]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
aa6bb135 | 2 | * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. |
f733a5ef | 3 | * |
4a8b0c55 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
aa6bb135 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
f733a5ef DSH |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
11 | #include <stdlib.h> | |
c20276e4 | 12 | #include <openssl/objects.h> |
f733a5ef | 13 | #include <openssl/evp.h> |
ff64702b | 14 | #include "internal/cryptlib.h" |
27af42f9 | 15 | #include "internal/evp_int.h" |
dfcb5d29 | 16 | #include "internal/provider.h" |
ff64702b | 17 | #include "evp_locl.h" |
b010b7c4 | 18 | |
dfcb5d29 MC |
19 | static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov) |
20 | { | |
21 | EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE)); | |
22 | ||
23 | signature->lock = CRYPTO_THREAD_lock_new(); | |
24 | if (signature->lock == NULL) { | |
25 | OPENSSL_free(signature); | |
26 | return NULL; | |
27 | } | |
28 | signature->prov = prov; | |
29 | ossl_provider_up_ref(prov); | |
30 | signature->refcnt = 1; | |
31 | ||
32 | return signature; | |
33 | } | |
34 | ||
f7c16d48 | 35 | static void *evp_signature_from_dispatch(int name_id, |
dfcb5d29 MC |
36 | const OSSL_DISPATCH *fns, |
37 | OSSL_PROVIDER *prov, | |
38 | void *vkeymgmt_data) | |
39 | { | |
40 | /* | |
41 | * Signature functions cannot work without a key, and key management | |
42 | * from the same provider to manage its keys. We therefore fetch | |
43 | * a key management method using the same algorithm and properties | |
44 | * and pass that down to evp_generic_fetch to be passed on to our | |
45 | * evp_signature_from_dispatch, which will attach the key management | |
46 | * method to the newly created key exchange method as long as the | |
47 | * provider matches. | |
48 | */ | |
49 | struct keymgmt_data_st *keymgmt_data = vkeymgmt_data; | |
f7c16d48 RL |
50 | EVP_KEYMGMT *keymgmt = |
51 | evp_keymgmt_fetch_by_number(keymgmt_data->ctx, name_id, | |
52 | keymgmt_data->properties); | |
dfcb5d29 | 53 | EVP_SIGNATURE *signature = NULL; |
390acbeb | 54 | int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0; |
9c45222d | 55 | int gparamfncnt = 0, sparamfncnt = 0; |
dfcb5d29 MC |
56 | |
57 | if (keymgmt == NULL || EVP_KEYMGMT_provider(keymgmt) != prov) { | |
58 | ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEYMGMT_AVAILABLE); | |
59 | goto err; | |
60 | } | |
61 | ||
f7c16d48 | 62 | if ((signature = evp_signature_new(prov)) == NULL) { |
dfcb5d29 MC |
63 | ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); |
64 | goto err; | |
65 | } | |
66 | ||
f7c16d48 | 67 | signature->name_id = name_id; |
dfcb5d29 MC |
68 | signature->keymgmt = keymgmt; |
69 | keymgmt = NULL; /* avoid double free on failure below */ | |
70 | ||
71 | for (; fns->function_id != 0; fns++) { | |
72 | switch (fns->function_id) { | |
73 | case OSSL_FUNC_SIGNATURE_NEWCTX: | |
74 | if (signature->newctx != NULL) | |
75 | break; | |
76 | signature->newctx = OSSL_get_OP_signature_newctx(fns); | |
390acbeb | 77 | ctxfncnt++; |
dfcb5d29 MC |
78 | break; |
79 | case OSSL_FUNC_SIGNATURE_SIGN_INIT: | |
80 | if (signature->sign_init != NULL) | |
81 | break; | |
82 | signature->sign_init = OSSL_get_OP_signature_sign_init(fns); | |
390acbeb | 83 | signfncnt++; |
dfcb5d29 MC |
84 | break; |
85 | case OSSL_FUNC_SIGNATURE_SIGN: | |
86 | if (signature->sign != NULL) | |
87 | break; | |
88 | signature->sign = OSSL_get_OP_signature_sign(fns); | |
390acbeb MC |
89 | signfncnt++; |
90 | break; | |
91 | case OSSL_FUNC_SIGNATURE_VERIFY_INIT: | |
92 | if (signature->verify_init != NULL) | |
93 | break; | |
94 | signature->verify_init = OSSL_get_OP_signature_verify_init(fns); | |
95 | verifyfncnt++; | |
96 | break; | |
97 | case OSSL_FUNC_SIGNATURE_VERIFY: | |
98 | if (signature->verify != NULL) | |
99 | break; | |
100 | signature->verify = OSSL_get_OP_signature_verify(fns); | |
101 | verifyfncnt++; | |
102 | break; | |
103 | case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT: | |
104 | if (signature->verify_recover_init != NULL) | |
105 | break; | |
106 | signature->verify_recover_init | |
107 | = OSSL_get_OP_signature_verify_recover_init(fns); | |
108 | verifyrecfncnt++; | |
109 | break; | |
110 | case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER: | |
111 | if (signature->verify_recover != NULL) | |
112 | break; | |
113 | signature->verify_recover | |
114 | = OSSL_get_OP_signature_verify_recover(fns); | |
115 | verifyrecfncnt++; | |
dfcb5d29 MC |
116 | break; |
117 | case OSSL_FUNC_SIGNATURE_FREECTX: | |
118 | if (signature->freectx != NULL) | |
119 | break; | |
120 | signature->freectx = OSSL_get_OP_signature_freectx(fns); | |
390acbeb | 121 | ctxfncnt++; |
dfcb5d29 MC |
122 | break; |
123 | case OSSL_FUNC_SIGNATURE_DUPCTX: | |
124 | if (signature->dupctx != NULL) | |
125 | break; | |
126 | signature->dupctx = OSSL_get_OP_signature_dupctx(fns); | |
127 | break; | |
9c45222d MC |
128 | case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS: |
129 | if (signature->get_ctx_params != NULL) | |
dfcb5d29 | 130 | break; |
9c45222d MC |
131 | signature->get_ctx_params |
132 | = OSSL_get_OP_signature_get_ctx_params(fns); | |
133 | gparamfncnt++; | |
134 | break; | |
135 | case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS: | |
136 | if (signature->gettable_ctx_params != NULL) | |
137 | break; | |
138 | signature->gettable_ctx_params | |
139 | = OSSL_get_OP_signature_gettable_ctx_params(fns); | |
140 | gparamfncnt++; | |
141 | break; | |
142 | case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS: | |
143 | if (signature->set_ctx_params != NULL) | |
144 | break; | |
145 | signature->set_ctx_params | |
146 | = OSSL_get_OP_signature_set_ctx_params(fns); | |
147 | sparamfncnt++; | |
148 | break; | |
149 | case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS: | |
150 | if (signature->settable_ctx_params != NULL) | |
151 | break; | |
152 | signature->settable_ctx_params | |
153 | = OSSL_get_OP_signature_settable_ctx_params(fns); | |
154 | sparamfncnt++; | |
dfcb5d29 MC |
155 | break; |
156 | } | |
157 | } | |
390acbeb | 158 | if (ctxfncnt != 2 |
9c45222d MC |
159 | || (signfncnt != 2 && verifyfncnt != 2 && verifyrecfncnt != 2) |
160 | || (gparamfncnt != 0 && gparamfncnt != 2) | |
161 | || (sparamfncnt != 0 && sparamfncnt != 2)) { | |
dfcb5d29 MC |
162 | /* |
163 | * In order to be a consistent set of functions we must have at least | |
390acbeb MC |
164 | * a set of context functions (newctx and freectx) as well as a pair of |
165 | * "signature" functions: (sign_init, sign) or (verify_init verify) or | |
9c45222d MC |
166 | * (verify_recover_init, verify_recover). set_ctx_params and |
167 | * settable_ctx_params are optional, but if one of them is present then | |
168 | * the other one must also be present. The same applies to | |
169 | * get_ctx_params and gettable_ctx_params. The dupctx function is | |
170 | * optional. | |
dfcb5d29 MC |
171 | */ |
172 | ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); | |
173 | goto err; | |
174 | } | |
175 | ||
176 | return signature; | |
177 | err: | |
178 | EVP_SIGNATURE_free(signature); | |
179 | EVP_KEYMGMT_free(keymgmt); | |
180 | return NULL; | |
181 | } | |
182 | ||
183 | void EVP_SIGNATURE_free(EVP_SIGNATURE *signature) | |
184 | { | |
185 | if (signature != NULL) { | |
186 | int i; | |
187 | ||
188 | CRYPTO_DOWN_REF(&signature->refcnt, &i, signature->lock); | |
189 | if (i > 0) | |
190 | return; | |
191 | EVP_KEYMGMT_free(signature->keymgmt); | |
192 | ossl_provider_free(signature->prov); | |
dfcb5d29 MC |
193 | CRYPTO_THREAD_lock_free(signature->lock); |
194 | OPENSSL_free(signature); | |
195 | } | |
196 | } | |
197 | ||
198 | int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature) | |
199 | { | |
200 | int ref = 0; | |
201 | ||
202 | CRYPTO_UP_REF(&signature->refcnt, &ref, signature->lock); | |
203 | return 1; | |
204 | } | |
205 | ||
206 | OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature) | |
207 | { | |
208 | return signature->prov; | |
209 | } | |
210 | ||
211 | EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm, | |
212 | const char *properties) | |
213 | { | |
214 | struct keymgmt_data_st keymgmt_data; | |
215 | ||
216 | /* | |
217 | * A signature operation cannot work without a key, so we need key | |
218 | * management from the same provider to manage its keys. | |
219 | */ | |
220 | keymgmt_data.ctx = ctx; | |
221 | keymgmt_data.properties = properties; | |
222 | return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties, | |
223 | evp_signature_from_dispatch, &keymgmt_data, | |
224 | (int (*)(void *))EVP_SIGNATURE_up_ref, | |
225 | (void (*)(void *))EVP_SIGNATURE_free); | |
226 | } | |
227 | ||
390acbeb MC |
228 | static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature, |
229 | int operation) | |
0f113f3e | 230 | { |
390acbeb | 231 | int ret = 0; |
dfcb5d29 MC |
232 | void *provkey = NULL; |
233 | ||
234 | if (ctx == NULL) { | |
235 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
0f113f3e MC |
236 | return -2; |
237 | } | |
dfcb5d29 | 238 | |
864b89ce | 239 | evp_pkey_ctx_free_old_ops(ctx); |
390acbeb | 240 | ctx->operation = operation; |
dfcb5d29 MC |
241 | |
242 | if (ctx->engine != NULL) | |
243 | goto legacy; | |
244 | ||
245 | if (signature != NULL) { | |
246 | if (!EVP_SIGNATURE_up_ref(signature)) | |
247 | goto err; | |
248 | } else { | |
249 | int nid = ctx->pkey != NULL ? ctx->pkey->type : ctx->pmeth->pkey_id; | |
250 | ||
251 | /* | |
252 | * TODO(3.0): Check for legacy handling. Remove this once all all | |
253 | * algorithms are moved to providers. | |
254 | */ | |
255 | if (ctx->pkey != NULL) { | |
256 | switch (ctx->pkey->type) { | |
4889dadc MC |
257 | case NID_dsa: |
258 | break; | |
dfcb5d29 MC |
259 | default: |
260 | goto legacy; | |
261 | } | |
262 | signature = EVP_SIGNATURE_fetch(NULL, OBJ_nid2sn(nid), NULL); | |
263 | } else { | |
264 | goto legacy; | |
265 | } | |
266 | ||
267 | if (signature == NULL) { | |
268 | EVPerr(0, EVP_R_INITIALIZATION_ERROR); | |
269 | goto err; | |
270 | } | |
271 | } | |
272 | ||
864b89ce | 273 | ctx->op.sig.signature = signature; |
dfcb5d29 MC |
274 | if (ctx->pkey != NULL) { |
275 | provkey = evp_keymgmt_export_to_provider(ctx->pkey, signature->keymgmt); | |
276 | if (provkey == NULL) { | |
277 | EVPerr(0, EVP_R_INITIALIZATION_ERROR); | |
278 | goto err; | |
279 | } | |
280 | } | |
864b89ce MC |
281 | ctx->op.sig.sigprovctx = signature->newctx(ossl_provider_ctx(signature->prov)); |
282 | if (ctx->op.sig.sigprovctx == NULL) { | |
dfcb5d29 MC |
283 | /* The provider key can stay in the cache */ |
284 | EVPerr(0, EVP_R_INITIALIZATION_ERROR); | |
285 | goto err; | |
286 | } | |
dfcb5d29 | 287 | |
390acbeb MC |
288 | switch (operation) { |
289 | case EVP_PKEY_OP_SIGN: | |
290 | if (signature->sign_init == NULL) { | |
291 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
292 | ret = -2; | |
293 | goto err; | |
294 | } | |
864b89ce | 295 | ret = signature->sign_init(ctx->op.sig.sigprovctx, provkey); |
390acbeb MC |
296 | break; |
297 | case EVP_PKEY_OP_VERIFY: | |
298 | if (signature->verify_init == NULL) { | |
299 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
300 | ret = -2; | |
301 | goto err; | |
302 | } | |
864b89ce | 303 | ret = signature->verify_init(ctx->op.sig.sigprovctx, provkey); |
390acbeb MC |
304 | break; |
305 | case EVP_PKEY_OP_VERIFYRECOVER: | |
306 | if (signature->verify_recover_init == NULL) { | |
307 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
308 | ret = -2; | |
309 | goto err; | |
310 | } | |
864b89ce | 311 | ret = signature->verify_recover_init(ctx->op.sig.sigprovctx, provkey); |
390acbeb MC |
312 | break; |
313 | default: | |
314 | EVPerr(0, EVP_R_INITIALIZATION_ERROR); | |
315 | goto err; | |
316 | } | |
317 | ||
318 | if (ret <= 0) { | |
864b89ce MC |
319 | signature->freectx(ctx->op.sig.sigprovctx); |
320 | ctx->op.sig.sigprovctx = NULL; | |
390acbeb MC |
321 | goto err; |
322 | } | |
323 | return 1; | |
dfcb5d29 MC |
324 | |
325 | legacy: | |
390acbeb MC |
326 | if (ctx->pmeth == NULL |
327 | || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL) | |
328 | || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL) | |
329 | || (operation == EVP_PKEY_OP_VERIFYRECOVER | |
330 | && ctx->pmeth->verify_recover == NULL)) { | |
dfcb5d29 MC |
331 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
332 | return -2; | |
333 | } | |
334 | ||
390acbeb MC |
335 | switch (operation) { |
336 | case EVP_PKEY_OP_SIGN: | |
337 | if (ctx->pmeth->sign_init == NULL) | |
338 | return 1; | |
339 | ret = ctx->pmeth->sign_init(ctx); | |
340 | break; | |
341 | case EVP_PKEY_OP_VERIFY: | |
342 | if (ctx->pmeth->verify_init == NULL) | |
343 | return 1; | |
344 | ret = ctx->pmeth->verify_init(ctx); | |
345 | break; | |
346 | case EVP_PKEY_OP_VERIFYRECOVER: | |
347 | if (ctx->pmeth->verify_recover_init == NULL) | |
348 | return 1; | |
349 | ret = ctx->pmeth->verify_recover_init(ctx); | |
350 | break; | |
351 | default: | |
352 | EVPerr(0, EVP_R_INITIALIZATION_ERROR); | |
353 | goto err; | |
354 | } | |
0f113f3e | 355 | if (ret <= 0) |
390acbeb | 356 | goto err; |
0f113f3e | 357 | return ret; |
390acbeb MC |
358 | |
359 | err: | |
360 | ctx->operation = EVP_PKEY_OP_UNDEFINED; | |
361 | return ret; | |
362 | } | |
363 | ||
364 | int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature) | |
365 | { | |
366 | return evp_pkey_signature_init(ctx, signature, EVP_PKEY_OP_SIGN); | |
0f113f3e | 367 | } |
f733a5ef | 368 | |
dfcb5d29 MC |
369 | int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) |
370 | { | |
390acbeb | 371 | return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_SIGN); |
dfcb5d29 MC |
372 | } |
373 | ||
f733a5ef | 374 | int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, |
0f113f3e MC |
375 | unsigned char *sig, size_t *siglen, |
376 | const unsigned char *tbs, size_t tbslen) | |
377 | { | |
dfcb5d29 MC |
378 | int ret; |
379 | ||
380 | if (ctx == NULL) { | |
381 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
0f113f3e MC |
382 | return -2; |
383 | } | |
dfcb5d29 | 384 | |
0f113f3e | 385 | if (ctx->operation != EVP_PKEY_OP_SIGN) { |
dfcb5d29 | 386 | EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED); |
0f113f3e MC |
387 | return -1; |
388 | } | |
dfcb5d29 | 389 | |
864b89ce | 390 | if (ctx->op.sig.sigprovctx == NULL) |
dfcb5d29 MC |
391 | goto legacy; |
392 | ||
864b89ce MC |
393 | ret = ctx->op.sig.signature->sign(ctx->op.sig.sigprovctx, sig, siglen, |
394 | SIZE_MAX, tbs, tbslen); | |
dfcb5d29 MC |
395 | |
396 | return ret; | |
397 | legacy: | |
398 | ||
399 | if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) { | |
400 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
401 | return -2; | |
402 | } | |
403 | ||
0f113f3e MC |
404 | M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN) |
405 | return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen); | |
406 | } | |
f733a5ef | 407 | |
390acbeb MC |
408 | int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature) |
409 | { | |
410 | return evp_pkey_signature_init(ctx, signature, EVP_PKEY_OP_VERIFY); | |
411 | } | |
412 | ||
cd763898 | 413 | int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx) |
0f113f3e | 414 | { |
390acbeb | 415 | return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFY); |
0f113f3e | 416 | } |
f733a5ef DSH |
417 | |
418 | int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, | |
0f113f3e MC |
419 | const unsigned char *sig, size_t siglen, |
420 | const unsigned char *tbs, size_t tbslen) | |
421 | { | |
390acbeb MC |
422 | int ret; |
423 | ||
424 | if (ctx == NULL) { | |
425 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
0f113f3e MC |
426 | return -2; |
427 | } | |
390acbeb | 428 | |
0f113f3e | 429 | if (ctx->operation != EVP_PKEY_OP_VERIFY) { |
390acbeb | 430 | EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED); |
0f113f3e MC |
431 | return -1; |
432 | } | |
390acbeb | 433 | |
864b89ce | 434 | if (ctx->op.sig.sigprovctx == NULL) |
390acbeb MC |
435 | goto legacy; |
436 | ||
864b89ce MC |
437 | ret = ctx->op.sig.signature->verify(ctx->op.sig.sigprovctx, sig, siglen, |
438 | tbs, tbslen); | |
390acbeb MC |
439 | |
440 | return ret; | |
441 | legacy: | |
442 | if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) { | |
443 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
444 | return -2; | |
445 | } | |
446 | ||
0f113f3e MC |
447 | return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen); |
448 | } | |
f733a5ef | 449 | |
390acbeb MC |
450 | int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature) |
451 | { | |
452 | return evp_pkey_signature_init(ctx, signature, EVP_PKEY_OP_VERIFYRECOVER); | |
453 | } | |
454 | ||
cd763898 | 455 | int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx) |
0f113f3e | 456 | { |
390acbeb | 457 | return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFYRECOVER); |
0f113f3e | 458 | } |
f733a5ef DSH |
459 | |
460 | int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, | |
0f113f3e MC |
461 | unsigned char *rout, size_t *routlen, |
462 | const unsigned char *sig, size_t siglen) | |
463 | { | |
390acbeb MC |
464 | int ret; |
465 | ||
466 | if (ctx == NULL) { | |
467 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
0f113f3e MC |
468 | return -2; |
469 | } | |
390acbeb | 470 | |
0f113f3e | 471 | if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) { |
390acbeb | 472 | EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED); |
0f113f3e MC |
473 | return -1; |
474 | } | |
390acbeb | 475 | |
864b89ce | 476 | if (ctx->op.sig.sigprovctx == NULL) |
390acbeb MC |
477 | goto legacy; |
478 | ||
864b89ce MC |
479 | ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.sigprovctx, rout, |
480 | routlen, | |
481 | (rout == NULL ? 0 : *routlen), | |
482 | sig, siglen); | |
390acbeb MC |
483 | return ret; |
484 | legacy: | |
485 | if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) { | |
486 | EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
487 | return -2; | |
488 | } | |
0f113f3e MC |
489 | M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER) |
490 | return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen); | |
491 | } | |
f733a5ef | 492 | |
cd763898 | 493 | int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx) |
0f113f3e MC |
494 | { |
495 | int ret; | |
496 | if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) { | |
497 | EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT, | |
498 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
499 | return -2; | |
500 | } | |
501 | ctx->operation = EVP_PKEY_OP_ENCRYPT; | |
502 | if (!ctx->pmeth->encrypt_init) | |
503 | return 1; | |
504 | ret = ctx->pmeth->encrypt_init(ctx); | |
505 | if (ret <= 0) | |
506 | ctx->operation = EVP_PKEY_OP_UNDEFINED; | |
507 | return ret; | |
508 | } | |
f733a5ef DSH |
509 | |
510 | int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, | |
0f113f3e MC |
511 | unsigned char *out, size_t *outlen, |
512 | const unsigned char *in, size_t inlen) | |
513 | { | |
514 | if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) { | |
515 | EVPerr(EVP_F_EVP_PKEY_ENCRYPT, | |
516 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
517 | return -2; | |
518 | } | |
519 | if (ctx->operation != EVP_PKEY_OP_ENCRYPT) { | |
520 | EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_OPERATON_NOT_INITIALIZED); | |
521 | return -1; | |
522 | } | |
523 | M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT) | |
524 | return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen); | |
525 | } | |
f733a5ef | 526 | |
cd763898 | 527 | int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx) |
0f113f3e MC |
528 | { |
529 | int ret; | |
530 | if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) { | |
531 | EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT, | |
532 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
533 | return -2; | |
534 | } | |
535 | ctx->operation = EVP_PKEY_OP_DECRYPT; | |
536 | if (!ctx->pmeth->decrypt_init) | |
537 | return 1; | |
538 | ret = ctx->pmeth->decrypt_init(ctx); | |
539 | if (ret <= 0) | |
540 | ctx->operation = EVP_PKEY_OP_UNDEFINED; | |
541 | return ret; | |
542 | } | |
f733a5ef DSH |
543 | |
544 | int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, | |
0f113f3e MC |
545 | unsigned char *out, size_t *outlen, |
546 | const unsigned char *in, size_t inlen) | |
547 | { | |
548 | if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) { | |
549 | EVPerr(EVP_F_EVP_PKEY_DECRYPT, | |
550 | EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
551 | return -2; | |
552 | } | |
553 | if (ctx->operation != EVP_PKEY_OP_DECRYPT) { | |
554 | EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_OPERATON_NOT_INITIALIZED); | |
555 | return -1; | |
556 | } | |
557 | M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT) | |
558 | return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen); | |
559 | } |