2 * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/objects.h>
13 #include <openssl/evp.h>
14 #include "internal/cryptlib.h"
15 #include "crypto/evp.h"
16 #include "internal/provider.h"
17 #include "evp_local.h"
19 static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov)
21 EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE));
23 if (signature == NULL) {
24 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
28 signature->lock = CRYPTO_THREAD_lock_new();
29 if (signature->lock == NULL) {
30 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
31 OPENSSL_free(signature);
34 signature->prov = prov;
35 ossl_provider_up_ref(prov);
36 signature->refcnt = 1;
41 static void *evp_signature_from_dispatch(int name_id,
42 const OSSL_DISPATCH *fns,
45 EVP_SIGNATURE *signature = NULL;
46 int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0;
47 int digsignfncnt = 0, digverifyfncnt = 0;
48 int gparamfncnt = 0, sparamfncnt = 0, gmdparamfncnt = 0, smdparamfncnt = 0;
50 if ((signature = evp_signature_new(prov)) == NULL) {
51 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
55 signature->name_id = name_id;
57 for (; fns->function_id != 0; fns++) {
58 switch (fns->function_id) {
59 case OSSL_FUNC_SIGNATURE_NEWCTX:
60 if (signature->newctx != NULL)
62 signature->newctx = OSSL_get_OP_signature_newctx(fns);
65 case OSSL_FUNC_SIGNATURE_SIGN_INIT:
66 if (signature->sign_init != NULL)
68 signature->sign_init = OSSL_get_OP_signature_sign_init(fns);
71 case OSSL_FUNC_SIGNATURE_SIGN:
72 if (signature->sign != NULL)
74 signature->sign = OSSL_get_OP_signature_sign(fns);
77 case OSSL_FUNC_SIGNATURE_VERIFY_INIT:
78 if (signature->verify_init != NULL)
80 signature->verify_init = OSSL_get_OP_signature_verify_init(fns);
83 case OSSL_FUNC_SIGNATURE_VERIFY:
84 if (signature->verify != NULL)
86 signature->verify = OSSL_get_OP_signature_verify(fns);
89 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT:
90 if (signature->verify_recover_init != NULL)
92 signature->verify_recover_init
93 = OSSL_get_OP_signature_verify_recover_init(fns);
96 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER:
97 if (signature->verify_recover != NULL)
99 signature->verify_recover
100 = OSSL_get_OP_signature_verify_recover(fns);
103 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT:
104 if (signature->digest_sign_init != NULL)
106 signature->digest_sign_init
107 = OSSL_get_OP_signature_digest_sign_init(fns);
110 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE:
111 if (signature->digest_sign_update != NULL)
113 signature->digest_sign_update
114 = OSSL_get_OP_signature_digest_sign_update(fns);
117 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL:
118 if (signature->digest_sign_final != NULL)
120 signature->digest_sign_final
121 = OSSL_get_OP_signature_digest_sign_final(fns);
124 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT:
125 if (signature->digest_verify_init != NULL)
127 signature->digest_verify_init
128 = OSSL_get_OP_signature_digest_verify_init(fns);
131 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE:
132 if (signature->digest_verify_update != NULL)
134 signature->digest_verify_update
135 = OSSL_get_OP_signature_digest_verify_update(fns);
138 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL:
139 if (signature->digest_verify_final != NULL)
141 signature->digest_verify_final
142 = OSSL_get_OP_signature_digest_verify_final(fns);
145 case OSSL_FUNC_SIGNATURE_FREECTX:
146 if (signature->freectx != NULL)
148 signature->freectx = OSSL_get_OP_signature_freectx(fns);
151 case OSSL_FUNC_SIGNATURE_DUPCTX:
152 if (signature->dupctx != NULL)
154 signature->dupctx = OSSL_get_OP_signature_dupctx(fns);
156 case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS:
157 if (signature->get_ctx_params != NULL)
159 signature->get_ctx_params
160 = OSSL_get_OP_signature_get_ctx_params(fns);
163 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS:
164 if (signature->gettable_ctx_params != NULL)
166 signature->gettable_ctx_params
167 = OSSL_get_OP_signature_gettable_ctx_params(fns);
170 case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS:
171 if (signature->set_ctx_params != NULL)
173 signature->set_ctx_params
174 = OSSL_get_OP_signature_set_ctx_params(fns);
177 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS:
178 if (signature->settable_ctx_params != NULL)
180 signature->settable_ctx_params
181 = OSSL_get_OP_signature_settable_ctx_params(fns);
184 case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS:
185 if (signature->get_ctx_md_params != NULL)
187 signature->get_ctx_md_params
188 = OSSL_get_OP_signature_get_ctx_md_params(fns);
191 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS:
192 if (signature->gettable_ctx_md_params != NULL)
194 signature->gettable_ctx_md_params
195 = OSSL_get_OP_signature_gettable_ctx_md_params(fns);
198 case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS:
199 if (signature->set_ctx_md_params != NULL)
201 signature->set_ctx_md_params
202 = OSSL_get_OP_signature_set_ctx_md_params(fns);
205 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS:
206 if (signature->settable_ctx_md_params != NULL)
208 signature->settable_ctx_md_params
209 = OSSL_get_OP_signature_settable_ctx_md_params(fns);
217 && verifyrecfncnt == 0
219 && digverifyfncnt == 0)
220 || (signfncnt != 0 && signfncnt != 2)
221 || (verifyfncnt != 0 && verifyfncnt != 2)
222 || (verifyrecfncnt != 0 && verifyrecfncnt != 2)
223 || (digsignfncnt != 0 && digsignfncnt != 3)
224 || (digverifyfncnt != 0 && digverifyfncnt != 3)
225 || (gparamfncnt != 0 && gparamfncnt != 2)
226 || (sparamfncnt != 0 && sparamfncnt != 2)
227 || (gmdparamfncnt != 0 && gmdparamfncnt != 2)
228 || (smdparamfncnt != 0 && smdparamfncnt != 2)) {
230 * In order to be a consistent set of functions we must have at least
231 * a set of context functions (newctx and freectx) as well as a set of
232 * "signature" functions:
233 * (sign_init, sign) or
234 * (verify_init verify) or
235 * (verify_recover_init, verify_recover) or
236 * (digest_sign_init, digest_sign_update, digest_sign_final) or
237 * (digest_verify_init, digest_verify_update, digest_verify_final).
239 * set_ctx_params and settable_ctx_params are optional, but if one of
240 * them is present then the other one must also be present. The same
241 * applies to get_ctx_params and gettable_ctx_params. The same rules
242 * apply to the "md_params" functions. The dupctx function is optional.
244 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
250 EVP_SIGNATURE_free(signature);
254 void EVP_SIGNATURE_free(EVP_SIGNATURE *signature)
256 if (signature != NULL) {
259 CRYPTO_DOWN_REF(&signature->refcnt, &i, signature->lock);
262 ossl_provider_free(signature->prov);
263 CRYPTO_THREAD_lock_free(signature->lock);
264 OPENSSL_free(signature);
268 int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature)
272 CRYPTO_UP_REF(&signature->refcnt, &ref, signature->lock);
276 OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature)
278 return signature->prov;
281 EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm,
282 const char *properties)
284 return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties,
285 evp_signature_from_dispatch,
286 (int (*)(void *))EVP_SIGNATURE_up_ref,
287 (void (*)(void *))EVP_SIGNATURE_free);
290 int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name)
292 return evp_is_a(signature->prov, signature->name_id, name);
295 int EVP_SIGNATURE_number(const EVP_SIGNATURE *signature)
297 return signature->name_id;
300 void EVP_SIGNATURE_do_all_provided(OPENSSL_CTX *libctx,
301 void (*fn)(EVP_SIGNATURE *signature,
305 evp_generic_do_all(libctx, OSSL_OP_SIGNATURE,
306 (void (*)(void *, void *))fn, arg,
307 evp_signature_from_dispatch,
308 (void (*)(void *))EVP_SIGNATURE_free);
312 void EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature,
313 void (*fn)(const char *name, void *data),
316 if (signature->prov != NULL)
317 evp_names_do_all(signature->prov, signature->name_id, fn, data);
320 static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation)
323 void *provkey = NULL;
324 EVP_SIGNATURE *signature = NULL;
327 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
331 evp_pkey_ctx_free_old_ops(ctx);
332 ctx->operation = operation;
334 if (ctx->algorithm == NULL)
338 * Because we cleared out old ops, we shouldn't need to worry about
339 * checking if signature is already there. Keymgmt is a different
340 * matter, as it isn't tied to a specific EVP_PKEY op.
342 signature = EVP_SIGNATURE_fetch(ctx->libctx, ctx->algorithm,
344 if (signature != NULL && ctx->keymgmt == NULL) {
345 int name_id = EVP_SIGNATURE_number(signature);
347 ctx->keymgmt = evp_keymgmt_fetch_by_number(ctx->libctx, name_id,
351 if (ctx->keymgmt == NULL
353 || (EVP_KEYMGMT_provider(ctx->keymgmt)
354 != EVP_SIGNATURE_provider(signature))) {
356 * We don't have the full support we need with provided methods,
357 * let's go see if legacy does. Also, we don't need to free
358 * ctx->keymgmt here, as it's not necessarily tied to this
359 * operation. It will be freed by EVP_PKEY_CTX_free().
361 EVP_SIGNATURE_free(signature);
365 ctx->op.sig.signature = signature;
367 if (ctx->pkey != NULL) {
369 evp_keymgmt_export_to_provider(ctx->pkey, ctx->keymgmt, 0);
370 /* If export failed, legacy may be able to pick it up */
374 ctx->op.sig.sigprovctx = signature->newctx(ossl_provider_ctx(signature->prov));
375 if (ctx->op.sig.sigprovctx == NULL) {
376 /* The provider key can stay in the cache */
377 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
382 case EVP_PKEY_OP_SIGN:
383 if (signature->sign_init == NULL) {
384 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
388 ret = signature->sign_init(ctx->op.sig.sigprovctx, provkey);
390 case EVP_PKEY_OP_VERIFY:
391 if (signature->verify_init == NULL) {
392 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
396 ret = signature->verify_init(ctx->op.sig.sigprovctx, provkey);
398 case EVP_PKEY_OP_VERIFYRECOVER:
399 if (signature->verify_recover_init == NULL) {
400 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
404 ret = signature->verify_recover_init(ctx->op.sig.sigprovctx, provkey);
407 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
412 signature->freectx(ctx->op.sig.sigprovctx);
413 ctx->op.sig.sigprovctx = NULL;
419 if (ctx->pmeth == NULL
420 || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL)
421 || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL)
422 || (operation == EVP_PKEY_OP_VERIFYRECOVER
423 && ctx->pmeth->verify_recover == NULL)) {
424 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
429 case EVP_PKEY_OP_SIGN:
430 if (ctx->pmeth->sign_init == NULL)
432 ret = ctx->pmeth->sign_init(ctx);
434 case EVP_PKEY_OP_VERIFY:
435 if (ctx->pmeth->verify_init == NULL)
437 ret = ctx->pmeth->verify_init(ctx);
439 case EVP_PKEY_OP_VERIFYRECOVER:
440 if (ctx->pmeth->verify_recover_init == NULL)
442 ret = ctx->pmeth->verify_recover_init(ctx);
445 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
453 ctx->operation = EVP_PKEY_OP_UNDEFINED;
457 int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
459 return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN);
462 int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
463 unsigned char *sig, size_t *siglen,
464 const unsigned char *tbs, size_t tbslen)
469 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
473 if (ctx->operation != EVP_PKEY_OP_SIGN) {
474 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
478 if (ctx->op.sig.sigprovctx == NULL)
481 ret = ctx->op.sig.signature->sign(ctx->op.sig.sigprovctx, sig, siglen,
482 SIZE_MAX, tbs, tbslen);
487 if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) {
488 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
492 M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
493 return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
496 int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
498 return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY);
501 int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
502 const unsigned char *sig, size_t siglen,
503 const unsigned char *tbs, size_t tbslen)
508 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
512 if (ctx->operation != EVP_PKEY_OP_VERIFY) {
513 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
517 if (ctx->op.sig.sigprovctx == NULL)
520 ret = ctx->op.sig.signature->verify(ctx->op.sig.sigprovctx, sig, siglen,
525 if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) {
526 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
530 return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
533 int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
535 return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER);
538 int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
539 unsigned char *rout, size_t *routlen,
540 const unsigned char *sig, size_t siglen)
545 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
549 if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
550 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
554 if (ctx->op.sig.sigprovctx == NULL)
557 ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.sigprovctx, rout,
559 (rout == NULL ? 0 : *routlen),
563 if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) {
564 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
567 M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
568 return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
571 static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation)
574 void *provkey = NULL;
575 EVP_ASYM_CIPHER *cipher = NULL;
578 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
582 evp_pkey_ctx_free_old_ops(ctx);
583 ctx->operation = operation;
585 if (ctx->algorithm == NULL || ctx->engine != NULL)
589 * Because we cleared out old ops, we shouldn't need to worry about
590 * checking if exchange is already there. Keymgmt is a different
591 * matter, as it isn't tied to a specific EVP_PKEY op.
593 cipher = EVP_ASYM_CIPHER_fetch(ctx->libctx, ctx->algorithm, ctx->propquery);
594 if (cipher != NULL && ctx->keymgmt == NULL) {
595 int name_id = EVP_ASYM_CIPHER_number(cipher);
598 evp_keymgmt_fetch_by_number(ctx->libctx, name_id, ctx->propquery);
601 if (ctx->keymgmt == NULL
603 || (EVP_KEYMGMT_provider(ctx->keymgmt)
604 != EVP_ASYM_CIPHER_provider(cipher))) {
606 * We don't have the full support we need with provided methods,
607 * let's go see if legacy does. Also, we don't need to free
608 * ctx->keymgmt here, as it's not necessarily tied to this
609 * operation. It will be freed by EVP_PKEY_CTX_free().
611 EVP_ASYM_CIPHER_free(cipher);
615 ctx->op.ciph.cipher = cipher;
617 if (ctx->pkey != NULL) {
618 provkey = evp_keymgmt_export_to_provider(ctx->pkey, ctx->keymgmt, 0);
619 /* If export failed, legacy may be able to pick it up */
623 ctx->op.ciph.ciphprovctx = cipher->newctx(ossl_provider_ctx(cipher->prov));
624 if (ctx->op.ciph.ciphprovctx == NULL) {
625 /* The provider key can stay in the cache */
626 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
631 case EVP_PKEY_OP_ENCRYPT:
632 if (cipher->encrypt_init == NULL) {
633 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
637 ret = cipher->encrypt_init(ctx->op.ciph.ciphprovctx, provkey);
639 case EVP_PKEY_OP_DECRYPT:
640 if (cipher->decrypt_init == NULL) {
641 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
645 ret = cipher->decrypt_init(ctx->op.ciph.ciphprovctx, provkey);
648 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
653 cipher->freectx(ctx->op.ciph.ciphprovctx);
654 ctx->op.ciph.ciphprovctx = NULL;
660 if (ctx->pmeth == NULL || ctx->pmeth->encrypt == NULL) {
661 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
664 switch(ctx->operation) {
665 case EVP_PKEY_OP_ENCRYPT:
666 if (ctx->pmeth->encrypt_init == NULL)
668 ret = ctx->pmeth->encrypt_init(ctx);
670 case EVP_PKEY_OP_DECRYPT:
671 if (ctx->pmeth->decrypt_init == NULL)
673 ret = ctx->pmeth->decrypt_init(ctx);
676 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
682 ctx->operation = EVP_PKEY_OP_UNDEFINED;
686 int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx)
688 return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_ENCRYPT);
691 int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
692 unsigned char *out, size_t *outlen,
693 const unsigned char *in, size_t inlen)
698 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
702 if (ctx->operation != EVP_PKEY_OP_ENCRYPT) {
703 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
707 if (ctx->op.ciph.ciphprovctx == NULL)
710 ret = ctx->op.ciph.cipher->encrypt(ctx->op.ciph.ciphprovctx, out, outlen,
711 (out == NULL ? 0 : *outlen), in, inlen);
715 if (ctx->pmeth == NULL || ctx->pmeth->encrypt == NULL) {
716 EVPerr(EVP_F_EVP_PKEY_ENCRYPT,
717 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
720 M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT)
721 return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);
724 int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx)
726 return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_DECRYPT);
729 int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
730 unsigned char *out, size_t *outlen,
731 const unsigned char *in, size_t inlen)
736 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
740 if (ctx->operation != EVP_PKEY_OP_DECRYPT) {
741 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
745 if (ctx->op.ciph.ciphprovctx == NULL)
748 ret = ctx->op.ciph.cipher->decrypt(ctx->op.ciph.ciphprovctx, out, outlen,
749 (out == NULL ? 0 : *outlen), in, inlen);
753 if (ctx->pmeth == NULL || ctx->pmeth->decrypt == NULL) {
754 EVPerr(EVP_F_EVP_PKEY_DECRYPT,
755 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
758 M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
759 return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
763 static EVP_ASYM_CIPHER *evp_asym_cipher_new(OSSL_PROVIDER *prov)
765 EVP_ASYM_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_ASYM_CIPHER));
767 if (cipher == NULL) {
768 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
772 cipher->lock = CRYPTO_THREAD_lock_new();
773 if (cipher->lock == NULL) {
774 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
775 OPENSSL_free(cipher);
779 ossl_provider_up_ref(prov);
785 static void *evp_asym_cipher_from_dispatch(int name_id,
786 const OSSL_DISPATCH *fns,
789 EVP_ASYM_CIPHER *cipher = NULL;
790 int ctxfncnt = 0, encfncnt = 0, decfncnt = 0;
791 int gparamfncnt = 0, sparamfncnt = 0;
793 if ((cipher = evp_asym_cipher_new(prov)) == NULL) {
794 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
798 cipher->name_id = name_id;
800 for (; fns->function_id != 0; fns++) {
801 switch (fns->function_id) {
802 case OSSL_FUNC_ASYM_CIPHER_NEWCTX:
803 if (cipher->newctx != NULL)
805 cipher->newctx = OSSL_get_OP_asym_cipher_newctx(fns);
808 case OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT:
809 if (cipher->encrypt_init != NULL)
811 cipher->encrypt_init = OSSL_get_OP_asym_cipher_encrypt_init(fns);
814 case OSSL_FUNC_ASYM_CIPHER_ENCRYPT:
815 if (cipher->encrypt != NULL)
817 cipher->encrypt = OSSL_get_OP_asym_cipher_encrypt(fns);
820 case OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT:
821 if (cipher->decrypt_init != NULL)
823 cipher->decrypt_init = OSSL_get_OP_asym_cipher_decrypt_init(fns);
826 case OSSL_FUNC_ASYM_CIPHER_DECRYPT:
827 if (cipher->decrypt != NULL)
829 cipher->decrypt = OSSL_get_OP_asym_cipher_decrypt(fns);
832 case OSSL_FUNC_ASYM_CIPHER_FREECTX:
833 if (cipher->freectx != NULL)
835 cipher->freectx = OSSL_get_OP_asym_cipher_freectx(fns);
838 case OSSL_FUNC_ASYM_CIPHER_DUPCTX:
839 if (cipher->dupctx != NULL)
841 cipher->dupctx = OSSL_get_OP_asym_cipher_dupctx(fns);
843 case OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS:
844 if (cipher->get_ctx_params != NULL)
846 cipher->get_ctx_params
847 = OSSL_get_OP_asym_cipher_get_ctx_params(fns);
850 case OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS:
851 if (cipher->gettable_ctx_params != NULL)
853 cipher->gettable_ctx_params
854 = OSSL_get_OP_asym_cipher_gettable_ctx_params(fns);
857 case OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS:
858 if (cipher->set_ctx_params != NULL)
860 cipher->set_ctx_params
861 = OSSL_get_OP_asym_cipher_set_ctx_params(fns);
864 case OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS:
865 if (cipher->settable_ctx_params != NULL)
867 cipher->settable_ctx_params
868 = OSSL_get_OP_asym_cipher_settable_ctx_params(fns);
874 || (encfncnt != 0 && encfncnt != 2)
875 || (decfncnt != 0 && decfncnt != 2)
876 || (encfncnt != 2 && decfncnt != 2)
877 || (gparamfncnt != 0 && gparamfncnt != 2)
878 || (sparamfncnt != 0 && sparamfncnt != 2)) {
880 * In order to be a consistent set of functions we must have at least
881 * a set of context functions (newctx and freectx) as well as a pair of
882 * "cipher" functions: (encrypt_init, encrypt) or
883 * (decrypt_init decrypt). set_ctx_params and settable_ctx_params are
884 * optional, but if one of them is present then the other one must also
885 * be present. The same applies to get_ctx_params and
886 * gettable_ctx_params. The dupctx function is optional.
888 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
894 EVP_ASYM_CIPHER_free(cipher);
898 void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher)
900 if (cipher != NULL) {
903 CRYPTO_DOWN_REF(&cipher->refcnt, &i, cipher->lock);
906 ossl_provider_free(cipher->prov);
907 CRYPTO_THREAD_lock_free(cipher->lock);
908 OPENSSL_free(cipher);
912 int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher)
916 CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock);
920 OSSL_PROVIDER *EVP_ASYM_CIPHER_provider(const EVP_ASYM_CIPHER *cipher)
925 EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm,
926 const char *properties)
928 return evp_generic_fetch(ctx, OSSL_OP_ASYM_CIPHER, algorithm, properties,
929 evp_asym_cipher_from_dispatch,
930 (int (*)(void *))EVP_ASYM_CIPHER_up_ref,
931 (void (*)(void *))EVP_ASYM_CIPHER_free);
934 int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name)
936 return evp_is_a(cipher->prov, cipher->name_id, name);
939 int EVP_ASYM_CIPHER_number(const EVP_ASYM_CIPHER *cipher)
941 return cipher->name_id;
944 void EVP_ASYM_CIPHER_do_all_provided(OPENSSL_CTX *libctx,
945 void (*fn)(EVP_ASYM_CIPHER *cipher,
949 evp_generic_do_all(libctx, OSSL_OP_ASYM_CIPHER,
950 (void (*)(void *, void *))fn, arg,
951 evp_asym_cipher_from_dispatch,
952 (void (*)(void *))EVP_ASYM_CIPHER_free);
956 void EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher,
957 void (*fn)(const char *name, void *data),
960 if (cipher->prov != NULL)
961 evp_names_do_all(cipher->prov, cipher->name_id, fn, data);