projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
EVP: Check that key methods aren't foreign when exporting
[openssl.git] / crypto / evp / pmeth_fn.c
diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c
index dfdc85f1d59f8b2ab5d9156e21ed019467b54c40..5d0e21ed687709bcaa2f48d3a9931f34f3217ac7 100644 (file)
--- a/crypto/evp/pmeth_fn.c
+++ b/crypto/evp/pmeth_fn.c
@@ -12,305 +12,114 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include "internal/cryptlib.h"
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 #include "internal/provider.h"
-#include "evp_locl.h"
+#include "evp_local.h"
 
-static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov)
+static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation)
 {
-    EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE));
+    int ret = 0;
+    void *provkey = NULL;
+    EVP_ASYM_CIPHER *cipher = NULL;
+    EVP_KEYMGMT *tmp_keymgmt = NULL;
+    const char *supported_ciph = NULL;
 
-    signature->lock = CRYPTO_THREAD_lock_new();
-    if (signature->lock == NULL) {
-        OPENSSL_free(signature);
-        return NULL;
+    if (ctx == NULL) {
+        EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
     }
-    signature->prov = prov;
-    ossl_provider_up_ref(prov);
-    signature->refcnt = 1;
 
-    return signature;
-}
+    evp_pkey_ctx_free_old_ops(ctx);
+    ctx->operation = operation;
 
-static void *evp_signature_from_dispatch(const char *name,
-                                         const OSSL_DISPATCH *fns,
-                                         OSSL_PROVIDER *prov,
-                                         void *vkeymgmt_data)
-{
     /*
-     * Signature functions cannot work without a key, and key management
-     * from the same provider to manage its keys.  We therefore fetch
-     * a key management method using the same algorithm and properties
-     * and pass that down to evp_generic_fetch to be passed on to our
-     * evp_signature_from_dispatch, which will attach the key management
-     * method to the newly created key exchange method as long as the
-     * provider matches.
+     * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark()
+     * calls can be removed.
      */
-    struct keymgmt_data_st *keymgmt_data = vkeymgmt_data;
-    EVP_KEYMGMT *keymgmt = EVP_KEYMGMT_fetch(keymgmt_data->ctx, name,
-                                             keymgmt_data->properties);
-    EVP_SIGNATURE *signature = NULL;
-    int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0;
-    int gparamfncnt = 0, sparamfncnt = 0;
+    ERR_set_mark();
 
-    if (keymgmt == NULL || EVP_KEYMGMT_provider(keymgmt) != prov) {
-        ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEYMGMT_AVAILABLE);
-        goto err;
-    }
-
-    if ((signature = evp_signature_new(prov)) == NULL
-        || (signature->name = OPENSSL_strdup(name)) == NULL) {
-        ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    signature->keymgmt = keymgmt;
-    keymgmt = NULL;              /* avoid double free on failure below */
+    if (ctx->engine != NULL || ctx->keytype == NULL)
+        goto legacy;
 
-    for (; fns->function_id != 0; fns++) {
-        switch (fns->function_id) {
-        case OSSL_FUNC_SIGNATURE_NEWCTX:
-            if (signature->newctx != NULL)
-                break;
-            signature->newctx = OSSL_get_OP_signature_newctx(fns);
-            ctxfncnt++;
-            break;
-        case OSSL_FUNC_SIGNATURE_SIGN_INIT:
-            if (signature->sign_init != NULL)
-                break;
-            signature->sign_init = OSSL_get_OP_signature_sign_init(fns);
-            signfncnt++;
-            break;
-        case OSSL_FUNC_SIGNATURE_SIGN:
-            if (signature->sign != NULL)
-                break;
-            signature->sign = OSSL_get_OP_signature_sign(fns);
-            signfncnt++;
-            break;
-        case OSSL_FUNC_SIGNATURE_VERIFY_INIT:
-            if (signature->verify_init != NULL)
-                break;
-            signature->verify_init = OSSL_get_OP_signature_verify_init(fns);
-            verifyfncnt++;
-            break;
-        case OSSL_FUNC_SIGNATURE_VERIFY:
-            if (signature->verify != NULL)
-                break;
-            signature->verify = OSSL_get_OP_signature_verify(fns);
-            verifyfncnt++;
-            break;
-        case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT:
-            if (signature->verify_recover_init != NULL)
-                break;
-            signature->verify_recover_init
-                = OSSL_get_OP_signature_verify_recover_init(fns);
-            verifyrecfncnt++;
-            break;
-        case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER:
-            if (signature->verify_recover != NULL)
-                break;
-            signature->verify_recover
-                = OSSL_get_OP_signature_verify_recover(fns);
-            verifyrecfncnt++;
-            break;
-        case OSSL_FUNC_SIGNATURE_FREECTX:
-            if (signature->freectx != NULL)
-                break;
-            signature->freectx = OSSL_get_OP_signature_freectx(fns);
-            ctxfncnt++;
-            break;
-        case OSSL_FUNC_SIGNATURE_DUPCTX:
-            if (signature->dupctx != NULL)
-                break;
-            signature->dupctx = OSSL_get_OP_signature_dupctx(fns);
-            break;
-        case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS:
-            if (signature->get_ctx_params != NULL)
-                break;
-            signature->get_ctx_params
-                = OSSL_get_OP_signature_get_ctx_params(fns);
-            gparamfncnt++;
-            break;
-        case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS:
-            if (signature->gettable_ctx_params != NULL)
-                break;
-            signature->gettable_ctx_params
-                = OSSL_get_OP_signature_gettable_ctx_params(fns);
-            gparamfncnt++;
-            break;
-        case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS:
-            if (signature->set_ctx_params != NULL)
-                break;
-            signature->set_ctx_params
-                = OSSL_get_OP_signature_set_ctx_params(fns);
-            sparamfncnt++;
-            break;
-        case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS:
-            if (signature->settable_ctx_params != NULL)
-                break;
-            signature->settable_ctx_params
-                = OSSL_get_OP_signature_settable_ctx_params(fns);
-            sparamfncnt++;
-            break;
-        }
-    }
-    if (ctxfncnt != 2
-        || (signfncnt != 2 && verifyfncnt != 2 && verifyrecfncnt != 2)
-        || (gparamfncnt != 0 && gparamfncnt != 2)
-        || (sparamfncnt != 0 && sparamfncnt != 2)) {
-        /*
-         * In order to be a consistent set of functions we must have at least
-         * a set of context functions (newctx and freectx) as well as a pair of
-         * "signature" functions: (sign_init, sign) or (verify_init verify) or
-         * (verify_recover_init, verify_recover). set_ctx_params and
-         * settable_ctx_params are optional, but if one of them is present then
-         * the other one must also be present. The same applies to
-         * get_ctx_params and gettable_ctx_params. The dupctx function is
-         * optional.
-         */
-        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
+    /*
+     * Ensure that the key is provided, either natively, or as a cached export.
+     *  If not, go legacy
+     */
+    tmp_keymgmt = ctx->keymgmt;
+    provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
+                                          &tmp_keymgmt, ctx->propquery);
+    if (provkey == NULL)
+        goto legacy;
+    if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) {
+        ERR_clear_last_mark();
+        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
         goto err;
     }
+    EVP_KEYMGMT_free(ctx->keymgmt);
+    ctx->keymgmt = tmp_keymgmt;
 
-    return signature;
- err:
-    EVP_SIGNATURE_free(signature);
-    EVP_KEYMGMT_free(keymgmt);
-    return NULL;
-}
-
-void EVP_SIGNATURE_free(EVP_SIGNATURE *signature)
-{
-    if (signature != NULL) {
-        int i;
-
-        CRYPTO_DOWN_REF(&signature->refcnt, &i, signature->lock);
-        if (i > 0)
-            return;
-        EVP_KEYMGMT_free(signature->keymgmt);
-        ossl_provider_free(signature->prov);
-        OPENSSL_free(signature->name);
-        CRYPTO_THREAD_lock_free(signature->lock);
-        OPENSSL_free(signature);
-    }
-}
-
-int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature)
-{
-    int ref = 0;
-
-    CRYPTO_UP_REF(&signature->refcnt, &ref, signature->lock);
-    return 1;
-}
-
-OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature)
-{
-    return signature->prov;
-}
-
-EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm,
-                                   const char *properties)
-{
-    struct keymgmt_data_st keymgmt_data;
+    if (ctx->keymgmt->query_operation_name != NULL)
+        supported_ciph =
+            ctx->keymgmt->query_operation_name(OSSL_OP_ASYM_CIPHER);
 
     /*
-     * A signature operation cannot work without a key, so we need key
-     * management from the same provider to manage its keys.
+     * If we didn't get a supported ciph, assume there is one with the
+     * same name as the key type.
      */
-    keymgmt_data.ctx = ctx;
-    keymgmt_data.properties = properties;
-    return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties,
-                             evp_signature_from_dispatch, &keymgmt_data,
-                             (int (*)(void *))EVP_SIGNATURE_up_ref,
-                             (void (*)(void *))EVP_SIGNATURE_free);
-}
+    if (supported_ciph == NULL)
+        supported_ciph = ctx->keytype;
 
-static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature,
-                                   int operation)
-{
-    int ret = 0;
-    void *provkey = NULL;
-
-    if (ctx == NULL) {
-        EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-        return -2;
-    }
-
-    ctx->operation = operation;
-
-    if (ctx->engine != NULL)
-        goto legacy;
-
-    if (signature != NULL) {
-        if (!EVP_SIGNATURE_up_ref(signature))
-            goto err;
-    } else {
-        int nid = ctx->pkey != NULL ? ctx->pkey->type : ctx->pmeth->pkey_id;
+    /*
+     * Because we cleared out old ops, we shouldn't need to worry about
+     * checking if cipher is already there.
+     */
+    cipher =
+        EVP_ASYM_CIPHER_fetch(ctx->libctx, supported_ciph, ctx->propquery);
 
+    if (cipher == NULL
+        || (EVP_KEYMGMT_provider(ctx->keymgmt)
+            != EVP_ASYM_CIPHER_provider(cipher))) {
         /*
-         * TODO(3.0): Check for legacy handling. Remove this once all all
-         * algorithms are moved to providers.
+         * We don't need to free ctx->keymgmt here, as it's not necessarily
+         * tied to this operation.  It will be freed by EVP_PKEY_CTX_free().
          */
-        if (ctx->pkey != NULL) {
-            switch (ctx->pkey->type) {
-            case NID_dsa:
-                break;
-            default:
-                goto legacy;
-            }
-            signature = EVP_SIGNATURE_fetch(NULL, OBJ_nid2sn(nid), NULL);
-        } else {
-            goto legacy;
-        }
-
-        if (signature == NULL) {
-            EVPerr(0, EVP_R_INITIALIZATION_ERROR);
-            goto err;
-        }
+        EVP_ASYM_CIPHER_free(cipher);
+        goto legacy;
     }
 
-    if (ctx->sigprovctx != NULL && ctx->signature != NULL)
-        ctx->signature->freectx(ctx->sigprovctx);
-    EVP_SIGNATURE_free(ctx->signature);
-    ctx->signature = signature;
-    if (ctx->pkey != NULL) {
-        provkey = evp_keymgmt_export_to_provider(ctx->pkey, signature->keymgmt);
-        if (provkey == NULL) {
-            EVPerr(0, EVP_R_INITIALIZATION_ERROR);
-            goto err;
-        }
-    }
-    ctx->sigprovctx = signature->newctx(ossl_provider_ctx(signature->prov));
-    if (ctx->sigprovctx == NULL) {
+    /*
+     * TODO remove this when legacy is gone
+     * If we don't have the full support we need with provided methods,
+     * let's go see if legacy does.
+     */
+    ERR_pop_to_mark();
+
+    /* No more legacy from here down to legacy: */
+
+    ctx->op.ciph.cipher = cipher;
+    ctx->op.ciph.ciphprovctx = cipher->newctx(ossl_provider_ctx(cipher->prov));
+    if (ctx->op.ciph.ciphprovctx == NULL) {
         /* The provider key can stay in the cache */
         EVPerr(0, EVP_R_INITIALIZATION_ERROR);
         goto err;
     }
 
     switch (operation) {
-    case EVP_PKEY_OP_SIGN:
-        if (signature->sign_init == NULL) {
+    case EVP_PKEY_OP_ENCRYPT:
+        if (cipher->encrypt_init == NULL) {
             EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
             ret = -2;
             goto err;
         }
-        ret = signature->sign_init(ctx->sigprovctx, provkey);
+        ret = cipher->encrypt_init(ctx->op.ciph.ciphprovctx, provkey);
         break;
-    case EVP_PKEY_OP_VERIFY:
-        if (signature->verify_init == NULL) {
+    case EVP_PKEY_OP_DECRYPT:
+        if (cipher->decrypt_init == NULL) {
             EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
             ret = -2;
             goto err;
         }
-        ret = signature->verify_init(ctx->sigprovctx, provkey);
-        break;
-    case EVP_PKEY_OP_VERIFYRECOVER:
-        if (signature->verify_recover_init == NULL) {
-            EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-            ret = -2;
-            goto err;
-        }
-        ret = signature->verify_recover_init(ctx->sigprovctx, provkey);
+        ret = cipher->decrypt_init(ctx->op.ciph.ciphprovctx, provkey);
         break;
     default:
         EVPerr(0, EVP_R_INITIALIZATION_ERROR);
@@ -318,64 +127,54 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature,
     }
 
     if (ret <= 0) {
-        signature->freectx(ctx->sigprovctx);
-        ctx->sigprovctx = NULL;
+        cipher->freectx(ctx->op.ciph.ciphprovctx);
+        ctx->op.ciph.ciphprovctx = NULL;
         goto err;
     }
     return 1;
 
  legacy:
-    if (ctx->pmeth == NULL
-            || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL)
-            || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL)
-            || (operation == EVP_PKEY_OP_VERIFYRECOVER
-                && ctx->pmeth->verify_recover == NULL)) {
+    /*
+     * TODO remove this when legacy is gone
+     * If we don't have the full support we need with provided methods,
+     * let's go see if legacy does.
+     */
+    ERR_pop_to_mark();
+
+    if (ctx->pmeth == NULL || ctx->pmeth->encrypt == NULL) {
         EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
         return -2;
     }
-
-    switch (operation) {
-    case EVP_PKEY_OP_SIGN:
-        if (ctx->pmeth->sign_init == NULL)
-            return 1;
-        ret = ctx->pmeth->sign_init(ctx);
-        break;
-    case EVP_PKEY_OP_VERIFY:
-        if (ctx->pmeth->verify_init == NULL)
+    switch(ctx->operation) {
+    case EVP_PKEY_OP_ENCRYPT:
+        if (ctx->pmeth->encrypt_init == NULL)
             return 1;
-        ret = ctx->pmeth->verify_init(ctx);
+        ret = ctx->pmeth->encrypt_init(ctx);
         break;
-    case EVP_PKEY_OP_VERIFYRECOVER:
-        if (ctx->pmeth->verify_recover_init == NULL)
+    case EVP_PKEY_OP_DECRYPT:
+        if (ctx->pmeth->decrypt_init == NULL)
             return 1;
-        ret = ctx->pmeth->verify_recover_init(ctx);
+        ret = ctx->pmeth->decrypt_init(ctx);
         break;
     default:
         EVPerr(0, EVP_R_INITIALIZATION_ERROR);
-        goto err;
+        ret = -1;
     }
-    if (ret <= 0)
-        goto err;
-    return ret;
 
  err:
-    ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
     return ret;
 }
 
-int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature)
-{
-    return evp_pkey_signature_init(ctx, signature, EVP_PKEY_OP_SIGN);
-}
-
-int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
+int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx)
 {
-    return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_SIGN);
+    return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_ENCRYPT);
 }
 
-int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
-                  unsigned char *sig, size_t *siglen,
-                  const unsigned char *tbs, size_t tbslen)
+int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+                     unsigned char *out, size_t *outlen,
+                     const unsigned char *in, size_t inlen)
 {
     int ret;
 
@@ -384,42 +183,36 @@ int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
         return -2;
     }
 
-    if (ctx->operation != EVP_PKEY_OP_SIGN) {
+    if (ctx->operation != EVP_PKEY_OP_ENCRYPT) {
         EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
         return -1;
     }
 
-    if (ctx->sigprovctx == NULL)
+    if (ctx->op.ciph.ciphprovctx == NULL)
         goto legacy;
 
-    ret = ctx->signature->sign(ctx->sigprovctx, sig, siglen, SIZE_MAX,
-                               tbs, tbslen);
-
+    ret = ctx->op.ciph.cipher->encrypt(ctx->op.ciph.ciphprovctx, out, outlen,
+                                       (out == NULL ? 0 : *outlen), in, inlen);
     return ret;
+
  legacy:
-    if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) {
-        EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+    if (ctx->pmeth == NULL || ctx->pmeth->encrypt == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_ENCRYPT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
         return -2;
     }
-
-    M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
-        return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
-}
-
-int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature)
-{
-    return evp_pkey_signature_init(ctx, signature, EVP_PKEY_OP_VERIFY);
+    M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT)
+        return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);
 }
 
-int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
+int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx)
 {
-    return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFY);
+    return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_DECRYPT);
 }
 
-int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
-                    const unsigned char *sig, size_t siglen,
-                    const unsigned char *tbs, size_t tbslen)
+int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+                     unsigned char *out, size_t *outlen,
+                     const unsigned char *in, size_t inlen)
 {
     int ret;
 
@@ -428,132 +221,227 @@ int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
         return -2;
     }
 
-    if (ctx->operation != EVP_PKEY_OP_VERIFY) {
+    if (ctx->operation != EVP_PKEY_OP_DECRYPT) {
         EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
         return -1;
     }
 
-    if (ctx->sigprovctx == NULL)
+    if (ctx->op.ciph.ciphprovctx == NULL)
         goto legacy;
 
-    ret = ctx->signature->verify(ctx->sigprovctx, sig, siglen, tbs, tbslen);
-
+    ret = ctx->op.ciph.cipher->decrypt(ctx->op.ciph.ciphprovctx, out, outlen,
+                                       (out == NULL ? 0 : *outlen), in, inlen);
     return ret;
+
  legacy:
-    if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) {
-        EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+    if (ctx->pmeth == NULL || ctx->pmeth->decrypt == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_DECRYPT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
         return -2;
     }
-
-    return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
+    M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
+        return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
 }
 
-int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature)
-{
-    return evp_pkey_signature_init(ctx, signature, EVP_PKEY_OP_VERIFYRECOVER);
-}
 
-int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
+static EVP_ASYM_CIPHER *evp_asym_cipher_new(OSSL_PROVIDER *prov)
 {
-    return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFYRECOVER);
+    EVP_ASYM_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_ASYM_CIPHER));
+
+    if (cipher == NULL) {
+        ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    cipher->lock = CRYPTO_THREAD_lock_new();
+    if (cipher->lock == NULL) {
+        ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(cipher);
+        return NULL;
+    }
+    cipher->prov = prov;
+    ossl_provider_up_ref(prov);
+    cipher->refcnt = 1;
+
+    return cipher;
 }
 
-int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
-                            unsigned char *rout, size_t *routlen,
-                            const unsigned char *sig, size_t siglen)
+static void *evp_asym_cipher_from_dispatch(int name_id,
+                                           const OSSL_DISPATCH *fns,
+                                           OSSL_PROVIDER *prov)
 {
-    int ret;
+    EVP_ASYM_CIPHER *cipher = NULL;
+    int ctxfncnt = 0, encfncnt = 0, decfncnt = 0;
+    int gparamfncnt = 0, sparamfncnt = 0;
 
-    if (ctx == NULL) {
-        EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-        return -2;
+    if ((cipher = evp_asym_cipher_new(prov)) == NULL) {
+        ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
+        goto err;
     }
 
-    if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
-        EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
-        return -1;
+    cipher->name_id = name_id;
+
+    for (; fns->function_id != 0; fns++) {
+        switch (fns->function_id) {
+        case OSSL_FUNC_ASYM_CIPHER_NEWCTX:
+            if (cipher->newctx != NULL)
+                break;
+            cipher->newctx = OSSL_get_OP_asym_cipher_newctx(fns);
+            ctxfncnt++;
+            break;
+        case OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT:
+            if (cipher->encrypt_init != NULL)
+                break;
+            cipher->encrypt_init = OSSL_get_OP_asym_cipher_encrypt_init(fns);
+            encfncnt++;
+            break;
+        case OSSL_FUNC_ASYM_CIPHER_ENCRYPT:
+            if (cipher->encrypt != NULL)
+                break;
+            cipher->encrypt = OSSL_get_OP_asym_cipher_encrypt(fns);
+            encfncnt++;
+            break;
+        case OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT:
+            if (cipher->decrypt_init != NULL)
+                break;
+            cipher->decrypt_init = OSSL_get_OP_asym_cipher_decrypt_init(fns);
+            decfncnt++;
+            break;
+        case OSSL_FUNC_ASYM_CIPHER_DECRYPT:
+            if (cipher->decrypt != NULL)
+                break;
+            cipher->decrypt = OSSL_get_OP_asym_cipher_decrypt(fns);
+            decfncnt++;
+            break;
+        case OSSL_FUNC_ASYM_CIPHER_FREECTX:
+            if (cipher->freectx != NULL)
+                break;
+            cipher->freectx = OSSL_get_OP_asym_cipher_freectx(fns);
+            ctxfncnt++;
+            break;
+        case OSSL_FUNC_ASYM_CIPHER_DUPCTX:
+            if (cipher->dupctx != NULL)
+                break;
+            cipher->dupctx = OSSL_get_OP_asym_cipher_dupctx(fns);
+            break;
+        case OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS:
+            if (cipher->get_ctx_params != NULL)
+                break;
+            cipher->get_ctx_params
+                = OSSL_get_OP_asym_cipher_get_ctx_params(fns);
+            gparamfncnt++;
+            break;
+        case OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS:
+            if (cipher->gettable_ctx_params != NULL)
+                break;
+            cipher->gettable_ctx_params
+                = OSSL_get_OP_asym_cipher_gettable_ctx_params(fns);
+            gparamfncnt++;
+            break;
+        case OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS:
+            if (cipher->set_ctx_params != NULL)
+                break;
+            cipher->set_ctx_params
+                = OSSL_get_OP_asym_cipher_set_ctx_params(fns);
+            sparamfncnt++;
+            break;
+        case OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS:
+            if (cipher->settable_ctx_params != NULL)
+                break;
+            cipher->settable_ctx_params
+                = OSSL_get_OP_asym_cipher_settable_ctx_params(fns);
+            sparamfncnt++;
+            break;
+        }
+    }
+    if (ctxfncnt != 2
+        || (encfncnt != 0 && encfncnt != 2)
+        || (decfncnt != 0 && decfncnt != 2)
+        || (encfncnt != 2 && decfncnt != 2)
+        || (gparamfncnt != 0 && gparamfncnt != 2)
+        || (sparamfncnt != 0 && sparamfncnt != 2)) {
+        /*
+         * In order to be a consistent set of functions we must have at least
+         * a set of context functions (newctx and freectx) as well as a pair of
+         * "cipher" functions: (encrypt_init, encrypt) or
+         * (decrypt_init decrypt). set_ctx_params and settable_ctx_params are
+         * optional, but if one of them is present then the other one must also
+         * be present. The same applies to get_ctx_params and
+         * gettable_ctx_params. The dupctx function is optional.
+         */
+        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
+        goto err;
     }
 
-    if (ctx->sigprovctx == NULL)
-        goto legacy;
+    return cipher;
+ err:
+    EVP_ASYM_CIPHER_free(cipher);
+    return NULL;
+}
 
-    ret = ctx->signature->verify_recover(ctx->sigprovctx, rout, routlen,
-                                         (rout == NULL ? 0 : *routlen),
-                                         sig, siglen);
-    return ret;
- legacy:
-    if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) {
-        EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-        return -2;
+void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher)
+{
+    if (cipher != NULL) {
+        int i;
+
+        CRYPTO_DOWN_REF(&cipher->refcnt, &i, cipher->lock);
+        if (i > 0)
+            return;
+        ossl_provider_free(cipher->prov);
+        CRYPTO_THREAD_lock_free(cipher->lock);
+        OPENSSL_free(cipher);
     }
-    M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
-        return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
 }
 
-int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx)
+int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher)
 {
-    int ret;
-    if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {
-        EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT,
-               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-        return -2;
-    }
-    ctx->operation = EVP_PKEY_OP_ENCRYPT;
-    if (!ctx->pmeth->encrypt_init)
-        return 1;
-    ret = ctx->pmeth->encrypt_init(ctx);
-    if (ret <= 0)
-        ctx->operation = EVP_PKEY_OP_UNDEFINED;
-    return ret;
+    int ref = 0;
+
+    CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock);
+    return 1;
 }
 
-int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
-                     unsigned char *out, size_t *outlen,
-                     const unsigned char *in, size_t inlen)
+OSSL_PROVIDER *EVP_ASYM_CIPHER_provider(const EVP_ASYM_CIPHER *cipher)
 {
-    if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {
-        EVPerr(EVP_F_EVP_PKEY_ENCRYPT,
-               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-        return -2;
-    }
-    if (ctx->operation != EVP_PKEY_OP_ENCRYPT) {
-        EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
-        return -1;
-    }
-    M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT)
-        return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);
+    return cipher->prov;
 }
 
-int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx)
+EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm,
+                                       const char *properties)
 {
-    int ret;
-    if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {
-        EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT,
-               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-        return -2;
-    }
-    ctx->operation = EVP_PKEY_OP_DECRYPT;
-    if (!ctx->pmeth->decrypt_init)
-        return 1;
-    ret = ctx->pmeth->decrypt_init(ctx);
-    if (ret <= 0)
-        ctx->operation = EVP_PKEY_OP_UNDEFINED;
-    return ret;
+    return evp_generic_fetch(ctx, OSSL_OP_ASYM_CIPHER, algorithm, properties,
+                             evp_asym_cipher_from_dispatch,
+                             (int (*)(void *))EVP_ASYM_CIPHER_up_ref,
+                             (void (*)(void *))EVP_ASYM_CIPHER_free);
 }
 
-int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
-                     unsigned char *out, size_t *outlen,
-                     const unsigned char *in, size_t inlen)
+int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name)
 {
-    if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {
-        EVPerr(EVP_F_EVP_PKEY_DECRYPT,
-               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-        return -2;
-    }
-    if (ctx->operation != EVP_PKEY_OP_DECRYPT) {
-        EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
-        return -1;
-    }
-    M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
-        return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
+    return evp_is_a(cipher->prov, cipher->name_id, NULL, name);
+}
+
+int EVP_ASYM_CIPHER_number(const EVP_ASYM_CIPHER *cipher)
+{
+    return cipher->name_id;
 }
+
+void EVP_ASYM_CIPHER_do_all_provided(OPENSSL_CTX *libctx,
+                                     void (*fn)(EVP_ASYM_CIPHER *cipher,
+                                                void *arg),
+                                     void *arg)
+{
+    evp_generic_do_all(libctx, OSSL_OP_ASYM_CIPHER,
+                       (void (*)(void *, void *))fn, arg,
+                       evp_asym_cipher_from_dispatch,
+                       (void (*)(void *))EVP_ASYM_CIPHER_free);
+}
+
+
+void EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher,
+                                  void (*fn)(const char *name, void *data),
+                                  void *data)
+{
+    if (cipher->prov != NULL)
+        evp_names_do_all(cipher->prov, cipher->name_id, fn, data);
+}
+
Unnamed repository; edit this file 'description' to name the repository.