]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
aa6bb135 | 2 | * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. |
f733a5ef | 3 | * |
4a8b0c55 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
aa6bb135 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
f733a5ef DSH |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
11 | #include <stdlib.h> | |
c20276e4 | 12 | #include <openssl/objects.h> |
f733a5ef | 13 | #include <openssl/evp.h> |
ff64702b | 14 | #include "internal/cryptlib.h" |
27af42f9 | 15 | #include "internal/evp_int.h" |
dfcb5d29 | 16 | #include "internal/provider.h" |
ff64702b | 17 | #include "evp_locl.h" |
b010b7c4 | 18 | |
dfcb5d29 MC |
19 | static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov) |
20 | { | |
21 | EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE)); | |
22 | ||
23 | signature->lock = CRYPTO_THREAD_lock_new(); | |
24 | if (signature->lock == NULL) { | |
25 | OPENSSL_free(signature); | |
26 | return NULL; | |
27 | } | |
28 | signature->prov = prov; | |
29 | ossl_provider_up_ref(prov); | |
30 | signature->refcnt = 1; | |
31 | ||
32 | return signature; | |
33 | } | |
34 | ||
35 | static void *evp_signature_from_dispatch(const char *name, | |
36 | const OSSL_DISPATCH *fns, | |
37 | OSSL_PROVIDER *prov, | |
38 | void *vkeymgmt_data) | |
39 | { | |
40 | /* | |
41 | * Signature functions cannot work without a key, and key management | |
42 | * from the same provider to manage its keys. We therefore fetch | |
43 | * a key management method using the same algorithm and properties | |
44 | * and pass that down to evp_generic_fetch to be passed on to our | |
45 | * evp_signature_from_dispatch, which will attach the key management | |
46 | * method to the newly created key exchange method as long as the | |
47 | * provider matches. | |
48 | */ | |
49 | struct keymgmt_data_st *keymgmt_data = vkeymgmt_data; | |
50 | EVP_KEYMGMT *keymgmt = EVP_KEYMGMT_fetch(keymgmt_data->ctx, name, | |
51 | keymgmt_data->properties); | |
52 | EVP_SIGNATURE *signature = NULL; | |
390acbeb | 53 | int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0; |
dfcb5d29 MC |
54 | |
55 | if (keymgmt == NULL || EVP_KEYMGMT_provider(keymgmt) != prov) { | |
56 | ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEYMGMT_AVAILABLE); | |
57 | goto err; | |
58 | } | |
59 | ||
60 | if ((signature = evp_signature_new(prov)) == NULL | |
61 | || (signature->name = OPENSSL_strdup(name)) == NULL) { | |
62 | ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); | |
63 | goto err; | |
64 | } | |
65 | ||
66 | signature->keymgmt = keymgmt; | |
67 | keymgmt = NULL; /* avoid double free on failure below */ | |
68 | ||
69 | for (; fns->function_id != 0; fns++) { | |
70 | switch (fns->function_id) { | |
71 | case OSSL_FUNC_SIGNATURE_NEWCTX: | |
72 | if (signature->newctx != NULL) | |
73 | break; | |
74 | signature->newctx = OSSL_get_OP_signature_newctx(fns); | |
390acbeb | 75 | ctxfncnt++; |
dfcb5d29 MC |
76 | break; |
77 | case OSSL_FUNC_SIGNATURE_SIGN_INIT: | |
78 | if (signature->sign_init != NULL) | |
79 | break; | |
80 | signature->sign_init = OSSL_get_OP_signature_sign_init(fns); | |
390acbeb | 81 | signfncnt++; |
dfcb5d29 MC |
82 | break; |
83 | case OSSL_FUNC_SIGNATURE_SIGN: | |
84 | if (signature->sign != NULL) | |
85 | break; | |
86 | signature->sign = OSSL_get_OP_signature_sign(fns); | |
390acbeb MC |
87 | signfncnt++; |
88 | break; | |
89 | case OSSL_FUNC_SIGNATURE_VERIFY_INIT: | |
90 | if (signature->verify_init != NULL) | |
91 | break; | |
92 | signature->verify_init = OSSL_get_OP_signature_verify_init(fns); | |
93 | verifyfncnt++; | |
94 | break; | |
95 | case OSSL_FUNC_SIGNATURE_VERIFY: | |
96 | if (signature->verify != NULL) | |
97 | break; | |
98 | signature->verify = OSSL_get_OP_signature_verify(fns); | |
99 | verifyfncnt++; | |
100 | break; | |
101 | case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT: | |
102 | if (signature->verify_recover_init != NULL) | |
103 | break; | |
104 | signature->verify_recover_init | |
105 | = OSSL_get_OP_signature_verify_recover_init(fns); | |
106 | verifyrecfncnt++; | |
107 | break; | |
108 | case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER: | |
109 | if (signature->verify_recover != NULL) | |
110 | break; | |
111 | signature->verify_recover | |
112 | = OSSL_get_OP_signature_verify_recover(fns); | |
113 | verifyrecfncnt++; | |
dfcb5d29 MC |
114 | break; |
115 | case OSSL_FUNC_SIGNATURE_FREECTX: | |
116 | if (signature->freectx != NULL) | |
117 | break; | |
118 | signature->freectx = OSSL_get_OP_signature_freectx(fns); | |
390acbeb | 119 | ctxfncnt++; |
dfcb5d29 MC |
120 | break; |
121 | case OSSL_FUNC_SIGNATURE_DUPCTX: | |
122 | if (signature->dupctx != NULL) | |
123 | break; | |
124 | signature->dupctx = OSSL_get_OP_signature_dupctx(fns); | |
125 | break; | |
126 | case OSSL_FUNC_SIGNATURE_SET_PARAMS: | |
127 | if (signature->set_params != NULL) | |
128 | break; | |
129 | signature->set_params = OSSL_get_OP_signature_set_params(fns); | |
130 | break; | |
131 | } | |
132 | } | |
390acbeb MC |
133 | if (ctxfncnt != 2 |
134 | || (signfncnt != 2 && verifyfncnt != 2 && verifyrecfncnt != 2)) { | |
dfcb5d29 MC |
135 | /* |
136 | * In order to be a consistent set of functions we must have at least | |
390acbeb MC |
137 | * a set of context functions (newctx and freectx) as well as a pair of |
138 | * "signature" functions: (sign_init, sign) or (verify_init verify) or | |
139 | * (verify_recover_init, verify_recover). The dupctx and set_params | |
140 | * functions are optional. | |
dfcb5d29 MC |
141 | */ |
142 | ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); | |
143 | goto err; | |
144 | } | |
145 | ||
146 | return signature; | |
147 | err: | |
148 | EVP_SIGNATURE_free(signature); | |
149 | EVP_KEYMGMT_free(keymgmt); | |
150 | return NULL; | |
151 | } | |
152 | ||
153 | void EVP_SIGNATURE_free(EVP_SIGNATURE *signature) | |
154 | { | |
155 | if (signature != NULL) { | |
156 | int i; | |
157 | ||
158 | CRYPTO_DOWN_REF(&signature->refcnt, &i, signature->lock); | |
159 | if (i > 0) | |
160 | return; | |
161 | EVP_KEYMGMT_free(signature->keymgmt); | |
162 | ossl_provider_free(signature->prov); | |
163 | OPENSSL_free(signature->name); | |
164 | CRYPTO_THREAD_lock_free(signature->lock); | |
165 | OPENSSL_free(signature); | |
166 | } | |
167 | } | |
168 | ||
169 | int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature) | |
170 | { | |
171 | int ref = 0; | |
172 | ||
173 | CRYPTO_UP_REF(&signature->refcnt, &ref, signature->lock); | |
174 | return 1; | |
175 | } | |
176 | ||
177 | OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature) | |
178 | { | |
179 | return signature->prov; | |
180 | } | |
181 | ||
182 | EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm, | |
183 | const char *properties) | |
184 | { | |
185 | struct keymgmt_data_st keymgmt_data; | |
186 | ||
187 | /* | |
188 | * A signature operation cannot work without a key, so we need key | |
189 | * management from the same provider to manage its keys. | |
190 | */ | |
191 | keymgmt_data.ctx = ctx; | |
192 | keymgmt_data.properties = properties; | |
193 | return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties, | |
194 | evp_signature_from_dispatch, &keymgmt_data, | |
195 | (int (*)(void *))EVP_SIGNATURE_up_ref, | |
196 | (void (*)(void *))EVP_SIGNATURE_free); | |
197 | } | |
198 | ||
390acbeb MC |
199 | static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature, |
200 | int operation) | |
0f113f3e | 201 | { |
390acbeb | 202 | int ret = 0; |
dfcb5d29 MC |
203 | void *provkey = NULL; |
204 | ||
205 | if (ctx == NULL) { | |
206 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
0f113f3e MC |
207 | return -2; |
208 | } | |
dfcb5d29 | 209 | |
390acbeb | 210 | ctx->operation = operation; |
dfcb5d29 MC |
211 | |
212 | if (ctx->engine != NULL) | |
213 | goto legacy; | |
214 | ||
215 | if (signature != NULL) { | |
216 | if (!EVP_SIGNATURE_up_ref(signature)) | |
217 | goto err; | |
218 | } else { | |
219 | int nid = ctx->pkey != NULL ? ctx->pkey->type : ctx->pmeth->pkey_id; | |
220 | ||
221 | /* | |
222 | * TODO(3.0): Check for legacy handling. Remove this once all all | |
223 | * algorithms are moved to providers. | |
224 | */ | |
225 | if (ctx->pkey != NULL) { | |
226 | switch (ctx->pkey->type) { | |
4889dadc MC |
227 | case NID_dsa: |
228 | break; | |
dfcb5d29 MC |
229 | default: |
230 | goto legacy; | |
231 | } | |
232 | signature = EVP_SIGNATURE_fetch(NULL, OBJ_nid2sn(nid), NULL); | |
233 | } else { | |
234 | goto legacy; | |
235 | } | |
236 | ||
237 | if (signature == NULL) { | |
238 | EVPerr(0, EVP_R_INITIALIZATION_ERROR); | |
239 | goto err; | |
240 | } | |
241 | } | |
242 | ||
243 | if (ctx->sigprovctx != NULL && ctx->signature != NULL) | |
244 | ctx->signature->freectx(ctx->sigprovctx); | |
245 | EVP_SIGNATURE_free(ctx->signature); | |
246 | ctx->signature = signature; | |
247 | if (ctx->pkey != NULL) { | |
248 | provkey = evp_keymgmt_export_to_provider(ctx->pkey, signature->keymgmt); | |
249 | if (provkey == NULL) { | |
250 | EVPerr(0, EVP_R_INITIALIZATION_ERROR); | |
251 | goto err; | |
252 | } | |
253 | } | |
254 | ctx->sigprovctx = signature->newctx(ossl_provider_ctx(signature->prov)); | |
255 | if (ctx->sigprovctx == NULL) { | |
256 | /* The provider key can stay in the cache */ | |
257 | EVPerr(0, EVP_R_INITIALIZATION_ERROR); | |
258 | goto err; | |
259 | } | |
dfcb5d29 | 260 | |
390acbeb MC |
261 | switch (operation) { |
262 | case EVP_PKEY_OP_SIGN: | |
263 | if (signature->sign_init == NULL) { | |
264 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
265 | ret = -2; | |
266 | goto err; | |
267 | } | |
268 | ret = signature->sign_init(ctx->sigprovctx, provkey); | |
269 | break; | |
270 | case EVP_PKEY_OP_VERIFY: | |
271 | if (signature->verify_init == NULL) { | |
272 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
273 | ret = -2; | |
274 | goto err; | |
275 | } | |
276 | ret = signature->verify_init(ctx->sigprovctx, provkey); | |
277 | break; | |
278 | case EVP_PKEY_OP_VERIFYRECOVER: | |
279 | if (signature->verify_recover_init == NULL) { | |
280 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
281 | ret = -2; | |
282 | goto err; | |
283 | } | |
284 | ret = signature->verify_recover_init(ctx->sigprovctx, provkey); | |
285 | break; | |
286 | default: | |
287 | EVPerr(0, EVP_R_INITIALIZATION_ERROR); | |
288 | goto err; | |
289 | } | |
290 | ||
291 | if (ret <= 0) { | |
292 | signature->freectx(ctx->sigprovctx); | |
293 | ctx->sigprovctx = NULL; | |
294 | goto err; | |
295 | } | |
296 | return 1; | |
dfcb5d29 MC |
297 | |
298 | legacy: | |
390acbeb MC |
299 | if (ctx->pmeth == NULL |
300 | || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL) | |
301 | || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL) | |
302 | || (operation == EVP_PKEY_OP_VERIFYRECOVER | |
303 | && ctx->pmeth->verify_recover == NULL)) { | |
dfcb5d29 MC |
304 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
305 | return -2; | |
306 | } | |
307 | ||
390acbeb MC |
308 | switch (operation) { |
309 | case EVP_PKEY_OP_SIGN: | |
310 | if (ctx->pmeth->sign_init == NULL) | |
311 | return 1; | |
312 | ret = ctx->pmeth->sign_init(ctx); | |
313 | break; | |
314 | case EVP_PKEY_OP_VERIFY: | |
315 | if (ctx->pmeth->verify_init == NULL) | |
316 | return 1; | |
317 | ret = ctx->pmeth->verify_init(ctx); | |
318 | break; | |
319 | case EVP_PKEY_OP_VERIFYRECOVER: | |
320 | if (ctx->pmeth->verify_recover_init == NULL) | |
321 | return 1; | |
322 | ret = ctx->pmeth->verify_recover_init(ctx); | |
323 | break; | |
324 | default: | |
325 | EVPerr(0, EVP_R_INITIALIZATION_ERROR); | |
326 | goto err; | |
327 | } | |
0f113f3e | 328 | if (ret <= 0) |
390acbeb | 329 | goto err; |
0f113f3e | 330 | return ret; |
390acbeb MC |
331 | |
332 | err: | |
333 | ctx->operation = EVP_PKEY_OP_UNDEFINED; | |
334 | return ret; | |
335 | } | |
336 | ||
337 | int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature) | |
338 | { | |
339 | return evp_pkey_signature_init(ctx, signature, EVP_PKEY_OP_SIGN); | |
0f113f3e | 340 | } |
f733a5ef | 341 | |
dfcb5d29 MC |
342 | int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) |
343 | { | |
390acbeb | 344 | return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_SIGN); |
dfcb5d29 MC |
345 | } |
346 | ||
f733a5ef | 347 | int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, |
0f113f3e MC |
348 | unsigned char *sig, size_t *siglen, |
349 | const unsigned char *tbs, size_t tbslen) | |
350 | { | |
dfcb5d29 MC |
351 | int ret; |
352 | ||
353 | if (ctx == NULL) { | |
354 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
0f113f3e MC |
355 | return -2; |
356 | } | |
dfcb5d29 | 357 | |
0f113f3e | 358 | if (ctx->operation != EVP_PKEY_OP_SIGN) { |
dfcb5d29 | 359 | EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED); |
0f113f3e MC |
360 | return -1; |
361 | } | |
dfcb5d29 MC |
362 | |
363 | if (ctx->sigprovctx == NULL) | |
364 | goto legacy; | |
365 | ||
366 | ret = ctx->signature->sign(ctx->sigprovctx, sig, siglen, SIZE_MAX, | |
367 | tbs, tbslen); | |
368 | ||
369 | return ret; | |
370 | legacy: | |
371 | ||
372 | if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) { | |
373 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
374 | return -2; | |
375 | } | |
376 | ||
0f113f3e MC |
377 | M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN) |
378 | return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen); | |
379 | } | |
f733a5ef | 380 | |
390acbeb MC |
381 | int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature) |
382 | { | |
383 | return evp_pkey_signature_init(ctx, signature, EVP_PKEY_OP_VERIFY); | |
384 | } | |
385 | ||
cd763898 | 386 | int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx) |
0f113f3e | 387 | { |
390acbeb | 388 | return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFY); |
0f113f3e | 389 | } |
f733a5ef DSH |
390 | |
391 | int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, | |
0f113f3e MC |
392 | const unsigned char *sig, size_t siglen, |
393 | const unsigned char *tbs, size_t tbslen) | |
394 | { | |
390acbeb MC |
395 | int ret; |
396 | ||
397 | if (ctx == NULL) { | |
398 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
0f113f3e MC |
399 | return -2; |
400 | } | |
390acbeb | 401 | |
0f113f3e | 402 | if (ctx->operation != EVP_PKEY_OP_VERIFY) { |
390acbeb | 403 | EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED); |
0f113f3e MC |
404 | return -1; |
405 | } | |
390acbeb MC |
406 | |
407 | if (ctx->sigprovctx == NULL) | |
408 | goto legacy; | |
409 | ||
410 | ret = ctx->signature->verify(ctx->sigprovctx, sig, siglen, tbs, tbslen); | |
411 | ||
412 | return ret; | |
413 | legacy: | |
414 | if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) { | |
415 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
416 | return -2; | |
417 | } | |
418 | ||
0f113f3e MC |
419 | return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen); |
420 | } | |
f733a5ef | 421 | |
390acbeb MC |
422 | int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature) |
423 | { | |
424 | return evp_pkey_signature_init(ctx, signature, EVP_PKEY_OP_VERIFYRECOVER); | |
425 | } | |
426 | ||
cd763898 | 427 | int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx) |
0f113f3e | 428 | { |
390acbeb | 429 | return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFYRECOVER); |
0f113f3e | 430 | } |
f733a5ef DSH |
431 | |
432 | int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, | |
0f113f3e MC |
433 | unsigned char *rout, size_t *routlen, |
434 | const unsigned char *sig, size_t siglen) | |
435 | { | |
390acbeb MC |
436 | int ret; |
437 | ||
438 | if (ctx == NULL) { | |
439 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
0f113f3e MC |
440 | return -2; |
441 | } | |
390acbeb | 442 | |
0f113f3e | 443 | if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) { |
390acbeb | 444 | EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED); |
0f113f3e MC |
445 | return -1; |
446 | } | |
390acbeb MC |
447 | |
448 | if (ctx->sigprovctx == NULL) | |
449 | goto legacy; | |
450 | ||
451 | ret = ctx->signature->verify_recover(ctx->sigprovctx, rout, routlen, | |
452 | (rout == NULL ? 0 : *routlen), | |
453 | sig, siglen); | |
454 | return ret; | |
455 | legacy: | |
456 | if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) { | |
457 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
458 | return -2; | |
459 | } | |
0f113f3e MC |
460 | M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER) |
461 | return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen); | |
462 | } | |
f733a5ef | 463 | |
cd763898 | 464 | int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx) |
0f113f3e MC |
465 | { |
466 | int ret; | |
467 | if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) { | |
468 | EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT, | |
469 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
470 | return -2; | |
471 | } | |
472 | ctx->operation = EVP_PKEY_OP_ENCRYPT; | |
473 | if (!ctx->pmeth->encrypt_init) | |
474 | return 1; | |
475 | ret = ctx->pmeth->encrypt_init(ctx); | |
476 | if (ret <= 0) | |
477 | ctx->operation = EVP_PKEY_OP_UNDEFINED; | |
478 | return ret; | |
479 | } | |
f733a5ef DSH |
480 | |
481 | int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, | |
0f113f3e MC |
482 | unsigned char *out, size_t *outlen, |
483 | const unsigned char *in, size_t inlen) | |
484 | { | |
485 | if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) { | |
486 | EVPerr(EVP_F_EVP_PKEY_ENCRYPT, | |
487 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
488 | return -2; | |
489 | } | |
490 | if (ctx->operation != EVP_PKEY_OP_ENCRYPT) { | |
491 | EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_OPERATON_NOT_INITIALIZED); | |
492 | return -1; | |
493 | } | |
494 | M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT) | |
495 | return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen); | |
496 | } | |
f733a5ef | 497 | |
cd763898 | 498 | int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx) |
0f113f3e MC |
499 | { |
500 | int ret; | |
501 | if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) { | |
502 | EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT, | |
503 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
504 | return -2; | |
505 | } | |
506 | ctx->operation = EVP_PKEY_OP_DECRYPT; | |
507 | if (!ctx->pmeth->decrypt_init) | |
508 | return 1; | |
509 | ret = ctx->pmeth->decrypt_init(ctx); | |
510 | if (ret <= 0) | |
511 | ctx->operation = EVP_PKEY_OP_UNDEFINED; | |
512 | return ret; | |
513 | } | |
f733a5ef DSH |
514 | |
515 | int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, | |
0f113f3e MC |
516 | unsigned char *out, size_t *outlen, |
517 | const unsigned char *in, size_t inlen) | |
518 | { | |
519 | if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) { | |
520 | EVPerr(EVP_F_EVP_PKEY_DECRYPT, | |
521 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
522 | return -2; | |
523 | } | |
524 | if (ctx->operation != EVP_PKEY_OP_DECRYPT) { | |
525 | EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_OPERATON_NOT_INITIALIZED); | |
526 | return -1; | |
527 | } | |
528 | M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT) | |
529 | return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen); | |
530 | } |