kris
/
boringssl
1
0
Форкнуть 0
Код Задачи 0 Pull Request'ы 0 Релизы 0 Вики Активность
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
1564 коммитов
12 Ветки
38 MiB
 
 
 
 
 
 
Дерево: 396a441421
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из '396a441421'
${ noResults }
boringssl/crypto/evp/evp_ctx.c

496 строки
14 KiB
Исходник Вина История 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #include <openssl/evp.h>

  58. 

  59. #include <stdio.h>

  60. #include <string.h>

  61. 

  62. #include <openssl/err.h>

  63. #include <openssl/mem.h>

  64. #include <openssl/obj.h>

  65. 

  66. #include "internal.h"

  67. 

  68. 

  69. extern const EVP_PKEY_METHOD rsa_pkey_meth;

  70. extern const EVP_PKEY_METHOD ec_pkey_meth;

  71. 

  72. static const EVP_PKEY_METHOD *const evp_methods[] = {

  73.   &rsa_pkey_meth,

  74.   &ec_pkey_meth,

  75. };

  76. 

  77. static const EVP_PKEY_METHOD *evp_pkey_meth_find(int type) {

  78.   unsigned i;

  79. 

  80.   for (i = 0; i < sizeof(evp_methods)/sizeof(EVP_PKEY_METHOD*); i++) {

  81.     if (evp_methods[i]->pkey_id == type) {

  82.       return evp_methods[i];

  83.     }

  84.   }

  85. 

  86.   return NULL;

  87. }

  88. 

  89. static EVP_PKEY_CTX *evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) {

  90.   EVP_PKEY_CTX *ret;

  91.   const EVP_PKEY_METHOD *pmeth;

  92. 

  93.   if (id == -1) {

  94.     if (!pkey || !pkey->ameth) {

  95.       return NULL;

  96.     }

  97.     id = pkey->ameth->pkey_id;

  98.   }

  99. 

  100.   pmeth = evp_pkey_meth_find(id);

  101. 

  102.   if (pmeth == NULL) {

  103.     OPENSSL_PUT_ERROR(EVP, evp_pkey_ctx_new, EVP_R_UNSUPPORTED_ALGORITHM);

  104.     const char *name = OBJ_nid2sn(id);

  105.     ERR_add_error_dataf("algorithm %d (%s)", id, name);

  106.     return NULL;

  107.   }

  108. 

  109.   ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX));

  110.   if (!ret) {

  111.     OPENSSL_PUT_ERROR(EVP, evp_pkey_ctx_new, ERR_R_MALLOC_FAILURE);

  112.     return NULL;

  113.   }

  114.   memset(ret, 0, sizeof(EVP_PKEY_CTX));

  115. 

  116.   ret->engine = e;

  117.   ret->pmeth = pmeth;

  118.   ret->operation = EVP_PKEY_OP_UNDEFINED;

  119. 

  120.   if (pkey) {

  121.     ret->pkey = EVP_PKEY_up_ref(pkey);

  122.   }

  123. 

  124.   if (pmeth->init) {

  125.     if (pmeth->init(ret) <= 0) {

  126.       EVP_PKEY_free(ret->pkey);

  127.       OPENSSL_free(ret);

  128.       return NULL;

  129.     }

  130.   }

  131. 

  132.   return ret;

  133. }

  134. 

  135. EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e) {

  136.   return evp_pkey_ctx_new(pkey, e, -1);

  137. }

  138. 

  139. EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e) {

  140.   return evp_pkey_ctx_new(NULL, e, id);

  141. }

  142. 

  143. void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) {

  144.   if (ctx == NULL) {

  145.     return;

  146.   }

  147.   if (ctx->pmeth && ctx->pmeth->cleanup) {

  148.     ctx->pmeth->cleanup(ctx);

  149.   }

  150.   EVP_PKEY_free(ctx->pkey);

  151.   EVP_PKEY_free(ctx->peerkey);

  152.   OPENSSL_free(ctx);

  153. }

  154. 

  155. EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) {

  156.   EVP_PKEY_CTX *rctx;

  157. 

  158.   if (!pctx->pmeth || !pctx->pmeth->copy) {

  159.     return NULL;

  160.   }

  161. 

  162.   rctx = OPENSSL_malloc(sizeof(EVP_PKEY_CTX));

  163.   if (!rctx) {

  164.     return NULL;

  165.   }

  166. 

  167.   memset(rctx, 0, sizeof(EVP_PKEY_CTX));

  168. 

  169.   rctx->pmeth = pctx->pmeth;

  170.   rctx->engine = pctx->engine;

  171.   rctx->operation = pctx->operation;

  172. 

  173.   if (pctx->pkey) {

  174.     rctx->pkey = EVP_PKEY_up_ref(pctx->pkey);

  175.     if (rctx->pkey == NULL) {

  176.       goto err;

  177.     }

  178.   }

  179. 

  180.   if (pctx->peerkey) {

  181.     rctx->peerkey = EVP_PKEY_up_ref(pctx->peerkey);

  182.     if (rctx->peerkey == NULL) {

  183.       goto err;

  184.     }

  185.   }

  186. 

  187.   if (pctx->pmeth->copy(rctx, pctx) > 0) {

  188.     return rctx;

  189.   }

  190. 

  191. err:

  192.   EVP_PKEY_CTX_free(rctx);

  193.   OPENSSL_PUT_ERROR(EVP, EVP_PKEY_CTX_dup, ERR_LIB_EVP);

  194.   return NULL;

  195. }

  196. 

  197. EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx) { return ctx->pkey; }

  198. 

  199. void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data) {

  200.   ctx->app_data = data;

  201. }

  202. 

  203. void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx) { return ctx->app_data; }

  204. 

  205. int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd,

  206.                       int p1, void *p2) {

  207.   if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) {

  208.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_CTX_ctrl, EVP_R_COMMAND_NOT_SUPPORTED);

  209.     return 0;

  210.   }

  211.   if (keytype != -1 && ctx->pmeth->pkey_id != keytype) {

  212.     return 0;

  213.   }

  214. 

  215.   if (ctx->operation == EVP_PKEY_OP_UNDEFINED) {

  216.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_CTX_ctrl, EVP_R_NO_OPERATION_SET);

  217.     return 0;

  218.   }

  219. 

  220.   if (optype != -1 && !(ctx->operation & optype)) {

  221.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_CTX_ctrl, EVP_R_INVALID_OPERATION);

  222.     return 0;

  223.   }

  224. 

  225.   return ctx->pmeth->ctrl(ctx, cmd, p1, p2);

  226. }

  227. 

  228. int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) {

  229.   if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) {

  230.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_sign_init,

  231.                       EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  232.     return 0;

  233.   }

  234. 

  235.   ctx->operation = EVP_PKEY_OP_SIGN;

  236.   if (!ctx->pmeth->sign_init) {

  237.     return 1;

  238.   }

  239. 

  240.   if (!ctx->pmeth->sign_init(ctx)) {

  241.     ctx->operation = EVP_PKEY_OP_UNDEFINED;

  242.     return 0;

  243.   }

  244. 

  245.   return 1;

  246. }

  247. 

  248. int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *sig_len,

  249.                   const uint8_t *data, size_t data_len) {

  250.   if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) {

  251.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_sign,

  252.                       EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  253.     return 0;

  254.   }

  255.   if (ctx->operation != EVP_PKEY_OP_SIGN) {

  256.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_sign, EVP_R_OPERATON_NOT_INITIALIZED);

  257.     return 0;

  258.   }

  259.   return ctx->pmeth->sign(ctx, sig, sig_len, data, data_len);

  260. }

  261. 

  262. int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx) {

  263.   if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) {

  264.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_verify_init,

  265.                       EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  266.     return 0;

  267.   }

  268.   ctx->operation = EVP_PKEY_OP_VERIFY;

  269.   if (!ctx->pmeth->verify_init) {

  270.     return 1;

  271.   }

  272.   if (!ctx->pmeth->verify_init(ctx)) {

  273.     ctx->operation = EVP_PKEY_OP_UNDEFINED;

  274.     return 0;

  275.   }

  276. 

  277.   return 1;

  278. }

  279. 

  280. int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t sig_len,

  281.                     const uint8_t *data, size_t data_len) {

  282.   if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) {

  283.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_verify,

  284.                       EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  285.     return 0;

  286.   }

  287.   if (ctx->operation != EVP_PKEY_OP_VERIFY) {

  288.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_verify, EVP_R_OPERATON_NOT_INITIALIZED);

  289.     return 0;

  290.   }

  291.   return ctx->pmeth->verify(ctx, sig, sig_len, data, data_len);

  292. }

  293. 

  294. int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx) {

  295.   if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {

  296.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_encrypt_init,

  297.                       EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  298.     return 0;

  299.   }

  300.   ctx->operation = EVP_PKEY_OP_ENCRYPT;

  301.   if (!ctx->pmeth->encrypt_init) {

  302.     return 1;

  303.   }

  304.   if (!ctx->pmeth->encrypt_init(ctx)) {

  305.     ctx->operation = EVP_PKEY_OP_UNDEFINED;

  306.     return 0;

  307.   }

  308.   return 1;

  309. }

  310. 

  311. int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen,

  312.                      const uint8_t *in, size_t inlen) {

  313.   if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {

  314.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_encrypt,

  315.                       EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  316.     return 0;

  317.   }

  318.   if (ctx->operation != EVP_PKEY_OP_ENCRYPT) {

  319.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_encrypt, EVP_R_OPERATON_NOT_INITIALIZED);

  320.     return 0;

  321.   }

  322.   return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);

  323. }

  324. 

  325. int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx) {

  326.   if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {

  327.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_decrypt_init,

  328.                       EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  329.     return 0;

  330.   }

  331.   ctx->operation = EVP_PKEY_OP_DECRYPT;

  332.   if (!ctx->pmeth->decrypt_init) {

  333.     return 1;

  334.   }

  335.   if (!ctx->pmeth->decrypt_init(ctx)) {

  336.     ctx->operation = EVP_PKEY_OP_UNDEFINED;

  337.     return 0;

  338.   }

  339.   return 1;

  340. }

  341. 

  342. int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen,

  343.                      const uint8_t *in, size_t inlen) {

  344.   if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {

  345.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_decrypt,

  346.                       EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  347.     return 0;

  348.   }

  349.   if (ctx->operation != EVP_PKEY_OP_DECRYPT) {

  350.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_decrypt, EVP_R_OPERATON_NOT_INITIALIZED);

  351.     return 0;

  352.   }

  353.   return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);

  354. }

  355. 

  356. int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) {

  357.   if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {

  358.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive_init,

  359.                       EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  360.     return 0;

  361.   }

  362.   ctx->operation = EVP_PKEY_OP_DERIVE;

  363.   if (!ctx->pmeth->derive_init) {

  364.     return 1;

  365.   }

  366.   if (!ctx->pmeth->derive_init(ctx)) {

  367.     ctx->operation = EVP_PKEY_OP_UNDEFINED;

  368.     return 0;

  369.   }

  370.   return 1;

  371. }

  372. 

  373. int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) {

  374.   int ret;

  375.   if (!ctx || !ctx->pmeth ||

  376.       !(ctx->pmeth->derive || ctx->pmeth->encrypt || ctx->pmeth->decrypt) ||

  377.       !ctx->pmeth->ctrl) {

  378.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive_set_peer,

  379.                       EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  380.     return 0;

  381.   }

  382.   if (ctx->operation != EVP_PKEY_OP_DERIVE &&

  383.       ctx->operation != EVP_PKEY_OP_ENCRYPT &&

  384.       ctx->operation != EVP_PKEY_OP_DECRYPT) {

  385.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive_set_peer,

  386.                       EVP_R_OPERATON_NOT_INITIALIZED);

  387.     return 0;

  388.   }

  389. 

  390.   ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);

  391. 

  392.   if (ret <= 0) {

  393.     return 0;

  394.   }

  395. 

  396.   if (ret == 2) {

  397.     return 1;

  398.   }

  399. 

  400.   if (!ctx->pkey) {

  401.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive_set_peer, EVP_R_NO_KEY_SET);

  402.     return 0;

  403.   }

  404. 

  405.   if (ctx->pkey->type != peer->type) {

  406.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive_set_peer, EVP_R_DIFFERENT_KEY_TYPES);

  407.     return 0;

  408.   }

  409. 

  410.   /* ran@cryptocom.ru: For clarity.  The error is if parameters in peer are

  411.    * present (!missing) but don't match.  EVP_PKEY_cmp_parameters may return

  412.    * 1 (match), 0 (don't match) and -2 (comparison is not defined).  -1

  413.    * (different key types) is impossible here because it is checked earlier.

  414.    * -2 is OK for us here, as well as 1, so we can check for 0 only. */

  415.   if (!EVP_PKEY_missing_parameters(peer) &&

  416.       !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) {

  417.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive_set_peer,

  418.                       EVP_R_DIFFERENT_PARAMETERS);

  419.     return 0;

  420.   }

  421. 

  422.   EVP_PKEY_free(ctx->peerkey);

  423.   ctx->peerkey = peer;

  424. 

  425.   ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);

  426. 

  427.   if (ret <= 0) {

  428.     ctx->peerkey = NULL;

  429.     return 0;

  430.   }

  431. 

  432.   EVP_PKEY_up_ref(peer);

  433.   return 1;

  434. }

  435. 

  436. int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, uint8_t *key, size_t *out_key_len) {

  437.   if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {

  438.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive,

  439.                       EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  440.     return 0;

  441.   }

  442.   if (ctx->operation != EVP_PKEY_OP_DERIVE) {

  443.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive, EVP_R_OPERATON_NOT_INITIALIZED);

  444.     return 0;

  445.   }

  446.   return ctx->pmeth->derive(ctx, key, out_key_len);

  447. }

  448. 

  449. int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx) {

  450.   if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) {

  451.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_keygen_init,

  452.                       EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  453.     return 0;

  454.   }

  455.   ctx->operation = EVP_PKEY_OP_KEYGEN;

  456.   if (!ctx->pmeth->keygen_init) {

  457.     return 1;

  458.   }

  459.   if (!ctx->pmeth->keygen_init(ctx)) {

  460.     ctx->operation = EVP_PKEY_OP_UNDEFINED;

  461.     return 0;

  462.   }

  463.   return 1;

  464. }

  465. 

  466. int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) {

  467.   if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) {

  468.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_keygen,

  469.                       EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

  470.     return 0;

  471.   }

  472.   if (ctx->operation != EVP_PKEY_OP_KEYGEN) {

  473.     OPENSSL_PUT_ERROR(EVP, EVP_PKEY_keygen, EVP_R_OPERATON_NOT_INITIALIZED);

  474.     return 0;

  475.   }

  476. 

  477.   if (!ppkey) {

  478.     return 0;

  479.   }

  480. 

  481.   if (!*ppkey) {

  482.     *ppkey = EVP_PKEY_new();

  483.     if (!*ppkey) {

  484.       OPENSSL_PUT_ERROR(EVP, EVP_PKEY_keygen, ERR_LIB_EVP);

  485.       return 0;

  486.     }

  487.   }

  488. 

  489.   if (!ctx->pmeth->keygen(ctx, *ppkey)) {

  490.     EVP_PKEY_free(*ppkey);

  491.     *ppkey = NULL;

  492.     return 0;

  493.   }

  494.   return 1;

  495. }