1 | /* |
2 | * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at |
7 | * https://www.openssl.org/source/license.html |
8 | */ |
9 | |
10 | #include <stdio.h> |
11 | #include <stdlib.h> |
12 | #include <openssl/objects.h> |
13 | #include <openssl/evp.h> |
14 | #include "internal/cryptlib.h" |
15 | #include "crypto/evp.h" |
16 | #include "internal/provider.h" |
17 | #include "evp_local.h" |
18 | |
19 | static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov) |
20 | { |
21 | EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE)); |
22 | |
23 | if (signature == NULL) { |
24 | ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); |
25 | return NULL; |
26 | } |
27 | |
28 | signature->lock = CRYPTO_THREAD_lock_new(); |
29 | if (signature->lock == NULL) { |
30 | ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); |
31 | OPENSSL_free(signature); |
32 | return NULL; |
33 | } |
34 | signature->prov = prov; |
35 | ossl_provider_up_ref(prov); |
36 | signature->refcnt = 1; |
37 | |
38 | return signature; |
39 | } |
40 | |
41 | static void *evp_signature_from_dispatch(int name_id, |
42 | const OSSL_DISPATCH *fns, |
43 | OSSL_PROVIDER *prov) |
44 | { |
45 | EVP_SIGNATURE *signature = NULL; |
46 | int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0; |
47 | int digsignfncnt = 0, digverifyfncnt = 0; |
48 | int gparamfncnt = 0, sparamfncnt = 0, gmdparamfncnt = 0, smdparamfncnt = 0; |
49 | |
50 | if ((signature = evp_signature_new(prov)) == NULL) { |
51 | ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); |
52 | goto err; |
53 | } |
54 | |
55 | signature->name_id = name_id; |
56 | |
57 | for (; fns->function_id != 0; fns++) { |
58 | switch (fns->function_id) { |
59 | case OSSL_FUNC_SIGNATURE_NEWCTX: |
60 | if (signature->newctx != NULL) |
61 | break; |
62 | signature->newctx = OSSL_get_OP_signature_newctx(fns); |
63 | ctxfncnt++; |
64 | break; |
65 | case OSSL_FUNC_SIGNATURE_SIGN_INIT: |
66 | if (signature->sign_init != NULL) |
67 | break; |
68 | signature->sign_init = OSSL_get_OP_signature_sign_init(fns); |
69 | signfncnt++; |
70 | break; |
71 | case OSSL_FUNC_SIGNATURE_SIGN: |
72 | if (signature->sign != NULL) |
73 | break; |
74 | signature->sign = OSSL_get_OP_signature_sign(fns); |
75 | signfncnt++; |
76 | break; |
77 | case OSSL_FUNC_SIGNATURE_VERIFY_INIT: |
78 | if (signature->verify_init != NULL) |
79 | break; |
80 | signature->verify_init = OSSL_get_OP_signature_verify_init(fns); |
81 | verifyfncnt++; |
82 | break; |
83 | case OSSL_FUNC_SIGNATURE_VERIFY: |
84 | if (signature->verify != NULL) |
85 | break; |
86 | signature->verify = OSSL_get_OP_signature_verify(fns); |
87 | verifyfncnt++; |
88 | break; |
89 | case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT: |
90 | if (signature->verify_recover_init != NULL) |
91 | break; |
92 | signature->verify_recover_init |
93 | = OSSL_get_OP_signature_verify_recover_init(fns); |
94 | verifyrecfncnt++; |
95 | break; |
96 | case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER: |
97 | if (signature->verify_recover != NULL) |
98 | break; |
99 | signature->verify_recover |
100 | = OSSL_get_OP_signature_verify_recover(fns); |
101 | verifyrecfncnt++; |
102 | break; |
103 | case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT: |
104 | if (signature->digest_sign_init != NULL) |
105 | break; |
106 | signature->digest_sign_init |
107 | = OSSL_get_OP_signature_digest_sign_init(fns); |
108 | digsignfncnt++; |
109 | break; |
110 | case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE: |
111 | if (signature->digest_sign_update != NULL) |
112 | break; |
113 | signature->digest_sign_update |
114 | = OSSL_get_OP_signature_digest_sign_update(fns); |
115 | digsignfncnt++; |
116 | break; |
117 | case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL: |
118 | if (signature->digest_sign_final != NULL) |
119 | break; |
120 | signature->digest_sign_final |
121 | = OSSL_get_OP_signature_digest_sign_final(fns); |
122 | digsignfncnt++; |
123 | break; |
124 | case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT: |
125 | if (signature->digest_verify_init != NULL) |
126 | break; |
127 | signature->digest_verify_init |
128 | = OSSL_get_OP_signature_digest_verify_init(fns); |
129 | digverifyfncnt++; |
130 | break; |
131 | case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE: |
132 | if (signature->digest_verify_update != NULL) |
133 | break; |
134 | signature->digest_verify_update |
135 | = OSSL_get_OP_signature_digest_verify_update(fns); |
136 | digverifyfncnt++; |
137 | break; |
138 | case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL: |
139 | if (signature->digest_verify_final != NULL) |
140 | break; |
141 | signature->digest_verify_final |
142 | = OSSL_get_OP_signature_digest_verify_final(fns); |
143 | digverifyfncnt++; |
144 | break; |
145 | case OSSL_FUNC_SIGNATURE_FREECTX: |
146 | if (signature->freectx != NULL) |
147 | break; |
148 | signature->freectx = OSSL_get_OP_signature_freectx(fns); |
149 | ctxfncnt++; |
150 | break; |
151 | case OSSL_FUNC_SIGNATURE_DUPCTX: |
152 | if (signature->dupctx != NULL) |
153 | break; |
154 | signature->dupctx = OSSL_get_OP_signature_dupctx(fns); |
155 | break; |
156 | case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS: |
157 | if (signature->get_ctx_params != NULL) |
158 | break; |
159 | signature->get_ctx_params |
160 | = OSSL_get_OP_signature_get_ctx_params(fns); |
161 | gparamfncnt++; |
162 | break; |
163 | case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS: |
164 | if (signature->gettable_ctx_params != NULL) |
165 | break; |
166 | signature->gettable_ctx_params |
167 | = OSSL_get_OP_signature_gettable_ctx_params(fns); |
168 | gparamfncnt++; |
169 | break; |
170 | case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS: |
171 | if (signature->set_ctx_params != NULL) |
172 | break; |
173 | signature->set_ctx_params |
174 | = OSSL_get_OP_signature_set_ctx_params(fns); |
175 | sparamfncnt++; |
176 | break; |
177 | case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS: |
178 | if (signature->settable_ctx_params != NULL) |
179 | break; |
180 | signature->settable_ctx_params |
181 | = OSSL_get_OP_signature_settable_ctx_params(fns); |
182 | sparamfncnt++; |
183 | break; |
184 | case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS: |
185 | if (signature->get_ctx_md_params != NULL) |
186 | break; |
187 | signature->get_ctx_md_params |
188 | = OSSL_get_OP_signature_get_ctx_md_params(fns); |
189 | gmdparamfncnt++; |
190 | break; |
191 | case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS: |
192 | if (signature->gettable_ctx_md_params != NULL) |
193 | break; |
194 | signature->gettable_ctx_md_params |
195 | = OSSL_get_OP_signature_gettable_ctx_md_params(fns); |
196 | gmdparamfncnt++; |
197 | break; |
198 | case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS: |
199 | if (signature->set_ctx_md_params != NULL) |
200 | break; |
201 | signature->set_ctx_md_params |
202 | = OSSL_get_OP_signature_set_ctx_md_params(fns); |
203 | smdparamfncnt++; |
204 | break; |
205 | case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS: |
206 | if (signature->settable_ctx_md_params != NULL) |
207 | break; |
208 | signature->settable_ctx_md_params |
209 | = OSSL_get_OP_signature_settable_ctx_md_params(fns); |
210 | smdparamfncnt++; |
211 | break; |
212 | } |
213 | } |
214 | if (ctxfncnt != 2 |
215 | || (signfncnt == 0 |
216 | && verifyfncnt == 0 |
217 | && verifyrecfncnt == 0 |
218 | && digsignfncnt == 0 |
219 | && digverifyfncnt == 0) |
220 | || (signfncnt != 0 && signfncnt != 2) |
221 | || (verifyfncnt != 0 && verifyfncnt != 2) |
222 | || (verifyrecfncnt != 0 && verifyrecfncnt != 2) |
223 | || (digsignfncnt != 0 && digsignfncnt != 3) |
224 | || (digverifyfncnt != 0 && digverifyfncnt != 3) |
225 | || (gparamfncnt != 0 && gparamfncnt != 2) |
226 | || (sparamfncnt != 0 && sparamfncnt != 2) |
227 | || (gmdparamfncnt != 0 && gmdparamfncnt != 2) |
228 | || (smdparamfncnt != 0 && smdparamfncnt != 2)) { |
229 | /* |
230 | * In order to be a consistent set of functions we must have at least |
231 | * a set of context functions (newctx and freectx) as well as a set of |
232 | * "signature" functions: |
233 | * (sign_init, sign) or |
234 | * (verify_init verify) or |
235 | * (verify_recover_init, verify_recover) or |
236 | * (digest_sign_init, digest_sign_update, digest_sign_final) or |
237 | * (digest_verify_init, digest_verify_update, digest_verify_final). |
238 | * |
239 | * set_ctx_params and settable_ctx_params are optional, but if one of |
240 | * them is present then the other one must also be present. The same |
241 | * applies to get_ctx_params and gettable_ctx_params. The same rules |
242 | * apply to the "md_params" functions. The dupctx function is optional. |
243 | */ |
244 | ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); |
245 | goto err; |
246 | } |
247 | |
248 | return signature; |
249 | err: |
250 | EVP_SIGNATURE_free(signature); |
251 | return NULL; |
252 | } |
253 | |
254 | void EVP_SIGNATURE_free(EVP_SIGNATURE *signature) |
255 | { |
256 | if (signature != NULL) { |
257 | int i; |
258 | |
259 | CRYPTO_DOWN_REF(&signature->refcnt, &i, signature->lock); |
260 | if (i > 0) |
261 | return; |
262 | ossl_provider_free(signature->prov); |
263 | CRYPTO_THREAD_lock_free(signature->lock); |
264 | OPENSSL_free(signature); |
265 | } |
266 | } |
267 | |
268 | int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature) |
269 | { |
270 | int ref = 0; |
271 | |
272 | CRYPTO_UP_REF(&signature->refcnt, &ref, signature->lock); |
273 | return 1; |
274 | } |
275 | |
276 | OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature) |
277 | { |
278 | return signature->prov; |
279 | } |
280 | |
281 | EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm, |
282 | const char *properties) |
283 | { |
284 | return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties, |
285 | evp_signature_from_dispatch, |
286 | (int (*)(void *))EVP_SIGNATURE_up_ref, |
287 | (void (*)(void *))EVP_SIGNATURE_free); |
288 | } |
289 | |
290 | int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name) |
291 | { |
292 | return evp_is_a(signature->prov, signature->name_id, name); |
293 | } |
294 | |
295 | int EVP_SIGNATURE_number(const EVP_SIGNATURE *signature) |
296 | { |
297 | return signature->name_id; |
298 | } |
299 | |
300 | void EVP_SIGNATURE_do_all_provided(OPENSSL_CTX *libctx, |
301 | void (*fn)(EVP_SIGNATURE *signature, |
302 | void *arg), |
303 | void *arg) |
304 | { |
305 | evp_generic_do_all(libctx, OSSL_OP_SIGNATURE, |
306 | (void (*)(void *, void *))fn, arg, |
307 | evp_signature_from_dispatch, |
308 | (void (*)(void *))EVP_SIGNATURE_free); |
309 | } |
310 | |
311 | |
312 | void EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature, |
313 | void (*fn)(const char *name, void *data), |
314 | void *data) |
315 | { |
316 | if (signature->prov != NULL) |
317 | evp_names_do_all(signature->prov, signature->name_id, fn, data); |
318 | } |
319 | |
320 | static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation) |
321 | { |
322 | int ret = 0; |
323 | void *provkey = NULL; |
324 | EVP_SIGNATURE *signature = NULL; |
325 | |
326 | if (ctx == NULL) { |
327 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
328 | return -2; |
329 | } |
330 | |
331 | evp_pkey_ctx_free_old_ops(ctx); |
332 | ctx->operation = operation; |
333 | |
334 | if (ctx->algorithm == NULL) |
335 | goto legacy; |
336 | |
337 | /* |
338 | * Because we cleared out old ops, we shouldn't need to worry about |
339 | * checking if signature is already there. Keymgmt is a different |
340 | * matter, as it isn't tied to a specific EVP_PKEY op. |
341 | */ |
342 | signature = EVP_SIGNATURE_fetch(ctx->libctx, ctx->algorithm, |
343 | ctx->propquery); |
344 | if (signature != NULL && ctx->keymgmt == NULL) { |
345 | int name_id = EVP_SIGNATURE_number(signature); |
346 | |
347 | ctx->keymgmt = evp_keymgmt_fetch_by_number(ctx->libctx, name_id, |
348 | ctx->propquery); |
349 | } |
350 | |
351 | if (ctx->keymgmt == NULL |
352 | || signature == NULL |
353 | || (EVP_KEYMGMT_provider(ctx->keymgmt) |
354 | != EVP_SIGNATURE_provider(signature))) { |
355 | /* |
356 | * We don't have the full support we need with provided methods, |
357 | * let's go see if legacy does. Also, we don't need to free |
358 | * ctx->keymgmt here, as it's not necessarily tied to this |
359 | * operation. It will be freed by EVP_PKEY_CTX_free(). |
360 | */ |
361 | EVP_SIGNATURE_free(signature); |
362 | goto legacy; |
363 | } |
364 | |
365 | ctx->op.sig.signature = signature; |
366 | |
367 | if (ctx->pkey != NULL) { |
368 | provkey = |
369 | evp_keymgmt_export_to_provider(ctx->pkey, ctx->keymgmt, 0); |
370 | if (provkey == NULL) { |
371 | EVPerr(0, EVP_R_INITIALIZATION_ERROR); |
372 | goto err; |
373 | } |
374 | } |
375 | ctx->op.sig.sigprovctx = signature->newctx(ossl_provider_ctx(signature->prov)); |
376 | if (ctx->op.sig.sigprovctx == NULL) { |
377 | /* The provider key can stay in the cache */ |
378 | EVPerr(0, EVP_R_INITIALIZATION_ERROR); |
379 | goto err; |
380 | } |
381 | |
382 | switch (operation) { |
383 | case EVP_PKEY_OP_SIGN: |
384 | if (signature->sign_init == NULL) { |
385 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
386 | ret = -2; |
387 | goto err; |
388 | } |
389 | ret = signature->sign_init(ctx->op.sig.sigprovctx, provkey); |
390 | break; |
391 | case EVP_PKEY_OP_VERIFY: |
392 | if (signature->verify_init == NULL) { |
393 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
394 | ret = -2; |
395 | goto err; |
396 | } |
397 | ret = signature->verify_init(ctx->op.sig.sigprovctx, provkey); |
398 | break; |
399 | case EVP_PKEY_OP_VERIFYRECOVER: |
400 | if (signature->verify_recover_init == NULL) { |
401 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
402 | ret = -2; |
403 | goto err; |
404 | } |
405 | ret = signature->verify_recover_init(ctx->op.sig.sigprovctx, provkey); |
406 | break; |
407 | default: |
408 | EVPerr(0, EVP_R_INITIALIZATION_ERROR); |
409 | goto err; |
410 | } |
411 | |
412 | if (ret <= 0) { |
413 | signature->freectx(ctx->op.sig.sigprovctx); |
414 | ctx->op.sig.sigprovctx = NULL; |
415 | goto err; |
416 | } |
417 | return 1; |
418 | |
419 | legacy: |
420 | if (ctx->pmeth == NULL |
421 | || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL) |
422 | || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL) |
423 | || (operation == EVP_PKEY_OP_VERIFYRECOVER |
424 | && ctx->pmeth->verify_recover == NULL)) { |
425 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
426 | return -2; |
427 | } |
428 | |
429 | switch (operation) { |
430 | case EVP_PKEY_OP_SIGN: |
431 | if (ctx->pmeth->sign_init == NULL) |
432 | return 1; |
433 | ret = ctx->pmeth->sign_init(ctx); |
434 | break; |
435 | case EVP_PKEY_OP_VERIFY: |
436 | if (ctx->pmeth->verify_init == NULL) |
437 | return 1; |
438 | ret = ctx->pmeth->verify_init(ctx); |
439 | break; |
440 | case EVP_PKEY_OP_VERIFYRECOVER: |
441 | if (ctx->pmeth->verify_recover_init == NULL) |
442 | return 1; |
443 | ret = ctx->pmeth->verify_recover_init(ctx); |
444 | break; |
445 | default: |
446 | EVPerr(0, EVP_R_INITIALIZATION_ERROR); |
447 | goto err; |
448 | } |
449 | if (ret <= 0) |
450 | goto err; |
451 | return ret; |
452 | |
453 | err: |
454 | ctx->operation = EVP_PKEY_OP_UNDEFINED; |
455 | return ret; |
456 | } |
457 | |
458 | int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) |
459 | { |
460 | return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN); |
461 | } |
462 | |
463 | int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, |
464 | unsigned char *sig, size_t *siglen, |
465 | const unsigned char *tbs, size_t tbslen) |
466 | { |
467 | int ret; |
468 | |
469 | if (ctx == NULL) { |
470 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
471 | return -2; |
472 | } |
473 | |
474 | if (ctx->operation != EVP_PKEY_OP_SIGN) { |
475 | EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED); |
476 | return -1; |
477 | } |
478 | |
479 | if (ctx->op.sig.sigprovctx == NULL) |
480 | goto legacy; |
481 | |
482 | ret = ctx->op.sig.signature->sign(ctx->op.sig.sigprovctx, sig, siglen, |
483 | SIZE_MAX, tbs, tbslen); |
484 | |
485 | return ret; |
486 | legacy: |
487 | |
488 | if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) { |
489 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
490 | return -2; |
491 | } |
492 | |
493 | M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN) |
494 | return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen); |
495 | } |
496 | |
497 | int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx) |
498 | { |
499 | return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY); |
500 | } |
501 | |
502 | int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, |
503 | const unsigned char *sig, size_t siglen, |
504 | const unsigned char *tbs, size_t tbslen) |
505 | { |
506 | int ret; |
507 | |
508 | if (ctx == NULL) { |
509 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
510 | return -2; |
511 | } |
512 | |
513 | if (ctx->operation != EVP_PKEY_OP_VERIFY) { |
514 | EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED); |
515 | return -1; |
516 | } |
517 | |
518 | if (ctx->op.sig.sigprovctx == NULL) |
519 | goto legacy; |
520 | |
521 | ret = ctx->op.sig.signature->verify(ctx->op.sig.sigprovctx, sig, siglen, |
522 | tbs, tbslen); |
523 | |
524 | return ret; |
525 | legacy: |
526 | if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) { |
527 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
528 | return -2; |
529 | } |
530 | |
531 | return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen); |
532 | } |
533 | |
534 | int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx) |
535 | { |
536 | return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER); |
537 | } |
538 | |
539 | int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, |
540 | unsigned char *rout, size_t *routlen, |
541 | const unsigned char *sig, size_t siglen) |
542 | { |
543 | int ret; |
544 | |
545 | if (ctx == NULL) { |
546 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
547 | return -2; |
548 | } |
549 | |
550 | if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) { |
551 | EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED); |
552 | return -1; |
553 | } |
554 | |
555 | if (ctx->op.sig.sigprovctx == NULL) |
556 | goto legacy; |
557 | |
558 | ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.sigprovctx, rout, |
559 | routlen, |
560 | (rout == NULL ? 0 : *routlen), |
561 | sig, siglen); |
562 | return ret; |
563 | legacy: |
564 | if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) { |
565 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
566 | return -2; |
567 | } |
568 | M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER) |
569 | return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen); |
570 | } |
571 | |
572 | static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation) |
573 | { |
574 | int ret = 0; |
575 | void *provkey = NULL; |
576 | EVP_ASYM_CIPHER *cipher = NULL; |
577 | |
578 | if (ctx == NULL) { |
579 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
580 | return -2; |
581 | } |
582 | |
583 | evp_pkey_ctx_free_old_ops(ctx); |
584 | ctx->operation = operation; |
585 | |
586 | if (ctx->algorithm == NULL || ctx->engine != NULL) |
587 | goto legacy; |
588 | |
589 | /* |
590 | * Because we cleared out old ops, we shouldn't need to worry about |
591 | * checking if exchange is already there. Keymgmt is a different |
592 | * matter, as it isn't tied to a specific EVP_PKEY op. |
593 | */ |
594 | cipher = EVP_ASYM_CIPHER_fetch(ctx->libctx, ctx->algorithm, ctx->propquery); |
595 | if (cipher != NULL && ctx->keymgmt == NULL) { |
596 | int name_id = EVP_ASYM_CIPHER_number(cipher); |
597 | |
598 | ctx->keymgmt = |
599 | evp_keymgmt_fetch_by_number(ctx->libctx, name_id, ctx->propquery); |
600 | } |
601 | |
602 | if (ctx->keymgmt == NULL |
603 | || cipher == NULL |
604 | || (EVP_KEYMGMT_provider(ctx->keymgmt) |
605 | != EVP_ASYM_CIPHER_provider(cipher))) { |
606 | /* |
607 | * We don't have the full support we need with provided methods, |
608 | * let's go see if legacy does. Also, we don't need to free |
609 | * ctx->keymgmt here, as it's not necessarily tied to this |
610 | * operation. It will be freed by EVP_PKEY_CTX_free(). |
611 | */ |
612 | EVP_ASYM_CIPHER_free(cipher); |
613 | goto legacy; |
614 | } |
615 | |
616 | ctx->op.ciph.cipher = cipher; |
617 | |
618 | if (ctx->pkey != NULL) { |
619 | provkey = evp_keymgmt_export_to_provider(ctx->pkey, ctx->keymgmt, 0); |
620 | if (provkey == NULL) { |
621 | EVPerr(0, EVP_R_INITIALIZATION_ERROR); |
622 | goto err; |
623 | } |
624 | } |
625 | ctx->op.ciph.ciphprovctx = cipher->newctx(ossl_provider_ctx(cipher->prov)); |
626 | if (ctx->op.ciph.ciphprovctx == NULL) { |
627 | /* The provider key can stay in the cache */ |
628 | EVPerr(0, EVP_R_INITIALIZATION_ERROR); |
629 | goto err; |
630 | } |
631 | |
632 | switch (operation) { |
633 | case EVP_PKEY_OP_ENCRYPT: |
634 | if (cipher->encrypt_init == NULL) { |
635 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
636 | ret = -2; |
637 | goto err; |
638 | } |
639 | ret = cipher->encrypt_init(ctx->op.ciph.ciphprovctx, provkey); |
640 | break; |
641 | case EVP_PKEY_OP_DECRYPT: |
642 | if (cipher->decrypt_init == NULL) { |
643 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
644 | ret = -2; |
645 | goto err; |
646 | } |
647 | ret = cipher->decrypt_init(ctx->op.ciph.ciphprovctx, provkey); |
648 | break; |
649 | default: |
650 | EVPerr(0, EVP_R_INITIALIZATION_ERROR); |
651 | goto err; |
652 | } |
653 | |
654 | if (ret <= 0) { |
655 | cipher->freectx(ctx->op.ciph.ciphprovctx); |
656 | ctx->op.ciph.ciphprovctx = NULL; |
657 | goto err; |
658 | } |
659 | return 1; |
660 | |
661 | legacy: |
662 | if (ctx->pmeth == NULL || ctx->pmeth->encrypt == NULL) { |
663 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
664 | return -2; |
665 | } |
666 | switch(ctx->operation) { |
667 | case EVP_PKEY_OP_ENCRYPT: |
668 | if (ctx->pmeth->encrypt_init == NULL) |
669 | return 1; |
670 | ret = ctx->pmeth->encrypt_init(ctx); |
671 | break; |
672 | case EVP_PKEY_OP_DECRYPT: |
673 | if (ctx->pmeth->decrypt_init == NULL) |
674 | return 1; |
675 | ret = ctx->pmeth->decrypt_init(ctx); |
676 | break; |
677 | default: |
678 | EVPerr(0, EVP_R_INITIALIZATION_ERROR); |
679 | ret = -1; |
680 | } |
681 | |
682 | err: |
683 | if (ret <= 0) |
684 | ctx->operation = EVP_PKEY_OP_UNDEFINED; |
685 | return ret; |
686 | } |
687 | |
688 | int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx) |
689 | { |
690 | return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_ENCRYPT); |
691 | } |
692 | |
693 | int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, |
694 | unsigned char *out, size_t *outlen, |
695 | const unsigned char *in, size_t inlen) |
696 | { |
697 | int ret; |
698 | |
699 | if (ctx == NULL) { |
700 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
701 | return -2; |
702 | } |
703 | |
704 | if (ctx->operation != EVP_PKEY_OP_ENCRYPT) { |
705 | EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED); |
706 | return -1; |
707 | } |
708 | |
709 | if (ctx->op.ciph.ciphprovctx == NULL) |
710 | goto legacy; |
711 | |
712 | ret = ctx->op.ciph.cipher->encrypt(ctx->op.ciph.ciphprovctx, out, outlen, |
713 | (out == NULL ? 0 : *outlen), in, inlen); |
714 | return ret; |
715 | |
716 | legacy: |
717 | if (ctx->pmeth == NULL || ctx->pmeth->encrypt == NULL) { |
718 | EVPerr(EVP_F_EVP_PKEY_ENCRYPT, |
719 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
720 | return -2; |
721 | } |
722 | M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT) |
723 | return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen); |
724 | } |
725 | |
726 | int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx) |
727 | { |
728 | return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_DECRYPT); |
729 | } |
730 | |
731 | int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, |
732 | unsigned char *out, size_t *outlen, |
733 | const unsigned char *in, size_t inlen) |
734 | { |
735 | int ret; |
736 | |
737 | if (ctx == NULL) { |
738 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
739 | return -2; |
740 | } |
741 | |
742 | if (ctx->operation != EVP_PKEY_OP_DECRYPT) { |
743 | EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED); |
744 | return -1; |
745 | } |
746 | |
747 | if (ctx->op.ciph.ciphprovctx == NULL) |
748 | goto legacy; |
749 | |
750 | ret = ctx->op.ciph.cipher->decrypt(ctx->op.ciph.ciphprovctx, out, outlen, |
751 | (out == NULL ? 0 : *outlen), in, inlen); |
752 | return ret; |
753 | |
754 | legacy: |
755 | if (ctx->pmeth == NULL || ctx->pmeth->decrypt == NULL) { |
756 | EVPerr(EVP_F_EVP_PKEY_DECRYPT, |
757 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
758 | return -2; |
759 | } |
760 | M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT) |
761 | return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen); |
762 | } |
763 | |
764 | |
765 | static EVP_ASYM_CIPHER *evp_asym_cipher_new(OSSL_PROVIDER *prov) |
766 | { |
767 | EVP_ASYM_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_ASYM_CIPHER)); |
768 | |
769 | if (cipher == NULL) { |
770 | ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); |
771 | return NULL; |
772 | } |
773 | |
774 | cipher->lock = CRYPTO_THREAD_lock_new(); |
775 | if (cipher->lock == NULL) { |
776 | ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); |
777 | OPENSSL_free(cipher); |
778 | return NULL; |
779 | } |
780 | cipher->prov = prov; |
781 | ossl_provider_up_ref(prov); |
782 | cipher->refcnt = 1; |
783 | |
784 | return cipher; |
785 | } |
786 | |
787 | static void *evp_asym_cipher_from_dispatch(int name_id, |
788 | const OSSL_DISPATCH *fns, |
789 | OSSL_PROVIDER *prov) |
790 | { |
791 | EVP_ASYM_CIPHER *cipher = NULL; |
792 | int ctxfncnt = 0, encfncnt = 0, decfncnt = 0; |
793 | int gparamfncnt = 0, sparamfncnt = 0; |
794 | |
795 | if ((cipher = evp_asym_cipher_new(prov)) == NULL) { |
796 | ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); |
797 | goto err; |
798 | } |
799 | |
800 | cipher->name_id = name_id; |
801 | |
802 | for (; fns->function_id != 0; fns++) { |
803 | switch (fns->function_id) { |
804 | case OSSL_FUNC_ASYM_CIPHER_NEWCTX: |
805 | if (cipher->newctx != NULL) |
806 | break; |
807 | cipher->newctx = OSSL_get_OP_asym_cipher_newctx(fns); |
808 | ctxfncnt++; |
809 | break; |
810 | case OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT: |
811 | if (cipher->encrypt_init != NULL) |
812 | break; |
813 | cipher->encrypt_init = OSSL_get_OP_asym_cipher_encrypt_init(fns); |
814 | encfncnt++; |
815 | break; |
816 | case OSSL_FUNC_ASYM_CIPHER_ENCRYPT: |
817 | if (cipher->encrypt != NULL) |
818 | break; |
819 | cipher->encrypt = OSSL_get_OP_asym_cipher_encrypt(fns); |
820 | encfncnt++; |
821 | break; |
822 | case OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT: |
823 | if (cipher->decrypt_init != NULL) |
824 | break; |
825 | cipher->decrypt_init = OSSL_get_OP_asym_cipher_decrypt_init(fns); |
826 | decfncnt++; |
827 | break; |
828 | case OSSL_FUNC_ASYM_CIPHER_DECRYPT: |
829 | if (cipher->decrypt != NULL) |
830 | break; |
831 | cipher->decrypt = OSSL_get_OP_asym_cipher_decrypt(fns); |
832 | decfncnt++; |
833 | break; |
834 | case OSSL_FUNC_ASYM_CIPHER_FREECTX: |
835 | if (cipher->freectx != NULL) |
836 | break; |
837 | cipher->freectx = OSSL_get_OP_asym_cipher_freectx(fns); |
838 | ctxfncnt++; |
839 | break; |
840 | case OSSL_FUNC_ASYM_CIPHER_DUPCTX: |
841 | if (cipher->dupctx != NULL) |
842 | break; |
843 | cipher->dupctx = OSSL_get_OP_asym_cipher_dupctx(fns); |
844 | break; |
845 | case OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS: |
846 | if (cipher->get_ctx_params != NULL) |
847 | break; |
848 | cipher->get_ctx_params |
849 | = OSSL_get_OP_asym_cipher_get_ctx_params(fns); |
850 | gparamfncnt++; |
851 | break; |
852 | case OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS: |
853 | if (cipher->gettable_ctx_params != NULL) |
854 | break; |
855 | cipher->gettable_ctx_params |
856 | = OSSL_get_OP_asym_cipher_gettable_ctx_params(fns); |
857 | gparamfncnt++; |
858 | break; |
859 | case OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS: |
860 | if (cipher->set_ctx_params != NULL) |
861 | break; |
862 | cipher->set_ctx_params |
863 | = OSSL_get_OP_asym_cipher_set_ctx_params(fns); |
864 | sparamfncnt++; |
865 | break; |
866 | case OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS: |
867 | if (cipher->settable_ctx_params != NULL) |
868 | break; |
869 | cipher->settable_ctx_params |
870 | = OSSL_get_OP_asym_cipher_settable_ctx_params(fns); |
871 | sparamfncnt++; |
872 | break; |
873 | } |
874 | } |
875 | if (ctxfncnt != 2 |
876 | || (encfncnt != 0 && encfncnt != 2) |
877 | || (decfncnt != 0 && decfncnt != 2) |
878 | || (encfncnt != 2 && decfncnt != 2) |
879 | || (gparamfncnt != 0 && gparamfncnt != 2) |
880 | || (sparamfncnt != 0 && sparamfncnt != 2)) { |
881 | /* |
882 | * In order to be a consistent set of functions we must have at least |
883 | * a set of context functions (newctx and freectx) as well as a pair of |
884 | * "cipher" functions: (encrypt_init, encrypt) or |
885 | * (decrypt_init decrypt). set_ctx_params and settable_ctx_params are |
886 | * optional, but if one of them is present then the other one must also |
887 | * be present. The same applies to get_ctx_params and |
888 | * gettable_ctx_params. The dupctx function is optional. |
889 | */ |
890 | ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); |
891 | goto err; |
892 | } |
893 | |
894 | return cipher; |
895 | err: |
896 | EVP_ASYM_CIPHER_free(cipher); |
897 | return NULL; |
898 | } |
899 | |
900 | void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher) |
901 | { |
902 | if (cipher != NULL) { |
903 | int i; |
904 | |
905 | CRYPTO_DOWN_REF(&cipher->refcnt, &i, cipher->lock); |
906 | if (i > 0) |
907 | return; |
908 | ossl_provider_free(cipher->prov); |
909 | CRYPTO_THREAD_lock_free(cipher->lock); |
910 | OPENSSL_free(cipher); |
911 | } |
912 | } |
913 | |
914 | int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher) |
915 | { |
916 | int ref = 0; |
917 | |
918 | CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock); |
919 | return 1; |
920 | } |
921 | |
922 | OSSL_PROVIDER *EVP_ASYM_CIPHER_provider(const EVP_ASYM_CIPHER *cipher) |
923 | { |
924 | return cipher->prov; |
925 | } |
926 | |
927 | EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, |
928 | const char *properties) |
929 | { |
930 | return evp_generic_fetch(ctx, OSSL_OP_ASYM_CIPHER, algorithm, properties, |
931 | evp_asym_cipher_from_dispatch, |
932 | (int (*)(void *))EVP_ASYM_CIPHER_up_ref, |
933 | (void (*)(void *))EVP_ASYM_CIPHER_free); |
934 | } |
935 | |
936 | int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name) |
937 | { |
938 | return evp_is_a(cipher->prov, cipher->name_id, name); |
939 | } |
940 | |
941 | int EVP_ASYM_CIPHER_number(const EVP_ASYM_CIPHER *cipher) |
942 | { |
943 | return cipher->name_id; |
944 | } |
945 | |
946 | void EVP_ASYM_CIPHER_do_all_provided(OPENSSL_CTX *libctx, |
947 | void (*fn)(EVP_ASYM_CIPHER *cipher, |
948 | void *arg), |
949 | void *arg) |
950 | { |
951 | evp_generic_do_all(libctx, OSSL_OP_ASYM_CIPHER, |
952 | (void (*)(void *, void *))fn, arg, |
953 | evp_asym_cipher_from_dispatch, |
954 | (void (*)(void *))EVP_ASYM_CIPHER_free); |
955 | } |
956 | |
957 | |
958 | void EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher, |
959 | void (*fn)(const char *name, void *data), |
960 | void *data) |
961 | { |
962 | if (cipher->prov != NULL) |
963 | evp_names_do_all(cipher->prov, cipher->name_id, fn, data); |
964 | } |
965 | |
966 | |