exchange.c 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598
  1. /*
  2. * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <openssl/crypto.h>
  10. #include <openssl/evp.h>
  11. #include <openssl/err.h>
  12. #include "internal/cryptlib.h"
  13. #include "internal/refcount.h"
  14. #include "internal/provider.h"
  15. #include "internal/core.h"
  16. #include "internal/numbers.h" /* includes SIZE_MAX */
  17. #include "crypto/evp.h"
  18. #include "evp_local.h"
  19. static EVP_KEYEXCH *evp_keyexch_new(OSSL_PROVIDER *prov)
  20. {
  21. EVP_KEYEXCH *exchange = OPENSSL_zalloc(sizeof(EVP_KEYEXCH));
  22. if (exchange == NULL)
  23. return NULL;
  24. if (!CRYPTO_NEW_REF(&exchange->refcnt, 1)) {
  25. OPENSSL_free(exchange);
  26. return NULL;
  27. }
  28. exchange->prov = prov;
  29. ossl_provider_up_ref(prov);
  30. return exchange;
  31. }
  32. static void *evp_keyexch_from_algorithm(int name_id,
  33. const OSSL_ALGORITHM *algodef,
  34. OSSL_PROVIDER *prov)
  35. {
  36. const OSSL_DISPATCH *fns = algodef->implementation;
  37. EVP_KEYEXCH *exchange = NULL;
  38. int fncnt = 0, sparamfncnt = 0, gparamfncnt = 0;
  39. if ((exchange = evp_keyexch_new(prov)) == NULL) {
  40. ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
  41. goto err;
  42. }
  43. exchange->name_id = name_id;
  44. if ((exchange->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL)
  45. goto err;
  46. exchange->description = algodef->algorithm_description;
  47. for (; fns->function_id != 0; fns++) {
  48. switch (fns->function_id) {
  49. case OSSL_FUNC_KEYEXCH_NEWCTX:
  50. if (exchange->newctx != NULL)
  51. break;
  52. exchange->newctx = OSSL_FUNC_keyexch_newctx(fns);
  53. fncnt++;
  54. break;
  55. case OSSL_FUNC_KEYEXCH_INIT:
  56. if (exchange->init != NULL)
  57. break;
  58. exchange->init = OSSL_FUNC_keyexch_init(fns);
  59. fncnt++;
  60. break;
  61. case OSSL_FUNC_KEYEXCH_SET_PEER:
  62. if (exchange->set_peer != NULL)
  63. break;
  64. exchange->set_peer = OSSL_FUNC_keyexch_set_peer(fns);
  65. break;
  66. case OSSL_FUNC_KEYEXCH_DERIVE:
  67. if (exchange->derive != NULL)
  68. break;
  69. exchange->derive = OSSL_FUNC_keyexch_derive(fns);
  70. fncnt++;
  71. break;
  72. case OSSL_FUNC_KEYEXCH_FREECTX:
  73. if (exchange->freectx != NULL)
  74. break;
  75. exchange->freectx = OSSL_FUNC_keyexch_freectx(fns);
  76. fncnt++;
  77. break;
  78. case OSSL_FUNC_KEYEXCH_DUPCTX:
  79. if (exchange->dupctx != NULL)
  80. break;
  81. exchange->dupctx = OSSL_FUNC_keyexch_dupctx(fns);
  82. break;
  83. case OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS:
  84. if (exchange->get_ctx_params != NULL)
  85. break;
  86. exchange->get_ctx_params = OSSL_FUNC_keyexch_get_ctx_params(fns);
  87. gparamfncnt++;
  88. break;
  89. case OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS:
  90. if (exchange->gettable_ctx_params != NULL)
  91. break;
  92. exchange->gettable_ctx_params
  93. = OSSL_FUNC_keyexch_gettable_ctx_params(fns);
  94. gparamfncnt++;
  95. break;
  96. case OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS:
  97. if (exchange->set_ctx_params != NULL)
  98. break;
  99. exchange->set_ctx_params = OSSL_FUNC_keyexch_set_ctx_params(fns);
  100. sparamfncnt++;
  101. break;
  102. case OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS:
  103. if (exchange->settable_ctx_params != NULL)
  104. break;
  105. exchange->settable_ctx_params
  106. = OSSL_FUNC_keyexch_settable_ctx_params(fns);
  107. sparamfncnt++;
  108. break;
  109. }
  110. }
  111. if (fncnt != 4
  112. || (gparamfncnt != 0 && gparamfncnt != 2)
  113. || (sparamfncnt != 0 && sparamfncnt != 2)) {
  114. /*
  115. * In order to be a consistent set of functions we must have at least
  116. * a complete set of "exchange" functions: init, derive, newctx,
  117. * and freectx. The set_ctx_params and settable_ctx_params functions are
  118. * optional, but if one of them is present then the other one must also
  119. * be present. Same goes for get_ctx_params and gettable_ctx_params.
  120. * The dupctx and set_peer functions are optional.
  121. */
  122. ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
  123. goto err;
  124. }
  125. return exchange;
  126. err:
  127. EVP_KEYEXCH_free(exchange);
  128. return NULL;
  129. }
  130. void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange)
  131. {
  132. int i;
  133. if (exchange == NULL)
  134. return;
  135. CRYPTO_DOWN_REF(&exchange->refcnt, &i);
  136. if (i > 0)
  137. return;
  138. OPENSSL_free(exchange->type_name);
  139. ossl_provider_free(exchange->prov);
  140. CRYPTO_FREE_REF(&exchange->refcnt);
  141. OPENSSL_free(exchange);
  142. }
  143. int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange)
  144. {
  145. int ref = 0;
  146. CRYPTO_UP_REF(&exchange->refcnt, &ref);
  147. return 1;
  148. }
  149. OSSL_PROVIDER *EVP_KEYEXCH_get0_provider(const EVP_KEYEXCH *exchange)
  150. {
  151. return exchange->prov;
  152. }
  153. EVP_KEYEXCH *EVP_KEYEXCH_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
  154. const char *properties)
  155. {
  156. return evp_generic_fetch(ctx, OSSL_OP_KEYEXCH, algorithm, properties,
  157. evp_keyexch_from_algorithm,
  158. (int (*)(void *))EVP_KEYEXCH_up_ref,
  159. (void (*)(void *))EVP_KEYEXCH_free);
  160. }
  161. EVP_KEYEXCH *evp_keyexch_fetch_from_prov(OSSL_PROVIDER *prov,
  162. const char *algorithm,
  163. const char *properties)
  164. {
  165. return evp_generic_fetch_from_prov(prov, OSSL_OP_KEYEXCH,
  166. algorithm, properties,
  167. evp_keyexch_from_algorithm,
  168. (int (*)(void *))EVP_KEYEXCH_up_ref,
  169. (void (*)(void *))EVP_KEYEXCH_free);
  170. }
  171. int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
  172. {
  173. return EVP_PKEY_derive_init_ex(ctx, NULL);
  174. }
  175. int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
  176. {
  177. int ret;
  178. void *provkey = NULL;
  179. EVP_KEYEXCH *exchange = NULL;
  180. EVP_KEYMGMT *tmp_keymgmt = NULL;
  181. const OSSL_PROVIDER *tmp_prov = NULL;
  182. const char *supported_exch = NULL;
  183. int iter;
  184. if (ctx == NULL) {
  185. ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
  186. return -2;
  187. }
  188. evp_pkey_ctx_free_old_ops(ctx);
  189. ctx->operation = EVP_PKEY_OP_DERIVE;
  190. ERR_set_mark();
  191. if (evp_pkey_ctx_is_legacy(ctx))
  192. goto legacy;
  193. /*
  194. * Some algorithms (e.g. legacy KDFs) don't have a pkey - so we create
  195. * a blank one.
  196. */
  197. if (ctx->pkey == NULL) {
  198. EVP_PKEY *pkey = EVP_PKEY_new();
  199. if (pkey == NULL
  200. || !EVP_PKEY_set_type_by_keymgmt(pkey, ctx->keymgmt)
  201. || (pkey->keydata = evp_keymgmt_newdata(ctx->keymgmt)) == NULL) {
  202. ERR_clear_last_mark();
  203. EVP_PKEY_free(pkey);
  204. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  205. goto err;
  206. }
  207. ctx->pkey = pkey;
  208. }
  209. /*
  210. * Try to derive the supported exch from |ctx->keymgmt|.
  211. */
  212. if (!ossl_assert(ctx->pkey->keymgmt == NULL
  213. || ctx->pkey->keymgmt == ctx->keymgmt)) {
  214. ERR_clear_last_mark();
  215. ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
  216. goto err;
  217. }
  218. supported_exch = evp_keymgmt_util_query_operation_name(ctx->keymgmt,
  219. OSSL_OP_KEYEXCH);
  220. if (supported_exch == NULL) {
  221. ERR_clear_last_mark();
  222. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  223. goto err;
  224. }
  225. /*
  226. * We perform two iterations:
  227. *
  228. * 1. Do the normal exchange fetch, using the fetching data given by
  229. * the EVP_PKEY_CTX.
  230. * 2. Do the provider specific exchange fetch, from the same provider
  231. * as |ctx->keymgmt|
  232. *
  233. * We then try to fetch the keymgmt from the same provider as the
  234. * exchange, and try to export |ctx->pkey| to that keymgmt (when
  235. * this keymgmt happens to be the same as |ctx->keymgmt|, the export
  236. * is a no-op, but we call it anyway to not complicate the code even
  237. * more).
  238. * If the export call succeeds (returns a non-NULL provider key pointer),
  239. * we're done and can perform the operation itself. If not, we perform
  240. * the second iteration, or jump to legacy.
  241. */
  242. for (iter = 1, provkey = NULL; iter < 3 && provkey == NULL; iter++) {
  243. EVP_KEYMGMT *tmp_keymgmt_tofree = NULL;
  244. /*
  245. * If we're on the second iteration, free the results from the first.
  246. * They are NULL on the first iteration, so no need to check what
  247. * iteration we're on.
  248. */
  249. EVP_KEYEXCH_free(exchange);
  250. EVP_KEYMGMT_free(tmp_keymgmt);
  251. switch (iter) {
  252. case 1:
  253. exchange =
  254. EVP_KEYEXCH_fetch(ctx->libctx, supported_exch, ctx->propquery);
  255. if (exchange != NULL)
  256. tmp_prov = EVP_KEYEXCH_get0_provider(exchange);
  257. break;
  258. case 2:
  259. tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt);
  260. exchange =
  261. evp_keyexch_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
  262. supported_exch, ctx->propquery);
  263. if (exchange == NULL)
  264. goto legacy;
  265. break;
  266. }
  267. if (exchange == NULL)
  268. continue;
  269. /*
  270. * Ensure that the key is provided, either natively, or as a cached
  271. * export. We start by fetching the keymgmt with the same name as
  272. * |ctx->keymgmt|, but from the provider of the exchange method, using
  273. * the same property query as when fetching the exchange method.
  274. * With the keymgmt we found (if we did), we try to export |ctx->pkey|
  275. * to it (evp_pkey_export_to_provider() is smart enough to only actually
  276. * export it if |tmp_keymgmt| is different from |ctx->pkey|'s keymgmt)
  277. */
  278. tmp_keymgmt_tofree = tmp_keymgmt =
  279. evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
  280. EVP_KEYMGMT_get0_name(ctx->keymgmt),
  281. ctx->propquery);
  282. if (tmp_keymgmt != NULL)
  283. provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
  284. &tmp_keymgmt, ctx->propquery);
  285. if (tmp_keymgmt == NULL)
  286. EVP_KEYMGMT_free(tmp_keymgmt_tofree);
  287. }
  288. if (provkey == NULL) {
  289. EVP_KEYEXCH_free(exchange);
  290. goto legacy;
  291. }
  292. ERR_pop_to_mark();
  293. /* No more legacy from here down to legacy: */
  294. /* A Coverity false positive with up_ref/down_ref and free */
  295. /* coverity[use_after_free] */
  296. ctx->op.kex.exchange = exchange;
  297. /* A Coverity false positive with up_ref/down_ref and free */
  298. /* coverity[deref_arg] */
  299. ctx->op.kex.algctx = exchange->newctx(ossl_provider_ctx(exchange->prov));
  300. if (ctx->op.kex.algctx == NULL) {
  301. /* The provider key can stay in the cache */
  302. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  303. goto err;
  304. }
  305. ret = exchange->init(ctx->op.kex.algctx, provkey, params);
  306. EVP_KEYMGMT_free(tmp_keymgmt);
  307. return ret ? 1 : 0;
  308. err:
  309. evp_pkey_ctx_free_old_ops(ctx);
  310. ctx->operation = EVP_PKEY_OP_UNDEFINED;
  311. EVP_KEYMGMT_free(tmp_keymgmt);
  312. return 0;
  313. legacy:
  314. /*
  315. * If we don't have the full support we need with provided methods,
  316. * let's go see if legacy does.
  317. */
  318. ERR_pop_to_mark();
  319. #ifdef FIPS_MODULE
  320. return 0;
  321. #else
  322. if (ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
  323. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  324. return -2;
  325. }
  326. if (ctx->pmeth->derive_init == NULL)
  327. return 1;
  328. ret = ctx->pmeth->derive_init(ctx);
  329. if (ret <= 0)
  330. ctx->operation = EVP_PKEY_OP_UNDEFINED;
  331. EVP_KEYMGMT_free(tmp_keymgmt);
  332. return ret;
  333. #endif
  334. }
  335. int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer,
  336. int validate_peer)
  337. {
  338. int ret = 0, check;
  339. void *provkey = NULL;
  340. EVP_PKEY_CTX *check_ctx = NULL;
  341. EVP_KEYMGMT *tmp_keymgmt = NULL, *tmp_keymgmt_tofree = NULL;
  342. if (ctx == NULL) {
  343. ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
  344. return -1;
  345. }
  346. if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx) || ctx->op.kex.algctx == NULL)
  347. goto legacy;
  348. if (ctx->op.kex.exchange->set_peer == NULL) {
  349. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  350. return -2;
  351. }
  352. if (validate_peer) {
  353. check_ctx = EVP_PKEY_CTX_new_from_pkey(ctx->libctx, peer, ctx->propquery);
  354. if (check_ctx == NULL)
  355. return -1;
  356. check = EVP_PKEY_public_check(check_ctx);
  357. EVP_PKEY_CTX_free(check_ctx);
  358. if (check <= 0)
  359. return -1;
  360. }
  361. /*
  362. * Ensure that the |peer| is provided, either natively, or as a cached
  363. * export. We start by fetching the keymgmt with the same name as
  364. * |ctx->keymgmt|, but from the provider of the exchange method, using
  365. * the same property query as when fetching the exchange method.
  366. * With the keymgmt we found (if we did), we try to export |peer|
  367. * to it (evp_pkey_export_to_provider() is smart enough to only actually
  368. * export it if |tmp_keymgmt| is different from |peer|'s keymgmt)
  369. */
  370. tmp_keymgmt_tofree = tmp_keymgmt =
  371. evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)
  372. EVP_KEYEXCH_get0_provider(ctx->op.kex.exchange),
  373. EVP_KEYMGMT_get0_name(ctx->keymgmt),
  374. ctx->propquery);
  375. if (tmp_keymgmt != NULL)
  376. /* A Coverity issue with up_ref/down_ref and free */
  377. /* coverity[pass_freed_arg] */
  378. provkey = evp_pkey_export_to_provider(peer, ctx->libctx,
  379. &tmp_keymgmt, ctx->propquery);
  380. EVP_KEYMGMT_free(tmp_keymgmt_tofree);
  381. /*
  382. * If making the key provided wasn't possible, legacy may be able to pick
  383. * it up
  384. */
  385. if (provkey == NULL)
  386. goto legacy;
  387. return ctx->op.kex.exchange->set_peer(ctx->op.kex.algctx, provkey);
  388. legacy:
  389. #ifdef FIPS_MODULE
  390. return ret;
  391. #else
  392. if (ctx->pmeth == NULL
  393. || !(ctx->pmeth->derive != NULL
  394. || ctx->pmeth->encrypt != NULL
  395. || ctx->pmeth->decrypt != NULL)
  396. || ctx->pmeth->ctrl == NULL) {
  397. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  398. return -2;
  399. }
  400. if (ctx->operation != EVP_PKEY_OP_DERIVE
  401. && ctx->operation != EVP_PKEY_OP_ENCRYPT
  402. && ctx->operation != EVP_PKEY_OP_DECRYPT) {
  403. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
  404. return -1;
  405. }
  406. ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);
  407. if (ret <= 0)
  408. return ret;
  409. if (ret == 2)
  410. return 1;
  411. if (ctx->pkey == NULL) {
  412. ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
  413. return -1;
  414. }
  415. if (ctx->pkey->type != peer->type) {
  416. ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_KEY_TYPES);
  417. return -1;
  418. }
  419. /*
  420. * For clarity. The error is if parameters in peer are
  421. * present (!missing) but don't match. EVP_PKEY_parameters_eq may return
  422. * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1
  423. * (different key types) is impossible here because it is checked earlier.
  424. * -2 is OK for us here, as well as 1, so we can check for 0 only.
  425. */
  426. if (!EVP_PKEY_missing_parameters(peer) &&
  427. !EVP_PKEY_parameters_eq(ctx->pkey, peer)) {
  428. ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_PARAMETERS);
  429. return -1;
  430. }
  431. EVP_PKEY_free(ctx->peerkey);
  432. ctx->peerkey = peer;
  433. ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
  434. if (ret <= 0) {
  435. ctx->peerkey = NULL;
  436. return ret;
  437. }
  438. EVP_PKEY_up_ref(peer);
  439. return 1;
  440. #endif
  441. }
  442. int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
  443. {
  444. return EVP_PKEY_derive_set_peer_ex(ctx, peer, 1);
  445. }
  446. int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
  447. {
  448. int ret;
  449. if (ctx == NULL || pkeylen == NULL) {
  450. ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
  451. return -1;
  452. }
  453. if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
  454. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
  455. return -1;
  456. }
  457. if (ctx->op.kex.algctx == NULL)
  458. goto legacy;
  459. ret = ctx->op.kex.exchange->derive(ctx->op.kex.algctx, key, pkeylen,
  460. key != NULL ? *pkeylen : 0);
  461. return ret;
  462. legacy:
  463. if (ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
  464. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  465. return -2;
  466. }
  467. M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
  468. return ctx->pmeth->derive(ctx, key, pkeylen);
  469. }
  470. int evp_keyexch_get_number(const EVP_KEYEXCH *keyexch)
  471. {
  472. return keyexch->name_id;
  473. }
  474. const char *EVP_KEYEXCH_get0_name(const EVP_KEYEXCH *keyexch)
  475. {
  476. return keyexch->type_name;
  477. }
  478. const char *EVP_KEYEXCH_get0_description(const EVP_KEYEXCH *keyexch)
  479. {
  480. return keyexch->description;
  481. }
  482. int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *keyexch, const char *name)
  483. {
  484. return keyexch != NULL
  485. && evp_is_a(keyexch->prov, keyexch->name_id, NULL, name);
  486. }
  487. void EVP_KEYEXCH_do_all_provided(OSSL_LIB_CTX *libctx,
  488. void (*fn)(EVP_KEYEXCH *keyexch, void *arg),
  489. void *arg)
  490. {
  491. evp_generic_do_all(libctx, OSSL_OP_KEYEXCH,
  492. (void (*)(void *, void *))fn, arg,
  493. evp_keyexch_from_algorithm,
  494. (int (*)(void *))EVP_KEYEXCH_up_ref,
  495. (void (*)(void *))EVP_KEYEXCH_free);
  496. }
  497. int EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *keyexch,
  498. void (*fn)(const char *name, void *data),
  499. void *data)
  500. {
  501. if (keyexch->prov != NULL)
  502. return evp_names_do_all(keyexch->prov, keyexch->name_id, fn, data);
  503. return 1;
  504. }
  505. const OSSL_PARAM *EVP_KEYEXCH_gettable_ctx_params(const EVP_KEYEXCH *keyexch)
  506. {
  507. void *provctx;
  508. if (keyexch == NULL || keyexch->gettable_ctx_params == NULL)
  509. return NULL;
  510. provctx = ossl_provider_ctx(EVP_KEYEXCH_get0_provider(keyexch));
  511. return keyexch->gettable_ctx_params(NULL, provctx);
  512. }
  513. const OSSL_PARAM *EVP_KEYEXCH_settable_ctx_params(const EVP_KEYEXCH *keyexch)
  514. {
  515. void *provctx;
  516. if (keyexch == NULL || keyexch->settable_ctx_params == NULL)
  517. return NULL;
  518. provctx = ossl_provider_ctx(EVP_KEYEXCH_get0_provider(keyexch));
  519. return keyexch->settable_ctx_params(NULL, provctx);
  520. }