1 /* 2 * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * Low level key APIs (DH etc) are deprecated for public use, but still ok for 12 * internal use. 13 */ 14 #include "internal/deprecated.h" 15 16 #include <stdio.h> 17 #include <stdlib.h> 18 #ifndef FIPS_MODULE 19 # include <openssl/engine.h> 20 #endif 21 #include <openssl/evp.h> 22 #include <openssl/core_names.h> 23 #include <openssl/dh.h> 24 #include <openssl/rsa.h> 25 #include <openssl/kdf.h> 26 #include "internal/cryptlib.h" 27 #ifndef FIPS_MODULE 28 # include "crypto/asn1.h" 29 #endif 30 #include "crypto/evp.h" 31 #include "crypto/dh.h" 32 #include "crypto/ec.h" 33 #include "internal/ffc.h" 34 #include "internal/numbers.h" 35 #include "internal/provider.h" 36 #include "evp_local.h" 37 38 #ifndef FIPS_MODULE 39 40 static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx, 41 int keytype, int optype, 42 int cmd, const char *name, 43 const void *data, size_t data_len); 44 static void evp_pkey_ctx_free_cached_data(EVP_PKEY_CTX *ctx, 45 int cmd, const char *name); 46 static void evp_pkey_ctx_free_all_cached_data(EVP_PKEY_CTX *ctx); 47 48 typedef const EVP_PKEY_METHOD *(*pmeth_fn)(void); 49 typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); 50 51 static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; 52 53 /* This array needs to be in order of NIDs */ 54 static pmeth_fn standard_methods[] = { 55 ossl_rsa_pkey_method, 56 # ifndef OPENSSL_NO_DH 57 ossl_dh_pkey_method, 58 # endif 59 # ifndef OPENSSL_NO_DSA 60 ossl_dsa_pkey_method, 61 # endif 62 # ifndef OPENSSL_NO_EC 63 ossl_ec_pkey_method, 64 # endif 65 ossl_rsa_pss_pkey_method, 66 # ifndef OPENSSL_NO_DH 67 ossl_dhx_pkey_method, 68 # endif 69 # ifndef OPENSSL_NO_EC 70 ossl_ecx25519_pkey_method, 71 ossl_ecx448_pkey_method, 72 # endif 73 # ifndef OPENSSL_NO_EC 74 ossl_ed25519_pkey_method, 75 ossl_ed448_pkey_method, 76 # endif 77 }; 78 79 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, pmeth_fn, pmeth_func); 80 81 static int pmeth_func_cmp(const EVP_PKEY_METHOD *const *a, pmeth_fn const *b) 82 { 83 return ((*a)->pkey_id - ((**b)())->pkey_id); 84 } 85 86 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, pmeth_fn, pmeth_func); 87 88 static int pmeth_cmp(const EVP_PKEY_METHOD *const *a, 89 const EVP_PKEY_METHOD *const *b) 90 { 91 return ((*a)->pkey_id - (*b)->pkey_id); 92 } 93 94 static const EVP_PKEY_METHOD *evp_pkey_meth_find_added_by_application(int type) 95 { 96 if (app_pkey_methods != NULL) { 97 int idx; 98 EVP_PKEY_METHOD tmp; 99 100 tmp.pkey_id = type; 101 idx = sk_EVP_PKEY_METHOD_find(app_pkey_methods, &tmp); 102 if (idx >= 0) 103 return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx); 104 } 105 return NULL; 106 } 107 108 const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type) 109 { 110 pmeth_fn *ret; 111 EVP_PKEY_METHOD tmp; 112 const EVP_PKEY_METHOD *t; 113 114 if ((t = evp_pkey_meth_find_added_by_application(type)) != NULL) 115 return t; 116 117 tmp.pkey_id = type; 118 t = &tmp; 119 ret = OBJ_bsearch_pmeth_func(&t, standard_methods, 120 OSSL_NELEM(standard_methods)); 121 if (ret == NULL || *ret == NULL) 122 return NULL; 123 return (**ret)(); 124 } 125 126 EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) 127 { 128 EVP_PKEY_METHOD *pmeth; 129 130 pmeth = OPENSSL_zalloc(sizeof(*pmeth)); 131 if (pmeth == NULL) { 132 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); 133 return NULL; 134 } 135 136 pmeth->pkey_id = id; 137 pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; 138 return pmeth; 139 } 140 141 static void help_get_legacy_alg_type_from_keymgmt(const char *keytype, 142 void *arg) 143 { 144 int *type = arg; 145 146 if (*type == NID_undef) 147 *type = evp_pkey_name2type(keytype); 148 } 149 150 static int get_legacy_alg_type_from_keymgmt(const EVP_KEYMGMT *keymgmt) 151 { 152 int type = NID_undef; 153 154 EVP_KEYMGMT_names_do_all(keymgmt, help_get_legacy_alg_type_from_keymgmt, 155 &type); 156 return type; 157 } 158 #endif /* FIPS_MODULE */ 159 160 int evp_pkey_ctx_state(const EVP_PKEY_CTX *ctx) 161 { 162 if (ctx->operation == EVP_PKEY_OP_UNDEFINED) 163 return EVP_PKEY_STATE_UNKNOWN; 164 165 if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx) 166 && ctx->op.kex.algctx != NULL) 167 || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) 168 && ctx->op.sig.algctx != NULL) 169 || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) 170 && ctx->op.ciph.algctx != NULL) 171 || (EVP_PKEY_CTX_IS_GEN_OP(ctx) 172 && ctx->op.keymgmt.genctx != NULL) 173 || (EVP_PKEY_CTX_IS_KEM_OP(ctx) 174 && ctx->op.encap.algctx != NULL)) 175 return EVP_PKEY_STATE_PROVIDER; 176 177 return EVP_PKEY_STATE_LEGACY; 178 } 179 180 static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, 181 EVP_PKEY *pkey, ENGINE *e, 182 const char *keytype, const char *propquery, 183 int id) 184 185 { 186 EVP_PKEY_CTX *ret = NULL; 187 const EVP_PKEY_METHOD *pmeth = NULL, *app_pmeth = NULL; 188 EVP_KEYMGMT *keymgmt = NULL; 189 190 /* Code below to be removed when legacy support is dropped. */ 191 /* BEGIN legacy */ 192 if (id == -1) { 193 if (pkey != NULL && !evp_pkey_is_provided(pkey)) { 194 id = pkey->type; 195 } else { 196 if (pkey != NULL) { 197 /* Must be provided if we get here */ 198 keytype = EVP_KEYMGMT_get0_name(pkey->keymgmt); 199 } 200 #ifndef FIPS_MODULE 201 if (keytype != NULL) { 202 id = evp_pkey_name2type(keytype); 203 if (id == NID_undef) 204 id = -1; 205 } 206 #endif 207 } 208 } 209 /* If no ID was found here, we can only resort to find a keymgmt */ 210 if (id == -1) { 211 #ifndef FIPS_MODULE 212 /* Using engine with a key without id will not work */ 213 if (e != NULL) { 214 ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_ALGORITHM); 215 return NULL; 216 } 217 #endif 218 goto common; 219 } 220 221 #ifndef FIPS_MODULE 222 /* 223 * Here, we extract what information we can for the purpose of 224 * supporting usage with implementations from providers, to make 225 * for a smooth transition from legacy stuff to provider based stuff. 226 * 227 * If an engine is given, this is entirely legacy, and we should not 228 * pretend anything else, so we clear the name. 229 */ 230 if (e != NULL) 231 keytype = NULL; 232 if (e == NULL && (pkey == NULL || pkey->foreign == 0)) 233 keytype = OBJ_nid2sn(id); 234 235 # ifndef OPENSSL_NO_ENGINE 236 if (e == NULL && pkey != NULL) 237 e = pkey->pmeth_engine != NULL ? pkey->pmeth_engine : pkey->engine; 238 /* Try to find an ENGINE which implements this method */ 239 if (e != NULL) { 240 if (!ENGINE_init(e)) { 241 ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB); 242 return NULL; 243 } 244 } else { 245 e = ENGINE_get_pkey_meth_engine(id); 246 } 247 248 /* 249 * If an ENGINE handled this method look it up. Otherwise use internal 250 * tables. 251 */ 252 if (e != NULL) 253 pmeth = ENGINE_get_pkey_meth(e, id); 254 else if (pkey != NULL && pkey->foreign) 255 pmeth = EVP_PKEY_meth_find(id); 256 else 257 # endif 258 app_pmeth = pmeth = evp_pkey_meth_find_added_by_application(id); 259 260 /* END legacy */ 261 #endif /* FIPS_MODULE */ 262 common: 263 /* 264 * If there's no engine and no app supplied pmeth and there's a name, we try 265 * fetching a provider implementation. 266 */ 267 if (e == NULL && app_pmeth == NULL && keytype != NULL) { 268 /* 269 * If |pkey| is given and is provided, we take a reference to its 270 * keymgmt. Otherwise, we fetch one for the keytype we got. This 271 * is to ensure that operation init functions can access what they 272 * need through this single pointer. 273 */ 274 if (pkey != NULL && pkey->keymgmt != NULL) { 275 if (!EVP_KEYMGMT_up_ref(pkey->keymgmt)) 276 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); 277 else 278 keymgmt = pkey->keymgmt; 279 } else { 280 keymgmt = EVP_KEYMGMT_fetch(libctx, keytype, propquery); 281 } 282 if (keymgmt == NULL) 283 return NULL; /* EVP_KEYMGMT_fetch() recorded an error */ 284 285 #ifndef FIPS_MODULE 286 /* 287 * Chase down the legacy NID, as that might be needed for diverse 288 * purposes, such as ensure that EVP_PKEY_type() can return sensible 289 * values. We go through all keymgmt names, because the keytype 290 * that's passed to this function doesn't necessarily translate 291 * directly. 292 */ 293 if (keymgmt != NULL) { 294 int tmp_id = get_legacy_alg_type_from_keymgmt(keymgmt); 295 296 if (tmp_id != NID_undef) { 297 if (id == -1) { 298 id = tmp_id; 299 } else { 300 /* 301 * It really really shouldn't differ. If it still does, 302 * something is very wrong. 303 */ 304 if (!ossl_assert(id == tmp_id)) { 305 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); 306 EVP_KEYMGMT_free(keymgmt); 307 return NULL; 308 } 309 } 310 } 311 } 312 #endif 313 } 314 315 if (pmeth == NULL && keymgmt == NULL) { 316 ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_ALGORITHM); 317 } else { 318 ret = OPENSSL_zalloc(sizeof(*ret)); 319 if (ret == NULL) 320 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); 321 } 322 323 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) 324 if ((ret == NULL || pmeth == NULL) && e != NULL) 325 ENGINE_finish(e); 326 #endif 327 328 if (ret == NULL) { 329 EVP_KEYMGMT_free(keymgmt); 330 return NULL; 331 } 332 if (propquery != NULL) { 333 ret->propquery = OPENSSL_strdup(propquery); 334 if (ret->propquery == NULL) { 335 OPENSSL_free(ret); 336 EVP_KEYMGMT_free(keymgmt); 337 return NULL; 338 } 339 } 340 ret->libctx = libctx; 341 ret->keytype = keytype; 342 ret->keymgmt = keymgmt; 343 ret->legacy_keytype = id; 344 ret->engine = e; 345 ret->pmeth = pmeth; 346 ret->operation = EVP_PKEY_OP_UNDEFINED; 347 ret->pkey = pkey; 348 if (pkey != NULL) 349 EVP_PKEY_up_ref(pkey); 350 351 if (pmeth != NULL && pmeth->init != NULL) { 352 if (pmeth->init(ret) <= 0) { 353 ret->pmeth = NULL; 354 EVP_PKEY_CTX_free(ret); 355 return NULL; 356 } 357 } 358 359 return ret; 360 } 361 362 /*- All methods below can also be used in FIPS_MODULE */ 363 364 EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OSSL_LIB_CTX *libctx, 365 const char *name, 366 const char *propquery) 367 { 368 return int_ctx_new(libctx, NULL, NULL, name, propquery, -1); 369 } 370 371 EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX *libctx, EVP_PKEY *pkey, 372 const char *propquery) 373 { 374 return int_ctx_new(libctx, pkey, NULL, NULL, propquery, -1); 375 } 376 377 void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx) 378 { 379 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) { 380 if (ctx->op.sig.algctx != NULL && ctx->op.sig.signature != NULL) 381 ctx->op.sig.signature->freectx(ctx->op.sig.algctx); 382 EVP_SIGNATURE_free(ctx->op.sig.signature); 383 ctx->op.sig.algctx = NULL; 384 ctx->op.sig.signature = NULL; 385 } else if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { 386 if (ctx->op.kex.algctx != NULL && ctx->op.kex.exchange != NULL) 387 ctx->op.kex.exchange->freectx(ctx->op.kex.algctx); 388 EVP_KEYEXCH_free(ctx->op.kex.exchange); 389 ctx->op.kex.algctx = NULL; 390 ctx->op.kex.exchange = NULL; 391 } else if (EVP_PKEY_CTX_IS_KEM_OP(ctx)) { 392 if (ctx->op.encap.algctx != NULL && ctx->op.encap.kem != NULL) 393 ctx->op.encap.kem->freectx(ctx->op.encap.algctx); 394 EVP_KEM_free(ctx->op.encap.kem); 395 ctx->op.encap.algctx = NULL; 396 ctx->op.encap.kem = NULL; 397 } 398 else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) { 399 if (ctx->op.ciph.algctx != NULL && ctx->op.ciph.cipher != NULL) 400 ctx->op.ciph.cipher->freectx(ctx->op.ciph.algctx); 401 EVP_ASYM_CIPHER_free(ctx->op.ciph.cipher); 402 ctx->op.ciph.algctx = NULL; 403 ctx->op.ciph.cipher = NULL; 404 } else if (EVP_PKEY_CTX_IS_GEN_OP(ctx)) { 405 if (ctx->op.keymgmt.genctx != NULL && ctx->keymgmt != NULL) 406 evp_keymgmt_gen_cleanup(ctx->keymgmt, ctx->op.keymgmt.genctx); 407 } 408 } 409 410 void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) 411 { 412 if (ctx == NULL) 413 return; 414 if (ctx->pmeth && ctx->pmeth->cleanup) 415 ctx->pmeth->cleanup(ctx); 416 417 evp_pkey_ctx_free_old_ops(ctx); 418 #ifndef FIPS_MODULE 419 evp_pkey_ctx_free_all_cached_data(ctx); 420 #endif 421 EVP_KEYMGMT_free(ctx->keymgmt); 422 423 OPENSSL_free(ctx->propquery); 424 EVP_PKEY_free(ctx->pkey); 425 EVP_PKEY_free(ctx->peerkey); 426 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) 427 ENGINE_finish(ctx->engine); 428 #endif 429 BN_free(ctx->rsa_pubexp); 430 OPENSSL_free(ctx); 431 } 432 433 #ifndef FIPS_MODULE 434 435 void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, 436 const EVP_PKEY_METHOD *meth) 437 { 438 if (ppkey_id) 439 *ppkey_id = meth->pkey_id; 440 if (pflags) 441 *pflags = meth->flags; 442 } 443 444 void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src) 445 { 446 int pkey_id = dst->pkey_id; 447 int flags = dst->flags; 448 449 *dst = *src; 450 451 /* We only copy the function pointers so restore the other values */ 452 dst->pkey_id = pkey_id; 453 dst->flags = flags; 454 } 455 456 void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth) 457 { 458 if (pmeth && (pmeth->flags & EVP_PKEY_FLAG_DYNAMIC)) 459 OPENSSL_free(pmeth); 460 } 461 462 EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e) 463 { 464 return int_ctx_new(NULL, pkey, e, NULL, NULL, -1); 465 } 466 467 EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e) 468 { 469 return int_ctx_new(NULL, NULL, e, NULL, NULL, id); 470 } 471 472 EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) 473 { 474 EVP_PKEY_CTX *rctx; 475 476 # ifndef OPENSSL_NO_ENGINE 477 /* Make sure it's safe to copy a pkey context using an ENGINE */ 478 if (pctx->engine && !ENGINE_init(pctx->engine)) { 479 ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB); 480 return 0; 481 } 482 # endif 483 rctx = OPENSSL_zalloc(sizeof(*rctx)); 484 if (rctx == NULL) { 485 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); 486 return NULL; 487 } 488 489 if (pctx->pkey != NULL) 490 EVP_PKEY_up_ref(pctx->pkey); 491 rctx->pkey = pctx->pkey; 492 rctx->operation = pctx->operation; 493 rctx->libctx = pctx->libctx; 494 rctx->keytype = pctx->keytype; 495 rctx->propquery = NULL; 496 if (pctx->propquery != NULL) { 497 rctx->propquery = OPENSSL_strdup(pctx->propquery); 498 if (rctx->propquery == NULL) 499 goto err; 500 } 501 rctx->legacy_keytype = pctx->legacy_keytype; 502 503 if (EVP_PKEY_CTX_IS_DERIVE_OP(pctx)) { 504 if (pctx->op.kex.exchange != NULL) { 505 rctx->op.kex.exchange = pctx->op.kex.exchange; 506 if (!EVP_KEYEXCH_up_ref(rctx->op.kex.exchange)) 507 goto err; 508 } 509 if (pctx->op.kex.algctx != NULL) { 510 if (!ossl_assert(pctx->op.kex.exchange != NULL)) 511 goto err; 512 513 if (pctx->op.kex.exchange->dupctx != NULL) 514 rctx->op.kex.algctx 515 = pctx->op.kex.exchange->dupctx(pctx->op.kex.algctx); 516 517 if (rctx->op.kex.algctx == NULL) { 518 EVP_KEYEXCH_free(rctx->op.kex.exchange); 519 rctx->op.kex.exchange = NULL; 520 goto err; 521 } 522 return rctx; 523 } 524 } else if (EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx)) { 525 if (pctx->op.sig.signature != NULL) { 526 rctx->op.sig.signature = pctx->op.sig.signature; 527 if (!EVP_SIGNATURE_up_ref(rctx->op.sig.signature)) 528 goto err; 529 } 530 if (pctx->op.sig.algctx != NULL) { 531 if (!ossl_assert(pctx->op.sig.signature != NULL)) 532 goto err; 533 534 if (pctx->op.sig.signature->dupctx != NULL) 535 rctx->op.sig.algctx 536 = pctx->op.sig.signature->dupctx(pctx->op.sig.algctx); 537 538 if (rctx->op.sig.algctx == NULL) { 539 EVP_SIGNATURE_free(rctx->op.sig.signature); 540 rctx->op.sig.signature = NULL; 541 goto err; 542 } 543 return rctx; 544 } 545 } else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(pctx)) { 546 if (pctx->op.ciph.cipher != NULL) { 547 rctx->op.ciph.cipher = pctx->op.ciph.cipher; 548 if (!EVP_ASYM_CIPHER_up_ref(rctx->op.ciph.cipher)) 549 goto err; 550 } 551 if (pctx->op.ciph.algctx != NULL) { 552 if (!ossl_assert(pctx->op.ciph.cipher != NULL)) 553 goto err; 554 555 if (pctx->op.ciph.cipher->dupctx != NULL) 556 rctx->op.ciph.algctx 557 = pctx->op.ciph.cipher->dupctx(pctx->op.ciph.algctx); 558 559 if (rctx->op.ciph.algctx == NULL) { 560 EVP_ASYM_CIPHER_free(rctx->op.ciph.cipher); 561 rctx->op.ciph.cipher = NULL; 562 goto err; 563 } 564 return rctx; 565 } 566 } else if (EVP_PKEY_CTX_IS_KEM_OP(pctx)) { 567 if (pctx->op.encap.kem != NULL) { 568 rctx->op.encap.kem = pctx->op.encap.kem; 569 if (!EVP_KEM_up_ref(rctx->op.encap.kem)) 570 goto err; 571 } 572 if (pctx->op.encap.algctx != NULL) { 573 if (!ossl_assert(pctx->op.encap.kem != NULL)) 574 goto err; 575 576 if (pctx->op.encap.kem->dupctx != NULL) 577 rctx->op.encap.algctx 578 = pctx->op.encap.kem->dupctx(pctx->op.encap.algctx); 579 580 if (rctx->op.encap.algctx == NULL) { 581 EVP_KEM_free(rctx->op.encap.kem); 582 rctx->op.encap.kem = NULL; 583 goto err; 584 } 585 return rctx; 586 } 587 } else if (EVP_PKEY_CTX_IS_GEN_OP(pctx)) { 588 /* Not supported - This would need a gen_dupctx() to work */ 589 goto err; 590 } 591 592 rctx->pmeth = pctx->pmeth; 593 # ifndef OPENSSL_NO_ENGINE 594 rctx->engine = pctx->engine; 595 # endif 596 597 if (pctx->peerkey != NULL) 598 EVP_PKEY_up_ref(pctx->peerkey); 599 rctx->peerkey = pctx->peerkey; 600 601 if (pctx->pmeth == NULL) { 602 if (rctx->operation == EVP_PKEY_OP_UNDEFINED) { 603 EVP_KEYMGMT *tmp_keymgmt = pctx->keymgmt; 604 void *provkey; 605 606 provkey = evp_pkey_export_to_provider(pctx->pkey, pctx->libctx, 607 &tmp_keymgmt, pctx->propquery); 608 if (provkey == NULL) 609 goto err; 610 if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) 611 goto err; 612 EVP_KEYMGMT_free(rctx->keymgmt); 613 rctx->keymgmt = tmp_keymgmt; 614 return rctx; 615 } 616 } else if (pctx->pmeth->copy(rctx, pctx) > 0) { 617 return rctx; 618 } 619 err: 620 rctx->pmeth = NULL; 621 EVP_PKEY_CTX_free(rctx); 622 return NULL; 623 } 624 625 int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth) 626 { 627 if (app_pkey_methods == NULL) { 628 app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp); 629 if (app_pkey_methods == NULL){ 630 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); 631 return 0; 632 } 633 } 634 if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) { 635 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); 636 return 0; 637 } 638 sk_EVP_PKEY_METHOD_sort(app_pkey_methods); 639 return 1; 640 } 641 642 void evp_app_cleanup_int(void) 643 { 644 if (app_pkey_methods != NULL) 645 sk_EVP_PKEY_METHOD_pop_free(app_pkey_methods, EVP_PKEY_meth_free); 646 } 647 648 int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth) 649 { 650 const EVP_PKEY_METHOD *ret; 651 652 ret = sk_EVP_PKEY_METHOD_delete_ptr(app_pkey_methods, pmeth); 653 654 return ret == NULL ? 0 : 1; 655 } 656 657 size_t EVP_PKEY_meth_get_count(void) 658 { 659 size_t rv = OSSL_NELEM(standard_methods); 660 661 if (app_pkey_methods) 662 rv += sk_EVP_PKEY_METHOD_num(app_pkey_methods); 663 return rv; 664 } 665 666 const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx) 667 { 668 if (idx < OSSL_NELEM(standard_methods)) 669 return (standard_methods[idx])(); 670 if (app_pkey_methods == NULL) 671 return NULL; 672 idx -= OSSL_NELEM(standard_methods); 673 if (idx >= (size_t)sk_EVP_PKEY_METHOD_num(app_pkey_methods)) 674 return NULL; 675 return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx); 676 } 677 #endif 678 679 int EVP_PKEY_CTX_is_a(EVP_PKEY_CTX *ctx, const char *keytype) 680 { 681 #ifndef FIPS_MODULE 682 if (evp_pkey_ctx_is_legacy(ctx)) 683 return (ctx->pmeth->pkey_id == evp_pkey_name2type(keytype)); 684 #endif 685 return EVP_KEYMGMT_is_a(ctx->keymgmt, keytype); 686 } 687 688 int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params) 689 { 690 switch (evp_pkey_ctx_state(ctx)) { 691 case EVP_PKEY_STATE_PROVIDER: 692 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) 693 && ctx->op.kex.exchange != NULL 694 && ctx->op.kex.exchange->set_ctx_params != NULL) 695 return 696 ctx->op.kex.exchange->set_ctx_params(ctx->op.kex.algctx, 697 params); 698 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) 699 && ctx->op.sig.signature != NULL 700 && ctx->op.sig.signature->set_ctx_params != NULL) 701 return 702 ctx->op.sig.signature->set_ctx_params(ctx->op.sig.algctx, 703 params); 704 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) 705 && ctx->op.ciph.cipher != NULL 706 && ctx->op.ciph.cipher->set_ctx_params != NULL) 707 return 708 ctx->op.ciph.cipher->set_ctx_params(ctx->op.ciph.algctx, 709 params); 710 if (EVP_PKEY_CTX_IS_GEN_OP(ctx) 711 && ctx->keymgmt != NULL 712 && ctx->keymgmt->gen_set_params != NULL) 713 return 714 evp_keymgmt_gen_set_params(ctx->keymgmt, ctx->op.keymgmt.genctx, 715 params); 716 if (EVP_PKEY_CTX_IS_KEM_OP(ctx) 717 && ctx->op.encap.kem != NULL 718 && ctx->op.encap.kem->set_ctx_params != NULL) 719 return 720 ctx->op.encap.kem->set_ctx_params(ctx->op.encap.algctx, 721 params); 722 break; 723 #ifndef FIPS_MODULE 724 case EVP_PKEY_STATE_UNKNOWN: 725 case EVP_PKEY_STATE_LEGACY: 726 return evp_pkey_ctx_set_params_to_ctrl(ctx, params); 727 #endif 728 } 729 return 0; 730 } 731 732 int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) 733 { 734 switch (evp_pkey_ctx_state(ctx)) { 735 case EVP_PKEY_STATE_PROVIDER: 736 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) 737 && ctx->op.kex.exchange != NULL 738 && ctx->op.kex.exchange->get_ctx_params != NULL) 739 return 740 ctx->op.kex.exchange->get_ctx_params(ctx->op.kex.algctx, 741 params); 742 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) 743 && ctx->op.sig.signature != NULL 744 && ctx->op.sig.signature->get_ctx_params != NULL) 745 return 746 ctx->op.sig.signature->get_ctx_params(ctx->op.sig.algctx, 747 params); 748 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) 749 && ctx->op.ciph.cipher != NULL 750 && ctx->op.ciph.cipher->get_ctx_params != NULL) 751 return 752 ctx->op.ciph.cipher->get_ctx_params(ctx->op.ciph.algctx, 753 params); 754 if (EVP_PKEY_CTX_IS_KEM_OP(ctx) 755 && ctx->op.encap.kem != NULL 756 && ctx->op.encap.kem->get_ctx_params != NULL) 757 return 758 ctx->op.encap.kem->get_ctx_params(ctx->op.encap.algctx, 759 params); 760 break; 761 #ifndef FIPS_MODULE 762 case EVP_PKEY_STATE_UNKNOWN: 763 case EVP_PKEY_STATE_LEGACY: 764 return evp_pkey_ctx_get_params_to_ctrl(ctx, params); 765 #endif 766 } 767 return 0; 768 } 769 770 #ifndef FIPS_MODULE 771 const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx) 772 { 773 void *provctx; 774 775 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) 776 && ctx->op.kex.exchange != NULL 777 && ctx->op.kex.exchange->gettable_ctx_params != NULL) { 778 provctx = ossl_provider_ctx(EVP_KEYEXCH_get0_provider(ctx->op.kex.exchange)); 779 return ctx->op.kex.exchange->gettable_ctx_params(ctx->op.kex.algctx, 780 provctx); 781 } 782 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) 783 && ctx->op.sig.signature != NULL 784 && ctx->op.sig.signature->gettable_ctx_params != NULL) { 785 provctx = ossl_provider_ctx( 786 EVP_SIGNATURE_get0_provider(ctx->op.sig.signature)); 787 return ctx->op.sig.signature->gettable_ctx_params(ctx->op.sig.algctx, 788 provctx); 789 } 790 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) 791 && ctx->op.ciph.cipher != NULL 792 && ctx->op.ciph.cipher->gettable_ctx_params != NULL) { 793 provctx = ossl_provider_ctx( 794 EVP_ASYM_CIPHER_get0_provider(ctx->op.ciph.cipher)); 795 return ctx->op.ciph.cipher->gettable_ctx_params(ctx->op.ciph.algctx, 796 provctx); 797 } 798 if (EVP_PKEY_CTX_IS_KEM_OP(ctx) 799 && ctx->op.encap.kem != NULL 800 && ctx->op.encap.kem->gettable_ctx_params != NULL) { 801 provctx = ossl_provider_ctx(EVP_KEM_get0_provider(ctx->op.encap.kem)); 802 return ctx->op.encap.kem->gettable_ctx_params(ctx->op.encap.algctx, 803 provctx); 804 } 805 return NULL; 806 } 807 808 const OSSL_PARAM *EVP_PKEY_CTX_settable_params(const EVP_PKEY_CTX *ctx) 809 { 810 void *provctx; 811 812 if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) 813 && ctx->op.kex.exchange != NULL 814 && ctx->op.kex.exchange->settable_ctx_params != NULL) { 815 provctx = ossl_provider_ctx(EVP_KEYEXCH_get0_provider(ctx->op.kex.exchange)); 816 return ctx->op.kex.exchange->settable_ctx_params(ctx->op.kex.algctx, 817 provctx); 818 } 819 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) 820 && ctx->op.sig.signature != NULL 821 && ctx->op.sig.signature->settable_ctx_params != NULL) { 822 provctx = ossl_provider_ctx( 823 EVP_SIGNATURE_get0_provider(ctx->op.sig.signature)); 824 return ctx->op.sig.signature->settable_ctx_params(ctx->op.sig.algctx, 825 provctx); 826 } 827 if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) 828 && ctx->op.ciph.cipher != NULL 829 && ctx->op.ciph.cipher->settable_ctx_params != NULL) { 830 provctx = ossl_provider_ctx( 831 EVP_ASYM_CIPHER_get0_provider(ctx->op.ciph.cipher)); 832 return ctx->op.ciph.cipher->settable_ctx_params(ctx->op.ciph.algctx, 833 provctx); 834 } 835 if (EVP_PKEY_CTX_IS_GEN_OP(ctx) 836 && ctx->keymgmt != NULL 837 && ctx->keymgmt->gen_settable_params != NULL) { 838 provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(ctx->keymgmt)); 839 return ctx->keymgmt->gen_settable_params(ctx->op.keymgmt.genctx, 840 provctx); 841 } 842 if (EVP_PKEY_CTX_IS_KEM_OP(ctx) 843 && ctx->op.encap.kem != NULL 844 && ctx->op.encap.kem->settable_ctx_params != NULL) { 845 provctx = ossl_provider_ctx(EVP_KEM_get0_provider(ctx->op.encap.kem)); 846 return ctx->op.encap.kem->settable_ctx_params(ctx->op.encap.algctx, 847 provctx); 848 } 849 return NULL; 850 } 851 852 /* 853 * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params(). 854 * 855 * Return 1 on success, 0 or negative for errors. 856 * 857 * In particular they return -2 if any of the params is not supported. 858 * 859 * They are not available in FIPS_MODULE as they depend on 860 * - EVP_PKEY_CTX_{get,set}_params() 861 * - EVP_PKEY_CTX_{gettable,settable}_params() 862 * 863 */ 864 int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) 865 { 866 if (ctx == NULL || params == NULL) 867 return 0; 868 869 /* 870 * We only check for provider side EVP_PKEY_CTX. For #legacy, we 871 * depend on the translation that happens in EVP_PKEY_CTX_set_params() 872 * call, and that the resulting ctrl call will return -2 if it doesn't 873 * known the ctrl command number. 874 */ 875 if (evp_pkey_ctx_is_provided(ctx)) { 876 const OSSL_PARAM *settable = EVP_PKEY_CTX_settable_params(ctx); 877 const OSSL_PARAM *p; 878 879 for (p = params; p->key != NULL; p++) { 880 /* Check the ctx actually understands this parameter */ 881 if (OSSL_PARAM_locate_const(settable, p->key) == NULL ) 882 return -2; 883 } 884 } 885 886 return EVP_PKEY_CTX_set_params(ctx, params); 887 } 888 889 int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) 890 { 891 if (ctx == NULL || params == NULL) 892 return 0; 893 894 /* 895 * We only check for provider side EVP_PKEY_CTX. For #legacy, we 896 * depend on the translation that happens in EVP_PKEY_CTX_get_params() 897 * call, and that the resulting ctrl call will return -2 if it doesn't 898 * known the ctrl command number. 899 */ 900 if (evp_pkey_ctx_is_provided(ctx)) { 901 const OSSL_PARAM *gettable = EVP_PKEY_CTX_gettable_params(ctx); 902 const OSSL_PARAM *p; 903 904 for (p = params; p->key != NULL; p++ ) { 905 /* Check the ctx actually understands this parameter */ 906 if (OSSL_PARAM_locate_const(gettable, p->key) == NULL ) 907 return -2; 908 } 909 } 910 911 return EVP_PKEY_CTX_get_params(ctx, params); 912 } 913 914 int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md) 915 { 916 OSSL_PARAM sig_md_params[2], *p = sig_md_params; 917 /* 80 should be big enough */ 918 char name[80] = ""; 919 const EVP_MD *tmp; 920 921 if (ctx == NULL || !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) { 922 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); 923 /* Uses the same return values as EVP_PKEY_CTX_ctrl */ 924 return -2; 925 } 926 927 if (ctx->op.sig.algctx == NULL) 928 return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, 929 EVP_PKEY_CTRL_GET_MD, 0, (void *)(md)); 930 931 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 932 name, 933 sizeof(name)); 934 *p = OSSL_PARAM_construct_end(); 935 936 if (!EVP_PKEY_CTX_get_params(ctx, sig_md_params)) 937 return 0; 938 939 tmp = evp_get_digestbyname_ex(ctx->libctx, name); 940 if (tmp == NULL) 941 return 0; 942 943 *md = tmp; 944 945 return 1; 946 } 947 948 static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, 949 int fallback, const char *param, int op, 950 int ctrl) 951 { 952 OSSL_PARAM md_params[2], *p = md_params; 953 const char *name; 954 955 if (ctx == NULL || (ctx->operation & op) == 0) { 956 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); 957 /* Uses the same return values as EVP_PKEY_CTX_ctrl */ 958 return -2; 959 } 960 961 if (fallback) 962 return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md)); 963 964 if (md == NULL) { 965 name = ""; 966 } else { 967 name = EVP_MD_get0_name(md); 968 } 969 970 *p++ = OSSL_PARAM_construct_utf8_string(param, 971 /* 972 * Cast away the const. This is read 973 * only so should be safe 974 */ 975 (char *)name, 0); 976 *p = OSSL_PARAM_construct_end(); 977 978 return EVP_PKEY_CTX_set_params(ctx, md_params); 979 } 980 981 int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) 982 { 983 return evp_pkey_ctx_set_md(ctx, md, ctx->op.sig.algctx == NULL, 984 OSSL_SIGNATURE_PARAM_DIGEST, 985 EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD); 986 } 987 988 int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) 989 { 990 return evp_pkey_ctx_set_md(ctx, md, ctx->op.kex.algctx == NULL, 991 OSSL_KDF_PARAM_DIGEST, 992 EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_TLS_MD); 993 } 994 995 static int evp_pkey_ctx_set1_octet_string(EVP_PKEY_CTX *ctx, int fallback, 996 const char *param, int op, int ctrl, 997 const unsigned char *data, 998 int datalen) 999 { 1000 OSSL_PARAM octet_string_params[2], *p = octet_string_params; 1001 1002 if (ctx == NULL || (ctx->operation & op) == 0) { 1003 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); 1004 /* Uses the same return values as EVP_PKEY_CTX_ctrl */ 1005 return -2; 1006 } 1007 1008 /* Code below to be removed when legacy support is dropped. */ 1009 if (fallback) 1010 return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, datalen, (void *)(data)); 1011 /* end of legacy support */ 1012 1013 if (datalen < 0) { 1014 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH); 1015 return 0; 1016 } 1017 1018 *p++ = OSSL_PARAM_construct_octet_string(param, 1019 /* 1020 * Cast away the const. This is read 1021 * only so should be safe 1022 */ 1023 (unsigned char *)data, 1024 (size_t)datalen); 1025 *p = OSSL_PARAM_construct_end(); 1026 1027 return EVP_PKEY_CTX_set_params(ctx, octet_string_params); 1028 } 1029 1030 int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *ctx, 1031 const unsigned char *sec, int seclen) 1032 { 1033 return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, 1034 OSSL_KDF_PARAM_SECRET, 1035 EVP_PKEY_OP_DERIVE, 1036 EVP_PKEY_CTRL_TLS_SECRET, 1037 sec, seclen); 1038 } 1039 1040 int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *ctx, 1041 const unsigned char *seed, int seedlen) 1042 { 1043 return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, 1044 OSSL_KDF_PARAM_SEED, 1045 EVP_PKEY_OP_DERIVE, 1046 EVP_PKEY_CTRL_TLS_SEED, 1047 seed, seedlen); 1048 } 1049 1050 int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) 1051 { 1052 return evp_pkey_ctx_set_md(ctx, md, ctx->op.kex.algctx == NULL, 1053 OSSL_KDF_PARAM_DIGEST, 1054 EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_HKDF_MD); 1055 } 1056 1057 int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *ctx, 1058 const unsigned char *salt, int saltlen) 1059 { 1060 return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, 1061 OSSL_KDF_PARAM_SALT, 1062 EVP_PKEY_OP_DERIVE, 1063 EVP_PKEY_CTRL_HKDF_SALT, 1064 salt, saltlen); 1065 } 1066 1067 int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx, 1068 const unsigned char *key, int keylen) 1069 { 1070 return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, 1071 OSSL_KDF_PARAM_KEY, 1072 EVP_PKEY_OP_DERIVE, 1073 EVP_PKEY_CTRL_HKDF_KEY, 1074 key, keylen); 1075 } 1076 1077 int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx, 1078 const unsigned char *info, int infolen) 1079 { 1080 return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, 1081 OSSL_KDF_PARAM_INFO, 1082 EVP_PKEY_OP_DERIVE, 1083 EVP_PKEY_CTRL_HKDF_INFO, 1084 info, infolen); 1085 } 1086 1087 int EVP_PKEY_CTX_set_hkdf_mode(EVP_PKEY_CTX *ctx, int mode) 1088 { 1089 OSSL_PARAM int_params[2], *p = int_params; 1090 1091 if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { 1092 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); 1093 /* Uses the same return values as EVP_PKEY_CTX_ctrl */ 1094 return -2; 1095 } 1096 1097 /* Code below to be removed when legacy support is dropped. */ 1098 if (ctx->op.kex.algctx == NULL) 1099 return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_DERIVE, 1100 EVP_PKEY_CTRL_HKDF_MODE, mode, NULL); 1101 /* end of legacy support */ 1102 1103 if (mode < 0) { 1104 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); 1105 return 0; 1106 } 1107 1108 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode); 1109 *p = OSSL_PARAM_construct_end(); 1110 1111 return EVP_PKEY_CTX_set_params(ctx, int_params); 1112 } 1113 1114 int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *ctx, const char *pass, 1115 int passlen) 1116 { 1117 return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, 1118 OSSL_KDF_PARAM_PASSWORD, 1119 EVP_PKEY_OP_DERIVE, 1120 EVP_PKEY_CTRL_PASS, 1121 (const unsigned char *)pass, passlen); 1122 } 1123 1124 int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *ctx, 1125 const unsigned char *salt, int saltlen) 1126 { 1127 return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, 1128 OSSL_KDF_PARAM_SALT, 1129 EVP_PKEY_OP_DERIVE, 1130 EVP_PKEY_CTRL_SCRYPT_SALT, 1131 salt, saltlen); 1132 } 1133 1134 static int evp_pkey_ctx_set_uint64(EVP_PKEY_CTX *ctx, const char *param, 1135 int op, int ctrl, uint64_t val) 1136 { 1137 OSSL_PARAM uint64_params[2], *p = uint64_params; 1138 1139 if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { 1140 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); 1141 /* Uses the same return values as EVP_PKEY_CTX_ctrl */ 1142 return -2; 1143 } 1144 1145 /* Code below to be removed when legacy support is dropped. */ 1146 if (ctx->op.kex.algctx == NULL) 1147 return EVP_PKEY_CTX_ctrl_uint64(ctx, -1, op, ctrl, val); 1148 /* end of legacy support */ 1149 1150 *p++ = OSSL_PARAM_construct_uint64(param, &val); 1151 *p = OSSL_PARAM_construct_end(); 1152 1153 return EVP_PKEY_CTX_set_params(ctx, uint64_params); 1154 } 1155 1156 int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *ctx, uint64_t n) 1157 { 1158 return evp_pkey_ctx_set_uint64(ctx, OSSL_KDF_PARAM_SCRYPT_N, 1159 EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_SCRYPT_N, 1160 n); 1161 } 1162 1163 int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *ctx, uint64_t r) 1164 { 1165 return evp_pkey_ctx_set_uint64(ctx, OSSL_KDF_PARAM_SCRYPT_R, 1166 EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_SCRYPT_R, 1167 r); 1168 } 1169 1170 int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *ctx, uint64_t p) 1171 { 1172 return evp_pkey_ctx_set_uint64(ctx, OSSL_KDF_PARAM_SCRYPT_P, 1173 EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_SCRYPT_P, 1174 p); 1175 } 1176 1177 int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *ctx, 1178 uint64_t maxmem_bytes) 1179 { 1180 return evp_pkey_ctx_set_uint64(ctx, OSSL_KDF_PARAM_SCRYPT_MAXMEM, 1181 EVP_PKEY_OP_DERIVE, 1182 EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, 1183 maxmem_bytes); 1184 } 1185 1186 int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, const unsigned char *key, 1187 int keylen) 1188 { 1189 return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.keymgmt.genctx == NULL, 1190 OSSL_PKEY_PARAM_PRIV_KEY, 1191 EVP_PKEY_OP_KEYGEN, 1192 EVP_PKEY_CTRL_SET_MAC_KEY, 1193 key, keylen); 1194 } 1195 1196 int EVP_PKEY_CTX_set_kem_op(EVP_PKEY_CTX *ctx, const char *op) 1197 { 1198 OSSL_PARAM params[2], *p = params; 1199 1200 if (ctx == NULL || op == NULL) { 1201 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); 1202 return 0; 1203 } 1204 if (!EVP_PKEY_CTX_IS_KEM_OP(ctx)) { 1205 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); 1206 return -2; 1207 } 1208 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KEM_PARAM_OPERATION, 1209 (char *)op, 0); 1210 *p = OSSL_PARAM_construct_end(); 1211 return EVP_PKEY_CTX_set_params(ctx, params); 1212 } 1213 1214 int evp_pkey_ctx_set1_id_prov(EVP_PKEY_CTX *ctx, const void *id, int len) 1215 { 1216 OSSL_PARAM params[2], *p = params; 1217 int ret; 1218 1219 if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) { 1220 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); 1221 /* Uses the same return values as EVP_PKEY_CTX_ctrl */ 1222 return -2; 1223 } 1224 1225 *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_DIST_ID, 1226 /* 1227 * Cast away the const. This is 1228 * read only so should be safe 1229 */ 1230 (void *)id, (size_t)len); 1231 *p++ = OSSL_PARAM_construct_end(); 1232 1233 ret = evp_pkey_ctx_set_params_strict(ctx, params); 1234 if (ret == -2) 1235 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); 1236 return ret; 1237 } 1238 1239 int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, const void *id, int len) 1240 { 1241 return EVP_PKEY_CTX_ctrl(ctx, -1, -1, 1242 EVP_PKEY_CTRL_SET1_ID, (int)len, (void*)(id)); 1243 } 1244 1245 static int get1_id_data(EVP_PKEY_CTX *ctx, void *id, size_t *id_len) 1246 { 1247 int ret; 1248 void *tmp_id = NULL; 1249 OSSL_PARAM params[2], *p = params; 1250 1251 if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) { 1252 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); 1253 /* Uses the same return values as EVP_PKEY_CTX_ctrl */ 1254 return -2; 1255 } 1256 1257 *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_PKEY_PARAM_DIST_ID, 1258 &tmp_id, 0); 1259 *p++ = OSSL_PARAM_construct_end(); 1260 1261 ret = evp_pkey_ctx_get_params_strict(ctx, params); 1262 if (ret == -2) { 1263 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); 1264 } else if (ret > 0) { 1265 size_t tmp_id_len = params[0].return_size; 1266 1267 if (id != NULL) 1268 memcpy(id, tmp_id, tmp_id_len); 1269 if (id_len != NULL) 1270 *id_len = tmp_id_len; 1271 } 1272 return ret; 1273 } 1274 1275 int evp_pkey_ctx_get1_id_prov(EVP_PKEY_CTX *ctx, void *id) 1276 { 1277 return get1_id_data(ctx, id, NULL); 1278 } 1279 1280 int evp_pkey_ctx_get1_id_len_prov(EVP_PKEY_CTX *ctx, size_t *id_len) 1281 { 1282 return get1_id_data(ctx, NULL, id_len); 1283 } 1284 1285 int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id) 1286 { 1287 return EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_GET1_ID, 0, (void*)id); 1288 } 1289 1290 int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len) 1291 { 1292 return EVP_PKEY_CTX_ctrl(ctx, -1, -1, 1293 EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)id_len); 1294 } 1295 1296 static int evp_pkey_ctx_ctrl_int(EVP_PKEY_CTX *ctx, int keytype, int optype, 1297 int cmd, int p1, void *p2) 1298 { 1299 int ret = 0; 1300 1301 /* 1302 * If the method has a |digest_custom| function, we can relax the 1303 * operation type check, since this can be called before the operation 1304 * is initialized. 1305 */ 1306 if (ctx->pmeth == NULL || ctx->pmeth->digest_custom == NULL) { 1307 if (ctx->operation == EVP_PKEY_OP_UNDEFINED) { 1308 ERR_raise(ERR_LIB_EVP, EVP_R_NO_OPERATION_SET); 1309 return -1; 1310 } 1311 1312 if ((optype != -1) && !(ctx->operation & optype)) { 1313 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION); 1314 return -1; 1315 } 1316 } 1317 1318 switch (evp_pkey_ctx_state(ctx)) { 1319 case EVP_PKEY_STATE_PROVIDER: 1320 return evp_pkey_ctx_ctrl_to_param(ctx, keytype, optype, cmd, p1, p2); 1321 case EVP_PKEY_STATE_UNKNOWN: 1322 case EVP_PKEY_STATE_LEGACY: 1323 if (ctx->pmeth == NULL || ctx->pmeth->ctrl == NULL) { 1324 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); 1325 return -2; 1326 } 1327 if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype)) 1328 return -1; 1329 1330 ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2); 1331 1332 if (ret == -2) 1333 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); 1334 break; 1335 } 1336 return ret; 1337 } 1338 1339 int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, 1340 int cmd, int p1, void *p2) 1341 { 1342 int ret = 0; 1343 1344 if (ctx == NULL) { 1345 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); 1346 return -2; 1347 } 1348 /* If unsupported, we don't want that reported here */ 1349 ERR_set_mark(); 1350 ret = evp_pkey_ctx_store_cached_data(ctx, keytype, optype, 1351 cmd, NULL, p2, p1); 1352 if (ret == -2) { 1353 ERR_pop_to_mark(); 1354 } else { 1355 ERR_clear_last_mark(); 1356 /* 1357 * If there was an error, there was an error. 1358 * If the operation isn't initialized yet, we also return, as 1359 * the saved values will be used then anyway. 1360 */ 1361 if (ret < 1 || ctx->operation == EVP_PKEY_OP_UNDEFINED) 1362 return ret; 1363 } 1364 return evp_pkey_ctx_ctrl_int(ctx, keytype, optype, cmd, p1, p2); 1365 } 1366 1367 int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, 1368 int cmd, uint64_t value) 1369 { 1370 return EVP_PKEY_CTX_ctrl(ctx, keytype, optype, cmd, 0, &value); 1371 } 1372 1373 1374 static int evp_pkey_ctx_ctrl_str_int(EVP_PKEY_CTX *ctx, 1375 const char *name, const char *value) 1376 { 1377 int ret = 0; 1378 1379 if (ctx == NULL) { 1380 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); 1381 return -2; 1382 } 1383 1384 switch (evp_pkey_ctx_state(ctx)) { 1385 case EVP_PKEY_STATE_PROVIDER: 1386 return evp_pkey_ctx_ctrl_str_to_param(ctx, name, value); 1387 case EVP_PKEY_STATE_UNKNOWN: 1388 case EVP_PKEY_STATE_LEGACY: 1389 if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->ctrl_str == NULL) { 1390 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); 1391 return -2; 1392 } 1393 if (strcmp(name, "digest") == 0) 1394 ret = EVP_PKEY_CTX_md(ctx, 1395 EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, 1396 EVP_PKEY_CTRL_MD, value); 1397 else 1398 ret = ctx->pmeth->ctrl_str(ctx, name, value); 1399 break; 1400 } 1401 1402 return ret; 1403 } 1404 1405 int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, 1406 const char *name, const char *value) 1407 { 1408 int ret = 0; 1409 1410 /* If unsupported, we don't want that reported here */ 1411 ERR_set_mark(); 1412 ret = evp_pkey_ctx_store_cached_data(ctx, -1, -1, -1, 1413 name, value, strlen(value) + 1); 1414 if (ret == -2) { 1415 ERR_pop_to_mark(); 1416 } else { 1417 ERR_clear_last_mark(); 1418 /* 1419 * If there was an error, there was an error. 1420 * If the operation isn't initialized yet, we also return, as 1421 * the saved values will be used then anyway. 1422 */ 1423 if (ret < 1 || ctx->operation == EVP_PKEY_OP_UNDEFINED) 1424 return ret; 1425 } 1426 1427 return evp_pkey_ctx_ctrl_str_int(ctx, name, value); 1428 } 1429 1430 static int decode_cmd(int cmd, const char *name) 1431 { 1432 if (cmd == -1) { 1433 /* 1434 * The consequence of the assertion not being true is that this 1435 * function will return -1, which will cause the calling functions 1436 * to signal that the command is unsupported... in non-debug mode. 1437 */ 1438 if (ossl_assert(name != NULL)) 1439 if (strcmp(name, "distid") == 0 || strcmp(name, "hexdistid") == 0) 1440 cmd = EVP_PKEY_CTRL_SET1_ID; 1441 } 1442 1443 return cmd; 1444 } 1445 1446 static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx, 1447 int keytype, int optype, 1448 int cmd, const char *name, 1449 const void *data, size_t data_len) 1450 { 1451 /* 1452 * Check that it's one of the supported commands. The ctrl commands 1453 * number cases here must correspond to the cases in the bottom switch 1454 * in this function. 1455 */ 1456 switch (cmd = decode_cmd(cmd, name)) { 1457 case EVP_PKEY_CTRL_SET1_ID: 1458 break; 1459 default: 1460 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); 1461 return -2; 1462 } 1463 1464 if (keytype != -1) { 1465 switch (evp_pkey_ctx_state(ctx)) { 1466 case EVP_PKEY_STATE_PROVIDER: 1467 if (ctx->keymgmt == NULL) { 1468 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); 1469 return -2; 1470 } 1471 if (!EVP_KEYMGMT_is_a(ctx->keymgmt, 1472 evp_pkey_type2name(keytype))) { 1473 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION); 1474 return -1; 1475 } 1476 break; 1477 case EVP_PKEY_STATE_UNKNOWN: 1478 case EVP_PKEY_STATE_LEGACY: 1479 if (ctx->pmeth == NULL) { 1480 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); 1481 return -2; 1482 } 1483 if (EVP_PKEY_type(ctx->pmeth->pkey_id) != EVP_PKEY_type(keytype)) { 1484 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION); 1485 return -1; 1486 } 1487 break; 1488 } 1489 } 1490 if (optype != -1 && (ctx->operation & optype) == 0) { 1491 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION); 1492 return -1; 1493 } 1494 1495 switch (cmd) { 1496 case EVP_PKEY_CTRL_SET1_ID: 1497 evp_pkey_ctx_free_cached_data(ctx, cmd, name); 1498 if (name != NULL) { 1499 ctx->cached_parameters.dist_id_name = OPENSSL_strdup(name); 1500 if (ctx->cached_parameters.dist_id_name == NULL) { 1501 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); 1502 return 0; 1503 } 1504 } 1505 if (data_len > 0) { 1506 ctx->cached_parameters.dist_id = OPENSSL_memdup(data, data_len); 1507 if (ctx->cached_parameters.dist_id == NULL) { 1508 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); 1509 return 0; 1510 } 1511 } 1512 ctx->cached_parameters.dist_id_set = 1; 1513 ctx->cached_parameters.dist_id_len = data_len; 1514 break; 1515 } 1516 return 1; 1517 } 1518 1519 static void evp_pkey_ctx_free_cached_data(EVP_PKEY_CTX *ctx, 1520 int cmd, const char *name) 1521 { 1522 cmd = decode_cmd(cmd, name); 1523 switch (cmd) { 1524 case EVP_PKEY_CTRL_SET1_ID: 1525 OPENSSL_free(ctx->cached_parameters.dist_id); 1526 OPENSSL_free(ctx->cached_parameters.dist_id_name); 1527 ctx->cached_parameters.dist_id = NULL; 1528 ctx->cached_parameters.dist_id_name = NULL; 1529 break; 1530 } 1531 } 1532 1533 static void evp_pkey_ctx_free_all_cached_data(EVP_PKEY_CTX *ctx) 1534 { 1535 evp_pkey_ctx_free_cached_data(ctx, EVP_PKEY_CTRL_SET1_ID, NULL); 1536 } 1537 1538 int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx) 1539 { 1540 int ret = 1; 1541 1542 if (ret && ctx->cached_parameters.dist_id_set) { 1543 const char *name = ctx->cached_parameters.dist_id_name; 1544 const void *val = ctx->cached_parameters.dist_id; 1545 size_t len = ctx->cached_parameters.dist_id_len; 1546 1547 if (name != NULL) 1548 ret = evp_pkey_ctx_ctrl_str_int(ctx, name, val); 1549 else 1550 ret = evp_pkey_ctx_ctrl_int(ctx, -1, ctx->operation, 1551 EVP_PKEY_CTRL_SET1_ID, 1552 (int)len, (void *)val); 1553 } 1554 1555 return ret; 1556 } 1557 1558 OSSL_LIB_CTX *EVP_PKEY_CTX_get0_libctx(EVP_PKEY_CTX *ctx) 1559 { 1560 return ctx->libctx; 1561 } 1562 1563 const char *EVP_PKEY_CTX_get0_propq(const EVP_PKEY_CTX *ctx) 1564 { 1565 return ctx->propquery; 1566 } 1567 1568 const OSSL_PROVIDER *EVP_PKEY_CTX_get0_provider(const EVP_PKEY_CTX *ctx) 1569 { 1570 if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) { 1571 if (ctx->op.sig.signature != NULL) 1572 return EVP_SIGNATURE_get0_provider(ctx->op.sig.signature); 1573 } else if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { 1574 if (ctx->op.kex.exchange != NULL) 1575 return EVP_KEYEXCH_get0_provider(ctx->op.kex.exchange); 1576 } else if (EVP_PKEY_CTX_IS_KEM_OP(ctx)) { 1577 if (ctx->op.encap.kem != NULL) 1578 return EVP_KEM_get0_provider(ctx->op.encap.kem); 1579 } else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) { 1580 if (ctx->op.ciph.cipher != NULL) 1581 return EVP_ASYM_CIPHER_get0_provider(ctx->op.ciph.cipher); 1582 } else if (EVP_PKEY_CTX_IS_GEN_OP(ctx)) { 1583 if (ctx->keymgmt != NULL) 1584 return EVP_KEYMGMT_get0_provider(ctx->keymgmt); 1585 } 1586 1587 return NULL; 1588 } 1589 1590 /* Utility functions to send a string of hex string to a ctrl */ 1591 1592 int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str) 1593 { 1594 size_t len; 1595 1596 len = strlen(str); 1597 if (len > INT_MAX) 1598 return -1; 1599 return ctx->pmeth->ctrl(ctx, cmd, len, (void *)str); 1600 } 1601 1602 int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex) 1603 { 1604 unsigned char *bin; 1605 long binlen; 1606 int rv = -1; 1607 1608 bin = OPENSSL_hexstr2buf(hex, &binlen); 1609 if (bin == NULL) 1610 return 0; 1611 if (binlen <= INT_MAX) 1612 rv = ctx->pmeth->ctrl(ctx, cmd, binlen, bin); 1613 OPENSSL_free(bin); 1614 return rv; 1615 } 1616 1617 /* Pass a message digest to a ctrl */ 1618 int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md) 1619 { 1620 const EVP_MD *m; 1621 1622 if (md == NULL || (m = EVP_get_digestbyname(md)) == NULL) { 1623 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); 1624 return 0; 1625 } 1626 return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, 0, (void *)m); 1627 } 1628 1629 int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx) 1630 { 1631 return ctx->operation; 1632 } 1633 1634 void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen) 1635 { 1636 ctx->keygen_info = dat; 1637 ctx->keygen_info_count = datlen; 1638 } 1639 1640 void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data) 1641 { 1642 ctx->data = data; 1643 } 1644 1645 void *EVP_PKEY_CTX_get_data(const EVP_PKEY_CTX *ctx) 1646 { 1647 return ctx->data; 1648 } 1649 1650 EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx) 1651 { 1652 return ctx->pkey; 1653 } 1654 1655 EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx) 1656 { 1657 return ctx->peerkey; 1658 } 1659 1660 void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data) 1661 { 1662 ctx->app_data = data; 1663 } 1664 1665 void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx) 1666 { 1667 return ctx->app_data; 1668 } 1669 1670 void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, 1671 int (*init) (EVP_PKEY_CTX *ctx)) 1672 { 1673 pmeth->init = init; 1674 } 1675 1676 void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, 1677 int (*copy) (EVP_PKEY_CTX *dst, 1678 const EVP_PKEY_CTX *src)) 1679 { 1680 pmeth->copy = copy; 1681 } 1682 1683 void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, 1684 void (*cleanup) (EVP_PKEY_CTX *ctx)) 1685 { 1686 pmeth->cleanup = cleanup; 1687 } 1688 1689 void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, 1690 int (*paramgen_init) (EVP_PKEY_CTX *ctx), 1691 int (*paramgen) (EVP_PKEY_CTX *ctx, 1692 EVP_PKEY *pkey)) 1693 { 1694 pmeth->paramgen_init = paramgen_init; 1695 pmeth->paramgen = paramgen; 1696 } 1697 1698 void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, 1699 int (*keygen_init) (EVP_PKEY_CTX *ctx), 1700 int (*keygen) (EVP_PKEY_CTX *ctx, 1701 EVP_PKEY *pkey)) 1702 { 1703 pmeth->keygen_init = keygen_init; 1704 pmeth->keygen = keygen; 1705 } 1706 1707 void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, 1708 int (*sign_init) (EVP_PKEY_CTX *ctx), 1709 int (*sign) (EVP_PKEY_CTX *ctx, 1710 unsigned char *sig, size_t *siglen, 1711 const unsigned char *tbs, 1712 size_t tbslen)) 1713 { 1714 pmeth->sign_init = sign_init; 1715 pmeth->sign = sign; 1716 } 1717 1718 void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, 1719 int (*verify_init) (EVP_PKEY_CTX *ctx), 1720 int (*verify) (EVP_PKEY_CTX *ctx, 1721 const unsigned char *sig, 1722 size_t siglen, 1723 const unsigned char *tbs, 1724 size_t tbslen)) 1725 { 1726 pmeth->verify_init = verify_init; 1727 pmeth->verify = verify; 1728 } 1729 1730 void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, 1731 int (*verify_recover_init) (EVP_PKEY_CTX 1732 *ctx), 1733 int (*verify_recover) (EVP_PKEY_CTX 1734 *ctx, 1735 unsigned char 1736 *sig, 1737 size_t *siglen, 1738 const unsigned 1739 char *tbs, 1740 size_t tbslen)) 1741 { 1742 pmeth->verify_recover_init = verify_recover_init; 1743 pmeth->verify_recover = verify_recover; 1744 } 1745 1746 void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, 1747 int (*signctx_init) (EVP_PKEY_CTX *ctx, 1748 EVP_MD_CTX *mctx), 1749 int (*signctx) (EVP_PKEY_CTX *ctx, 1750 unsigned char *sig, 1751 size_t *siglen, 1752 EVP_MD_CTX *mctx)) 1753 { 1754 pmeth->signctx_init = signctx_init; 1755 pmeth->signctx = signctx; 1756 } 1757 1758 void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, 1759 int (*verifyctx_init) (EVP_PKEY_CTX *ctx, 1760 EVP_MD_CTX *mctx), 1761 int (*verifyctx) (EVP_PKEY_CTX *ctx, 1762 const unsigned char *sig, 1763 int siglen, 1764 EVP_MD_CTX *mctx)) 1765 { 1766 pmeth->verifyctx_init = verifyctx_init; 1767 pmeth->verifyctx = verifyctx; 1768 } 1769 1770 void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, 1771 int (*encrypt_init) (EVP_PKEY_CTX *ctx), 1772 int (*encryptfn) (EVP_PKEY_CTX *ctx, 1773 unsigned char *out, 1774 size_t *outlen, 1775 const unsigned char *in, 1776 size_t inlen)) 1777 { 1778 pmeth->encrypt_init = encrypt_init; 1779 pmeth->encrypt = encryptfn; 1780 } 1781 1782 void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, 1783 int (*decrypt_init) (EVP_PKEY_CTX *ctx), 1784 int (*decrypt) (EVP_PKEY_CTX *ctx, 1785 unsigned char *out, 1786 size_t *outlen, 1787 const unsigned char *in, 1788 size_t inlen)) 1789 { 1790 pmeth->decrypt_init = decrypt_init; 1791 pmeth->decrypt = decrypt; 1792 } 1793 1794 void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, 1795 int (*derive_init) (EVP_PKEY_CTX *ctx), 1796 int (*derive) (EVP_PKEY_CTX *ctx, 1797 unsigned char *key, 1798 size_t *keylen)) 1799 { 1800 pmeth->derive_init = derive_init; 1801 pmeth->derive = derive; 1802 } 1803 1804 void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, 1805 int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, 1806 void *p2), 1807 int (*ctrl_str) (EVP_PKEY_CTX *ctx, 1808 const char *type, 1809 const char *value)) 1810 { 1811 pmeth->ctrl = ctrl; 1812 pmeth->ctrl_str = ctrl_str; 1813 } 1814 1815 void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, 1816 int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, 1817 const unsigned char *tbs, size_t tbslen)) 1818 { 1819 pmeth->digestsign = digestsign; 1820 } 1821 1822 void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, 1823 int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, 1824 size_t siglen, const unsigned char *tbs, 1825 size_t tbslen)) 1826 { 1827 pmeth->digestverify = digestverify; 1828 } 1829 1830 void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, 1831 int (*check) (EVP_PKEY *pkey)) 1832 { 1833 pmeth->check = check; 1834 } 1835 1836 void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, 1837 int (*check) (EVP_PKEY *pkey)) 1838 { 1839 pmeth->public_check = check; 1840 } 1841 1842 void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, 1843 int (*check) (EVP_PKEY *pkey)) 1844 { 1845 pmeth->param_check = check; 1846 } 1847 1848 void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, 1849 int (*digest_custom) (EVP_PKEY_CTX *ctx, 1850 EVP_MD_CTX *mctx)) 1851 { 1852 pmeth->digest_custom = digest_custom; 1853 } 1854 1855 void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, 1856 int (**pinit) (EVP_PKEY_CTX *ctx)) 1857 { 1858 *pinit = pmeth->init; 1859 } 1860 1861 void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, 1862 int (**pcopy) (EVP_PKEY_CTX *dst, 1863 const EVP_PKEY_CTX *src)) 1864 { 1865 *pcopy = pmeth->copy; 1866 } 1867 1868 void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, 1869 void (**pcleanup) (EVP_PKEY_CTX *ctx)) 1870 { 1871 *pcleanup = pmeth->cleanup; 1872 } 1873 1874 void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, 1875 int (**pparamgen_init) (EVP_PKEY_CTX *ctx), 1876 int (**pparamgen) (EVP_PKEY_CTX *ctx, 1877 EVP_PKEY *pkey)) 1878 { 1879 if (pparamgen_init) 1880 *pparamgen_init = pmeth->paramgen_init; 1881 if (pparamgen) 1882 *pparamgen = pmeth->paramgen; 1883 } 1884 1885 void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, 1886 int (**pkeygen_init) (EVP_PKEY_CTX *ctx), 1887 int (**pkeygen) (EVP_PKEY_CTX *ctx, 1888 EVP_PKEY *pkey)) 1889 { 1890 if (pkeygen_init) 1891 *pkeygen_init = pmeth->keygen_init; 1892 if (pkeygen) 1893 *pkeygen = pmeth->keygen; 1894 } 1895 1896 void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, 1897 int (**psign_init) (EVP_PKEY_CTX *ctx), 1898 int (**psign) (EVP_PKEY_CTX *ctx, 1899 unsigned char *sig, size_t *siglen, 1900 const unsigned char *tbs, 1901 size_t tbslen)) 1902 { 1903 if (psign_init) 1904 *psign_init = pmeth->sign_init; 1905 if (psign) 1906 *psign = pmeth->sign; 1907 } 1908 1909 void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, 1910 int (**pverify_init) (EVP_PKEY_CTX *ctx), 1911 int (**pverify) (EVP_PKEY_CTX *ctx, 1912 const unsigned char *sig, 1913 size_t siglen, 1914 const unsigned char *tbs, 1915 size_t tbslen)) 1916 { 1917 if (pverify_init) 1918 *pverify_init = pmeth->verify_init; 1919 if (pverify) 1920 *pverify = pmeth->verify; 1921 } 1922 1923 void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, 1924 int (**pverify_recover_init) (EVP_PKEY_CTX 1925 *ctx), 1926 int (**pverify_recover) (EVP_PKEY_CTX 1927 *ctx, 1928 unsigned char 1929 *sig, 1930 size_t *siglen, 1931 const unsigned 1932 char *tbs, 1933 size_t tbslen)) 1934 { 1935 if (pverify_recover_init) 1936 *pverify_recover_init = pmeth->verify_recover_init; 1937 if (pverify_recover) 1938 *pverify_recover = pmeth->verify_recover; 1939 } 1940 1941 void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, 1942 int (**psignctx_init) (EVP_PKEY_CTX *ctx, 1943 EVP_MD_CTX *mctx), 1944 int (**psignctx) (EVP_PKEY_CTX *ctx, 1945 unsigned char *sig, 1946 size_t *siglen, 1947 EVP_MD_CTX *mctx)) 1948 { 1949 if (psignctx_init) 1950 *psignctx_init = pmeth->signctx_init; 1951 if (psignctx) 1952 *psignctx = pmeth->signctx; 1953 } 1954 1955 void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, 1956 int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, 1957 EVP_MD_CTX *mctx), 1958 int (**pverifyctx) (EVP_PKEY_CTX *ctx, 1959 const unsigned char *sig, 1960 int siglen, 1961 EVP_MD_CTX *mctx)) 1962 { 1963 if (pverifyctx_init) 1964 *pverifyctx_init = pmeth->verifyctx_init; 1965 if (pverifyctx) 1966 *pverifyctx = pmeth->verifyctx; 1967 } 1968 1969 void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, 1970 int (**pencrypt_init) (EVP_PKEY_CTX *ctx), 1971 int (**pencryptfn) (EVP_PKEY_CTX *ctx, 1972 unsigned char *out, 1973 size_t *outlen, 1974 const unsigned char *in, 1975 size_t inlen)) 1976 { 1977 if (pencrypt_init) 1978 *pencrypt_init = pmeth->encrypt_init; 1979 if (pencryptfn) 1980 *pencryptfn = pmeth->encrypt; 1981 } 1982 1983 void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, 1984 int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), 1985 int (**pdecrypt) (EVP_PKEY_CTX *ctx, 1986 unsigned char *out, 1987 size_t *outlen, 1988 const unsigned char *in, 1989 size_t inlen)) 1990 { 1991 if (pdecrypt_init) 1992 *pdecrypt_init = pmeth->decrypt_init; 1993 if (pdecrypt) 1994 *pdecrypt = pmeth->decrypt; 1995 } 1996 1997 void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, 1998 int (**pderive_init) (EVP_PKEY_CTX *ctx), 1999 int (**pderive) (EVP_PKEY_CTX *ctx, 2000 unsigned char *key, 2001 size_t *keylen)) 2002 { 2003 if (pderive_init) 2004 *pderive_init = pmeth->derive_init; 2005 if (pderive) 2006 *pderive = pmeth->derive; 2007 } 2008 2009 void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, 2010 int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, 2011 void *p2), 2012 int (**pctrl_str) (EVP_PKEY_CTX *ctx, 2013 const char *type, 2014 const char *value)) 2015 { 2016 if (pctrl) 2017 *pctrl = pmeth->ctrl; 2018 if (pctrl_str) 2019 *pctrl_str = pmeth->ctrl_str; 2020 } 2021 2022 void EVP_PKEY_meth_get_digestsign(const EVP_PKEY_METHOD *pmeth, 2023 int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, 2024 const unsigned char *tbs, size_t tbslen)) 2025 { 2026 if (digestsign) 2027 *digestsign = pmeth->digestsign; 2028 } 2029 2030 void EVP_PKEY_meth_get_digestverify(const EVP_PKEY_METHOD *pmeth, 2031 int (**digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, 2032 size_t siglen, const unsigned char *tbs, 2033 size_t tbslen)) 2034 { 2035 if (digestverify) 2036 *digestverify = pmeth->digestverify; 2037 } 2038 2039 void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, 2040 int (**pcheck) (EVP_PKEY *pkey)) 2041 { 2042 if (pcheck != NULL) 2043 *pcheck = pmeth->check; 2044 } 2045 2046 void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, 2047 int (**pcheck) (EVP_PKEY *pkey)) 2048 { 2049 if (pcheck != NULL) 2050 *pcheck = pmeth->public_check; 2051 } 2052 2053 void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, 2054 int (**pcheck) (EVP_PKEY *pkey)) 2055 { 2056 if (pcheck != NULL) 2057 *pcheck = pmeth->param_check; 2058 } 2059 2060 void EVP_PKEY_meth_get_digest_custom(const EVP_PKEY_METHOD *pmeth, 2061 int (**pdigest_custom) (EVP_PKEY_CTX *ctx, 2062 EVP_MD_CTX *mctx)) 2063 { 2064 if (pdigest_custom != NULL) 2065 *pdigest_custom = pmeth->digest_custom; 2066 } 2067 2068 #endif /* FIPS_MODULE */ 2069