2 * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * Low level key APIs (DH etc) are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
19 # include <openssl/engine.h>
21 #include <openssl/evp.h>
22 #include <openssl/core_names.h>
23 #include <openssl/dh.h>
24 #include <openssl/rsa.h>
25 #include <openssl/kdf.h>
26 #include "internal/cryptlib.h"
28 # include "crypto/asn1.h"
30 #include "crypto/evp.h"
31 #include "crypto/dh.h"
32 #include "crypto/ec.h"
33 #include "internal/ffc.h"
34 #include "internal/numbers.h"
35 #include "internal/provider.h"
36 #include "evp_local.h"
40 static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX
*ctx
,
41 int keytype
, int optype
,
42 int cmd
, const char *name
,
43 const void *data
, size_t data_len
);
44 static void evp_pkey_ctx_free_cached_data(EVP_PKEY_CTX
*ctx
,
45 int cmd
, const char *name
);
46 static void evp_pkey_ctx_free_all_cached_data(EVP_PKEY_CTX
*ctx
);
48 typedef const EVP_PKEY_METHOD
*(*pmeth_fn
)(void);
49 typedef int sk_cmp_fn_type(const char *const *a
, const char *const *b
);
51 static STACK_OF(EVP_PKEY_METHOD
) *app_pkey_methods
= NULL
;
53 /* This array needs to be in order of NIDs */
54 static pmeth_fn standard_methods
[] = {
56 # ifndef OPENSSL_NO_DH
59 # ifndef OPENSSL_NO_DSA
62 # ifndef OPENSSL_NO_EC
65 ossl_rsa_pss_pkey_method
,
66 # ifndef OPENSSL_NO_DH
69 # ifndef OPENSSL_NO_EC
70 ossl_ecx25519_pkey_method
,
71 ossl_ecx448_pkey_method
,
73 # ifndef OPENSSL_NO_EC
74 ossl_ed25519_pkey_method
,
75 ossl_ed448_pkey_method
,
79 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD
*, pmeth_fn
, pmeth_func
);
81 static int pmeth_func_cmp(const EVP_PKEY_METHOD
*const *a
, pmeth_fn
const *b
)
83 return ((*a
)->pkey_id
- ((**b
)())->pkey_id
);
86 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD
*, pmeth_fn
, pmeth_func
);
88 static int pmeth_cmp(const EVP_PKEY_METHOD
*const *a
,
89 const EVP_PKEY_METHOD
*const *b
)
91 return ((*a
)->pkey_id
- (*b
)->pkey_id
);
94 static const EVP_PKEY_METHOD
*evp_pkey_meth_find_added_by_application(int type
)
96 if (app_pkey_methods
!= NULL
) {
101 idx
= sk_EVP_PKEY_METHOD_find(app_pkey_methods
, &tmp
);
103 return sk_EVP_PKEY_METHOD_value(app_pkey_methods
, idx
);
108 const EVP_PKEY_METHOD
*EVP_PKEY_meth_find(int type
)
112 const EVP_PKEY_METHOD
*t
;
114 if ((t
= evp_pkey_meth_find_added_by_application(type
)) != NULL
)
119 ret
= OBJ_bsearch_pmeth_func(&t
, standard_methods
,
120 OSSL_NELEM(standard_methods
));
121 if (ret
== NULL
|| *ret
== NULL
)
126 EVP_PKEY_METHOD
*EVP_PKEY_meth_new(int id
, int flags
)
128 EVP_PKEY_METHOD
*pmeth
;
130 pmeth
= OPENSSL_zalloc(sizeof(*pmeth
));
132 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
137 pmeth
->flags
= flags
| EVP_PKEY_FLAG_DYNAMIC
;
141 static void help_get_legacy_alg_type_from_keymgmt(const char *keytype
,
146 if (*type
== NID_undef
)
147 *type
= evp_pkey_name2type(keytype
);
150 static int get_legacy_alg_type_from_keymgmt(const EVP_KEYMGMT
*keymgmt
)
152 int type
= NID_undef
;
154 EVP_KEYMGMT_names_do_all(keymgmt
, help_get_legacy_alg_type_from_keymgmt
,
158 #endif /* FIPS_MODULE */
160 int evp_pkey_ctx_state(const EVP_PKEY_CTX
*ctx
)
162 if (ctx
->operation
== EVP_PKEY_OP_UNDEFINED
)
163 return EVP_PKEY_STATE_UNKNOWN
;
165 if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
166 && ctx
->op
.kex
.algctx
!= NULL
)
167 || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
168 && ctx
->op
.sig
.algctx
!= NULL
)
169 || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
170 && ctx
->op
.ciph
.algctx
!= NULL
)
171 || (EVP_PKEY_CTX_IS_GEN_OP(ctx
)
172 && ctx
->op
.keymgmt
.genctx
!= NULL
)
173 || (EVP_PKEY_CTX_IS_KEM_OP(ctx
)
174 && ctx
->op
.encap
.algctx
!= NULL
))
175 return EVP_PKEY_STATE_PROVIDER
;
177 return EVP_PKEY_STATE_LEGACY
;
180 static EVP_PKEY_CTX
*int_ctx_new(OSSL_LIB_CTX
*libctx
,
181 EVP_PKEY
*pkey
, ENGINE
*e
,
182 const char *keytype
, const char *propquery
,
186 EVP_PKEY_CTX
*ret
= NULL
;
187 const EVP_PKEY_METHOD
*pmeth
= NULL
, *app_pmeth
= NULL
;
188 EVP_KEYMGMT
*keymgmt
= NULL
;
190 /* Code below to be removed when legacy support is dropped. */
193 if (pkey
!= NULL
&& !evp_pkey_is_provided(pkey
)) {
197 /* Must be provided if we get here */
198 keytype
= EVP_KEYMGMT_get0_name(pkey
->keymgmt
);
201 if (keytype
!= NULL
) {
202 id
= evp_pkey_name2type(keytype
);
209 /* If no ID was found here, we can only resort to find a keymgmt */
212 /* Using engine with a key without id will not work */
214 ERR_raise(ERR_LIB_EVP
, EVP_R_UNSUPPORTED_ALGORITHM
);
223 * Here, we extract what information we can for the purpose of
224 * supporting usage with implementations from providers, to make
225 * for a smooth transition from legacy stuff to provider based stuff.
227 * If an engine is given, this is entirely legacy, and we should not
228 * pretend anything else, so we clear the name.
232 if (e
== NULL
&& (pkey
== NULL
|| pkey
->foreign
== 0))
233 keytype
= OBJ_nid2sn(id
);
235 # ifndef OPENSSL_NO_ENGINE
236 if (e
== NULL
&& pkey
!= NULL
)
237 e
= pkey
->pmeth_engine
!= NULL
? pkey
->pmeth_engine
: pkey
->engine
;
238 /* Try to find an ENGINE which implements this method */
240 if (!ENGINE_init(e
)) {
241 ERR_raise(ERR_LIB_EVP
, ERR_R_ENGINE_LIB
);
245 e
= ENGINE_get_pkey_meth_engine(id
);
249 * If an ENGINE handled this method look it up. Otherwise use internal
253 pmeth
= ENGINE_get_pkey_meth(e
, id
);
254 else if (pkey
!= NULL
&& pkey
->foreign
)
255 pmeth
= EVP_PKEY_meth_find(id
);
258 app_pmeth
= pmeth
= evp_pkey_meth_find_added_by_application(id
);
261 #endif /* FIPS_MODULE */
264 * If there's no engine and no app supplied pmeth and there's a name, we try
265 * fetching a provider implementation.
267 if (e
== NULL
&& app_pmeth
== NULL
&& keytype
!= NULL
) {
268 keymgmt
= EVP_KEYMGMT_fetch(libctx
, keytype
, propquery
);
270 return NULL
; /* EVP_KEYMGMT_fetch() recorded an error */
274 * Chase down the legacy NID, as that might be needed for diverse
275 * purposes, such as ensure that EVP_PKEY_type() can return sensible
276 * values. We go through all keymgmt names, because the keytype
277 * that's passed to this function doesn't necessarily translate
280 if (keymgmt
!= NULL
) {
281 int tmp_id
= get_legacy_alg_type_from_keymgmt(keymgmt
);
283 if (tmp_id
!= NID_undef
) {
288 * It really really shouldn't differ. If it still does,
289 * something is very wrong.
291 if (!ossl_assert(id
== tmp_id
)) {
292 ERR_raise(ERR_LIB_EVP
, ERR_R_INTERNAL_ERROR
);
293 EVP_KEYMGMT_free(keymgmt
);
302 if (pmeth
== NULL
&& keymgmt
== NULL
) {
303 ERR_raise(ERR_LIB_EVP
, EVP_R_UNSUPPORTED_ALGORITHM
);
305 ret
= OPENSSL_zalloc(sizeof(*ret
));
307 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
310 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
311 if ((ret
== NULL
|| pmeth
== NULL
) && e
!= NULL
)
316 EVP_KEYMGMT_free(keymgmt
);
319 if (propquery
!= NULL
) {
320 ret
->propquery
= OPENSSL_strdup(propquery
);
321 if (ret
->propquery
== NULL
) {
323 EVP_KEYMGMT_free(keymgmt
);
327 ret
->libctx
= libctx
;
328 ret
->keytype
= keytype
;
329 ret
->keymgmt
= keymgmt
;
330 ret
->legacy_keytype
= id
;
333 ret
->operation
= EVP_PKEY_OP_UNDEFINED
;
336 EVP_PKEY_up_ref(pkey
);
338 if (pmeth
!= NULL
&& pmeth
->init
!= NULL
) {
339 if (pmeth
->init(ret
) <= 0) {
341 EVP_PKEY_CTX_free(ret
);
349 /*- All methods below can also be used in FIPS_MODULE */
351 EVP_PKEY_CTX
*EVP_PKEY_CTX_new_from_name(OSSL_LIB_CTX
*libctx
,
353 const char *propquery
)
355 return int_ctx_new(libctx
, NULL
, NULL
, name
, propquery
, -1);
358 EVP_PKEY_CTX
*EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX
*libctx
, EVP_PKEY
*pkey
,
359 const char *propquery
)
361 return int_ctx_new(libctx
, pkey
, NULL
, NULL
, propquery
, -1);
364 void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX
*ctx
)
366 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)) {
367 if (ctx
->op
.sig
.algctx
!= NULL
&& ctx
->op
.sig
.signature
!= NULL
)
368 ctx
->op
.sig
.signature
->freectx(ctx
->op
.sig
.algctx
);
369 EVP_SIGNATURE_free(ctx
->op
.sig
.signature
);
370 ctx
->op
.sig
.algctx
= NULL
;
371 ctx
->op
.sig
.signature
= NULL
;
372 } else if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)) {
373 if (ctx
->op
.kex
.algctx
!= NULL
&& ctx
->op
.kex
.exchange
!= NULL
)
374 ctx
->op
.kex
.exchange
->freectx(ctx
->op
.kex
.algctx
);
375 EVP_KEYEXCH_free(ctx
->op
.kex
.exchange
);
376 ctx
->op
.kex
.algctx
= NULL
;
377 ctx
->op
.kex
.exchange
= NULL
;
378 } else if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)) {
379 if (ctx
->op
.encap
.algctx
!= NULL
&& ctx
->op
.encap
.kem
!= NULL
)
380 ctx
->op
.encap
.kem
->freectx(ctx
->op
.encap
.algctx
);
381 EVP_KEM_free(ctx
->op
.encap
.kem
);
382 ctx
->op
.encap
.algctx
= NULL
;
383 ctx
->op
.encap
.kem
= NULL
;
385 else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)) {
386 if (ctx
->op
.ciph
.algctx
!= NULL
&& ctx
->op
.ciph
.cipher
!= NULL
)
387 ctx
->op
.ciph
.cipher
->freectx(ctx
->op
.ciph
.algctx
);
388 EVP_ASYM_CIPHER_free(ctx
->op
.ciph
.cipher
);
389 ctx
->op
.ciph
.algctx
= NULL
;
390 ctx
->op
.ciph
.cipher
= NULL
;
391 } else if (EVP_PKEY_CTX_IS_GEN_OP(ctx
)) {
392 if (ctx
->op
.keymgmt
.genctx
!= NULL
&& ctx
->keymgmt
!= NULL
)
393 evp_keymgmt_gen_cleanup(ctx
->keymgmt
, ctx
->op
.keymgmt
.genctx
);
397 void EVP_PKEY_CTX_free(EVP_PKEY_CTX
*ctx
)
401 if (ctx
->pmeth
&& ctx
->pmeth
->cleanup
)
402 ctx
->pmeth
->cleanup(ctx
);
404 evp_pkey_ctx_free_old_ops(ctx
);
406 evp_pkey_ctx_free_all_cached_data(ctx
);
408 EVP_KEYMGMT_free(ctx
->keymgmt
);
410 OPENSSL_free(ctx
->propquery
);
411 EVP_PKEY_free(ctx
->pkey
);
412 EVP_PKEY_free(ctx
->peerkey
);
413 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
414 ENGINE_finish(ctx
->engine
);
416 BN_free(ctx
->rsa_pubexp
);
422 void EVP_PKEY_meth_get0_info(int *ppkey_id
, int *pflags
,
423 const EVP_PKEY_METHOD
*meth
)
426 *ppkey_id
= meth
->pkey_id
;
428 *pflags
= meth
->flags
;
431 void EVP_PKEY_meth_copy(EVP_PKEY_METHOD
*dst
, const EVP_PKEY_METHOD
*src
)
433 int pkey_id
= dst
->pkey_id
;
434 int flags
= dst
->flags
;
438 /* We only copy the function pointers so restore the other values */
439 dst
->pkey_id
= pkey_id
;
443 void EVP_PKEY_meth_free(EVP_PKEY_METHOD
*pmeth
)
445 if (pmeth
&& (pmeth
->flags
& EVP_PKEY_FLAG_DYNAMIC
))
449 EVP_PKEY_CTX
*EVP_PKEY_CTX_new(EVP_PKEY
*pkey
, ENGINE
*e
)
451 return int_ctx_new(NULL
, pkey
, e
, NULL
, NULL
, -1);
454 EVP_PKEY_CTX
*EVP_PKEY_CTX_new_id(int id
, ENGINE
*e
)
456 return int_ctx_new(NULL
, NULL
, e
, NULL
, NULL
, id
);
459 EVP_PKEY_CTX
*EVP_PKEY_CTX_dup(const EVP_PKEY_CTX
*pctx
)
463 # ifndef OPENSSL_NO_ENGINE
464 /* Make sure it's safe to copy a pkey context using an ENGINE */
465 if (pctx
->engine
&& !ENGINE_init(pctx
->engine
)) {
466 ERR_raise(ERR_LIB_EVP
, ERR_R_ENGINE_LIB
);
470 rctx
= OPENSSL_zalloc(sizeof(*rctx
));
472 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
476 if (pctx
->pkey
!= NULL
)
477 EVP_PKEY_up_ref(pctx
->pkey
);
478 rctx
->pkey
= pctx
->pkey
;
479 rctx
->operation
= pctx
->operation
;
480 rctx
->libctx
= pctx
->libctx
;
481 rctx
->keytype
= pctx
->keytype
;
482 rctx
->propquery
= NULL
;
483 if (pctx
->propquery
!= NULL
) {
484 rctx
->propquery
= OPENSSL_strdup(pctx
->propquery
);
485 if (rctx
->propquery
== NULL
)
488 rctx
->legacy_keytype
= pctx
->legacy_keytype
;
490 if (EVP_PKEY_CTX_IS_DERIVE_OP(pctx
)) {
491 if (pctx
->op
.kex
.exchange
!= NULL
) {
492 rctx
->op
.kex
.exchange
= pctx
->op
.kex
.exchange
;
493 if (!EVP_KEYEXCH_up_ref(rctx
->op
.kex
.exchange
))
496 if (pctx
->op
.kex
.algctx
!= NULL
) {
497 if (!ossl_assert(pctx
->op
.kex
.exchange
!= NULL
))
500 = pctx
->op
.kex
.exchange
->dupctx(pctx
->op
.kex
.algctx
);
501 if (rctx
->op
.kex
.algctx
== NULL
) {
502 EVP_KEYEXCH_free(rctx
->op
.kex
.exchange
);
507 } else if (EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx
)) {
508 if (pctx
->op
.sig
.signature
!= NULL
) {
509 rctx
->op
.sig
.signature
= pctx
->op
.sig
.signature
;
510 if (!EVP_SIGNATURE_up_ref(rctx
->op
.sig
.signature
))
513 if (pctx
->op
.sig
.algctx
!= NULL
) {
514 if (!ossl_assert(pctx
->op
.sig
.signature
!= NULL
))
517 = pctx
->op
.sig
.signature
->dupctx(pctx
->op
.sig
.algctx
);
518 if (rctx
->op
.sig
.algctx
== NULL
) {
519 EVP_SIGNATURE_free(rctx
->op
.sig
.signature
);
524 } else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(pctx
)) {
525 if (pctx
->op
.ciph
.cipher
!= NULL
) {
526 rctx
->op
.ciph
.cipher
= pctx
->op
.ciph
.cipher
;
527 if (!EVP_ASYM_CIPHER_up_ref(rctx
->op
.ciph
.cipher
))
530 if (pctx
->op
.ciph
.algctx
!= NULL
) {
531 if (!ossl_assert(pctx
->op
.ciph
.cipher
!= NULL
))
534 = pctx
->op
.ciph
.cipher
->dupctx(pctx
->op
.ciph
.algctx
);
535 if (rctx
->op
.ciph
.algctx
== NULL
) {
536 EVP_ASYM_CIPHER_free(rctx
->op
.ciph
.cipher
);
541 } else if (EVP_PKEY_CTX_IS_KEM_OP(pctx
)) {
542 if (pctx
->op
.encap
.kem
!= NULL
) {
543 rctx
->op
.encap
.kem
= pctx
->op
.encap
.kem
;
544 if (!EVP_KEM_up_ref(rctx
->op
.encap
.kem
))
547 if (pctx
->op
.encap
.algctx
!= NULL
) {
548 if (!ossl_assert(pctx
->op
.encap
.kem
!= NULL
))
550 rctx
->op
.encap
.algctx
551 = pctx
->op
.encap
.kem
->dupctx(pctx
->op
.encap
.algctx
);
552 if (rctx
->op
.encap
.algctx
== NULL
) {
553 EVP_KEM_free(rctx
->op
.encap
.kem
);
558 } else if (EVP_PKEY_CTX_IS_GEN_OP(pctx
)) {
559 /* Not supported - This would need a gen_dupctx() to work */
563 rctx
->pmeth
= pctx
->pmeth
;
564 # ifndef OPENSSL_NO_ENGINE
565 rctx
->engine
= pctx
->engine
;
568 if (pctx
->peerkey
!= NULL
)
569 EVP_PKEY_up_ref(pctx
->peerkey
);
570 rctx
->peerkey
= pctx
->peerkey
;
572 if (pctx
->pmeth
== NULL
) {
573 if (rctx
->operation
== EVP_PKEY_OP_UNDEFINED
) {
574 EVP_KEYMGMT
*tmp_keymgmt
= pctx
->keymgmt
;
577 provkey
= evp_pkey_export_to_provider(pctx
->pkey
, pctx
->libctx
,
578 &tmp_keymgmt
, pctx
->propquery
);
581 if (!EVP_KEYMGMT_up_ref(tmp_keymgmt
))
583 EVP_KEYMGMT_free(rctx
->keymgmt
);
584 rctx
->keymgmt
= tmp_keymgmt
;
587 } else if (pctx
->pmeth
->copy(rctx
, pctx
) > 0) {
592 EVP_PKEY_CTX_free(rctx
);
596 int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD
*pmeth
)
598 if (app_pkey_methods
== NULL
) {
599 app_pkey_methods
= sk_EVP_PKEY_METHOD_new(pmeth_cmp
);
600 if (app_pkey_methods
== NULL
){
601 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
605 if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods
, pmeth
)) {
606 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
609 sk_EVP_PKEY_METHOD_sort(app_pkey_methods
);
613 void evp_app_cleanup_int(void)
615 if (app_pkey_methods
!= NULL
)
616 sk_EVP_PKEY_METHOD_pop_free(app_pkey_methods
, EVP_PKEY_meth_free
);
619 int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD
*pmeth
)
621 const EVP_PKEY_METHOD
*ret
;
623 ret
= sk_EVP_PKEY_METHOD_delete_ptr(app_pkey_methods
, pmeth
);
625 return ret
== NULL
? 0 : 1;
628 size_t EVP_PKEY_meth_get_count(void)
630 size_t rv
= OSSL_NELEM(standard_methods
);
632 if (app_pkey_methods
)
633 rv
+= sk_EVP_PKEY_METHOD_num(app_pkey_methods
);
637 const EVP_PKEY_METHOD
*EVP_PKEY_meth_get0(size_t idx
)
639 if (idx
< OSSL_NELEM(standard_methods
))
640 return (standard_methods
[idx
])();
641 if (app_pkey_methods
== NULL
)
643 idx
-= OSSL_NELEM(standard_methods
);
644 if (idx
>= (size_t)sk_EVP_PKEY_METHOD_num(app_pkey_methods
))
646 return sk_EVP_PKEY_METHOD_value(app_pkey_methods
, idx
);
650 int EVP_PKEY_CTX_is_a(EVP_PKEY_CTX
*ctx
, const char *keytype
)
653 if (evp_pkey_ctx_is_legacy(ctx
))
654 return (ctx
->pmeth
->pkey_id
== evp_pkey_name2type(keytype
));
656 return EVP_KEYMGMT_is_a(ctx
->keymgmt
, keytype
);
659 int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX
*ctx
, const OSSL_PARAM
*params
)
661 switch (evp_pkey_ctx_state(ctx
)) {
662 case EVP_PKEY_STATE_PROVIDER
:
663 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
664 && ctx
->op
.kex
.exchange
!= NULL
665 && ctx
->op
.kex
.exchange
->set_ctx_params
!= NULL
)
667 ctx
->op
.kex
.exchange
->set_ctx_params(ctx
->op
.kex
.algctx
,
669 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
670 && ctx
->op
.sig
.signature
!= NULL
671 && ctx
->op
.sig
.signature
->set_ctx_params
!= NULL
)
673 ctx
->op
.sig
.signature
->set_ctx_params(ctx
->op
.sig
.algctx
,
675 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
676 && ctx
->op
.ciph
.cipher
!= NULL
677 && ctx
->op
.ciph
.cipher
->set_ctx_params
!= NULL
)
679 ctx
->op
.ciph
.cipher
->set_ctx_params(ctx
->op
.ciph
.algctx
,
681 if (EVP_PKEY_CTX_IS_GEN_OP(ctx
)
682 && ctx
->keymgmt
!= NULL
683 && ctx
->keymgmt
->gen_set_params
!= NULL
)
685 evp_keymgmt_gen_set_params(ctx
->keymgmt
, ctx
->op
.keymgmt
.genctx
,
687 if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)
688 && ctx
->op
.encap
.kem
!= NULL
689 && ctx
->op
.encap
.kem
->set_ctx_params
!= NULL
)
691 ctx
->op
.encap
.kem
->set_ctx_params(ctx
->op
.encap
.algctx
,
695 case EVP_PKEY_STATE_UNKNOWN
:
696 case EVP_PKEY_STATE_LEGACY
:
697 return evp_pkey_ctx_set_params_to_ctrl(ctx
, params
);
703 int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX
*ctx
, OSSL_PARAM
*params
)
705 switch (evp_pkey_ctx_state(ctx
)) {
706 case EVP_PKEY_STATE_PROVIDER
:
707 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
708 && ctx
->op
.kex
.exchange
!= NULL
709 && ctx
->op
.kex
.exchange
->get_ctx_params
!= NULL
)
711 ctx
->op
.kex
.exchange
->get_ctx_params(ctx
->op
.kex
.algctx
,
713 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
714 && ctx
->op
.sig
.signature
!= NULL
715 && ctx
->op
.sig
.signature
->get_ctx_params
!= NULL
)
717 ctx
->op
.sig
.signature
->get_ctx_params(ctx
->op
.sig
.algctx
,
719 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
720 && ctx
->op
.ciph
.cipher
!= NULL
721 && ctx
->op
.ciph
.cipher
->get_ctx_params
!= NULL
)
723 ctx
->op
.ciph
.cipher
->get_ctx_params(ctx
->op
.ciph
.algctx
,
725 if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)
726 && ctx
->op
.encap
.kem
!= NULL
727 && ctx
->op
.encap
.kem
->get_ctx_params
!= NULL
)
729 ctx
->op
.encap
.kem
->get_ctx_params(ctx
->op
.encap
.algctx
,
733 case EVP_PKEY_STATE_UNKNOWN
:
734 case EVP_PKEY_STATE_LEGACY
:
735 return evp_pkey_ctx_get_params_to_ctrl(ctx
, params
);
742 const OSSL_PARAM
*EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX
*ctx
)
746 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
747 && ctx
->op
.kex
.exchange
!= NULL
748 && ctx
->op
.kex
.exchange
->gettable_ctx_params
!= NULL
) {
749 provctx
= ossl_provider_ctx(EVP_KEYEXCH_get0_provider(ctx
->op
.kex
.exchange
));
750 return ctx
->op
.kex
.exchange
->gettable_ctx_params(ctx
->op
.kex
.algctx
,
753 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
754 && ctx
->op
.sig
.signature
!= NULL
755 && ctx
->op
.sig
.signature
->gettable_ctx_params
!= NULL
) {
756 provctx
= ossl_provider_ctx(
757 EVP_SIGNATURE_get0_provider(ctx
->op
.sig
.signature
));
758 return ctx
->op
.sig
.signature
->gettable_ctx_params(ctx
->op
.sig
.algctx
,
761 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
762 && ctx
->op
.ciph
.cipher
!= NULL
763 && ctx
->op
.ciph
.cipher
->gettable_ctx_params
!= NULL
) {
764 provctx
= ossl_provider_ctx(
765 EVP_ASYM_CIPHER_get0_provider(ctx
->op
.ciph
.cipher
));
766 return ctx
->op
.ciph
.cipher
->gettable_ctx_params(ctx
->op
.ciph
.algctx
,
769 if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)
770 && ctx
->op
.encap
.kem
!= NULL
771 && ctx
->op
.encap
.kem
->gettable_ctx_params
!= NULL
) {
772 provctx
= ossl_provider_ctx(EVP_KEM_get0_provider(ctx
->op
.encap
.kem
));
773 return ctx
->op
.encap
.kem
->gettable_ctx_params(ctx
->op
.encap
.algctx
,
779 const OSSL_PARAM
*EVP_PKEY_CTX_settable_params(const EVP_PKEY_CTX
*ctx
)
783 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
784 && ctx
->op
.kex
.exchange
!= NULL
785 && ctx
->op
.kex
.exchange
->settable_ctx_params
!= NULL
) {
786 provctx
= ossl_provider_ctx(EVP_KEYEXCH_get0_provider(ctx
->op
.kex
.exchange
));
787 return ctx
->op
.kex
.exchange
->settable_ctx_params(ctx
->op
.kex
.algctx
,
790 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
791 && ctx
->op
.sig
.signature
!= NULL
792 && ctx
->op
.sig
.signature
->settable_ctx_params
!= NULL
) {
793 provctx
= ossl_provider_ctx(
794 EVP_SIGNATURE_get0_provider(ctx
->op
.sig
.signature
));
795 return ctx
->op
.sig
.signature
->settable_ctx_params(ctx
->op
.sig
.algctx
,
798 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
799 && ctx
->op
.ciph
.cipher
!= NULL
800 && ctx
->op
.ciph
.cipher
->settable_ctx_params
!= NULL
) {
801 provctx
= ossl_provider_ctx(
802 EVP_ASYM_CIPHER_get0_provider(ctx
->op
.ciph
.cipher
));
803 return ctx
->op
.ciph
.cipher
->settable_ctx_params(ctx
->op
.ciph
.algctx
,
806 if (EVP_PKEY_CTX_IS_GEN_OP(ctx
)
807 && ctx
->keymgmt
!= NULL
808 && ctx
->keymgmt
->gen_settable_params
!= NULL
) {
809 provctx
= ossl_provider_ctx(EVP_KEYMGMT_get0_provider(ctx
->keymgmt
));
810 return ctx
->keymgmt
->gen_settable_params(ctx
->op
.keymgmt
.genctx
,
813 if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)
814 && ctx
->op
.encap
.kem
!= NULL
815 && ctx
->op
.encap
.kem
->settable_ctx_params
!= NULL
) {
816 provctx
= ossl_provider_ctx(EVP_KEM_get0_provider(ctx
->op
.encap
.kem
));
817 return ctx
->op
.encap
.kem
->settable_ctx_params(ctx
->op
.encap
.algctx
,
824 * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params().
826 * Return 1 on success, 0 or negative for errors.
828 * In particular they return -2 if any of the params is not supported.
830 * They are not available in FIPS_MODULE as they depend on
831 * - EVP_PKEY_CTX_{get,set}_params()
832 * - EVP_PKEY_CTX_{gettable,settable}_params()
835 int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX
*ctx
, OSSL_PARAM
*params
)
837 if (ctx
== NULL
|| params
== NULL
)
841 * We only check for provider side EVP_PKEY_CTX. For #legacy, we
842 * depend on the translation that happens in EVP_PKEY_CTX_set_params()
843 * call, and that the resulting ctrl call will return -2 if it doesn't
844 * known the ctrl command number.
846 if (evp_pkey_ctx_is_provided(ctx
)) {
847 const OSSL_PARAM
*settable
= EVP_PKEY_CTX_settable_params(ctx
);
850 for (p
= params
; p
->key
!= NULL
; p
++) {
851 /* Check the ctx actually understands this parameter */
852 if (OSSL_PARAM_locate_const(settable
, p
->key
) == NULL
)
857 return EVP_PKEY_CTX_set_params(ctx
, params
);
860 int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX
*ctx
, OSSL_PARAM
*params
)
862 if (ctx
== NULL
|| params
== NULL
)
866 * We only check for provider side EVP_PKEY_CTX. For #legacy, we
867 * depend on the translation that happens in EVP_PKEY_CTX_get_params()
868 * call, and that the resulting ctrl call will return -2 if it doesn't
869 * known the ctrl command number.
871 if (evp_pkey_ctx_is_provided(ctx
)) {
872 const OSSL_PARAM
*gettable
= EVP_PKEY_CTX_gettable_params(ctx
);
875 for (p
= params
; p
->key
!= NULL
; p
++ ) {
876 /* Check the ctx actually understands this parameter */
877 if (OSSL_PARAM_locate_const(gettable
, p
->key
) == NULL
)
882 return EVP_PKEY_CTX_get_params(ctx
, params
);
885 int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
**md
)
887 OSSL_PARAM sig_md_params
[2], *p
= sig_md_params
;
888 /* 80 should be big enough */
892 if (ctx
== NULL
|| !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)) {
893 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
894 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
898 if (ctx
->op
.sig
.algctx
== NULL
)
899 return EVP_PKEY_CTX_ctrl(ctx
, -1, EVP_PKEY_OP_TYPE_SIG
,
900 EVP_PKEY_CTRL_GET_MD
, 0, (void *)(md
));
902 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
905 *p
= OSSL_PARAM_construct_end();
907 if (!EVP_PKEY_CTX_get_params(ctx
, sig_md_params
))
910 tmp
= evp_get_digestbyname_ex(ctx
->libctx
, name
);
919 static int evp_pkey_ctx_set_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
*md
,
920 int fallback
, const char *param
, int op
,
923 OSSL_PARAM md_params
[2], *p
= md_params
;
926 if (ctx
== NULL
|| (ctx
->operation
& op
) == 0) {
927 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
928 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
933 return EVP_PKEY_CTX_ctrl(ctx
, -1, op
, ctrl
, 0, (void *)(md
));
938 name
= EVP_MD_get0_name(md
);
941 *p
++ = OSSL_PARAM_construct_utf8_string(param
,
943 * Cast away the const. This is read
944 * only so should be safe
947 *p
= OSSL_PARAM_construct_end();
949 return EVP_PKEY_CTX_set_params(ctx
, md_params
);
952 int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
*md
)
954 return evp_pkey_ctx_set_md(ctx
, md
, ctx
->op
.sig
.algctx
== NULL
,
955 OSSL_SIGNATURE_PARAM_DIGEST
,
956 EVP_PKEY_OP_TYPE_SIG
, EVP_PKEY_CTRL_MD
);
959 int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
*md
)
961 return evp_pkey_ctx_set_md(ctx
, md
, ctx
->op
.kex
.algctx
== NULL
,
962 OSSL_KDF_PARAM_DIGEST
,
963 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_TLS_MD
);
966 static int evp_pkey_ctx_set1_octet_string(EVP_PKEY_CTX
*ctx
, int fallback
,
967 const char *param
, int op
, int ctrl
,
968 const unsigned char *data
,
971 OSSL_PARAM octet_string_params
[2], *p
= octet_string_params
;
973 if (ctx
== NULL
|| (ctx
->operation
& op
) == 0) {
974 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
975 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
979 /* Code below to be removed when legacy support is dropped. */
981 return EVP_PKEY_CTX_ctrl(ctx
, -1, op
, ctrl
, datalen
, (void *)(data
));
982 /* end of legacy support */
985 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_LENGTH
);
989 *p
++ = OSSL_PARAM_construct_octet_string(param
,
991 * Cast away the const. This is read
992 * only so should be safe
994 (unsigned char *)data
,
996 *p
= OSSL_PARAM_construct_end();
998 return EVP_PKEY_CTX_set_params(ctx
, octet_string_params
);
1001 int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX
*ctx
,
1002 const unsigned char *sec
, int seclen
)
1004 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.algctx
== NULL
,
1005 OSSL_KDF_PARAM_SECRET
,
1007 EVP_PKEY_CTRL_TLS_SECRET
,
1011 int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX
*ctx
,
1012 const unsigned char *seed
, int seedlen
)
1014 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.algctx
== NULL
,
1015 OSSL_KDF_PARAM_SEED
,
1017 EVP_PKEY_CTRL_TLS_SEED
,
1021 int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
*md
)
1023 return evp_pkey_ctx_set_md(ctx
, md
, ctx
->op
.kex
.algctx
== NULL
,
1024 OSSL_KDF_PARAM_DIGEST
,
1025 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_HKDF_MD
);
1028 int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX
*ctx
,
1029 const unsigned char *salt
, int saltlen
)
1031 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.algctx
== NULL
,
1032 OSSL_KDF_PARAM_SALT
,
1034 EVP_PKEY_CTRL_HKDF_SALT
,
1038 int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX
*ctx
,
1039 const unsigned char *key
, int keylen
)
1041 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.algctx
== NULL
,
1044 EVP_PKEY_CTRL_HKDF_KEY
,
1048 int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX
*ctx
,
1049 const unsigned char *info
, int infolen
)
1051 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.algctx
== NULL
,
1052 OSSL_KDF_PARAM_INFO
,
1054 EVP_PKEY_CTRL_HKDF_INFO
,
1058 int EVP_PKEY_CTX_set_hkdf_mode(EVP_PKEY_CTX
*ctx
, int mode
)
1060 OSSL_PARAM int_params
[2], *p
= int_params
;
1062 if (ctx
== NULL
|| !EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)) {
1063 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1064 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1068 /* Code below to be removed when legacy support is dropped. */
1069 if (ctx
->op
.kex
.algctx
== NULL
)
1070 return EVP_PKEY_CTX_ctrl(ctx
, -1, EVP_PKEY_OP_DERIVE
,
1071 EVP_PKEY_CTRL_HKDF_MODE
, mode
, NULL
);
1072 /* end of legacy support */
1075 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_VALUE
);
1079 *p
++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE
, &mode
);
1080 *p
= OSSL_PARAM_construct_end();
1082 return EVP_PKEY_CTX_set_params(ctx
, int_params
);
1085 int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX
*ctx
, const char *pass
,
1088 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.algctx
== NULL
,
1089 OSSL_KDF_PARAM_PASSWORD
,
1092 (const unsigned char *)pass
, passlen
);
1095 int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX
*ctx
,
1096 const unsigned char *salt
, int saltlen
)
1098 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.algctx
== NULL
,
1099 OSSL_KDF_PARAM_SALT
,
1101 EVP_PKEY_CTRL_SCRYPT_SALT
,
1105 static int evp_pkey_ctx_set_uint64(EVP_PKEY_CTX
*ctx
, const char *param
,
1106 int op
, int ctrl
, uint64_t val
)
1108 OSSL_PARAM uint64_params
[2], *p
= uint64_params
;
1110 if (ctx
== NULL
|| !EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)) {
1111 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1112 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1116 /* Code below to be removed when legacy support is dropped. */
1117 if (ctx
->op
.kex
.algctx
== NULL
)
1118 return EVP_PKEY_CTX_ctrl_uint64(ctx
, -1, op
, ctrl
, val
);
1119 /* end of legacy support */
1121 *p
++ = OSSL_PARAM_construct_uint64(param
, &val
);
1122 *p
= OSSL_PARAM_construct_end();
1124 return EVP_PKEY_CTX_set_params(ctx
, uint64_params
);
1127 int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX
*ctx
, uint64_t n
)
1129 return evp_pkey_ctx_set_uint64(ctx
, OSSL_KDF_PARAM_SCRYPT_N
,
1130 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_SCRYPT_N
,
1134 int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX
*ctx
, uint64_t r
)
1136 return evp_pkey_ctx_set_uint64(ctx
, OSSL_KDF_PARAM_SCRYPT_R
,
1137 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_SCRYPT_R
,
1141 int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX
*ctx
, uint64_t p
)
1143 return evp_pkey_ctx_set_uint64(ctx
, OSSL_KDF_PARAM_SCRYPT_P
,
1144 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_SCRYPT_P
,
1148 int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX
*ctx
,
1149 uint64_t maxmem_bytes
)
1151 return evp_pkey_ctx_set_uint64(ctx
, OSSL_KDF_PARAM_SCRYPT_MAXMEM
,
1153 EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES
,
1157 int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX
*ctx
, const unsigned char *key
,
1160 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.keymgmt
.genctx
== NULL
,
1161 OSSL_PKEY_PARAM_PRIV_KEY
,
1163 EVP_PKEY_CTRL_SET_MAC_KEY
,
1167 int EVP_PKEY_CTX_set_kem_op(EVP_PKEY_CTX
*ctx
, const char *op
)
1169 OSSL_PARAM params
[2], *p
= params
;
1171 if (ctx
== NULL
|| op
== NULL
) {
1172 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_VALUE
);
1175 if (!EVP_PKEY_CTX_IS_KEM_OP(ctx
)) {
1176 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1179 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_KEM_PARAM_OPERATION
,
1181 *p
= OSSL_PARAM_construct_end();
1182 return EVP_PKEY_CTX_set_params(ctx
, params
);
1185 int evp_pkey_ctx_set1_id_prov(EVP_PKEY_CTX
*ctx
, const void *id
, int len
)
1187 OSSL_PARAM params
[2], *p
= params
;
1190 if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)) {
1191 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1192 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1196 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_DIST_ID
,
1198 * Cast away the const. This is
1199 * read only so should be safe
1201 (void *)id
, (size_t)len
);
1202 *p
++ = OSSL_PARAM_construct_end();
1204 ret
= evp_pkey_ctx_set_params_strict(ctx
, params
);
1206 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1210 int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX
*ctx
, const void *id
, int len
)
1212 return EVP_PKEY_CTX_ctrl(ctx
, -1, -1,
1213 EVP_PKEY_CTRL_SET1_ID
, (int)len
, (void*)(id
));
1216 static int get1_id_data(EVP_PKEY_CTX
*ctx
, void *id
, size_t *id_len
)
1219 void *tmp_id
= NULL
;
1220 OSSL_PARAM params
[2], *p
= params
;
1222 if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)) {
1223 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1224 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1228 *p
++ = OSSL_PARAM_construct_octet_ptr(OSSL_PKEY_PARAM_DIST_ID
,
1230 *p
++ = OSSL_PARAM_construct_end();
1232 ret
= evp_pkey_ctx_get_params_strict(ctx
, params
);
1234 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1235 } else if (ret
> 0) {
1236 size_t tmp_id_len
= params
[0].return_size
;
1239 memcpy(id
, tmp_id
, tmp_id_len
);
1241 *id_len
= tmp_id_len
;
1246 int evp_pkey_ctx_get1_id_prov(EVP_PKEY_CTX
*ctx
, void *id
)
1248 return get1_id_data(ctx
, id
, NULL
);
1251 int evp_pkey_ctx_get1_id_len_prov(EVP_PKEY_CTX
*ctx
, size_t *id_len
)
1253 return get1_id_data(ctx
, NULL
, id_len
);
1256 int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX
*ctx
, void *id
)
1258 return EVP_PKEY_CTX_ctrl(ctx
, -1, -1, EVP_PKEY_CTRL_GET1_ID
, 0, (void*)id
);
1261 int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX
*ctx
, size_t *id_len
)
1263 return EVP_PKEY_CTX_ctrl(ctx
, -1, -1,
1264 EVP_PKEY_CTRL_GET1_ID_LEN
, 0, (void*)id_len
);
1267 static int evp_pkey_ctx_ctrl_int(EVP_PKEY_CTX
*ctx
, int keytype
, int optype
,
1268 int cmd
, int p1
, void *p2
)
1273 * If the method has a |digest_custom| function, we can relax the
1274 * operation type check, since this can be called before the operation
1277 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->digest_custom
== NULL
) {
1278 if (ctx
->operation
== EVP_PKEY_OP_UNDEFINED
) {
1279 ERR_raise(ERR_LIB_EVP
, EVP_R_NO_OPERATION_SET
);
1283 if ((optype
!= -1) && !(ctx
->operation
& optype
)) {
1284 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_OPERATION
);
1289 switch (evp_pkey_ctx_state(ctx
)) {
1290 case EVP_PKEY_STATE_PROVIDER
:
1291 return evp_pkey_ctx_ctrl_to_param(ctx
, keytype
, optype
, cmd
, p1
, p2
);
1292 case EVP_PKEY_STATE_UNKNOWN
:
1293 case EVP_PKEY_STATE_LEGACY
:
1294 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->ctrl
== NULL
) {
1295 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1298 if ((keytype
!= -1) && (ctx
->pmeth
->pkey_id
!= keytype
))
1301 ret
= ctx
->pmeth
->ctrl(ctx
, cmd
, p1
, p2
);
1304 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1310 int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX
*ctx
, int keytype
, int optype
,
1311 int cmd
, int p1
, void *p2
)
1316 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1319 /* If unsupported, we don't want that reported here */
1321 ret
= evp_pkey_ctx_store_cached_data(ctx
, keytype
, optype
,
1326 ERR_clear_last_mark();
1328 * If there was an error, there was an error.
1329 * If the operation isn't initialized yet, we also return, as
1330 * the saved values will be used then anyway.
1332 if (ret
< 1 || ctx
->operation
== EVP_PKEY_OP_UNDEFINED
)
1335 return evp_pkey_ctx_ctrl_int(ctx
, keytype
, optype
, cmd
, p1
, p2
);
1338 int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX
*ctx
, int keytype
, int optype
,
1339 int cmd
, uint64_t value
)
1341 return EVP_PKEY_CTX_ctrl(ctx
, keytype
, optype
, cmd
, 0, &value
);
1345 static int evp_pkey_ctx_ctrl_str_int(EVP_PKEY_CTX
*ctx
,
1346 const char *name
, const char *value
)
1351 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1355 switch (evp_pkey_ctx_state(ctx
)) {
1356 case EVP_PKEY_STATE_PROVIDER
:
1357 return evp_pkey_ctx_ctrl_str_to_param(ctx
, name
, value
);
1358 case EVP_PKEY_STATE_UNKNOWN
:
1359 case EVP_PKEY_STATE_LEGACY
:
1360 if (ctx
== NULL
|| ctx
->pmeth
== NULL
|| ctx
->pmeth
->ctrl_str
== NULL
) {
1361 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1364 if (strcmp(name
, "digest") == 0)
1365 ret
= EVP_PKEY_CTX_md(ctx
,
1366 EVP_PKEY_OP_TYPE_SIG
| EVP_PKEY_OP_TYPE_CRYPT
,
1367 EVP_PKEY_CTRL_MD
, value
);
1369 ret
= ctx
->pmeth
->ctrl_str(ctx
, name
, value
);
1376 int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX
*ctx
,
1377 const char *name
, const char *value
)
1381 /* If unsupported, we don't want that reported here */
1383 ret
= evp_pkey_ctx_store_cached_data(ctx
, -1, -1, -1,
1384 name
, value
, strlen(value
) + 1);
1388 ERR_clear_last_mark();
1390 * If there was an error, there was an error.
1391 * If the operation isn't initialized yet, we also return, as
1392 * the saved values will be used then anyway.
1394 if (ret
< 1 || ctx
->operation
== EVP_PKEY_OP_UNDEFINED
)
1398 return evp_pkey_ctx_ctrl_str_int(ctx
, name
, value
);
1401 static int decode_cmd(int cmd
, const char *name
)
1405 * The consequence of the assertion not being true is that this
1406 * function will return -1, which will cause the calling functions
1407 * to signal that the command is unsupported... in non-debug mode.
1409 if (ossl_assert(name
!= NULL
))
1410 if (strcmp(name
, "distid") == 0 || strcmp(name
, "hexdistid") == 0)
1411 cmd
= EVP_PKEY_CTRL_SET1_ID
;
1417 static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX
*ctx
,
1418 int keytype
, int optype
,
1419 int cmd
, const char *name
,
1420 const void *data
, size_t data_len
)
1423 * Check that it's one of the supported commands. The ctrl commands
1424 * number cases here must correspond to the cases in the bottom switch
1427 switch (cmd
= decode_cmd(cmd
, name
)) {
1428 case EVP_PKEY_CTRL_SET1_ID
:
1431 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1435 if (keytype
!= -1) {
1436 switch (evp_pkey_ctx_state(ctx
)) {
1437 case EVP_PKEY_STATE_PROVIDER
:
1438 if (ctx
->keymgmt
== NULL
) {
1439 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1442 if (!EVP_KEYMGMT_is_a(ctx
->keymgmt
,
1443 evp_pkey_type2name(keytype
))) {
1444 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_OPERATION
);
1448 case EVP_PKEY_STATE_UNKNOWN
:
1449 case EVP_PKEY_STATE_LEGACY
:
1450 if (ctx
->pmeth
== NULL
) {
1451 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1454 if (EVP_PKEY_type(ctx
->pmeth
->pkey_id
) != EVP_PKEY_type(keytype
)) {
1455 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_OPERATION
);
1461 if (optype
!= -1 && (ctx
->operation
& optype
) == 0) {
1462 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_OPERATION
);
1467 case EVP_PKEY_CTRL_SET1_ID
:
1468 evp_pkey_ctx_free_cached_data(ctx
, cmd
, name
);
1470 ctx
->cached_parameters
.dist_id_name
= OPENSSL_strdup(name
);
1471 if (ctx
->cached_parameters
.dist_id_name
== NULL
) {
1472 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
1477 ctx
->cached_parameters
.dist_id
= OPENSSL_memdup(data
, data_len
);
1478 if (ctx
->cached_parameters
.dist_id
== NULL
) {
1479 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
1483 ctx
->cached_parameters
.dist_id_set
= 1;
1484 ctx
->cached_parameters
.dist_id_len
= data_len
;
1490 static void evp_pkey_ctx_free_cached_data(EVP_PKEY_CTX
*ctx
,
1491 int cmd
, const char *name
)
1493 cmd
= decode_cmd(cmd
, name
);
1495 case EVP_PKEY_CTRL_SET1_ID
:
1496 OPENSSL_free(ctx
->cached_parameters
.dist_id
);
1497 OPENSSL_free(ctx
->cached_parameters
.dist_id_name
);
1498 ctx
->cached_parameters
.dist_id
= NULL
;
1499 ctx
->cached_parameters
.dist_id_name
= NULL
;
1504 static void evp_pkey_ctx_free_all_cached_data(EVP_PKEY_CTX
*ctx
)
1506 evp_pkey_ctx_free_cached_data(ctx
, EVP_PKEY_CTRL_SET1_ID
, NULL
);
1509 int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX
*ctx
)
1513 if (ret
&& ctx
->cached_parameters
.dist_id_set
) {
1514 const char *name
= ctx
->cached_parameters
.dist_id_name
;
1515 const void *val
= ctx
->cached_parameters
.dist_id
;
1516 size_t len
= ctx
->cached_parameters
.dist_id_len
;
1519 ret
= evp_pkey_ctx_ctrl_str_int(ctx
, name
, val
);
1521 ret
= evp_pkey_ctx_ctrl_int(ctx
, -1, ctx
->operation
,
1522 EVP_PKEY_CTRL_SET1_ID
,
1523 (int)len
, (void *)val
);
1529 OSSL_LIB_CTX
*EVP_PKEY_CTX_get0_libctx(EVP_PKEY_CTX
*ctx
)
1534 const char *EVP_PKEY_CTX_get0_propq(EVP_PKEY_CTX
*ctx
)
1536 return ctx
->propquery
;
1539 /* Utility functions to send a string of hex string to a ctrl */
1541 int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX
*ctx
, int cmd
, const char *str
)
1548 return ctx
->pmeth
->ctrl(ctx
, cmd
, len
, (void *)str
);
1551 int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX
*ctx
, int cmd
, const char *hex
)
1557 bin
= OPENSSL_hexstr2buf(hex
, &binlen
);
1560 if (binlen
<= INT_MAX
)
1561 rv
= ctx
->pmeth
->ctrl(ctx
, cmd
, binlen
, bin
);
1566 /* Pass a message digest to a ctrl */
1567 int EVP_PKEY_CTX_md(EVP_PKEY_CTX
*ctx
, int optype
, int cmd
, const char *md
)
1571 if (md
== NULL
|| (m
= EVP_get_digestbyname(md
)) == NULL
) {
1572 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_DIGEST
);
1575 return EVP_PKEY_CTX_ctrl(ctx
, -1, optype
, cmd
, 0, (void *)m
);
1578 int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX
*ctx
)
1580 return ctx
->operation
;
1583 void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX
*ctx
, int *dat
, int datlen
)
1585 ctx
->keygen_info
= dat
;
1586 ctx
->keygen_info_count
= datlen
;
1589 void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX
*ctx
, void *data
)
1594 void *EVP_PKEY_CTX_get_data(const EVP_PKEY_CTX
*ctx
)
1599 EVP_PKEY
*EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX
*ctx
)
1604 EVP_PKEY
*EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX
*ctx
)
1606 return ctx
->peerkey
;
1609 void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX
*ctx
, void *data
)
1611 ctx
->app_data
= data
;
1614 void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX
*ctx
)
1616 return ctx
->app_data
;
1619 void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD
*pmeth
,
1620 int (*init
) (EVP_PKEY_CTX
*ctx
))
1625 void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD
*pmeth
,
1626 int (*copy
) (EVP_PKEY_CTX
*dst
,
1627 const EVP_PKEY_CTX
*src
))
1632 void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD
*pmeth
,
1633 void (*cleanup
) (EVP_PKEY_CTX
*ctx
))
1635 pmeth
->cleanup
= cleanup
;
1638 void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD
*pmeth
,
1639 int (*paramgen_init
) (EVP_PKEY_CTX
*ctx
),
1640 int (*paramgen
) (EVP_PKEY_CTX
*ctx
,
1643 pmeth
->paramgen_init
= paramgen_init
;
1644 pmeth
->paramgen
= paramgen
;
1647 void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD
*pmeth
,
1648 int (*keygen_init
) (EVP_PKEY_CTX
*ctx
),
1649 int (*keygen
) (EVP_PKEY_CTX
*ctx
,
1652 pmeth
->keygen_init
= keygen_init
;
1653 pmeth
->keygen
= keygen
;
1656 void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD
*pmeth
,
1657 int (*sign_init
) (EVP_PKEY_CTX
*ctx
),
1658 int (*sign
) (EVP_PKEY_CTX
*ctx
,
1659 unsigned char *sig
, size_t *siglen
,
1660 const unsigned char *tbs
,
1663 pmeth
->sign_init
= sign_init
;
1667 void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD
*pmeth
,
1668 int (*verify_init
) (EVP_PKEY_CTX
*ctx
),
1669 int (*verify
) (EVP_PKEY_CTX
*ctx
,
1670 const unsigned char *sig
,
1672 const unsigned char *tbs
,
1675 pmeth
->verify_init
= verify_init
;
1676 pmeth
->verify
= verify
;
1679 void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD
*pmeth
,
1680 int (*verify_recover_init
) (EVP_PKEY_CTX
1682 int (*verify_recover
) (EVP_PKEY_CTX
1691 pmeth
->verify_recover_init
= verify_recover_init
;
1692 pmeth
->verify_recover
= verify_recover
;
1695 void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD
*pmeth
,
1696 int (*signctx_init
) (EVP_PKEY_CTX
*ctx
,
1698 int (*signctx
) (EVP_PKEY_CTX
*ctx
,
1703 pmeth
->signctx_init
= signctx_init
;
1704 pmeth
->signctx
= signctx
;
1707 void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD
*pmeth
,
1708 int (*verifyctx_init
) (EVP_PKEY_CTX
*ctx
,
1710 int (*verifyctx
) (EVP_PKEY_CTX
*ctx
,
1711 const unsigned char *sig
,
1715 pmeth
->verifyctx_init
= verifyctx_init
;
1716 pmeth
->verifyctx
= verifyctx
;
1719 void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD
*pmeth
,
1720 int (*encrypt_init
) (EVP_PKEY_CTX
*ctx
),
1721 int (*encryptfn
) (EVP_PKEY_CTX
*ctx
,
1724 const unsigned char *in
,
1727 pmeth
->encrypt_init
= encrypt_init
;
1728 pmeth
->encrypt
= encryptfn
;
1731 void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD
*pmeth
,
1732 int (*decrypt_init
) (EVP_PKEY_CTX
*ctx
),
1733 int (*decrypt
) (EVP_PKEY_CTX
*ctx
,
1736 const unsigned char *in
,
1739 pmeth
->decrypt_init
= decrypt_init
;
1740 pmeth
->decrypt
= decrypt
;
1743 void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD
*pmeth
,
1744 int (*derive_init
) (EVP_PKEY_CTX
*ctx
),
1745 int (*derive
) (EVP_PKEY_CTX
*ctx
,
1749 pmeth
->derive_init
= derive_init
;
1750 pmeth
->derive
= derive
;
1753 void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD
*pmeth
,
1754 int (*ctrl
) (EVP_PKEY_CTX
*ctx
, int type
, int p1
,
1756 int (*ctrl_str
) (EVP_PKEY_CTX
*ctx
,
1761 pmeth
->ctrl_str
= ctrl_str
;
1764 void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD
*pmeth
,
1765 int (*digestsign
) (EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
1766 const unsigned char *tbs
, size_t tbslen
))
1768 pmeth
->digestsign
= digestsign
;
1771 void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD
*pmeth
,
1772 int (*digestverify
) (EVP_MD_CTX
*ctx
, const unsigned char *sig
,
1773 size_t siglen
, const unsigned char *tbs
,
1776 pmeth
->digestverify
= digestverify
;
1779 void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD
*pmeth
,
1780 int (*check
) (EVP_PKEY
*pkey
))
1782 pmeth
->check
= check
;
1785 void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD
*pmeth
,
1786 int (*check
) (EVP_PKEY
*pkey
))
1788 pmeth
->public_check
= check
;
1791 void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD
*pmeth
,
1792 int (*check
) (EVP_PKEY
*pkey
))
1794 pmeth
->param_check
= check
;
1797 void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD
*pmeth
,
1798 int (*digest_custom
) (EVP_PKEY_CTX
*ctx
,
1801 pmeth
->digest_custom
= digest_custom
;
1804 void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD
*pmeth
,
1805 int (**pinit
) (EVP_PKEY_CTX
*ctx
))
1807 *pinit
= pmeth
->init
;
1810 void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD
*pmeth
,
1811 int (**pcopy
) (EVP_PKEY_CTX
*dst
,
1812 const EVP_PKEY_CTX
*src
))
1814 *pcopy
= pmeth
->copy
;
1817 void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD
*pmeth
,
1818 void (**pcleanup
) (EVP_PKEY_CTX
*ctx
))
1820 *pcleanup
= pmeth
->cleanup
;
1823 void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD
*pmeth
,
1824 int (**pparamgen_init
) (EVP_PKEY_CTX
*ctx
),
1825 int (**pparamgen
) (EVP_PKEY_CTX
*ctx
,
1829 *pparamgen_init
= pmeth
->paramgen_init
;
1831 *pparamgen
= pmeth
->paramgen
;
1834 void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD
*pmeth
,
1835 int (**pkeygen_init
) (EVP_PKEY_CTX
*ctx
),
1836 int (**pkeygen
) (EVP_PKEY_CTX
*ctx
,
1840 *pkeygen_init
= pmeth
->keygen_init
;
1842 *pkeygen
= pmeth
->keygen
;
1845 void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD
*pmeth
,
1846 int (**psign_init
) (EVP_PKEY_CTX
*ctx
),
1847 int (**psign
) (EVP_PKEY_CTX
*ctx
,
1848 unsigned char *sig
, size_t *siglen
,
1849 const unsigned char *tbs
,
1853 *psign_init
= pmeth
->sign_init
;
1855 *psign
= pmeth
->sign
;
1858 void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD
*pmeth
,
1859 int (**pverify_init
) (EVP_PKEY_CTX
*ctx
),
1860 int (**pverify
) (EVP_PKEY_CTX
*ctx
,
1861 const unsigned char *sig
,
1863 const unsigned char *tbs
,
1867 *pverify_init
= pmeth
->verify_init
;
1869 *pverify
= pmeth
->verify
;
1872 void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD
*pmeth
,
1873 int (**pverify_recover_init
) (EVP_PKEY_CTX
1875 int (**pverify_recover
) (EVP_PKEY_CTX
1884 if (pverify_recover_init
)
1885 *pverify_recover_init
= pmeth
->verify_recover_init
;
1886 if (pverify_recover
)
1887 *pverify_recover
= pmeth
->verify_recover
;
1890 void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD
*pmeth
,
1891 int (**psignctx_init
) (EVP_PKEY_CTX
*ctx
,
1893 int (**psignctx
) (EVP_PKEY_CTX
*ctx
,
1899 *psignctx_init
= pmeth
->signctx_init
;
1901 *psignctx
= pmeth
->signctx
;
1904 void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD
*pmeth
,
1905 int (**pverifyctx_init
) (EVP_PKEY_CTX
*ctx
,
1907 int (**pverifyctx
) (EVP_PKEY_CTX
*ctx
,
1908 const unsigned char *sig
,
1912 if (pverifyctx_init
)
1913 *pverifyctx_init
= pmeth
->verifyctx_init
;
1915 *pverifyctx
= pmeth
->verifyctx
;
1918 void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD
*pmeth
,
1919 int (**pencrypt_init
) (EVP_PKEY_CTX
*ctx
),
1920 int (**pencryptfn
) (EVP_PKEY_CTX
*ctx
,
1923 const unsigned char *in
,
1927 *pencrypt_init
= pmeth
->encrypt_init
;
1929 *pencryptfn
= pmeth
->encrypt
;
1932 void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD
*pmeth
,
1933 int (**pdecrypt_init
) (EVP_PKEY_CTX
*ctx
),
1934 int (**pdecrypt
) (EVP_PKEY_CTX
*ctx
,
1937 const unsigned char *in
,
1941 *pdecrypt_init
= pmeth
->decrypt_init
;
1943 *pdecrypt
= pmeth
->decrypt
;
1946 void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD
*pmeth
,
1947 int (**pderive_init
) (EVP_PKEY_CTX
*ctx
),
1948 int (**pderive
) (EVP_PKEY_CTX
*ctx
,
1953 *pderive_init
= pmeth
->derive_init
;
1955 *pderive
= pmeth
->derive
;
1958 void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD
*pmeth
,
1959 int (**pctrl
) (EVP_PKEY_CTX
*ctx
, int type
, int p1
,
1961 int (**pctrl_str
) (EVP_PKEY_CTX
*ctx
,
1966 *pctrl
= pmeth
->ctrl
;
1968 *pctrl_str
= pmeth
->ctrl_str
;
1971 void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD
*pmeth
,
1972 int (**digestsign
) (EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
1973 const unsigned char *tbs
, size_t tbslen
))
1976 *digestsign
= pmeth
->digestsign
;
1979 void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD
*pmeth
,
1980 int (**digestverify
) (EVP_MD_CTX
*ctx
, const unsigned char *sig
,
1981 size_t siglen
, const unsigned char *tbs
,
1985 *digestverify
= pmeth
->digestverify
;
1988 void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD
*pmeth
,
1989 int (**pcheck
) (EVP_PKEY
*pkey
))
1992 *pcheck
= pmeth
->check
;
1995 void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD
*pmeth
,
1996 int (**pcheck
) (EVP_PKEY
*pkey
))
1999 *pcheck
= pmeth
->public_check
;
2002 void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD
*pmeth
,
2003 int (**pcheck
) (EVP_PKEY
*pkey
))
2006 *pcheck
= pmeth
->param_check
;
2009 void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD
*pmeth
,
2010 int (**pdigest_custom
) (EVP_PKEY_CTX
*ctx
,
2013 if (pdigest_custom
!= NULL
)
2014 *pdigest_custom
= pmeth
->digest_custom
;
2017 #endif /* FIPS_MODULE */