cipher##_init_key, NULL, NULL, NULL, NULL)
/*
- * Type needs to be a bit field Sub-type needs to be for variations on the
- * method, as in, can it do arbitrary encryption....
+ * An EVP_PKEY can have the following states:
+ *
+ * untyped & empty:
+ *
+ * type == EVP_PKEY_NONE && keymgmt == NULL
+ *
+ * typed & empty:
+ *
+ * (type != EVP_PKEY_NONE && pkey.ptr == NULL) ## legacy (libcrypto only)
+ * || (keymgmt != NULL && keydata == NULL) ## provider side
+ *
+ * fully assigned:
+ *
+ * (type != EVP_PKEY_NONE && pkey.ptr != NULL) ## legacy (libcrypto only)
+ * || (keymgmt != NULL && keydata != NULL) ## provider side
+ *
+ * The easiest way to detect a legacy key is: type != EVP_PKEY_NONE
+ * The easiest way to detect a provider side key is: keymgmt != NULL
*/
struct evp_pkey_st {
/* == Legacy attributes == */
int type;
int save_type;
+# ifndef FIPS_MODE
/*
* Legacy key "origin" is composed of a pointer to an EVP_PKEY_ASN1_METHOD,
* a pointer to a low level key and possibly a pointer to an engine.
ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */
union {
void *ptr;
-# ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
struct rsa_st *rsa; /* RSA */
-# endif
-# ifndef OPENSSL_NO_DSA
+# endif
+# ifndef OPENSSL_NO_DSA
struct dsa_st *dsa; /* DSA */
-# endif
-# ifndef OPENSSL_NO_DH
+# endif
+# ifndef OPENSSL_NO_DH
struct dh_st *dh; /* DH */
-# endif
-# ifndef OPENSSL_NO_EC
+# endif
+# ifndef OPENSSL_NO_EC
struct ec_key_st *ec; /* ECC */
ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */
-# endif
+# endif
} pkey;
+# endif
/* == Common attributes == */
CRYPTO_REF_COUNT references;