| 1 | |
|---|---|
| 2 | /* |
| 3 | * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. |
| 4 | * |
| 5 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
| 6 | * this file except in compliance with the License. You can obtain a copy |
| 7 | * in the file LICENSE in the source distribution or at |
| 8 | * https://www.openssl.org/source/license.html |
| 9 | */ |
| 10 | |
| 11 | #include <stdio.h> |
| 12 | #include <stdlib.h> |
| 13 | #include <openssl/engine.h> |
| 14 | #include <openssl/evp.h> |
| 15 | #include <openssl/x509v3.h> |
| 16 | #include <openssl/core_names.h> |
| 17 | #include <openssl/dh.h> |
| 18 | #include <openssl/rsa.h> |
| 19 | #include "internal/cryptlib.h" |
| 20 | #include "crypto/asn1.h" |
| 21 | #include "crypto/evp.h" |
| 22 | #include "internal/numbers.h" |
| 23 | #include "internal/provider.h" |
| 24 | #include "evp_local.h" |
| 25 | |
| 26 | typedef const EVP_PKEY_METHOD *(*pmeth_fn)(void); |
| 27 | typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); |
| 28 | |
| 29 | static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; |
| 30 | |
| 31 | /* This array needs to be in order of NIDs */ |
| 32 | static pmeth_fn standard_methods[] = { |
| 33 | #ifndef OPENSSL_NO_RSA |
| 34 | rsa_pkey_method, |
| 35 | #endif |
| 36 | #ifndef OPENSSL_NO_DH |
| 37 | dh_pkey_method, |
| 38 | #endif |
| 39 | #ifndef OPENSSL_NO_DSA |
| 40 | dsa_pkey_method, |
| 41 | #endif |
| 42 | #ifndef OPENSSL_NO_EC |
| 43 | ec_pkey_method, |
| 44 | #endif |
| 45 | hmac_pkey_method, |
| 46 | #ifndef OPENSSL_NO_CMAC |
| 47 | cmac_pkey_method, |
| 48 | #endif |
| 49 | #ifndef OPENSSL_NO_RSA |
| 50 | rsa_pss_pkey_method, |
| 51 | #endif |
| 52 | #ifndef OPENSSL_NO_DH |
| 53 | dhx_pkey_method, |
| 54 | #endif |
| 55 | #ifndef OPENSSL_NO_SCRYPT |
| 56 | scrypt_pkey_method, |
| 57 | #endif |
| 58 | tls1_prf_pkey_method, |
| 59 | #ifndef OPENSSL_NO_EC |
| 60 | ecx25519_pkey_method, |
| 61 | ecx448_pkey_method, |
| 62 | #endif |
| 63 | hkdf_pkey_method, |
| 64 | #ifndef OPENSSL_NO_POLY1305 |
| 65 | poly1305_pkey_method, |
| 66 | #endif |
| 67 | #ifndef OPENSSL_NO_SIPHASH |
| 68 | siphash_pkey_method, |
| 69 | #endif |
| 70 | #ifndef OPENSSL_NO_EC |
| 71 | ed25519_pkey_method, |
| 72 | ed448_pkey_method, |
| 73 | #endif |
| 74 | #ifndef OPENSSL_NO_SM2 |
| 75 | sm2_pkey_method, |
| 76 | #endif |
| 77 | }; |
| 78 | |
| 79 | DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, pmeth_fn, pmeth_func); |
| 80 | |
| 81 | static int pmeth_func_cmp(const EVP_PKEY_METHOD *const *a, pmeth_fn const *b) |
| 82 | { |
| 83 | return ((*a)->pkey_id - ((**b)())->pkey_id); |
| 84 | } |
| 85 | |
| 86 | IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, pmeth_fn, pmeth_func); |
| 87 | |
| 88 | static int pmeth_cmp(const EVP_PKEY_METHOD *const *a, |
| 89 | const EVP_PKEY_METHOD *const *b) |
| 90 | { |
| 91 | return ((*a)->pkey_id - (*b)->pkey_id); |
| 92 | } |
| 93 | |
| 94 | const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type) |
| 95 | { |
| 96 | pmeth_fn *ret; |
| 97 | EVP_PKEY_METHOD tmp; |
| 98 | const EVP_PKEY_METHOD *t = &tmp; |
| 99 | |
| 100 | tmp.pkey_id = type; |
| 101 | if (app_pkey_methods) { |
| 102 | int idx; |
| 103 | idx = sk_EVP_PKEY_METHOD_find(app_pkey_methods, &tmp); |
| 104 | if (idx >= 0) |
| 105 | return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx); |
| 106 | } |
| 107 | ret = OBJ_bsearch_pmeth_func(&t, standard_methods, |
| 108 | sizeof(standard_methods) / |
| 109 | sizeof(pmeth_fn)); |
| 110 | if (ret == NULL || *ret == NULL) |
| 111 | return NULL; |
| 112 | return (**ret)(); |
| 113 | } |
| 114 | |
| 115 | static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx, |
| 116 | EVP_PKEY *pkey, ENGINE *e, |
| 117 | const char *name, const char *propquery, |
| 118 | int id) |
| 119 | { |
| 120 | EVP_PKEY_CTX *ret; |
| 121 | const EVP_PKEY_METHOD *pmeth = NULL; |
| 122 | |
| 123 | /* |
| 124 | * When using providers, the context is bound to the algo implementation |
| 125 | * later. |
| 126 | */ |
| 127 | if (pkey == NULL && e == NULL && id == -1) |
| 128 | goto common; |
| 129 | |
| 130 | /* TODO(3.0) Legacy code should be removed when all is provider based */ |
| 131 | /* BEGIN legacy */ |
| 132 | if (id == -1) { |
| 133 | if (pkey == NULL) |
| 134 | return 0; |
| 135 | id = pkey->type; |
| 136 | } |
| 137 | |
| 138 | /* |
| 139 | * Here, we extract what information we can for the purpose of |
| 140 | * supporting usage with implementations from providers, to make |
| 141 | * for a smooth transition from legacy stuff to provider based stuff. |
| 142 | * |
| 143 | * If an engine is given, this is entirely legacy, and we should not |
| 144 | * pretend anything else, so we only set the name when no engine is |
| 145 | * given. If both are already given, someone made a mistake, and |
| 146 | * since that can only happen internally, it's safe to make an |
| 147 | * assertion. |
| 148 | */ |
| 149 | if (!ossl_assert(e == NULL || name == NULL)) |
| 150 | return NULL; |
| 151 | if (e == NULL) |
| 152 | name = OBJ_nid2sn(id); |
| 153 | propquery = NULL; |
| 154 | /* |
| 155 | * We were called using legacy data, or an EVP_PKEY, but an EVP_PKEY |
| 156 | * isn't tied to a specific library context, so we fall back to the |
| 157 | * default library context. |
| 158 | * TODO(v3.0): an EVP_PKEY that doesn't originate from a leagacy key |
| 159 | * structure only has the pkeys[] cache, where the first element is |
| 160 | * considered the "origin". Investigate if that could be a suitable |
| 161 | * way to find a library context. |
| 162 | */ |
| 163 | libctx = NULL; |
| 164 | |
| 165 | #ifndef OPENSSL_NO_ENGINE |
| 166 | if (e == NULL && pkey != NULL) |
| 167 | e = pkey->pmeth_engine != NULL ? pkey->pmeth_engine : pkey->engine; |
| 168 | /* Try to find an ENGINE which implements this method */ |
| 169 | if (e) { |
| 170 | if (!ENGINE_init(e)) { |
| 171 | EVPerr(EVP_F_INT_CTX_NEW, ERR_R_ENGINE_LIB); |
| 172 | return NULL; |
| 173 | } |
| 174 | } else { |
| 175 | e = ENGINE_get_pkey_meth_engine(id); |
| 176 | } |
| 177 | |
| 178 | /* |
| 179 | * If an ENGINE handled this method look it up. Otherwise use internal |
| 180 | * tables. |
| 181 | */ |
| 182 | if (e) |
| 183 | pmeth = ENGINE_get_pkey_meth(e, id); |
| 184 | else |
| 185 | #endif |
| 186 | pmeth = EVP_PKEY_meth_find(id); |
| 187 | |
| 188 | if (pmeth == NULL) { |
| 189 | #ifndef OPENSSL_NO_ENGINE |
| 190 | ENGINE_finish(e); |
| 191 | #endif |
| 192 | EVPerr(EVP_F_INT_CTX_NEW, EVP_R_UNSUPPORTED_ALGORITHM); |
| 193 | return NULL; |
| 194 | } |
| 195 | /* END legacy */ |
| 196 | |
| 197 | common: |
| 198 | ret = OPENSSL_zalloc(sizeof(*ret)); |
| 199 | if (ret == NULL) { |
| 200 | #ifndef OPENSSL_NO_ENGINE |
| 201 | ENGINE_finish(e); |
| 202 | #endif |
| 203 | EVPerr(EVP_F_INT_CTX_NEW, ERR_R_MALLOC_FAILURE); |
| 204 | return NULL; |
| 205 | } |
| 206 | ret->libctx = libctx; |
| 207 | ret->algorithm = name; |
| 208 | ret->propquery = propquery; |
| 209 | ret->engine = e; |
| 210 | ret->pmeth = pmeth; |
| 211 | ret->operation = EVP_PKEY_OP_UNDEFINED; |
| 212 | ret->pkey = pkey; |
| 213 | if (pkey != NULL) |
| 214 | EVP_PKEY_up_ref(pkey); |
| 215 | |
| 216 | if (pmeth != NULL && pmeth->init != NULL) { |
| 217 | if (pmeth->init(ret) <= 0) { |
| 218 | ret->pmeth = NULL; |
| 219 | EVP_PKEY_CTX_free(ret); |
| 220 | return NULL; |
| 221 | } |
| 222 | } |
| 223 | |
| 224 | return ret; |
| 225 | } |
| 226 | |
| 227 | void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx) |
| 228 | { |
| 229 | if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { |
| 230 | if (ctx->op.kex.exchprovctx != NULL && ctx->op.kex.exchange != NULL) |
| 231 | ctx->op.kex.exchange->freectx(ctx->op.kex.exchprovctx); |
| 232 | EVP_KEYEXCH_free(ctx->op.kex.exchange); |
| 233 | ctx->op.kex.exchprovctx = NULL; |
| 234 | ctx->op.kex.exchange = NULL; |
| 235 | } else if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) { |
| 236 | if (ctx->op.sig.sigprovctx != NULL && ctx->op.sig.signature != NULL) |
| 237 | ctx->op.sig.signature->freectx(ctx->op.sig.sigprovctx); |
| 238 | EVP_SIGNATURE_free(ctx->op.sig.signature); |
| 239 | ctx->op.sig.sigprovctx = NULL; |
| 240 | ctx->op.sig.signature = NULL; |
| 241 | } else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) { |
| 242 | if (ctx->op.ciph.ciphprovctx != NULL && ctx->op.ciph.cipher != NULL) |
| 243 | ctx->op.ciph.cipher->freectx(ctx->op.ciph.ciphprovctx); |
| 244 | EVP_ASYM_CIPHER_free(ctx->op.ciph.cipher); |
| 245 | ctx->op.ciph.ciphprovctx = NULL; |
| 246 | ctx->op.ciph.cipher = NULL; |
| 247 | } |
| 248 | } |
| 249 | |
| 250 | EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) |
| 251 | { |
| 252 | EVP_PKEY_METHOD *pmeth; |
| 253 | |
| 254 | pmeth = OPENSSL_zalloc(sizeof(*pmeth)); |
| 255 | if (pmeth == NULL) { |
| 256 | EVPerr(EVP_F_EVP_PKEY_METH_NEW, ERR_R_MALLOC_FAILURE); |
| 257 | return NULL; |
| 258 | } |
| 259 | |
| 260 | pmeth->pkey_id = id; |
| 261 | pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; |
| 262 | return pmeth; |
| 263 | } |
| 264 | |
| 265 | void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, |
| 266 | const EVP_PKEY_METHOD *meth) |
| 267 | { |
| 268 | if (ppkey_id) |
| 269 | *ppkey_id = meth->pkey_id; |
| 270 | if (pflags) |
| 271 | *pflags = meth->flags; |
| 272 | } |
| 273 | |
| 274 | void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src) |
| 275 | { |
| 276 | |
| 277 | dst->init = src->init; |
| 278 | dst->copy = src->copy; |
| 279 | dst->cleanup = src->cleanup; |
| 280 | |
| 281 | dst->paramgen_init = src->paramgen_init; |
| 282 | dst->paramgen = src->paramgen; |
| 283 | |
| 284 | dst->keygen_init = src->keygen_init; |
| 285 | dst->keygen = src->keygen; |
| 286 | |
| 287 | dst->sign_init = src->sign_init; |
| 288 | dst->sign = src->sign; |
| 289 | |
| 290 | dst->verify_init = src->verify_init; |
| 291 | dst->verify = src->verify; |
| 292 | |
| 293 | dst->verify_recover_init = src->verify_recover_init; |
| 294 | dst->verify_recover = src->verify_recover; |
| 295 | |
| 296 | dst->signctx_init = src->signctx_init; |
| 297 | dst->signctx = src->signctx; |
| 298 | |
| 299 | dst->verifyctx_init = src->verifyctx_init; |
| 300 | dst->verifyctx = src->verifyctx; |
| 301 | |
| 302 | dst->encrypt_init = src->encrypt_init; |
| 303 | dst->encrypt = src->encrypt; |
| 304 | |
| 305 | dst->decrypt_init = src->decrypt_init; |
| 306 | dst->decrypt = src->decrypt; |
| 307 | |
| 308 | dst->derive_init = src->derive_init; |
| 309 | dst->derive = src->derive; |
| 310 | |
| 311 | dst->ctrl = src->ctrl; |
| 312 | dst->ctrl_str = src->ctrl_str; |
| 313 | |
| 314 | dst->check = src->check; |
| 315 | } |
| 316 | |
| 317 | void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth) |
| 318 | { |
| 319 | if (pmeth && (pmeth->flags & EVP_PKEY_FLAG_DYNAMIC)) |
| 320 | OPENSSL_free(pmeth); |
| 321 | } |
| 322 | |
| 323 | EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e) |
| 324 | { |
| 325 | return int_ctx_new(NULL, pkey, e, NULL, NULL, -1); |
| 326 | } |
| 327 | |
| 328 | EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e) |
| 329 | { |
| 330 | return int_ctx_new(NULL, NULL, e, NULL, NULL, id); |
| 331 | } |
| 332 | |
| 333 | EVP_PKEY_CTX *EVP_PKEY_CTX_new_provided(OPENSSL_CTX *libctx, |
| 334 | const char *name, |
| 335 | const char *propquery) |
| 336 | { |
| 337 | return int_ctx_new(libctx, NULL, NULL, name, propquery, -1); |
| 338 | } |
| 339 | |
| 340 | EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) |
| 341 | { |
| 342 | EVP_PKEY_CTX *rctx; |
| 343 | |
| 344 | if (((pctx->pmeth == NULL) || (pctx->pmeth->copy == NULL)) |
| 345 | && ((EVP_PKEY_CTX_IS_DERIVE_OP(pctx) |
| 346 | && pctx->op.kex.exchprovctx == NULL) |
| 347 | || (EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx) |
| 348 | && pctx->op.sig.sigprovctx == NULL))) |
| 349 | return NULL; |
| 350 | #ifndef OPENSSL_NO_ENGINE |
| 351 | /* Make sure it's safe to copy a pkey context using an ENGINE */ |
| 352 | if (pctx->engine && !ENGINE_init(pctx->engine)) { |
| 353 | EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_ENGINE_LIB); |
| 354 | return 0; |
| 355 | } |
| 356 | #endif |
| 357 | rctx = OPENSSL_zalloc(sizeof(*rctx)); |
| 358 | if (rctx == NULL) { |
| 359 | EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_MALLOC_FAILURE); |
| 360 | return NULL; |
| 361 | } |
| 362 | |
| 363 | if (pctx->pkey != NULL) |
| 364 | EVP_PKEY_up_ref(pctx->pkey); |
| 365 | rctx->pkey = pctx->pkey; |
| 366 | rctx->operation = pctx->operation; |
| 367 | rctx->libctx = pctx->libctx; |
| 368 | rctx->algorithm = pctx->algorithm; |
| 369 | rctx->propquery = pctx->propquery; |
| 370 | |
| 371 | if (EVP_PKEY_CTX_IS_DERIVE_OP(pctx)) { |
| 372 | if (pctx->op.kex.exchange != NULL) { |
| 373 | rctx->op.kex.exchange = pctx->op.kex.exchange; |
| 374 | if (!EVP_KEYEXCH_up_ref(rctx->op.kex.exchange)) { |
| 375 | OPENSSL_free(rctx); |
| 376 | return NULL; |
| 377 | } |
| 378 | } |
| 379 | if (pctx->op.kex.exchprovctx != NULL) { |
| 380 | if (!ossl_assert(pctx->op.kex.exchange != NULL)) |
| 381 | return NULL; |
| 382 | rctx->op.kex.exchprovctx |
| 383 | = pctx->op.kex.exchange->dupctx(pctx->op.kex.exchprovctx); |
| 384 | if (rctx->op.kex.exchprovctx == NULL) { |
| 385 | EVP_KEYEXCH_free(rctx->op.kex.exchange); |
| 386 | OPENSSL_free(rctx); |
| 387 | return NULL; |
| 388 | } |
| 389 | return rctx; |
| 390 | } |
| 391 | } else if (EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx)) { |
| 392 | if (pctx->op.sig.signature != NULL) { |
| 393 | rctx->op.sig.signature = pctx->op.sig.signature; |
| 394 | if (!EVP_SIGNATURE_up_ref(rctx->op.sig.signature)) { |
| 395 | OPENSSL_free(rctx); |
| 396 | return NULL; |
| 397 | } |
| 398 | } |
| 399 | if (pctx->op.sig.sigprovctx != NULL) { |
| 400 | if (!ossl_assert(pctx->op.sig.signature != NULL)) |
| 401 | return NULL; |
| 402 | rctx->op.sig.sigprovctx |
| 403 | = pctx->op.sig.signature->dupctx(pctx->op.sig.sigprovctx); |
| 404 | if (rctx->op.sig.sigprovctx == NULL) { |
| 405 | EVP_SIGNATURE_free(rctx->op.sig.signature); |
| 406 | OPENSSL_free(rctx); |
| 407 | return NULL; |
| 408 | } |
| 409 | return rctx; |
| 410 | } |
| 411 | } else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(pctx)) { |
| 412 | if (pctx->op.ciph.cipher != NULL) { |
| 413 | rctx->op.ciph.cipher = pctx->op.ciph.cipher; |
| 414 | if (!EVP_ASYM_CIPHER_up_ref(rctx->op.ciph.cipher)) { |
| 415 | OPENSSL_free(rctx); |
| 416 | return NULL; |
| 417 | } |
| 418 | } |
| 419 | if (pctx->op.ciph.ciphprovctx != NULL) { |
| 420 | if (!ossl_assert(pctx->op.ciph.cipher != NULL)) |
| 421 | return NULL; |
| 422 | rctx->op.ciph.ciphprovctx |
| 423 | = pctx->op.ciph.cipher->dupctx(pctx->op.ciph.ciphprovctx); |
| 424 | if (rctx->op.ciph.ciphprovctx == NULL) { |
| 425 | EVP_ASYM_CIPHER_free(rctx->op.ciph.cipher); |
| 426 | OPENSSL_free(rctx); |
| 427 | return NULL; |
| 428 | } |
| 429 | return rctx; |
| 430 | } |
| 431 | } |
| 432 | |
| 433 | rctx->pmeth = pctx->pmeth; |
| 434 | #ifndef OPENSSL_NO_ENGINE |
| 435 | rctx->engine = pctx->engine; |
| 436 | #endif |
| 437 | |
| 438 | if (pctx->peerkey) |
| 439 | EVP_PKEY_up_ref(pctx->peerkey); |
| 440 | rctx->peerkey = pctx->peerkey; |
| 441 | |
| 442 | if (pctx->pmeth->copy(rctx, pctx) > 0) |
| 443 | return rctx; |
| 444 | |
| 445 | rctx->pmeth = NULL; |
| 446 | EVP_PKEY_CTX_free(rctx); |
| 447 | return NULL; |
| 448 | |
| 449 | } |
| 450 | |
| 451 | int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth) |
| 452 | { |
| 453 | if (app_pkey_methods == NULL) { |
| 454 | app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp); |
| 455 | if (app_pkey_methods == NULL){ |
| 456 | EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE); |
| 457 | return 0; |
| 458 | } |
| 459 | } |
| 460 | if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) { |
| 461 | EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE); |
| 462 | return 0; |
| 463 | } |
| 464 | sk_EVP_PKEY_METHOD_sort(app_pkey_methods); |
| 465 | return 1; |
| 466 | } |
| 467 | |
| 468 | void evp_app_cleanup_int(void) |
| 469 | { |
| 470 | if (app_pkey_methods != NULL) |
| 471 | sk_EVP_PKEY_METHOD_pop_free(app_pkey_methods, EVP_PKEY_meth_free); |
| 472 | } |
| 473 | |
| 474 | int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth) |
| 475 | { |
| 476 | const EVP_PKEY_METHOD *ret; |
| 477 | |
| 478 | ret = sk_EVP_PKEY_METHOD_delete_ptr(app_pkey_methods, pmeth); |
| 479 | |
| 480 | return ret == NULL ? 0 : 1; |
| 481 | } |
| 482 | |
| 483 | size_t EVP_PKEY_meth_get_count(void) |
| 484 | { |
| 485 | size_t rv = OSSL_NELEM(standard_methods); |
| 486 | |
| 487 | if (app_pkey_methods) |
| 488 | rv += sk_EVP_PKEY_METHOD_num(app_pkey_methods); |
| 489 | return rv; |
| 490 | } |
| 491 | |
| 492 | const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx) |
| 493 | { |
| 494 | if (idx < OSSL_NELEM(standard_methods)) |
| 495 | return (standard_methods[idx])(); |
| 496 | if (app_pkey_methods == NULL) |
| 497 | return NULL; |
| 498 | idx -= OSSL_NELEM(standard_methods); |
| 499 | if (idx >= (size_t)sk_EVP_PKEY_METHOD_num(app_pkey_methods)) |
| 500 | return NULL; |
| 501 | return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx); |
| 502 | } |
| 503 | |
| 504 | void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) |
| 505 | { |
| 506 | if (ctx == NULL) |
| 507 | return; |
| 508 | if (ctx->pmeth && ctx->pmeth->cleanup) |
| 509 | ctx->pmeth->cleanup(ctx); |
| 510 | |
| 511 | evp_pkey_ctx_free_old_ops(ctx); |
| 512 | EVP_KEYMGMT_free(ctx->keymgmt); |
| 513 | |
| 514 | EVP_PKEY_free(ctx->pkey); |
| 515 | EVP_PKEY_free(ctx->peerkey); |
| 516 | #ifndef OPENSSL_NO_ENGINE |
| 517 | ENGINE_finish(ctx->engine); |
| 518 | #endif |
| 519 | OPENSSL_free(ctx); |
| 520 | } |
| 521 | |
| 522 | int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) |
| 523 | { |
| 524 | if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) |
| 525 | && ctx->op.sig.sigprovctx != NULL |
| 526 | && ctx->op.sig.signature != NULL |
| 527 | && ctx->op.sig.signature->get_ctx_params != NULL) |
| 528 | return ctx->op.sig.signature->get_ctx_params(ctx->op.sig.sigprovctx, |
| 529 | params); |
| 530 | if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) |
| 531 | && ctx->op.ciph.ciphprovctx != NULL |
| 532 | && ctx->op.ciph.cipher != NULL |
| 533 | && ctx->op.ciph.cipher->get_ctx_params != NULL) |
| 534 | return ctx->op.ciph.cipher->get_ctx_params(ctx->op.ciph.ciphprovctx, |
| 535 | params); |
| 536 | return 0; |
| 537 | } |
| 538 | |
| 539 | const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx) |
| 540 | { |
| 541 | if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) |
| 542 | && ctx->op.sig.signature != NULL |
| 543 | && ctx->op.sig.signature->gettable_ctx_params != NULL) |
| 544 | return ctx->op.sig.signature->gettable_ctx_params(); |
| 545 | |
| 546 | if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) |
| 547 | && ctx->op.ciph.cipher != NULL |
| 548 | && ctx->op.ciph.cipher->gettable_ctx_params != NULL) |
| 549 | return ctx->op.ciph.cipher->gettable_ctx_params(); |
| 550 | |
| 551 | return NULL; |
| 552 | } |
| 553 | |
| 554 | int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) |
| 555 | { |
| 556 | if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) |
| 557 | && ctx->op.kex.exchprovctx != NULL |
| 558 | && ctx->op.kex.exchange != NULL |
| 559 | && ctx->op.kex.exchange->set_ctx_params != NULL) |
| 560 | return ctx->op.kex.exchange->set_ctx_params(ctx->op.kex.exchprovctx, |
| 561 | params); |
| 562 | if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) |
| 563 | && ctx->op.sig.sigprovctx != NULL |
| 564 | && ctx->op.sig.signature != NULL |
| 565 | && ctx->op.sig.signature->set_ctx_params != NULL) |
| 566 | return ctx->op.sig.signature->set_ctx_params(ctx->op.sig.sigprovctx, |
| 567 | params); |
| 568 | if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) |
| 569 | && ctx->op.ciph.ciphprovctx != NULL |
| 570 | && ctx->op.ciph.cipher != NULL |
| 571 | && ctx->op.ciph.cipher->set_ctx_params != NULL) |
| 572 | return ctx->op.ciph.cipher->set_ctx_params(ctx->op.ciph.ciphprovctx, |
| 573 | params); |
| 574 | return 0; |
| 575 | } |
| 576 | |
| 577 | const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx) |
| 578 | { |
| 579 | if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) |
| 580 | && ctx->op.kex.exchange != NULL |
| 581 | && ctx->op.kex.exchange->settable_ctx_params != NULL) |
| 582 | return ctx->op.kex.exchange->settable_ctx_params(); |
| 583 | if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) |
| 584 | && ctx->op.sig.signature != NULL |
| 585 | && ctx->op.sig.signature->settable_ctx_params != NULL) |
| 586 | return ctx->op.sig.signature->settable_ctx_params(); |
| 587 | if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) |
| 588 | && ctx->op.ciph.cipher != NULL |
| 589 | && ctx->op.ciph.cipher->settable_ctx_params != NULL) |
| 590 | return ctx->op.ciph.cipher->settable_ctx_params(); |
| 591 | |
| 592 | return NULL; |
| 593 | } |
| 594 | |
| 595 | #ifndef OPENSSL_NO_DH |
| 596 | int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad) |
| 597 | { |
| 598 | OSSL_PARAM dh_pad_params[2]; |
| 599 | unsigned int upad = pad; |
| 600 | |
| 601 | /* We use EVP_PKEY_CTX_ctrl return values */ |
| 602 | if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { |
| 603 | ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); |
| 604 | return -2; |
| 605 | } |
| 606 | |
| 607 | /* TODO(3.0): Remove this eventually when no more legacy */ |
| 608 | if (ctx->op.kex.exchprovctx == NULL) |
| 609 | return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE, |
| 610 | EVP_PKEY_CTRL_DH_PAD, pad, NULL); |
| 611 | |
| 612 | dh_pad_params[0] = OSSL_PARAM_construct_uint(OSSL_EXCHANGE_PARAM_PAD, &upad); |
| 613 | dh_pad_params[1] = OSSL_PARAM_construct_end(); |
| 614 | |
| 615 | return EVP_PKEY_CTX_set_params(ctx, dh_pad_params); |
| 616 | } |
| 617 | #endif |
| 618 | |
| 619 | int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md) |
| 620 | { |
| 621 | OSSL_PARAM sig_md_params[3], *p = sig_md_params; |
| 622 | /* 80 should be big enough */ |
| 623 | char name[80] = ""; |
| 624 | const EVP_MD *tmp; |
| 625 | |
| 626 | if (ctx == NULL || !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) { |
| 627 | ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); |
| 628 | /* Uses the same return values as EVP_PKEY_CTX_ctrl */ |
| 629 | return -2; |
| 630 | } |
| 631 | |
| 632 | /* TODO(3.0): Remove this eventually when no more legacy */ |
| 633 | if (ctx->op.sig.sigprovctx == NULL) |
| 634 | return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, |
| 635 | EVP_PKEY_CTRL_GET_MD, 0, (void *)(md)); |
| 636 | |
| 637 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, |
| 638 | name, |
| 639 | sizeof(name)); |
| 640 | *p++ = OSSL_PARAM_construct_end(); |
| 641 | |
| 642 | if (!EVP_PKEY_CTX_get_params(ctx, sig_md_params)) |
| 643 | return 0; |
| 644 | |
| 645 | tmp = evp_get_digestbyname_ex(ctx->libctx, name); |
| 646 | if (tmp == NULL) |
| 647 | return 0; |
| 648 | |
| 649 | *md = tmp; |
| 650 | |
| 651 | return 1; |
| 652 | } |
| 653 | |
| 654 | int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) |
| 655 | { |
| 656 | OSSL_PARAM sig_md_params[3], *p = sig_md_params; |
| 657 | size_t mdsize; |
| 658 | const char *name; |
| 659 | |
| 660 | if (ctx == NULL || !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) { |
| 661 | ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); |
| 662 | /* Uses the same return values as EVP_PKEY_CTX_ctrl */ |
| 663 | return -2; |
| 664 | } |
| 665 | |
| 666 | /* TODO(3.0): Remove this eventually when no more legacy */ |
| 667 | if (ctx->op.sig.sigprovctx == NULL) |
| 668 | return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, |
| 669 | EVP_PKEY_CTRL_MD, 0, (void *)(md)); |
| 670 | |
| 671 | if (md == NULL) { |
| 672 | name = ""; |
| 673 | mdsize = 0; |
| 674 | } else { |
| 675 | mdsize = EVP_MD_size(md); |
| 676 | name = EVP_MD_name(md); |
| 677 | } |
| 678 | |
| 679 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, |
| 680 | /* |
| 681 | * Cast away the const. This is read |
| 682 | * only so should be safe |
| 683 | */ |
| 684 | (char *)name, |
| 685 | strlen(name) + 1); |
| 686 | *p++ = OSSL_PARAM_construct_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, |
| 687 | &mdsize); |
| 688 | *p++ = OSSL_PARAM_construct_end(); |
| 689 | |
| 690 | return EVP_PKEY_CTX_set_params(ctx, sig_md_params); |
| 691 | } |
| 692 | |
| 693 | static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype, |
| 694 | int cmd, int p1, void *p2) |
| 695 | { |
| 696 | switch (cmd) { |
| 697 | #ifndef OPENSSL_NO_DH |
| 698 | case EVP_PKEY_CTRL_DH_PAD: |
| 699 | return EVP_PKEY_CTX_set_dh_pad(ctx, p1); |
| 700 | #endif |
| 701 | case EVP_PKEY_CTRL_MD: |
| 702 | return EVP_PKEY_CTX_set_signature_md(ctx, p2); |
| 703 | case EVP_PKEY_CTRL_GET_MD: |
| 704 | return EVP_PKEY_CTX_get_signature_md(ctx, p2); |
| 705 | case EVP_PKEY_CTRL_RSA_PADDING: |
| 706 | return EVP_PKEY_CTX_set_rsa_padding(ctx, p1); |
| 707 | case EVP_PKEY_CTRL_GET_RSA_PADDING: |
| 708 | return EVP_PKEY_CTX_get_rsa_padding(ctx, p2); |
| 709 | case EVP_PKEY_CTRL_RSA_OAEP_MD: |
| 710 | return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, p2); |
| 711 | case EVP_PKEY_CTRL_GET_RSA_OAEP_MD: |
| 712 | return EVP_PKEY_CTX_get_rsa_oaep_md(ctx, p2); |
| 713 | case EVP_PKEY_CTRL_RSA_MGF1_MD: |
| 714 | return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, p2); |
| 715 | case EVP_PKEY_CTRL_GET_RSA_MGF1_MD: |
| 716 | return EVP_PKEY_CTX_get_rsa_oaep_md(ctx, p2); |
| 717 | case EVP_PKEY_CTRL_RSA_OAEP_LABEL: |
| 718 | return EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, p2, p1); |
| 719 | case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL: |
| 720 | return EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, (unsigned char **)p2); |
| 721 | case EVP_PKEY_CTRL_PKCS7_ENCRYPT: |
| 722 | case EVP_PKEY_CTRL_PKCS7_DECRYPT: |
| 723 | #ifndef OPENSSL_NO_CMS |
| 724 | case EVP_PKEY_CTRL_CMS_DECRYPT: |
| 725 | case EVP_PKEY_CTRL_CMS_ENCRYPT: |
| 726 | #endif |
| 727 | if (ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS) |
| 728 | return 1; |
| 729 | ERR_raise(ERR_LIB_EVP, |
| 730 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
| 731 | return -2; |
| 732 | } |
| 733 | return 0; |
| 734 | } |
| 735 | |
| 736 | int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, |
| 737 | int cmd, int p1, void *p2) |
| 738 | { |
| 739 | int ret; |
| 740 | |
| 741 | if (ctx == NULL) { |
| 742 | EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); |
| 743 | return -2; |
| 744 | } |
| 745 | |
| 746 | if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx) && ctx->op.kex.exchprovctx != NULL) |
| 747 | || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) |
| 748 | && ctx->op.sig.sigprovctx != NULL) |
| 749 | || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) |
| 750 | && ctx->op.ciph.ciphprovctx != NULL)) |
| 751 | return legacy_ctrl_to_param(ctx, keytype, optype, cmd, p1, p2); |
| 752 | |
| 753 | if (ctx->pmeth == NULL || ctx->pmeth->ctrl == NULL) { |
| 754 | EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); |
| 755 | return -2; |
| 756 | } |
| 757 | if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype)) |
| 758 | return -1; |
| 759 | |
| 760 | /* Skip the operation checks since this is called in a very early stage */ |
| 761 | if (ctx->pmeth->digest_custom != NULL) |
| 762 | goto doit; |
| 763 | |
| 764 | if (ctx->operation == EVP_PKEY_OP_UNDEFINED) { |
| 765 | EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_NO_OPERATION_SET); |
| 766 | return -1; |
| 767 | } |
| 768 | |
| 769 | if ((optype != -1) && !(ctx->operation & optype)) { |
| 770 | EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_INVALID_OPERATION); |
| 771 | return -1; |
| 772 | } |
| 773 | |
| 774 | doit: |
| 775 | ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2); |
| 776 | |
| 777 | if (ret == -2) |
| 778 | EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); |
| 779 | |
| 780 | return ret; |
| 781 | } |
| 782 | |
| 783 | int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, |
| 784 | int cmd, uint64_t value) |
| 785 | { |
| 786 | return EVP_PKEY_CTX_ctrl(ctx, keytype, optype, cmd, 0, &value); |
| 787 | } |
| 788 | |
| 789 | static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, |
| 790 | const char *value) |
| 791 | { |
| 792 | #ifndef OPENSSL_NO_DH |
| 793 | if (strcmp(name, "dh_pad") == 0) { |
| 794 | int pad; |
| 795 | |
| 796 | pad = atoi(value); |
| 797 | return EVP_PKEY_CTX_set_dh_pad(ctx, pad); |
| 798 | } |
| 799 | #endif |
| 800 | if (strcmp(name, "digest") == 0) { |
| 801 | int ret; |
| 802 | EVP_MD *md; |
| 803 | |
| 804 | if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) || ctx->op.sig.signature == NULL) |
| 805 | return 0; |
| 806 | md = EVP_MD_fetch(ossl_provider_library_context(ctx->op.sig.signature->prov), |
| 807 | value, NULL); |
| 808 | if (md == NULL) |
| 809 | return 0; |
| 810 | ret = EVP_PKEY_CTX_set_signature_md(ctx, md); |
| 811 | EVP_MD_meth_free(md); |
| 812 | return ret; |
| 813 | } |
| 814 | |
| 815 | if (strcmp(name, "rsa_padding_mode") == 0) { |
| 816 | int pm; |
| 817 | |
| 818 | if (strcmp(value, "pkcs1") == 0) { |
| 819 | pm = RSA_PKCS1_PADDING; |
| 820 | } else if (strcmp(value, "sslv23") == 0) { |
| 821 | pm = RSA_SSLV23_PADDING; |
| 822 | } else if (strcmp(value, "none") == 0) { |
| 823 | pm = RSA_NO_PADDING; |
| 824 | } else if (strcmp(value, "oeap") == 0) { |
| 825 | pm = RSA_PKCS1_OAEP_PADDING; |
| 826 | } else if (strcmp(value, "oaep") == 0) { |
| 827 | pm = RSA_PKCS1_OAEP_PADDING; |
| 828 | } else if (strcmp(value, "x931") == 0) { |
| 829 | pm = RSA_X931_PADDING; |
| 830 | } else if (strcmp(value, "pss") == 0) { |
| 831 | pm = RSA_PKCS1_PSS_PADDING; |
| 832 | } else { |
| 833 | ERR_raise(ERR_LIB_RSA, RSA_R_UNKNOWN_PADDING_TYPE); |
| 834 | return -2; |
| 835 | } |
| 836 | return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); |
| 837 | } |
| 838 | |
| 839 | if (strcmp(name, "rsa_mgf1_md") == 0) |
| 840 | return EVP_PKEY_CTX_set_rsa_mgf1_md_name(ctx, value, NULL); |
| 841 | |
| 842 | if (strcmp(name, "rsa_oaep_md") == 0) |
| 843 | return EVP_PKEY_CTX_set_rsa_oaep_md_name(ctx, value, NULL); |
| 844 | |
| 845 | if (strcmp(name, "rsa_oaep_label") == 0) { |
| 846 | unsigned char *lab; |
| 847 | long lablen; |
| 848 | int ret; |
| 849 | |
| 850 | lab = OPENSSL_hexstr2buf(value, &lablen); |
| 851 | if (lab == NULL) |
| 852 | return 0; |
| 853 | ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen); |
| 854 | if (ret <= 0) |
| 855 | OPENSSL_free(lab); |
| 856 | return ret; |
| 857 | } |
| 858 | |
| 859 | |
| 860 | |
| 861 | return 0; |
| 862 | } |
| 863 | |
| 864 | int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, |
| 865 | const char *name, const char *value) |
| 866 | { |
| 867 | if (ctx == NULL) { |
| 868 | EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED); |
| 869 | return -2; |
| 870 | } |
| 871 | |
| 872 | if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx) && ctx->op.kex.exchprovctx != NULL) |
| 873 | || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) |
| 874 | && ctx->op.sig.sigprovctx != NULL) |
| 875 | || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) |
| 876 | && ctx->op.ciph.ciphprovctx != NULL)) |
| 877 | return legacy_ctrl_str_to_param(ctx, name, value); |
| 878 | |
| 879 | if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) { |
| 880 | EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED); |
| 881 | return -2; |
| 882 | } |
| 883 | if (strcmp(name, "digest") == 0) |
| 884 | return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD, |
| 885 | value); |
| 886 | return ctx->pmeth->ctrl_str(ctx, name, value); |
| 887 | } |
| 888 | |
| 889 | /* Utility functions to send a string of hex string to a ctrl */ |
| 890 | |
| 891 | int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str) |
| 892 | { |
| 893 | size_t len; |
| 894 | |
| 895 | len = strlen(str); |
| 896 | if (len > INT_MAX) |
| 897 | return -1; |
| 898 | return ctx->pmeth->ctrl(ctx, cmd, len, (void *)str); |
| 899 | } |
| 900 | |
| 901 | int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex) |
| 902 | { |
| 903 | unsigned char *bin; |
| 904 | long binlen; |
| 905 | int rv = -1; |
| 906 | |
| 907 | bin = OPENSSL_hexstr2buf(hex, &binlen); |
| 908 | if (bin == NULL) |
| 909 | return 0; |
| 910 | if (binlen <= INT_MAX) |
| 911 | rv = ctx->pmeth->ctrl(ctx, cmd, binlen, bin); |
| 912 | OPENSSL_free(bin); |
| 913 | return rv; |
| 914 | } |
| 915 | |
| 916 | /* Pass a message digest to a ctrl */ |
| 917 | int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md) |
| 918 | { |
| 919 | const EVP_MD *m; |
| 920 | |
| 921 | if (md == NULL || (m = EVP_get_digestbyname(md)) == NULL) { |
| 922 | EVPerr(EVP_F_EVP_PKEY_CTX_MD, EVP_R_INVALID_DIGEST); |
| 923 | return 0; |
| 924 | } |
| 925 | return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, 0, (void *)m); |
| 926 | } |
| 927 | |
| 928 | int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx) |
| 929 | { |
| 930 | return ctx->operation; |
| 931 | } |
| 932 | |
| 933 | void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen) |
| 934 | { |
| 935 | ctx->keygen_info = dat; |
| 936 | ctx->keygen_info_count = datlen; |
| 937 | } |
| 938 | |
| 939 | void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data) |
| 940 | { |
| 941 | ctx->data = data; |
| 942 | } |
| 943 | |
| 944 | void *EVP_PKEY_CTX_get_data(const EVP_PKEY_CTX *ctx) |
| 945 | { |
| 946 | return ctx->data; |
| 947 | } |
| 948 | |
| 949 | EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx) |
| 950 | { |
| 951 | return ctx->pkey; |
| 952 | } |
| 953 | |
| 954 | EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx) |
| 955 | { |
| 956 | return ctx->peerkey; |
| 957 | } |
| 958 | |
| 959 | void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data) |
| 960 | { |
| 961 | ctx->app_data = data; |
| 962 | } |
| 963 | |
| 964 | void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx) |
| 965 | { |
| 966 | return ctx->app_data; |
| 967 | } |
| 968 | |
| 969 | void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, |
| 970 | int (*init) (EVP_PKEY_CTX *ctx)) |
| 971 | { |
| 972 | pmeth->init = init; |
| 973 | } |
| 974 | |
| 975 | void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, |
| 976 | int (*copy) (EVP_PKEY_CTX *dst, |
| 977 | const EVP_PKEY_CTX *src)) |
| 978 | { |
| 979 | pmeth->copy = copy; |
| 980 | } |
| 981 | |
| 982 | void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, |
| 983 | void (*cleanup) (EVP_PKEY_CTX *ctx)) |
| 984 | { |
| 985 | pmeth->cleanup = cleanup; |
| 986 | } |
| 987 | |
| 988 | void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, |
| 989 | int (*paramgen_init) (EVP_PKEY_CTX *ctx), |
| 990 | int (*paramgen) (EVP_PKEY_CTX *ctx, |
| 991 | EVP_PKEY *pkey)) |
| 992 | { |
| 993 | pmeth->paramgen_init = paramgen_init; |
| 994 | pmeth->paramgen = paramgen; |
| 995 | } |
| 996 | |
| 997 | void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, |
| 998 | int (*keygen_init) (EVP_PKEY_CTX *ctx), |
| 999 | int (*keygen) (EVP_PKEY_CTX *ctx, |
| 1000 | EVP_PKEY *pkey)) |
| 1001 | { |
| 1002 | pmeth->keygen_init = keygen_init; |
| 1003 | pmeth->keygen = keygen; |
| 1004 | } |
| 1005 | |
| 1006 | void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, |
| 1007 | int (*sign_init) (EVP_PKEY_CTX *ctx), |
| 1008 | int (*sign) (EVP_PKEY_CTX *ctx, |
| 1009 | unsigned char *sig, size_t *siglen, |
| 1010 | const unsigned char *tbs, |
| 1011 | size_t tbslen)) |
| 1012 | { |
| 1013 | pmeth->sign_init = sign_init; |
| 1014 | pmeth->sign = sign; |
| 1015 | } |
| 1016 | |
| 1017 | void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, |
| 1018 | int (*verify_init) (EVP_PKEY_CTX *ctx), |
| 1019 | int (*verify) (EVP_PKEY_CTX *ctx, |
| 1020 | const unsigned char *sig, |
| 1021 | size_t siglen, |
| 1022 | const unsigned char *tbs, |
| 1023 | size_t tbslen)) |
| 1024 | { |
| 1025 | pmeth->verify_init = verify_init; |
| 1026 | pmeth->verify = verify; |
| 1027 | } |
| 1028 | |
| 1029 | void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, |
| 1030 | int (*verify_recover_init) (EVP_PKEY_CTX |
| 1031 | *ctx), |
| 1032 | int (*verify_recover) (EVP_PKEY_CTX |
| 1033 | *ctx, |
| 1034 | unsigned char |
| 1035 | *sig, |
| 1036 | size_t *siglen, |
| 1037 | const unsigned |
| 1038 | char *tbs, |
| 1039 | size_t tbslen)) |
| 1040 | { |
| 1041 | pmeth->verify_recover_init = verify_recover_init; |
| 1042 | pmeth->verify_recover = verify_recover; |
| 1043 | } |
| 1044 | |
| 1045 | void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, |
| 1046 | int (*signctx_init) (EVP_PKEY_CTX *ctx, |
| 1047 | EVP_MD_CTX *mctx), |
| 1048 | int (*signctx) (EVP_PKEY_CTX *ctx, |
| 1049 | unsigned char *sig, |
| 1050 | size_t *siglen, |
| 1051 | EVP_MD_CTX *mctx)) |
| 1052 | { |
| 1053 | pmeth->signctx_init = signctx_init; |
| 1054 | pmeth->signctx = signctx; |
| 1055 | } |
| 1056 | |
| 1057 | void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, |
| 1058 | int (*verifyctx_init) (EVP_PKEY_CTX *ctx, |
| 1059 | EVP_MD_CTX *mctx), |
| 1060 | int (*verifyctx) (EVP_PKEY_CTX *ctx, |
| 1061 | const unsigned char *sig, |
| 1062 | int siglen, |
| 1063 | EVP_MD_CTX *mctx)) |
| 1064 | { |
| 1065 | pmeth->verifyctx_init = verifyctx_init; |
| 1066 | pmeth->verifyctx = verifyctx; |
| 1067 | } |
| 1068 | |
| 1069 | void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, |
| 1070 | int (*encrypt_init) (EVP_PKEY_CTX *ctx), |
| 1071 | int (*encryptfn) (EVP_PKEY_CTX *ctx, |
| 1072 | unsigned char *out, |
| 1073 | size_t *outlen, |
| 1074 | const unsigned char *in, |
| 1075 | size_t inlen)) |
| 1076 | { |
| 1077 | pmeth->encrypt_init = encrypt_init; |
| 1078 | pmeth->encrypt = encryptfn; |
| 1079 | } |
| 1080 | |
| 1081 | void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, |
| 1082 | int (*decrypt_init) (EVP_PKEY_CTX *ctx), |
| 1083 | int (*decrypt) (EVP_PKEY_CTX *ctx, |
| 1084 | unsigned char *out, |
| 1085 | size_t *outlen, |
| 1086 | const unsigned char *in, |
| 1087 | size_t inlen)) |
| 1088 | { |
| 1089 | pmeth->decrypt_init = decrypt_init; |
| 1090 | pmeth->decrypt = decrypt; |
| 1091 | } |
| 1092 | |
| 1093 | void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, |
| 1094 | int (*derive_init) (EVP_PKEY_CTX *ctx), |
| 1095 | int (*derive) (EVP_PKEY_CTX *ctx, |
| 1096 | unsigned char *key, |
| 1097 | size_t *keylen)) |
| 1098 | { |
| 1099 | pmeth->derive_init = derive_init; |
| 1100 | pmeth->derive = derive; |
| 1101 | } |
| 1102 | |
| 1103 | void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, |
| 1104 | int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, |
| 1105 | void *p2), |
| 1106 | int (*ctrl_str) (EVP_PKEY_CTX *ctx, |
| 1107 | const char *type, |
| 1108 | const char *value)) |
| 1109 | { |
| 1110 | pmeth->ctrl = ctrl; |
| 1111 | pmeth->ctrl_str = ctrl_str; |
| 1112 | } |
| 1113 | |
| 1114 | void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, |
| 1115 | int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, |
| 1116 | const unsigned char *tbs, size_t tbslen)) |
| 1117 | { |
| 1118 | pmeth->digestsign = digestsign; |
| 1119 | } |
| 1120 | |
| 1121 | void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, |
| 1122 | int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, |
| 1123 | size_t siglen, const unsigned char *tbs, |
| 1124 | size_t tbslen)) |
| 1125 | { |
| 1126 | pmeth->digestverify = digestverify; |
| 1127 | } |
| 1128 | |
| 1129 | void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, |
| 1130 | int (*check) (EVP_PKEY *pkey)) |
| 1131 | { |
| 1132 | pmeth->check = check; |
| 1133 | } |
| 1134 | |
| 1135 | void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, |
| 1136 | int (*check) (EVP_PKEY *pkey)) |
| 1137 | { |
| 1138 | pmeth->public_check = check; |
| 1139 | } |
| 1140 | |
| 1141 | void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, |
| 1142 | int (*check) (EVP_PKEY *pkey)) |
| 1143 | { |
| 1144 | pmeth->param_check = check; |
| 1145 | } |
| 1146 | |
| 1147 | void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, |
| 1148 | int (*digest_custom) (EVP_PKEY_CTX *ctx, |
| 1149 | EVP_MD_CTX *mctx)) |
| 1150 | { |
| 1151 | pmeth->digest_custom = digest_custom; |
| 1152 | } |
| 1153 | |
| 1154 | void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, |
| 1155 | int (**pinit) (EVP_PKEY_CTX *ctx)) |
| 1156 | { |
| 1157 | *pinit = pmeth->init; |
| 1158 | } |
| 1159 | |
| 1160 | void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, |
| 1161 | int (**pcopy) (EVP_PKEY_CTX *dst, |
| 1162 | const EVP_PKEY_CTX *src)) |
| 1163 | { |
| 1164 | *pcopy = pmeth->copy; |
| 1165 | } |
| 1166 | |
| 1167 | void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, |
| 1168 | void (**pcleanup) (EVP_PKEY_CTX *ctx)) |
| 1169 | { |
| 1170 | *pcleanup = pmeth->cleanup; |
| 1171 | } |
| 1172 | |
| 1173 | void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, |
| 1174 | int (**pparamgen_init) (EVP_PKEY_CTX *ctx), |
| 1175 | int (**pparamgen) (EVP_PKEY_CTX *ctx, |
| 1176 | EVP_PKEY *pkey)) |
| 1177 | { |
| 1178 | if (pparamgen_init) |
| 1179 | *pparamgen_init = pmeth->paramgen_init; |
| 1180 | if (pparamgen) |
| 1181 | *pparamgen = pmeth->paramgen; |
| 1182 | } |
| 1183 | |
| 1184 | void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, |
| 1185 | int (**pkeygen_init) (EVP_PKEY_CTX *ctx), |
| 1186 | int (**pkeygen) (EVP_PKEY_CTX *ctx, |
| 1187 | EVP_PKEY *pkey)) |
| 1188 | { |
| 1189 | if (pkeygen_init) |
| 1190 | *pkeygen_init = pmeth->keygen_init; |
| 1191 | if (pkeygen) |
| 1192 | *pkeygen = pmeth->keygen; |
| 1193 | } |
| 1194 | |
| 1195 | void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, |
| 1196 | int (**psign_init) (EVP_PKEY_CTX *ctx), |
| 1197 | int (**psign) (EVP_PKEY_CTX *ctx, |
| 1198 | unsigned char *sig, size_t *siglen, |
| 1199 | const unsigned char *tbs, |
| 1200 | size_t tbslen)) |
| 1201 | { |
| 1202 | if (psign_init) |
| 1203 | *psign_init = pmeth->sign_init; |
| 1204 | if (psign) |
| 1205 | *psign = pmeth->sign; |
| 1206 | } |
| 1207 | |
| 1208 | void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, |
| 1209 | int (**pverify_init) (EVP_PKEY_CTX *ctx), |
| 1210 | int (**pverify) (EVP_PKEY_CTX *ctx, |
| 1211 | const unsigned char *sig, |
| 1212 | size_t siglen, |
| 1213 | const unsigned char *tbs, |
| 1214 | size_t tbslen)) |
| 1215 | { |
| 1216 | if (pverify_init) |
| 1217 | *pverify_init = pmeth->verify_init; |
| 1218 | if (pverify) |
| 1219 | *pverify = pmeth->verify; |
| 1220 | } |
| 1221 | |
| 1222 | void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, |
| 1223 | int (**pverify_recover_init) (EVP_PKEY_CTX |
| 1224 | *ctx), |
| 1225 | int (**pverify_recover) (EVP_PKEY_CTX |
| 1226 | *ctx, |
| 1227 | unsigned char |
| 1228 | *sig, |
| 1229 | size_t *siglen, |
| 1230 | const unsigned |
| 1231 | char *tbs, |
| 1232 | size_t tbslen)) |
| 1233 | { |
| 1234 | if (pverify_recover_init) |
| 1235 | *pverify_recover_init = pmeth->verify_recover_init; |
| 1236 | if (pverify_recover) |
| 1237 | *pverify_recover = pmeth->verify_recover; |
| 1238 | } |
| 1239 | |
| 1240 | void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, |
| 1241 | int (**psignctx_init) (EVP_PKEY_CTX *ctx, |
| 1242 | EVP_MD_CTX *mctx), |
| 1243 | int (**psignctx) (EVP_PKEY_CTX *ctx, |
| 1244 | unsigned char *sig, |
| 1245 | size_t *siglen, |
| 1246 | EVP_MD_CTX *mctx)) |
| 1247 | { |
| 1248 | if (psignctx_init) |
| 1249 | *psignctx_init = pmeth->signctx_init; |
| 1250 | if (psignctx) |
| 1251 | *psignctx = pmeth->signctx; |
| 1252 | } |
| 1253 | |
| 1254 | void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, |
| 1255 | int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, |
| 1256 | EVP_MD_CTX *mctx), |
| 1257 | int (**pverifyctx) (EVP_PKEY_CTX *ctx, |
| 1258 | const unsigned char *sig, |
| 1259 | int siglen, |
| 1260 | EVP_MD_CTX *mctx)) |
| 1261 | { |
| 1262 | if (pverifyctx_init) |
| 1263 | *pverifyctx_init = pmeth->verifyctx_init; |
| 1264 | if (pverifyctx) |
| 1265 | *pverifyctx = pmeth->verifyctx; |
| 1266 | } |
| 1267 | |
| 1268 | void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, |
| 1269 | int (**pencrypt_init) (EVP_PKEY_CTX *ctx), |
| 1270 | int (**pencryptfn) (EVP_PKEY_CTX *ctx, |
| 1271 | unsigned char *out, |
| 1272 | size_t *outlen, |
| 1273 | const unsigned char *in, |
| 1274 | size_t inlen)) |
| 1275 | { |
| 1276 | if (pencrypt_init) |
| 1277 | *pencrypt_init = pmeth->encrypt_init; |
| 1278 | if (pencryptfn) |
| 1279 | *pencryptfn = pmeth->encrypt; |
| 1280 | } |
| 1281 | |
| 1282 | void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, |
| 1283 | int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), |
| 1284 | int (**pdecrypt) (EVP_PKEY_CTX *ctx, |
| 1285 | unsigned char *out, |
| 1286 | size_t *outlen, |
| 1287 | const unsigned char *in, |
| 1288 | size_t inlen)) |
| 1289 | { |
| 1290 | if (pdecrypt_init) |
| 1291 | *pdecrypt_init = pmeth->decrypt_init; |
| 1292 | if (pdecrypt) |
| 1293 | *pdecrypt = pmeth->decrypt; |
| 1294 | } |
| 1295 | |
| 1296 | void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, |
| 1297 | int (**pderive_init) (EVP_PKEY_CTX *ctx), |
| 1298 | int (**pderive) (EVP_PKEY_CTX *ctx, |
| 1299 | unsigned char *key, |
| 1300 | size_t *keylen)) |
| 1301 | { |
| 1302 | if (pderive_init) |
| 1303 | *pderive_init = pmeth->derive_init; |
| 1304 | if (pderive) |
| 1305 | *pderive = pmeth->derive; |
| 1306 | } |
| 1307 | |
| 1308 | void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, |
| 1309 | int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, |
| 1310 | void *p2), |
| 1311 | int (**pctrl_str) (EVP_PKEY_CTX *ctx, |
| 1312 | const char *type, |
| 1313 | const char *value)) |
| 1314 | { |
| 1315 | if (pctrl) |
| 1316 | *pctrl = pmeth->ctrl; |
| 1317 | if (pctrl_str) |
| 1318 | *pctrl_str = pmeth->ctrl_str; |
| 1319 | } |
| 1320 | |
| 1321 | void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, |
| 1322 | int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, |
| 1323 | const unsigned char *tbs, size_t tbslen)) |
| 1324 | { |
| 1325 | if (digestsign) |
| 1326 | *digestsign = pmeth->digestsign; |
| 1327 | } |
| 1328 | |
| 1329 | void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, |
| 1330 | int (**digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, |
| 1331 | size_t siglen, const unsigned char *tbs, |
| 1332 | size_t tbslen)) |
| 1333 | { |
| 1334 | if (digestverify) |
| 1335 | *digestverify = pmeth->digestverify; |
| 1336 | } |
| 1337 | |
| 1338 | void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, |
| 1339 | int (**pcheck) (EVP_PKEY *pkey)) |
| 1340 | { |
| 1341 | if (pcheck != NULL) |
| 1342 | *pcheck = pmeth->check; |
| 1343 | } |
| 1344 | |
| 1345 | void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, |
| 1346 | int (**pcheck) (EVP_PKEY *pkey)) |
| 1347 | { |
| 1348 | if (pcheck != NULL) |
| 1349 | *pcheck = pmeth->public_check; |
| 1350 | } |
| 1351 | |
| 1352 | void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, |
| 1353 | int (**pcheck) (EVP_PKEY *pkey)) |
| 1354 | { |
| 1355 | if (pcheck != NULL) |
| 1356 | *pcheck = pmeth->param_check; |
| 1357 | } |
| 1358 | |
| 1359 | void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, |
| 1360 | int (**pdigest_custom) (EVP_PKEY_CTX *ctx, |
| 1361 | EVP_MD_CTX *mctx)) |
| 1362 | { |
| 1363 | if (pdigest_custom != NULL) |
| 1364 | *pdigest_custom = pmeth->digest_custom; |
| 1365 | } |
| 1366 |
Generated on 2020-Jan-04 from project ClickHouse revision 19.17.6
Powered by 
Code Browser 2.1
Generator usage only permitted with license.