2 * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * Low level key APIs (DH etc) are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
18 #include <openssl/engine.h>
19 #include <openssl/evp.h>
20 #include <openssl/x509v3.h>
21 #include <openssl/core_names.h>
22 #include <openssl/dh.h>
23 #include <openssl/rsa.h>
24 #include <openssl/kdf.h>
25 #include "internal/cryptlib.h"
26 #include "crypto/asn1.h"
27 #include "crypto/evp.h"
28 #include "crypto/dh.h"
29 #include "internal/ffc.h"
30 #include "internal/numbers.h"
31 #include "internal/provider.h"
32 #include "evp_local.h"
36 typedef const EVP_PKEY_METHOD
*(*pmeth_fn
)(void);
37 typedef int sk_cmp_fn_type(const char *const *a
, const char *const *b
);
39 static STACK_OF(EVP_PKEY_METHOD
) *app_pkey_methods
= NULL
;
41 /* This array needs to be in order of NIDs */
42 static pmeth_fn standard_methods
[] = {
43 # ifndef OPENSSL_NO_RSA
46 # ifndef OPENSSL_NO_DH
49 # ifndef OPENSSL_NO_DSA
52 # ifndef OPENSSL_NO_EC
55 # ifndef OPENSSL_NO_RSA
58 # ifndef OPENSSL_NO_DH
61 # ifndef OPENSSL_NO_EC
65 # ifndef OPENSSL_NO_EC
69 # ifndef OPENSSL_NO_SM2
74 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD
*, pmeth_fn
, pmeth_func
);
76 static int pmeth_func_cmp(const EVP_PKEY_METHOD
*const *a
, pmeth_fn
const *b
)
78 return ((*a
)->pkey_id
- ((**b
)())->pkey_id
);
81 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD
*, pmeth_fn
, pmeth_func
);
83 static int pmeth_cmp(const EVP_PKEY_METHOD
*const *a
,
84 const EVP_PKEY_METHOD
*const *b
)
86 return ((*a
)->pkey_id
- (*b
)->pkey_id
);
89 const EVP_PKEY_METHOD
*EVP_PKEY_meth_find(int type
)
93 const EVP_PKEY_METHOD
*t
= &tmp
;
96 if (app_pkey_methods
) {
98 idx
= sk_EVP_PKEY_METHOD_find(app_pkey_methods
, &tmp
);
100 return sk_EVP_PKEY_METHOD_value(app_pkey_methods
, idx
);
102 ret
= OBJ_bsearch_pmeth_func(&t
, standard_methods
,
103 sizeof(standard_methods
) /
105 if (ret
== NULL
|| *ret
== NULL
)
110 EVP_PKEY_METHOD
*EVP_PKEY_meth_new(int id
, int flags
)
112 EVP_PKEY_METHOD
*pmeth
;
114 pmeth
= OPENSSL_zalloc(sizeof(*pmeth
));
116 EVPerr(EVP_F_EVP_PKEY_METH_NEW
, ERR_R_MALLOC_FAILURE
);
121 pmeth
->flags
= flags
| EVP_PKEY_FLAG_DYNAMIC
;
124 #endif /* FIPS_MODULE */
126 static int is_legacy_alg(int id
, const char *keytype
)
129 /* Certain EVP_PKEY keytypes are only available in legacy form */
131 id
= OBJ_sn2nid(keytype
);
133 id
= OBJ_ln2nid(keytype
);
139 * TODO(3.0): Remove SM2 and DHX when they are converted to have provider
152 static EVP_PKEY_CTX
*int_ctx_new(OPENSSL_CTX
*libctx
,
153 EVP_PKEY
*pkey
, ENGINE
*e
,
154 const char *keytype
, const char *propquery
,
159 const EVP_PKEY_METHOD
*pmeth
= NULL
;
160 EVP_KEYMGMT
*keymgmt
= NULL
;
163 * When using providers, the context is bound to the algo implementation
166 if (pkey
== NULL
&& e
== NULL
&& id
== -1)
170 * If the internal key is provided, we extract the keytype from its
171 * keymgmt and skip over the legacy code.
173 if (pkey
!= NULL
&& evp_pkey_is_provided(pkey
)) {
174 /* If we have an engine, something went wrong somewhere... */
175 if (!ossl_assert(e
== NULL
))
177 keytype
= evp_first_name(pkey
->keymgmt
->prov
, pkey
->keymgmt
->name_id
);
181 /* TODO(3.0) Legacy code should be removed when all is provider based */
190 * Here, we extract what information we can for the purpose of
191 * supporting usage with implementations from providers, to make
192 * for a smooth transition from legacy stuff to provider based stuff.
194 * If an engine is given, this is entirely legacy, and we should not
195 * pretend anything else, so we only set the name when no engine is
196 * given. If both are already given, someone made a mistake, and
197 * since that can only happen internally, it's safe to make an
200 if (!ossl_assert(e
== NULL
|| keytype
== NULL
))
203 keytype
= OBJ_nid2sn(id
);
205 # ifndef OPENSSL_NO_ENGINE
206 if (e
== NULL
&& pkey
!= NULL
)
207 e
= pkey
->pmeth_engine
!= NULL
? pkey
->pmeth_engine
: pkey
->engine
;
208 /* Try to find an ENGINE which implements this method */
210 if (!ENGINE_init(e
)) {
211 EVPerr(EVP_F_INT_CTX_NEW
, ERR_R_ENGINE_LIB
);
215 e
= ENGINE_get_pkey_meth_engine(id
);
219 * If an ENGINE handled this method look it up. Otherwise use internal
223 pmeth
= ENGINE_get_pkey_meth(e
, id
);
225 * We are supposed to use an engine, so no point in looking for a
226 * provided implementation. If pmeth is NULL here we just fail.
230 EVPerr(EVP_F_INT_CTX_NEW
, EVP_R_UNSUPPORTED_ALGORITHM
);
235 pmeth
= EVP_PKEY_meth_find(id
);
237 * if pmeth is NULL here we can keep trying to see if we have a provided
238 * implementation below.
242 #endif /* FIPS_MODULE */
245 * If there's no engine and there's a name, we try fetching a provider
248 if (e
== NULL
&& keytype
!= NULL
) {
249 int legacy
= is_legacy_alg(id
, keytype
);
252 /* This could fail so ignore errors */
256 keymgmt
= EVP_KEYMGMT_fetch(libctx
, keytype
, propquery
);
259 } else if (keymgmt
== NULL
) {
260 EVPerr(EVP_F_INT_CTX_NEW
, EVP_R_FETCH_FAILED
);
265 ret
= OPENSSL_zalloc(sizeof(*ret
));
267 EVP_KEYMGMT_free(keymgmt
);
268 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
271 EVPerr(EVP_F_INT_CTX_NEW
, ERR_R_MALLOC_FAILURE
);
274 ret
->libctx
= libctx
;
275 ret
->propquery
= propquery
;
276 ret
->keytype
= keytype
;
277 ret
->keymgmt
= keymgmt
;
280 ret
->operation
= EVP_PKEY_OP_UNDEFINED
;
283 EVP_PKEY_up_ref(pkey
);
285 if (pmeth
!= NULL
&& pmeth
->init
!= NULL
) {
286 if (pmeth
->init(ret
) <= 0) {
288 EVP_PKEY_CTX_free(ret
);
296 /*- All methods below can also be used in FIPS_MODULE */
298 EVP_PKEY_CTX
*EVP_PKEY_CTX_new_from_name(OPENSSL_CTX
*libctx
,
300 const char *propquery
)
302 return int_ctx_new(libctx
, NULL
, NULL
, name
, propquery
, -1);
305 EVP_PKEY_CTX
*EVP_PKEY_CTX_new_from_pkey(OPENSSL_CTX
*libctx
, EVP_PKEY
*pkey
,
306 const char *propquery
)
308 return int_ctx_new(libctx
, pkey
, NULL
, NULL
, propquery
, -1);
311 void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX
*ctx
)
313 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)) {
314 if (ctx
->op
.sig
.sigprovctx
!= NULL
&& ctx
->op
.sig
.signature
!= NULL
)
315 ctx
->op
.sig
.signature
->freectx(ctx
->op
.sig
.sigprovctx
);
316 EVP_SIGNATURE_free(ctx
->op
.sig
.signature
);
317 ctx
->op
.sig
.sigprovctx
= NULL
;
318 ctx
->op
.sig
.signature
= NULL
;
319 } else if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)) {
320 if (ctx
->op
.kex
.exchprovctx
!= NULL
&& ctx
->op
.kex
.exchange
!= NULL
)
321 ctx
->op
.kex
.exchange
->freectx(ctx
->op
.kex
.exchprovctx
);
322 EVP_KEYEXCH_free(ctx
->op
.kex
.exchange
);
323 ctx
->op
.kex
.exchprovctx
= NULL
;
324 ctx
->op
.kex
.exchange
= NULL
;
326 /* TODO(3.0): add dependancies and uncomment this when available for fips mode */
328 else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)) {
329 if (ctx
->op
.ciph
.ciphprovctx
!= NULL
&& ctx
->op
.ciph
.cipher
!= NULL
)
330 ctx
->op
.ciph
.cipher
->freectx(ctx
->op
.ciph
.ciphprovctx
);
331 EVP_ASYM_CIPHER_free(ctx
->op
.ciph
.cipher
);
332 ctx
->op
.ciph
.ciphprovctx
= NULL
;
333 ctx
->op
.ciph
.cipher
= NULL
;
334 } else if (EVP_PKEY_CTX_IS_GEN_OP(ctx
)) {
335 if (ctx
->op
.keymgmt
.genctx
!= NULL
&& ctx
->keymgmt
!= NULL
)
336 evp_keymgmt_gen_cleanup(ctx
->keymgmt
, ctx
->op
.keymgmt
.genctx
);
341 void EVP_PKEY_CTX_free(EVP_PKEY_CTX
*ctx
)
345 if (ctx
->pmeth
&& ctx
->pmeth
->cleanup
)
346 ctx
->pmeth
->cleanup(ctx
);
348 evp_pkey_ctx_free_old_ops(ctx
);
349 EVP_KEYMGMT_free(ctx
->keymgmt
);
351 EVP_PKEY_free(ctx
->pkey
);
352 EVP_PKEY_free(ctx
->peerkey
);
353 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
354 ENGINE_finish(ctx
->engine
);
361 void EVP_PKEY_meth_get0_info(int *ppkey_id
, int *pflags
,
362 const EVP_PKEY_METHOD
*meth
)
365 *ppkey_id
= meth
->pkey_id
;
367 *pflags
= meth
->flags
;
370 void EVP_PKEY_meth_copy(EVP_PKEY_METHOD
*dst
, const EVP_PKEY_METHOD
*src
)
372 int pkey_id
= dst
->pkey_id
;
373 int flags
= dst
->flags
;
377 /* We only copy the function pointers so restore the other values */
378 dst
->pkey_id
= pkey_id
;
382 void EVP_PKEY_meth_free(EVP_PKEY_METHOD
*pmeth
)
384 if (pmeth
&& (pmeth
->flags
& EVP_PKEY_FLAG_DYNAMIC
))
388 EVP_PKEY_CTX
*EVP_PKEY_CTX_new(EVP_PKEY
*pkey
, ENGINE
*e
)
390 return int_ctx_new(NULL
, pkey
, e
, NULL
, NULL
, -1);
393 EVP_PKEY_CTX
*EVP_PKEY_CTX_new_id(int id
, ENGINE
*e
)
395 return int_ctx_new(NULL
, NULL
, e
, NULL
, NULL
, id
);
398 EVP_PKEY_CTX
*EVP_PKEY_CTX_dup(const EVP_PKEY_CTX
*pctx
)
402 if (((pctx
->pmeth
== NULL
) || (pctx
->pmeth
->copy
== NULL
))
403 && ((EVP_PKEY_CTX_IS_DERIVE_OP(pctx
)
404 && pctx
->op
.kex
.exchprovctx
== NULL
)
405 || (EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx
)
406 && pctx
->op
.sig
.sigprovctx
== NULL
)))
408 # ifndef OPENSSL_NO_ENGINE
409 /* Make sure it's safe to copy a pkey context using an ENGINE */
410 if (pctx
->engine
&& !ENGINE_init(pctx
->engine
)) {
411 EVPerr(EVP_F_EVP_PKEY_CTX_DUP
, ERR_R_ENGINE_LIB
);
415 rctx
= OPENSSL_zalloc(sizeof(*rctx
));
417 EVPerr(EVP_F_EVP_PKEY_CTX_DUP
, ERR_R_MALLOC_FAILURE
);
421 if (pctx
->pkey
!= NULL
)
422 EVP_PKEY_up_ref(pctx
->pkey
);
423 rctx
->pkey
= pctx
->pkey
;
424 rctx
->operation
= pctx
->operation
;
425 rctx
->libctx
= pctx
->libctx
;
426 rctx
->keytype
= pctx
->keytype
;
427 rctx
->propquery
= pctx
->propquery
;
429 if (EVP_PKEY_CTX_IS_DERIVE_OP(pctx
)) {
430 if (pctx
->op
.kex
.exchange
!= NULL
) {
431 rctx
->op
.kex
.exchange
= pctx
->op
.kex
.exchange
;
432 if (!EVP_KEYEXCH_up_ref(rctx
->op
.kex
.exchange
)) {
437 if (pctx
->op
.kex
.exchprovctx
!= NULL
) {
438 if (!ossl_assert(pctx
->op
.kex
.exchange
!= NULL
))
440 rctx
->op
.kex
.exchprovctx
441 = pctx
->op
.kex
.exchange
->dupctx(pctx
->op
.kex
.exchprovctx
);
442 if (rctx
->op
.kex
.exchprovctx
== NULL
) {
443 EVP_KEYEXCH_free(rctx
->op
.kex
.exchange
);
449 } else if (EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx
)) {
450 if (pctx
->op
.sig
.signature
!= NULL
) {
451 rctx
->op
.sig
.signature
= pctx
->op
.sig
.signature
;
452 if (!EVP_SIGNATURE_up_ref(rctx
->op
.sig
.signature
)) {
457 if (pctx
->op
.sig
.sigprovctx
!= NULL
) {
458 if (!ossl_assert(pctx
->op
.sig
.signature
!= NULL
))
460 rctx
->op
.sig
.sigprovctx
461 = pctx
->op
.sig
.signature
->dupctx(pctx
->op
.sig
.sigprovctx
);
462 if (rctx
->op
.sig
.sigprovctx
== NULL
) {
463 EVP_SIGNATURE_free(rctx
->op
.sig
.signature
);
469 } else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(pctx
)) {
470 if (pctx
->op
.ciph
.cipher
!= NULL
) {
471 rctx
->op
.ciph
.cipher
= pctx
->op
.ciph
.cipher
;
472 if (!EVP_ASYM_CIPHER_up_ref(rctx
->op
.ciph
.cipher
)) {
477 if (pctx
->op
.ciph
.ciphprovctx
!= NULL
) {
478 if (!ossl_assert(pctx
->op
.ciph
.cipher
!= NULL
))
480 rctx
->op
.ciph
.ciphprovctx
481 = pctx
->op
.ciph
.cipher
->dupctx(pctx
->op
.ciph
.ciphprovctx
);
482 if (rctx
->op
.ciph
.ciphprovctx
== NULL
) {
483 EVP_ASYM_CIPHER_free(rctx
->op
.ciph
.cipher
);
491 rctx
->pmeth
= pctx
->pmeth
;
492 # ifndef OPENSSL_NO_ENGINE
493 rctx
->engine
= pctx
->engine
;
497 EVP_PKEY_up_ref(pctx
->peerkey
);
498 rctx
->peerkey
= pctx
->peerkey
;
500 if (pctx
->pmeth
->copy(rctx
, pctx
) > 0)
504 EVP_PKEY_CTX_free(rctx
);
509 int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD
*pmeth
)
511 if (app_pkey_methods
== NULL
) {
512 app_pkey_methods
= sk_EVP_PKEY_METHOD_new(pmeth_cmp
);
513 if (app_pkey_methods
== NULL
){
514 EVPerr(EVP_F_EVP_PKEY_METH_ADD0
, ERR_R_MALLOC_FAILURE
);
518 if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods
, pmeth
)) {
519 EVPerr(EVP_F_EVP_PKEY_METH_ADD0
, ERR_R_MALLOC_FAILURE
);
522 sk_EVP_PKEY_METHOD_sort(app_pkey_methods
);
526 void evp_app_cleanup_int(void)
528 if (app_pkey_methods
!= NULL
)
529 sk_EVP_PKEY_METHOD_pop_free(app_pkey_methods
, EVP_PKEY_meth_free
);
532 int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD
*pmeth
)
534 const EVP_PKEY_METHOD
*ret
;
536 ret
= sk_EVP_PKEY_METHOD_delete_ptr(app_pkey_methods
, pmeth
);
538 return ret
== NULL
? 0 : 1;
541 size_t EVP_PKEY_meth_get_count(void)
543 size_t rv
= OSSL_NELEM(standard_methods
);
545 if (app_pkey_methods
)
546 rv
+= sk_EVP_PKEY_METHOD_num(app_pkey_methods
);
550 const EVP_PKEY_METHOD
*EVP_PKEY_meth_get0(size_t idx
)
552 if (idx
< OSSL_NELEM(standard_methods
))
553 return (standard_methods
[idx
])();
554 if (app_pkey_methods
== NULL
)
556 idx
-= OSSL_NELEM(standard_methods
);
557 if (idx
>= (size_t)sk_EVP_PKEY_METHOD_num(app_pkey_methods
))
559 return sk_EVP_PKEY_METHOD_value(app_pkey_methods
, idx
);
563 int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX
*ctx
, OSSL_PARAM
*params
)
565 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
566 && ctx
->op
.kex
.exchprovctx
!= NULL
567 && ctx
->op
.kex
.exchange
!= NULL
568 && ctx
->op
.kex
.exchange
->set_ctx_params
!= NULL
)
569 return ctx
->op
.kex
.exchange
->set_ctx_params(ctx
->op
.kex
.exchprovctx
,
571 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
572 && ctx
->op
.sig
.sigprovctx
!= NULL
573 && ctx
->op
.sig
.signature
!= NULL
574 && ctx
->op
.sig
.signature
->set_ctx_params
!= NULL
)
575 return ctx
->op
.sig
.signature
->set_ctx_params(ctx
->op
.sig
.sigprovctx
,
577 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
578 && ctx
->op
.ciph
.ciphprovctx
!= NULL
579 && ctx
->op
.ciph
.cipher
!= NULL
580 && ctx
->op
.ciph
.cipher
->set_ctx_params
!= NULL
)
581 return ctx
->op
.ciph
.cipher
->set_ctx_params(ctx
->op
.ciph
.ciphprovctx
,
583 if (EVP_PKEY_CTX_IS_GEN_OP(ctx
)
584 && ctx
->op
.keymgmt
.genctx
!= NULL
585 && ctx
->keymgmt
!= NULL
586 && ctx
->keymgmt
->gen_set_params
!= NULL
)
587 return evp_keymgmt_gen_set_params(ctx
->keymgmt
, ctx
->op
.keymgmt
.genctx
,
592 int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX
*ctx
, OSSL_PARAM
*params
)
594 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
595 && ctx
->op
.kex
.exchprovctx
!= NULL
596 && ctx
->op
.kex
.exchange
!= NULL
597 && ctx
->op
.kex
.exchange
->get_ctx_params
!= NULL
)
598 return ctx
->op
.kex
.exchange
->get_ctx_params(ctx
->op
.kex
.exchprovctx
,
600 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
601 && ctx
->op
.sig
.sigprovctx
!= NULL
602 && ctx
->op
.sig
.signature
!= NULL
603 && ctx
->op
.sig
.signature
->get_ctx_params
!= NULL
)
604 return ctx
->op
.sig
.signature
->get_ctx_params(ctx
->op
.sig
.sigprovctx
,
606 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
607 && ctx
->op
.ciph
.ciphprovctx
!= NULL
608 && ctx
->op
.ciph
.cipher
!= NULL
609 && ctx
->op
.ciph
.cipher
->get_ctx_params
!= NULL
)
610 return ctx
->op
.ciph
.cipher
->get_ctx_params(ctx
->op
.ciph
.ciphprovctx
,
616 const OSSL_PARAM
*EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX
*ctx
)
620 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
621 && ctx
->op
.kex
.exchange
!= NULL
622 && ctx
->op
.kex
.exchange
->gettable_ctx_params
!= NULL
) {
623 provctx
= ossl_provider_ctx(EVP_KEYEXCH_provider(ctx
->op
.kex
.exchange
));
624 return ctx
->op
.kex
.exchange
->gettable_ctx_params(provctx
);
626 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
627 && ctx
->op
.sig
.signature
!= NULL
628 && ctx
->op
.sig
.signature
->gettable_ctx_params
!= NULL
) {
629 provctx
= ossl_provider_ctx(
630 EVP_SIGNATURE_provider(ctx
->op
.sig
.signature
));
631 return ctx
->op
.sig
.signature
->gettable_ctx_params(provctx
);
633 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
634 && ctx
->op
.ciph
.cipher
!= NULL
635 && ctx
->op
.ciph
.cipher
->gettable_ctx_params
!= NULL
) {
636 provctx
= ossl_provider_ctx(
637 EVP_ASYM_CIPHER_provider(ctx
->op
.ciph
.cipher
));
638 return ctx
->op
.ciph
.cipher
->gettable_ctx_params(provctx
);
643 const OSSL_PARAM
*EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX
*ctx
)
647 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
648 && ctx
->op
.kex
.exchange
!= NULL
649 && ctx
->op
.kex
.exchange
->settable_ctx_params
!= NULL
) {
650 provctx
= ossl_provider_ctx(EVP_KEYEXCH_provider(ctx
->op
.kex
.exchange
));
651 return ctx
->op
.kex
.exchange
->settable_ctx_params(provctx
);
653 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
654 && ctx
->op
.sig
.signature
!= NULL
655 && ctx
->op
.sig
.signature
->settable_ctx_params
!= NULL
) {
656 provctx
= ossl_provider_ctx(
657 EVP_SIGNATURE_provider(ctx
->op
.sig
.signature
));
658 return ctx
->op
.sig
.signature
->settable_ctx_params(provctx
);
660 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
661 && ctx
->op
.ciph
.cipher
!= NULL
662 && ctx
->op
.ciph
.cipher
->settable_ctx_params
!= NULL
) {
663 provctx
= ossl_provider_ctx(
664 EVP_ASYM_CIPHER_provider(ctx
->op
.ciph
.cipher
));
665 return ctx
->op
.ciph
.cipher
->settable_ctx_params(provctx
);
667 if (EVP_PKEY_CTX_IS_GEN_OP(ctx
)
668 && ctx
->keymgmt
!= NULL
)
669 return EVP_KEYMGMT_gen_settable_params(ctx
->keymgmt
);
675 * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params().
677 * Return 1 on success, 0 or negative for errors.
679 * In particular they return -2 if any of the params is not supported.
681 * They are not available in FIPS_MODULE as they depend on
682 * - EVP_PKEY_CTX_{get,set}_params()
683 * - EVP_PKEY_CTX_{gettable,settable}_params()
686 int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX
*ctx
, OSSL_PARAM
*params
)
690 if (ctx
== NULL
|| params
== NULL
)
693 for (p
= params
; p
->key
!= NULL
; p
++) {
694 /* Check the ctx actually understands this parameter */
695 if (OSSL_PARAM_locate_const(EVP_PKEY_CTX_settable_params(ctx
),
700 return EVP_PKEY_CTX_set_params(ctx
, params
);
703 int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX
*ctx
, OSSL_PARAM
*params
)
707 if (ctx
== NULL
|| params
== NULL
)
710 for (p
= params
; p
->key
!= NULL
; p
++ ) {
711 /* Check the ctx actually understands this parameter */
712 if (OSSL_PARAM_locate_const(EVP_PKEY_CTX_gettable_params(ctx
),
717 return EVP_PKEY_CTX_get_params(ctx
, params
);
720 # ifndef OPENSSL_NO_DH
721 int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX
*ctx
, int pad
)
723 OSSL_PARAM dh_pad_params
[2];
724 unsigned int upad
= pad
;
726 /* We use EVP_PKEY_CTX_ctrl return values */
727 if (ctx
== NULL
|| !EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)) {
728 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
732 /* TODO(3.0): Remove this eventually when no more legacy */
733 if (ctx
->op
.kex
.exchprovctx
== NULL
)
734 return EVP_PKEY_CTX_ctrl(ctx
, EVP_PKEY_DH
, EVP_PKEY_OP_DERIVE
,
735 EVP_PKEY_CTRL_DH_PAD
, pad
, NULL
);
737 dh_pad_params
[0] = OSSL_PARAM_construct_uint(OSSL_EXCHANGE_PARAM_PAD
, &upad
);
738 dh_pad_params
[1] = OSSL_PARAM_construct_end();
740 return EVP_PKEY_CTX_set_params(ctx
, dh_pad_params
);
744 int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
**md
)
746 OSSL_PARAM sig_md_params
[2], *p
= sig_md_params
;
747 /* 80 should be big enough */
751 if (ctx
== NULL
|| !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)) {
752 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
753 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
757 /* TODO(3.0): Remove this eventually when no more legacy */
758 if (ctx
->op
.sig
.sigprovctx
== NULL
)
759 return EVP_PKEY_CTX_ctrl(ctx
, -1, EVP_PKEY_OP_TYPE_SIG
,
760 EVP_PKEY_CTRL_GET_MD
, 0, (void *)(md
));
762 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
765 *p
= OSSL_PARAM_construct_end();
767 if (!EVP_PKEY_CTX_get_params(ctx
, sig_md_params
))
770 tmp
= evp_get_digestbyname_ex(ctx
->libctx
, name
);
779 static int evp_pkey_ctx_set_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
*md
,
780 int fallback
, const char *param
, int op
,
783 OSSL_PARAM md_params
[2], *p
= md_params
;
786 if (ctx
== NULL
|| (ctx
->operation
& op
) == 0) {
787 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
788 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
792 /* TODO(3.0): Remove this eventually when no more legacy */
794 return EVP_PKEY_CTX_ctrl(ctx
, -1, op
, ctrl
, 0, (void *)(md
));
799 name
= EVP_MD_name(md
);
802 *p
++ = OSSL_PARAM_construct_utf8_string(param
,
804 * Cast away the const. This is read
805 * only so should be safe
808 *p
= OSSL_PARAM_construct_end();
810 return EVP_PKEY_CTX_set_params(ctx
, md_params
);
813 int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
*md
)
815 return evp_pkey_ctx_set_md(ctx
, md
, ctx
->op
.sig
.sigprovctx
== NULL
,
816 OSSL_SIGNATURE_PARAM_DIGEST
,
817 EVP_PKEY_OP_TYPE_SIG
, EVP_PKEY_CTRL_MD
);
820 int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
*md
)
822 return evp_pkey_ctx_set_md(ctx
, md
, ctx
->op
.kex
.exchprovctx
== NULL
,
823 OSSL_KDF_PARAM_DIGEST
,
824 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_TLS_MD
);
827 static int evp_pkey_ctx_set1_octet_string(EVP_PKEY_CTX
*ctx
, int fallback
,
828 const char *param
, int op
, int ctrl
,
829 const unsigned char *data
,
832 OSSL_PARAM octet_string_params
[2], *p
= octet_string_params
;
834 if (ctx
== NULL
|| (ctx
->operation
& op
) == 0) {
835 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
836 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
840 /* TODO(3.0): Remove this eventually when no more legacy */
842 return EVP_PKEY_CTX_ctrl(ctx
, -1, op
, ctrl
, datalen
, (void *)(data
));
845 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_LENGTH
);
849 *p
++ = OSSL_PARAM_construct_octet_string(param
,
851 * Cast away the const. This is read
852 * only so should be safe
854 (unsigned char *)data
,
856 *p
= OSSL_PARAM_construct_end();
858 return EVP_PKEY_CTX_set_params(ctx
, octet_string_params
);
861 int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX
*ctx
,
862 const unsigned char *sec
, int seclen
)
864 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
865 OSSL_KDF_PARAM_SECRET
,
867 EVP_PKEY_CTRL_TLS_SECRET
,
871 int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX
*ctx
,
872 const unsigned char *seed
, int seedlen
)
874 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
877 EVP_PKEY_CTRL_TLS_SEED
,
881 int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
*md
)
883 return evp_pkey_ctx_set_md(ctx
, md
, ctx
->op
.kex
.exchprovctx
== NULL
,
884 OSSL_KDF_PARAM_DIGEST
,
885 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_HKDF_MD
);
888 int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX
*ctx
,
889 const unsigned char *salt
, int saltlen
)
891 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
894 EVP_PKEY_CTRL_HKDF_SALT
,
898 int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX
*ctx
,
899 const unsigned char *key
, int keylen
)
901 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
904 EVP_PKEY_CTRL_HKDF_KEY
,
908 int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX
*ctx
,
909 const unsigned char *info
, int infolen
)
911 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
914 EVP_PKEY_CTRL_HKDF_INFO
,
918 int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX
*ctx
, int mode
)
920 OSSL_PARAM int_params
[2], *p
= int_params
;
922 if (ctx
== NULL
|| !EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)) {
923 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
924 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
928 /* TODO(3.0): Remove this eventually when no more legacy */
929 if (ctx
->op
.kex
.exchprovctx
== NULL
)
930 return EVP_PKEY_CTX_ctrl(ctx
, -1, EVP_PKEY_OP_DERIVE
,
931 EVP_PKEY_CTRL_HKDF_MODE
, mode
, NULL
);
935 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_VALUE
);
939 *p
++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE
, &mode
);
940 *p
= OSSL_PARAM_construct_end();
942 return EVP_PKEY_CTX_set_params(ctx
, int_params
);
945 int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX
*ctx
, const char *pass
,
948 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
949 OSSL_KDF_PARAM_PASSWORD
,
952 (const unsigned char *)pass
, passlen
);
955 int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX
*ctx
,
956 const unsigned char *salt
, int saltlen
)
958 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
961 EVP_PKEY_CTRL_SCRYPT_SALT
,
965 static int evp_pkey_ctx_set_uint64(EVP_PKEY_CTX
*ctx
, const char *param
,
966 int op
, int ctrl
, uint64_t val
)
968 OSSL_PARAM uint64_params
[2], *p
= uint64_params
;
970 if (ctx
== NULL
|| !EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)) {
971 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
972 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
976 /* TODO(3.0): Remove this eventually when no more legacy */
977 if (ctx
->op
.kex
.exchprovctx
== NULL
)
978 return EVP_PKEY_CTX_ctrl_uint64(ctx
, -1, op
, ctrl
, val
);
980 *p
++ = OSSL_PARAM_construct_uint64(param
, &val
);
981 *p
= OSSL_PARAM_construct_end();
983 return EVP_PKEY_CTX_set_params(ctx
, uint64_params
);
986 int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX
*ctx
, uint64_t n
)
988 return evp_pkey_ctx_set_uint64(ctx
, OSSL_KDF_PARAM_SCRYPT_N
,
989 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_SCRYPT_N
,
993 int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX
*ctx
, uint64_t r
)
995 return evp_pkey_ctx_set_uint64(ctx
, OSSL_KDF_PARAM_SCRYPT_R
,
996 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_SCRYPT_R
,
1000 int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX
*ctx
, uint64_t p
)
1002 return evp_pkey_ctx_set_uint64(ctx
, OSSL_KDF_PARAM_SCRYPT_P
,
1003 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_SCRYPT_P
,
1007 int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX
*ctx
,
1008 uint64_t maxmem_bytes
)
1010 return evp_pkey_ctx_set_uint64(ctx
, OSSL_KDF_PARAM_SCRYPT_MAXMEM
,
1012 EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES
,
1016 int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX
*ctx
, const unsigned char *key
,
1019 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.keymgmt
.genctx
== NULL
,
1020 OSSL_PKEY_PARAM_PRIV_KEY
,
1022 EVP_PKEY_CTRL_SET_MAC_KEY
,
1026 static int legacy_ctrl_to_param(EVP_PKEY_CTX
*ctx
, int keytype
, int optype
,
1027 int cmd
, int p1
, void *p2
)
1029 # ifndef OPENSSL_NO_DH
1030 if (keytype
== EVP_PKEY_DHX
) {
1032 case EVP_PKEY_CTRL_DH_KDF_TYPE
:
1033 return EVP_PKEY_CTX_set_dh_kdf_type(ctx
, p1
);
1034 case EVP_PKEY_CTRL_DH_KDF_MD
:
1035 return EVP_PKEY_CTX_set_dh_kdf_md(ctx
, p2
);
1036 case EVP_PKEY_CTRL_DH_KDF_OUTLEN
:
1037 return EVP_PKEY_CTX_set_dh_kdf_outlen(ctx
, p1
);
1038 case EVP_PKEY_CTRL_DH_KDF_UKM
:
1039 return EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx
, p2
, p1
);
1040 case EVP_PKEY_CTRL_DH_KDF_OID
:
1041 return EVP_PKEY_CTX_set0_dh_kdf_oid(ctx
, p2
);
1042 case EVP_PKEY_CTRL_GET_DH_KDF_MD
:
1043 return EVP_PKEY_CTX_get_dh_kdf_md(ctx
, p2
);
1044 case EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN
:
1045 return EVP_PKEY_CTX_get_dh_kdf_outlen(ctx
, p2
);
1046 case EVP_PKEY_CTRL_GET_DH_KDF_UKM
:
1047 return EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx
, p2
);
1048 case EVP_PKEY_CTRL_GET_DH_KDF_OID
:
1049 return EVP_PKEY_CTX_get0_dh_kdf_oid(ctx
, p2
);
1052 if (keytype
== EVP_PKEY_DH
) {
1054 case EVP_PKEY_CTRL_DH_PAD
:
1055 return EVP_PKEY_CTX_set_dh_pad(ctx
, p1
);
1056 case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN
:
1057 return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx
, p1
);
1058 case EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN
:
1059 return EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx
, p1
);
1060 case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR
:
1061 return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx
, p1
);
1062 case EVP_PKEY_CTRL_DH_PARAMGEN_TYPE
:
1063 return EVP_PKEY_CTX_set_dh_paramgen_type(ctx
, p1
);
1064 case EVP_PKEY_CTRL_DH_RFC5114
:
1065 return EVP_PKEY_CTX_set_dh_rfc5114(ctx
, p1
);
1069 # ifndef OPENSSL_NO_DSA
1070 if (keytype
== EVP_PKEY_DSA
) {
1072 case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS
:
1073 return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx
, p1
);
1074 case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS
:
1075 return EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx
, p1
);
1076 case EVP_PKEY_CTRL_DSA_PARAMGEN_MD
:
1077 return EVP_PKEY_CTX_set_dsa_paramgen_md(ctx
, p2
);
1081 # ifndef OPENSSL_NO_EC
1082 if (keytype
== EVP_PKEY_EC
) {
1084 case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID
:
1085 return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx
, p1
);
1086 case EVP_PKEY_CTRL_EC_ECDH_COFACTOR
:
1088 return EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx
);
1089 } else if (p1
< -1 || p1
> 1) {
1090 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1093 return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx
, p1
);
1095 case EVP_PKEY_CTRL_EC_KDF_TYPE
:
1097 return EVP_PKEY_CTX_get_ecdh_kdf_type(ctx
);
1099 return EVP_PKEY_CTX_set_ecdh_kdf_type(ctx
, p1
);
1101 case EVP_PKEY_CTRL_GET_EC_KDF_MD
:
1102 return EVP_PKEY_CTX_get_ecdh_kdf_md(ctx
, p2
);
1103 case EVP_PKEY_CTRL_EC_KDF_MD
:
1104 return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx
, p2
);
1105 case EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN
:
1106 return EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx
, p2
);
1107 case EVP_PKEY_CTRL_EC_KDF_OUTLEN
:
1108 return EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx
, p1
);
1109 case EVP_PKEY_CTRL_GET_EC_KDF_UKM
:
1110 return EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx
, p2
);
1111 case EVP_PKEY_CTRL_EC_KDF_UKM
:
1112 return EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx
, p2
, p1
);
1116 if (keytype
== EVP_PKEY_RSA
) {
1118 case EVP_PKEY_CTRL_RSA_OAEP_MD
:
1119 return EVP_PKEY_CTX_set_rsa_oaep_md(ctx
, p2
);
1120 case EVP_PKEY_CTRL_GET_RSA_OAEP_MD
:
1121 return EVP_PKEY_CTX_get_rsa_oaep_md(ctx
, p2
);
1122 case EVP_PKEY_CTRL_RSA_MGF1_MD
:
1123 return EVP_PKEY_CTX_set_rsa_oaep_md(ctx
, p2
);
1124 case EVP_PKEY_CTRL_RSA_OAEP_LABEL
:
1125 return EVP_PKEY_CTX_set0_rsa_oaep_label(ctx
, p2
, p1
);
1126 case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL
:
1127 return EVP_PKEY_CTX_get0_rsa_oaep_label(ctx
, (unsigned char **)p2
);
1128 case EVP_PKEY_CTRL_RSA_KEYGEN_BITS
:
1129 return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx
, p1
);
1130 case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP
:
1131 return EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx
, p2
);
1132 case EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES
:
1133 return EVP_PKEY_CTX_set_rsa_keygen_primes(ctx
, p1
);
1137 * keytype == -1 is used when several key types share the same structure,
1138 * or for generic controls that are the same across multiple key types.
1140 if (keytype
== -1) {
1141 if (optype
== EVP_PKEY_OP_DERIVE
) {
1144 case EVP_PKEY_CTRL_TLS_MD
:
1145 return EVP_PKEY_CTX_set_tls1_prf_md(ctx
, p2
);
1146 case EVP_PKEY_CTRL_TLS_SECRET
:
1147 return EVP_PKEY_CTX_set1_tls1_prf_secret(ctx
, p2
, p1
);
1148 case EVP_PKEY_CTRL_TLS_SEED
:
1149 return EVP_PKEY_CTX_add1_tls1_prf_seed(ctx
, p2
, p1
);
1152 case EVP_PKEY_CTRL_HKDF_MD
:
1153 return EVP_PKEY_CTX_set_hkdf_md(ctx
, p2
);
1154 case EVP_PKEY_CTRL_HKDF_SALT
:
1155 return EVP_PKEY_CTX_set1_hkdf_salt(ctx
, p2
, p1
);
1156 case EVP_PKEY_CTRL_HKDF_KEY
:
1157 return EVP_PKEY_CTX_set1_hkdf_key(ctx
, p2
, p1
);
1158 case EVP_PKEY_CTRL_HKDF_INFO
:
1159 return EVP_PKEY_CTX_add1_hkdf_info(ctx
, p2
, p1
);
1160 case EVP_PKEY_CTRL_HKDF_MODE
:
1161 return EVP_PKEY_CTX_hkdf_mode(ctx
, p1
);
1164 case EVP_PKEY_CTRL_PASS
:
1165 return EVP_PKEY_CTX_set1_pbe_pass(ctx
, p2
, p1
);
1166 case EVP_PKEY_CTRL_SCRYPT_SALT
:
1167 return EVP_PKEY_CTX_set1_scrypt_salt(ctx
, p2
, p1
);
1168 case EVP_PKEY_CTRL_SCRYPT_N
:
1169 return EVP_PKEY_CTX_set_scrypt_N(ctx
, p1
);
1170 case EVP_PKEY_CTRL_SCRYPT_R
:
1171 return EVP_PKEY_CTX_set_scrypt_r(ctx
, p1
);
1172 case EVP_PKEY_CTRL_SCRYPT_P
:
1173 return EVP_PKEY_CTX_set_scrypt_p(ctx
, p1
);
1174 case EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES
:
1175 return EVP_PKEY_CTX_set_scrypt_maxmem_bytes(ctx
, p1
);
1177 } else if (optype
== EVP_PKEY_OP_KEYGEN
) {
1178 OSSL_PARAM params
[2], *p
= params
;
1181 case EVP_PKEY_CTRL_CIPHER
:
1183 char *ciphname
= (char *)EVP_CIPHER_name(p2
);
1185 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_CIPHER
,
1187 *p
= OSSL_PARAM_construct_end();
1189 return EVP_PKEY_CTX_set_params(ctx
, params
);
1191 case EVP_PKEY_CTRL_SET_MAC_KEY
:
1193 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PRIV_KEY
,
1195 *p
= OSSL_PARAM_construct_end();
1197 return EVP_PKEY_CTX_set_params(ctx
, params
);
1202 case EVP_PKEY_CTRL_MD
:
1203 return EVP_PKEY_CTX_set_signature_md(ctx
, p2
);
1204 case EVP_PKEY_CTRL_GET_MD
:
1205 return EVP_PKEY_CTX_get_signature_md(ctx
, p2
);
1206 case EVP_PKEY_CTRL_RSA_PADDING
:
1207 return EVP_PKEY_CTX_set_rsa_padding(ctx
, p1
);
1208 case EVP_PKEY_CTRL_GET_RSA_PADDING
:
1209 return EVP_PKEY_CTX_get_rsa_padding(ctx
, p2
);
1210 case EVP_PKEY_CTRL_GET_RSA_MGF1_MD
:
1211 return EVP_PKEY_CTX_get_rsa_oaep_md(ctx
, p2
);
1212 case EVP_PKEY_CTRL_RSA_PSS_SALTLEN
:
1213 return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx
, p1
);
1214 case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN
:
1215 return EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx
, p2
);
1216 case EVP_PKEY_CTRL_PKCS7_ENCRYPT
:
1217 case EVP_PKEY_CTRL_PKCS7_DECRYPT
:
1218 # ifndef OPENSSL_NO_CMS
1219 case EVP_PKEY_CTRL_CMS_DECRYPT
:
1220 case EVP_PKEY_CTRL_CMS_ENCRYPT
:
1222 /* TODO (3.0) Temporary hack, this should probe */
1223 if (!EVP_PKEY_is_a(EVP_PKEY_CTX_get0_pkey(ctx
), "RSASSA-PSS"))
1225 ERR_raise(ERR_LIB_EVP
,
1226 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
1232 * GOST CMS format is different for different cipher algorithms.
1233 * Most of other algorithms don't have such a difference
1234 * so this ctrl is just ignored.
1236 if (cmd
== EVP_PKEY_CTRL_CIPHER
)
1242 int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX
*ctx
, int keytype
, int optype
,
1243 int cmd
, int p1
, void *p2
)
1248 EVPerr(EVP_F_EVP_PKEY_CTX_CTRL
, EVP_R_COMMAND_NOT_SUPPORTED
);
1252 if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx
) && ctx
->op
.kex
.exchprovctx
!= NULL
)
1253 || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
1254 && ctx
->op
.sig
.sigprovctx
!= NULL
)
1255 || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
1256 && ctx
->op
.ciph
.ciphprovctx
!= NULL
)
1257 || (EVP_PKEY_CTX_IS_GEN_OP(ctx
)
1258 && ctx
->op
.keymgmt
.genctx
!= NULL
))
1259 return legacy_ctrl_to_param(ctx
, keytype
, optype
, cmd
, p1
, p2
);
1261 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->ctrl
== NULL
) {
1262 EVPerr(EVP_F_EVP_PKEY_CTX_CTRL
, EVP_R_COMMAND_NOT_SUPPORTED
);
1265 if ((keytype
!= -1) && (ctx
->pmeth
->pkey_id
!= keytype
))
1268 /* Skip the operation checks since this is called in a very early stage */
1269 if (ctx
->pmeth
->digest_custom
!= NULL
)
1272 if (ctx
->operation
== EVP_PKEY_OP_UNDEFINED
) {
1273 EVPerr(EVP_F_EVP_PKEY_CTX_CTRL
, EVP_R_NO_OPERATION_SET
);
1277 if ((optype
!= -1) && !(ctx
->operation
& optype
)) {
1278 EVPerr(EVP_F_EVP_PKEY_CTX_CTRL
, EVP_R_INVALID_OPERATION
);
1283 ret
= ctx
->pmeth
->ctrl(ctx
, cmd
, p1
, p2
);
1286 EVPerr(EVP_F_EVP_PKEY_CTX_CTRL
, EVP_R_COMMAND_NOT_SUPPORTED
);
1291 int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX
*ctx
, int keytype
, int optype
,
1292 int cmd
, uint64_t value
)
1294 return EVP_PKEY_CTX_ctrl(ctx
, keytype
, optype
, cmd
, 0, &value
);
1297 static int legacy_ctrl_str_to_param(EVP_PKEY_CTX
*ctx
, const char *name
,
1300 if (strcmp(name
, "md") == 0)
1301 name
= OSSL_ALG_PARAM_DIGEST
;
1302 else if (strcmp(name
, "rsa_padding_mode") == 0)
1303 name
= OSSL_ASYM_CIPHER_PARAM_PAD_MODE
;
1304 else if (strcmp(name
, "rsa_mgf1_md") == 0)
1305 name
= OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST
;
1306 else if (strcmp(name
, "rsa_oaep_md") == 0)
1307 name
= OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST
;
1308 else if (strcmp(name
, "rsa_oaep_label") == 0)
1309 name
= OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL
;
1310 else if (strcmp(name
, "rsa_pss_saltlen") == 0)
1311 name
= OSSL_SIGNATURE_PARAM_PSS_SALTLEN
;
1312 else if (strcmp(name
, "rsa_keygen_bits") == 0)
1313 name
= OSSL_PKEY_PARAM_RSA_BITS
;
1314 else if (strcmp(name
, "rsa_keygen_pubexp") == 0)
1315 name
= OSSL_PKEY_PARAM_RSA_E
;
1316 else if (strcmp(name
, "rsa_keygen_primes") == 0)
1317 name
= OSSL_PKEY_PARAM_RSA_PRIMES
;
1318 else if (strcmp(name
, "rsa_pss_keygen_md") == 0)
1319 name
= OSSL_PKEY_PARAM_RSA_DIGEST
;
1320 else if (strcmp(name
, "rsa_pss_keygen_mgf1_md") == 0)
1321 name
= OSSL_PKEY_PARAM_RSA_MGF1_DIGEST
;
1322 else if (strcmp(name
, "rsa_pss_keygen_saltlen") == 0)
1323 name
= OSSL_PKEY_PARAM_RSA_PSS_SALTLEN
;
1324 # ifndef OPENSSL_NO_DSA
1325 else if (strcmp(name
, "dsa_paramgen_bits") == 0)
1326 name
= OSSL_PKEY_PARAM_FFC_PBITS
;
1327 else if (strcmp(name
, "dsa_paramgen_q_bits") == 0)
1328 name
= OSSL_PKEY_PARAM_FFC_QBITS
;
1329 else if (strcmp(name
, "dsa_paramgen_md") == 0)
1330 name
= OSSL_PKEY_PARAM_FFC_DIGEST
;
1332 # ifndef OPENSSL_NO_DH
1333 else if (strcmp(name
, "dh_paramgen_generator") == 0)
1334 name
= OSSL_PKEY_PARAM_DH_GENERATOR
;
1335 else if (strcmp(name
, "dh_paramgen_prime_len") == 0)
1336 name
= OSSL_PKEY_PARAM_FFC_PBITS
;
1337 else if (strcmp(name
, "dh_paramgen_subprime_len") == 0)
1338 name
= OSSL_PKEY_PARAM_FFC_QBITS
;
1339 else if (strcmp(name
, "dh_paramgen_type") == 0) {
1340 name
= OSSL_PKEY_PARAM_FFC_TYPE
;
1341 value
= dh_gen_type_id2name(atoi(value
));
1342 } else if (strcmp(name
, "dh_param") == 0)
1343 name
= OSSL_PKEY_PARAM_GROUP_NAME
;
1344 else if (strcmp(name
, "dh_rfc5114") == 0) {
1345 name
= OSSL_PKEY_PARAM_GROUP_NAME
;
1346 value
= ffc_named_group_from_uid(atoi(value
));
1347 } else if (strcmp(name
, "dh_pad") == 0)
1348 name
= OSSL_EXCHANGE_PARAM_PAD
;
1350 # ifndef OPENSSL_NO_EC
1351 else if (strcmp(name
, "ec_paramgen_curve") == 0)
1352 name
= OSSL_PKEY_PARAM_GROUP_NAME
;
1353 else if (strcmp(name
, "ecdh_cofactor_mode") == 0)
1354 name
= OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE
;
1355 else if (strcmp(name
, "ecdh_kdf_md") == 0)
1356 name
= OSSL_EXCHANGE_PARAM_KDF_DIGEST
;
1357 else if (strcmp(name
, "ec_param_enc") == 0)
1358 name
= OSSL_PKEY_PARAM_EC_ENCODING
;
1360 else if (strcmp(name
, "N") == 0)
1361 name
= OSSL_KDF_PARAM_SCRYPT_N
;
1365 * TODO(3.0) reduce the code above to only translate known legacy
1366 * string to the corresponding core name (see core_names.h), but
1367 * otherwise leave it to this code block to do the actual work.
1369 const OSSL_PARAM
*settable
= EVP_PKEY_CTX_settable_params(ctx
);
1370 OSSL_PARAM params
[2] = { OSSL_PARAM_END
, OSSL_PARAM_END
};
1374 if (!OSSL_PARAM_allocate_from_text(¶ms
[0], settable
, name
, value
,
1375 strlen(value
), &exists
)) {
1377 ERR_raise_data(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
,
1378 "name=%s,value=%s", name
, value
);
1383 if (EVP_PKEY_CTX_set_params(ctx
, params
))
1385 OPENSSL_free(params
[0].data
);
1390 int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX
*ctx
,
1391 const char *name
, const char *value
)
1394 EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR
, EVP_R_COMMAND_NOT_SUPPORTED
);
1398 if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx
) && ctx
->op
.kex
.exchprovctx
!= NULL
)
1399 || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
1400 && ctx
->op
.sig
.sigprovctx
!= NULL
)
1401 || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
1402 && ctx
->op
.ciph
.ciphprovctx
!= NULL
)
1403 || (EVP_PKEY_CTX_IS_GEN_OP(ctx
)
1404 && ctx
->op
.keymgmt
.genctx
!= NULL
))
1405 return legacy_ctrl_str_to_param(ctx
, name
, value
);
1407 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->ctrl_str
) {
1408 EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR
, EVP_R_COMMAND_NOT_SUPPORTED
);
1411 if (strcmp(name
, "digest") == 0)
1412 return EVP_PKEY_CTX_md(ctx
, EVP_PKEY_OP_TYPE_SIG
, EVP_PKEY_CTRL_MD
,
1414 return ctx
->pmeth
->ctrl_str(ctx
, name
, value
);
1417 /* Utility functions to send a string of hex string to a ctrl */
1419 int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX
*ctx
, int cmd
, const char *str
)
1426 return ctx
->pmeth
->ctrl(ctx
, cmd
, len
, (void *)str
);
1429 int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX
*ctx
, int cmd
, const char *hex
)
1435 bin
= OPENSSL_hexstr2buf(hex
, &binlen
);
1438 if (binlen
<= INT_MAX
)
1439 rv
= ctx
->pmeth
->ctrl(ctx
, cmd
, binlen
, bin
);
1444 /* Pass a message digest to a ctrl */
1445 int EVP_PKEY_CTX_md(EVP_PKEY_CTX
*ctx
, int optype
, int cmd
, const char *md
)
1449 if (md
== NULL
|| (m
= EVP_get_digestbyname(md
)) == NULL
) {
1450 EVPerr(EVP_F_EVP_PKEY_CTX_MD
, EVP_R_INVALID_DIGEST
);
1453 return EVP_PKEY_CTX_ctrl(ctx
, -1, optype
, cmd
, 0, (void *)m
);
1456 int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX
*ctx
)
1458 return ctx
->operation
;
1461 void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX
*ctx
, int *dat
, int datlen
)
1463 ctx
->keygen_info
= dat
;
1464 ctx
->keygen_info_count
= datlen
;
1467 void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX
*ctx
, void *data
)
1472 void *EVP_PKEY_CTX_get_data(const EVP_PKEY_CTX
*ctx
)
1477 EVP_PKEY
*EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX
*ctx
)
1482 EVP_PKEY
*EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX
*ctx
)
1484 return ctx
->peerkey
;
1487 void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX
*ctx
, void *data
)
1489 ctx
->app_data
= data
;
1492 void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX
*ctx
)
1494 return ctx
->app_data
;
1497 void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD
*pmeth
,
1498 int (*init
) (EVP_PKEY_CTX
*ctx
))
1503 void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD
*pmeth
,
1504 int (*copy
) (EVP_PKEY_CTX
*dst
,
1505 const EVP_PKEY_CTX
*src
))
1510 void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD
*pmeth
,
1511 void (*cleanup
) (EVP_PKEY_CTX
*ctx
))
1513 pmeth
->cleanup
= cleanup
;
1516 void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD
*pmeth
,
1517 int (*paramgen_init
) (EVP_PKEY_CTX
*ctx
),
1518 int (*paramgen
) (EVP_PKEY_CTX
*ctx
,
1521 pmeth
->paramgen_init
= paramgen_init
;
1522 pmeth
->paramgen
= paramgen
;
1525 void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD
*pmeth
,
1526 int (*keygen_init
) (EVP_PKEY_CTX
*ctx
),
1527 int (*keygen
) (EVP_PKEY_CTX
*ctx
,
1530 pmeth
->keygen_init
= keygen_init
;
1531 pmeth
->keygen
= keygen
;
1534 void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD
*pmeth
,
1535 int (*sign_init
) (EVP_PKEY_CTX
*ctx
),
1536 int (*sign
) (EVP_PKEY_CTX
*ctx
,
1537 unsigned char *sig
, size_t *siglen
,
1538 const unsigned char *tbs
,
1541 pmeth
->sign_init
= sign_init
;
1545 void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD
*pmeth
,
1546 int (*verify_init
) (EVP_PKEY_CTX
*ctx
),
1547 int (*verify
) (EVP_PKEY_CTX
*ctx
,
1548 const unsigned char *sig
,
1550 const unsigned char *tbs
,
1553 pmeth
->verify_init
= verify_init
;
1554 pmeth
->verify
= verify
;
1557 void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD
*pmeth
,
1558 int (*verify_recover_init
) (EVP_PKEY_CTX
1560 int (*verify_recover
) (EVP_PKEY_CTX
1569 pmeth
->verify_recover_init
= verify_recover_init
;
1570 pmeth
->verify_recover
= verify_recover
;
1573 void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD
*pmeth
,
1574 int (*signctx_init
) (EVP_PKEY_CTX
*ctx
,
1576 int (*signctx
) (EVP_PKEY_CTX
*ctx
,
1581 pmeth
->signctx_init
= signctx_init
;
1582 pmeth
->signctx
= signctx
;
1585 void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD
*pmeth
,
1586 int (*verifyctx_init
) (EVP_PKEY_CTX
*ctx
,
1588 int (*verifyctx
) (EVP_PKEY_CTX
*ctx
,
1589 const unsigned char *sig
,
1593 pmeth
->verifyctx_init
= verifyctx_init
;
1594 pmeth
->verifyctx
= verifyctx
;
1597 void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD
*pmeth
,
1598 int (*encrypt_init
) (EVP_PKEY_CTX
*ctx
),
1599 int (*encryptfn
) (EVP_PKEY_CTX
*ctx
,
1602 const unsigned char *in
,
1605 pmeth
->encrypt_init
= encrypt_init
;
1606 pmeth
->encrypt
= encryptfn
;
1609 void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD
*pmeth
,
1610 int (*decrypt_init
) (EVP_PKEY_CTX
*ctx
),
1611 int (*decrypt
) (EVP_PKEY_CTX
*ctx
,
1614 const unsigned char *in
,
1617 pmeth
->decrypt_init
= decrypt_init
;
1618 pmeth
->decrypt
= decrypt
;
1621 void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD
*pmeth
,
1622 int (*derive_init
) (EVP_PKEY_CTX
*ctx
),
1623 int (*derive
) (EVP_PKEY_CTX
*ctx
,
1627 pmeth
->derive_init
= derive_init
;
1628 pmeth
->derive
= derive
;
1631 void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD
*pmeth
,
1632 int (*ctrl
) (EVP_PKEY_CTX
*ctx
, int type
, int p1
,
1634 int (*ctrl_str
) (EVP_PKEY_CTX
*ctx
,
1639 pmeth
->ctrl_str
= ctrl_str
;
1642 void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD
*pmeth
,
1643 int (*digestsign
) (EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
1644 const unsigned char *tbs
, size_t tbslen
))
1646 pmeth
->digestsign
= digestsign
;
1649 void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD
*pmeth
,
1650 int (*digestverify
) (EVP_MD_CTX
*ctx
, const unsigned char *sig
,
1651 size_t siglen
, const unsigned char *tbs
,
1654 pmeth
->digestverify
= digestverify
;
1657 void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD
*pmeth
,
1658 int (*check
) (EVP_PKEY
*pkey
))
1660 pmeth
->check
= check
;
1663 void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD
*pmeth
,
1664 int (*check
) (EVP_PKEY
*pkey
))
1666 pmeth
->public_check
= check
;
1669 void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD
*pmeth
,
1670 int (*check
) (EVP_PKEY
*pkey
))
1672 pmeth
->param_check
= check
;
1675 void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD
*pmeth
,
1676 int (*digest_custom
) (EVP_PKEY_CTX
*ctx
,
1679 pmeth
->digest_custom
= digest_custom
;
1682 void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD
*pmeth
,
1683 int (**pinit
) (EVP_PKEY_CTX
*ctx
))
1685 *pinit
= pmeth
->init
;
1688 void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD
*pmeth
,
1689 int (**pcopy
) (EVP_PKEY_CTX
*dst
,
1690 const EVP_PKEY_CTX
*src
))
1692 *pcopy
= pmeth
->copy
;
1695 void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD
*pmeth
,
1696 void (**pcleanup
) (EVP_PKEY_CTX
*ctx
))
1698 *pcleanup
= pmeth
->cleanup
;
1701 void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD
*pmeth
,
1702 int (**pparamgen_init
) (EVP_PKEY_CTX
*ctx
),
1703 int (**pparamgen
) (EVP_PKEY_CTX
*ctx
,
1707 *pparamgen_init
= pmeth
->paramgen_init
;
1709 *pparamgen
= pmeth
->paramgen
;
1712 void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD
*pmeth
,
1713 int (**pkeygen_init
) (EVP_PKEY_CTX
*ctx
),
1714 int (**pkeygen
) (EVP_PKEY_CTX
*ctx
,
1718 *pkeygen_init
= pmeth
->keygen_init
;
1720 *pkeygen
= pmeth
->keygen
;
1723 void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD
*pmeth
,
1724 int (**psign_init
) (EVP_PKEY_CTX
*ctx
),
1725 int (**psign
) (EVP_PKEY_CTX
*ctx
,
1726 unsigned char *sig
, size_t *siglen
,
1727 const unsigned char *tbs
,
1731 *psign_init
= pmeth
->sign_init
;
1733 *psign
= pmeth
->sign
;
1736 void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD
*pmeth
,
1737 int (**pverify_init
) (EVP_PKEY_CTX
*ctx
),
1738 int (**pverify
) (EVP_PKEY_CTX
*ctx
,
1739 const unsigned char *sig
,
1741 const unsigned char *tbs
,
1745 *pverify_init
= pmeth
->verify_init
;
1747 *pverify
= pmeth
->verify
;
1750 void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD
*pmeth
,
1751 int (**pverify_recover_init
) (EVP_PKEY_CTX
1753 int (**pverify_recover
) (EVP_PKEY_CTX
1762 if (pverify_recover_init
)
1763 *pverify_recover_init
= pmeth
->verify_recover_init
;
1764 if (pverify_recover
)
1765 *pverify_recover
= pmeth
->verify_recover
;
1768 void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD
*pmeth
,
1769 int (**psignctx_init
) (EVP_PKEY_CTX
*ctx
,
1771 int (**psignctx
) (EVP_PKEY_CTX
*ctx
,
1777 *psignctx_init
= pmeth
->signctx_init
;
1779 *psignctx
= pmeth
->signctx
;
1782 void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD
*pmeth
,
1783 int (**pverifyctx_init
) (EVP_PKEY_CTX
*ctx
,
1785 int (**pverifyctx
) (EVP_PKEY_CTX
*ctx
,
1786 const unsigned char *sig
,
1790 if (pverifyctx_init
)
1791 *pverifyctx_init
= pmeth
->verifyctx_init
;
1793 *pverifyctx
= pmeth
->verifyctx
;
1796 void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD
*pmeth
,
1797 int (**pencrypt_init
) (EVP_PKEY_CTX
*ctx
),
1798 int (**pencryptfn
) (EVP_PKEY_CTX
*ctx
,
1801 const unsigned char *in
,
1805 *pencrypt_init
= pmeth
->encrypt_init
;
1807 *pencryptfn
= pmeth
->encrypt
;
1810 void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD
*pmeth
,
1811 int (**pdecrypt_init
) (EVP_PKEY_CTX
*ctx
),
1812 int (**pdecrypt
) (EVP_PKEY_CTX
*ctx
,
1815 const unsigned char *in
,
1819 *pdecrypt_init
= pmeth
->decrypt_init
;
1821 *pdecrypt
= pmeth
->decrypt
;
1824 void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD
*pmeth
,
1825 int (**pderive_init
) (EVP_PKEY_CTX
*ctx
),
1826 int (**pderive
) (EVP_PKEY_CTX
*ctx
,
1831 *pderive_init
= pmeth
->derive_init
;
1833 *pderive
= pmeth
->derive
;
1836 void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD
*pmeth
,
1837 int (**pctrl
) (EVP_PKEY_CTX
*ctx
, int type
, int p1
,
1839 int (**pctrl_str
) (EVP_PKEY_CTX
*ctx
,
1844 *pctrl
= pmeth
->ctrl
;
1846 *pctrl_str
= pmeth
->ctrl_str
;
1849 void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD
*pmeth
,
1850 int (**digestsign
) (EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
1851 const unsigned char *tbs
, size_t tbslen
))
1854 *digestsign
= pmeth
->digestsign
;
1857 void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD
*pmeth
,
1858 int (**digestverify
) (EVP_MD_CTX
*ctx
, const unsigned char *sig
,
1859 size_t siglen
, const unsigned char *tbs
,
1863 *digestverify
= pmeth
->digestverify
;
1866 void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD
*pmeth
,
1867 int (**pcheck
) (EVP_PKEY
*pkey
))
1870 *pcheck
= pmeth
->check
;
1873 void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD
*pmeth
,
1874 int (**pcheck
) (EVP_PKEY
*pkey
))
1877 *pcheck
= pmeth
->public_check
;
1880 void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD
*pmeth
,
1881 int (**pcheck
) (EVP_PKEY
*pkey
))
1884 *pcheck
= pmeth
->param_check
;
1887 void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD
*pmeth
,
1888 int (**pdigest_custom
) (EVP_PKEY_CTX
*ctx
,
1891 if (pdigest_custom
!= NULL
)
1892 *pdigest_custom
= pmeth
->digest_custom
;
1895 #endif /* FIPS_MODULE */