Deprecate in favour of get_signature_md_name */
880 int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md)
881 {
882 OSSL_PARAM sig_md_params[2], *p = sig_md_params;
883 /* 80 should be big enough */
884 char name[80] = "";
885 const EVP_MD *tmp;
886
887 if (ctx == NULL || !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) {
888 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
889 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
890 return -2;
891 }
892
893 if (ctx->op.sig.sigprovctx == NULL)
894 return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,
895 EVP_PKEY_CTRL_GET_MD, 0, (void *)(md));
896
897 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
898 name,
899 sizeof(name));
900 *p = OSSL_PARAM_construct_end();
901
902 if (!EVP_PKEY_CTX_get_params(ctx, sig_md_params))
903 return 0;
904
905 tmp = evp_get_digestbyname_ex(ctx->libctx, name);
906 if (tmp == NULL)
907 return 0;
908
909 *md = tmp;
910
911 return 1;
912 }
913
914 /*
915 * TODO(3.0): Deprecate functions calling this in favour of
916 * functions setting md name.
917 */
918 static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
919 int fallback, const char *param, int op,
920 int ctrl)
921 {
922 OSSL_PARAM md_params[2], *p = md_params;
923 const char *name;
924
925 if (ctx == NULL || (ctx->operation & op) == 0) {
926 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
927 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
928 return -2;
929 }
930
931 if (fallback)
932 return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
933
934 if (md == NULL) {
935 name = "";
936 } else {
937 name = EVP_MD_name(md);
938 }
939
940 *p++ = OSSL_PARAM_construct_utf8_string(param,
941 /*
942 * Cast away the const. This is read
943 * only so should be safe
944 */
945 (char *)name, 0);
946 *p = OSSL_PARAM_construct_end();
947
948 return EVP_PKEY_CTX_set_params(ctx, md_params);
949 }
950
951 int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
952 {
953 return evp_pkey_ctx_set_md(ctx, md, ctx->op.sig.sigprovctx == NULL,
954 OSSL_SIGNATURE_PARAM_DIGEST,
955 EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD);
956 }
957
958 int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
959 {
960 return evp_pkey_ctx_set_md(ctx, md, ctx->op.kex.exchprovctx == NULL,
961 OSSL_KDF_PARAM_DIGEST,
962 EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_TLS_MD);
963 }
964
965 static int evp_pkey_ctx_set1_octet_string(EVP_PKEY_CTX *ctx, int fallback,
966 const char *param, int op, int ctrl,
967 const unsigned char *data,
968 int datalen)
969 {
970 OSSL_PARAM octet_string_params[2], *p = octet_string_params;
971
972 if (ctx == NULL || (ctx->operation & op) == 0) {
973 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
974 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
975 return -2;
976 }
977
978 /* Code below to be removed when legacy support is dropped. */
979 if (fallback)
980 return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, datalen, (void *)(data));
981 /* end of legacy support */
982
983 if (datalen < 0) {
984 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
985 return 0;
986 }
987
988 *p++ = OSSL_PARAM_construct_octet_string(param,
989 /*
990 * Cast away the const. This is read
991 * only so should be safe
992 */
993 (unsigned char *)data,
994 (size_t)datalen);
995 *p = OSSL_PARAM_construct_end();
996
997 return EVP_PKEY_CTX_set_params(ctx, octet_string_params);
998 }
999
1000 int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *ctx,
1001 const unsigned char *sec, int seclen)
1002 {
1003 return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.exchprovctx == NULL,
1004 OSSL_KDF_PARAM_SECRET,
1005 EVP_PKEY_OP_DERIVE,
1006 EVP_PKEY_CTRL_TLS_SECRET,
1007 sec, seclen);
1008 }
1009
1010 int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *ctx,
1011 const unsigned char *seed, int seedlen)
1012 {
1013 return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.exchprovctx == NULL,
1014 OSSL_KDF_PARAM_SEED,
1015 EVP_PKEY_OP_DERIVE,
1016 EVP_PKEY_CTRL_TLS_SEED,
1017 seed, seedlen);
1018 }
1019
1020 int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
1021 {
1022 return evp_pkey_ctx_set_md(ctx, md, ctx->op.kex.exchprovctx == NULL,
1023 OSSL_KDF_PARAM_DIGEST,
1024 EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_HKDF_MD);
1025 }
1026
1027 int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *ctx,
1028 const unsigned char *salt, int saltlen)
1029 {
1030 return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.exchprovctx == NULL,
1031 OSSL_KDF_PARAM_SALT,
1032 EVP_PKEY_OP_DERIVE,
1033 EVP_PKEY_CTRL_HKDF_SALT,
1034 salt, saltlen);
1035 }
1036
1037 int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx,
1038 const unsigned char *key, int keylen)
1039 {
1040 return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.exchprovctx == NULL,
1041 OSSL_KDF_PARAM_KEY,
1042 EVP_PKEY_OP_DERIVE,
1043 EVP_PKEY_CTRL_HKDF_KEY,
1044 key, keylen);
1045 }
1046
1047 int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx,
1048 const unsigned char *info, int infolen)
1049 {
1050 return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.exchprovctx == NULL,
1051 OSSL_KDF_PARAM_INFO,
1052 EVP_PKEY_OP_DERIVE,
1053 EVP_PKEY_CTRL_HKDF_INFO,
1054 info, infolen);
1055 }
1056
1057 int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *ctx, int mode)
1058 {
1059 OSSL_PARAM int_params[2], *p = int_params;
1060
1061 if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
1062 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1063 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1064 return -2;
1065 }
1066
1067 /* Code below to be removed when legacy support is dropped. */
1068 if (ctx->op.kex.exchprovctx == NULL)
1069 return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_DERIVE,
1070 EVP_PKEY_CTRL_HKDF_MODE, mode, NULL);
1071 /* end of legacy support */
1072
1073 if (mode < 0) {
1074 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE);
1075 return 0;
1076 }
1077
1078 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode);
1079 *p = OSSL_PARAM_construct_end();
1080
1081 return EVP_PKEY_CTX_set_params(ctx, int_params);
1082 }
1083
1084 int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *ctx, const char *pass,
1085 int passlen)
1086 {
1087 return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.exchprovctx == NULL,
1088 OSSL_KDF_PARAM_PASSWORD,
1089 EVP_PKEY_OP_DERIVE,
1090 EVP_PKEY_CTRL_PASS,
1091 (const unsigned char *)pass, passlen);
1092 }
1093
1094 int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *ctx,
1095 const unsigned char *salt, int saltlen)
1096 {
1097 return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.exchprovctx == NULL,
1098 OSSL_KDF_PARAM_SALT,
1099 EVP_PKEY_OP_DERIVE,
1100 EVP_PKEY_CTRL_SCRYPT_SALT,
1101 salt, saltlen);
1102 }
1103
1104 static int evp_pkey_ctx_set_uint64(EVP_PKEY_CTX *ctx, const char *param,
1105 int op, int ctrl, uint64_t val)
1106 {
1107 OSSL_PARAM uint64_params[2], *p = uint64_params;
1108
1109 if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
1110 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1111 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1112 return -2;
1113 }
1114
1115 /* Code below to be removed when legacy support is dropped. */
1116 if (ctx->op.kex.exchprovctx == NULL)
1117 return EVP_PKEY_CTX_ctrl_uint64(ctx, -1, op, ctrl, val);
1118 /* end of legacy support */
1119
1120 *p++ = OSSL_PARAM_construct_uint64(param, &val);
1121 *p = OSSL_PARAM_construct_end();
1122
1123 return EVP_PKEY_CTX_set_params(ctx, uint64_params);
1124 }
1125
1126 int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *ctx, uint64_t n)
1127 {
1128 return evp_pkey_ctx_set_uint64(ctx, OSSL_KDF_PARAM_SCRYPT_N,
1129 EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_SCRYPT_N,
1130 n);
1131 }
1132
1133 int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *ctx, uint64_t r)
1134 {
1135 return evp_pkey_ctx_set_uint64(ctx, OSSL_KDF_PARAM_SCRYPT_R,
1136 EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_SCRYPT_R,
1137 r);
1138 }
1139
1140 int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *ctx, uint64_t p)
1141 {
1142 return evp_pkey_ctx_set_uint64(ctx, OSSL_KDF_PARAM_SCRYPT_P,
1143 EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_SCRYPT_P,
1144 p);
1145 }
1146
1147 int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *ctx,
1148 uint64_t maxmem_bytes)
1149 {
1150 return evp_pkey_ctx_set_uint64(ctx, OSSL_KDF_PARAM_SCRYPT_MAXMEM,
1151 EVP_PKEY_OP_DERIVE,
1152 EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES,
1153 maxmem_bytes);
1154 }
1155
1156 int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, const unsigned char *key,
1157 int keylen)
1158 {
1159 return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.keymgmt.genctx == NULL,
1160 OSSL_PKEY_PARAM_PRIV_KEY,
1161 EVP_PKEY_OP_KEYGEN,
1162 EVP_PKEY_CTRL_SET_MAC_KEY,
1163 key, keylen);
1164 }
1165
1166 int EVP_PKEY_CTX_set_kem_op(EVP_PKEY_CTX *ctx, const char *op)
1167 {
1168 OSSL_PARAM params[2], *p = params;
1169
1170 if (ctx == NULL || op == NULL) {
1171 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE);
1172 return 0;
1173 }
1174 if (!EVP_PKEY_CTX_IS_KEM_OP(ctx)) {
1175 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1176 return -2;
1177 }
1178 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KEM_PARAM_OPERATION,
1179 (char *)op, 0);
1180 *p = OSSL_PARAM_construct_end();
1181 return EVP_PKEY_CTX_set_params(ctx, params);
1182 }
1183
1184 int evp_pkey_ctx_set1_id_prov(EVP_PKEY_CTX *ctx, const void *id, int len)
1185 {
1186 OSSL_PARAM params[2], *p = params;
1187 int ret;
1188
1189 if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) {
1190 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1191 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1192 return -2;
1193 }
1194
1195 *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_DIST_ID,
1196 /*
1197 * Cast away the const. This is
1198 * read only so should be safe
1199 */
1200 (void *)id, (size_t)len);
1201 *p++ = OSSL_PARAM_construct_end();
1202
1203 ret = evp_pkey_ctx_set_params_strict(ctx, params);
1204 if (ret == -2)
1205 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1206 return ret;
1207 }
1208
1209 int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, const void *id, int len)
1210 {
1211 return EVP_PKEY_CTX_ctrl(ctx, -1, -1,
1212 EVP_PKEY_CTRL_SET1_ID, (int)len, (void*)(id));
1213 }
1214
1215 static int get1_id_data(EVP_PKEY_CTX *ctx, void *id, size_t *id_len)
1216 {
1217 int ret;
1218 void *tmp_id = NULL;
1219 OSSL_PARAM params[2], *p = params;
1220
1221 if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) {
1222 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1223 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1224 return -2;
1225 }
1226
1227 *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_PKEY_PARAM_DIST_ID,
1228 &tmp_id, 0);
1229 *p++ = OSSL_PARAM_construct_end();
1230
1231 ret = evp_pkey_ctx_get_params_strict(ctx, params);
1232 if (ret == -2) {
1233 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1234 } else if (ret > 0) {
1235 size_t tmp_id_len = params[0].return_size;
1236
1237 if (id != NULL)
1238 memcpy(id, tmp_id, tmp_id_len);
1239 if (id_len != NULL)
1240 *id_len = tmp_id_len;
1241 }
1242 return ret;
1243 }
1244
1245 int evp_pkey_ctx_get1_id_prov(EVP_PKEY_CTX *ctx, void *id)
1246 {
1247 return get1_id_data(ctx, id, NULL);
1248 }
1249
1250 int evp_pkey_ctx_get1_id_len_prov(EVP_PKEY_CTX *ctx, size_t *id_len)
1251 {
1252 return get1_id_data(ctx, NULL, id_len);
1253 }
1254
1255 int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id)
1256 {
1257 return EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_GET1_ID, 0, (void*)id);
1258 }
1259
1260 int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len)
1261 {
1262 return EVP_PKEY_CTX_ctrl(ctx, -1, -1,
1263 EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)id_len);
1264 }
1265
1266 static int evp_pkey_ctx_ctrl_int(EVP_PKEY_CTX *ctx, int keytype, int optype,
1267 int cmd, int p1, void *p2)
1268 {
1269 int ret = 0;
1270
1271 /*
1272 * If the method has a |digest_custom| function, we can relax the
1273 * operation type check, since this can be called before the operation
1274 * is initialized.
1275 */
1276 if (ctx->pmeth == NULL || ctx->pmeth->digest_custom == NULL) {
1277 if (ctx->operation == EVP_PKEY_OP_UNDEFINED) {
1278 ERR_raise(ERR_LIB_EVP, EVP_R_NO_OPERATION_SET);
1279 return -1;
1280 }
1281
1282 if ((optype != -1) && !(ctx->operation & optype)) {
1283 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
1284 return -1;
1285 }
1286 }
1287
1288 switch (evp_pkey_ctx_state(ctx)) {
1289 case EVP_PKEY_STATE_PROVIDER:
1290 return evp_pkey_ctx_ctrl_to_param(ctx, keytype, optype, cmd, p1, p2);
1291 case EVP_PKEY_STATE_UNKNOWN:
1292 case EVP_PKEY_STATE_LEGACY:
1293 if (ctx->pmeth == NULL || ctx->pmeth->ctrl == NULL) {
1294 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1295 return -2;
1296 }
1297 if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype))
1298 return -1;
1299
1300 ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2);
1301
1302 if (ret == -2)
1303 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1304 break;
1305 }
1306 return ret;
1307 }
1308
1309 int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
1310 int cmd, int p1, void *p2)
1311 {
1312 int ret = 0;
1313
1314 if (ctx == NULL) {
1315 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1316 return -2;
1317 }
1318 /* If unsupported, we don't want that reported here */
1319 ERR_set_mark();
1320 ret = evp_pkey_ctx_store_cached_data(ctx, keytype, optype,
1321 cmd, NULL, p2, p1);
1322 if (ret == -2) {
1323 ERR_pop_to_mark();
1324 } else {
1325 ERR_clear_last_mark();
1326 /*
1327 * If there was an error, there was an error.
1328 * If the operation isn't initialized yet, we also return, as
1329 * the saved values will be used then anyway.
1330 */
1331 if (ret < 1 || ctx->operation == EVP_PKEY_OP_UNDEFINED)
1332 return ret;
1333 }
1334 return evp_pkey_ctx_ctrl_int(ctx, keytype, optype, cmd, p1, p2);
1335 }
1336
1337 int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
1338 int cmd, uint64_t value)
1339 {
1340 return EVP_PKEY_CTX_ctrl(ctx, keytype, optype, cmd, 0, &value);
1341 }
1342
1343
1344 static int evp_pkey_ctx_ctrl_str_int(EVP_PKEY_CTX *ctx,
1345 const char *name, const char *value)
1346 {
1347 int ret = 0;
1348
1349 if (ctx == NULL) {
1350 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1351 return -2;
1352 }
1353
1354 switch (evp_pkey_ctx_state(ctx)) {
1355 case EVP_PKEY_STATE_PROVIDER:
1356 return evp_pkey_ctx_ctrl_str_to_param(ctx, name, value);
1357 case EVP_PKEY_STATE_UNKNOWN:
1358 case EVP_PKEY_STATE_LEGACY:
1359 if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->ctrl_str == NULL) {
1360 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1361 return -2;
1362 }
1363 if (strcmp(name, "digest") == 0)
1364 ret = EVP_PKEY_CTX_md(ctx,
1365 EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT,
1366 EVP_PKEY_CTRL_MD, value);
1367 else
1368 ret = ctx->pmeth->ctrl_str(ctx, name, value);
1369 break;
1370 }
1371
1372 return ret;
1373 }
1374
1375 int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx,
1376 const char *name, const char *value)
1377 {
1378 int ret = 0;
1379
1380 /* If unsupported, we don't want that reported here */
1381 ERR_set_mark();
1382 ret = evp_pkey_ctx_store_cached_data(ctx, -1, -1, -1,
1383 name, value, strlen(value) + 1);
1384 if (ret == -2) {
1385 ERR_pop_to_mark();
1386 } else {
1387 ERR_clear_last_mark();
1388 /*
1389 * If there was an error, there was an error.
1390 * If the operation isn't initialized yet, we also return, as
1391 * the saved values will be used then anyway.
1392 */
1393 if (ret < 1 || ctx->operation == EVP_PKEY_OP_UNDEFINED)
1394 return ret;
1395 }
1396
1397 return evp_pkey_ctx_ctrl_str_int(ctx, name, value);
1398 }
1399
1400 static int decode_cmd(int cmd, const char *name)
1401 {
1402 if (cmd == -1) {
1403 /*
1404 * The consequence of the assertion not being true is that this
1405 * function will return -1, which will cause the calling functions
1406 * to signal that the command is unsupported... in non-debug mode.
1407 */
1408 if (ossl_assert(name != NULL))
1409 if (strcmp(name, "distid") == 0 || strcmp(name, "hexdistid") == 0)
1410 cmd = EVP_PKEY_CTRL_SET1_ID;
1411 }
1412
1413 return cmd;
1414 }
1415
1416 static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx,
1417 int keytype, int optype,
1418 int cmd, const char *name,
1419 const void *data, size_t data_len)
1420 {
1421 /*
1422 * Check that it's one of the supported commands. The ctrl commands
1423 * number cases here must correspond to the cases in the bottom switch
1424 * in this function.
1425 */
1426 switch (cmd = decode_cmd(cmd, name)) {
1427 case EVP_PKEY_CTRL_SET1_ID:
1428 break;
1429 default:
1430 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1431 return -2;
1432 }
1433
1434 if (keytype != -1) {
1435 switch (evp_pkey_ctx_state(ctx)) {
1436 case EVP_PKEY_STATE_PROVIDER:
1437 if (ctx->keymgmt == NULL) {
1438 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1439 return -2;
1440 }
1441 if (!EVP_KEYMGMT_is_a(ctx->keymgmt,
1442 evp_pkey_type2name(keytype))) {
1443 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
1444 return -1;
1445 }
1446 break;
1447 case EVP_PKEY_STATE_UNKNOWN:
1448 case EVP_PKEY_STATE_LEGACY:
1449 if (ctx->pmeth == NULL) {
1450 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1451 return -2;
1452 }
1453 if (EVP_PKEY_type(ctx->pmeth->pkey_id) != EVP_PKEY_type(keytype)) {
1454 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
1455 return -1;
1456 }
1457 break;
1458 }
1459 }
1460 if (optype != -1 && (ctx->operation & optype) == 0) {
1461 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
1462 return -1;
1463 }
1464
1465 switch (cmd) {
1466 case EVP_PKEY_CTRL_SET1_ID:
1467 evp_pkey_ctx_free_cached_data(ctx, cmd, name);
1468 if (name != NULL) {
1469 ctx->cached_parameters.dist_id_name = OPENSSL_strdup(name);
1470 if (ctx->cached_parameters.dist_id_name == NULL) {
1471 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
1472 return 0;
1473 }
1474 }
1475 if (data_len > 0) {
1476 ctx->cached_parameters.dist_id = OPENSSL_memdup(data, data_len);
1477 if (ctx->cached_parameters.dist_id == NULL) {
1478 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
1479 return 0;
1480 }
1481 }
1482 ctx->cached_parameters.dist_id_set = 1;
1483 ctx->cached_parameters.dist_id_len = data_len;
1484 break;
1485 }
1486 return 1;
1487 }
1488
1489 static void evp_pkey_ctx_free_cached_data(EVP_PKEY_CTX *ctx,
1490 int cmd, const char *name)
1491 {
1492 cmd = decode_cmd(cmd, name);
1493 switch (cmd) {
1494 case EVP_PKEY_CTRL_SET1_ID:
1495 OPENSSL_free(ctx->cached_parameters.dist_id);
1496 OPENSSL_free(ctx->cached_parameters.dist_id_name);
1497 ctx->cached_parameters.dist_id = NULL;
1498 ctx->cached_parameters.dist_id_name = NULL;
1499 break;
1500 }
1501 }
1502
1503 static void evp_pkey_ctx_free_all_cached_data(EVP_PKEY_CTX *ctx)
1504 {
1505 evp_pkey_ctx_free_cached_data(ctx, EVP_PKEY_CTRL_SET1_ID, NULL);
1506 }
1507
1508 int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx)
1509 {
1510 int ret = 1;
1511
1512 if (ret && ctx->cached_parameters.dist_id_set) {
1513 const char *name = ctx->cached_parameters.dist_id_name;
1514 const void *val = ctx->cached_parameters.dist_id;
1515 size_t len = ctx->cached_parameters.dist_id_len;
1516
1517 if (name != NULL)
1518 ret = evp_pkey_ctx_ctrl_str_int(ctx, name, val);
1519 else
1520 ret = evp_pkey_ctx_ctrl_int(ctx, -1, ctx->operation,
1521 EVP_PKEY_CTRL_SET1_ID,
1522 (int)len, (void *)val);
1523 }
1524
1525 return ret;
1526 }
1527
1528 OSSL_LIB_CTX *EVP_PKEY_CTX_get0_libctx(EVP_PKEY_CTX *ctx)
1529 {
1530 return ctx->libctx;
1531 }
1532
1533 const char *EVP_PKEY_CTX_get0_propq(EVP_PKEY_CTX *ctx)
1534 {
1535 return ctx->propquery;
1536 }
1537
1538 /* Utility functions to send a string of hex string to a ctrl */
1539
1540 int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str)
1541 {
1542 size_t len;
1543
1544 len = strlen(str);
1545 if (len > INT_MAX)
1546 return -1;
1547 return ctx->pmeth->ctrl(ctx, cmd, len, (void *)str);
1548 }
1549
1550 int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex)
1551 {
1552 unsigned char *bin;
1553 long binlen;
1554 int rv = -1;
1555
1556 bin = OPENSSL_hexstr2buf(hex, &binlen);
1557 if (bin == NULL)
1558 return 0;
1559 if (binlen <= INT_MAX)
1560 rv = ctx->pmeth->ctrl(ctx, cmd, binlen, bin);
1561 OPENSSL_free(bin);
1562 return rv;
1563 }
1564
1565 /* Pass a message digest to a ctrl */
1566 int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md)
1567 {
1568 const EVP_MD *m;
1569
1570 if (md == NULL || (m = EVP_get_digestbyname(md)) == NULL) {
1571 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
1572 return 0;
1573 }
1574 return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, 0, (void *)m);
1575 }
1576
1577 int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx)
1578 {
1579 return ctx->operation;
1580 }
1581
1582 void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen)
1583 {
1584 ctx->keygen_info = dat;
1585 ctx->keygen_info_count = datlen;
1586 }
1587
1588 void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data)
1589 {
1590 ctx->data = data;
1591 }
1592
1593 void *EVP_PKEY_CTX_get_data(const EVP_PKEY_CTX *ctx)
1594 {
1595 return ctx->data;
1596 }
1597
1598 EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx)
1599 {
1600 return ctx->pkey;
1601 }
1602
1603 EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx)
1604 {
1605 return ctx->peerkey;
1606 }
1607
1608 void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data)
1609 {
1610 ctx->app_data = data;
1611 }
1612
1613 void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx)
1614 {
1615 return ctx->app_data;
1616 }
1617
1618 void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
1619 int (*init) (EVP_PKEY_CTX *ctx))
1620 {
1621 pmeth->init = init;
1622 }
1623
1624 void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
1625 int (*copy) (EVP_PKEY_CTX *dst,
1626 const EVP_PKEY_CTX *src))
1627 {
1628 pmeth->copy = copy;
1629 }
1630
1631 void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
1632 void (*cleanup) (EVP_PKEY_CTX *ctx))
1633 {
1634 pmeth->cleanup = cleanup;
1635 }
1636
1637 void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
1638 int (*paramgen_init) (EVP_PKEY_CTX *ctx),
1639 int (*paramgen) (EVP_PKEY_CTX *ctx,
1640 EVP_PKEY *pkey))
1641 {
1642 pmeth->paramgen_init = paramgen_init;
1643 pmeth->paramgen = paramgen;
1644 }
1645
1646 void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
1647 int (*keygen_init) (EVP_PKEY_CTX *ctx),
1648 int (*keygen) (EVP_PKEY_CTX *ctx,
1649 EVP_PKEY *pkey))
1650 {
1651 pmeth->keygen_init = keygen_init;
1652 pmeth->keygen = keygen;
1653 }
1654
1655 void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
1656 int (*sign_init) (EVP_PKEY_CTX *ctx),
1657 int (*sign) (EVP_PKEY_CTX *ctx,
1658 unsigned char *sig, size_t *siglen,
1659 const unsigned char *tbs,
1660 size_t tbslen))
1661 {
1662 pmeth->sign_init = sign_init;
1663 pmeth->sign = sign;
1664 }
1665
1666 void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
1667 int (*verify_init) (EVP_PKEY_CTX *ctx),
1668 int (*verify) (EVP_PKEY_CTX *ctx,
1669 const unsigned char *sig,
1670 size_t siglen,
1671 const unsigned char *tbs,
1672 size_t tbslen))
1673 {
1674 pmeth->verify_init = verify_init;
1675 pmeth->verify = verify;
1676 }
1677
1678 void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
1679 int (*verify_recover_init) (EVP_PKEY_CTX
1680 *ctx),
1681 int (*verify_recover) (EVP_PKEY_CTX
1682 *ctx,
1683 unsigned char
1684 *sig,
1685 size_t *siglen,
1686 const unsigned
1687 char *tbs,
1688 size_t tbslen))
1689 {
1690 pmeth->verify_recover_init = verify_recover_init;
1691 pmeth->verify_recover = verify_recover;
1692 }
1693
1694 void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
1695 int (*signctx_init) (EVP_PKEY_CTX *ctx,
1696 EVP_MD_CTX *mctx),
1697 int (*signctx) (EVP_PKEY_CTX *ctx,
1698 unsigned char *sig,
1699 size_t *siglen,
1700 EVP_MD_CTX *mctx))
1701 {
1702 pmeth->signctx_init = signctx_init;
1703 pmeth->signctx = signctx;
1704 }
1705
1706 void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
1707 int (*verifyctx_init) (EVP_PKEY_CTX *ctx,
1708 EVP_MD_CTX *mctx),
1709 int (*verifyctx) (EVP_PKEY_CTX *ctx,
1710 const unsigned char *sig,
1711 int siglen,
1712 EVP_MD_CTX *mctx))
1713 {
1714 pmeth->verifyctx_init = verifyctx_init;
1715 pmeth->verifyctx = verifyctx;
1716 }
1717
1718 void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
1719 int (*encrypt_init) (EVP_PKEY_CTX *ctx),
1720 int (*encryptfn) (EVP_PKEY_CTX *ctx,
1721 unsigned char *out,
1722 size_t *outlen,
1723 const unsigned char *in,
1724 size_t inlen))
1725 {
1726 pmeth->encrypt_init = encrypt_init;
1727 pmeth->encrypt = encryptfn;
1728 }
1729
1730 void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
1731 int (*decrypt_init) (EVP_PKEY_CTX *ctx),
1732 int (*decrypt) (EVP_PKEY_CTX *ctx,
1733 unsigned char *out,
1734 size_t *outlen,
1735 const unsigned char *in,
1736 size_t inlen))
1737 {
1738 pmeth->decrypt_init = decrypt_init;
1739 pmeth->decrypt = decrypt;
1740 }
1741
1742 void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
1743 int (*derive_init) (EVP_PKEY_CTX *ctx),
1744 int (*derive) (EVP_PKEY_CTX *ctx,
1745 unsigned char *key,
1746 size_t *keylen))
1747 {
1748 pmeth->derive_init = derive_init;
1749 pmeth->derive = derive;
1750 }
1751
1752 void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
1753 int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
1754 void *p2),
1755 int (*ctrl_str) (EVP_PKEY_CTX *ctx,
1756 const char *type,
1757 const char *value))
1758 {
1759 pmeth->ctrl = ctrl;
1760 pmeth->ctrl_str = ctrl_str;
1761 }
1762
1763 void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth,
1764 int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
1765 const unsigned char *tbs, size_t tbslen))
1766 {
1767 pmeth->digestsign = digestsign;
1768 }
1769
1770 void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth,
1771 int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
1772 size_t siglen, const unsigned char *tbs,
1773 size_t tbslen))
1774 {
1775 pmeth->digestverify = digestverify;
1776 }
1777
1778 void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
1779 int (*check) (EVP_PKEY *pkey))
1780 {
1781 pmeth->check = check;
1782 }
1783
1784 void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
1785 int (*check) (EVP_PKEY *pkey))
1786 {
1787 pmeth->public_check = check;
1788 }
1789
1790 void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
1791 int (*check) (EVP_PKEY *pkey))
1792 {
1793 pmeth->param_check = check;
1794 }
1795
1796 void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth,
1797 int (*digest_custom) (EVP_PKEY_CTX *ctx,
1798 EVP_MD_CTX *mctx))
1799 {
1800 pmeth->digest_custom = digest_custom;
1801 }
1802
1803 void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth,
1804 int (**pinit) (EVP_PKEY_CTX *ctx))
1805 {
1806 *pinit = pmeth->init;
1807 }
1808
1809 void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth,
1810 int (**pcopy) (EVP_PKEY_CTX *dst,
1811 const EVP_PKEY_CTX *src))
1812 {
1813 *pcopy = pmeth->copy;
1814 }
1815
1816 void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth,
1817 void (**pcleanup) (EVP_PKEY_CTX *ctx))
1818 {
1819 *pcleanup = pmeth->cleanup;
1820 }
1821
1822 void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth,
1823 int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
1824 int (**pparamgen) (EVP_PKEY_CTX *ctx,
1825 EVP_PKEY *pkey))
1826 {
1827 if (pparamgen_init)
1828 *pparamgen_init = pmeth->paramgen_init;
1829 if (pparamgen)
1830 *pparamgen = pmeth->paramgen;
1831 }
1832
1833 void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth,
1834 int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
1835 int (**pkeygen) (EVP_PKEY_CTX *ctx,
1836 EVP_PKEY *pkey))
1837 {
1838 if (pkeygen_init)
1839 *pkeygen_init = pmeth->keygen_init;
1840 if (pkeygen)
1841 *pkeygen = pmeth->keygen;
1842 }
1843
1844 void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth,
1845 int (**psign_init) (EVP_PKEY_CTX *ctx),
1846 int (**psign) (EVP_PKEY_CTX *ctx,
1847 unsigned char *sig, size_t *siglen,
1848 const unsigned char *tbs,
1849 size_t tbslen))
1850 {
1851 if (psign_init)
1852 *psign_init = pmeth->sign_init;
1853 if (psign)
1854 *psign = pmeth->sign;
1855 }
1856
1857 void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth,
1858 int (**pverify_init) (EVP_PKEY_CTX *ctx),
1859 int (**pverify) (EVP_PKEY_CTX *ctx,
1860 const unsigned char *sig,
1861 size_t siglen,
1862 const unsigned char *tbs,
1863 size_t tbslen))
1864 {
1865 if (pverify_init)
1866 *pverify_init = pmeth->verify_init;
1867 if (pverify)
1868 *pverify = pmeth->verify;
1869 }
1870
1871 void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth,
1872 int (**pverify_recover_init) (EVP_PKEY_CTX
1873 *ctx),
1874 int (**pverify_recover) (EVP_PKEY_CTX
1875 *ctx,
1876 unsigned char
1877 *sig,
1878 size_t *siglen,
1879 const unsigned
1880 char *tbs,
1881 size_t tbslen))
1882 {
1883 if (pverify_recover_init)
1884 *pverify_recover_init = pmeth->verify_recover_init;
1885 if (pverify_recover)
1886 *pverify_recover = pmeth->verify_recover;
1887 }
1888
1889 void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth,
1890 int (**psignctx_init) (EVP_PKEY_CTX *ctx,
1891 EVP_MD_CTX *mctx),
1892 int (**psignctx) (EVP_PKEY_CTX *ctx,
1893 unsigned char *sig,
1894 size_t *siglen,
1895 EVP_MD_CTX *mctx))
1896 {
1897 if (psignctx_init)
1898 *psignctx_init = pmeth->signctx_init;
1899 if (psignctx)
1900 *psignctx = pmeth->signctx;
1901 }
1902
1903 void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth,
1904 int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
1905 EVP_MD_CTX *mctx),
1906 int (**pverifyctx) (EVP_PKEY_CTX *ctx,
1907 const unsigned char *sig,
1908 int siglen,
1909 EVP_MD_CTX *mctx))
1910 {
1911 if (pverifyctx_init)
1912 *pverifyctx_init = pmeth->verifyctx_init;
1913 if (pverifyctx)
1914 *pverifyctx = pmeth->verifyctx;
1915 }
1916
1917 void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth,
1918 int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
1919 int (**pencryptfn) (EVP_PKEY_CTX *ctx,
1920 unsigned char *out,
1921 size_t *outlen,
1922 const unsigned char *in,
1923 size_t inlen))
1924 {
1925 if (pencrypt_init)
1926 *pencrypt_init = pmeth->encrypt_init;
1927 if (pencryptfn)
1928 *pencryptfn = pmeth->encrypt;
1929 }
1930
1931 void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth,
1932 int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
1933 int (**pdecrypt) (EVP_PKEY_CTX *ctx,
1934 unsigned char *out,
1935 size_t *outlen,
1936 const unsigned char *in,
1937 size_t inlen))
1938 {
1939 if (pdecrypt_init)
1940 *pdecrypt_init = pmeth->decrypt_init;
1941 if (pdecrypt)
1942 *pdecrypt = pmeth->decrypt;
1943 }
1944
1945 void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth,
1946 int (**pderive_init) (EVP_PKEY_CTX *ctx),
1947 int (**pderive) (EVP_PKEY_CTX *ctx,
1948 unsigned char *key,
1949 size_t *keylen))
1950 {
1951 if (pderive_init)
1952 *pderive_init = pmeth->derive_init;
1953 if (pderive)
1954 *pderive = pmeth->derive;
1955 }
1956
1957 void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth,
1958 int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
1959 void *p2),
1960 int (**pctrl_str) (EVP_PKEY_CTX *ctx,
1961 const char *type,
1962 const char *value))
1963 {
1964 if (pctrl)
1965 *pctrl = pmeth->ctrl;
1966 if (pctrl_str)
1967 *pctrl_str = pmeth->ctrl_str;
1968 }
1969
1970 void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth,
1971 int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
1972 const unsigned char *tbs, size_t tbslen))
1973 {
1974 if (digestsign)
1975 *digestsign = pmeth->digestsign;
1976 }
1977
1978 void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth,
1979 int (**digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
1980 size_t siglen, const unsigned char *tbs,
1981 size_t tbslen))
1982 {
1983 if (digestverify)
1984 *digestverify = pmeth->digestverify;
1985 }
1986
1987 void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth,
1988 int (**pcheck) (EVP_PKEY *pkey))
1989 {
1990 if (pcheck != NULL)
1991 *pcheck = pmeth->check;
1992 }
1993
1994 void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth,
1995 int (**pcheck) (EVP_PKEY *pkey))
1996 {
1997 if (pcheck != NULL)
1998 *pcheck = pmeth->public_check;
1999 }
2000
2001 void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth,
2002 int (**pcheck) (EVP_PKEY *pkey))
2003 {
2004 if (pcheck != NULL)
2005 *pcheck = pmeth->param_check;
2006 }
2007
2008 void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth,
2009 int (**pdigest_custom) (EVP_PKEY_CTX *ctx,
2010 EVP_MD_CTX *mctx))
2011 {
2012 if (pdigest_custom != NULL)
2013 *pdigest_custom = pmeth->digest_custom;
2014 }
2015
2016 #endif /* FIPS_MODULE */
A mirror of the official openssl repository