[thirdparty/openssl.git] / crypto / evp / pmeth_fn.c

/*
 * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <stdlib.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include "internal/cryptlib.h"
#include "internal/evp_int.h"
#include "internal/provider.h"
#include "evp_locl.h"

static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov)
{
    EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE));

    signature->lock = CRYPTO_THREAD_lock_new();
    if (signature->lock == NULL) {
        OPENSSL_free(signature);
        return NULL;
    }
    signature->prov = prov;
    ossl_provider_up_ref(prov);
    signature->refcnt = 1;

    return signature;
}

static void *evp_signature_from_dispatch(const char *name,
                                         const OSSL_DISPATCH *fns,
                                         OSSL_PROVIDER *prov,
                                         void *vkeymgmt_data)
{
    /*
     * Signature functions cannot work without a key, and key management
     * from the same provider to manage its keys.  We therefore fetch
     * a key management method using the same algorithm and properties
     * and pass that down to evp_generic_fetch to be passed on to our
     * evp_signature_from_dispatch, which will attach the key management
     * method to the newly created key exchange method as long as the
     * provider matches.
     */
    struct keymgmt_data_st *keymgmt_data = vkeymgmt_data;
    EVP_KEYMGMT *keymgmt = EVP_KEYMGMT_fetch(keymgmt_data->ctx, name,
                                             keymgmt_data->properties);
    EVP_SIGNATURE *signature = NULL;
    int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0;

    if (keymgmt == NULL || EVP_KEYMGMT_provider(keymgmt) != prov) {
        ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEYMGMT_AVAILABLE);
        goto err;
    }

    if ((signature = evp_signature_new(prov)) == NULL
        || (signature->name = OPENSSL_strdup(name)) == NULL) {
        ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    signature->keymgmt = keymgmt;
    keymgmt = NULL;              /* avoid double free on failure below */

    for (; fns->function_id != 0; fns++) {
        switch (fns->function_id) {
        case OSSL_FUNC_SIGNATURE_NEWCTX:
            if (signature->newctx != NULL)
                break;
            signature->newctx = OSSL_get_OP_signature_newctx(fns);
            ctxfncnt++;
            break;
        case OSSL_FUNC_SIGNATURE_SIGN_INIT:
            if (signature->sign_init != NULL)
                break;
            signature->sign_init = OSSL_get_OP_signature_sign_init(fns);
            signfncnt++;
            break;
        case OSSL_FUNC_SIGNATURE_SIGN:
            if (signature->sign != NULL)
                break;
            signature->sign = OSSL_get_OP_signature_sign(fns);
            signfncnt++;
            break;
        case OSSL_FUNC_SIGNATURE_VERIFY_INIT:
            if (signature->verify_init != NULL)
                break;
            signature->verify_init = OSSL_get_OP_signature_verify_init(fns);
            verifyfncnt++;
            break;
        case OSSL_FUNC_SIGNATURE_VERIFY:
            if (signature->verify != NULL)
                break;
            signature->verify = OSSL_get_OP_signature_verify(fns);
            verifyfncnt++;
            break;
        case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT:
            if (signature->verify_recover_init != NULL)
                break;
            signature->verify_recover_init
                = OSSL_get_OP_signature_verify_recover_init(fns);
            verifyrecfncnt++;
            break;
        case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER:
            if (signature->verify_recover != NULL)
                break;
            signature->verify_recover
                = OSSL_get_OP_signature_verify_recover(fns);
            verifyrecfncnt++;
            break;
        case OSSL_FUNC_SIGNATURE_FREECTX:
            if (signature->freectx != NULL)
                break;
            signature->freectx = OSSL_get_OP_signature_freectx(fns);
            ctxfncnt++;
            break;
        case OSSL_FUNC_SIGNATURE_DUPCTX:
            if (signature->dupctx != NULL)
                break;
            signature->dupctx = OSSL_get_OP_signature_dupctx(fns);
            break;
        case OSSL_FUNC_SIGNATURE_SET_PARAMS:
            if (signature->set_params != NULL)
                break;
            signature->set_params = OSSL_get_OP_signature_set_params(fns);
            break;
        }
    }
    if (ctxfncnt != 2
        || (signfncnt != 2 && verifyfncnt != 2 && verifyrecfncnt != 2)) {
        /*
         * In order to be a consistent set of functions we must have at least
         * a set of context functions (newctx and freectx) as well as a pair of
         * "signature" functions: (sign_init, sign) or (verify_init verify) or
         * (verify_recover_init, verify_recover). The dupctx and set_params
         * functions are optional.
         */
        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
        goto err;
    }

    return signature;
 err:
    EVP_SIGNATURE_free(signature);
    EVP_KEYMGMT_free(keymgmt);
    return NULL;
}

void EVP_SIGNATURE_free(EVP_SIGNATURE *signature)
{
    if (signature != NULL) {
        int i;

        CRYPTO_DOWN_REF(&signature->refcnt, &i, signature->lock);
        if (i > 0)
            return;
        EVP_KEYMGMT_free(signature->keymgmt);
        ossl_provider_free(signature->prov);
        OPENSSL_free(signature->name);
        CRYPTO_THREAD_lock_free(signature->lock);
        OPENSSL_free(signature);
    }
}

int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature)
{
    int ref = 0;

    CRYPTO_UP_REF(&signature->refcnt, &ref, signature->lock);
    return 1;
}

OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature)
{
    return signature->prov;
}

EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm,
                                   const char *properties)
{
    struct keymgmt_data_st keymgmt_data;

    /*
     * A signature operation cannot work without a key, so we need key
     * management from the same provider to manage its keys.
     */
    keymgmt_data.ctx = ctx;
    keymgmt_data.properties = properties;
    return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties,
                             evp_signature_from_dispatch, &keymgmt_data,
                             (int (*)(void *))EVP_SIGNATURE_up_ref,
                             (void (*)(void *))EVP_SIGNATURE_free);
}

static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature,
                                   int operation)
{
    int ret = 0;
    void *provkey = NULL;

    if (ctx == NULL) {
        EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
        return -2;
    }

    ctx->operation = operation;

    if (ctx->engine != NULL)
        goto legacy;

    if (signature != NULL) {
        if (!EVP_SIGNATURE_up_ref(signature))
            goto err;
    } else {
        int nid = ctx->pkey != NULL ? ctx->pkey->type : ctx->pmeth->pkey_id;

        /*
         * TODO(3.0): Check for legacy handling. Remove this once all all
         * algorithms are moved to providers.
         */
        if (ctx->pkey != NULL) {
            switch (ctx->pkey->type) {
            case NID_dsa:
                break;
            default:
                goto legacy;
            }
            signature = EVP_SIGNATURE_fetch(NULL, OBJ_nid2sn(nid), NULL);
        } else {
            goto legacy;
        }

        if (signature == NULL) {
            EVPerr(0, EVP_R_INITIALIZATION_ERROR);
            goto err;
        }
    }

    if (ctx->sigprovctx != NULL && ctx->signature != NULL)
        ctx->signature->freectx(ctx->sigprovctx);
    EVP_SIGNATURE_free(ctx->signature);
    ctx->signature = signature;
    if (ctx->pkey != NULL) {
        provkey = evp_keymgmt_export_to_provider(ctx->pkey, signature->keymgmt);
        if (provkey == NULL) {
            EVPerr(0, EVP_R_INITIALIZATION_ERROR);
            goto err;
        }
    }
    ctx->sigprovctx = signature->newctx(ossl_provider_ctx(signature->prov));
    if (ctx->sigprovctx == NULL) {
        /* The provider key can stay in the cache */
        EVPerr(0, EVP_R_INITIALIZATION_ERROR);
        goto err;
    }

    switch (operation) {
    case EVP_PKEY_OP_SIGN:
        if (signature->sign_init == NULL) {
            EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
            ret = -2;
            goto err;
        }
        ret = signature->sign_init(ctx->sigprovctx, provkey);
        break;
    case EVP_PKEY_OP_VERIFY:
        if (signature->verify_init == NULL) {
            EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
            ret = -2;
            goto err;
        }
        ret = signature->verify_init(ctx->sigprovctx, provkey);
        break;
    case EVP_PKEY_OP_VERIFYRECOVER:
        if (signature->verify_recover_init == NULL) {
            EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
            ret = -2;
            goto err;
        }
        ret = signature->verify_recover_init(ctx->sigprovctx, provkey);
        break;
    default:
        EVPerr(0, EVP_R_INITIALIZATION_ERROR);
        goto err;
    }

    if (ret <= 0) {
        signature->freectx(ctx->sigprovctx);
        ctx->sigprovctx = NULL;
        goto err;
    }
    return 1;

 legacy:
    if (ctx->pmeth == NULL
            || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL)
            || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL)
            || (operation == EVP_PKEY_OP_VERIFYRECOVER
                && ctx->pmeth->verify_recover == NULL)) {
        EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
        return -2;
    }

    switch (operation) {
    case EVP_PKEY_OP_SIGN:
        if (ctx->pmeth->sign_init == NULL)
            return 1;
        ret = ctx->pmeth->sign_init(ctx);
        break;
    case EVP_PKEY_OP_VERIFY:
        if (ctx->pmeth->verify_init == NULL)
            return 1;
        ret = ctx->pmeth->verify_init(ctx);
        break;
    case EVP_PKEY_OP_VERIFYRECOVER:
        if (ctx->pmeth->verify_recover_init == NULL)
            return 1;
        ret = ctx->pmeth->verify_recover_init(ctx);
        break;
    default:
        EVPerr(0, EVP_R_INITIALIZATION_ERROR);
        goto err;
    }
    if (ret <= 0)
        goto err;
    return ret;

 err:
    ctx->operation = EVP_PKEY_OP_UNDEFINED;
    return ret;
}

int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature)
{
    return evp_pkey_signature_init(ctx, signature, EVP_PKEY_OP_SIGN);
}

int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
{
    return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_SIGN);
}

int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
                  unsigned char *sig, size_t *siglen,
                  const unsigned char *tbs, size_t tbslen)
{
    int ret;

    if (ctx == NULL) {
        EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
        return -2;
    }

    if (ctx->operation != EVP_PKEY_OP_SIGN) {
        EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
        return -1;
    }

    if (ctx->sigprovctx == NULL)
        goto legacy;

    ret = ctx->signature->sign(ctx->sigprovctx, sig, siglen, SIZE_MAX,
                               tbs, tbslen);

    return ret;
 legacy:
 
    if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) {
        EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
        return -2;
    }

    M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
        return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
}

int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature)
{
    return evp_pkey_signature_init(ctx, signature, EVP_PKEY_OP_VERIFY);
}

int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
{
    return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFY);
}

int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
                    const unsigned char *sig, size_t siglen,
                    const unsigned char *tbs, size_t tbslen)
{
    int ret;

    if (ctx == NULL) {
        EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
        return -2;
    }

    if (ctx->operation != EVP_PKEY_OP_VERIFY) {
        EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
        return -1;
    }

    if (ctx->sigprovctx == NULL)
        goto legacy;

    ret = ctx->signature->verify(ctx->sigprovctx, sig, siglen, tbs, tbslen);

    return ret;
 legacy:
    if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) {
        EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
        return -2;
    }

    return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
}

int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature)
{
    return evp_pkey_signature_init(ctx, signature, EVP_PKEY_OP_VERIFYRECOVER);
}

int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
{
    return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFYRECOVER);
}

int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
                            unsigned char *rout, size_t *routlen,
                            const unsigned char *sig, size_t siglen)
{
    int ret;

    if (ctx == NULL) {
        EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
        return -2;
    }

    if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
        EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
        return -1;
    }

    if (ctx->sigprovctx == NULL)
        goto legacy;

    ret = ctx->signature->verify_recover(ctx->sigprovctx, rout, routlen,
                                         (rout == NULL ? 0 : *routlen),
                                         sig, siglen);
    return ret;
 legacy:
    if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) {
        EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
        return -2;
    }
    M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
        return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
}

int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx)
{
    int ret;
    if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {
        EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT,
               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
        return -2;
    }
    ctx->operation = EVP_PKEY_OP_ENCRYPT;
    if (!ctx->pmeth->encrypt_init)
        return 1;
    ret = ctx->pmeth->encrypt_init(ctx);
    if (ret <= 0)
        ctx->operation = EVP_PKEY_OP_UNDEFINED;
    return ret;
}

int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
                     unsigned char *out, size_t *outlen,
                     const unsigned char *in, size_t inlen)
{
    if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {
        EVPerr(EVP_F_EVP_PKEY_ENCRYPT,
               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
        return -2;
    }
    if (ctx->operation != EVP_PKEY_OP_ENCRYPT) {
        EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
        return -1;
    }
    M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT)
        return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);
}

int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx)
{
    int ret;
    if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {
        EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT,
               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
        return -2;
    }
    ctx->operation = EVP_PKEY_OP_DECRYPT;
    if (!ctx->pmeth->decrypt_init)
        return 1;
    ret = ctx->pmeth->decrypt_init(ctx);
    if (ret <= 0)
        ctx->operation = EVP_PKEY_OP_UNDEFINED;
    return ret;
}

int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
                     unsigned char *out, size_t *outlen,
                     const unsigned char *in, size_t inlen)
{
    if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {
        EVPerr(EVP_F_EVP_PKEY_DECRYPT,
               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
        return -2;
    }
    if (ctx->operation != EVP_PKEY_OP_DECRYPT) {
        EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
        return -1;
    }
    M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
        return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
}
Commit	Line	Data
0f113f3e	1	/*
aa6bb135	2	* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
f733a5ef	3	*
4a8b0c55	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
aa6bb135 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
f733a5ef DSH	8	*/
	9
	10	#include <stdio.h>
	11	#include <stdlib.h>
c20276e4	12	#include <openssl/objects.h>
f733a5ef	13	#include <openssl/evp.h>
ff64702b	14	#include "internal/cryptlib.h"
27af42f9	15	#include "internal/evp_int.h"
dfcb5d29	16	#include "internal/provider.h"
ff64702b	17	#include "evp_locl.h"
b010b7c4	18
dfcb5d29 MC	19	static EVP_SIGNATURE evp_signature_new(OSSL_PROVIDER prov)
	20	{
	21	EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE));
	22
	23	signature->lock = CRYPTO_THREAD_lock_new();
	24	if (signature->lock == NULL) {
	25	OPENSSL_free(signature);
	26	return NULL;
	27	}
	28	signature->prov = prov;
	29	ossl_provider_up_ref(prov);
	30	signature->refcnt = 1;
	31
	32	return signature;
	33	}
	34
	35	static void evp_signature_from_dispatch(const char name,
	36	const OSSL_DISPATCH *fns,
	37	OSSL_PROVIDER *prov,
	38	void *vkeymgmt_data)
	39	{
	40	/*
	41	* Signature functions cannot work without a key, and key management
	42	* from the same provider to manage its keys. We therefore fetch
	43	* a key management method using the same algorithm and properties
	44	* and pass that down to evp_generic_fetch to be passed on to our
	45	* evp_signature_from_dispatch, which will attach the key management
	46	* method to the newly created key exchange method as long as the
	47	* provider matches.
	48	*/
	49	struct keymgmt_data_st *keymgmt_data = vkeymgmt_data;
	50	EVP_KEYMGMT *keymgmt = EVP_KEYMGMT_fetch(keymgmt_data->ctx, name,
	51	keymgmt_data->properties);
	52	EVP_SIGNATURE *signature = NULL;
390acbeb	53	int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0;
dfcb5d29 MC	54
	55	if (keymgmt == NULL \|\| EVP_KEYMGMT_provider(keymgmt) != prov) {
	56	ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEYMGMT_AVAILABLE);
	57	goto err;
	58	}
	59
	60	if ((signature = evp_signature_new(prov)) == NULL
	61	\|\| (signature->name = OPENSSL_strdup(name)) == NULL) {
	62	ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
	63	goto err;
	64	}
	65
	66	signature->keymgmt = keymgmt;
	67	keymgmt = NULL; /* avoid double free on failure below */
	68
	69	for (; fns->function_id != 0; fns++) {
	70	switch (fns->function_id) {
	71	case OSSL_FUNC_SIGNATURE_NEWCTX:
	72	if (signature->newctx != NULL)
	73	break;
	74	signature->newctx = OSSL_get_OP_signature_newctx(fns);
390acbeb	75	ctxfncnt++;
dfcb5d29 MC	76	break;
	77	case OSSL_FUNC_SIGNATURE_SIGN_INIT:
	78	if (signature->sign_init != NULL)
	79	break;
	80	signature->sign_init = OSSL_get_OP_signature_sign_init(fns);
390acbeb	81	signfncnt++;
dfcb5d29 MC	82	break;
	83	case OSSL_FUNC_SIGNATURE_SIGN:
	84	if (signature->sign != NULL)
	85	break;
	86	signature->sign = OSSL_get_OP_signature_sign(fns);
390acbeb MC	87	signfncnt++;
	88	break;
	89	case OSSL_FUNC_SIGNATURE_VERIFY_INIT:
	90	if (signature->verify_init != NULL)
	91	break;
	92	signature->verify_init = OSSL_get_OP_signature_verify_init(fns);
	93	verifyfncnt++;
	94	break;
	95	case OSSL_FUNC_SIGNATURE_VERIFY:
	96	if (signature->verify != NULL)
	97	break;
	98	signature->verify = OSSL_get_OP_signature_verify(fns);
	99	verifyfncnt++;
	100	break;
	101	case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT:
	102	if (signature->verify_recover_init != NULL)
	103	break;
	104	signature->verify_recover_init
	105	= OSSL_get_OP_signature_verify_recover_init(fns);
	106	verifyrecfncnt++;
	107	break;
	108	case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER:
	109	if (signature->verify_recover != NULL)
	110	break;
	111	signature->verify_recover
	112	= OSSL_get_OP_signature_verify_recover(fns);
	113	verifyrecfncnt++;
dfcb5d29 MC	114	break;
	115	case OSSL_FUNC_SIGNATURE_FREECTX:
	116	if (signature->freectx != NULL)
	117	break;
	118	signature->freectx = OSSL_get_OP_signature_freectx(fns);
390acbeb	119	ctxfncnt++;
dfcb5d29 MC	120	break;
	121	case OSSL_FUNC_SIGNATURE_DUPCTX:
	122	if (signature->dupctx != NULL)
	123	break;
	124	signature->dupctx = OSSL_get_OP_signature_dupctx(fns);
	125	break;
	126	case OSSL_FUNC_SIGNATURE_SET_PARAMS:
	127	if (signature->set_params != NULL)
	128	break;
	129	signature->set_params = OSSL_get_OP_signature_set_params(fns);
	130	break;
	131	}
	132	}
390acbeb MC	133	if (ctxfncnt != 2
390acbeb MC	134	\|\| (signfncnt != 2 && verifyfncnt != 2 && verifyrecfncnt != 2)) {
dfcb5d29 MC	135	/*
dfcb5d29 MC	136	* In order to be a consistent set of functions we must have at least
390acbeb MC	137	* a set of context functions (newctx and freectx) as well as a pair of
	138	* "signature" functions: (sign_init, sign) or (verify_init verify) or
	139	* (verify_recover_init, verify_recover). The dupctx and set_params
	140	* functions are optional.
dfcb5d29 MC	141	*/
	142	ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
	143	goto err;
	144	}
	145
	146	return signature;
	147	err:
	148	EVP_SIGNATURE_free(signature);
	149	EVP_KEYMGMT_free(keymgmt);
	150	return NULL;
	151	}
	152
	153	void EVP_SIGNATURE_free(EVP_SIGNATURE *signature)
	154	{
	155	if (signature != NULL) {
	156	int i;
	157
	158	CRYPTO_DOWN_REF(&signature->refcnt, &i, signature->lock);
	159	if (i > 0)
	160	return;
	161	EVP_KEYMGMT_free(signature->keymgmt);
	162	ossl_provider_free(signature->prov);
	163	OPENSSL_free(signature->name);
	164	CRYPTO_THREAD_lock_free(signature->lock);
	165	OPENSSL_free(signature);
	166	}
	167	}
	168
	169	int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature)
	170	{
	171	int ref = 0;
	172
	173	CRYPTO_UP_REF(&signature->refcnt, &ref, signature->lock);
	174	return 1;
	175	}
	176
	177	OSSL_PROVIDER EVP_SIGNATURE_provider(const EVP_SIGNATURE signature)
	178	{
	179	return signature->prov;
	180	}
	181
	182	EVP_SIGNATURE EVP_SIGNATURE_fetch(OPENSSL_CTX ctx, const char *algorithm,
	183	const char *properties)
	184	{
	185	struct keymgmt_data_st keymgmt_data;
	186
	187	/*
	188	* A signature operation cannot work without a key, so we need key
	189	* management from the same provider to manage its keys.
	190	*/
	191	keymgmt_data.ctx = ctx;
	192	keymgmt_data.properties = properties;
	193	return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties,
	194	evp_signature_from_dispatch, &keymgmt_data,
	195	(int ()(void ))EVP_SIGNATURE_up_ref,
	196	(void ()(void ))EVP_SIGNATURE_free);
	197	}
	198
390acbeb MC	199	static int evp_pkey_signature_init(EVP_PKEY_CTX ctx, EVP_SIGNATURE signature,
390acbeb MC	200	int operation)
0f113f3e	201	{
390acbeb	202	int ret = 0;
dfcb5d29 MC	203	void *provkey = NULL;
	204
	205	if (ctx == NULL) {
	206	EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
0f113f3e MC	207	return -2;
0f113f3e MC	208	}
dfcb5d29	209
390acbeb	210	ctx->operation = operation;
dfcb5d29 MC	211
	212	if (ctx->engine != NULL)
	213	goto legacy;
	214
	215	if (signature != NULL) {
	216	if (!EVP_SIGNATURE_up_ref(signature))
	217	goto err;
	218	} else {
	219	int nid = ctx->pkey != NULL ? ctx->pkey->type : ctx->pmeth->pkey_id;
	220
	221	/*
	222	* TODO(3.0): Check for legacy handling. Remove this once all all
	223	* algorithms are moved to providers.
	224	*/
	225	if (ctx->pkey != NULL) {
	226	switch (ctx->pkey->type) {
4889dadc MC	227	case NID_dsa:
4889dadc MC	228	break;
dfcb5d29 MC	229	default:
	230	goto legacy;
	231	}
	232	signature = EVP_SIGNATURE_fetch(NULL, OBJ_nid2sn(nid), NULL);
	233	} else {
	234	goto legacy;
	235	}
	236
	237	if (signature == NULL) {
	238	EVPerr(0, EVP_R_INITIALIZATION_ERROR);
	239	goto err;
	240	}
	241	}
	242
	243	if (ctx->sigprovctx != NULL && ctx->signature != NULL)
	244	ctx->signature->freectx(ctx->sigprovctx);
	245	EVP_SIGNATURE_free(ctx->signature);
	246	ctx->signature = signature;
	247	if (ctx->pkey != NULL) {
	248	provkey = evp_keymgmt_export_to_provider(ctx->pkey, signature->keymgmt);
	249	if (provkey == NULL) {
	250	EVPerr(0, EVP_R_INITIALIZATION_ERROR);
	251	goto err;
	252	}
	253	}
	254	ctx->sigprovctx = signature->newctx(ossl_provider_ctx(signature->prov));
	255	if (ctx->sigprovctx == NULL) {
	256	/* The provider key can stay in the cache */
	257	EVPerr(0, EVP_R_INITIALIZATION_ERROR);
	258	goto err;
	259	}
dfcb5d29	260
390acbeb MC	261	switch (operation) {
	262	case EVP_PKEY_OP_SIGN:
	263	if (signature->sign_init == NULL) {
	264	EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
	265	ret = -2;
	266	goto err;
	267	}
	268	ret = signature->sign_init(ctx->sigprovctx, provkey);
	269	break;
	270	case EVP_PKEY_OP_VERIFY:
	271	if (signature->verify_init == NULL) {
	272	EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
	273	ret = -2;
	274	goto err;
	275	}
	276	ret = signature->verify_init(ctx->sigprovctx, provkey);
	277	break;
	278	case EVP_PKEY_OP_VERIFYRECOVER:
	279	if (signature->verify_recover_init == NULL) {
	280	EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
	281	ret = -2;
	282	goto err;
	283	}
	284	ret = signature->verify_recover_init(ctx->sigprovctx, provkey);
	285	break;
	286	default:
	287	EVPerr(0, EVP_R_INITIALIZATION_ERROR);
	288	goto err;
	289	}
	290
	291	if (ret <= 0) {
	292	signature->freectx(ctx->sigprovctx);
	293	ctx->sigprovctx = NULL;
	294	goto err;
	295	}
	296	return 1;
dfcb5d29 MC	297
dfcb5d29 MC	298	legacy:
390acbeb MC	299	if (ctx->pmeth == NULL
	300	\|\| (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL)
	301	\|\| (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL)
	302	\|\| (operation == EVP_PKEY_OP_VERIFYRECOVER
	303	&& ctx->pmeth->verify_recover == NULL)) {
dfcb5d29 MC	304	EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
	305	return -2;
	306	}
	307
390acbeb MC	308	switch (operation) {
	309	case EVP_PKEY_OP_SIGN:
	310	if (ctx->pmeth->sign_init == NULL)
	311	return 1;
	312	ret = ctx->pmeth->sign_init(ctx);
	313	break;
	314	case EVP_PKEY_OP_VERIFY:
	315	if (ctx->pmeth->verify_init == NULL)
	316	return 1;
	317	ret = ctx->pmeth->verify_init(ctx);
	318	break;
	319	case EVP_PKEY_OP_VERIFYRECOVER:
	320	if (ctx->pmeth->verify_recover_init == NULL)
	321	return 1;
	322	ret = ctx->pmeth->verify_recover_init(ctx);
	323	break;
	324	default:
	325	EVPerr(0, EVP_R_INITIALIZATION_ERROR);
	326	goto err;
	327	}
0f113f3e	328	if (ret <= 0)
390acbeb	329	goto err;
0f113f3e	330	return ret;
390acbeb MC	331
	332	err:
	333	ctx->operation = EVP_PKEY_OP_UNDEFINED;
	334	return ret;
	335	}
	336
	337	int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX ctx, EVP_SIGNATURE signature)
	338	{
	339	return evp_pkey_signature_init(ctx, signature, EVP_PKEY_OP_SIGN);
0f113f3e	340	}
f733a5ef	341
dfcb5d29 MC	342	int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
dfcb5d29 MC	343	{
390acbeb	344	return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_SIGN);
dfcb5d29 MC	345	}
dfcb5d29 MC	346
f733a5ef	347	int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
0f113f3e MC	348	unsigned char sig, size_t siglen,
	349	const unsigned char *tbs, size_t tbslen)
	350	{
dfcb5d29 MC	351	int ret;
	352
	353	if (ctx == NULL) {
	354	EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
0f113f3e MC	355	return -2;
0f113f3e MC	356	}
dfcb5d29	357
0f113f3e	358	if (ctx->operation != EVP_PKEY_OP_SIGN) {
dfcb5d29	359	EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
0f113f3e MC	360	return -1;
0f113f3e MC	361	}
dfcb5d29 MC	362
	363	if (ctx->sigprovctx == NULL)
	364	goto legacy;
	365
	366	ret = ctx->signature->sign(ctx->sigprovctx, sig, siglen, SIZE_MAX,
	367	tbs, tbslen);
	368
	369	return ret;
	370	legacy:
	371
	372	if (ctx->pmeth == NULL \|\| ctx->pmeth->sign == NULL) {
	373	EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
	374	return -2;
	375	}
	376
0f113f3e MC	377	M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
	378	return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
	379	}
f733a5ef	380
390acbeb MC	381	int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX ctx, EVP_SIGNATURE signature)
	382	{
	383	return evp_pkey_signature_init(ctx, signature, EVP_PKEY_OP_VERIFY);
	384	}
	385
cd763898	386	int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
0f113f3e	387	{
390acbeb	388	return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFY);
0f113f3e	389	}
f733a5ef DSH	390
f733a5ef DSH	391	int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
0f113f3e MC	392	const unsigned char *sig, size_t siglen,
	393	const unsigned char *tbs, size_t tbslen)
	394	{
390acbeb MC	395	int ret;
	396
	397	if (ctx == NULL) {
	398	EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
0f113f3e MC	399	return -2;
0f113f3e MC	400	}
390acbeb	401
0f113f3e	402	if (ctx->operation != EVP_PKEY_OP_VERIFY) {
390acbeb	403	EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
0f113f3e MC	404	return -1;
0f113f3e MC	405	}
390acbeb MC	406
	407	if (ctx->sigprovctx == NULL)
	408	goto legacy;
	409
	410	ret = ctx->signature->verify(ctx->sigprovctx, sig, siglen, tbs, tbslen);
	411
	412	return ret;
	413	legacy:
	414	if (ctx->pmeth == NULL \|\| ctx->pmeth->verify == NULL) {
	415	EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
	416	return -2;
	417	}
	418
0f113f3e MC	419	return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
0f113f3e MC	420	}
f733a5ef	421
390acbeb MC	422	int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX ctx, EVP_SIGNATURE signature)
	423	{
	424	return evp_pkey_signature_init(ctx, signature, EVP_PKEY_OP_VERIFYRECOVER);
	425	}
	426
cd763898	427	int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
0f113f3e	428	{
390acbeb	429	return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFYRECOVER);
0f113f3e	430	}
f733a5ef DSH	431
f733a5ef DSH	432	int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
0f113f3e MC	433	unsigned char rout, size_t routlen,
	434	const unsigned char *sig, size_t siglen)
	435	{
390acbeb MC	436	int ret;
	437
	438	if (ctx == NULL) {
	439	EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
0f113f3e MC	440	return -2;
0f113f3e MC	441	}
390acbeb	442
0f113f3e	443	if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
390acbeb	444	EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
0f113f3e MC	445	return -1;
0f113f3e MC	446	}
390acbeb MC	447
	448	if (ctx->sigprovctx == NULL)
	449	goto legacy;
	450
	451	ret = ctx->signature->verify_recover(ctx->sigprovctx, rout, routlen,
	452	(rout == NULL ? 0 : *routlen),
	453	sig, siglen);
	454	return ret;
	455	legacy:
	456	if (ctx->pmeth == NULL \|\| ctx->pmeth->verify_recover == NULL) {
	457	EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
	458	return -2;
	459	}
0f113f3e MC	460	M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
	461	return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
	462	}
f733a5ef	463
cd763898	464	int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx)
0f113f3e MC	465	{
	466	int ret;
	467	if (!ctx \|\| !ctx->pmeth \|\| !ctx->pmeth->encrypt) {
	468	EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT,
	469	EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
	470	return -2;
	471	}
	472	ctx->operation = EVP_PKEY_OP_ENCRYPT;
	473	if (!ctx->pmeth->encrypt_init)
	474	return 1;
	475	ret = ctx->pmeth->encrypt_init(ctx);
	476	if (ret <= 0)
	477	ctx->operation = EVP_PKEY_OP_UNDEFINED;
	478	return ret;
	479	}
f733a5ef DSH	480
f733a5ef DSH	481	int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
0f113f3e MC	482	unsigned char out, size_t outlen,
	483	const unsigned char *in, size_t inlen)
	484	{
	485	if (!ctx \|\| !ctx->pmeth \|\| !ctx->pmeth->encrypt) {
	486	EVPerr(EVP_F_EVP_PKEY_ENCRYPT,
	487	EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
	488	return -2;
	489	}
	490	if (ctx->operation != EVP_PKEY_OP_ENCRYPT) {
	491	EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
	492	return -1;
	493	}
	494	M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT)
	495	return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);
	496	}
f733a5ef	497
cd763898	498	int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx)
0f113f3e MC	499	{
	500	int ret;
	501	if (!ctx \|\| !ctx->pmeth \|\| !ctx->pmeth->decrypt) {
	502	EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT,
	503	EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
	504	return -2;
	505	}
	506	ctx->operation = EVP_PKEY_OP_DECRYPT;
	507	if (!ctx->pmeth->decrypt_init)
	508	return 1;
	509	ret = ctx->pmeth->decrypt_init(ctx);
	510	if (ret <= 0)
	511	ctx->operation = EVP_PKEY_OP_UNDEFINED;
	512	return ret;
	513	}
f733a5ef DSH	514
f733a5ef DSH	515	int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
0f113f3e MC	516	unsigned char out, size_t outlen,
	517	const unsigned char *in, size_t inlen)
	518	{
	519	if (!ctx \|\| !ctx->pmeth \|\| !ctx->pmeth->decrypt) {
	520	EVPerr(EVP_F_EVP_PKEY_DECRYPT,
	521	EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
	522	return -2;
	523	}
	524	if (ctx->operation != EVP_PKEY_OP_DECRYPT) {
	525	EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
	526	return -1;
	527	}
	528	M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
	529	return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
	530	}