2 * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * Low level key APIs (DH etc) are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
18 #include <openssl/engine.h>
19 #include <openssl/evp.h>
20 #include <openssl/x509v3.h>
21 #include <openssl/core_names.h>
22 #include <openssl/dh.h>
23 #include <openssl/rsa.h>
24 #include <openssl/kdf.h>
25 #include "internal/cryptlib.h"
26 #include "crypto/asn1.h"
27 #include "crypto/evp.h"
28 #include "crypto/dh.h"
29 #include "crypto/ec.h"
30 #include "internal/ffc.h"
31 #include "internal/numbers.h"
32 #include "internal/provider.h"
33 #include "evp_local.h"
37 static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX
*ctx
,
38 int keytype
, int optype
,
39 int cmd
, const char *name
,
40 const void *data
, size_t data_len
);
41 static void evp_pkey_ctx_free_cached_data(EVP_PKEY_CTX
*ctx
,
42 int cmd
, const char *name
);
43 static void evp_pkey_ctx_free_all_cached_data(EVP_PKEY_CTX
*ctx
);
45 typedef const EVP_PKEY_METHOD
*(*pmeth_fn
)(void);
46 typedef int sk_cmp_fn_type(const char *const *a
, const char *const *b
);
48 static STACK_OF(EVP_PKEY_METHOD
) *app_pkey_methods
= NULL
;
50 /* This array needs to be in order of NIDs */
51 static pmeth_fn standard_methods
[] = {
53 # ifndef OPENSSL_NO_DH
56 # ifndef OPENSSL_NO_DSA
59 # ifndef OPENSSL_NO_EC
62 ossl_rsa_pss_pkey_method
,
63 # ifndef OPENSSL_NO_DH
66 # ifndef OPENSSL_NO_EC
70 # ifndef OPENSSL_NO_EC
76 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD
*, pmeth_fn
, pmeth_func
);
78 static int pmeth_func_cmp(const EVP_PKEY_METHOD
*const *a
, pmeth_fn
const *b
)
80 return ((*a
)->pkey_id
- ((**b
)())->pkey_id
);
83 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD
*, pmeth_fn
, pmeth_func
);
85 static int pmeth_cmp(const EVP_PKEY_METHOD
*const *a
,
86 const EVP_PKEY_METHOD
*const *b
)
88 return ((*a
)->pkey_id
- (*b
)->pkey_id
);
91 static const EVP_PKEY_METHOD
*evp_pkey_meth_find_added_by_application(int type
)
93 if (app_pkey_methods
!= NULL
) {
98 idx
= sk_EVP_PKEY_METHOD_find(app_pkey_methods
, &tmp
);
100 return sk_EVP_PKEY_METHOD_value(app_pkey_methods
, idx
);
105 const EVP_PKEY_METHOD
*EVP_PKEY_meth_find(int type
)
109 const EVP_PKEY_METHOD
*t
;
111 if ((t
= evp_pkey_meth_find_added_by_application(type
)) != NULL
)
116 ret
= OBJ_bsearch_pmeth_func(&t
, standard_methods
,
117 OSSL_NELEM(standard_methods
));
118 if (ret
== NULL
|| *ret
== NULL
)
123 EVP_PKEY_METHOD
*EVP_PKEY_meth_new(int id
, int flags
)
125 EVP_PKEY_METHOD
*pmeth
;
127 pmeth
= OPENSSL_zalloc(sizeof(*pmeth
));
129 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
134 pmeth
->flags
= flags
| EVP_PKEY_FLAG_DYNAMIC
;
138 static void help_get_legacy_alg_type_from_keymgmt(const char *keytype
,
143 if (*type
== NID_undef
)
144 *type
= evp_pkey_name2type(keytype
);
147 static int get_legacy_alg_type_from_keymgmt(const EVP_KEYMGMT
*keymgmt
)
149 int type
= NID_undef
;
151 EVP_KEYMGMT_names_do_all(keymgmt
, help_get_legacy_alg_type_from_keymgmt
,
155 #endif /* FIPS_MODULE */
157 int evp_pkey_ctx_state(const EVP_PKEY_CTX
*ctx
)
159 if (ctx
->operation
== EVP_PKEY_OP_UNDEFINED
)
160 return EVP_PKEY_STATE_UNKNOWN
;
162 if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
163 && ctx
->op
.kex
.exchprovctx
!= NULL
)
164 || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
165 && ctx
->op
.sig
.sigprovctx
!= NULL
)
166 || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
167 && ctx
->op
.ciph
.ciphprovctx
!= NULL
)
168 || (EVP_PKEY_CTX_IS_GEN_OP(ctx
)
169 && ctx
->op
.keymgmt
.genctx
!= NULL
)
170 || (EVP_PKEY_CTX_IS_KEM_OP(ctx
)
171 && ctx
->op
.encap
.kemprovctx
!= NULL
))
172 return EVP_PKEY_STATE_PROVIDER
;
174 return EVP_PKEY_STATE_LEGACY
;
177 static EVP_PKEY_CTX
*int_ctx_new(OSSL_LIB_CTX
*libctx
,
178 EVP_PKEY
*pkey
, ENGINE
*e
,
179 const char *keytype
, const char *propquery
,
183 EVP_PKEY_CTX
*ret
= NULL
;
184 const EVP_PKEY_METHOD
*pmeth
= NULL
;
185 EVP_KEYMGMT
*keymgmt
= NULL
;
188 * If the given |pkey| is provided, we extract the keytype from its
189 * keymgmt and skip over the legacy code.
191 if (pkey
!= NULL
&& evp_pkey_is_provided(pkey
)) {
192 /* If we have an engine, something went wrong somewhere... */
193 if (!ossl_assert(e
== NULL
))
195 keytype
= evp_first_name(pkey
->keymgmt
->prov
, pkey
->keymgmt
->name_id
);
201 * TODO(3.0) This legacy code section should be removed when we stop
208 else if (keytype
!= NULL
)
209 id
= evp_pkey_name2type(keytype
);
213 /* If no ID was found here, we can only resort to find a keymgmt */
218 * Here, we extract what information we can for the purpose of
219 * supporting usage with implementations from providers, to make
220 * for a smooth transition from legacy stuff to provider based stuff.
222 * If an engine is given, this is entirely legacy, and we should not
223 * pretend anything else, so we only set the name when no engine is
224 * given. If both are already given, someone made a mistake, and
225 * since that can only happen internally, it's safe to make an
228 if (!ossl_assert(e
== NULL
|| keytype
== NULL
))
231 keytype
= OBJ_nid2sn(id
);
233 # ifndef OPENSSL_NO_ENGINE
234 if (e
== NULL
&& pkey
!= NULL
)
235 e
= pkey
->pmeth_engine
!= NULL
? pkey
->pmeth_engine
: pkey
->engine
;
236 /* Try to find an ENGINE which implements this method */
238 if (!ENGINE_init(e
)) {
239 ERR_raise(ERR_LIB_EVP
, ERR_R_ENGINE_LIB
);
243 e
= ENGINE_get_pkey_meth_engine(id
);
247 * If an ENGINE handled this method look it up. Otherwise use internal
251 pmeth
= ENGINE_get_pkey_meth(e
, id
);
254 pmeth
= evp_pkey_meth_find_added_by_application(id
);
257 #endif /* FIPS_MODULE */
260 * If there's no engine and there's a name, we try fetching a provider
263 if (e
== NULL
&& keytype
!= NULL
) {
264 keymgmt
= EVP_KEYMGMT_fetch(libctx
, keytype
, propquery
);
266 return NULL
; /* EVP_KEYMGMT_fetch() recorded an error */
270 * Chase down the legacy NID, as that might be needed for diverse
271 * purposes, such as ensure that EVP_PKEY_type() can return sensible
272 * values, or that there's a better chance to "downgrade" a key when
273 * needed. We go through all keymgmt names, because the keytype
274 * that's passed to this function doesn't necessarily translate
276 * TODO: Remove this when #legacy keys are gone.
278 if (keymgmt
!= NULL
) {
279 int tmp_id
= get_legacy_alg_type_from_keymgmt(keymgmt
);
281 if (tmp_id
!= NID_undef
) {
286 * It really really shouldn't differ. If it still does,
287 * something is very wrong.
289 if (!ossl_assert(id
== tmp_id
)) {
290 ERR_raise(ERR_LIB_EVP
, ERR_R_INTERNAL_ERROR
);
291 EVP_KEYMGMT_free(keymgmt
);
300 if (pmeth
== NULL
&& keymgmt
== NULL
) {
301 ERR_raise(ERR_LIB_EVP
, EVP_R_UNSUPPORTED_ALGORITHM
);
303 ret
= OPENSSL_zalloc(sizeof(*ret
));
305 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
308 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
309 if ((ret
== NULL
|| pmeth
== NULL
) && e
!= NULL
)
314 EVP_KEYMGMT_free(keymgmt
);
317 if (propquery
!= NULL
) {
318 ret
->propquery
= OPENSSL_strdup(propquery
);
319 if (ret
->propquery
== NULL
) {
320 EVP_KEYMGMT_free(keymgmt
);
324 ret
->libctx
= libctx
;
325 ret
->keytype
= keytype
;
326 ret
->keymgmt
= keymgmt
;
327 ret
->legacy_keytype
= id
; /* TODO: Remove when #legacy key are gone */
330 ret
->operation
= EVP_PKEY_OP_UNDEFINED
;
333 EVP_PKEY_up_ref(pkey
);
335 if (pmeth
!= NULL
&& pmeth
->init
!= NULL
) {
336 if (pmeth
->init(ret
) <= 0) {
338 EVP_PKEY_CTX_free(ret
);
346 /*- All methods below can also be used in FIPS_MODULE */
348 EVP_PKEY_CTX
*EVP_PKEY_CTX_new_from_name(OSSL_LIB_CTX
*libctx
,
350 const char *propquery
)
352 return int_ctx_new(libctx
, NULL
, NULL
, name
, propquery
, -1);
355 EVP_PKEY_CTX
*EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX
*libctx
, EVP_PKEY
*pkey
,
356 const char *propquery
)
358 return int_ctx_new(libctx
, pkey
, NULL
, NULL
, propquery
, -1);
361 void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX
*ctx
)
363 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)) {
364 if (ctx
->op
.sig
.sigprovctx
!= NULL
&& ctx
->op
.sig
.signature
!= NULL
)
365 ctx
->op
.sig
.signature
->freectx(ctx
->op
.sig
.sigprovctx
);
366 EVP_SIGNATURE_free(ctx
->op
.sig
.signature
);
367 ctx
->op
.sig
.sigprovctx
= NULL
;
368 ctx
->op
.sig
.signature
= NULL
;
369 } else if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)) {
370 if (ctx
->op
.kex
.exchprovctx
!= NULL
&& ctx
->op
.kex
.exchange
!= NULL
)
371 ctx
->op
.kex
.exchange
->freectx(ctx
->op
.kex
.exchprovctx
);
372 EVP_KEYEXCH_free(ctx
->op
.kex
.exchange
);
373 ctx
->op
.kex
.exchprovctx
= NULL
;
374 ctx
->op
.kex
.exchange
= NULL
;
375 } else if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)) {
376 if (ctx
->op
.encap
.kemprovctx
!= NULL
&& ctx
->op
.encap
.kem
!= NULL
)
377 ctx
->op
.encap
.kem
->freectx(ctx
->op
.encap
.kemprovctx
);
378 EVP_KEM_free(ctx
->op
.encap
.kem
);
379 ctx
->op
.encap
.kemprovctx
= NULL
;
380 ctx
->op
.encap
.kem
= NULL
;
382 else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)) {
383 if (ctx
->op
.ciph
.ciphprovctx
!= NULL
&& ctx
->op
.ciph
.cipher
!= NULL
)
384 ctx
->op
.ciph
.cipher
->freectx(ctx
->op
.ciph
.ciphprovctx
);
385 EVP_ASYM_CIPHER_free(ctx
->op
.ciph
.cipher
);
386 ctx
->op
.ciph
.ciphprovctx
= NULL
;
387 ctx
->op
.ciph
.cipher
= NULL
;
388 } else if (EVP_PKEY_CTX_IS_GEN_OP(ctx
)) {
389 if (ctx
->op
.keymgmt
.genctx
!= NULL
&& ctx
->keymgmt
!= NULL
)
390 evp_keymgmt_gen_cleanup(ctx
->keymgmt
, ctx
->op
.keymgmt
.genctx
);
394 void EVP_PKEY_CTX_free(EVP_PKEY_CTX
*ctx
)
398 if (ctx
->pmeth
&& ctx
->pmeth
->cleanup
)
399 ctx
->pmeth
->cleanup(ctx
);
401 evp_pkey_ctx_free_old_ops(ctx
);
403 evp_pkey_ctx_free_all_cached_data(ctx
);
405 EVP_KEYMGMT_free(ctx
->keymgmt
);
407 OPENSSL_free(ctx
->propquery
);
408 EVP_PKEY_free(ctx
->pkey
);
409 EVP_PKEY_free(ctx
->peerkey
);
410 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
411 ENGINE_finish(ctx
->engine
);
413 BN_free(ctx
->rsa_pubexp
);
419 void EVP_PKEY_meth_get0_info(int *ppkey_id
, int *pflags
,
420 const EVP_PKEY_METHOD
*meth
)
423 *ppkey_id
= meth
->pkey_id
;
425 *pflags
= meth
->flags
;
428 void EVP_PKEY_meth_copy(EVP_PKEY_METHOD
*dst
, const EVP_PKEY_METHOD
*src
)
430 int pkey_id
= dst
->pkey_id
;
431 int flags
= dst
->flags
;
435 /* We only copy the function pointers so restore the other values */
436 dst
->pkey_id
= pkey_id
;
440 void EVP_PKEY_meth_free(EVP_PKEY_METHOD
*pmeth
)
442 if (pmeth
&& (pmeth
->flags
& EVP_PKEY_FLAG_DYNAMIC
))
446 EVP_PKEY_CTX
*EVP_PKEY_CTX_new(EVP_PKEY
*pkey
, ENGINE
*e
)
448 return int_ctx_new(NULL
, pkey
, e
, NULL
, NULL
, -1);
451 EVP_PKEY_CTX
*EVP_PKEY_CTX_new_id(int id
, ENGINE
*e
)
453 return int_ctx_new(NULL
, NULL
, e
, NULL
, NULL
, id
);
456 EVP_PKEY_CTX
*EVP_PKEY_CTX_dup(const EVP_PKEY_CTX
*pctx
)
460 # ifndef OPENSSL_NO_ENGINE
461 /* Make sure it's safe to copy a pkey context using an ENGINE */
462 if (pctx
->engine
&& !ENGINE_init(pctx
->engine
)) {
463 ERR_raise(ERR_LIB_EVP
, ERR_R_ENGINE_LIB
);
467 rctx
= OPENSSL_zalloc(sizeof(*rctx
));
469 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
473 if (pctx
->pkey
!= NULL
)
474 EVP_PKEY_up_ref(pctx
->pkey
);
475 rctx
->pkey
= pctx
->pkey
;
476 rctx
->operation
= pctx
->operation
;
477 rctx
->libctx
= pctx
->libctx
;
478 rctx
->keytype
= pctx
->keytype
;
479 rctx
->propquery
= NULL
;
480 if (pctx
->propquery
!= NULL
) {
481 rctx
->propquery
= OPENSSL_strdup(pctx
->propquery
);
482 if (rctx
->propquery
== NULL
)
485 rctx
->legacy_keytype
= pctx
->legacy_keytype
;
487 if (EVP_PKEY_CTX_IS_DERIVE_OP(pctx
)) {
488 if (pctx
->op
.kex
.exchange
!= NULL
) {
489 rctx
->op
.kex
.exchange
= pctx
->op
.kex
.exchange
;
490 if (!EVP_KEYEXCH_up_ref(rctx
->op
.kex
.exchange
))
493 if (pctx
->op
.kex
.exchprovctx
!= NULL
) {
494 if (!ossl_assert(pctx
->op
.kex
.exchange
!= NULL
))
496 rctx
->op
.kex
.exchprovctx
497 = pctx
->op
.kex
.exchange
->dupctx(pctx
->op
.kex
.exchprovctx
);
498 if (rctx
->op
.kex
.exchprovctx
== NULL
) {
499 EVP_KEYEXCH_free(rctx
->op
.kex
.exchange
);
504 } else if (EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx
)) {
505 if (pctx
->op
.sig
.signature
!= NULL
) {
506 rctx
->op
.sig
.signature
= pctx
->op
.sig
.signature
;
507 if (!EVP_SIGNATURE_up_ref(rctx
->op
.sig
.signature
))
510 if (pctx
->op
.sig
.sigprovctx
!= NULL
) {
511 if (!ossl_assert(pctx
->op
.sig
.signature
!= NULL
))
513 rctx
->op
.sig
.sigprovctx
514 = pctx
->op
.sig
.signature
->dupctx(pctx
->op
.sig
.sigprovctx
);
515 if (rctx
->op
.sig
.sigprovctx
== NULL
) {
516 EVP_SIGNATURE_free(rctx
->op
.sig
.signature
);
521 } else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(pctx
)) {
522 if (pctx
->op
.ciph
.cipher
!= NULL
) {
523 rctx
->op
.ciph
.cipher
= pctx
->op
.ciph
.cipher
;
524 if (!EVP_ASYM_CIPHER_up_ref(rctx
->op
.ciph
.cipher
))
527 if (pctx
->op
.ciph
.ciphprovctx
!= NULL
) {
528 if (!ossl_assert(pctx
->op
.ciph
.cipher
!= NULL
))
530 rctx
->op
.ciph
.ciphprovctx
531 = pctx
->op
.ciph
.cipher
->dupctx(pctx
->op
.ciph
.ciphprovctx
);
532 if (rctx
->op
.ciph
.ciphprovctx
== NULL
) {
533 EVP_ASYM_CIPHER_free(rctx
->op
.ciph
.cipher
);
538 } else if (EVP_PKEY_CTX_IS_KEM_OP(pctx
)) {
539 if (pctx
->op
.encap
.kem
!= NULL
) {
540 rctx
->op
.encap
.kem
= pctx
->op
.encap
.kem
;
541 if (!EVP_KEM_up_ref(rctx
->op
.encap
.kem
))
544 if (pctx
->op
.encap
.kemprovctx
!= NULL
) {
545 if (!ossl_assert(pctx
->op
.encap
.kem
!= NULL
))
547 rctx
->op
.encap
.kemprovctx
548 = pctx
->op
.encap
.kem
->dupctx(pctx
->op
.encap
.kemprovctx
);
549 if (rctx
->op
.encap
.kemprovctx
== NULL
) {
550 EVP_KEM_free(rctx
->op
.encap
.kem
);
555 } else if (EVP_PKEY_CTX_IS_GEN_OP(pctx
)) {
556 /* Not supported - This would need a gen_dupctx() to work */
560 rctx
->pmeth
= pctx
->pmeth
;
561 # ifndef OPENSSL_NO_ENGINE
562 rctx
->engine
= pctx
->engine
;
565 if (pctx
->peerkey
!= NULL
)
566 EVP_PKEY_up_ref(pctx
->peerkey
);
567 rctx
->peerkey
= pctx
->peerkey
;
569 if (pctx
->pmeth
== NULL
) {
570 if (rctx
->operation
== EVP_PKEY_OP_UNDEFINED
) {
571 EVP_KEYMGMT
*tmp_keymgmt
= pctx
->keymgmt
;
574 provkey
= evp_pkey_export_to_provider(pctx
->pkey
, pctx
->libctx
,
575 &tmp_keymgmt
, pctx
->propquery
);
578 if (!EVP_KEYMGMT_up_ref(tmp_keymgmt
))
580 EVP_KEYMGMT_free(rctx
->keymgmt
);
581 rctx
->keymgmt
= tmp_keymgmt
;
584 } else if (pctx
->pmeth
->copy(rctx
, pctx
) > 0) {
589 EVP_PKEY_CTX_free(rctx
);
593 int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD
*pmeth
)
595 if (app_pkey_methods
== NULL
) {
596 app_pkey_methods
= sk_EVP_PKEY_METHOD_new(pmeth_cmp
);
597 if (app_pkey_methods
== NULL
){
598 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
602 if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods
, pmeth
)) {
603 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
606 sk_EVP_PKEY_METHOD_sort(app_pkey_methods
);
610 void evp_app_cleanup_int(void)
612 if (app_pkey_methods
!= NULL
)
613 sk_EVP_PKEY_METHOD_pop_free(app_pkey_methods
, EVP_PKEY_meth_free
);
616 int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD
*pmeth
)
618 const EVP_PKEY_METHOD
*ret
;
620 ret
= sk_EVP_PKEY_METHOD_delete_ptr(app_pkey_methods
, pmeth
);
622 return ret
== NULL
? 0 : 1;
625 size_t EVP_PKEY_meth_get_count(void)
627 size_t rv
= OSSL_NELEM(standard_methods
);
629 if (app_pkey_methods
)
630 rv
+= sk_EVP_PKEY_METHOD_num(app_pkey_methods
);
634 const EVP_PKEY_METHOD
*EVP_PKEY_meth_get0(size_t idx
)
636 if (idx
< OSSL_NELEM(standard_methods
))
637 return (standard_methods
[idx
])();
638 if (app_pkey_methods
== NULL
)
640 idx
-= OSSL_NELEM(standard_methods
);
641 if (idx
>= (size_t)sk_EVP_PKEY_METHOD_num(app_pkey_methods
))
643 return sk_EVP_PKEY_METHOD_value(app_pkey_methods
, idx
);
647 int EVP_PKEY_CTX_is_a(EVP_PKEY_CTX
*ctx
, const char *keytype
)
650 if (evp_pkey_ctx_is_legacy(ctx
))
651 return (ctx
->pmeth
->pkey_id
== evp_pkey_name2type(keytype
));
653 return EVP_KEYMGMT_is_a(ctx
->keymgmt
, keytype
);
656 int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX
*ctx
, OSSL_PARAM
*params
)
658 switch (evp_pkey_ctx_state(ctx
)) {
659 case EVP_PKEY_STATE_PROVIDER
:
660 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
661 && ctx
->op
.kex
.exchange
!= NULL
662 && ctx
->op
.kex
.exchange
->set_ctx_params
!= NULL
)
664 ctx
->op
.kex
.exchange
->set_ctx_params(ctx
->op
.kex
.exchprovctx
,
666 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
667 && ctx
->op
.sig
.signature
!= NULL
668 && ctx
->op
.sig
.signature
->set_ctx_params
!= NULL
)
670 ctx
->op
.sig
.signature
->set_ctx_params(ctx
->op
.sig
.sigprovctx
,
672 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
673 && ctx
->op
.ciph
.cipher
!= NULL
674 && ctx
->op
.ciph
.cipher
->set_ctx_params
!= NULL
)
676 ctx
->op
.ciph
.cipher
->set_ctx_params(ctx
->op
.ciph
.ciphprovctx
,
678 if (EVP_PKEY_CTX_IS_GEN_OP(ctx
)
679 && ctx
->keymgmt
!= NULL
680 && ctx
->keymgmt
->gen_set_params
!= NULL
)
682 evp_keymgmt_gen_set_params(ctx
->keymgmt
, ctx
->op
.keymgmt
.genctx
,
684 if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)
685 && ctx
->op
.encap
.kem
!= NULL
686 && ctx
->op
.encap
.kem
->set_ctx_params
!= NULL
)
688 ctx
->op
.encap
.kem
->set_ctx_params(ctx
->op
.encap
.kemprovctx
,
692 case EVP_PKEY_STATE_UNKNOWN
:
693 case EVP_PKEY_STATE_LEGACY
:
694 return evp_pkey_ctx_set_params_to_ctrl(ctx
, params
);
700 int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX
*ctx
, OSSL_PARAM
*params
)
702 switch (evp_pkey_ctx_state(ctx
)) {
703 case EVP_PKEY_STATE_PROVIDER
:
704 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
705 && ctx
->op
.kex
.exchange
!= NULL
706 && ctx
->op
.kex
.exchange
->get_ctx_params
!= NULL
)
708 ctx
->op
.kex
.exchange
->get_ctx_params(ctx
->op
.kex
.exchprovctx
,
710 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
711 && ctx
->op
.sig
.signature
!= NULL
712 && ctx
->op
.sig
.signature
->get_ctx_params
!= NULL
)
714 ctx
->op
.sig
.signature
->get_ctx_params(ctx
->op
.sig
.sigprovctx
,
716 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
717 && ctx
->op
.ciph
.cipher
!= NULL
718 && ctx
->op
.ciph
.cipher
->get_ctx_params
!= NULL
)
720 ctx
->op
.ciph
.cipher
->get_ctx_params(ctx
->op
.ciph
.ciphprovctx
,
722 if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)
723 && ctx
->op
.encap
.kem
!= NULL
724 && ctx
->op
.encap
.kem
->get_ctx_params
!= NULL
)
726 ctx
->op
.encap
.kem
->get_ctx_params(ctx
->op
.encap
.kemprovctx
,
730 case EVP_PKEY_STATE_UNKNOWN
:
731 case EVP_PKEY_STATE_LEGACY
:
732 return evp_pkey_ctx_get_params_to_ctrl(ctx
, params
);
739 const OSSL_PARAM
*EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX
*ctx
)
743 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
744 && ctx
->op
.kex
.exchange
!= NULL
745 && ctx
->op
.kex
.exchange
->gettable_ctx_params
!= NULL
) {
746 provctx
= ossl_provider_ctx(EVP_KEYEXCH_provider(ctx
->op
.kex
.exchange
));
747 return ctx
->op
.kex
.exchange
->gettable_ctx_params(provctx
);
749 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
750 && ctx
->op
.sig
.signature
!= NULL
751 && ctx
->op
.sig
.signature
->gettable_ctx_params
!= NULL
) {
752 provctx
= ossl_provider_ctx(
753 EVP_SIGNATURE_provider(ctx
->op
.sig
.signature
));
754 return ctx
->op
.sig
.signature
->gettable_ctx_params(provctx
);
756 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
757 && ctx
->op
.ciph
.cipher
!= NULL
758 && ctx
->op
.ciph
.cipher
->gettable_ctx_params
!= NULL
) {
759 provctx
= ossl_provider_ctx(
760 EVP_ASYM_CIPHER_provider(ctx
->op
.ciph
.cipher
));
761 return ctx
->op
.ciph
.cipher
->gettable_ctx_params(provctx
);
763 if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)
764 && ctx
->op
.encap
.kem
!= NULL
765 && ctx
->op
.encap
.kem
->gettable_ctx_params
!= NULL
) {
766 provctx
= ossl_provider_ctx(EVP_KEM_provider(ctx
->op
.encap
.kem
));
767 return ctx
->op
.encap
.kem
->gettable_ctx_params(provctx
);
772 const OSSL_PARAM
*EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX
*ctx
)
776 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)
777 && ctx
->op
.kex
.exchange
!= NULL
778 && ctx
->op
.kex
.exchange
->settable_ctx_params
!= NULL
) {
779 provctx
= ossl_provider_ctx(EVP_KEYEXCH_provider(ctx
->op
.kex
.exchange
));
780 return ctx
->op
.kex
.exchange
->settable_ctx_params(provctx
);
782 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)
783 && ctx
->op
.sig
.signature
!= NULL
784 && ctx
->op
.sig
.signature
->settable_ctx_params
!= NULL
) {
785 provctx
= ossl_provider_ctx(
786 EVP_SIGNATURE_provider(ctx
->op
.sig
.signature
));
787 return ctx
->op
.sig
.signature
->settable_ctx_params(provctx
);
789 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx
)
790 && ctx
->op
.ciph
.cipher
!= NULL
791 && ctx
->op
.ciph
.cipher
->settable_ctx_params
!= NULL
) {
792 provctx
= ossl_provider_ctx(
793 EVP_ASYM_CIPHER_provider(ctx
->op
.ciph
.cipher
));
794 return ctx
->op
.ciph
.cipher
->settable_ctx_params(provctx
);
796 if (EVP_PKEY_CTX_IS_GEN_OP(ctx
)
797 && ctx
->keymgmt
!= NULL
)
798 return EVP_KEYMGMT_gen_settable_params(ctx
->keymgmt
);
799 if (EVP_PKEY_CTX_IS_KEM_OP(ctx
)
800 && ctx
->op
.encap
.kem
!= NULL
801 && ctx
->op
.encap
.kem
->settable_ctx_params
!= NULL
) {
802 provctx
= ossl_provider_ctx(EVP_KEM_provider(ctx
->op
.encap
.kem
));
803 return ctx
->op
.encap
.kem
->settable_ctx_params(provctx
);
809 * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params().
811 * Return 1 on success, 0 or negative for errors.
813 * In particular they return -2 if any of the params is not supported.
815 * They are not available in FIPS_MODULE as they depend on
816 * - EVP_PKEY_CTX_{get,set}_params()
817 * - EVP_PKEY_CTX_{gettable,settable}_params()
820 int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX
*ctx
, OSSL_PARAM
*params
)
822 if (ctx
== NULL
|| params
== NULL
)
826 * We only check for provider side EVP_PKEY_CTX. For #legacy, we
827 * depend on the translation that happens in EVP_PKEY_CTX_set_params()
828 * call, and that the resulting ctrl call will return -2 if it doesn't
829 * known the ctrl command number.
831 if (evp_pkey_ctx_is_provided(ctx
)) {
832 const OSSL_PARAM
*settable
= EVP_PKEY_CTX_settable_params(ctx
);
835 for (p
= params
; p
->key
!= NULL
; p
++) {
836 /* Check the ctx actually understands this parameter */
837 if (OSSL_PARAM_locate_const(settable
, p
->key
) == NULL
)
842 return EVP_PKEY_CTX_set_params(ctx
, params
);
845 int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX
*ctx
, OSSL_PARAM
*params
)
847 if (ctx
== NULL
|| params
== NULL
)
851 * We only check for provider side EVP_PKEY_CTX. For #legacy, we
852 * depend on the translation that happens in EVP_PKEY_CTX_get_params()
853 * call, and that the resulting ctrl call will return -2 if it doesn't
854 * known the ctrl command number.
856 if (evp_pkey_ctx_is_provided(ctx
)) {
857 const OSSL_PARAM
*gettable
= EVP_PKEY_CTX_gettable_params(ctx
);
860 for (p
= params
; p
->key
!= NULL
; p
++ ) {
861 /* Check the ctx actually understands this parameter */
862 if (OSSL_PARAM_locate_const(gettable
, p
->key
) == NULL
)
867 return EVP_PKEY_CTX_get_params(ctx
, params
);
870 int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
**md
)
872 OSSL_PARAM sig_md_params
[2], *p
= sig_md_params
;
873 /* 80 should be big enough */
877 if (ctx
== NULL
|| !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)) {
878 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
879 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
883 /* TODO(3.0): Remove this eventually when no more legacy */
884 if (ctx
->op
.sig
.sigprovctx
== NULL
)
885 return EVP_PKEY_CTX_ctrl(ctx
, -1, EVP_PKEY_OP_TYPE_SIG
,
886 EVP_PKEY_CTRL_GET_MD
, 0, (void *)(md
));
888 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
891 *p
= OSSL_PARAM_construct_end();
893 if (!EVP_PKEY_CTX_get_params(ctx
, sig_md_params
))
896 tmp
= evp_get_digestbyname_ex(ctx
->libctx
, name
);
905 static int evp_pkey_ctx_set_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
*md
,
906 int fallback
, const char *param
, int op
,
909 OSSL_PARAM md_params
[2], *p
= md_params
;
912 if (ctx
== NULL
|| (ctx
->operation
& op
) == 0) {
913 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
914 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
918 /* TODO(3.0): Remove this eventually when no more legacy */
920 return EVP_PKEY_CTX_ctrl(ctx
, -1, op
, ctrl
, 0, (void *)(md
));
925 name
= EVP_MD_name(md
);
928 *p
++ = OSSL_PARAM_construct_utf8_string(param
,
930 * Cast away the const. This is read
931 * only so should be safe
934 *p
= OSSL_PARAM_construct_end();
936 return EVP_PKEY_CTX_set_params(ctx
, md_params
);
939 int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
*md
)
941 return evp_pkey_ctx_set_md(ctx
, md
, ctx
->op
.sig
.sigprovctx
== NULL
,
942 OSSL_SIGNATURE_PARAM_DIGEST
,
943 EVP_PKEY_OP_TYPE_SIG
, EVP_PKEY_CTRL_MD
);
946 int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
*md
)
948 return evp_pkey_ctx_set_md(ctx
, md
, ctx
->op
.kex
.exchprovctx
== NULL
,
949 OSSL_KDF_PARAM_DIGEST
,
950 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_TLS_MD
);
953 static int evp_pkey_ctx_set1_octet_string(EVP_PKEY_CTX
*ctx
, int fallback
,
954 const char *param
, int op
, int ctrl
,
955 const unsigned char *data
,
958 OSSL_PARAM octet_string_params
[2], *p
= octet_string_params
;
960 if (ctx
== NULL
|| (ctx
->operation
& op
) == 0) {
961 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
962 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
966 /* TODO(3.0): Remove this eventually when no more legacy */
968 return EVP_PKEY_CTX_ctrl(ctx
, -1, op
, ctrl
, datalen
, (void *)(data
));
971 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_LENGTH
);
975 *p
++ = OSSL_PARAM_construct_octet_string(param
,
977 * Cast away the const. This is read
978 * only so should be safe
980 (unsigned char *)data
,
982 *p
= OSSL_PARAM_construct_end();
984 return EVP_PKEY_CTX_set_params(ctx
, octet_string_params
);
987 int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX
*ctx
,
988 const unsigned char *sec
, int seclen
)
990 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
991 OSSL_KDF_PARAM_SECRET
,
993 EVP_PKEY_CTRL_TLS_SECRET
,
997 int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX
*ctx
,
998 const unsigned char *seed
, int seedlen
)
1000 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
1001 OSSL_KDF_PARAM_SEED
,
1003 EVP_PKEY_CTRL_TLS_SEED
,
1007 int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX
*ctx
, const EVP_MD
*md
)
1009 return evp_pkey_ctx_set_md(ctx
, md
, ctx
->op
.kex
.exchprovctx
== NULL
,
1010 OSSL_KDF_PARAM_DIGEST
,
1011 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_HKDF_MD
);
1014 int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX
*ctx
,
1015 const unsigned char *salt
, int saltlen
)
1017 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
1018 OSSL_KDF_PARAM_SALT
,
1020 EVP_PKEY_CTRL_HKDF_SALT
,
1024 int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX
*ctx
,
1025 const unsigned char *key
, int keylen
)
1027 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
1030 EVP_PKEY_CTRL_HKDF_KEY
,
1034 int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX
*ctx
,
1035 const unsigned char *info
, int infolen
)
1037 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
1038 OSSL_KDF_PARAM_INFO
,
1040 EVP_PKEY_CTRL_HKDF_INFO
,
1044 int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX
*ctx
, int mode
)
1046 OSSL_PARAM int_params
[2], *p
= int_params
;
1048 if (ctx
== NULL
|| !EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)) {
1049 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1050 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1054 /* TODO(3.0): Remove this eventually when no more legacy */
1055 if (ctx
->op
.kex
.exchprovctx
== NULL
)
1056 return EVP_PKEY_CTX_ctrl(ctx
, -1, EVP_PKEY_OP_DERIVE
,
1057 EVP_PKEY_CTRL_HKDF_MODE
, mode
, NULL
);
1061 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_VALUE
);
1065 *p
++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE
, &mode
);
1066 *p
= OSSL_PARAM_construct_end();
1068 return EVP_PKEY_CTX_set_params(ctx
, int_params
);
1071 int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX
*ctx
, const char *pass
,
1074 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
1075 OSSL_KDF_PARAM_PASSWORD
,
1078 (const unsigned char *)pass
, passlen
);
1081 int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX
*ctx
,
1082 const unsigned char *salt
, int saltlen
)
1084 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.kex
.exchprovctx
== NULL
,
1085 OSSL_KDF_PARAM_SALT
,
1087 EVP_PKEY_CTRL_SCRYPT_SALT
,
1091 static int evp_pkey_ctx_set_uint64(EVP_PKEY_CTX
*ctx
, const char *param
,
1092 int op
, int ctrl
, uint64_t val
)
1094 OSSL_PARAM uint64_params
[2], *p
= uint64_params
;
1096 if (ctx
== NULL
|| !EVP_PKEY_CTX_IS_DERIVE_OP(ctx
)) {
1097 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1098 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1102 /* TODO(3.0): Remove this eventually when no more legacy */
1103 if (ctx
->op
.kex
.exchprovctx
== NULL
)
1104 return EVP_PKEY_CTX_ctrl_uint64(ctx
, -1, op
, ctrl
, val
);
1106 *p
++ = OSSL_PARAM_construct_uint64(param
, &val
);
1107 *p
= OSSL_PARAM_construct_end();
1109 return EVP_PKEY_CTX_set_params(ctx
, uint64_params
);
1112 int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX
*ctx
, uint64_t n
)
1114 return evp_pkey_ctx_set_uint64(ctx
, OSSL_KDF_PARAM_SCRYPT_N
,
1115 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_SCRYPT_N
,
1119 int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX
*ctx
, uint64_t r
)
1121 return evp_pkey_ctx_set_uint64(ctx
, OSSL_KDF_PARAM_SCRYPT_R
,
1122 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_SCRYPT_R
,
1126 int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX
*ctx
, uint64_t p
)
1128 return evp_pkey_ctx_set_uint64(ctx
, OSSL_KDF_PARAM_SCRYPT_P
,
1129 EVP_PKEY_OP_DERIVE
, EVP_PKEY_CTRL_SCRYPT_P
,
1133 int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX
*ctx
,
1134 uint64_t maxmem_bytes
)
1136 return evp_pkey_ctx_set_uint64(ctx
, OSSL_KDF_PARAM_SCRYPT_MAXMEM
,
1138 EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES
,
1142 int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX
*ctx
, const unsigned char *key
,
1145 return evp_pkey_ctx_set1_octet_string(ctx
, ctx
->op
.keymgmt
.genctx
== NULL
,
1146 OSSL_PKEY_PARAM_PRIV_KEY
,
1148 EVP_PKEY_CTRL_SET_MAC_KEY
,
1152 int EVP_PKEY_CTX_set_kem_op(EVP_PKEY_CTX
*ctx
, const char *op
)
1154 OSSL_PARAM params
[2], *p
= params
;
1156 if (ctx
== NULL
|| op
== NULL
) {
1157 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_VALUE
);
1160 if (!EVP_PKEY_CTX_IS_KEM_OP(ctx
)) {
1161 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1164 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_KEM_PARAM_OPERATION
,
1166 *p
= OSSL_PARAM_construct_end();
1167 return EVP_PKEY_CTX_set_params(ctx
, params
);
1170 int evp_pkey_ctx_set1_id_prov(EVP_PKEY_CTX
*ctx
, const void *id
, int len
)
1172 OSSL_PARAM params
[2], *p
= params
;
1175 if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)) {
1176 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1177 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1181 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_DIST_ID
,
1183 * Cast away the const. This is
1184 * read only so should be safe
1186 (void *)id
, (size_t)len
);
1187 *p
++ = OSSL_PARAM_construct_end();
1189 ret
= evp_pkey_ctx_set_params_strict(ctx
, params
);
1191 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1195 int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX
*ctx
, const void *id
, int len
)
1197 return EVP_PKEY_CTX_ctrl(ctx
, -1, -1,
1198 EVP_PKEY_CTRL_SET1_ID
, (int)len
, (void*)(id
));
1201 static int get1_id_data(EVP_PKEY_CTX
*ctx
, void *id
, size_t *id_len
)
1204 void *tmp_id
= NULL
;
1205 OSSL_PARAM params
[2], *p
= params
;
1207 if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx
)) {
1208 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1209 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
1213 *p
++ = OSSL_PARAM_construct_octet_ptr(OSSL_PKEY_PARAM_DIST_ID
,
1215 *p
++ = OSSL_PARAM_construct_end();
1217 ret
= evp_pkey_ctx_get_params_strict(ctx
, params
);
1219 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1220 } else if (ret
> 0) {
1221 size_t tmp_id_len
= params
[0].return_size
;
1224 memcpy(id
, tmp_id
, tmp_id_len
);
1226 *id_len
= tmp_id_len
;
1231 int evp_pkey_ctx_get1_id_prov(EVP_PKEY_CTX
*ctx
, void *id
)
1233 return get1_id_data(ctx
, id
, NULL
);
1236 int evp_pkey_ctx_get1_id_len_prov(EVP_PKEY_CTX
*ctx
, size_t *id_len
)
1238 return get1_id_data(ctx
, NULL
, id_len
);
1241 int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX
*ctx
, void *id
)
1243 return EVP_PKEY_CTX_ctrl(ctx
, -1, -1, EVP_PKEY_CTRL_GET1_ID
, 0, (void*)id
);
1246 int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX
*ctx
, size_t *id_len
)
1248 return EVP_PKEY_CTX_ctrl(ctx
, -1, -1,
1249 EVP_PKEY_CTRL_GET1_ID_LEN
, 0, (void*)id_len
);
1252 static int evp_pkey_ctx_ctrl_int(EVP_PKEY_CTX
*ctx
, int keytype
, int optype
,
1253 int cmd
, int p1
, void *p2
)
1258 * If the method has a |digest_custom| function, we can relax the
1259 * operation type check, since this can be called before the operation
1262 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->digest_custom
== NULL
) {
1263 if (ctx
->operation
== EVP_PKEY_OP_UNDEFINED
) {
1264 ERR_raise(ERR_LIB_EVP
, EVP_R_NO_OPERATION_SET
);
1268 if ((optype
!= -1) && !(ctx
->operation
& optype
)) {
1269 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_OPERATION
);
1274 switch (evp_pkey_ctx_state(ctx
)) {
1275 case EVP_PKEY_STATE_PROVIDER
:
1276 return evp_pkey_ctx_ctrl_to_param(ctx
, keytype
, optype
, cmd
, p1
, p2
);
1277 case EVP_PKEY_STATE_UNKNOWN
:
1278 case EVP_PKEY_STATE_LEGACY
:
1279 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->ctrl
== NULL
) {
1280 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1283 if ((keytype
!= -1) && (ctx
->pmeth
->pkey_id
!= keytype
))
1286 ret
= ctx
->pmeth
->ctrl(ctx
, cmd
, p1
, p2
);
1289 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1295 int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX
*ctx
, int keytype
, int optype
,
1296 int cmd
, int p1
, void *p2
)
1301 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1304 /* If unsupported, we don't want that reported here */
1306 ret
= evp_pkey_ctx_store_cached_data(ctx
, keytype
, optype
,
1311 ERR_clear_last_mark();
1313 * If there was an error, there was an error.
1314 * If the operation isn't initialized yet, we also return, as
1315 * the saved values will be used then anyway.
1317 if (ret
< 1 || ctx
->operation
== EVP_PKEY_OP_UNDEFINED
)
1320 return evp_pkey_ctx_ctrl_int(ctx
, keytype
, optype
, cmd
, p1
, p2
);
1323 int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX
*ctx
, int keytype
, int optype
,
1324 int cmd
, uint64_t value
)
1326 return EVP_PKEY_CTX_ctrl(ctx
, keytype
, optype
, cmd
, 0, &value
);
1331 static int legacy_ctrl_str_to_param(EVP_PKEY_CTX
*ctx
, const char *name
,
1334 if (strcmp(name
, "md") == 0)
1335 name
= OSSL_ALG_PARAM_DIGEST
;
1336 else if (strcmp(name
, "rsa_padding_mode") == 0)
1337 name
= OSSL_ASYM_CIPHER_PARAM_PAD_MODE
;
1338 else if (strcmp(name
, "rsa_mgf1_md") == 0)
1339 name
= OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST
;
1340 else if (strcmp(name
, "rsa_oaep_md") == 0)
1341 name
= OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST
;
1342 else if (strcmp(name
, "rsa_oaep_label") == 0)
1343 name
= OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL
;
1344 else if (strcmp(name
, "rsa_pss_saltlen") == 0)
1345 name
= OSSL_SIGNATURE_PARAM_PSS_SALTLEN
;
1346 else if (strcmp(name
, "rsa_keygen_bits") == 0)
1347 name
= OSSL_PKEY_PARAM_RSA_BITS
;
1348 else if (strcmp(name
, "rsa_keygen_pubexp") == 0)
1349 name
= OSSL_PKEY_PARAM_RSA_E
;
1350 else if (strcmp(name
, "rsa_keygen_primes") == 0)
1351 name
= OSSL_PKEY_PARAM_RSA_PRIMES
;
1352 else if (strcmp(name
, "rsa_pss_keygen_md") == 0)
1353 name
= OSSL_PKEY_PARAM_RSA_DIGEST
;
1354 else if (strcmp(name
, "rsa_pss_keygen_mgf1_md") == 0)
1355 name
= OSSL_PKEY_PARAM_RSA_MGF1_DIGEST
;
1356 else if (strcmp(name
, "rsa_pss_keygen_saltlen") == 0)
1357 name
= OSSL_PKEY_PARAM_RSA_PSS_SALTLEN
;
1358 else if (strcmp(name
, "dsa_paramgen_bits") == 0)
1359 name
= OSSL_PKEY_PARAM_FFC_PBITS
;
1360 else if (strcmp(name
, "dsa_paramgen_q_bits") == 0)
1361 name
= OSSL_PKEY_PARAM_FFC_QBITS
;
1362 else if (strcmp(name
, "dsa_paramgen_md") == 0)
1363 name
= OSSL_PKEY_PARAM_FFC_DIGEST
;
1364 else if (strcmp(name
, "dh_paramgen_generator") == 0)
1365 name
= OSSL_PKEY_PARAM_DH_GENERATOR
;
1366 else if (strcmp(name
, "dh_paramgen_prime_len") == 0)
1367 name
= OSSL_PKEY_PARAM_FFC_PBITS
;
1368 else if (strcmp(name
, "dh_paramgen_subprime_len") == 0)
1369 name
= OSSL_PKEY_PARAM_FFC_QBITS
;
1370 else if (strcmp(name
, "dh_paramgen_type") == 0) {
1371 name
= OSSL_PKEY_PARAM_FFC_TYPE
;
1372 value
= ossl_dh_gen_type_id2name(atoi(value
));
1373 } else if (strcmp(name
, "dh_param") == 0)
1374 name
= OSSL_PKEY_PARAM_GROUP_NAME
;
1375 else if (strcmp(name
, "dh_rfc5114") == 0) {
1376 int num
= atoi(value
);
1378 name
= OSSL_PKEY_PARAM_GROUP_NAME
;
1380 ossl_ffc_named_group_get_name(ossl_ffc_uid_to_dh_named_group(num
));
1381 } else if (strcmp(name
, "dh_pad") == 0)
1382 name
= OSSL_EXCHANGE_PARAM_PAD
;
1383 else if (strcmp(name
, "ec_paramgen_curve") == 0)
1384 name
= OSSL_PKEY_PARAM_GROUP_NAME
;
1385 else if (strcmp(name
, "ecdh_cofactor_mode") == 0)
1386 name
= OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE
;
1387 else if (strcmp(name
, "ecdh_kdf_md") == 0)
1388 name
= OSSL_EXCHANGE_PARAM_KDF_DIGEST
;
1389 else if (strcmp(name
, "ec_param_enc") == 0)
1390 name
= OSSL_PKEY_PARAM_EC_ENCODING
;
1391 else if (strcmp(name
, "N") == 0)
1392 name
= OSSL_KDF_PARAM_SCRYPT_N
;
1396 * TODO(3.0) reduce the code above to only translate known legacy
1397 * string to the corresponding core name (see core_names.h), but
1398 * otherwise leave it to this code block to do the actual work.
1400 const OSSL_PARAM
*settable
= EVP_PKEY_CTX_settable_params(ctx
);
1401 OSSL_PARAM params
[2] = { OSSL_PARAM_END
, OSSL_PARAM_END
};
1405 if (!OSSL_PARAM_allocate_from_text(¶ms
[0], settable
, name
, value
,
1406 strlen(value
), &exists
)) {
1408 ERR_raise_data(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
,
1409 "name=%s,value=%s", name
, value
);
1414 if (EVP_PKEY_CTX_set_params(ctx
, params
))
1416 OPENSSL_free(params
[0].data
);
1421 >>>>>>> 4651c47010
... Fix external symbols related to dh keys
1422 static int evp_pkey_ctx_ctrl_str_int(EVP_PKEY_CTX
*ctx
,
1423 const char *name
, const char *value
)
1428 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1432 switch (evp_pkey_ctx_state(ctx
)) {
1433 case EVP_PKEY_STATE_PROVIDER
:
1434 return evp_pkey_ctx_ctrl_str_to_param(ctx
, name
, value
);
1435 case EVP_PKEY_STATE_UNKNOWN
:
1436 case EVP_PKEY_STATE_LEGACY
:
1437 if (ctx
== NULL
|| ctx
->pmeth
== NULL
|| ctx
->pmeth
->ctrl_str
== NULL
) {
1438 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1441 if (strcmp(name
, "digest") == 0)
1442 ret
= EVP_PKEY_CTX_md(ctx
,
1443 EVP_PKEY_OP_TYPE_SIG
| EVP_PKEY_OP_TYPE_CRYPT
,
1444 EVP_PKEY_CTRL_MD
, value
);
1446 ret
= ctx
->pmeth
->ctrl_str(ctx
, name
, value
);
1453 int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX
*ctx
,
1454 const char *name
, const char *value
)
1458 /* If unsupported, we don't want that reported here */
1460 ret
= evp_pkey_ctx_store_cached_data(ctx
, -1, -1, -1,
1461 name
, value
, strlen(value
) + 1);
1465 ERR_clear_last_mark();
1467 * If there was an error, there was an error.
1468 * If the operation isn't initialized yet, we also return, as
1469 * the saved values will be used then anyway.
1471 if (ret
< 1 || ctx
->operation
== EVP_PKEY_OP_UNDEFINED
)
1475 return evp_pkey_ctx_ctrl_str_int(ctx
, name
, value
);
1478 static int decode_cmd(int cmd
, const char *name
)
1482 * The consequence of the assertion not being true is that this
1483 * function will return -1, which will cause the calling functions
1484 * to signal that the command is unsupported... in non-debug mode.
1486 if (ossl_assert(name
!= NULL
))
1487 if (strcmp(name
, "distid") == 0 || strcmp(name
, "hexdistid") == 0)
1488 cmd
= EVP_PKEY_CTRL_SET1_ID
;
1494 static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX
*ctx
,
1495 int keytype
, int optype
,
1496 int cmd
, const char *name
,
1497 const void *data
, size_t data_len
)
1500 * Check that it's one of the supported commands. The ctrl commands
1501 * number cases here must correspond to the cases in the bottom switch
1504 switch (cmd
= decode_cmd(cmd
, name
)) {
1505 case EVP_PKEY_CTRL_SET1_ID
:
1508 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1512 if (keytype
!= -1) {
1513 switch (evp_pkey_ctx_state(ctx
)) {
1514 case EVP_PKEY_STATE_PROVIDER
:
1515 if (ctx
->keymgmt
== NULL
) {
1516 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1519 if (!EVP_KEYMGMT_is_a(ctx
->keymgmt
,
1520 evp_pkey_type2name(keytype
))) {
1521 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_OPERATION
);
1525 case EVP_PKEY_STATE_UNKNOWN
:
1526 case EVP_PKEY_STATE_LEGACY
:
1527 if (ctx
->pmeth
== NULL
) {
1528 ERR_raise(ERR_LIB_EVP
, EVP_R_COMMAND_NOT_SUPPORTED
);
1531 if (EVP_PKEY_type(ctx
->pmeth
->pkey_id
) != EVP_PKEY_type(keytype
)) {
1532 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_OPERATION
);
1538 if (optype
!= -1 && (ctx
->operation
& optype
) == 0) {
1539 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_OPERATION
);
1544 case EVP_PKEY_CTRL_SET1_ID
:
1545 evp_pkey_ctx_free_cached_data(ctx
, cmd
, name
);
1547 ctx
->cached_parameters
.dist_id_name
= OPENSSL_strdup(name
);
1548 if (ctx
->cached_parameters
.dist_id_name
== NULL
) {
1549 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
1554 ctx
->cached_parameters
.dist_id
= OPENSSL_memdup(data
, data_len
);
1555 if (ctx
->cached_parameters
.dist_id
== NULL
) {
1556 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
1560 ctx
->cached_parameters
.dist_id_set
= 1;
1561 ctx
->cached_parameters
.dist_id_len
= data_len
;
1567 static void evp_pkey_ctx_free_cached_data(EVP_PKEY_CTX
*ctx
,
1568 int cmd
, const char *name
)
1570 cmd
= decode_cmd(cmd
, name
);
1572 case EVP_PKEY_CTRL_SET1_ID
:
1573 OPENSSL_free(ctx
->cached_parameters
.dist_id
);
1574 OPENSSL_free(ctx
->cached_parameters
.dist_id_name
);
1575 ctx
->cached_parameters
.dist_id
= NULL
;
1576 ctx
->cached_parameters
.dist_id_name
= NULL
;
1581 static void evp_pkey_ctx_free_all_cached_data(EVP_PKEY_CTX
*ctx
)
1583 evp_pkey_ctx_free_cached_data(ctx
, EVP_PKEY_CTRL_SET1_ID
, NULL
);
1586 int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX
*ctx
)
1590 if (ret
&& ctx
->cached_parameters
.dist_id_set
) {
1591 const char *name
= ctx
->cached_parameters
.dist_id_name
;
1592 const void *val
= ctx
->cached_parameters
.dist_id
;
1593 size_t len
= ctx
->cached_parameters
.dist_id_len
;
1596 ret
= evp_pkey_ctx_ctrl_str_int(ctx
, name
, val
);
1598 ret
= evp_pkey_ctx_ctrl_int(ctx
, -1, ctx
->operation
,
1599 EVP_PKEY_CTRL_SET1_ID
,
1600 (int)len
, (void *)val
);
1606 OSSL_LIB_CTX
*EVP_PKEY_CTX_get0_libctx(EVP_PKEY_CTX
*ctx
)
1611 const char *EVP_PKEY_CTX_get0_propq(EVP_PKEY_CTX
*ctx
)
1613 return ctx
->propquery
;
1616 /* Utility functions to send a string of hex string to a ctrl */
1618 int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX
*ctx
, int cmd
, const char *str
)
1625 return ctx
->pmeth
->ctrl(ctx
, cmd
, len
, (void *)str
);
1628 int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX
*ctx
, int cmd
, const char *hex
)
1634 bin
= OPENSSL_hexstr2buf(hex
, &binlen
);
1637 if (binlen
<= INT_MAX
)
1638 rv
= ctx
->pmeth
->ctrl(ctx
, cmd
, binlen
, bin
);
1643 /* Pass a message digest to a ctrl */
1644 int EVP_PKEY_CTX_md(EVP_PKEY_CTX
*ctx
, int optype
, int cmd
, const char *md
)
1648 if (md
== NULL
|| (m
= EVP_get_digestbyname(md
)) == NULL
) {
1649 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_DIGEST
);
1652 return EVP_PKEY_CTX_ctrl(ctx
, -1, optype
, cmd
, 0, (void *)m
);
1655 int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX
*ctx
)
1657 return ctx
->operation
;
1660 void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX
*ctx
, int *dat
, int datlen
)
1662 ctx
->keygen_info
= dat
;
1663 ctx
->keygen_info_count
= datlen
;
1666 void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX
*ctx
, void *data
)
1671 void *EVP_PKEY_CTX_get_data(const EVP_PKEY_CTX
*ctx
)
1676 EVP_PKEY
*EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX
*ctx
)
1681 EVP_PKEY
*EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX
*ctx
)
1683 return ctx
->peerkey
;
1686 void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX
*ctx
, void *data
)
1688 ctx
->app_data
= data
;
1691 void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX
*ctx
)
1693 return ctx
->app_data
;
1696 void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD
*pmeth
,
1697 int (*init
) (EVP_PKEY_CTX
*ctx
))
1702 void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD
*pmeth
,
1703 int (*copy
) (EVP_PKEY_CTX
*dst
,
1704 const EVP_PKEY_CTX
*src
))
1709 void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD
*pmeth
,
1710 void (*cleanup
) (EVP_PKEY_CTX
*ctx
))
1712 pmeth
->cleanup
= cleanup
;
1715 void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD
*pmeth
,
1716 int (*paramgen_init
) (EVP_PKEY_CTX
*ctx
),
1717 int (*paramgen
) (EVP_PKEY_CTX
*ctx
,
1720 pmeth
->paramgen_init
= paramgen_init
;
1721 pmeth
->paramgen
= paramgen
;
1724 void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD
*pmeth
,
1725 int (*keygen_init
) (EVP_PKEY_CTX
*ctx
),
1726 int (*keygen
) (EVP_PKEY_CTX
*ctx
,
1729 pmeth
->keygen_init
= keygen_init
;
1730 pmeth
->keygen
= keygen
;
1733 void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD
*pmeth
,
1734 int (*sign_init
) (EVP_PKEY_CTX
*ctx
),
1735 int (*sign
) (EVP_PKEY_CTX
*ctx
,
1736 unsigned char *sig
, size_t *siglen
,
1737 const unsigned char *tbs
,
1740 pmeth
->sign_init
= sign_init
;
1744 void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD
*pmeth
,
1745 int (*verify_init
) (EVP_PKEY_CTX
*ctx
),
1746 int (*verify
) (EVP_PKEY_CTX
*ctx
,
1747 const unsigned char *sig
,
1749 const unsigned char *tbs
,
1752 pmeth
->verify_init
= verify_init
;
1753 pmeth
->verify
= verify
;
1756 void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD
*pmeth
,
1757 int (*verify_recover_init
) (EVP_PKEY_CTX
1759 int (*verify_recover
) (EVP_PKEY_CTX
1768 pmeth
->verify_recover_init
= verify_recover_init
;
1769 pmeth
->verify_recover
= verify_recover
;
1772 void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD
*pmeth
,
1773 int (*signctx_init
) (EVP_PKEY_CTX
*ctx
,
1775 int (*signctx
) (EVP_PKEY_CTX
*ctx
,
1780 pmeth
->signctx_init
= signctx_init
;
1781 pmeth
->signctx
= signctx
;
1784 void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD
*pmeth
,
1785 int (*verifyctx_init
) (EVP_PKEY_CTX
*ctx
,
1787 int (*verifyctx
) (EVP_PKEY_CTX
*ctx
,
1788 const unsigned char *sig
,
1792 pmeth
->verifyctx_init
= verifyctx_init
;
1793 pmeth
->verifyctx
= verifyctx
;
1796 void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD
*pmeth
,
1797 int (*encrypt_init
) (EVP_PKEY_CTX
*ctx
),
1798 int (*encryptfn
) (EVP_PKEY_CTX
*ctx
,
1801 const unsigned char *in
,
1804 pmeth
->encrypt_init
= encrypt_init
;
1805 pmeth
->encrypt
= encryptfn
;
1808 void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD
*pmeth
,
1809 int (*decrypt_init
) (EVP_PKEY_CTX
*ctx
),
1810 int (*decrypt
) (EVP_PKEY_CTX
*ctx
,
1813 const unsigned char *in
,
1816 pmeth
->decrypt_init
= decrypt_init
;
1817 pmeth
->decrypt
= decrypt
;
1820 void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD
*pmeth
,
1821 int (*derive_init
) (EVP_PKEY_CTX
*ctx
),
1822 int (*derive
) (EVP_PKEY_CTX
*ctx
,
1826 pmeth
->derive_init
= derive_init
;
1827 pmeth
->derive
= derive
;
1830 void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD
*pmeth
,
1831 int (*ctrl
) (EVP_PKEY_CTX
*ctx
, int type
, int p1
,
1833 int (*ctrl_str
) (EVP_PKEY_CTX
*ctx
,
1838 pmeth
->ctrl_str
= ctrl_str
;
1841 void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD
*pmeth
,
1842 int (*digestsign
) (EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
1843 const unsigned char *tbs
, size_t tbslen
))
1845 pmeth
->digestsign
= digestsign
;
1848 void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD
*pmeth
,
1849 int (*digestverify
) (EVP_MD_CTX
*ctx
, const unsigned char *sig
,
1850 size_t siglen
, const unsigned char *tbs
,
1853 pmeth
->digestverify
= digestverify
;
1856 void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD
*pmeth
,
1857 int (*check
) (EVP_PKEY
*pkey
))
1859 pmeth
->check
= check
;
1862 void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD
*pmeth
,
1863 int (*check
) (EVP_PKEY
*pkey
))
1865 pmeth
->public_check
= check
;
1868 void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD
*pmeth
,
1869 int (*check
) (EVP_PKEY
*pkey
))
1871 pmeth
->param_check
= check
;
1874 void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD
*pmeth
,
1875 int (*digest_custom
) (EVP_PKEY_CTX
*ctx
,
1878 pmeth
->digest_custom
= digest_custom
;
1881 void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD
*pmeth
,
1882 int (**pinit
) (EVP_PKEY_CTX
*ctx
))
1884 *pinit
= pmeth
->init
;
1887 void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD
*pmeth
,
1888 int (**pcopy
) (EVP_PKEY_CTX
*dst
,
1889 const EVP_PKEY_CTX
*src
))
1891 *pcopy
= pmeth
->copy
;
1894 void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD
*pmeth
,
1895 void (**pcleanup
) (EVP_PKEY_CTX
*ctx
))
1897 *pcleanup
= pmeth
->cleanup
;
1900 void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD
*pmeth
,
1901 int (**pparamgen_init
) (EVP_PKEY_CTX
*ctx
),
1902 int (**pparamgen
) (EVP_PKEY_CTX
*ctx
,
1906 *pparamgen_init
= pmeth
->paramgen_init
;
1908 *pparamgen
= pmeth
->paramgen
;
1911 void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD
*pmeth
,
1912 int (**pkeygen_init
) (EVP_PKEY_CTX
*ctx
),
1913 int (**pkeygen
) (EVP_PKEY_CTX
*ctx
,
1917 *pkeygen_init
= pmeth
->keygen_init
;
1919 *pkeygen
= pmeth
->keygen
;
1922 void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD
*pmeth
,
1923 int (**psign_init
) (EVP_PKEY_CTX
*ctx
),
1924 int (**psign
) (EVP_PKEY_CTX
*ctx
,
1925 unsigned char *sig
, size_t *siglen
,
1926 const unsigned char *tbs
,
1930 *psign_init
= pmeth
->sign_init
;
1932 *psign
= pmeth
->sign
;
1935 void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD
*pmeth
,
1936 int (**pverify_init
) (EVP_PKEY_CTX
*ctx
),
1937 int (**pverify
) (EVP_PKEY_CTX
*ctx
,
1938 const unsigned char *sig
,
1940 const unsigned char *tbs
,
1944 *pverify_init
= pmeth
->verify_init
;
1946 *pverify
= pmeth
->verify
;
1949 void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD
*pmeth
,
1950 int (**pverify_recover_init
) (EVP_PKEY_CTX
1952 int (**pverify_recover
) (EVP_PKEY_CTX
1961 if (pverify_recover_init
)
1962 *pverify_recover_init
= pmeth
->verify_recover_init
;
1963 if (pverify_recover
)
1964 *pverify_recover
= pmeth
->verify_recover
;
1967 void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD
*pmeth
,
1968 int (**psignctx_init
) (EVP_PKEY_CTX
*ctx
,
1970 int (**psignctx
) (EVP_PKEY_CTX
*ctx
,
1976 *psignctx_init
= pmeth
->signctx_init
;
1978 *psignctx
= pmeth
->signctx
;
1981 void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD
*pmeth
,
1982 int (**pverifyctx_init
) (EVP_PKEY_CTX
*ctx
,
1984 int (**pverifyctx
) (EVP_PKEY_CTX
*ctx
,
1985 const unsigned char *sig
,
1989 if (pverifyctx_init
)
1990 *pverifyctx_init
= pmeth
->verifyctx_init
;
1992 *pverifyctx
= pmeth
->verifyctx
;
1995 void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD
*pmeth
,
1996 int (**pencrypt_init
) (EVP_PKEY_CTX
*ctx
),
1997 int (**pencryptfn
) (EVP_PKEY_CTX
*ctx
,
2000 const unsigned char *in
,
2004 *pencrypt_init
= pmeth
->encrypt_init
;
2006 *pencryptfn
= pmeth
->encrypt
;
2009 void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD
*pmeth
,
2010 int (**pdecrypt_init
) (EVP_PKEY_CTX
*ctx
),
2011 int (**pdecrypt
) (EVP_PKEY_CTX
*ctx
,
2014 const unsigned char *in
,
2018 *pdecrypt_init
= pmeth
->decrypt_init
;
2020 *pdecrypt
= pmeth
->decrypt
;
2023 void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD
*pmeth
,
2024 int (**pderive_init
) (EVP_PKEY_CTX
*ctx
),
2025 int (**pderive
) (EVP_PKEY_CTX
*ctx
,
2030 *pderive_init
= pmeth
->derive_init
;
2032 *pderive
= pmeth
->derive
;
2035 void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD
*pmeth
,
2036 int (**pctrl
) (EVP_PKEY_CTX
*ctx
, int type
, int p1
,
2038 int (**pctrl_str
) (EVP_PKEY_CTX
*ctx
,
2043 *pctrl
= pmeth
->ctrl
;
2045 *pctrl_str
= pmeth
->ctrl_str
;
2048 void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD
*pmeth
,
2049 int (**digestsign
) (EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
2050 const unsigned char *tbs
, size_t tbslen
))
2053 *digestsign
= pmeth
->digestsign
;
2056 void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD
*pmeth
,
2057 int (**digestverify
) (EVP_MD_CTX
*ctx
, const unsigned char *sig
,
2058 size_t siglen
, const unsigned char *tbs
,
2062 *digestverify
= pmeth
->digestverify
;
2065 void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD
*pmeth
,
2066 int (**pcheck
) (EVP_PKEY
*pkey
))
2069 *pcheck
= pmeth
->check
;
2072 void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD
*pmeth
,
2073 int (**pcheck
) (EVP_PKEY
*pkey
))
2076 *pcheck
= pmeth
->public_check
;
2079 void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD
*pmeth
,
2080 int (**pcheck
) (EVP_PKEY
*pkey
))
2083 *pcheck
= pmeth
->param_check
;
2086 void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD
*pmeth
,
2087 int (**pdigest_custom
) (EVP_PKEY_CTX
*ctx
,
2090 if (pdigest_custom
!= NULL
)
2091 *pdigest_custom
= pmeth
->digest_custom
;
2094 #endif /* FIPS_MODULE */