2 * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/objects.h>
13 #include <openssl/evp.h>
14 #include "internal/cryptlib.h"
15 #include "crypto/evp.h"
16 #include "internal/provider.h"
17 #include "evp_local.h"
19 static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov)
21 EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE));
23 if (signature == NULL) {
24 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
28 signature->lock = CRYPTO_THREAD_lock_new();
29 if (signature->lock == NULL) {
30 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
31 OPENSSL_free(signature);
34 signature->prov = prov;
35 ossl_provider_up_ref(prov);
36 signature->refcnt = 1;
41 static void *evp_signature_from_dispatch(int name_id,
42 const OSSL_DISPATCH *fns,
45 EVP_SIGNATURE *signature = NULL;
46 int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0;
47 int digsignfncnt = 0, digverifyfncnt = 0;
48 int gparamfncnt = 0, sparamfncnt = 0, gmdparamfncnt = 0, smdparamfncnt = 0;
50 if ((signature = evp_signature_new(prov)) == NULL) {
51 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
55 signature->name_id = name_id;
57 for (; fns->function_id != 0; fns++) {
58 switch (fns->function_id) {
59 case OSSL_FUNC_SIGNATURE_NEWCTX:
60 if (signature->newctx != NULL)
62 signature->newctx = OSSL_get_OP_signature_newctx(fns);
65 case OSSL_FUNC_SIGNATURE_SIGN_INIT:
66 if (signature->sign_init != NULL)
68 signature->sign_init = OSSL_get_OP_signature_sign_init(fns);
71 case OSSL_FUNC_SIGNATURE_SIGN:
72 if (signature->sign != NULL)
74 signature->sign = OSSL_get_OP_signature_sign(fns);
77 case OSSL_FUNC_SIGNATURE_VERIFY_INIT:
78 if (signature->verify_init != NULL)
80 signature->verify_init = OSSL_get_OP_signature_verify_init(fns);
83 case OSSL_FUNC_SIGNATURE_VERIFY:
84 if (signature->verify != NULL)
86 signature->verify = OSSL_get_OP_signature_verify(fns);
89 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT:
90 if (signature->verify_recover_init != NULL)
92 signature->verify_recover_init
93 = OSSL_get_OP_signature_verify_recover_init(fns);
96 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER:
97 if (signature->verify_recover != NULL)
99 signature->verify_recover
100 = OSSL_get_OP_signature_verify_recover(fns);
103 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT:
104 if (signature->digest_sign_init != NULL)
106 signature->digest_sign_init
107 = OSSL_get_OP_signature_digest_sign_init(fns);
110 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE:
111 if (signature->digest_sign_update != NULL)
113 signature->digest_sign_update
114 = OSSL_get_OP_signature_digest_sign_update(fns);
117 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL:
118 if (signature->digest_sign_final != NULL)
120 signature->digest_sign_final
121 = OSSL_get_OP_signature_digest_sign_final(fns);
124 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT:
125 if (signature->digest_verify_init != NULL)
127 signature->digest_verify_init
128 = OSSL_get_OP_signature_digest_verify_init(fns);
131 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE:
132 if (signature->digest_verify_update != NULL)
134 signature->digest_verify_update
135 = OSSL_get_OP_signature_digest_verify_update(fns);
138 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL:
139 if (signature->digest_verify_final != NULL)
141 signature->digest_verify_final
142 = OSSL_get_OP_signature_digest_verify_final(fns);
145 case OSSL_FUNC_SIGNATURE_FREECTX:
146 if (signature->freectx != NULL)
148 signature->freectx = OSSL_get_OP_signature_freectx(fns);
151 case OSSL_FUNC_SIGNATURE_DUPCTX:
152 if (signature->dupctx != NULL)
154 signature->dupctx = OSSL_get_OP_signature_dupctx(fns);
156 case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS:
157 if (signature->get_ctx_params != NULL)
159 signature->get_ctx_params
160 = OSSL_get_OP_signature_get_ctx_params(fns);
163 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS:
164 if (signature->gettable_ctx_params != NULL)
166 signature->gettable_ctx_params
167 = OSSL_get_OP_signature_gettable_ctx_params(fns);
170 case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS:
171 if (signature->set_ctx_params != NULL)
173 signature->set_ctx_params
174 = OSSL_get_OP_signature_set_ctx_params(fns);
177 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS:
178 if (signature->settable_ctx_params != NULL)
180 signature->settable_ctx_params
181 = OSSL_get_OP_signature_settable_ctx_params(fns);
184 case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS:
185 if (signature->get_ctx_md_params != NULL)
187 signature->get_ctx_md_params
188 = OSSL_get_OP_signature_get_ctx_md_params(fns);
191 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS:
192 if (signature->gettable_ctx_md_params != NULL)
194 signature->gettable_ctx_md_params
195 = OSSL_get_OP_signature_gettable_ctx_md_params(fns);
198 case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS:
199 if (signature->set_ctx_md_params != NULL)
201 signature->set_ctx_md_params
202 = OSSL_get_OP_signature_set_ctx_md_params(fns);
205 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS:
206 if (signature->settable_ctx_md_params != NULL)
208 signature->settable_ctx_md_params
209 = OSSL_get_OP_signature_settable_ctx_md_params(fns);
217 && verifyrecfncnt == 0
219 && digverifyfncnt == 0)
220 || (signfncnt != 0 && signfncnt != 2)
221 || (verifyfncnt != 0 && verifyfncnt != 2)
222 || (verifyrecfncnt != 0 && verifyrecfncnt != 2)
223 || (digsignfncnt != 0 && digsignfncnt != 3)
224 || (digverifyfncnt != 0 && digverifyfncnt != 3)
225 || (gparamfncnt != 0 && gparamfncnt != 2)
226 || (sparamfncnt != 0 && sparamfncnt != 2)
227 || (gmdparamfncnt != 0 && gmdparamfncnt != 2)
228 || (smdparamfncnt != 0 && smdparamfncnt != 2)) {
230 * In order to be a consistent set of functions we must have at least
231 * a set of context functions (newctx and freectx) as well as a set of
232 * "signature" functions:
233 * (sign_init, sign) or
234 * (verify_init verify) or
235 * (verify_recover_init, verify_recover) or
236 * (digest_sign_init, digest_sign_update, digest_sign_final) or
237 * (digest_verify_init, digest_verify_update, digest_verify_final).
239 * set_ctx_params and settable_ctx_params are optional, but if one of
240 * them is present then the other one must also be present. The same
241 * applies to get_ctx_params and gettable_ctx_params. The same rules
242 * apply to the "md_params" functions. The dupctx function is optional.
244 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
250 EVP_SIGNATURE_free(signature);
254 void EVP_SIGNATURE_free(EVP_SIGNATURE *signature)
256 if (signature != NULL) {
259 CRYPTO_DOWN_REF(&signature->refcnt, &i, signature->lock);
262 ossl_provider_free(signature->prov);
263 CRYPTO_THREAD_lock_free(signature->lock);
264 OPENSSL_free(signature);
268 int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature)
272 CRYPTO_UP_REF(&signature->refcnt, &ref, signature->lock);
276 OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature)
278 return signature->prov;
281 EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm,
282 const char *properties)
284 return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties,
285 evp_signature_from_dispatch,
286 (int (*)(void *))EVP_SIGNATURE_up_ref,
287 (void (*)(void *))EVP_SIGNATURE_free);
290 int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name)
292 return evp_is_a(signature->prov, signature->name_id, name);
295 int EVP_SIGNATURE_number(const EVP_SIGNATURE *signature)
297 return signature->name_id;
300 void EVP_SIGNATURE_do_all_provided(OPENSSL_CTX *libctx,
301 void (*fn)(EVP_SIGNATURE *signature,
305 evp_generic_do_all(libctx, OSSL_OP_SIGNATURE,
306 (void (*)(void *, void *))fn, arg,
307 evp_signature_from_dispatch,
308 (void (*)(void *))EVP_SIGNATURE_free);
312 void EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature,
313 void (*fn)(const char *name, void *data),
316 if (signature->prov != NULL)
317 evp_names_do_all(signature->prov, signature->name_id, fn, data);
320 static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation)
323 void *provkey = NULL;
324 EVP_SIGNATURE *signature = NULL;
327 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
331 evp_pkey_ctx_free_old_ops(ctx);
332 ctx->operation = operation;
334 if (ctx->keytype == NULL)
337 if (ctx->keymgmt == NULL)
339 EVP_KEYMGMT_fetch(ctx->libctx, ctx->keytype, ctx->propquery);
340 if (ctx->keymgmt != NULL) {
341 const char *supported_sig = NULL;
343 if (ctx->keymgmt->query_operation_name != NULL)
345 ctx->keymgmt->query_operation_name(OSSL_OP_SIGNATURE);
348 * If we didn't get a supported sig, assume there is one with the
349 * same name as the key type.
351 if (supported_sig == NULL)
352 supported_sig = ctx->keytype;
355 * Because we cleared out old ops, we shouldn't need to worry about
356 * checking if signature is already there.
359 EVP_SIGNATURE_fetch(ctx->libctx, supported_sig, ctx->propquery);
362 if (ctx->keymgmt == NULL
364 || (EVP_KEYMGMT_provider(ctx->keymgmt)
365 != EVP_SIGNATURE_provider(signature))) {
367 * We don't have the full support we need with provided methods,
368 * let's go see if legacy does. Also, we don't need to free
369 * ctx->keymgmt here, as it's not necessarily tied to this
370 * operation. It will be freed by EVP_PKEY_CTX_free().
372 EVP_SIGNATURE_free(signature);
376 ctx->op.sig.signature = signature;
378 if (ctx->pkey != NULL) {
380 evp_keymgmt_export_to_provider(ctx->pkey, ctx->keymgmt, 0);
381 /* If export failed, legacy may be able to pick it up */
385 ctx->op.sig.sigprovctx = signature->newctx(ossl_provider_ctx(signature->prov));
386 if (ctx->op.sig.sigprovctx == NULL) {
387 /* The provider key can stay in the cache */
388 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
393 case EVP_PKEY_OP_SIGN:
394 if (signature->sign_init == NULL) {
395 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
399 ret = signature->sign_init(ctx->op.sig.sigprovctx, provkey);
401 case EVP_PKEY_OP_VERIFY:
402 if (signature->verify_init == NULL) {
403 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
407 ret = signature->verify_init(ctx->op.sig.sigprovctx, provkey);
409 case EVP_PKEY_OP_VERIFYRECOVER:
410 if (signature->verify_recover_init == NULL) {
411 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
415 ret = signature->verify_recover_init(ctx->op.sig.sigprovctx, provkey);
418 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
423 signature->freectx(ctx->op.sig.sigprovctx);
424 ctx->op.sig.sigprovctx = NULL;
430 if (ctx->pmeth == NULL
431 || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL)
432 || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL)
433 || (operation == EVP_PKEY_OP_VERIFYRECOVER
434 && ctx->pmeth->verify_recover == NULL)) {
435 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
440 case EVP_PKEY_OP_SIGN:
441 if (ctx->pmeth->sign_init == NULL)
443 ret = ctx->pmeth->sign_init(ctx);
445 case EVP_PKEY_OP_VERIFY:
446 if (ctx->pmeth->verify_init == NULL)
448 ret = ctx->pmeth->verify_init(ctx);
450 case EVP_PKEY_OP_VERIFYRECOVER:
451 if (ctx->pmeth->verify_recover_init == NULL)
453 ret = ctx->pmeth->verify_recover_init(ctx);
456 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
464 ctx->operation = EVP_PKEY_OP_UNDEFINED;
468 int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
470 return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN);
473 int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
474 unsigned char *sig, size_t *siglen,
475 const unsigned char *tbs, size_t tbslen)
480 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
484 if (ctx->operation != EVP_PKEY_OP_SIGN) {
485 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
489 if (ctx->op.sig.sigprovctx == NULL)
492 ret = ctx->op.sig.signature->sign(ctx->op.sig.sigprovctx, sig, siglen,
493 SIZE_MAX, tbs, tbslen);
498 if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) {
499 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
503 M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
504 return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
507 int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
509 return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY);
512 int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
513 const unsigned char *sig, size_t siglen,
514 const unsigned char *tbs, size_t tbslen)
519 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
523 if (ctx->operation != EVP_PKEY_OP_VERIFY) {
524 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
528 if (ctx->op.sig.sigprovctx == NULL)
531 ret = ctx->op.sig.signature->verify(ctx->op.sig.sigprovctx, sig, siglen,
536 if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) {
537 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
541 return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
544 int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
546 return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER);
549 int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
550 unsigned char *rout, size_t *routlen,
551 const unsigned char *sig, size_t siglen)
556 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
560 if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
561 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
565 if (ctx->op.sig.sigprovctx == NULL)
568 ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.sigprovctx, rout,
570 (rout == NULL ? 0 : *routlen),
574 if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) {
575 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
578 M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
579 return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
582 static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation)
585 void *provkey = NULL;
586 EVP_ASYM_CIPHER *cipher = NULL;
589 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
593 evp_pkey_ctx_free_old_ops(ctx);
594 ctx->operation = operation;
596 if (ctx->keytype == NULL || ctx->engine != NULL)
599 if (ctx->keymgmt == NULL)
601 EVP_KEYMGMT_fetch(ctx->libctx, ctx->keytype, ctx->propquery);
602 if (ctx->keymgmt != NULL) {
603 const char *supported_ciph = NULL;
605 if (ctx->keymgmt->query_operation_name != NULL)
607 ctx->keymgmt->query_operation_name(OSSL_OP_ASYM_CIPHER);
610 * If we didn't get a supported ciph, assume there is one with the
611 * same name as the key type.
613 if (supported_ciph == NULL)
614 supported_ciph = ctx->keytype;
617 * Because we cleared out old ops, we shouldn't need to worry about
618 * checking if cipher is already there.
621 EVP_ASYM_CIPHER_fetch(ctx->libctx, supported_ciph, ctx->propquery);
624 if (ctx->keymgmt == NULL
626 || (EVP_KEYMGMT_provider(ctx->keymgmt)
627 != EVP_ASYM_CIPHER_provider(cipher))) {
629 * We don't have the full support we need with provided methods,
630 * let's go see if legacy does. Also, we don't need to free
631 * ctx->keymgmt here, as it's not necessarily tied to this
632 * operation. It will be freed by EVP_PKEY_CTX_free().
634 EVP_ASYM_CIPHER_free(cipher);
638 ctx->op.ciph.cipher = cipher;
640 if (ctx->pkey != NULL) {
641 provkey = evp_keymgmt_export_to_provider(ctx->pkey, ctx->keymgmt, 0);
642 /* If export failed, legacy may be able to pick it up */
646 ctx->op.ciph.ciphprovctx = cipher->newctx(ossl_provider_ctx(cipher->prov));
647 if (ctx->op.ciph.ciphprovctx == NULL) {
648 /* The provider key can stay in the cache */
649 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
654 case EVP_PKEY_OP_ENCRYPT:
655 if (cipher->encrypt_init == NULL) {
656 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
660 ret = cipher->encrypt_init(ctx->op.ciph.ciphprovctx, provkey);
662 case EVP_PKEY_OP_DECRYPT:
663 if (cipher->decrypt_init == NULL) {
664 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
668 ret = cipher->decrypt_init(ctx->op.ciph.ciphprovctx, provkey);
671 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
676 cipher->freectx(ctx->op.ciph.ciphprovctx);
677 ctx->op.ciph.ciphprovctx = NULL;
683 if (ctx->pmeth == NULL || ctx->pmeth->encrypt == NULL) {
684 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
687 switch(ctx->operation) {
688 case EVP_PKEY_OP_ENCRYPT:
689 if (ctx->pmeth->encrypt_init == NULL)
691 ret = ctx->pmeth->encrypt_init(ctx);
693 case EVP_PKEY_OP_DECRYPT:
694 if (ctx->pmeth->decrypt_init == NULL)
696 ret = ctx->pmeth->decrypt_init(ctx);
699 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
705 ctx->operation = EVP_PKEY_OP_UNDEFINED;
709 int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx)
711 return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_ENCRYPT);
714 int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
715 unsigned char *out, size_t *outlen,
716 const unsigned char *in, size_t inlen)
721 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
725 if (ctx->operation != EVP_PKEY_OP_ENCRYPT) {
726 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
730 if (ctx->op.ciph.ciphprovctx == NULL)
733 ret = ctx->op.ciph.cipher->encrypt(ctx->op.ciph.ciphprovctx, out, outlen,
734 (out == NULL ? 0 : *outlen), in, inlen);
738 if (ctx->pmeth == NULL || ctx->pmeth->encrypt == NULL) {
739 EVPerr(EVP_F_EVP_PKEY_ENCRYPT,
740 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
743 M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT)
744 return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);
747 int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx)
749 return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_DECRYPT);
752 int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
753 unsigned char *out, size_t *outlen,
754 const unsigned char *in, size_t inlen)
759 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
763 if (ctx->operation != EVP_PKEY_OP_DECRYPT) {
764 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
768 if (ctx->op.ciph.ciphprovctx == NULL)
771 ret = ctx->op.ciph.cipher->decrypt(ctx->op.ciph.ciphprovctx, out, outlen,
772 (out == NULL ? 0 : *outlen), in, inlen);
776 if (ctx->pmeth == NULL || ctx->pmeth->decrypt == NULL) {
777 EVPerr(EVP_F_EVP_PKEY_DECRYPT,
778 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
781 M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
782 return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
786 static EVP_ASYM_CIPHER *evp_asym_cipher_new(OSSL_PROVIDER *prov)
788 EVP_ASYM_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_ASYM_CIPHER));
790 if (cipher == NULL) {
791 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
795 cipher->lock = CRYPTO_THREAD_lock_new();
796 if (cipher->lock == NULL) {
797 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
798 OPENSSL_free(cipher);
802 ossl_provider_up_ref(prov);
808 static void *evp_asym_cipher_from_dispatch(int name_id,
809 const OSSL_DISPATCH *fns,
812 EVP_ASYM_CIPHER *cipher = NULL;
813 int ctxfncnt = 0, encfncnt = 0, decfncnt = 0;
814 int gparamfncnt = 0, sparamfncnt = 0;
816 if ((cipher = evp_asym_cipher_new(prov)) == NULL) {
817 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
821 cipher->name_id = name_id;
823 for (; fns->function_id != 0; fns++) {
824 switch (fns->function_id) {
825 case OSSL_FUNC_ASYM_CIPHER_NEWCTX:
826 if (cipher->newctx != NULL)
828 cipher->newctx = OSSL_get_OP_asym_cipher_newctx(fns);
831 case OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT:
832 if (cipher->encrypt_init != NULL)
834 cipher->encrypt_init = OSSL_get_OP_asym_cipher_encrypt_init(fns);
837 case OSSL_FUNC_ASYM_CIPHER_ENCRYPT:
838 if (cipher->encrypt != NULL)
840 cipher->encrypt = OSSL_get_OP_asym_cipher_encrypt(fns);
843 case OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT:
844 if (cipher->decrypt_init != NULL)
846 cipher->decrypt_init = OSSL_get_OP_asym_cipher_decrypt_init(fns);
849 case OSSL_FUNC_ASYM_CIPHER_DECRYPT:
850 if (cipher->decrypt != NULL)
852 cipher->decrypt = OSSL_get_OP_asym_cipher_decrypt(fns);
855 case OSSL_FUNC_ASYM_CIPHER_FREECTX:
856 if (cipher->freectx != NULL)
858 cipher->freectx = OSSL_get_OP_asym_cipher_freectx(fns);
861 case OSSL_FUNC_ASYM_CIPHER_DUPCTX:
862 if (cipher->dupctx != NULL)
864 cipher->dupctx = OSSL_get_OP_asym_cipher_dupctx(fns);
866 case OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS:
867 if (cipher->get_ctx_params != NULL)
869 cipher->get_ctx_params
870 = OSSL_get_OP_asym_cipher_get_ctx_params(fns);
873 case OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS:
874 if (cipher->gettable_ctx_params != NULL)
876 cipher->gettable_ctx_params
877 = OSSL_get_OP_asym_cipher_gettable_ctx_params(fns);
880 case OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS:
881 if (cipher->set_ctx_params != NULL)
883 cipher->set_ctx_params
884 = OSSL_get_OP_asym_cipher_set_ctx_params(fns);
887 case OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS:
888 if (cipher->settable_ctx_params != NULL)
890 cipher->settable_ctx_params
891 = OSSL_get_OP_asym_cipher_settable_ctx_params(fns);
897 || (encfncnt != 0 && encfncnt != 2)
898 || (decfncnt != 0 && decfncnt != 2)
899 || (encfncnt != 2 && decfncnt != 2)
900 || (gparamfncnt != 0 && gparamfncnt != 2)
901 || (sparamfncnt != 0 && sparamfncnt != 2)) {
903 * In order to be a consistent set of functions we must have at least
904 * a set of context functions (newctx and freectx) as well as a pair of
905 * "cipher" functions: (encrypt_init, encrypt) or
906 * (decrypt_init decrypt). set_ctx_params and settable_ctx_params are
907 * optional, but if one of them is present then the other one must also
908 * be present. The same applies to get_ctx_params and
909 * gettable_ctx_params. The dupctx function is optional.
911 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
917 EVP_ASYM_CIPHER_free(cipher);
921 void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher)
923 if (cipher != NULL) {
926 CRYPTO_DOWN_REF(&cipher->refcnt, &i, cipher->lock);
929 ossl_provider_free(cipher->prov);
930 CRYPTO_THREAD_lock_free(cipher->lock);
931 OPENSSL_free(cipher);
935 int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher)
939 CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock);
943 OSSL_PROVIDER *EVP_ASYM_CIPHER_provider(const EVP_ASYM_CIPHER *cipher)
948 EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm,
949 const char *properties)
951 return evp_generic_fetch(ctx, OSSL_OP_ASYM_CIPHER, algorithm, properties,
952 evp_asym_cipher_from_dispatch,
953 (int (*)(void *))EVP_ASYM_CIPHER_up_ref,
954 (void (*)(void *))EVP_ASYM_CIPHER_free);
957 int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name)
959 return evp_is_a(cipher->prov, cipher->name_id, name);
962 int EVP_ASYM_CIPHER_number(const EVP_ASYM_CIPHER *cipher)
964 return cipher->name_id;
967 void EVP_ASYM_CIPHER_do_all_provided(OPENSSL_CTX *libctx,
968 void (*fn)(EVP_ASYM_CIPHER *cipher,
972 evp_generic_do_all(libctx, OSSL_OP_ASYM_CIPHER,
973 (void (*)(void *, void *))fn, arg,
974 evp_asym_cipher_from_dispatch,
975 (void (*)(void *))EVP_ASYM_CIPHER_free);
979 void EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher,
980 void (*fn)(const char *name, void *data),
983 if (cipher->prov != NULL)
984 evp_names_do_all(cipher->prov, cipher->name_id, fn, data);