Implement Provider side Key Management for X25519 and X448

Reviewed-by: NPatrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: NShane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10964)

crypto/dh/dh_ameth.c

@@ -505,10 +505,10 @@ static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
             return 0;
     }
     /* A key must at least have a public part. */
-    if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_key))
+    if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_PUB_KEY, pub_key))
         return 0;
     if (priv_key != NULL) {
-        if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_PRIV_KEY,
+        if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_PRIV_KEY,
                                     priv_key))
             return 0;
     }

crypto/dsa/dsa_ameth.c

@@ -530,11 +530,11 @@ static int dsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
         || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_Q, q)
         || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_G, g))
         return 0;
-    if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DSA_PUB_KEY,
+    if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_PUB_KEY,
                                 pub_key))
         return 0;
     if (priv_key != NULL) {
-        if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DSA_PRIV_KEY,
+        if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_PRIV_KEY,
                                     priv_key))
             return 0;
     }

include/openssl/core_names.h

@@ -171,20 +171,14 @@ extern "C" {
 #define OSSL_PKEY_PARAM_PROPERTIES          OSSL_ALG_PARAM_PROPERTIES
 #define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
 #define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
+#define OSSL_PKEY_PARAM_PUB_KEY             "pub"
+#define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
 
 /* Diffie-Hellman/DSA Parameters */
 #define OSSL_PKEY_PARAM_FFC_P        "p"
 #define OSSL_PKEY_PARAM_FFC_G        "g"
 #define OSSL_PKEY_PARAM_FFC_Q        "q"
 
-/* Diffie-Hellman Keys */
-#define OSSL_PKEY_PARAM_DH_PUB_KEY   "pub"
-#define OSSL_PKEY_PARAM_DH_PRIV_KEY  "priv"
-
-/* DSA Keys */
-#define OSSL_PKEY_PARAM_DSA_PUB_KEY  "pub"
-#define OSSL_PKEY_PARAM_DSA_PRIV_KEY "priv"
-
 /* RSA Keys */
 /*
  * n, e, d are the usual public and private key components

providers/defltprov.c

@@ -395,6 +395,10 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = {
     { "DSA:dsaEncryption", "default=yes", dsa_keymgmt_functions },
 #endif
     { "RSA:rsaEncryption", "default=yes", rsa_keymgmt_functions },
+#ifndef OPENSSL_NO_EC
+    { "X25519", "default=yes", x25519_keymgmt_functions },
+    { "X448", "default=yes", x448_keymgmt_functions },
+#endif
     { NULL, NULL, NULL }
 };
 

providers/fips/fipsprov.c

@@ -258,8 +258,8 @@ static int dsa_key_signature_test(OPENSSL_CTX *libctx)
     if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
-        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DSA_PUB_KEY, pub)
-        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DSA_PRIV_KEY, priv))
+        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
+        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
         goto err;
     params = ossl_param_bld_to_param(&bld);
 
@@ -407,8 +407,8 @@ static int dh_key_exchange_test(OPENSSL_CTX *libctx)
     if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
-        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PUB_KEY, pub)
-        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PRIV_KEY, priv))
+        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
+        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
         goto err;
     params = ossl_param_bld_to_param(&bld);
 
@@ -416,7 +416,7 @@ static int dh_key_exchange_test(OPENSSL_CTX *libctx)
     if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
-        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_peer))
+        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_PUB_KEY, pub_peer))
         goto err;
 
     params_peer = ossl_param_bld_to_param(&bld);

providers/implementations/include/prov/implementations.h

@@ -257,6 +257,8 @@ extern const OSSL_DISPATCH kdf_krb5kdf_functions[];
 extern const OSSL_DISPATCH dh_keymgmt_functions[];
 extern const OSSL_DISPATCH dsa_keymgmt_functions[];
 extern const OSSL_DISPATCH rsa_keymgmt_functions[];
+extern const OSSL_DISPATCH x25519_keymgmt_functions[];
+extern const OSSL_DISPATCH x448_keymgmt_functions[];
 
 /* Key Exchange */
 extern const OSSL_DISPATCH dh_keyexch_functions[];

providers/implementations/keymgmt/build.info

@@ -4,6 +4,7 @@
 $DH_GOAL=../../libimplementations.a
 $DSA_GOAL=../../libimplementations.a
 $RSA_GOAL=../../libimplementations.a
+$ECX_GOAL=../../libimplementations.a
 
 IF[{- !$disabled{dh} -}]
   SOURCE[$DH_GOAL]=dh_kmgmt.c
@@ -12,3 +13,4 @@ IF[{- !$disabled{dsa} -}]
   SOURCE[$DSA_GOAL]=dsa_kmgmt.c
 ENDIF
 SOURCE[$RSA_GOAL]=rsa_kmgmt.c
+SOURCE[$ECX_GOAL]=ecx_kmgmt.c

providers/implementations/keymgmt/dh_kmgmt.c

@@ -86,9 +86,9 @@ static int params_to_key(DH *dh, const OSSL_PARAM params[])
         return 0;
 
     param_priv_key =
-        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_KEY);
+        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
     param_pub_key =
-        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PUB_KEY);
+        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
 
     /*
      * DH documentation says that a public key must be present if a
@@ -126,10 +126,10 @@ static int key_to_params(DH *dh, OSSL_PARAM_BLD *tmpl)
 
     DH_get0_key(dh, &pub_key, &priv_key);
     if (priv_key != NULL
-        && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_DH_PRIV_KEY, priv_key))
+        && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY, priv_key))
         return 0;
     if (pub_key != NULL
-        && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_key))
+        && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, pub_key))
         return 0;
 
     return 1;
@@ -214,9 +214,9 @@ static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
     OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0),      \
     OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0)
 # define DH_IMEXPORTABLE_PUBLIC_KEY                     \
-    OSSL_PARAM_BN(OSSL_PKEY_PARAM_DH_PUB_KEY, NULL, 0)
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
 # define DH_IMEXPORTABLE_PRIVATE_KEY                    \
-    OSSL_PARAM_BN(OSSL_PKEY_PARAM_DH_PRIV_KEY, NULL, 0)
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
 static const OSSL_PARAM dh_all_types[] = {
     DH_IMEXPORTABLE_PARAMETERS,
     DH_IMEXPORTABLE_PUBLIC_KEY,

providers/implementations/keymgmt/dsa_kmgmt.c

@@ -94,9 +94,9 @@ static int params_to_key(DSA *dsa, const OSSL_PARAM params[])
         return 0;
 
     param_priv_key =
-        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DSA_PRIV_KEY);
+        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
     param_pub_key =
-        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DSA_PUB_KEY);
+        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
 
     /*
      * DSA documentation says that a public key must be present if a private key
@@ -133,10 +133,10 @@ static int key_to_params(DSA *dsa, OSSL_PARAM_BLD *tmpl)
 
     DSA_get0_key(dsa, &pub_key, &priv_key);
     if (priv_key != NULL
-        && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_DSA_PRIV_KEY, priv_key))
+        && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY, priv_key))
         return 0;
     if (pub_key != NULL
-        && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_DSA_PUB_KEY, pub_key))
+        && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, pub_key))
         return 0;
 
     return 1;
@@ -222,9 +222,9 @@ static int dsa_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
     OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_Q, NULL, 0),      \
     OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0)
 # define DSA_IMEXPORTABLE_PUBLIC_KEY                    \
-    OSSL_PARAM_BN(OSSL_PKEY_PARAM_DSA_PUB_KEY, NULL, 0)
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
 # define DSA_IMEXPORTABLE_PRIVATE_KEY                   \
-    OSSL_PARAM_BN(OSSL_PKEY_PARAM_DSA_PRIV_KEY, NULL, 0)
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
 static const OSSL_PARAM dsa_all_types[] = {
     DSA_IMEXPORTABLE_PARAMETERS,
     DSA_IMEXPORTABLE_PUBLIC_KEY,

providers/implementations/keymgmt/ecx_kmgmt.c

+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include <openssl/core_numbers.h>
+#include <openssl/core_names.h>
+#include <openssl/params.h>
+#include "internal/param_build.h"
+#include "crypto/ecx.h"
+#include "prov/implementations.h"
+#include "prov/providercommon.h"
+
+static OSSL_OP_keymgmt_new_fn x25519_new_key;
+static OSSL_OP_keymgmt_new_fn x448_new_key;
+static OSSL_OP_keymgmt_get_params_fn x25519_get_params;
+static OSSL_OP_keymgmt_get_params_fn x448_get_params;
+static OSSL_OP_keymgmt_gettable_params_fn ecx_gettable_params;
+static OSSL_OP_keymgmt_has_fn ecx_has;
+static OSSL_OP_keymgmt_import_fn ecx_import;
+static OSSL_OP_keymgmt_import_types_fn ecx_imexport_types;
+static OSSL_OP_keymgmt_export_fn ecx_export;
+static OSSL_OP_keymgmt_export_types_fn ecx_imexport_types;
+
+static void *x25519_new_key(void *provctx)
+{
+    return ecx_key_new(X25519_KEYLEN, 0);
+}
+
+static void *x448_new_key(void *provctx)
+{
+    return ecx_key_new(X448_KEYLEN, 0);
+}
+
+static int ecx_has(void *keydata, int selection)
+{
+    ECX_KEY *key = keydata;
+    const int ecx_selections = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
+                               | OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
+    int ok = 1;
+
+    if ((selection & ~ecx_selections) != 0
+            || (selection & ecx_selections) == 0)
+        return 0;
+
+    if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
+        ok = ok && key->haspubkey;
+
+    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
+        ok = ok && key->privkey != NULL;
+
+    return ok;
+}
+
+static int ecx_import(void *keydata, int selection, const OSSL_PARAM params[])
+{
+    ECX_KEY *key = keydata;
+    size_t privkeylen = 0, pubkeylen;
+    const OSSL_PARAM *param_priv_key = NULL, *param_pub_key;
+    unsigned char *pubkey;
+    const int ecx_selections = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
+                               | OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
+
+    if (key == NULL)
+        return 0;
+
+    if ((selection & ~ecx_selections) != 0
+            || (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
+        return 0;
+
+    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
+        param_priv_key =
+            OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
+    param_pub_key =
+        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
+
+    /*
+     * If a private key is present then a public key must also be present.
+     * Alternatively we've just got a public key.
+     */
+    if (param_pub_key == NULL
+            || (param_priv_key == NULL
+                && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0))
+        return 0;
+
+    if (param_priv_key != NULL
+             && !OSSL_PARAM_get_octet_string(param_priv_key,
+                                            (void **)&key->privkey, key->keylen,
+                                             &privkeylen))
+        return 0;
+
+    pubkey = key->pubkey;
+    if (!OSSL_PARAM_get_octet_string(param_pub_key,
+                                     (void **)&pubkey,
+                                     sizeof(key->pubkey), &pubkeylen))
+        return 0;
+
+    if (pubkeylen != key->keylen
+            || (param_priv_key != NULL && privkeylen != key->keylen))
+        return 0;
+
+    key->haspubkey = 1;
+
+    return 1;
+}
+
+static int key_to_params(ECX_KEY *key, OSSL_PARAM_BLD *tmpl)
+{
+    if (key == NULL)
+        return 0;
+
+    if (!ossl_param_bld_push_octet_string(tmpl, OSSL_PKEY_PARAM_PUB_KEY,
+                                          key->pubkey, key->keylen))
+        return 0;
+
+    if (key->privkey != NULL
+        && !ossl_param_bld_push_octet_string(tmpl, OSSL_PKEY_PARAM_PRIV_KEY,
+                                             key->privkey, key->keylen))
+        return 0;
+
+    return 1;
+}
+
+static int ecx_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
+                      void *cbarg)
+{
+    ECX_KEY *key = keydata;
+    OSSL_PARAM_BLD tmpl;
+    OSSL_PARAM *params = NULL;
+    int ret;
+
+    if (key == NULL)
+        return 0;
+
+    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0
+            && !key_to_params(key, &tmpl))
+        return 0;
+
+    ossl_param_bld_init(&tmpl);
+    params = ossl_param_bld_to_param(&tmpl);
+    if (params == NULL) {
+        ossl_param_bld_free(params);
+        return 0;
+    }
+
+    ret = param_cb(params, cbarg);
+    ossl_param_bld_free(params);
+    return ret;
+}
+
+static const OSSL_PARAM ecx_key_types[] = {
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0),
+    OSSL_PARAM_END
+};
+static const OSSL_PARAM *ecx_imexport_types(int selection)
+{
+    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
+        return ecx_key_types;
+    return NULL;
+}
+
+static int ecx_get_params(OSSL_PARAM params[], int bits, int secbits,
+                          int size)
+{
+    OSSL_PARAM *p;
+
+    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
+        && !OSSL_PARAM_set_int(p, bits))
+        return 0;
+    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
+        && !OSSL_PARAM_set_int(p, secbits))
+        return 0;
+    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
+        && !OSSL_PARAM_set_int(p, size))
+        return 0;
+    return 1;
+}
+
+static int x25519_get_params(void *key, OSSL_PARAM params[])
+{
+    return ecx_get_params(params, X25519_BITS, X25519_SECURITY_BITS, X25519_KEYLEN);
+}
+
+static int x448_get_params(void *key, OSSL_PARAM params[])
+{
+    return ecx_get_params(params, X448_BITS, X448_SECURITY_BITS, X448_KEYLEN);
+}
+
+static const OSSL_PARAM ecx_params[] = {
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
+    OSSL_PARAM_END
+};
+
+static const OSSL_PARAM *ecx_gettable_params(void)
+{
+    return ecx_params;
+}
+
+const OSSL_DISPATCH x25519_keymgmt_functions[] = {
+    { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))x25519_new_key },
+    { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ecx_key_free },
+    { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))x25519_get_params },
+    { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))ecx_gettable_params },
+    { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ecx_has },
+    { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ecx_import },
+    { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ecx_imexport_types },
+    { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ecx_export },
+    { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ecx_imexport_types },
+    { 0, NULL }
+};
+
+const OSSL_DISPATCH x448_keymgmt_functions[] = {
+    { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))x448_new_key },
+    { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ecx_key_free },
+    { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))x448_get_params },
+    { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))ecx_gettable_params },
+    { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ecx_has },
+    { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ecx_import },
+    { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ecx_imexport_types },
+    { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ecx_export },
+    { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ecx_imexport_types },
+    { 0, NULL }
+};

test/evp_pkey_provided_test.c

@@ -178,8 +178,8 @@ static int test_fromdata_dh(void)
         0x2,                     /* G */
     };
     OSSL_PARAM fromdata_params[] = {
-        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_DH_PRIV_KEY, &key_numbers[PRIV_KEY]),
-        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_DH_PUB_KEY, &key_numbers[PUB_KEY]),
+        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_PRIV_KEY, &key_numbers[PRIV_KEY]),
+        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_PUB_KEY, &key_numbers[PUB_KEY]),
         OSSL_PARAM_ulong(OSSL_PKEY_PARAM_FFC_P, &key_numbers[FFC_P]),
         OSSL_PARAM_ulong(OSSL_PKEY_PARAM_FFC_G, &key_numbers[FFC_G]),
         OSSL_PARAM_END