1/*
2 * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdio.h>
11#include <stdlib.h>
12#include <openssl/objects.h>
13#include <openssl/evp.h>
14#include "internal/cryptlib.h"
15#include "crypto/evp.h"
16#include "internal/provider.h"
17#include "evp_local.h"
18
19static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov)
20{
21 EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE));
22
23 if (signature == NULL) {
24 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
25 return NULL;
26 }
27
28 signature->lock = CRYPTO_THREAD_lock_new();
29 if (signature->lock == NULL) {
30 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
31 OPENSSL_free(signature);
32 return NULL;
33 }
34 signature->prov = prov;
35 ossl_provider_up_ref(prov);
36 signature->refcnt = 1;
37
38 return signature;
39}
40
41static void *evp_signature_from_dispatch(int name_id,
42 const OSSL_DISPATCH *fns,
43 OSSL_PROVIDER *prov)
44{
45 EVP_SIGNATURE *signature = NULL;
46 int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0;
47 int digsignfncnt = 0, digverifyfncnt = 0;
48 int gparamfncnt = 0, sparamfncnt = 0, gmdparamfncnt = 0, smdparamfncnt = 0;
49
50 if ((signature = evp_signature_new(prov)) == NULL) {
51 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
52 goto err;
53 }
54
55 signature->name_id = name_id;
56
57 for (; fns->function_id != 0; fns++) {
58 switch (fns->function_id) {
59 case OSSL_FUNC_SIGNATURE_NEWCTX:
60 if (signature->newctx != NULL)
61 break;
62 signature->newctx = OSSL_get_OP_signature_newctx(fns);
63 ctxfncnt++;
64 break;
65 case OSSL_FUNC_SIGNATURE_SIGN_INIT:
66 if (signature->sign_init != NULL)
67 break;
68 signature->sign_init = OSSL_get_OP_signature_sign_init(fns);
69 signfncnt++;
70 break;
71 case OSSL_FUNC_SIGNATURE_SIGN:
72 if (signature->sign != NULL)
73 break;
74 signature->sign = OSSL_get_OP_signature_sign(fns);
75 signfncnt++;
76 break;
77 case OSSL_FUNC_SIGNATURE_VERIFY_INIT:
78 if (signature->verify_init != NULL)
79 break;
80 signature->verify_init = OSSL_get_OP_signature_verify_init(fns);
81 verifyfncnt++;
82 break;
83 case OSSL_FUNC_SIGNATURE_VERIFY:
84 if (signature->verify != NULL)
85 break;
86 signature->verify = OSSL_get_OP_signature_verify(fns);
87 verifyfncnt++;
88 break;
89 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT:
90 if (signature->verify_recover_init != NULL)
91 break;
92 signature->verify_recover_init
93 = OSSL_get_OP_signature_verify_recover_init(fns);
94 verifyrecfncnt++;
95 break;
96 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER:
97 if (signature->verify_recover != NULL)
98 break;
99 signature->verify_recover
100 = OSSL_get_OP_signature_verify_recover(fns);
101 verifyrecfncnt++;
102 break;
103 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT:
104 if (signature->digest_sign_init != NULL)
105 break;
106 signature->digest_sign_init
107 = OSSL_get_OP_signature_digest_sign_init(fns);
108 digsignfncnt++;
109 break;
110 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE:
111 if (signature->digest_sign_update != NULL)
112 break;
113 signature->digest_sign_update
114 = OSSL_get_OP_signature_digest_sign_update(fns);
115 digsignfncnt++;
116 break;
117 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL:
118 if (signature->digest_sign_final != NULL)
119 break;
120 signature->digest_sign_final
121 = OSSL_get_OP_signature_digest_sign_final(fns);
122 digsignfncnt++;
123 break;
124 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT:
125 if (signature->digest_verify_init != NULL)
126 break;
127 signature->digest_verify_init
128 = OSSL_get_OP_signature_digest_verify_init(fns);
129 digverifyfncnt++;
130 break;
131 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE:
132 if (signature->digest_verify_update != NULL)
133 break;
134 signature->digest_verify_update
135 = OSSL_get_OP_signature_digest_verify_update(fns);
136 digverifyfncnt++;
137 break;
138 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL:
139 if (signature->digest_verify_final != NULL)
140 break;
141 signature->digest_verify_final
142 = OSSL_get_OP_signature_digest_verify_final(fns);
143 digverifyfncnt++;
144 break;
145 case OSSL_FUNC_SIGNATURE_FREECTX:
146 if (signature->freectx != NULL)
147 break;
148 signature->freectx = OSSL_get_OP_signature_freectx(fns);
149 ctxfncnt++;
150 break;
151 case OSSL_FUNC_SIGNATURE_DUPCTX:
152 if (signature->dupctx != NULL)
153 break;
154 signature->dupctx = OSSL_get_OP_signature_dupctx(fns);
155 break;
156 case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS:
157 if (signature->get_ctx_params != NULL)
158 break;
159 signature->get_ctx_params
160 = OSSL_get_OP_signature_get_ctx_params(fns);
161 gparamfncnt++;
162 break;
163 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS:
164 if (signature->gettable_ctx_params != NULL)
165 break;
166 signature->gettable_ctx_params
167 = OSSL_get_OP_signature_gettable_ctx_params(fns);
168 gparamfncnt++;
169 break;
170 case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS:
171 if (signature->set_ctx_params != NULL)
172 break;
173 signature->set_ctx_params
174 = OSSL_get_OP_signature_set_ctx_params(fns);
175 sparamfncnt++;
176 break;
177 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS:
178 if (signature->settable_ctx_params != NULL)
179 break;
180 signature->settable_ctx_params
181 = OSSL_get_OP_signature_settable_ctx_params(fns);
182 sparamfncnt++;
183 break;
184 case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS:
185 if (signature->get_ctx_md_params != NULL)
186 break;
187 signature->get_ctx_md_params
188 = OSSL_get_OP_signature_get_ctx_md_params(fns);
189 gmdparamfncnt++;
190 break;
191 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS:
192 if (signature->gettable_ctx_md_params != NULL)
193 break;
194 signature->gettable_ctx_md_params
195 = OSSL_get_OP_signature_gettable_ctx_md_params(fns);
196 gmdparamfncnt++;
197 break;
198 case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS:
199 if (signature->set_ctx_md_params != NULL)
200 break;
201 signature->set_ctx_md_params
202 = OSSL_get_OP_signature_set_ctx_md_params(fns);
203 smdparamfncnt++;
204 break;
205 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS:
206 if (signature->settable_ctx_md_params != NULL)
207 break;
208 signature->settable_ctx_md_params
209 = OSSL_get_OP_signature_settable_ctx_md_params(fns);
210 smdparamfncnt++;
211 break;
212 }
213 }
214 if (ctxfncnt != 2
215 || (signfncnt == 0
216 && verifyfncnt == 0
217 && verifyrecfncnt == 0
218 && digsignfncnt == 0
219 && digverifyfncnt == 0)
220 || (signfncnt != 0 && signfncnt != 2)
221 || (verifyfncnt != 0 && verifyfncnt != 2)
222 || (verifyrecfncnt != 0 && verifyrecfncnt != 2)
223 || (digsignfncnt != 0 && digsignfncnt != 3)
224 || (digverifyfncnt != 0 && digverifyfncnt != 3)
225 || (gparamfncnt != 0 && gparamfncnt != 2)
226 || (sparamfncnt != 0 && sparamfncnt != 2)
227 || (gmdparamfncnt != 0 && gmdparamfncnt != 2)
228 || (smdparamfncnt != 0 && smdparamfncnt != 2)) {
229 /*
230 * In order to be a consistent set of functions we must have at least
231 * a set of context functions (newctx and freectx) as well as a set of
232 * "signature" functions:
233 * (sign_init, sign) or
234 * (verify_init verify) or
235 * (verify_recover_init, verify_recover) or
236 * (digest_sign_init, digest_sign_update, digest_sign_final) or
237 * (digest_verify_init, digest_verify_update, digest_verify_final).
238 *
239 * set_ctx_params and settable_ctx_params are optional, but if one of
240 * them is present then the other one must also be present. The same
241 * applies to get_ctx_params and gettable_ctx_params. The same rules
242 * apply to the "md_params" functions. The dupctx function is optional.
243 */
244 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
245 goto err;
246 }
247
248 return signature;
249 err:
250 EVP_SIGNATURE_free(signature);
251 return NULL;
252}
253
254void EVP_SIGNATURE_free(EVP_SIGNATURE *signature)
255{
256 if (signature != NULL) {
257 int i;
258
259 CRYPTO_DOWN_REF(&signature->refcnt, &i, signature->lock);
260 if (i > 0)
261 return;
262 ossl_provider_free(signature->prov);
263 CRYPTO_THREAD_lock_free(signature->lock);
264 OPENSSL_free(signature);
265 }
266}
267
268int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature)
269{
270 int ref = 0;
271
272 CRYPTO_UP_REF(&signature->refcnt, &ref, signature->lock);
273 return 1;
274}
275
276OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature)
277{
278 return signature->prov;
279}
280
281EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm,
282 const char *properties)
283{
284 return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties,
285 evp_signature_from_dispatch,
286 (int (*)(void *))EVP_SIGNATURE_up_ref,
287 (void (*)(void *))EVP_SIGNATURE_free);
288}
289
290int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name)
291{
292 return evp_is_a(signature->prov, signature->name_id, name);
293}
294
295int EVP_SIGNATURE_number(const EVP_SIGNATURE *signature)
296{
297 return signature->name_id;
298}
299
300void EVP_SIGNATURE_do_all_provided(OPENSSL_CTX *libctx,
301 void (*fn)(EVP_SIGNATURE *signature,
302 void *arg),
303 void *arg)
304{
305 evp_generic_do_all(libctx, OSSL_OP_SIGNATURE,
306 (void (*)(void *, void *))fn, arg,
307 evp_signature_from_dispatch,
308 (void (*)(void *))EVP_SIGNATURE_free);
309}
310
311
312void EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature,
313 void (*fn)(const char *name, void *data),
314 void *data)
315{
316 if (signature->prov != NULL)
317 evp_names_do_all(signature->prov, signature->name_id, fn, data);
318}
319
320static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation)
321{
322 int ret = 0;
323 void *provkey = NULL;
324 EVP_SIGNATURE *signature = NULL;
325
326 if (ctx == NULL) {
327 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
328 return -2;
329 }
330
331 evp_pkey_ctx_free_old_ops(ctx);
332 ctx->operation = operation;
333
334 if (ctx->algorithm == NULL)
335 goto legacy;
336
337 /*
338 * Because we cleared out old ops, we shouldn't need to worry about
339 * checking if signature is already there. Keymgmt is a different
340 * matter, as it isn't tied to a specific EVP_PKEY op.
341 */
342 signature = EVP_SIGNATURE_fetch(ctx->libctx, ctx->algorithm,
343 ctx->propquery);
344 if (signature != NULL && ctx->keymgmt == NULL) {
345 int name_id = EVP_SIGNATURE_number(signature);
346
347 ctx->keymgmt = evp_keymgmt_fetch_by_number(ctx->libctx, name_id,
348 ctx->propquery);
349 }
350
351 if (ctx->keymgmt == NULL
352 || signature == NULL
353 || (EVP_KEYMGMT_provider(ctx->keymgmt)
354 != EVP_SIGNATURE_provider(signature))) {
355 /*
356 * We don't have the full support we need with provided methods,
357 * let's go see if legacy does. Also, we don't need to free
358 * ctx->keymgmt here, as it's not necessarily tied to this
359 * operation. It will be freed by EVP_PKEY_CTX_free().
360 */
361 EVP_SIGNATURE_free(signature);
362 goto legacy;
363 }
364
365 ctx->op.sig.signature = signature;
366
367 if (ctx->pkey != NULL) {
368 provkey =
369 evp_keymgmt_export_to_provider(ctx->pkey, ctx->keymgmt, 0);
370 if (provkey == NULL) {
371 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
372 goto err;
373 }
374 }
375 ctx->op.sig.sigprovctx = signature->newctx(ossl_provider_ctx(signature->prov));
376 if (ctx->op.sig.sigprovctx == NULL) {
377 /* The provider key can stay in the cache */
378 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
379 goto err;
380 }
381
382 switch (operation) {
383 case EVP_PKEY_OP_SIGN:
384 if (signature->sign_init == NULL) {
385 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
386 ret = -2;
387 goto err;
388 }
389 ret = signature->sign_init(ctx->op.sig.sigprovctx, provkey);
390 break;
391 case EVP_PKEY_OP_VERIFY:
392 if (signature->verify_init == NULL) {
393 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
394 ret = -2;
395 goto err;
396 }
397 ret = signature->verify_init(ctx->op.sig.sigprovctx, provkey);
398 break;
399 case EVP_PKEY_OP_VERIFYRECOVER:
400 if (signature->verify_recover_init == NULL) {
401 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
402 ret = -2;
403 goto err;
404 }
405 ret = signature->verify_recover_init(ctx->op.sig.sigprovctx, provkey);
406 break;
407 default:
408 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
409 goto err;
410 }
411
412 if (ret <= 0) {
413 signature->freectx(ctx->op.sig.sigprovctx);
414 ctx->op.sig.sigprovctx = NULL;
415 goto err;
416 }
417 return 1;
418
419 legacy:
420 if (ctx->pmeth == NULL
421 || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL)
422 || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL)
423 || (operation == EVP_PKEY_OP_VERIFYRECOVER
424 && ctx->pmeth->verify_recover == NULL)) {
425 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
426 return -2;
427 }
428
429 switch (operation) {
430 case EVP_PKEY_OP_SIGN:
431 if (ctx->pmeth->sign_init == NULL)
432 return 1;
433 ret = ctx->pmeth->sign_init(ctx);
434 break;
435 case EVP_PKEY_OP_VERIFY:
436 if (ctx->pmeth->verify_init == NULL)
437 return 1;
438 ret = ctx->pmeth->verify_init(ctx);
439 break;
440 case EVP_PKEY_OP_VERIFYRECOVER:
441 if (ctx->pmeth->verify_recover_init == NULL)
442 return 1;
443 ret = ctx->pmeth->verify_recover_init(ctx);
444 break;
445 default:
446 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
447 goto err;
448 }
449 if (ret <= 0)
450 goto err;
451 return ret;
452
453 err:
454 ctx->operation = EVP_PKEY_OP_UNDEFINED;
455 return ret;
456}
457
458int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
459{
460 return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN);
461}
462
463int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
464 unsigned char *sig, size_t *siglen,
465 const unsigned char *tbs, size_t tbslen)
466{
467 int ret;
468
469 if (ctx == NULL) {
470 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
471 return -2;
472 }
473
474 if (ctx->operation != EVP_PKEY_OP_SIGN) {
475 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
476 return -1;
477 }
478
479 if (ctx->op.sig.sigprovctx == NULL)
480 goto legacy;
481
482 ret = ctx->op.sig.signature->sign(ctx->op.sig.sigprovctx, sig, siglen,
483 SIZE_MAX, tbs, tbslen);
484
485 return ret;
486 legacy:
487
488 if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) {
489 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
490 return -2;
491 }
492
493 M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
494 return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
495}
496
497int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
498{
499 return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY);
500}
501
502int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
503 const unsigned char *sig, size_t siglen,
504 const unsigned char *tbs, size_t tbslen)
505{
506 int ret;
507
508 if (ctx == NULL) {
509 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
510 return -2;
511 }
512
513 if (ctx->operation != EVP_PKEY_OP_VERIFY) {
514 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
515 return -1;
516 }
517
518 if (ctx->op.sig.sigprovctx == NULL)
519 goto legacy;
520
521 ret = ctx->op.sig.signature->verify(ctx->op.sig.sigprovctx, sig, siglen,
522 tbs, tbslen);
523
524 return ret;
525 legacy:
526 if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) {
527 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
528 return -2;
529 }
530
531 return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
532}
533
534int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
535{
536 return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER);
537}
538
539int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
540 unsigned char *rout, size_t *routlen,
541 const unsigned char *sig, size_t siglen)
542{
543 int ret;
544
545 if (ctx == NULL) {
546 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
547 return -2;
548 }
549
550 if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
551 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
552 return -1;
553 }
554
555 if (ctx->op.sig.sigprovctx == NULL)
556 goto legacy;
557
558 ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.sigprovctx, rout,
559 routlen,
560 (rout == NULL ? 0 : *routlen),
561 sig, siglen);
562 return ret;
563 legacy:
564 if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) {
565 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
566 return -2;
567 }
568 M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
569 return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
570}
571
572static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation)
573{
574 int ret = 0;
575 void *provkey = NULL;
576 EVP_ASYM_CIPHER *cipher = NULL;
577
578 if (ctx == NULL) {
579 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
580 return -2;
581 }
582
583 evp_pkey_ctx_free_old_ops(ctx);
584 ctx->operation = operation;
585
586 if (ctx->algorithm == NULL || ctx->engine != NULL)
587 goto legacy;
588
589 /*
590 * Because we cleared out old ops, we shouldn't need to worry about
591 * checking if exchange is already there. Keymgmt is a different
592 * matter, as it isn't tied to a specific EVP_PKEY op.
593 */
594 cipher = EVP_ASYM_CIPHER_fetch(ctx->libctx, ctx->algorithm, ctx->propquery);
595 if (cipher != NULL && ctx->keymgmt == NULL) {
596 int name_id = EVP_ASYM_CIPHER_number(cipher);
597
598 ctx->keymgmt =
599 evp_keymgmt_fetch_by_number(ctx->libctx, name_id, ctx->propquery);
600 }
601
602 if (ctx->keymgmt == NULL
603 || cipher == NULL
604 || (EVP_KEYMGMT_provider(ctx->keymgmt)
605 != EVP_ASYM_CIPHER_provider(cipher))) {
606 /*
607 * We don't have the full support we need with provided methods,
608 * let's go see if legacy does. Also, we don't need to free
609 * ctx->keymgmt here, as it's not necessarily tied to this
610 * operation. It will be freed by EVP_PKEY_CTX_free().
611 */
612 EVP_ASYM_CIPHER_free(cipher);
613 goto legacy;
614 }
615
616 ctx->op.ciph.cipher = cipher;
617
618 if (ctx->pkey != NULL) {
619 provkey = evp_keymgmt_export_to_provider(ctx->pkey, ctx->keymgmt, 0);
620 if (provkey == NULL) {
621 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
622 goto err;
623 }
624 }
625 ctx->op.ciph.ciphprovctx = cipher->newctx(ossl_provider_ctx(cipher->prov));
626 if (ctx->op.ciph.ciphprovctx == NULL) {
627 /* The provider key can stay in the cache */
628 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
629 goto err;
630 }
631
632 switch (operation) {
633 case EVP_PKEY_OP_ENCRYPT:
634 if (cipher->encrypt_init == NULL) {
635 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
636 ret = -2;
637 goto err;
638 }
639 ret = cipher->encrypt_init(ctx->op.ciph.ciphprovctx, provkey);
640 break;
641 case EVP_PKEY_OP_DECRYPT:
642 if (cipher->decrypt_init == NULL) {
643 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
644 ret = -2;
645 goto err;
646 }
647 ret = cipher->decrypt_init(ctx->op.ciph.ciphprovctx, provkey);
648 break;
649 default:
650 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
651 goto err;
652 }
653
654 if (ret <= 0) {
655 cipher->freectx(ctx->op.ciph.ciphprovctx);
656 ctx->op.ciph.ciphprovctx = NULL;
657 goto err;
658 }
659 return 1;
660
661 legacy:
662 if (ctx->pmeth == NULL || ctx->pmeth->encrypt == NULL) {
663 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
664 return -2;
665 }
666 switch(ctx->operation) {
667 case EVP_PKEY_OP_ENCRYPT:
668 if (ctx->pmeth->encrypt_init == NULL)
669 return 1;
670 ret = ctx->pmeth->encrypt_init(ctx);
671 break;
672 case EVP_PKEY_OP_DECRYPT:
673 if (ctx->pmeth->decrypt_init == NULL)
674 return 1;
675 ret = ctx->pmeth->decrypt_init(ctx);
676 break;
677 default:
678 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
679 ret = -1;
680 }
681
682 err:
683 if (ret <= 0)
684 ctx->operation = EVP_PKEY_OP_UNDEFINED;
685 return ret;
686}
687
688int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx)
689{
690 return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_ENCRYPT);
691}
692
693int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
694 unsigned char *out, size_t *outlen,
695 const unsigned char *in, size_t inlen)
696{
697 int ret;
698
699 if (ctx == NULL) {
700 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
701 return -2;
702 }
703
704 if (ctx->operation != EVP_PKEY_OP_ENCRYPT) {
705 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
706 return -1;
707 }
708
709 if (ctx->op.ciph.ciphprovctx == NULL)
710 goto legacy;
711
712 ret = ctx->op.ciph.cipher->encrypt(ctx->op.ciph.ciphprovctx, out, outlen,
713 (out == NULL ? 0 : *outlen), in, inlen);
714 return ret;
715
716 legacy:
717 if (ctx->pmeth == NULL || ctx->pmeth->encrypt == NULL) {
718 EVPerr(EVP_F_EVP_PKEY_ENCRYPT,
719 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
720 return -2;
721 }
722 M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT)
723 return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);
724}
725
726int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx)
727{
728 return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_DECRYPT);
729}
730
731int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
732 unsigned char *out, size_t *outlen,
733 const unsigned char *in, size_t inlen)
734{
735 int ret;
736
737 if (ctx == NULL) {
738 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
739 return -2;
740 }
741
742 if (ctx->operation != EVP_PKEY_OP_DECRYPT) {
743 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
744 return -1;
745 }
746
747 if (ctx->op.ciph.ciphprovctx == NULL)
748 goto legacy;
749
750 ret = ctx->op.ciph.cipher->decrypt(ctx->op.ciph.ciphprovctx, out, outlen,
751 (out == NULL ? 0 : *outlen), in, inlen);
752 return ret;
753
754 legacy:
755 if (ctx->pmeth == NULL || ctx->pmeth->decrypt == NULL) {
756 EVPerr(EVP_F_EVP_PKEY_DECRYPT,
757 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
758 return -2;
759 }
760 M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
761 return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
762}
763
764
765static EVP_ASYM_CIPHER *evp_asym_cipher_new(OSSL_PROVIDER *prov)
766{
767 EVP_ASYM_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_ASYM_CIPHER));
768
769 if (cipher == NULL) {
770 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
771 return NULL;
772 }
773
774 cipher->lock = CRYPTO_THREAD_lock_new();
775 if (cipher->lock == NULL) {
776 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
777 OPENSSL_free(cipher);
778 return NULL;
779 }
780 cipher->prov = prov;
781 ossl_provider_up_ref(prov);
782 cipher->refcnt = 1;
783
784 return cipher;
785}
786
787static void *evp_asym_cipher_from_dispatch(int name_id,
788 const OSSL_DISPATCH *fns,
789 OSSL_PROVIDER *prov)
790{
791 EVP_ASYM_CIPHER *cipher = NULL;
792 int ctxfncnt = 0, encfncnt = 0, decfncnt = 0;
793 int gparamfncnt = 0, sparamfncnt = 0;
794
795 if ((cipher = evp_asym_cipher_new(prov)) == NULL) {
796 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
797 goto err;
798 }
799
800 cipher->name_id = name_id;
801
802 for (; fns->function_id != 0; fns++) {
803 switch (fns->function_id) {
804 case OSSL_FUNC_ASYM_CIPHER_NEWCTX:
805 if (cipher->newctx != NULL)
806 break;
807 cipher->newctx = OSSL_get_OP_asym_cipher_newctx(fns);
808 ctxfncnt++;
809 break;
810 case OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT:
811 if (cipher->encrypt_init != NULL)
812 break;
813 cipher->encrypt_init = OSSL_get_OP_asym_cipher_encrypt_init(fns);
814 encfncnt++;
815 break;
816 case OSSL_FUNC_ASYM_CIPHER_ENCRYPT:
817 if (cipher->encrypt != NULL)
818 break;
819 cipher->encrypt = OSSL_get_OP_asym_cipher_encrypt(fns);
820 encfncnt++;
821 break;
822 case OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT:
823 if (cipher->decrypt_init != NULL)
824 break;
825 cipher->decrypt_init = OSSL_get_OP_asym_cipher_decrypt_init(fns);
826 decfncnt++;
827 break;
828 case OSSL_FUNC_ASYM_CIPHER_DECRYPT:
829 if (cipher->decrypt != NULL)
830 break;
831 cipher->decrypt = OSSL_get_OP_asym_cipher_decrypt(fns);
832 decfncnt++;
833 break;
834 case OSSL_FUNC_ASYM_CIPHER_FREECTX:
835 if (cipher->freectx != NULL)
836 break;
837 cipher->freectx = OSSL_get_OP_asym_cipher_freectx(fns);
838 ctxfncnt++;
839 break;
840 case OSSL_FUNC_ASYM_CIPHER_DUPCTX:
841 if (cipher->dupctx != NULL)
842 break;
843 cipher->dupctx = OSSL_get_OP_asym_cipher_dupctx(fns);
844 break;
845 case OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS:
846 if (cipher->get_ctx_params != NULL)
847 break;
848 cipher->get_ctx_params
849 = OSSL_get_OP_asym_cipher_get_ctx_params(fns);
850 gparamfncnt++;
851 break;
852 case OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS:
853 if (cipher->gettable_ctx_params != NULL)
854 break;
855 cipher->gettable_ctx_params
856 = OSSL_get_OP_asym_cipher_gettable_ctx_params(fns);
857 gparamfncnt++;
858 break;
859 case OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS:
860 if (cipher->set_ctx_params != NULL)
861 break;
862 cipher->set_ctx_params
863 = OSSL_get_OP_asym_cipher_set_ctx_params(fns);
864 sparamfncnt++;
865 break;
866 case OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS:
867 if (cipher->settable_ctx_params != NULL)
868 break;
869 cipher->settable_ctx_params
870 = OSSL_get_OP_asym_cipher_settable_ctx_params(fns);
871 sparamfncnt++;
872 break;
873 }
874 }
875 if (ctxfncnt != 2
876 || (encfncnt != 0 && encfncnt != 2)
877 || (decfncnt != 0 && decfncnt != 2)
878 || (encfncnt != 2 && decfncnt != 2)
879 || (gparamfncnt != 0 && gparamfncnt != 2)
880 || (sparamfncnt != 0 && sparamfncnt != 2)) {
881 /*
882 * In order to be a consistent set of functions we must have at least
883 * a set of context functions (newctx and freectx) as well as a pair of
884 * "cipher" functions: (encrypt_init, encrypt) or
885 * (decrypt_init decrypt). set_ctx_params and settable_ctx_params are
886 * optional, but if one of them is present then the other one must also
887 * be present. The same applies to get_ctx_params and
888 * gettable_ctx_params. The dupctx function is optional.
889 */
890 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
891 goto err;
892 }
893
894 return cipher;
895 err:
896 EVP_ASYM_CIPHER_free(cipher);
897 return NULL;
898}
899
900void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher)
901{
902 if (cipher != NULL) {
903 int i;
904
905 CRYPTO_DOWN_REF(&cipher->refcnt, &i, cipher->lock);
906 if (i > 0)
907 return;
908 ossl_provider_free(cipher->prov);
909 CRYPTO_THREAD_lock_free(cipher->lock);
910 OPENSSL_free(cipher);
911 }
912}
913
914int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher)
915{
916 int ref = 0;
917
918 CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock);
919 return 1;
920}
921
922OSSL_PROVIDER *EVP_ASYM_CIPHER_provider(const EVP_ASYM_CIPHER *cipher)
923{
924 return cipher->prov;
925}
926
927EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm,
928 const char *properties)
929{
930 return evp_generic_fetch(ctx, OSSL_OP_ASYM_CIPHER, algorithm, properties,
931 evp_asym_cipher_from_dispatch,
932 (int (*)(void *))EVP_ASYM_CIPHER_up_ref,
933 (void (*)(void *))EVP_ASYM_CIPHER_free);
934}
935
936int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name)
937{
938 return evp_is_a(cipher->prov, cipher->name_id, name);
939}
940
941int EVP_ASYM_CIPHER_number(const EVP_ASYM_CIPHER *cipher)
942{
943 return cipher->name_id;
944}
945
946void EVP_ASYM_CIPHER_do_all_provided(OPENSSL_CTX *libctx,
947 void (*fn)(EVP_ASYM_CIPHER *cipher,
948 void *arg),
949 void *arg)
950{
951 evp_generic_do_all(libctx, OSSL_OP_ASYM_CIPHER,
952 (void (*)(void *, void *))fn, arg,
953 evp_asym_cipher_from_dispatch,
954 (void (*)(void *))EVP_ASYM_CIPHER_free);
955}
956
957
958void EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher,
959 void (*fn)(const char *name, void *data),
960 void *data)
961{
962 if (cipher->prov != NULL)
963 evp_names_do_all(cipher->prov, cipher->name_id, fn, data);
964}
965
966