int ret;
void *provkey = NULL;
+ evp_pkey_ctx_free_old_ops(ctx);
ctx->operation = EVP_PKEY_OP_DERIVE;
if (ctx->engine != NULL)
}
}
- if (ctx->exchprovctx != NULL && ctx->exchange != NULL)
- ctx->exchange->freectx(ctx->exchprovctx);
- EVP_KEYEXCH_free(ctx->exchange);
- ctx->exchange = exchange;
+ ctx->op.kex.exchange = exchange;
if (ctx->pkey != NULL) {
provkey = evp_keymgmt_export_to_provider(ctx->pkey, exchange->keymgmt);
if (provkey == NULL) {
goto err;
}
}
- ctx->exchprovctx = exchange->newctx(ossl_provider_ctx(exchange->prov));
- if (ctx->exchprovctx == NULL) {
+ ctx->op.kex.exchprovctx = exchange->newctx(ossl_provider_ctx(exchange->prov));
+ if (ctx->op.kex.exchprovctx == NULL) {
/* The provider key can stay in the cache */
EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR);
goto err;
}
- ret = exchange->init(ctx->exchprovctx, provkey);
+ ret = exchange->init(ctx->op.kex.exchprovctx, provkey);
return ret ? 1 : 0;
err:
return -2;
}
- if (ctx->exchprovctx == NULL)
+ if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx) || ctx->op.kex.exchprovctx == NULL)
goto legacy;
- if (ctx->operation != EVP_PKEY_OP_DERIVE) {
- EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
- EVP_R_OPERATON_NOT_INITIALIZED);
- return -1;
- }
-
- if (ctx->exchange->set_peer == NULL) {
+ if (ctx->op.kex.exchange->set_peer == NULL) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
}
- provkey = evp_keymgmt_export_to_provider(peer, ctx->exchange->keymgmt);
+ provkey = evp_keymgmt_export_to_provider(peer,
+ ctx->op.kex.exchange->keymgmt);
if (provkey == NULL) {
EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, ERR_R_INTERNAL_ERROR);
return 0;
}
- return ctx->exchange->set_peer(ctx->exchprovctx, provkey);
+ return ctx->op.kex.exchange->set_peer(ctx->op.kex.exchprovctx, provkey);
legacy:
if (ctx->pmeth == NULL
return -2;
}
- if (ctx->operation != EVP_PKEY_OP_DERIVE) {
+ if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED);
return -1;
}
- if (ctx->exchprovctx == NULL)
+ if (ctx->op.kex.exchprovctx == NULL)
goto legacy;
- ret = ctx->exchange->derive(ctx->exchprovctx, key, pkeylen, SIZE_MAX);
+ ret = ctx->op.kex.exchange->derive(ctx->op.kex.exchprovctx, key, pkeylen,
+ SIZE_MAX);
return ret;
legacy:
return -2;
}
+ evp_pkey_ctx_free_old_ops(ctx);
ctx->operation = operation;
if (ctx->engine != NULL)
}
}
- if (ctx->sigprovctx != NULL && ctx->signature != NULL)
- ctx->signature->freectx(ctx->sigprovctx);
- EVP_SIGNATURE_free(ctx->signature);
- ctx->signature = signature;
+ ctx->op.sig.signature = signature;
if (ctx->pkey != NULL) {
provkey = evp_keymgmt_export_to_provider(ctx->pkey, signature->keymgmt);
if (provkey == NULL) {
goto err;
}
}
- ctx->sigprovctx = signature->newctx(ossl_provider_ctx(signature->prov));
- if (ctx->sigprovctx == NULL) {
+ ctx->op.sig.sigprovctx = signature->newctx(ossl_provider_ctx(signature->prov));
+ if (ctx->op.sig.sigprovctx == NULL) {
/* The provider key can stay in the cache */
EVPerr(0, EVP_R_INITIALIZATION_ERROR);
goto err;
ret = -2;
goto err;
}
- ret = signature->sign_init(ctx->sigprovctx, provkey);
+ ret = signature->sign_init(ctx->op.sig.sigprovctx, provkey);
break;
case EVP_PKEY_OP_VERIFY:
if (signature->verify_init == NULL) {
ret = -2;
goto err;
}
- ret = signature->verify_init(ctx->sigprovctx, provkey);
+ ret = signature->verify_init(ctx->op.sig.sigprovctx, provkey);
break;
case EVP_PKEY_OP_VERIFYRECOVER:
if (signature->verify_recover_init == NULL) {
ret = -2;
goto err;
}
- ret = signature->verify_recover_init(ctx->sigprovctx, provkey);
+ ret = signature->verify_recover_init(ctx->op.sig.sigprovctx, provkey);
break;
default:
EVPerr(0, EVP_R_INITIALIZATION_ERROR);
}
if (ret <= 0) {
- signature->freectx(ctx->sigprovctx);
- ctx->sigprovctx = NULL;
+ signature->freectx(ctx->op.sig.sigprovctx);
+ ctx->op.sig.sigprovctx = NULL;
goto err;
}
return 1;
return -1;
}
- if (ctx->sigprovctx == NULL)
+ if (ctx->op.sig.sigprovctx == NULL)
goto legacy;
- ret = ctx->signature->sign(ctx->sigprovctx, sig, siglen, SIZE_MAX,
- tbs, tbslen);
+ ret = ctx->op.sig.signature->sign(ctx->op.sig.sigprovctx, sig, siglen,
+ SIZE_MAX, tbs, tbslen);
return ret;
legacy:
return -1;
}
- if (ctx->sigprovctx == NULL)
+ if (ctx->op.sig.sigprovctx == NULL)
goto legacy;
- ret = ctx->signature->verify(ctx->sigprovctx, sig, siglen, tbs, tbslen);
+ ret = ctx->op.sig.signature->verify(ctx->op.sig.sigprovctx, sig, siglen,
+ tbs, tbslen);
return ret;
legacy:
return -1;
}
- if (ctx->sigprovctx == NULL)
+ if (ctx->op.sig.sigprovctx == NULL)
goto legacy;
- ret = ctx->signature->verify_recover(ctx->sigprovctx, rout, routlen,
- (rout == NULL ? 0 : *routlen),
- sig, siglen);
+ ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.sigprovctx, rout,
+ routlen,
+ (rout == NULL ? 0 : *routlen),
+ sig, siglen);
return ret;
legacy:
if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) {
return ret;
}
+void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx)
+{
+ if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
+ if (ctx->op.kex.exchprovctx != NULL && ctx->op.kex.exchange != NULL)
+ ctx->op.kex.exchange->freectx(ctx->op.kex.exchprovctx);
+ EVP_KEYEXCH_free(ctx->op.kex.exchange);
+ } else if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) {
+ if (ctx->op.sig.sigprovctx != NULL && ctx->op.sig.signature != NULL)
+ ctx->op.sig.signature->freectx(ctx->op.sig.sigprovctx);
+ EVP_SIGNATURE_free(ctx->op.sig.signature);
+ }
+}
+
EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
{
EVP_PKEY_METHOD *pmeth;
EVP_PKEY_CTX *rctx;
if (((pctx->pmeth == NULL) || (pctx->pmeth->copy == NULL))
- && pctx->exchprovctx == NULL)
+ && ((EVP_PKEY_CTX_IS_DERIVE_OP(pctx)
+ && pctx->op.kex.exchprovctx == NULL)
+ || (EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx)
+ && pctx->op.sig.sigprovctx == NULL)))
return NULL;
#ifndef OPENSSL_NO_ENGINE
/* Make sure it's safe to copy a pkey context using an ENGINE */
rctx->pkey = pctx->pkey;
rctx->operation = pctx->operation;
- if (pctx->exchprovctx != NULL) {
- if (!ossl_assert(pctx->exchange != NULL))
- return NULL;
- rctx->exchange = pctx->exchange;
- if (!EVP_KEYEXCH_up_ref(rctx->exchange)) {
- OPENSSL_free(rctx);
- return NULL;
+ if (EVP_PKEY_CTX_IS_DERIVE_OP(pctx)) {
+ if (pctx->op.kex.exchange != NULL) {
+ rctx->op.kex.exchange = pctx->op.kex.exchange;
+ if (!EVP_KEYEXCH_up_ref(rctx->op.kex.exchange)) {
+ OPENSSL_free(rctx);
+ return NULL;
+ }
}
- rctx->exchprovctx = pctx->exchange->dupctx(pctx->exchprovctx);
- if (rctx->exchprovctx == NULL) {
- EVP_KEYEXCH_free(rctx->exchange);
- OPENSSL_free(rctx);
- return NULL;
+ if (pctx->op.kex.exchprovctx != NULL) {
+ if (!ossl_assert(pctx->op.kex.exchange != NULL))
+ return NULL;
+ rctx->op.kex.exchprovctx
+ = pctx->op.kex.exchange->dupctx(pctx->op.kex.exchprovctx);
+ if (rctx->op.kex.exchprovctx == NULL) {
+ EVP_KEYEXCH_free(rctx->op.kex.exchange);
+ OPENSSL_free(rctx);
+ return NULL;
+ }
+ return rctx;
+ }
+ } else if (EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx)) {
+ if (pctx->op.sig.signature != NULL) {
+ rctx->op.sig.signature = pctx->op.sig.signature;
+ if (!EVP_SIGNATURE_up_ref(rctx->op.sig.signature)) {
+ OPENSSL_free(rctx);
+ return NULL;
+ }
+ }
+ if (pctx->op.sig.sigprovctx != NULL) {
+ if (!ossl_assert(pctx->op.sig.signature != NULL))
+ return NULL;
+ rctx->op.sig.sigprovctx
+ = pctx->op.sig.signature->dupctx(pctx->op.sig.sigprovctx);
+ if (rctx->op.sig.sigprovctx == NULL) {
+ EVP_SIGNATURE_free(rctx->op.sig.signature);
+ OPENSSL_free(rctx);
+ return NULL;
+ }
+ return rctx;
}
- return rctx;
}
rctx->pmeth = pctx->pmeth;
if (ctx->pmeth && ctx->pmeth->cleanup)
ctx->pmeth->cleanup(ctx);
- if (ctx->exchprovctx != NULL && ctx->exchange != NULL)
- ctx->exchange->freectx(ctx->exchprovctx);
-
- EVP_KEYEXCH_free(ctx->exchange);
-
- if (ctx->sigprovctx != NULL && ctx->signature != NULL)
- ctx->signature->freectx(ctx->sigprovctx);
-
- EVP_SIGNATURE_free(ctx->signature);
+ evp_pkey_ctx_free_old_ops(ctx);
EVP_PKEY_free(ctx->pkey);
EVP_PKEY_free(ctx->peerkey);
int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
{
- if (ctx->sigprovctx != NULL
- && ctx->signature != NULL
- && ctx->signature->get_ctx_params != NULL)
- return ctx->signature->get_ctx_params(ctx->sigprovctx, params);
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
+ && ctx->op.sig.sigprovctx != NULL
+ && ctx->op.sig.signature != NULL
+ && ctx->op.sig.signature->get_ctx_params != NULL)
+ return ctx->op.sig.signature->get_ctx_params(ctx->op.sig.sigprovctx,
+ params);
return 0;
}
const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx)
{
- if (ctx->signature != NULL
- && ctx->signature->gettable_ctx_params != NULL)
- return ctx->signature->gettable_ctx_params();
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
+ && ctx->op.sig.signature != NULL
+ && ctx->op.sig.signature->gettable_ctx_params != NULL)
+ return ctx->op.sig.signature->gettable_ctx_params();
return NULL;
}
int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
{
- if (ctx->exchprovctx != NULL
- && ctx->exchange != NULL
- && ctx->exchange->set_ctx_params != NULL)
- return ctx->exchange->set_ctx_params(ctx->exchprovctx, params);
- if (ctx->sigprovctx != NULL
- && ctx->signature != NULL
- && ctx->signature->set_ctx_params != NULL)
- return ctx->signature->set_ctx_params(ctx->sigprovctx, params);
+ if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
+ && ctx->op.kex.exchprovctx != NULL
+ && ctx->op.kex.exchange != NULL
+ && ctx->op.kex.exchange->set_ctx_params != NULL)
+ return ctx->op.kex.exchange->set_ctx_params(ctx->op.kex.exchprovctx,
+ params);
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
+ && ctx->op.sig.sigprovctx != NULL
+ && ctx->op.sig.signature != NULL
+ && ctx->op.sig.signature->set_ctx_params != NULL)
+ return ctx->op.sig.signature->set_ctx_params(ctx->op.sig.sigprovctx,
+ params);
return 0;
}
const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx)
{
- if (ctx->exchange != NULL
- && ctx->exchange->settable_ctx_params != NULL)
- return ctx->exchange->settable_ctx_params();
- if (ctx->signature != NULL
- && ctx->signature->settable_ctx_params != NULL)
- return ctx->signature->settable_ctx_params();
+ if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
+ && ctx->op.kex.exchange != NULL
+ && ctx->op.kex.exchange->settable_ctx_params != NULL)
+ return ctx->op.kex.exchange->settable_ctx_params();
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
+ && ctx->op.sig.signature != NULL
+ && ctx->op.sig.signature->settable_ctx_params != NULL)
+ return ctx->op.sig.signature->settable_ctx_params();
return NULL;
}
OSSL_PARAM dh_pad_params[2];
unsigned int upad = pad;
+ /* We use EVP_PKEY_CTX_ctrl return values */
+ if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ return -2;
+ }
+
/* TODO(3.0): Remove this eventually when no more legacy */
- if (ctx->exchprovctx == NULL)
+ if (ctx->op.kex.exchprovctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_DH_PAD, pad, NULL);
char name[80] = "";
const EVP_MD *tmp;
- if (ctx == NULL) {
+ if (ctx == NULL || !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) {
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
return -2;
}
/* TODO(3.0): Remove this eventually when no more legacy */
- if (ctx->sigprovctx == NULL)
+ if (ctx->op.sig.sigprovctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,
EVP_PKEY_CTRL_GET_MD, 0, (void *)(md));
size_t mdsize;
const char *name;
- if (ctx == NULL) {
+ if (ctx == NULL || !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) {
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
return -2;
}
/* TODO(3.0): Remove this eventually when no more legacy */
- if (ctx->sigprovctx == NULL)
+ if (ctx->op.sig.sigprovctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,
EVP_PKEY_CTRL_MD, 0, (void *)(md));
#endif
case EVP_PKEY_CTRL_MD:
return EVP_PKEY_CTX_set_signature_md(ctx, p2);
+ case EVP_PKEY_CTRL_GET_MD:
+ return EVP_PKEY_CTX_get_signature_md(ctx, p2);
}
return 0;
}
return -2;
}
- if (ctx->exchprovctx != NULL || ctx->sigprovctx != NULL)
+ if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx) && ctx->op.kex.exchprovctx != NULL)
+ || (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
+ && ctx->op.sig.sigprovctx != NULL))
return legacy_ctrl_to_param(ctx, keytype, optype, cmd, p1, p2);
if (ctx->pmeth == NULL || ctx->pmeth->ctrl == NULL) {
#endif
if (strcmp(name, "digest") == 0) {
int ret;
- EVP_MD *md
- = EVP_MD_fetch(ossl_provider_library_context(ctx->signature->prov),
- value, NULL);
+ EVP_MD *md;
+
+ if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) || ctx->op.sig.signature == NULL)
+ return 0;
+ md = EVP_MD_fetch(ossl_provider_library_context(ctx->op.sig.signature->prov),
+ value, NULL);
if (md == NULL)
return 0;
ret = EVP_PKEY_CTX_set_signature_md(ctx, md);
return -2;
}
- if (ctx->exchprovctx != NULL || ctx->sigprovctx != NULL)
+ if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx) && ctx->op.kex.exchprovctx != NULL)
+ || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
+ && ctx->op.sig.sigprovctx != NULL))
return legacy_ctrl_str_to_param(ctx, name, value);
if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) {
projects / oweals / openssl.git / commitdiff