2 * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/objects.h>
13 #include <openssl/evp.h>
14 #include "internal/cryptlib.h"
15 #include "crypto/evp.h"
16 #include "internal/provider.h"
17 #include "evp_local.h"
19 static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov)
21 EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE));
23 if (signature == NULL) {
24 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
28 signature->lock = CRYPTO_THREAD_lock_new();
29 if (signature->lock == NULL) {
30 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
31 OPENSSL_free(signature);
34 signature->prov = prov;
35 ossl_provider_up_ref(prov);
36 signature->refcnt = 1;
41 static void *evp_signature_from_dispatch(int name_id,
42 const OSSL_DISPATCH *fns,
45 EVP_SIGNATURE *signature = NULL;
46 int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0;
47 int digsignfncnt = 0, digverifyfncnt = 0;
48 int gparamfncnt = 0, sparamfncnt = 0, gmdparamfncnt = 0, smdparamfncnt = 0;
50 if ((signature = evp_signature_new(prov)) == NULL) {
51 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
55 signature->name_id = name_id;
57 for (; fns->function_id != 0; fns++) {
58 switch (fns->function_id) {
59 case OSSL_FUNC_SIGNATURE_NEWCTX:
60 if (signature->newctx != NULL)
62 signature->newctx = OSSL_get_OP_signature_newctx(fns);
65 case OSSL_FUNC_SIGNATURE_SIGN_INIT:
66 if (signature->sign_init != NULL)
68 signature->sign_init = OSSL_get_OP_signature_sign_init(fns);
71 case OSSL_FUNC_SIGNATURE_SIGN:
72 if (signature->sign != NULL)
74 signature->sign = OSSL_get_OP_signature_sign(fns);
77 case OSSL_FUNC_SIGNATURE_VERIFY_INIT:
78 if (signature->verify_init != NULL)
80 signature->verify_init = OSSL_get_OP_signature_verify_init(fns);
83 case OSSL_FUNC_SIGNATURE_VERIFY:
84 if (signature->verify != NULL)
86 signature->verify = OSSL_get_OP_signature_verify(fns);
89 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT:
90 if (signature->verify_recover_init != NULL)
92 signature->verify_recover_init
93 = OSSL_get_OP_signature_verify_recover_init(fns);
96 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER:
97 if (signature->verify_recover != NULL)
99 signature->verify_recover
100 = OSSL_get_OP_signature_verify_recover(fns);
103 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT:
104 if (signature->digest_sign_init != NULL)
106 signature->digest_sign_init
107 = OSSL_get_OP_signature_digest_sign_init(fns);
110 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE:
111 if (signature->digest_sign_update != NULL)
113 signature->digest_sign_update
114 = OSSL_get_OP_signature_digest_sign_update(fns);
117 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL:
118 if (signature->digest_sign_final != NULL)
120 signature->digest_sign_final
121 = OSSL_get_OP_signature_digest_sign_final(fns);
124 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT:
125 if (signature->digest_verify_init != NULL)
127 signature->digest_verify_init
128 = OSSL_get_OP_signature_digest_verify_init(fns);
131 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE:
132 if (signature->digest_verify_update != NULL)
134 signature->digest_verify_update
135 = OSSL_get_OP_signature_digest_verify_update(fns);
138 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL:
139 if (signature->digest_verify_final != NULL)
141 signature->digest_verify_final
142 = OSSL_get_OP_signature_digest_verify_final(fns);
145 case OSSL_FUNC_SIGNATURE_FREECTX:
146 if (signature->freectx != NULL)
148 signature->freectx = OSSL_get_OP_signature_freectx(fns);
151 case OSSL_FUNC_SIGNATURE_DUPCTX:
152 if (signature->dupctx != NULL)
154 signature->dupctx = OSSL_get_OP_signature_dupctx(fns);
156 case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS:
157 if (signature->get_ctx_params != NULL)
159 signature->get_ctx_params
160 = OSSL_get_OP_signature_get_ctx_params(fns);
163 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS:
164 if (signature->gettable_ctx_params != NULL)
166 signature->gettable_ctx_params
167 = OSSL_get_OP_signature_gettable_ctx_params(fns);
170 case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS:
171 if (signature->set_ctx_params != NULL)
173 signature->set_ctx_params
174 = OSSL_get_OP_signature_set_ctx_params(fns);
177 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS:
178 if (signature->settable_ctx_params != NULL)
180 signature->settable_ctx_params
181 = OSSL_get_OP_signature_settable_ctx_params(fns);
184 case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS:
185 if (signature->get_ctx_md_params != NULL)
187 signature->get_ctx_md_params
188 = OSSL_get_OP_signature_get_ctx_md_params(fns);
191 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS:
192 if (signature->gettable_ctx_md_params != NULL)
194 signature->gettable_ctx_md_params
195 = OSSL_get_OP_signature_gettable_ctx_md_params(fns);
198 case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS:
199 if (signature->set_ctx_md_params != NULL)
201 signature->set_ctx_md_params
202 = OSSL_get_OP_signature_set_ctx_md_params(fns);
205 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS:
206 if (signature->settable_ctx_md_params != NULL)
208 signature->settable_ctx_md_params
209 = OSSL_get_OP_signature_settable_ctx_md_params(fns);
217 && verifyrecfncnt == 0
219 && digverifyfncnt == 0)
220 || (signfncnt != 0 && signfncnt != 2)
221 || (verifyfncnt != 0 && verifyfncnt != 2)
222 || (verifyrecfncnt != 0 && verifyrecfncnt != 2)
223 || (digsignfncnt != 0 && digsignfncnt != 3)
224 || (digverifyfncnt != 0 && digverifyfncnt != 3)
225 || (gparamfncnt != 0 && gparamfncnt != 2)
226 || (sparamfncnt != 0 && sparamfncnt != 2)
227 || (gmdparamfncnt != 0 && gmdparamfncnt != 2)
228 || (smdparamfncnt != 0 && smdparamfncnt != 2)) {
230 * In order to be a consistent set of functions we must have at least
231 * a set of context functions (newctx and freectx) as well as a set of
232 * "signature" functions:
233 * (sign_init, sign) or
234 * (verify_init verify) or
235 * (verify_recover_init, verify_recover) or
236 * (digest_sign_init, digest_sign_update, digest_sign_final) or
237 * (digest_verify_init, digest_verify_update, digest_verify_final).
239 * set_ctx_params and settable_ctx_params are optional, but if one of
240 * them is present then the other one must also be present. The same
241 * applies to get_ctx_params and gettable_ctx_params. The same rules
242 * apply to the "md_params" functions. The dupctx function is optional.
244 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
250 EVP_SIGNATURE_free(signature);
254 void EVP_SIGNATURE_free(EVP_SIGNATURE *signature)
256 if (signature != NULL) {
259 CRYPTO_DOWN_REF(&signature->refcnt, &i, signature->lock);
262 ossl_provider_free(signature->prov);
263 CRYPTO_THREAD_lock_free(signature->lock);
264 OPENSSL_free(signature);
268 int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature)
272 CRYPTO_UP_REF(&signature->refcnt, &ref, signature->lock);
276 OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature)
278 return signature->prov;
281 EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm,
282 const char *properties)
284 return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties,
285 evp_signature_from_dispatch,
286 (int (*)(void *))EVP_SIGNATURE_up_ref,
287 (void (*)(void *))EVP_SIGNATURE_free);
290 int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name)
292 return evp_is_a(signature->prov, signature->name_id, name);
295 int EVP_SIGNATURE_number(const EVP_SIGNATURE *signature)
297 return signature->name_id;
300 void EVP_SIGNATURE_do_all_provided(OPENSSL_CTX *libctx,
301 void (*fn)(EVP_SIGNATURE *signature,
305 evp_generic_do_all(libctx, OSSL_OP_SIGNATURE,
306 (void (*)(void *, void *))fn, arg,
307 evp_signature_from_dispatch,
308 (void (*)(void *))EVP_SIGNATURE_free);
312 void EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature,
313 void (*fn)(const char *name, void *data),
316 if (signature->prov != NULL)
317 evp_names_do_all(signature->prov, signature->name_id, fn, data);
320 static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation)
323 void *provkey = NULL;
324 EVP_SIGNATURE *signature = NULL;
327 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
331 evp_pkey_ctx_free_old_ops(ctx);
332 ctx->operation = operation;
334 if (ctx->algorithm == NULL)
338 * Because we cleared out old ops, we shouldn't need to worry about
339 * checking if signature is already there. Keymgmt is a different
340 * matter, as it isn't tied to a specific EVP_PKEY op.
342 signature = EVP_SIGNATURE_fetch(ctx->libctx, ctx->algorithm,
344 if (signature != NULL && ctx->keymgmt == NULL) {
345 int name_id = EVP_SIGNATURE_number(signature);
347 ctx->keymgmt = evp_keymgmt_fetch_by_number(ctx->libctx, name_id,
351 if (ctx->keymgmt == NULL
353 || (EVP_KEYMGMT_provider(ctx->keymgmt)
354 != EVP_SIGNATURE_provider(signature))) {
356 * We don't have the full support we need with provided methods,
357 * let's go see if legacy does. Also, we don't need to free
358 * ctx->keymgmt here, as it's not necessarily tied to this
359 * operation. It will be freed by EVP_PKEY_CTX_free().
361 EVP_SIGNATURE_free(signature);
365 ctx->op.sig.signature = signature;
367 if (ctx->pkey != NULL) {
369 evp_keymgmt_export_to_provider(ctx->pkey, ctx->keymgmt, 0);
370 if (provkey == NULL) {
371 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
375 ctx->op.sig.sigprovctx = signature->newctx(ossl_provider_ctx(signature->prov));
376 if (ctx->op.sig.sigprovctx == NULL) {
377 /* The provider key can stay in the cache */
378 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
383 case EVP_PKEY_OP_SIGN:
384 if (signature->sign_init == NULL) {
385 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
389 ret = signature->sign_init(ctx->op.sig.sigprovctx, provkey);
391 case EVP_PKEY_OP_VERIFY:
392 if (signature->verify_init == NULL) {
393 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
397 ret = signature->verify_init(ctx->op.sig.sigprovctx, provkey);
399 case EVP_PKEY_OP_VERIFYRECOVER:
400 if (signature->verify_recover_init == NULL) {
401 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
405 ret = signature->verify_recover_init(ctx->op.sig.sigprovctx, provkey);
408 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
413 signature->freectx(ctx->op.sig.sigprovctx);
414 ctx->op.sig.sigprovctx = NULL;
420 if (ctx->pmeth == NULL
421 || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL)
422 || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL)
423 || (operation == EVP_PKEY_OP_VERIFYRECOVER
424 && ctx->pmeth->verify_recover == NULL)) {
425 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
430 case EVP_PKEY_OP_SIGN:
431 if (ctx->pmeth->sign_init == NULL)
433 ret = ctx->pmeth->sign_init(ctx);
435 case EVP_PKEY_OP_VERIFY:
436 if (ctx->pmeth->verify_init == NULL)
438 ret = ctx->pmeth->verify_init(ctx);
440 case EVP_PKEY_OP_VERIFYRECOVER:
441 if (ctx->pmeth->verify_recover_init == NULL)
443 ret = ctx->pmeth->verify_recover_init(ctx);
446 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
454 ctx->operation = EVP_PKEY_OP_UNDEFINED;
458 int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
460 return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN);
463 int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
464 unsigned char *sig, size_t *siglen,
465 const unsigned char *tbs, size_t tbslen)
470 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
474 if (ctx->operation != EVP_PKEY_OP_SIGN) {
475 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
479 if (ctx->op.sig.sigprovctx == NULL)
482 ret = ctx->op.sig.signature->sign(ctx->op.sig.sigprovctx, sig, siglen,
483 SIZE_MAX, tbs, tbslen);
488 if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) {
489 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
493 M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
494 return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
497 int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
499 return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY);
502 int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
503 const unsigned char *sig, size_t siglen,
504 const unsigned char *tbs, size_t tbslen)
509 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
513 if (ctx->operation != EVP_PKEY_OP_VERIFY) {
514 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
518 if (ctx->op.sig.sigprovctx == NULL)
521 ret = ctx->op.sig.signature->verify(ctx->op.sig.sigprovctx, sig, siglen,
526 if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) {
527 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
531 return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
534 int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
536 return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER);
539 int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
540 unsigned char *rout, size_t *routlen,
541 const unsigned char *sig, size_t siglen)
546 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
550 if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
551 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
555 if (ctx->op.sig.sigprovctx == NULL)
558 ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.sigprovctx, rout,
560 (rout == NULL ? 0 : *routlen),
564 if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) {
565 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
568 M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
569 return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
572 static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation)
575 void *provkey = NULL;
576 EVP_ASYM_CIPHER *cipher = NULL;
579 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
583 evp_pkey_ctx_free_old_ops(ctx);
584 ctx->operation = operation;
586 if (ctx->algorithm == NULL || ctx->engine != NULL)
590 * Because we cleared out old ops, we shouldn't need to worry about
591 * checking if exchange is already there. Keymgmt is a different
592 * matter, as it isn't tied to a specific EVP_PKEY op.
594 cipher = EVP_ASYM_CIPHER_fetch(ctx->libctx, ctx->algorithm, ctx->propquery);
595 if (cipher != NULL && ctx->keymgmt == NULL) {
596 int name_id = EVP_ASYM_CIPHER_number(cipher);
599 evp_keymgmt_fetch_by_number(ctx->libctx, name_id, ctx->propquery);
602 if (ctx->keymgmt == NULL
604 || (EVP_KEYMGMT_provider(ctx->keymgmt)
605 != EVP_ASYM_CIPHER_provider(cipher))) {
607 * We don't have the full support we need with provided methods,
608 * let's go see if legacy does. Also, we don't need to free
609 * ctx->keymgmt here, as it's not necessarily tied to this
610 * operation. It will be freed by EVP_PKEY_CTX_free().
612 EVP_ASYM_CIPHER_free(cipher);
616 ctx->op.ciph.cipher = cipher;
618 if (ctx->pkey != NULL) {
619 provkey = evp_keymgmt_export_to_provider(ctx->pkey, ctx->keymgmt, 0);
620 if (provkey == NULL) {
621 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
625 ctx->op.ciph.ciphprovctx = cipher->newctx(ossl_provider_ctx(cipher->prov));
626 if (ctx->op.ciph.ciphprovctx == NULL) {
627 /* The provider key can stay in the cache */
628 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
633 case EVP_PKEY_OP_ENCRYPT:
634 if (cipher->encrypt_init == NULL) {
635 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
639 ret = cipher->encrypt_init(ctx->op.ciph.ciphprovctx, provkey);
641 case EVP_PKEY_OP_DECRYPT:
642 if (cipher->decrypt_init == NULL) {
643 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
647 ret = cipher->decrypt_init(ctx->op.ciph.ciphprovctx, provkey);
650 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
655 cipher->freectx(ctx->op.ciph.ciphprovctx);
656 ctx->op.ciph.ciphprovctx = NULL;
662 if (ctx->pmeth == NULL || ctx->pmeth->encrypt == NULL) {
663 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
666 switch(ctx->operation) {
667 case EVP_PKEY_OP_ENCRYPT:
668 if (ctx->pmeth->encrypt_init == NULL)
670 ret = ctx->pmeth->encrypt_init(ctx);
672 case EVP_PKEY_OP_DECRYPT:
673 if (ctx->pmeth->decrypt_init == NULL)
675 ret = ctx->pmeth->decrypt_init(ctx);
678 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
684 ctx->operation = EVP_PKEY_OP_UNDEFINED;
688 int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx)
690 return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_ENCRYPT);
693 int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
694 unsigned char *out, size_t *outlen,
695 const unsigned char *in, size_t inlen)
700 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
704 if (ctx->operation != EVP_PKEY_OP_ENCRYPT) {
705 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
709 if (ctx->op.ciph.ciphprovctx == NULL)
712 ret = ctx->op.ciph.cipher->encrypt(ctx->op.ciph.ciphprovctx, out, outlen,
713 (out == NULL ? 0 : *outlen), in, inlen);
717 if (ctx->pmeth == NULL || ctx->pmeth->encrypt == NULL) {
718 EVPerr(EVP_F_EVP_PKEY_ENCRYPT,
719 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
722 M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT)
723 return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);
726 int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx)
728 return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_DECRYPT);
731 int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
732 unsigned char *out, size_t *outlen,
733 const unsigned char *in, size_t inlen)
738 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
742 if (ctx->operation != EVP_PKEY_OP_DECRYPT) {
743 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
747 if (ctx->op.ciph.ciphprovctx == NULL)
750 ret = ctx->op.ciph.cipher->decrypt(ctx->op.ciph.ciphprovctx, out, outlen,
751 (out == NULL ? 0 : *outlen), in, inlen);
755 if (ctx->pmeth == NULL || ctx->pmeth->decrypt == NULL) {
756 EVPerr(EVP_F_EVP_PKEY_DECRYPT,
757 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
760 M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
761 return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
765 static EVP_ASYM_CIPHER *evp_asym_cipher_new(OSSL_PROVIDER *prov)
767 EVP_ASYM_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_ASYM_CIPHER));
769 if (cipher == NULL) {
770 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
774 cipher->lock = CRYPTO_THREAD_lock_new();
775 if (cipher->lock == NULL) {
776 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
777 OPENSSL_free(cipher);
781 ossl_provider_up_ref(prov);
787 static void *evp_asym_cipher_from_dispatch(int name_id,
788 const OSSL_DISPATCH *fns,
791 EVP_ASYM_CIPHER *cipher = NULL;
792 int ctxfncnt = 0, encfncnt = 0, decfncnt = 0;
793 int gparamfncnt = 0, sparamfncnt = 0;
795 if ((cipher = evp_asym_cipher_new(prov)) == NULL) {
796 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
800 cipher->name_id = name_id;
802 for (; fns->function_id != 0; fns++) {
803 switch (fns->function_id) {
804 case OSSL_FUNC_ASYM_CIPHER_NEWCTX:
805 if (cipher->newctx != NULL)
807 cipher->newctx = OSSL_get_OP_asym_cipher_newctx(fns);
810 case OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT:
811 if (cipher->encrypt_init != NULL)
813 cipher->encrypt_init = OSSL_get_OP_asym_cipher_encrypt_init(fns);
816 case OSSL_FUNC_ASYM_CIPHER_ENCRYPT:
817 if (cipher->encrypt != NULL)
819 cipher->encrypt = OSSL_get_OP_asym_cipher_encrypt(fns);
822 case OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT:
823 if (cipher->decrypt_init != NULL)
825 cipher->decrypt_init = OSSL_get_OP_asym_cipher_decrypt_init(fns);
828 case OSSL_FUNC_ASYM_CIPHER_DECRYPT:
829 if (cipher->decrypt != NULL)
831 cipher->decrypt = OSSL_get_OP_asym_cipher_decrypt(fns);
834 case OSSL_FUNC_ASYM_CIPHER_FREECTX:
835 if (cipher->freectx != NULL)
837 cipher->freectx = OSSL_get_OP_asym_cipher_freectx(fns);
840 case OSSL_FUNC_ASYM_CIPHER_DUPCTX:
841 if (cipher->dupctx != NULL)
843 cipher->dupctx = OSSL_get_OP_asym_cipher_dupctx(fns);
845 case OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS:
846 if (cipher->get_ctx_params != NULL)
848 cipher->get_ctx_params
849 = OSSL_get_OP_asym_cipher_get_ctx_params(fns);
852 case OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS:
853 if (cipher->gettable_ctx_params != NULL)
855 cipher->gettable_ctx_params
856 = OSSL_get_OP_asym_cipher_gettable_ctx_params(fns);
859 case OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS:
860 if (cipher->set_ctx_params != NULL)
862 cipher->set_ctx_params
863 = OSSL_get_OP_asym_cipher_set_ctx_params(fns);
866 case OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS:
867 if (cipher->settable_ctx_params != NULL)
869 cipher->settable_ctx_params
870 = OSSL_get_OP_asym_cipher_settable_ctx_params(fns);
876 || (encfncnt != 0 && encfncnt != 2)
877 || (decfncnt != 0 && decfncnt != 2)
878 || (encfncnt != 2 && decfncnt != 2)
879 || (gparamfncnt != 0 && gparamfncnt != 2)
880 || (sparamfncnt != 0 && sparamfncnt != 2)) {
882 * In order to be a consistent set of functions we must have at least
883 * a set of context functions (newctx and freectx) as well as a pair of
884 * "cipher" functions: (encrypt_init, encrypt) or
885 * (decrypt_init decrypt). set_ctx_params and settable_ctx_params are
886 * optional, but if one of them is present then the other one must also
887 * be present. The same applies to get_ctx_params and
888 * gettable_ctx_params. The dupctx function is optional.
890 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
896 EVP_ASYM_CIPHER_free(cipher);
900 void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher)
902 if (cipher != NULL) {
905 CRYPTO_DOWN_REF(&cipher->refcnt, &i, cipher->lock);
908 ossl_provider_free(cipher->prov);
909 CRYPTO_THREAD_lock_free(cipher->lock);
910 OPENSSL_free(cipher);
914 int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher)
918 CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock);
922 OSSL_PROVIDER *EVP_ASYM_CIPHER_provider(const EVP_ASYM_CIPHER *cipher)
927 EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm,
928 const char *properties)
930 return evp_generic_fetch(ctx, OSSL_OP_ASYM_CIPHER, algorithm, properties,
931 evp_asym_cipher_from_dispatch,
932 (int (*)(void *))EVP_ASYM_CIPHER_up_ref,
933 (void (*)(void *))EVP_ASYM_CIPHER_free);
936 int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name)
938 return evp_is_a(cipher->prov, cipher->name_id, name);
941 int EVP_ASYM_CIPHER_number(const EVP_ASYM_CIPHER *cipher)
943 return cipher->name_id;
946 void EVP_ASYM_CIPHER_do_all_provided(OPENSSL_CTX *libctx,
947 void (*fn)(EVP_ASYM_CIPHER *cipher,
951 evp_generic_do_all(libctx, OSSL_OP_ASYM_CIPHER,
952 (void (*)(void *, void *))fn, arg,
953 evp_asym_cipher_from_dispatch,
954 (void (*)(void *))EVP_ASYM_CIPHER_free);
958 void EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher,
959 void (*fn)(const char *name, void *data),
962 if (cipher->prov != NULL)
963 evp_names_do_all(cipher->prov, cipher->name_id, fn, data);