/src/openssl/crypto/evp/pmeth_gn.c

Source
/*
 * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <stdlib.h>
#include <openssl/core.h>
#include <openssl/core_names.h>
#include "internal/cryptlib.h"
#include "internal/core.h"
#include "internal/common.h"
#include <openssl/objects.h>
#include <openssl/evp.h>
#include "crypto/bn.h"
#ifndef FIPS_MODULE
#include "crypto/asn1.h"
#endif
#include "crypto/evp.h"
#include "evp_local.h"

static int gen_init(EVP_PKEY_CTX *ctx, int operation)
{
    int ret = 0;

    if (ctx == NULL)
        goto not_supported;

    evp_pkey_ctx_free_old_ops(ctx);
    ctx->operation = operation;

    if (ctx->keymgmt == NULL || ctx->keymgmt->gen_init == NULL)
        goto not_supported;

    switch (operation) {
    case EVP_PKEY_OP_PARAMGEN:
        ctx->op.keymgmt.genctx = evp_keymgmt_gen_init(ctx->keymgmt,
            OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, NULL);
        break;
    case EVP_PKEY_OP_KEYGEN:
        ctx->op.keymgmt.genctx = evp_keymgmt_gen_init(ctx->keymgmt, OSSL_KEYMGMT_SELECT_KEYPAIR,
            NULL);
        break;
    }

    if (ctx->op.keymgmt.genctx == NULL)
        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
    else
        ret = 1;
    goto end;

end:
    if (ret <= 0 && ctx != NULL) {
        evp_pkey_ctx_free_old_ops(ctx);
        ctx->operation = EVP_PKEY_OP_UNDEFINED;
    }
    return ret;

not_supported:
    ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
    ret = -2;
    goto end;
}

int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
{
    return gen_init(ctx, EVP_PKEY_OP_PARAMGEN);
}

int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx)
{
    return gen_init(ctx, EVP_PKEY_OP_KEYGEN);
}

static int ossl_callback_to_pkey_gencb(const OSSL_PARAM params[], void *arg)
{
    EVP_PKEY_CTX *ctx = arg;
    const OSSL_PARAM *param = NULL;
    int p = -1, n = -1;

    if (ctx->pkey_gencb == NULL)
        return 1; /* No callback?  That's fine */

    if ((param = OSSL_PARAM_locate_const(params, OSSL_GEN_PARAM_POTENTIAL))
            == NULL
        || !OSSL_PARAM_get_int(param, &p))
        return 0;
    if ((param = OSSL_PARAM_locate_const(params, OSSL_GEN_PARAM_ITERATION))
            == NULL
        || !OSSL_PARAM_get_int(param, &n))
        return 0;

    ctx->keygen_info[0] = p;
    ctx->keygen_info[1] = n;

    return ctx->pkey_gencb(ctx);
}

int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
{
    int ret = 0;
    EVP_PKEY *allocated_pkey = NULL;
    /* Legacy compatible keygen callback info, only used with provider impls */
    int gentmp[2];

    if (ppkey == NULL)
        return -1;

    if (ctx == NULL)
        goto not_supported;

    if ((ctx->operation & EVP_PKEY_OP_TYPE_GEN) == 0)
        goto not_initialized;

    if (*ppkey == NULL)
        *ppkey = allocated_pkey = EVP_PKEY_new();

    if (*ppkey == NULL) {
        ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
        return -1;
    }

    if (ctx->op.keymgmt.genctx == NULL)
        goto not_supported;

    /*
     * Assigning gentmp to ctx->keygen_info is something our legacy
     * implementations do.  Because the provider implementations aren't
     * allowed to reach into our EVP_PKEY_CTX, we need to provide similar
     * space for backward compatibility.  It's ok that we attach a local
     * variable, as it should only be useful in the calls down from here.
     * This is cleared as soon as it isn't useful any more, i.e. directly
     * after the evp_keymgmt_util_gen() call.
     */
    ctx->keygen_info = gentmp;
    ctx->keygen_info_count = 2;

    ret = 1;
    if (ctx->pkey != NULL) {
        EVP_KEYMGMT *tmp_keymgmt = ctx->keymgmt;
        void *keydata = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
            &tmp_keymgmt, ctx->propquery);

        if (tmp_keymgmt == NULL)
            goto not_supported;
        /*
         * It's ok if keydata is NULL here.  The backend is expected to deal
         * with that as it sees fit.
         */
        ret = evp_keymgmt_gen_set_template(ctx->keymgmt,
            ctx->op.keymgmt.genctx, keydata);
    }

    /*
     * the returned value from evp_keymgmt_util_gen() is cached in *ppkey,
     * so we do not need to save it, just check it.
     */
    ret = ret
        && (evp_keymgmt_util_gen(*ppkey, ctx->keymgmt, ctx->op.keymgmt.genctx,
                ossl_callback_to_pkey_gencb, ctx)
            != NULL);

    ctx->keygen_info = NULL;

#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_DEPRECATED_3_6)
    /* In case |*ppkey| was originally a legacy key */
    if (ret)
        evp_pkey_free_legacy(*ppkey);
#endif

    /*
     * Because we still have legacy keys
     */
    (*ppkey)->type = ctx->legacy_keytype;

    goto end;

end:
    if (ret <= 0) {
        if (allocated_pkey != NULL)
            *ppkey = NULL;
        EVP_PKEY_free(allocated_pkey);
    }
    return ret;

not_supported:
    ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
    ret = -2;
    goto end;
not_initialized:
    ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
    ret = -1;
    goto end;
}

int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
{
    if (ctx->operation != EVP_PKEY_OP_PARAMGEN) {
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
        return -1;
    }
    return EVP_PKEY_generate(ctx, ppkey);
}

int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
{
    if (ctx->operation != EVP_PKEY_OP_KEYGEN) {
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
        return -1;
    }
    return EVP_PKEY_generate(ctx, ppkey);
}

void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb)
{
    ctx->pkey_gencb = cb;
}

EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx)
{
    return ctx->pkey_gencb;
}

/*
 * "translation callback" to call EVP_PKEY_CTX callbacks using BN_GENCB style
 * callbacks.
 */

static int trans_cb(int a, int b, BN_GENCB *gcb)
{
    EVP_PKEY_CTX *ctx = BN_GENCB_get_arg(gcb);
    ctx->keygen_info[0] = a;
    ctx->keygen_info[1] = b;
    return ctx->pkey_gencb(ctx);
}

void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx)
{
    BN_GENCB_set(cb, trans_cb, ctx);
}

int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx)
{
    if (idx == -1)
        return ctx->keygen_info_count;
    if (idx < 0 || idx > ctx->keygen_info_count)
        return 0;
    return ctx->keygen_info[idx];
}

#ifndef FIPS_MODULE

EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
    const unsigned char *key, int keylen)
{
    EVP_PKEY_CTX *mac_ctx = NULL;
    EVP_PKEY *mac_key = NULL;

    if (!ossl_assert(e == NULL))
        return NULL;
    mac_ctx = EVP_PKEY_CTX_new_id(type, NULL);
    if (!mac_ctx)
        return NULL;
    if (EVP_PKEY_keygen_init(mac_ctx) <= 0)
        goto merr;
    if (EVP_PKEY_CTX_set_mac_key(mac_ctx, key, keylen) <= 0)
        goto merr;
    if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0)
        goto merr;
merr:
    EVP_PKEY_CTX_free(mac_ctx);
    return mac_key;
}

#endif /* FIPS_MODULE */

/*- All methods below can also be used in FIPS_MODULE */

static int fromdata_init(EVP_PKEY_CTX *ctx, int operation)
{
    if (ctx == NULL || ctx->keytype == NULL)
        goto not_supported;

    evp_pkey_ctx_free_old_ops(ctx);
    if (ctx->keymgmt == NULL)
        goto not_supported;

    ctx->operation = operation;
    return 1;

not_supported:
    if (ctx != NULL)
        ctx->operation = EVP_PKEY_OP_UNDEFINED;
    ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
    return -2;
}

int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx)
{
    return fromdata_init(ctx, EVP_PKEY_OP_FROMDATA);
}

int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection,
    OSSL_PARAM params[])
{
    void *keydata = NULL;
    EVP_PKEY *allocated_pkey = NULL;

    if (ctx == NULL || (ctx->operation & EVP_PKEY_OP_FROMDATA) == 0) {
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
        return -2;
    }

    if (ppkey == NULL)
        return -1;

    if (*ppkey == NULL)
        allocated_pkey = *ppkey = EVP_PKEY_new();

    if (*ppkey == NULL) {
        ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
        return -1;
    }

    keydata = evp_keymgmt_util_fromdata(*ppkey, ctx->keymgmt, selection, params);
    if (keydata == NULL) {
        if (allocated_pkey != NULL) {
            *ppkey = NULL;
            EVP_PKEY_free(allocated_pkey);
        }
        return 0;
    }
    /* keydata is cached in *ppkey, so we need not bother with it further */
    return 1;
}

const OSSL_PARAM *EVP_PKEY_fromdata_settable(EVP_PKEY_CTX *ctx, int selection)
{
    /* We call fromdata_init to get ctx->keymgmt populated */
    if (fromdata_init(ctx, EVP_PKEY_OP_UNDEFINED) == 1)
        return evp_keymgmt_import_types(ctx->keymgmt, selection);
    return NULL;
}

static OSSL_CALLBACK ossl_pkey_todata_cb;

static int ossl_pkey_todata_cb(const OSSL_PARAM params[], void *arg)
{
    OSSL_PARAM **ret = arg;

    *ret = OSSL_PARAM_dup(params);
    return 1;
}

int EVP_PKEY_todata(const EVP_PKEY *pkey, int selection, OSSL_PARAM **params)
{
    if (params == NULL)
        return 0;
    return EVP_PKEY_export(pkey, selection, ossl_pkey_todata_cb, params);
}

#ifndef FIPS_MODULE
struct fake_import_data_st {
    OSSL_CALLBACK *export_cb;
    void *export_cbarg;
};

static OSSL_FUNC_keymgmt_import_fn pkey_fake_import;
static int pkey_fake_import(void *fake_keydata, int ignored_selection,
    const OSSL_PARAM params[])
{
    struct fake_import_data_st *data = fake_keydata;

    return data->export_cb(params, data->export_cbarg);
}
#endif

int EVP_PKEY_export(const EVP_PKEY *pkey, int selection,
    OSSL_CALLBACK *export_cb, void *export_cbarg)
{
    if (pkey == NULL) {
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
        return 0;
    }
#ifndef FIPS_MODULE
    if (evp_pkey_is_legacy(pkey)) {
        struct fake_import_data_st data;

        data.export_cb = export_cb;
        data.export_cbarg = export_cbarg;

        /*
         * We don't need to care about libctx or propq here, as we're only
         * interested in the resulting OSSL_PARAM array.
         */
        return pkey->ameth->export_to(pkey, &data, pkey_fake_import,
            NULL, NULL);
    }
#endif
    return evp_keymgmt_util_export(pkey, selection, export_cb, export_cbarg);
}

Coverage Report

Created: 2026-01-09 07:00

Line	Count	Source
1		/*
2		* Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <stdio.h>
11		#include <stdlib.h>
12		#include <openssl/core.h>
13		#include <openssl/core_names.h>
14		#include "internal/cryptlib.h"
15		#include "internal/core.h"
16		#include "internal/common.h"
17		#include <openssl/objects.h>
18		#include <openssl/evp.h>
19		#include "crypto/bn.h"
20		#ifndef FIPS_MODULE
21		#include "crypto/asn1.h"
22		#endif
23		#include "crypto/evp.h"
24		#include "evp_local.h"
25
26		static int gen_init(EVP_PKEY_CTX *ctx, int operation)
27	0	{
28	0	int ret = 0;
29
30	0	if (ctx == NULL)
31	0	goto not_supported;
32
33	0	evp_pkey_ctx_free_old_ops(ctx);
34	0	ctx->operation = operation;
35
36	0	if (ctx->keymgmt == NULL \|\| ctx->keymgmt->gen_init == NULL)
37	0	goto not_supported;
38
39	0	switch (operation) {
40	0	case EVP_PKEY_OP_PARAMGEN:
41	0	ctx->op.keymgmt.genctx = evp_keymgmt_gen_init(ctx->keymgmt,
42	0	OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, NULL);
43	0	break;
44	0	case EVP_PKEY_OP_KEYGEN:
45	0	ctx->op.keymgmt.genctx = evp_keymgmt_gen_init(ctx->keymgmt, OSSL_KEYMGMT_SELECT_KEYPAIR,
46	0	NULL);
47	0	break;
48	0	}
49
50	0	if (ctx->op.keymgmt.genctx == NULL)
51	0	ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
52	0	else
53	0	ret = 1;
54	0	goto end;
55
56	0	end:
57	0	if (ret <= 0 && ctx != NULL) {
58	0	evp_pkey_ctx_free_old_ops(ctx);
59	0	ctx->operation = EVP_PKEY_OP_UNDEFINED;
60	0	}
61	0	return ret;
62
63	0	not_supported:
64	0	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
65	0	ret = -2;
66	0	goto end;
67	0	}
68
69		int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
70	0	{
71	0	return gen_init(ctx, EVP_PKEY_OP_PARAMGEN);
72	0	}
73
74		int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx)
75	0	{
76	0	return gen_init(ctx, EVP_PKEY_OP_KEYGEN);
77	0	}
78
79		static int ossl_callback_to_pkey_gencb(const OSSL_PARAM params[], void *arg)
80	0	{
81	0	EVP_PKEY_CTX *ctx = arg;
82	0	const OSSL_PARAM *param = NULL;
83	0	int p = -1, n = -1;
84
85	0	if (ctx->pkey_gencb == NULL)
86	0	return 1; /* No callback? That's fine */
87
88	0	if ((param = OSSL_PARAM_locate_const(params, OSSL_GEN_PARAM_POTENTIAL))
89	0	== NULL
90	0	\|\| !OSSL_PARAM_get_int(param, &p))
91	0	return 0;
92	0	if ((param = OSSL_PARAM_locate_const(params, OSSL_GEN_PARAM_ITERATION))
93	0	== NULL
94	0	\|\| !OSSL_PARAM_get_int(param, &n))
95	0	return 0;
96
97	0	ctx->keygen_info[0] = p;
98	0	ctx->keygen_info[1] = n;
99
100	0	return ctx->pkey_gencb(ctx);
101	0	}
102
103		int EVP_PKEY_generate(EVP_PKEY_CTX ctx, EVP_PKEY *ppkey)
104	0	{
105	0	int ret = 0;
106	0	EVP_PKEY *allocated_pkey = NULL;
107		/* Legacy compatible keygen callback info, only used with provider impls */
108	0	int gentmp[2];
109
110	0	if (ppkey == NULL)
111	0	return -1;
112
113	0	if (ctx == NULL)
114	0	goto not_supported;
115
116	0	if ((ctx->operation & EVP_PKEY_OP_TYPE_GEN) == 0)
117	0	goto not_initialized;
118
119	0	if (*ppkey == NULL)
120	0	*ppkey = allocated_pkey = EVP_PKEY_new();
121
122	0	if (*ppkey == NULL) {
123	0	ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
124	0	return -1;
125	0	}
126
127	0	if (ctx->op.keymgmt.genctx == NULL)
128	0	goto not_supported;
129
130		/*
131		* Assigning gentmp to ctx->keygen_info is something our legacy
132		* implementations do. Because the provider implementations aren't
133		* allowed to reach into our EVP_PKEY_CTX, we need to provide similar
134		* space for backward compatibility. It's ok that we attach a local
135		* variable, as it should only be useful in the calls down from here.
136		* This is cleared as soon as it isn't useful any more, i.e. directly
137		* after the evp_keymgmt_util_gen() call.
138		*/
139	0	ctx->keygen_info = gentmp;
140	0	ctx->keygen_info_count = 2;
141
142	0	ret = 1;
143	0	if (ctx->pkey != NULL) {
144	0	EVP_KEYMGMT *tmp_keymgmt = ctx->keymgmt;
145	0	void *keydata = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
146	0	&tmp_keymgmt, ctx->propquery);
147
148	0	if (tmp_keymgmt == NULL)
149	0	goto not_supported;
150		/*
151		* It's ok if keydata is NULL here. The backend is expected to deal
152		* with that as it sees fit.
153		*/
154	0	ret = evp_keymgmt_gen_set_template(ctx->keymgmt,
155	0	ctx->op.keymgmt.genctx, keydata);
156	0	}
157
158		/*
159		* the returned value from evp_keymgmt_util_gen() is cached in *ppkey,
160		* so we do not need to save it, just check it.
161		*/
162	0	ret = ret
163	0	&& (evp_keymgmt_util_gen(*ppkey, ctx->keymgmt, ctx->op.keymgmt.genctx,
164	0	ossl_callback_to_pkey_gencb, ctx)
165	0	!= NULL);
166
167	0	ctx->keygen_info = NULL;
168
169	0	#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_DEPRECATED_3_6)
170		/* In case \|ppkey\| was originally a legacy key /
171	0	if (ret)
172	0	evp_pkey_free_legacy(*ppkey);
173	0	#endif
174
175		/*
176		* Because we still have legacy keys
177		*/
178	0	(*ppkey)->type = ctx->legacy_keytype;
179
180	0	goto end;
181
182	0	end:
183	0	if (ret <= 0) {
184	0	if (allocated_pkey != NULL)
185	0	*ppkey = NULL;
186	0	EVP_PKEY_free(allocated_pkey);
187	0	}
188	0	return ret;
189
190	0	not_supported:
191	0	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
192	0	ret = -2;
193	0	goto end;
194	0	not_initialized:
195	0	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
196	0	ret = -1;
197	0	goto end;
198	0	}
199
200		int EVP_PKEY_paramgen(EVP_PKEY_CTX ctx, EVP_PKEY *ppkey)
201	0	{
202	0	if (ctx->operation != EVP_PKEY_OP_PARAMGEN) {
203	0	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
204	0	return -1;
205	0	}
206	0	return EVP_PKEY_generate(ctx, ppkey);
207	0	}
208
209		int EVP_PKEY_keygen(EVP_PKEY_CTX ctx, EVP_PKEY *ppkey)
210	0	{
211	0	if (ctx->operation != EVP_PKEY_OP_KEYGEN) {
212	0	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
213	0	return -1;
214	0	}
215	0	return EVP_PKEY_generate(ctx, ppkey);
216	0	}
217
218		void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX ctx, EVP_PKEY_gen_cb cb)
219	0	{
220	0	ctx->pkey_gencb = cb;
221	0	}
222
223		EVP_PKEY_gen_cb EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX ctx)
224	0	{
225	0	return ctx->pkey_gencb;
226	0	}
227
228		/*
229		* "translation callback" to call EVP_PKEY_CTX callbacks using BN_GENCB style
230		* callbacks.
231		*/
232
233		static int trans_cb(int a, int b, BN_GENCB *gcb)
234	0	{
235	0	EVP_PKEY_CTX *ctx = BN_GENCB_get_arg(gcb);
236	0	ctx->keygen_info[0] = a;
237	0	ctx->keygen_info[1] = b;
238	0	return ctx->pkey_gencb(ctx);
239	0	}
240
241		void evp_pkey_set_cb_translate(BN_GENCB cb, EVP_PKEY_CTX ctx)
242	0	{
243	0	BN_GENCB_set(cb, trans_cb, ctx);
244	0	}
245
246		int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx)
247	0	{
248	0	if (idx == -1)
249	0	return ctx->keygen_info_count;
250	0	if (idx < 0 \|\| idx > ctx->keygen_info_count)
251	0	return 0;
252	0	return ctx->keygen_info[idx];
253	0	}
254
255		#ifndef FIPS_MODULE
256
257		EVP_PKEY EVP_PKEY_new_mac_key(int type, ENGINE e,
258		const unsigned char *key, int keylen)
259	0	{
260	0	EVP_PKEY_CTX *mac_ctx = NULL;
261	0	EVP_PKEY *mac_key = NULL;
262
263	0	if (!ossl_assert(e == NULL))
264	0	return NULL;
265	0	mac_ctx = EVP_PKEY_CTX_new_id(type, NULL);
266	0	if (!mac_ctx)
267	0	return NULL;
268	0	if (EVP_PKEY_keygen_init(mac_ctx) <= 0)
269	0	goto merr;
270	0	if (EVP_PKEY_CTX_set_mac_key(mac_ctx, key, keylen) <= 0)
271	0	goto merr;
272	0	if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0)
273	0	goto merr;
274	0	merr:
275	0	EVP_PKEY_CTX_free(mac_ctx);
276	0	return mac_key;
277	0	}
278
279		#endif /* FIPS_MODULE */
280
281		/- All methods below can also be used in FIPS_MODULE /
282
283		static int fromdata_init(EVP_PKEY_CTX *ctx, int operation)
284	0	{
285	0	if (ctx == NULL \|\| ctx->keytype == NULL)
286	0	goto not_supported;
287
288	0	evp_pkey_ctx_free_old_ops(ctx);
289	0	if (ctx->keymgmt == NULL)
290	0	goto not_supported;
291
292	0	ctx->operation = operation;
293	0	return 1;
294
295	0	not_supported:
296	0	if (ctx != NULL)
297	0	ctx->operation = EVP_PKEY_OP_UNDEFINED;
298	0	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
299	0	return -2;
300	0	}
301
302		int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx)
303	0	{
304	0	return fromdata_init(ctx, EVP_PKEY_OP_FROMDATA);
305	0	}
306
307		int EVP_PKEY_fromdata(EVP_PKEY_CTX ctx, EVP_PKEY *ppkey, int selection,
308		OSSL_PARAM params[])
309	0	{
310	0	void *keydata = NULL;
311	0	EVP_PKEY *allocated_pkey = NULL;
312
313	0	if (ctx == NULL \|\| (ctx->operation & EVP_PKEY_OP_FROMDATA) == 0) {
314	0	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
315	0	return -2;
316	0	}
317
318	0	if (ppkey == NULL)
319	0	return -1;
320
321	0	if (*ppkey == NULL)
322	0	allocated_pkey = *ppkey = EVP_PKEY_new();
323
324	0	if (*ppkey == NULL) {
325	0	ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
326	0	return -1;
327	0	}
328
329	0	keydata = evp_keymgmt_util_fromdata(*ppkey, ctx->keymgmt, selection, params);
330	0	if (keydata == NULL) {
331	0	if (allocated_pkey != NULL) {
332	0	*ppkey = NULL;
333	0	EVP_PKEY_free(allocated_pkey);
334	0	}
335	0	return 0;
336	0	}
337		/* keydata is cached in ppkey, so we need not bother with it further /
338	0	return 1;
339	0	}
340
341		const OSSL_PARAM EVP_PKEY_fromdata_settable(EVP_PKEY_CTX ctx, int selection)
342	0	{
343		/* We call fromdata_init to get ctx->keymgmt populated */
344	0	if (fromdata_init(ctx, EVP_PKEY_OP_UNDEFINED) == 1)
345	0	return evp_keymgmt_import_types(ctx->keymgmt, selection);
346	0	return NULL;
347	0	}
348
349		static OSSL_CALLBACK ossl_pkey_todata_cb;
350
351		static int ossl_pkey_todata_cb(const OSSL_PARAM params[], void *arg)
352	0	{
353	0	OSSL_PARAM **ret = arg;
354
355	0	*ret = OSSL_PARAM_dup(params);
356	0	return 1;
357	0	}
358
359		int EVP_PKEY_todata(const EVP_PKEY pkey, int selection, OSSL_PARAM *params)
360	0	{
361	0	if (params == NULL)
362	0	return 0;
363	0	return EVP_PKEY_export(pkey, selection, ossl_pkey_todata_cb, params);
364	0	}
365
366		#ifndef FIPS_MODULE
367		struct fake_import_data_st {
368		OSSL_CALLBACK *export_cb;
369		void *export_cbarg;
370		};
371
372		static OSSL_FUNC_keymgmt_import_fn pkey_fake_import;
373		static int pkey_fake_import(void *fake_keydata, int ignored_selection,
374		const OSSL_PARAM params[])
375	0	{
376	0	struct fake_import_data_st *data = fake_keydata;
377
378	0	return data->export_cb(params, data->export_cbarg);
379	0	}
380		#endif
381
382		int EVP_PKEY_export(const EVP_PKEY *pkey, int selection,
383		OSSL_CALLBACK export_cb, void export_cbarg)
384	0	{
385	0	if (pkey == NULL) {
386	0	ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
387	0	return 0;
388	0	}
389	0	#ifndef FIPS_MODULE
390	0	if (evp_pkey_is_legacy(pkey)) {
391	0	struct fake_import_data_st data;
392
393	0	data.export_cb = export_cb;
394	0	data.export_cbarg = export_cbarg;
395
396		/*
397		* We don't need to care about libctx or propq here, as we're only
398		* interested in the resulting OSSL_PARAM array.
399		*/
400	0	return pkey->ameth->export_to(pkey, &data, pkey_fake_import,
401	0	NULL, NULL);
402	0	}
403	0	#endif
404	0	return evp_keymgmt_util_export(pkey, selection, export_cb, export_cbarg);
405	0	}