2 * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * Low level key APIs (DH etc) are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
18 #include <openssl/engine.h>
19 #include <openssl/evp.h>
20 #include <openssl/x509v3.h>
21 #include <openssl/core_names.h>
22 #include <openssl/dh.h>
23 #include <openssl/rsa.h>
24 #include <openssl/kdf.h>
25 #include "internal/cryptlib.h"
26 #include "crypto/asn1.h"
27 #include "crypto/evp.h"
28 #include "crypto/dh.h"
29 #include "crypto/ec.h"
30 #include "internal/ffc.h"
31 #include "internal/numbers.h"
32 #include "internal/provider.h"
33 #include "evp_local.h"
37 static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX
*ctx
,
38 int keytype
, int optype
,
39 int cmd
, const char *name
,
40 const void *data
, size_t data_len
);
41 static void evp_pkey_ctx_free_cached_data(EVP_PKEY_CTX
*ctx
,
42 int cmd
, const char *name
);
43 static void evp_pkey_ctx_free_all_cached_data(EVP_PKEY_CTX
*ctx
);
45 typedef const EVP_PKEY_METHOD
*(*pmeth_fn
)(void);
46 typedef int sk_cmp_fn_type(const char *const *a
, const char *const *b
);
48 static STACK_OF(EVP_PKEY_METHOD
) *app_pkey_methods
= NULL
;
50 /* This array needs to be in order of NIDs */
51 static pmeth_fn standard_methods
[] = {
53 # ifndef OPENSSL_NO_DH
56 # ifndef OPENSSL_NO_DSA
59 # ifndef OPENSSL_NO_EC
62 ossl_rsa_pss_pkey_method
,
63 # ifndef OPENSSL_NO_DH
66 # ifndef OPENSSL_NO_EC
67 ossl_ecx25519_pkey_method
,
68 ossl_ecx448_pkey_method
,
70 # ifndef OPENSSL_NO_EC
71 ossl_ed25519_pkey_method
,
72 ossl_ed448_pkey_method
,
76 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD
*, pmeth_fn
, pmeth_func
);
78 static int pmeth_func_cmp(const EVP_PKEY_METHOD
*const *a
, pmeth_fn
const *b
)
80 return ((*a
)->pkey_id
- ((**b
)())->pkey_id
);
83 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD
*, pmeth_fn
, pmeth_func
);
85 static int pmeth_cmp(const EVP_PKEY_METHOD
*const *a
,
86 const EVP_PKEY_METHOD
*const *b
)
88 return ((*a
)->pkey_id
- (*b
)->pkey_id
);
91 static const EVP_PKEY_METHOD
*evp_pkey_meth_find_added_by_application(int type
)
93 if (app_pkey_methods
!= NULL
) {
98 idx
= sk_EVP_PKEY_METHOD_find(app_pkey_methods
, &tmp
);
100 return sk_EVP_PKEY_METHOD_value(app_pkey_methods
, idx
);
105 const EVP_PKEY_METHOD
*EVP_PKEY_meth_find(int type
)
109 const EVP_PKEY_METHOD
*t
;
111 if ((t
= evp_pkey_meth_find_added_by_application(type
)) != NULL
)
116 ret
= OBJ_bsearch_pmeth_func(&t
, standard_methods
,
117 OSSL_NELEM(standard_methods
));
118 if (ret
== NULL
|| *ret
== NULL
)
123 EVP_PKEY_METHOD
*EVP_PKEY_meth_new(int id
, int flags
)
125 EVP_PKEY_METHOD
*pmeth
;
127 pmeth
= OPENSSL_zalloc(sizeof(*pmeth
));
129 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
134 pmeth
->flags
= flags
| EVP_PKEY_FLAG_DYNAMIC
;
138 static void help_get_legacy_alg_type_from_keymgmt(const char *keytype
,
143 if (*type
== NID_undef
)
144 *type
= evp_pkey_name2type(keytype
);
147 static int get_legacy_alg_type_from_keymgmt(const EVP_KEYMGMT
*keymgmt
)
149 int type
= NID_undef
;
151 EVP_KEYMGMT_names_do_all(keymgmt
, help_get_legacy_alg_type_from_keymgmt
,
155 #endif /* FIPS_MODULE */
157 int evp_pkey_ctx_state(const EVP_PKEY_CTX
*ctx
)
159 if (ctx
->operation
== EVP_PKEY_OP_UNDEFINED
)
160 return EVP_PKEY_STATE_UNKNOWN
;
162 if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
163 && ctx
->op
.kex
.exchprovctx
!= NULL
)
164 || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
165 && ctx
->op
.sig
.sigprovctx
!= NULL
)
166 || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
167 && ctx
->op
.ciph
.ciphprovctx
!= NULL
)
168 || (EVP_PKEY_CTX_IS_GEN_OP(ctx
)
169 && ctx
->op
.keymgmt
.genctx
!= NULL
)
170 || (EVP_PKEY_CTX_IS_KEM_OP(ctx
)
171 && ctx
->op
.encap
.kemprovctx
!= NULL
))
172 return EVP_PKEY_STATE_PROVIDER
;
174 return EVP_PKEY_STATE_LEGACY
;
177 static EVP_PKEY_CTX
*int_ctx_new(OSSL_LIB_CTX
*libctx
,
178 EVP_PKEY
*pkey
, ENGINE
*e
,
179 const char *keytype
, const char *propquery
,
183 EVP_PKEY_CTX
*ret
= NULL
;
184 const EVP_PKEY_METHOD
*pmeth
= NULL
;
185 EVP_KEYMGMT
*keymgmt
= NULL
;
188 * If the given |pkey| is provided, we extract the keytype from its
189 * keymgmt and skip over the legacy code.
191 if (pkey
!= NULL
&& evp_pkey_is_provided(pkey
)) {
192 /* If we have an engine, something went wrong somewhere... */
193 if (!ossl_assert(e
== NULL
))
195 keytype
= evp_first_name(pkey
->keymgmt
->prov
, pkey
->keymgmt
->name_id
);
201 * TODO(3.0) This legacy code section should be removed when we stop
208 else if (keytype
!= NULL
)
209 id
= evp_pkey_name2type(keytype
);
213 /* If no ID was found here, we can only resort to find a keymgmt */
218 * Here, we extract what information we can for the purpose of
219 * supporting usage with implementations from providers, to make
220 * for a smooth transition from legacy stuff to provider based stuff.
222 * If an engine is given, this is entirely legacy, and we should not
223 * pretend anything else, so we only set the name when no engine is
224 * given. If both are already given, someone made a mistake, and
225 * since that can only happen internally, it's safe to make an
228 if (!ossl_assert(e
== NULL
|| keytype
== NULL
))
231 keytype
= OBJ_nid2sn(id
);
233 # ifndef OPENSSL_NO_ENGINE
234 if (e
== NULL
&& pkey
!= NULL
)
235 e
= pkey
->pmeth_engine
!= NULL
? pkey
->pmeth_engine
: pkey
->engine
;
236 /* Try to find an ENGINE which implements this method */
238 if (!ENGINE_init(e
)) {
239 ERR_raise(ERR_LIB_EVP
, ERR_R_ENGINE_LIB
);
243 e
= ENGINE_get_pkey_meth_engine(id
);
247 * If an ENGINE handled this method look it up. Otherwise use internal
251 pmeth
= ENGINE_get_pkey_meth(e
, id
);
254 pmeth
= evp_pkey_meth_find_added_by_application(id
);
257 #endif /* FIPS_MODULE */
260 * If there's no engine and there's a name, we try fetching a provider
263 if (e
== NULL
&& keytype
!= NULL
) {
264 keymgmt
= EVP_KEYMGMT_fetch(libctx
, keytype
, propquery
);
266 return NULL
; /* EVP_KEYMGMT_fetch() recorded an error */
270 * Chase down the legacy NID, as that might be needed for diverse
271 * purposes, such as ensure that EVP_PKEY_type() can return sensible
272 * values, or that there's a better chance to "downgrade" a key when
273 * needed. We go through all keymgmt names, because the keytype
274 * that's passed to this function doesn't necessarily translate
276 * TODO: Remove this when #legacy keys are gone.
278 if (keymgmt
!= NULL
) {
279 int tmp_id
= get_legacy_alg_type_from_keymgmt(keymgmt
);
281 if (tmp_id
!= NID_undef
) {
286 * It really really shouldn't differ. If it still does,
287 * something is very wrong.
289 if (!ossl_assert(id
== tmp_id
)) {
290 ERR_raise(ERR_LIB_EVP
, ERR_R_INTERNAL_ERROR
);
291 EVP_KEYMGMT_free(keymgmt
);
300 if (pmeth
== NULL
&& keymgmt
== NULL
) {
301 ERR_raise(ERR_LIB_EVP
, EVP_R_UNSUPPORTED_ALGORITHM
);
303 ret
= OPENSSL_zalloc(sizeof(*ret
));
305 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
308 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
309 if ((ret
== NULL
|| pmeth
== NULL
) && e
!= NULL
)
314 EVP_KEYMGMT_free(keymgmt
);
317 if (propquery
!= NULL
) {
318 ret
->propquery
= OPENSSL_strdup(propquery
);
319 if (ret
->propquery
== NULL
) {
320 EVP_KEYMGMT_free(keymgmt
);
324 ret
->libctx
= libctx
;
325 ret
->keytype
= keytype
;
326 ret
->keymgmt
= keymgmt
;
327 ret
->legacy_keytype
= id
; /* TODO: Remove when #legacy key are gone */
330 ret
->operation
= EVP_PKEY_OP_UNDEFINED
;
333 EVP_PKEY_up_ref(pkey
);
335 if (pmeth
!= NULL
&& pmeth
->init
!= NULL
) {
336 if (pmeth
->init(ret
) <= 0) {
338 EVP_PKEY_CTX_free(ret
);
346 /*- All methods below can also be used in FIPS_MODULE */
348 EVP_PKEY_CTX
*EVP_PKEY_CTX_new_from_name(OSSL_LIB_CTX
*libctx
,
350 const char *propquery
)
352 return int_ctx_new(libctx
, NULL
, NULL
, name
, propquery
, -1);
355 EVP_PKEY_CTX
*EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX
*libctx
, EVP_PKEY
*pkey
,
356 const char *propquery
)
358 return int_ctx_new(libctx
, pkey
, NULL
, NULL
, propquery
, -1);
361 void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX
*ctx
)
363 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)) {
364 if (ctx
->op
.sig
.sigprovctx
!= NULL
&& ctx
->op
.sig
.signature
!= NULL
)
365 ctx
->op
.sig
.signature
->freectx(ctx
->op
.sig
.sigprovctx
);
366 EVP_SIGNATURE_free(ctx
->op
.sig
.signature
);
367 ctx
->op
.sig
.sigprovctx
= NULL
;
368 ctx
->op
.sig
.signature
= NULL
;
369 } else if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)) {
370 if (ctx
->op
.kex
.exchprovctx
!= NULL
&& ctx
->op
.kex
.exchange
!= NULL
)
371 ctx
->op
.kex
.exchange
->freectx(ctx
->op
.kex
.exchprovctx
);
372 EVP_KEYEXCH_free(ctx
->op
.kex
.exchange
);
373 ctx
->op
.kex
.exchprovctx
= NULL
;
374 ctx
->op
.kex
.exchange
= NULL
;
375 } else if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)) {
376 if (ctx
->op
.encap
.kemprovctx
!= NULL
&& ctx
->op
.encap
.kem
!= NULL
)
377 ctx
->op
.encap
.kem
->freectx(ctx
->op
.encap
.kemprovctx
);
378 EVP_KEM_free(ctx
->op
.encap
.kem
);
379 ctx
->op
.encap
.kemprovctx
= NULL
;
380 ctx
->op
.encap
.kem
= NULL
;
382 else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)) {
383 if (ctx
->op
.ciph
.ciphprovctx
!= NULL
&& ctx
->op
.ciph
.cipher
!= NULL
)
384 ctx
->op
.ciph
.cipher
->freectx(ctx
->op
.ciph
.ciphprovctx
);
385 EVP_ASYM_CIPHER_free(ctx
->op
.ciph
.cipher
);
386 ctx
->op
.ciph
.ciphprovctx
= NULL
;
387 ctx
->op
.ciph
.cipher
= NULL
;
388 } else if (EVP_PKEY_CTX_IS_GEN_OP(ctx
)) {
389 if (ctx
->op
.keymgmt
.genctx
!= NULL
&& ctx
->keymgmt
!= NULL
)
390 evp_keymgmt_gen_cleanup(ctx
->keymgmt
, ctx
->op
.keymgmt
.genctx
);
394 void EVP_PKEY_CTX_free(EVP_PKEY_CTX
*ctx
)
398 if (ctx
->pmeth
&& ctx
->pmeth
->cleanup
)
399 ctx
->pmeth
->cleanup(ctx
);
401 evp_pkey_ctx_free_old_ops(ctx
);
403 evp_pkey_ctx_free_all_cached_data(ctx
);
405 EVP_KEYMGMT_free(ctx
->keymgmt
);
407 OPENSSL_free(ctx
->propquery
);
408 EVP_PKEY_free(ctx
->pkey
);
409 EVP_PKEY_free(ctx
->peerkey
);
410 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
411 ENGINE_finish(ctx
->engine
);
413 BN_free(ctx
->rsa_pubexp
);
419 void EVP_PKEY_meth_get0_info(int *ppkey_id
, int *pflags
,
420 const EVP_PKEY_METHOD
*meth
)
423 *ppkey_id
= meth
->pkey_id
;
425 *pflags
= meth
->flags
;
428 void EVP_PKEY_meth_copy(EVP_PKEY_METHOD
*dst
, const EVP_PKEY_METHOD
*src
)
430 int pkey_id
= dst
->pkey_id
;
431 int flags
= dst
->flags
;
435 /* We only copy the function pointers so restore the other values */
436 dst
->pkey_id
= pkey_id
;
440 void EVP_PKEY_meth_free(EVP_PKEY_METHOD
*pmeth
)
442 if (pmeth
&& (pmeth
->flags
& EVP_PKEY_FLAG_DYNAMIC
))
446 EVP_PKEY_CTX
*EVP_PKEY_CTX_new(EVP_PKEY
*pkey
, ENGINE
*e
)
448 return int_ctx_new(NULL
, pkey
, e
, NULL
, NULL
, -1);
451 EVP_PKEY_CTX
*EVP_PKEY_CTX_new_id(int id
, ENGINE
*e
)
453 return int_ctx_new(NULL
, NULL
, e
, NULL
, NULL
, id
);
456 EVP_PKEY_CTX
*EVP_PKEY_CTX_dup(const EVP_PKEY_CTX
*pctx
)
460 # ifndef OPENSSL_NO_ENGINE
461 /* Make sure it's safe to copy a pkey context using an ENGINE */
462 if (pctx
->engine
&& !ENGINE_init(pctx
->engine
)) {
463 ERR_raise(ERR_LIB_EVP
, ERR_R_ENGINE_LIB
);
467 rctx
= OPENSSL_zalloc(sizeof(*rctx
));
469 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
473 if (pctx
->pkey
!= NULL
)
474 EVP_PKEY_up_ref(pctx
->pkey
);
475 rctx
->pkey
= pctx
->pkey
;
476 rctx
->operation
= pctx
->operation
;
477 rctx
->libctx
= pctx
->libctx
;
478 rctx
->keytype
= pctx
->keytype
;
479 rctx
->propquery
= NULL
;
480 if (pctx
->propquery
!= NULL
) {
481 rctx
->propquery
= OPENSSL_strdup(pctx
->propquery
);
482 if (rctx
->propquery
== NULL
)
485 rctx
->legacy_keytype
= pctx
->legacy_keytype
;
487 if (EVP_PKEY_CTX_IS_DERIVE_OP(pctx
)) {
488 if (pctx
->op
.kex
.exchange
!= NULL
) {
489 rctx
->op
.kex
.exchange
= pctx
->op
.kex
.exchange
;
490 if (!EVP_KEYEXCH_up_ref(rctx
->op
.kex
.exchange
))
493 if (pctx
->op
.kex
.exchprovctx
!= NULL
) {
494 if (!ossl_assert(pctx
->op
.kex
.exchange
!= NULL
))
496 rctx
->op
.kex
.exchprovctx
497 = pctx
->op
.kex
.exchange
->dupctx(pctx
->op
.kex
.exchprovctx
);
498 if (rctx
->op
.kex
.exchprovctx
== NULL
) {
499 EVP_KEYEXCH_free(rctx
->op
.kex
.exchange
);
504 } else if (EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx
)) {
505 if (pctx
->op
.sig
.signature
!= NULL
) {
506 rctx
->op
.sig
.signature
= pctx
->op
.sig
.signature
;
507 if (!EVP_SIGNATURE_up_ref(rctx
->op
.sig
.signature
))
510 if (pctx
->op
.sig
.sigprovctx
!= NULL
) {
511 if (!ossl_assert(pctx
->op
.sig
.signature
!= NULL
))
513 rctx
->op
.sig
.sigprovctx
514 = pctx
->op
.sig
.signature
->dupctx(pctx
->op
.sig
.sigprovctx
);
515 if (rctx
->op
.sig
.sigprovctx
== NULL
) {
516 EVP_SIGNATURE_free(rctx
->op
.sig
.signature
);
521 } else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(pctx
)) {
522 if (pctx
->op
.ciph
.cipher
!= NULL
) {
523 rctx
->op
.ciph
.cipher
= pctx
->op
.ciph
.cipher
;
524 if (!EVP_ASYM_CIPHER_up_ref(rctx
->op
.ciph
.cipher
))
527 if (pctx
->op
.ciph
.ciphprovctx
!= NULL
) {
528 if (!ossl_assert(pctx
->op
.ciph
.cipher
!= NULL
))
530 rctx
->op
.ciph
.ciphprovctx
531 = pctx
->op
.ciph
.cipher
->dupctx(pctx
->op
.ciph
.ciphprovctx
);
532 if (rctx
->op
.ciph
.ciphprovctx
== NULL
) {
533 EVP_ASYM_CIPHER_free(rctx
->op
.ciph
.cipher
);
538 } else if (EVP_PKEY_CTX_IS_KEM_OP(pctx
)) {
539 if (pctx
->op
.encap
.kem
!= NULL
) {
540 rctx
->op
.encap
.kem
= pctx
->op
.encap
.kem
;
541 if (!EVP_KEM_up_ref(rctx
->op
.encap
.kem
))
544 if (pctx
->op
.encap
.kemprovctx
!= NULL
) {
545 if (!ossl_assert(pctx
->op
.encap
.kem
!= NULL
))
547 rctx
->op
.encap
.kemprovctx
548 = pctx
->op
.encap
.kem
->dupctx(pctx
->op
.encap
.kemprovctx
);
549 if (rctx
->op
.encap
.kemprovctx
== NULL
) {
550 EVP_KEM_free(rctx
->op
.encap
.kem
);
555 } else if (EVP_PKEY_CTX_IS_GEN_OP(pctx
)) {
556 /* Not supported - This would need a gen_dupctx() to work */
560 rctx
->pmeth
= pctx
->pmeth
;
561 # ifndef OPENSSL_NO_ENGINE
562 rctx
->engine
= pctx
->engine
;
565 if (pctx
->peerkey
!= NULL
)
566 EVP_PKEY_up_ref(pctx
->peerkey
);
567 rctx
->peerkey
= pctx
->peerkey
;
569 if (pctx
->pmeth
== NULL
) {
570 if (rctx
->operation
== EVP_PKEY_OP_UNDEFINED
) {
571 EVP_KEYMGMT
*tmp_keymgmt
= pctx
->keymgmt
;
574 provkey
= evp_pkey_export_to_provider(pctx
->pkey
, pctx
->libctx
,
575 &tmp_keymgmt
, pctx
->propquery
);
578 if (!EVP_KEYMGMT_up_ref(tmp_keymgmt
))
580 EVP_KEYMGMT_free(rctx
->keymgmt
);
581 rctx
->keymgmt
= tmp_keymgmt
;
584 } else if (pctx
->pmeth
->copy(rctx
, pctx
) > 0) {
589 EVP_PKEY_CTX_free(rctx
);
593 int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD
*pmeth
)
595 if (app_pkey_methods
== NULL
) {
596 app_pkey_methods
= sk_EVP_PKEY_METHOD_new(pmeth_cmp
);
597 if (app_pkey_methods
== NULL
){
598 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
602 if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods
, pmeth
)) {
603 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
606 sk_EVP_PKEY_METHOD_sort(app_pkey_methods
);
610 void evp_app_cleanup_int(void)
612 if (app_pkey_methods
!= NULL
)
613 sk_EVP_PKEY_METHOD_pop_free(app_pkey_methods
, EVP_PKEY_meth_free
);
616 int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD
*pmeth
)
618 const EVP_PKEY_METHOD
*ret
;
620 ret
= sk_EVP_PKEY_METHOD_delete_ptr(app_pkey_methods
, pmeth
);
622 return ret
== NULL
? 0 : 1;
625 size_t EVP_PKEY_meth_get_count(void)
627 size_t rv
= OSSL_NELEM(standard_methods
);
629 if (app_pkey_methods
)
630 rv
+= sk_EVP_PKEY_METHOD_num(app_pkey_methods
);
634 const EVP_PKEY_METHOD
*EVP_PKEY_meth_get0(size_t idx
)
636 if (idx
< OSSL_NELEM(standard_methods
))
637 return (standard_methods
[idx
])();
638 if (app_pkey_methods
== NULL
)
640 idx
-= OSSL_NELEM(standard_methods
);
641 if (idx
>= (size_t)sk_EVP_PKEY_METHOD_num(app_pkey_methods
))
643 return sk_EVP_PKEY_METHOD_value(app_pkey_methods
, idx
);
647 int EVP_PKEY_CTX_is_a(EVP_PKEY_CTX
*ctx
, const char *keytype
)
650 if (evp_pkey_ctx_is_legacy(ctx
))
651 return (ctx
->pmeth
->pkey_id
== evp_pkey_name2type(keytype
));
653 return EVP_KEYMGMT_is_a(ctx
->keymgmt
, keytype
);
656 int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX
*ctx
, OSSL_PARAM
*params
)
658 switch (evp_pkey_ctx_state(ctx
)) {
659 case EVP_PKEY_STATE_PROVIDER
:
660 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
661 && ctx
->op
.kex
.exchange
!= NULL
662 && ctx
->op
.kex
.exchange
->set_ctx_params
!= NULL
)
664 ctx
->op
.kex
.exchange
->set_ctx_params(ctx
->op
.kex
.exchprovctx
,
666 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
667 && ctx
->op
.sig
.signature
!= NULL
668 && ctx
->op
.sig
.signature
->set_ctx_params
!= NULL
)
670 ctx
->op
.sig
.signature
->set_ctx_params(ctx
->op
.sig
.sigprovctx
,
672 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
673 && ctx
->op
.ciph
.cipher
!= NULL
674 && ctx
->op
.ciph
.cipher
->set_ctx_params
!= NULL
)
676 ctx
->op
.ciph
.cipher
->set_ctx_params(ctx
->op
.ciph
.ciphprovctx
,
678 if (EVP_PKEY_CTX_IS_GEN_OP(ctx
)
679 && ctx
->keymgmt
!= NULL
680 && ctx
->keymgmt
->gen_set_params
!= NULL
)
682 evp_keymgmt_gen_set_params(ctx
->keymgmt
, ctx
->op
.keymgmt
.genctx
,
684 if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)
685 && ctx
->op
.encap
.kem
!= NULL
686 && ctx
->op
.encap
.kem
->set_ctx_params
!= NULL
)
688 ctx
->op
.encap
.kem
->set_ctx_params(ctx
->op
.encap
.kemprovctx
,
692 case EVP_PKEY_STATE_UNKNOWN
:
693 case EVP_PKEY_STATE_LEGACY
:
694 return evp_pkey_ctx_set_params_to_ctrl(ctx
, params
);
700 int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX
*ctx
, OSSL_PARAM
*params
)
702 switch (evp_pkey_ctx_state(ctx
)) {
703 case EVP_PKEY_STATE_PROVIDER
:
704 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
705 && ctx
->op
.kex
.exchange
!= NULL
706 && ctx
->op
.kex
.exchange
->get_ctx_params
!= NULL
)
708 ctx
->op
.kex
.exchange
->get_ctx_params(ctx
->op
.kex
.exchprovctx
,
710 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
711 && ctx
->op
.sig
.signature
!= NULL
712 && ctx
->op
.sig
.signature
->get_ctx_params
!= NULL
)
714 ctx
->op
.sig
.signature
->get_ctx_params(ctx
->op
.sig
.sigprovctx
,
716 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
717 && ctx
->op
.ciph
.cipher
!= NULL
718 && ctx
->op
.ciph
.cipher
->get_ctx_params
!= NULL
)
720 ctx
->op
.ciph
.cipher
->get_ctx_params(ctx
->op
.ciph
.ciphprovctx
,
722 if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)
723 && ctx
->op
.encap
.kem
!= NULL
724 && ctx
->op
.encap
.kem
->get_ctx_params
!= NULL
)
726 ctx
->op
.encap
.kem
->get_ctx_params(ctx
->op
.encap
.kemprovctx
,
730 case EVP_PKEY_STATE_UNKNOWN
:
731 case EVP_PKEY_STATE_LEGACY
:
732 return evp_pkey_ctx_get_params_to_ctrl(ctx
, params
);
739 const OSSL_PARAM
*EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX
*ctx
)
743 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
744 && ctx
->op
.kex
.exchange
!= NULL
745 && ctx
->op
.kex
.exchange
->gettable_ctx_params
!= NULL
) {
746 provctx
= ossl_provider_ctx(EVP_KEYEXCH_provider(ctx
->op
.kex
.exchange
));
747 return ctx
->op
.kex
.exchange
->gettable_ctx_params(provctx
);
749 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
750 && ctx
->op
.sig
.signature
!= NULL
751 && ctx
->op
.sig
.signature
->gettable_ctx_params
!= NULL
) {
752 provctx
= ossl_provider_ctx(
753 EVP_SIGNATURE_provider(ctx
->op
.sig
.signature
));
754 return ctx
->op
.sig
.signature
->gettable_ctx_params(provctx
);
756 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
757 && ctx
->op
.ciph
.cipher
!= NULL
758 && ctx
->op
.ciph
.cipher
->gettable_ctx_params
!= NULL
) {
759 provctx
= ossl_provider_ctx(
760 EVP_ASYM_CIPHER_provider(ctx
->op
.ciph
.cipher
));
761 return ctx
->op
.ciph
.cipher
->gettable_ctx_params(provctx
);
763 if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)
764 && ctx
->op
.encap
.kem
!= NULL
765 && ctx
->op
.encap
.kem
->gettable_ctx_params
!= NULL
) {
766 provctx
= ossl_provider_ctx(EVP_KEM_provider(ctx
->op
.encap
.kem
));
767 return ctx
->op
.encap
.kem
->gettable_ctx_params(provctx
);
772 const OSSL_PARAM
*EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX
*ctx
)
776 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
777 && ctx
->op
.kex
.exchange
!= NULL
778 && ctx
->op
.kex
.exchange
->settable_ctx_params
!= NULL
) {
779 provctx
= ossl_provider_ctx(EVP_KEYEXCH_provider(ctx
->op
.kex
.exchange
));
780 return ctx
->op
.kex
.exchange
->settable_ctx_params(provctx
);
782 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
783 && ctx
->op
.sig
.signature
!= NULL
784 && ctx
->op
.sig
.signature
->settable_ctx_params
!= NULL
) {
785 provctx
= ossl_provider_ctx(
786 EVP_SIGNATURE_provider(ctx
->op
.sig
.signature
));
787 return ctx
->op
.sig
.signature
->settable_ctx_params(provctx
);
789 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
790 && ctx
->op
.ciph
.cipher
!= NULL
791 && ctx
->op
.ciph
.cipher
->settable_ctx_params
!= NULL
) {
792 provctx
= ossl_provider_ctx(
793 EVP_ASYM_CIPHER_provider(ctx
->op
.ciph
.cipher
));
794 return ctx
->op
.ciph
.cipher
->settable_ctx_params(provctx
);
796 if (EVP_PKEY_CTX_IS_GEN_OP(ctx
)
797 && ctx
->keymgmt
!= NULL
)
798 return EVP_KEYMGMT_gen_settable_params(ctx
->keymgmt
);
799 if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)
800 && ctx
->op
.encap
.kem
!= NULL
801 && ctx
->op
.encap
.kem
->settable_ctx_params
!= NULL
) {
802 provctx
= ossl_provider_ctx(EVP_KEM_provider(ctx
->op
.encap
.kem
));
803 return ctx
->op
.encap
.kem
->settable_ctx_params(provctx
);
809 * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params().
811 * Return 1 on success, 0 or negative for errors.
813 * In particular they return -2 if any of the params is not supported.
815 * They are not available in FIPS_MODULE as they depend on
816 * - EVP_PKEY_CTX_{get,set}_params()
817 * - EVP_PKEY_CTX_{gettable,settable}_params()
820 int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX
*ctx
, OSSL_PARAM
*params
)
822 if (ctx
== NULL
|| params
== NULL
)
826 * We only check for provider side EVP_PKEY_CTX. For #legacy, we
827 * depend on the translation that happens in EVP_PKEY_CTX_set_params()
828 * call, and that the resulting ctrl call will return -2 if it doesn't
829 * known the ctrl command number.
831 if (evp_pkey_ctx_is_provided(ctx
)) {
832 const OSSL_PARAM
*settable
= EVP_PKEY_CTX_settable_params(ctx
);
835 for (p
= params
; p
->key
!= NULL
; p
++) {
836 /* Check the ctx actually understands this parameter */
837 if (OSSL_PARAM_locate_const(settable
, p
->key
) == NULL
)
842 return EVP_PKEY_CTX_set_params(ctx
, params
);
845 int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX
*ctx
, OSSL_PARAM
*params
)
847 if (ctx
== NULL
|| params
== NULL
)
851 * We only check for provider side EVP_PKEY_CTX. For #legacy, we
852 * depend on the translation that happens in EVP_PKEY_CTX_get_params()
853 * call, and that the resulting ctrl call will return -2 if it doesn't
854 * known the ctrl command number.
856 if (evp_pkey_ctx_is_provided(ctx
)) {
857 const OSSL_PARAM
*gettable
= EVP_PKEY_CTX_gettable_params(ctx
);
860 for (p
= params
; p
->key
!= NULL
; p
++ ) {
861 /* Check the ctx actually understands this parameter */
862 if (OSSL_PARAM_locate_const(gettable
, p
->key
) == NULL
)
867 return EVP_PKEY_CTX_get_params(ctx
, params
);
870 int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
**md
)
872 OSSL_PARAM sig_md_params
[2], *p
= sig_md_params
;
873 /* 80 should be big enough */
877 if (ctx
== NULL
|| !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)) {
878 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
879 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
883 /* TODO(3.0): Remove this eventually when no more legacy */
884 if (ctx
->op
.sig
.sigprovctx
== NULL
)
885 return EVP_PKEY_CTX_ctrl(ctx
, -1, EVP_PKEY_OP_TYPE_SIG
,
886 EVP_PKEY_CTRL_GET_MD
, 0, (void *)(md
));
888 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
891 *p
= OSSL_PARAM_construct_end();
893 if (!EVP_PKEY_CTX_get_params(ctx
, sig_md_params
))
896 tmp
= evp_get_digestbyname_ex(ctx
->libctx
, name
);
905 static int evp_pkey_ctx_set_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
*md
,
906 int fallback
, const char *param
, int op
,
909 OSSL_PARAM md_params
[2], *p
= md_params
;
912 if (ctx
== NULL
|| (ctx
->operation
& op
) == 0) {
913 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
914 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
918 /* TODO(3.0): Remove this eventually when no more legacy */
920 return EVP_PKEY_CTX_ctrl(ctx
, -1, op
, ctrl
, 0, (void *)(md
));
925 name
= EVP_MD_name(md
);
928 *p
++ = OSSL_PARAM_construct_utf8_string(param
,
930 * Cast away the const. This is read
931 * only so should be safe
934 *p
= OSSL_PARAM_construct_end();
936 return EVP_PKEY_CTX_set_params(ctx
, md_params
);
939 int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
*md
)
941 return evp_pkey_ctx_set_md(ctx
, md
, ctx
->op
.sig
.sigprovctx
== NULL
,
942 OSSL_SIGNATURE_PARAM_DIGEST
,
943 EVP_PKEY_OP_TYPE_SIG
, EVP_PKEY_CTRL_MD
);
946 int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
*md
)
948 return evp_pkey_ctx_set_md(ctx
, md
, ctx
->op
.kex
.exchprovctx
== NULL
,
949 OSSL_KDF_PARAM_DIGEST
,
950 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_TLS_MD
);
953 static int evp_pkey_ctx_set1_octet_string(EVP_PKEY_CTX
*ctx
, int fallback
,
954 const char *param
, int op
, int ctrl
,
955 const unsigned char *data
,
958 OSSL_PARAM octet_string_params
[2], *p
= octet_string_params
;
960 if (ctx
== NULL
|| (ctx
->operation
& op
) == 0) {
961 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
962 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
966 /* TODO(3.0): Remove this eventually when no more legacy */
968 return EVP_PKEY_CTX_ctrl(ctx
, -1, op
, ctrl
, datalen
, (void *)(data
));
971 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_LENGTH
);
975 *p
++ = OSSL_PARAM_construct_octet_string(param
,
977 * Cast away the const. This is read
978 * only so should be safe
980 (unsigned char *)data
,
982 *p
= OSSL_PARAM_construct_end();
984 return EVP_PKEY_CTX_set_params(ctx
, octet_string_params
);
987 int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX
*ctx
,
988 const unsigned char *sec
, int seclen
)
990 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
991 OSSL_KDF_PARAM_SECRET
,
993 EVP_PKEY_CTRL_TLS_SECRET
,
997 int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX
*ctx
,
998 const unsigned char *seed
, int seedlen
)
1000 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
1001 OSSL_KDF_PARAM_SEED
,
1003 EVP_PKEY_CTRL_TLS_SEED
,
1007 int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
*md
)
1009 return evp_pkey_ctx_set_md(ctx
, md
, ctx
->op
.kex
.exchprovctx
== NULL
,
1010 OSSL_KDF_PARAM_DIGEST
,
1011 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_HKDF_MD
);
1014 int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX
*ctx
,
1015 const unsigned char *salt
, int saltlen
)
1017 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
1018 OSSL_KDF_PARAM_SALT
,
1020 EVP_PKEY_CTRL_HKDF_SALT
,
1024 int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX
*ctx
,
1025 const unsigned char *key
, int keylen
)
1027 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
1030 EVP_PKEY_CTRL_HKDF_KEY
,
1034 int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX
*ctx
,
1035 const unsigned char *info
, int infolen
)
1037 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
1038 OSSL_KDF_PARAM_INFO
,
1040 EVP_PKEY_CTRL_HKDF_INFO
,
1044 int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX
*ctx
, int mode
)
1046 OSSL_PARAM int_params
[2], *p
= int_params
;
1048 if (ctx
== NULL
|| !EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)) {
1049 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1050 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1054 /* TODO(3.0): Remove this eventually when no more legacy */
1055 if (ctx
->op
.kex
.exchprovctx
== NULL
)
1056 return EVP_PKEY_CTX_ctrl(ctx
, -1, EVP_PKEY_OP_DERIVE
,
1057 EVP_PKEY_CTRL_HKDF_MODE
, mode
, NULL
);
1061 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_VALUE
);
1065 *p
++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE
, &mode
);
1066 *p
= OSSL_PARAM_construct_end();
1068 return EVP_PKEY_CTX_set_params(ctx
, int_params
);
1071 int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX
*ctx
, const char *pass
,
1074 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
1075 OSSL_KDF_PARAM_PASSWORD
,
1078 (const unsigned char *)pass
, passlen
);
1081 int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX
*ctx
,
1082 const unsigned char *salt
, int saltlen
)
1084 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
1085 OSSL_KDF_PARAM_SALT
,
1087 EVP_PKEY_CTRL_SCRYPT_SALT
,
1091 static int evp_pkey_ctx_set_uint64(EVP_PKEY_CTX
*ctx
, const char *param
,
1092 int op
, int ctrl
, uint64_t val
)
1094 OSSL_PARAM uint64_params
[2], *p
= uint64_params
;
1096 if (ctx
== NULL
|| !EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)) {
1097 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1098 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1102 /* TODO(3.0): Remove this eventually when no more legacy */
1103 if (ctx
->op
.kex
.exchprovctx
== NULL
)
1104 return EVP_PKEY_CTX_ctrl_uint64(ctx
, -1, op
, ctrl
, val
);
1106 *p
++ = OSSL_PARAM_construct_uint64(param
, &val
);
1107 *p
= OSSL_PARAM_construct_end();
1109 return EVP_PKEY_CTX_set_params(ctx
, uint64_params
);
1112 int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX
*ctx
, uint64_t n
)
1114 return evp_pkey_ctx_set_uint64(ctx
, OSSL_KDF_PARAM_SCRYPT_N
,
1115 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_SCRYPT_N
,
1119 int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX
*ctx
, uint64_t r
)
1121 return evp_pkey_ctx_set_uint64(ctx
, OSSL_KDF_PARAM_SCRYPT_R
,
1122 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_SCRYPT_R
,
1126 int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX
*ctx
, uint64_t p
)
1128 return evp_pkey_ctx_set_uint64(ctx
, OSSL_KDF_PARAM_SCRYPT_P
,
1129 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_SCRYPT_P
,
1133 int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX
*ctx
,
1134 uint64_t maxmem_bytes
)
1136 return evp_pkey_ctx_set_uint64(ctx
, OSSL_KDF_PARAM_SCRYPT_MAXMEM
,
1138 EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES
,
1142 int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX
*ctx
, const unsigned char *key
,
1145 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.keymgmt
.genctx
== NULL
,
1146 OSSL_PKEY_PARAM_PRIV_KEY
,
1148 EVP_PKEY_CTRL_SET_MAC_KEY
,
1152 int EVP_PKEY_CTX_set_kem_op(EVP_PKEY_CTX
*ctx
, const char *op
)
1154 OSSL_PARAM params
[2], *p
= params
;
1156 if (ctx
== NULL
|| op
== NULL
) {
1157 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_VALUE
);
1160 if (!EVP_PKEY_CTX_IS_KEM_OP(ctx
)) {
1161 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1164 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_KEM_PARAM_OPERATION
,
1166 *p
= OSSL_PARAM_construct_end();
1167 return EVP_PKEY_CTX_set_params(ctx
, params
);
1170 int evp_pkey_ctx_set1_id_prov(EVP_PKEY_CTX
*ctx
, const void *id
, int len
)
1172 OSSL_PARAM params
[2], *p
= params
;
1175 if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)) {
1176 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1177 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1181 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_DIST_ID
,
1183 * Cast away the const. This is
1184 * read only so should be safe
1186 (void *)id
, (size_t)len
);
1187 *p
++ = OSSL_PARAM_construct_end();
1189 ret
= evp_pkey_ctx_set_params_strict(ctx
, params
);
1191 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1195 int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX
*ctx
, const void *id
, int len
)
1197 return EVP_PKEY_CTX_ctrl(ctx
, -1, -1,
1198 EVP_PKEY_CTRL_SET1_ID
, (int)len
, (void*)(id
));
1201 static int get1_id_data(EVP_PKEY_CTX
*ctx
, void *id
, size_t *id_len
)
1204 void *tmp_id
= NULL
;
1205 OSSL_PARAM params
[2], *p
= params
;
1207 if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)) {
1208 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1209 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1213 *p
++ = OSSL_PARAM_construct_octet_ptr(OSSL_PKEY_PARAM_DIST_ID
,
1215 *p
++ = OSSL_PARAM_construct_end();
1217 ret
= evp_pkey_ctx_get_params_strict(ctx
, params
);
1219 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1220 } else if (ret
> 0) {
1221 size_t tmp_id_len
= params
[0].return_size
;
1224 memcpy(id
, tmp_id
, tmp_id_len
);
1226 *id_len
= tmp_id_len
;
1231 int evp_pkey_ctx_get1_id_prov(EVP_PKEY_CTX
*ctx
, void *id
)
1233 return get1_id_data(ctx
, id
, NULL
);
1236 int evp_pkey_ctx_get1_id_len_prov(EVP_PKEY_CTX
*ctx
, size_t *id_len
)
1238 return get1_id_data(ctx
, NULL
, id_len
);
1241 int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX
*ctx
, void *id
)
1243 return EVP_PKEY_CTX_ctrl(ctx
, -1, -1, EVP_PKEY_CTRL_GET1_ID
, 0, (void*)id
);
1246 int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX
*ctx
, size_t *id_len
)
1248 return EVP_PKEY_CTX_ctrl(ctx
, -1, -1,
1249 EVP_PKEY_CTRL_GET1_ID_LEN
, 0, (void*)id_len
);
1252 static int evp_pkey_ctx_ctrl_int(EVP_PKEY_CTX
*ctx
, int keytype
, int optype
,
1253 int cmd
, int p1
, void *p2
)
1258 * If the method has a |digest_custom| function, we can relax the
1259 * operation type check, since this can be called before the operation
1262 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->digest_custom
== NULL
) {
1263 if (ctx
->operation
== EVP_PKEY_OP_UNDEFINED
) {
1264 ERR_raise(ERR_LIB_EVP
, EVP_R_NO_OPERATION_SET
);
1268 if ((optype
!= -1) && !(ctx
->operation
& optype
)) {
1269 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_OPERATION
);
1274 switch (evp_pkey_ctx_state(ctx
)) {
1275 case EVP_PKEY_STATE_PROVIDER
:
1276 return evp_pkey_ctx_ctrl_to_param(ctx
, keytype
, optype
, cmd
, p1
, p2
);
1277 case EVP_PKEY_STATE_UNKNOWN
:
1278 case EVP_PKEY_STATE_LEGACY
:
1279 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->ctrl
== NULL
) {
1280 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1283 if ((keytype
!= -1) && (ctx
->pmeth
->pkey_id
!= keytype
))
1286 ret
= ctx
->pmeth
->ctrl(ctx
, cmd
, p1
, p2
);
1289 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1295 int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX
*ctx
, int keytype
, int optype
,
1296 int cmd
, int p1
, void *p2
)
1301 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1304 /* If unsupported, we don't want that reported here */
1306 ret
= evp_pkey_ctx_store_cached_data(ctx
, keytype
, optype
,
1311 ERR_clear_last_mark();
1313 * If there was an error, there was an error.
1314 * If the operation isn't initialized yet, we also return, as
1315 * the saved values will be used then anyway.
1317 if (ret
< 1 || ctx
->operation
== EVP_PKEY_OP_UNDEFINED
)
1320 return evp_pkey_ctx_ctrl_int(ctx
, keytype
, optype
, cmd
, p1
, p2
);
1323 int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX
*ctx
, int keytype
, int optype
,
1324 int cmd
, uint64_t value
)
1326 return EVP_PKEY_CTX_ctrl(ctx
, keytype
, optype
, cmd
, 0, &value
);
1330 static int evp_pkey_ctx_ctrl_str_int(EVP_PKEY_CTX
*ctx
,
1331 const char *name
, const char *value
)
1336 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1340 switch (evp_pkey_ctx_state(ctx
)) {
1341 case EVP_PKEY_STATE_PROVIDER
:
1342 return evp_pkey_ctx_ctrl_str_to_param(ctx
, name
, value
);
1343 case EVP_PKEY_STATE_UNKNOWN
:
1344 case EVP_PKEY_STATE_LEGACY
:
1345 if (ctx
== NULL
|| ctx
->pmeth
== NULL
|| ctx
->pmeth
->ctrl_str
== NULL
) {
1346 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1349 if (strcmp(name
, "digest") == 0)
1350 ret
= EVP_PKEY_CTX_md(ctx
,
1351 EVP_PKEY_OP_TYPE_SIG
| EVP_PKEY_OP_TYPE_CRYPT
,
1352 EVP_PKEY_CTRL_MD
, value
);
1354 ret
= ctx
->pmeth
->ctrl_str(ctx
, name
, value
);
1361 int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX
*ctx
,
1362 const char *name
, const char *value
)
1366 /* If unsupported, we don't want that reported here */
1368 ret
= evp_pkey_ctx_store_cached_data(ctx
, -1, -1, -1,
1369 name
, value
, strlen(value
) + 1);
1373 ERR_clear_last_mark();
1375 * If there was an error, there was an error.
1376 * If the operation isn't initialized yet, we also return, as
1377 * the saved values will be used then anyway.
1379 if (ret
< 1 || ctx
->operation
== EVP_PKEY_OP_UNDEFINED
)
1383 return evp_pkey_ctx_ctrl_str_int(ctx
, name
, value
);
1386 static int decode_cmd(int cmd
, const char *name
)
1390 * The consequence of the assertion not being true is that this
1391 * function will return -1, which will cause the calling functions
1392 * to signal that the command is unsupported... in non-debug mode.
1394 if (ossl_assert(name
!= NULL
))
1395 if (strcmp(name
, "distid") == 0 || strcmp(name
, "hexdistid") == 0)
1396 cmd
= EVP_PKEY_CTRL_SET1_ID
;
1402 static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX
*ctx
,
1403 int keytype
, int optype
,
1404 int cmd
, const char *name
,
1405 const void *data
, size_t data_len
)
1408 * Check that it's one of the supported commands. The ctrl commands
1409 * number cases here must correspond to the cases in the bottom switch
1412 switch (cmd
= decode_cmd(cmd
, name
)) {
1413 case EVP_PKEY_CTRL_SET1_ID
:
1416 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1420 if (keytype
!= -1) {
1421 switch (evp_pkey_ctx_state(ctx
)) {
1422 case EVP_PKEY_STATE_PROVIDER
:
1423 if (ctx
->keymgmt
== NULL
) {
1424 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1427 if (!EVP_KEYMGMT_is_a(ctx
->keymgmt
,
1428 evp_pkey_type2name(keytype
))) {
1429 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_OPERATION
);
1433 case EVP_PKEY_STATE_UNKNOWN
:
1434 case EVP_PKEY_STATE_LEGACY
:
1435 if (ctx
->pmeth
== NULL
) {
1436 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1439 if (EVP_PKEY_type(ctx
->pmeth
->pkey_id
) != EVP_PKEY_type(keytype
)) {
1440 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_OPERATION
);
1446 if (optype
!= -1 && (ctx
->operation
& optype
) == 0) {
1447 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_OPERATION
);
1452 case EVP_PKEY_CTRL_SET1_ID
:
1453 evp_pkey_ctx_free_cached_data(ctx
, cmd
, name
);
1455 ctx
->cached_parameters
.dist_id_name
= OPENSSL_strdup(name
);
1456 if (ctx
->cached_parameters
.dist_id_name
== NULL
) {
1457 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
1462 ctx
->cached_parameters
.dist_id
= OPENSSL_memdup(data
, data_len
);
1463 if (ctx
->cached_parameters
.dist_id
== NULL
) {
1464 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
1468 ctx
->cached_parameters
.dist_id_set
= 1;
1469 ctx
->cached_parameters
.dist_id_len
= data_len
;
1475 static void evp_pkey_ctx_free_cached_data(EVP_PKEY_CTX
*ctx
,
1476 int cmd
, const char *name
)
1478 cmd
= decode_cmd(cmd
, name
);
1480 case EVP_PKEY_CTRL_SET1_ID
:
1481 OPENSSL_free(ctx
->cached_parameters
.dist_id
);
1482 OPENSSL_free(ctx
->cached_parameters
.dist_id_name
);
1483 ctx
->cached_parameters
.dist_id
= NULL
;
1484 ctx
->cached_parameters
.dist_id_name
= NULL
;
1489 static void evp_pkey_ctx_free_all_cached_data(EVP_PKEY_CTX
*ctx
)
1491 evp_pkey_ctx_free_cached_data(ctx
, EVP_PKEY_CTRL_SET1_ID
, NULL
);
1494 int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX
*ctx
)
1498 if (ret
&& ctx
->cached_parameters
.dist_id_set
) {
1499 const char *name
= ctx
->cached_parameters
.dist_id_name
;
1500 const void *val
= ctx
->cached_parameters
.dist_id
;
1501 size_t len
= ctx
->cached_parameters
.dist_id_len
;
1504 ret
= evp_pkey_ctx_ctrl_str_int(ctx
, name
, val
);
1506 ret
= evp_pkey_ctx_ctrl_int(ctx
, -1, ctx
->operation
,
1507 EVP_PKEY_CTRL_SET1_ID
,
1508 (int)len
, (void *)val
);
1514 OSSL_LIB_CTX
*EVP_PKEY_CTX_get0_libctx(EVP_PKEY_CTX
*ctx
)
1519 const char *EVP_PKEY_CTX_get0_propq(EVP_PKEY_CTX
*ctx
)
1521 return ctx
->propquery
;
1524 /* Utility functions to send a string of hex string to a ctrl */
1526 int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX
*ctx
, int cmd
, const char *str
)
1533 return ctx
->pmeth
->ctrl(ctx
, cmd
, len
, (void *)str
);
1536 int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX
*ctx
, int cmd
, const char *hex
)
1542 bin
= OPENSSL_hexstr2buf(hex
, &binlen
);
1545 if (binlen
<= INT_MAX
)
1546 rv
= ctx
->pmeth
->ctrl(ctx
, cmd
, binlen
, bin
);
1551 /* Pass a message digest to a ctrl */
1552 int EVP_PKEY_CTX_md(EVP_PKEY_CTX
*ctx
, int optype
, int cmd
, const char *md
)
1556 if (md
== NULL
|| (m
= EVP_get_digestbyname(md
)) == NULL
) {
1557 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_DIGEST
);
1560 return EVP_PKEY_CTX_ctrl(ctx
, -1, optype
, cmd
, 0, (void *)m
);
1563 int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX
*ctx
)
1565 return ctx
->operation
;
1568 void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX
*ctx
, int *dat
, int datlen
)
1570 ctx
->keygen_info
= dat
;
1571 ctx
->keygen_info_count
= datlen
;
1574 void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX
*ctx
, void *data
)
1579 void *EVP_PKEY_CTX_get_data(const EVP_PKEY_CTX
*ctx
)
1584 EVP_PKEY
*EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX
*ctx
)
1589 EVP_PKEY
*EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX
*ctx
)
1591 return ctx
->peerkey
;
1594 void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX
*ctx
, void *data
)
1596 ctx
->app_data
= data
;
1599 void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX
*ctx
)
1601 return ctx
->app_data
;
1604 void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD
*pmeth
,
1605 int (*init
) (EVP_PKEY_CTX
*ctx
))
1610 void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD
*pmeth
,
1611 int (*copy
) (EVP_PKEY_CTX
*dst
,
1612 const EVP_PKEY_CTX
*src
))
1617 void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD
*pmeth
,
1618 void (*cleanup
) (EVP_PKEY_CTX
*ctx
))
1620 pmeth
->cleanup
= cleanup
;
1623 void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD
*pmeth
,
1624 int (*paramgen_init
) (EVP_PKEY_CTX
*ctx
),
1625 int (*paramgen
) (EVP_PKEY_CTX
*ctx
,
1628 pmeth
->paramgen_init
= paramgen_init
;
1629 pmeth
->paramgen
= paramgen
;
1632 void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD
*pmeth
,
1633 int (*keygen_init
) (EVP_PKEY_CTX
*ctx
),
1634 int (*keygen
) (EVP_PKEY_CTX
*ctx
,
1637 pmeth
->keygen_init
= keygen_init
;
1638 pmeth
->keygen
= keygen
;
1641 void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD
*pmeth
,
1642 int (*sign_init
) (EVP_PKEY_CTX
*ctx
),
1643 int (*sign
) (EVP_PKEY_CTX
*ctx
,
1644 unsigned char *sig
, size_t *siglen
,
1645 const unsigned char *tbs
,
1648 pmeth
->sign_init
= sign_init
;
1652 void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD
*pmeth
,
1653 int (*verify_init
) (EVP_PKEY_CTX
*ctx
),
1654 int (*verify
) (EVP_PKEY_CTX
*ctx
,
1655 const unsigned char *sig
,
1657 const unsigned char *tbs
,
1660 pmeth
->verify_init
= verify_init
;
1661 pmeth
->verify
= verify
;
1664 void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD
*pmeth
,
1665 int (*verify_recover_init
) (EVP_PKEY_CTX
1667 int (*verify_recover
) (EVP_PKEY_CTX
1676 pmeth
->verify_recover_init
= verify_recover_init
;
1677 pmeth
->verify_recover
= verify_recover
;
1680 void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD
*pmeth
,
1681 int (*signctx_init
) (EVP_PKEY_CTX
*ctx
,
1683 int (*signctx
) (EVP_PKEY_CTX
*ctx
,
1688 pmeth
->signctx_init
= signctx_init
;
1689 pmeth
->signctx
= signctx
;
1692 void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD
*pmeth
,
1693 int (*verifyctx_init
) (EVP_PKEY_CTX
*ctx
,
1695 int (*verifyctx
) (EVP_PKEY_CTX
*ctx
,
1696 const unsigned char *sig
,
1700 pmeth
->verifyctx_init
= verifyctx_init
;
1701 pmeth
->verifyctx
= verifyctx
;
1704 void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD
*pmeth
,
1705 int (*encrypt_init
) (EVP_PKEY_CTX
*ctx
),
1706 int (*encryptfn
) (EVP_PKEY_CTX
*ctx
,
1709 const unsigned char *in
,
1712 pmeth
->encrypt_init
= encrypt_init
;
1713 pmeth
->encrypt
= encryptfn
;
1716 void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD
*pmeth
,
1717 int (*decrypt_init
) (EVP_PKEY_CTX
*ctx
),
1718 int (*decrypt
) (EVP_PKEY_CTX
*ctx
,
1721 const unsigned char *in
,
1724 pmeth
->decrypt_init
= decrypt_init
;
1725 pmeth
->decrypt
= decrypt
;
1728 void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD
*pmeth
,
1729 int (*derive_init
) (EVP_PKEY_CTX
*ctx
),
1730 int (*derive
) (EVP_PKEY_CTX
*ctx
,
1734 pmeth
->derive_init
= derive_init
;
1735 pmeth
->derive
= derive
;
1738 void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD
*pmeth
,
1739 int (*ctrl
) (EVP_PKEY_CTX
*ctx
, int type
, int p1
,
1741 int (*ctrl_str
) (EVP_PKEY_CTX
*ctx
,
1746 pmeth
->ctrl_str
= ctrl_str
;
1749 void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD
*pmeth
,
1750 int (*digestsign
) (EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
1751 const unsigned char *tbs
, size_t tbslen
))
1753 pmeth
->digestsign
= digestsign
;
1756 void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD
*pmeth
,
1757 int (*digestverify
) (EVP_MD_CTX
*ctx
, const unsigned char *sig
,
1758 size_t siglen
, const unsigned char *tbs
,
1761 pmeth
->digestverify
= digestverify
;
1764 void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD
*pmeth
,
1765 int (*check
) (EVP_PKEY
*pkey
))
1767 pmeth
->check
= check
;
1770 void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD
*pmeth
,
1771 int (*check
) (EVP_PKEY
*pkey
))
1773 pmeth
->public_check
= check
;
1776 void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD
*pmeth
,
1777 int (*check
) (EVP_PKEY
*pkey
))
1779 pmeth
->param_check
= check
;
1782 void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD
*pmeth
,
1783 int (*digest_custom
) (EVP_PKEY_CTX
*ctx
,
1786 pmeth
->digest_custom
= digest_custom
;
1789 void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD
*pmeth
,
1790 int (**pinit
) (EVP_PKEY_CTX
*ctx
))
1792 *pinit
= pmeth
->init
;
1795 void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD
*pmeth
,
1796 int (**pcopy
) (EVP_PKEY_CTX
*dst
,
1797 const EVP_PKEY_CTX
*src
))
1799 *pcopy
= pmeth
->copy
;
1802 void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD
*pmeth
,
1803 void (**pcleanup
) (EVP_PKEY_CTX
*ctx
))
1805 *pcleanup
= pmeth
->cleanup
;
1808 void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD
*pmeth
,
1809 int (**pparamgen_init
) (EVP_PKEY_CTX
*ctx
),
1810 int (**pparamgen
) (EVP_PKEY_CTX
*ctx
,
1814 *pparamgen_init
= pmeth
->paramgen_init
;
1816 *pparamgen
= pmeth
->paramgen
;
1819 void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD
*pmeth
,
1820 int (**pkeygen_init
) (EVP_PKEY_CTX
*ctx
),
1821 int (**pkeygen
) (EVP_PKEY_CTX
*ctx
,
1825 *pkeygen_init
= pmeth
->keygen_init
;
1827 *pkeygen
= pmeth
->keygen
;
1830 void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD
*pmeth
,
1831 int (**psign_init
) (EVP_PKEY_CTX
*ctx
),
1832 int (**psign
) (EVP_PKEY_CTX
*ctx
,
1833 unsigned char *sig
, size_t *siglen
,
1834 const unsigned char *tbs
,
1838 *psign_init
= pmeth
->sign_init
;
1840 *psign
= pmeth
->sign
;
1843 void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD
*pmeth
,
1844 int (**pverify_init
) (EVP_PKEY_CTX
*ctx
),
1845 int (**pverify
) (EVP_PKEY_CTX
*ctx
,
1846 const unsigned char *sig
,
1848 const unsigned char *tbs
,
1852 *pverify_init
= pmeth
->verify_init
;
1854 *pverify
= pmeth
->verify
;
1857 void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD
*pmeth
,
1858 int (**pverify_recover_init
) (EVP_PKEY_CTX
1860 int (**pverify_recover
) (EVP_PKEY_CTX
1869 if (pverify_recover_init
)
1870 *pverify_recover_init
= pmeth
->verify_recover_init
;
1871 if (pverify_recover
)
1872 *pverify_recover
= pmeth
->verify_recover
;
1875 void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD
*pmeth
,
1876 int (**psignctx_init
) (EVP_PKEY_CTX
*ctx
,
1878 int (**psignctx
) (EVP_PKEY_CTX
*ctx
,
1884 *psignctx_init
= pmeth
->signctx_init
;
1886 *psignctx
= pmeth
->signctx
;
1889 void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD
*pmeth
,
1890 int (**pverifyctx_init
) (EVP_PKEY_CTX
*ctx
,
1892 int (**pverifyctx
) (EVP_PKEY_CTX
*ctx
,
1893 const unsigned char *sig
,
1897 if (pverifyctx_init
)
1898 *pverifyctx_init
= pmeth
->verifyctx_init
;
1900 *pverifyctx
= pmeth
->verifyctx
;
1903 void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD
*pmeth
,
1904 int (**pencrypt_init
) (EVP_PKEY_CTX
*ctx
),
1905 int (**pencryptfn
) (EVP_PKEY_CTX
*ctx
,
1908 const unsigned char *in
,
1912 *pencrypt_init
= pmeth
->encrypt_init
;
1914 *pencryptfn
= pmeth
->encrypt
;
1917 void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD
*pmeth
,
1918 int (**pdecrypt_init
) (EVP_PKEY_CTX
*ctx
),
1919 int (**pdecrypt
) (EVP_PKEY_CTX
*ctx
,
1922 const unsigned char *in
,
1926 *pdecrypt_init
= pmeth
->decrypt_init
;
1928 *pdecrypt
= pmeth
->decrypt
;
1931 void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD
*pmeth
,
1932 int (**pderive_init
) (EVP_PKEY_CTX
*ctx
),
1933 int (**pderive
) (EVP_PKEY_CTX
*ctx
,
1938 *pderive_init
= pmeth
->derive_init
;
1940 *pderive
= pmeth
->derive
;
1943 void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD
*pmeth
,
1944 int (**pctrl
) (EVP_PKEY_CTX
*ctx
, int type
, int p1
,
1946 int (**pctrl_str
) (EVP_PKEY_CTX
*ctx
,
1951 *pctrl
= pmeth
->ctrl
;
1953 *pctrl_str
= pmeth
->ctrl_str
;
1956 void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD
*pmeth
,
1957 int (**digestsign
) (EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
1958 const unsigned char *tbs
, size_t tbslen
))
1961 *digestsign
= pmeth
->digestsign
;
1964 void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD
*pmeth
,
1965 int (**digestverify
) (EVP_MD_CTX
*ctx
, const unsigned char *sig
,
1966 size_t siglen
, const unsigned char *tbs
,
1970 *digestverify
= pmeth
->digestverify
;
1973 void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD
*pmeth
,
1974 int (**pcheck
) (EVP_PKEY
*pkey
))
1977 *pcheck
= pmeth
->check
;
1980 void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD
*pmeth
,
1981 int (**pcheck
) (EVP_PKEY
*pkey
))
1984 *pcheck
= pmeth
->public_check
;
1987 void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD
*pmeth
,
1988 int (**pcheck
) (EVP_PKEY
*pkey
))
1991 *pcheck
= pmeth
->param_check
;
1994 void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD
*pmeth
,
1995 int (**pdigest_custom
) (EVP_PKEY_CTX
*ctx
,
1998 if (pdigest_custom
!= NULL
)
1999 *pdigest_custom
= pmeth
->digest_custom
;
2002 #endif /* FIPS_MODULE */