2 * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/objects.h>
13 #include <openssl/evp.h>
14 #include "internal/cryptlib.h"
15 #include "crypto/evp.h"
16 #include "internal/provider.h"
17 #include "evp_local.h"
19 static EVP_SIGNATURE
*evp_signature_new(OSSL_PROVIDER
*prov
)
21 EVP_SIGNATURE
*signature
= OPENSSL_zalloc(sizeof(EVP_SIGNATURE
));
23 signature
->lock
= CRYPTO_THREAD_lock_new();
24 if (signature
->lock
== NULL
) {
25 OPENSSL_free(signature
);
28 signature
->prov
= prov
;
29 ossl_provider_up_ref(prov
);
30 signature
->refcnt
= 1;
35 static void *evp_signature_from_dispatch(int name_id
,
36 const OSSL_DISPATCH
*fns
,
41 * Signature functions cannot work without a key, and key management
42 * from the same provider to manage its keys. We therefore fetch
43 * a key management method using the same algorithm and properties
44 * and pass that down to evp_generic_fetch to be passed on to our
45 * evp_signature_from_dispatch, which will attach the key management
46 * method to the newly created key exchange method as long as the
49 struct keymgmt_data_st
*keymgmt_data
= vkeymgmt_data
;
50 EVP_KEYMGMT
*keymgmt
=
51 evp_keymgmt_fetch_by_number(keymgmt_data
->ctx
, name_id
,
52 keymgmt_data
->properties
);
53 EVP_SIGNATURE
*signature
= NULL
;
54 int ctxfncnt
= 0, signfncnt
= 0, verifyfncnt
= 0, verifyrecfncnt
= 0;
55 int digsignfncnt
= 0, digverifyfncnt
= 0;
56 int gparamfncnt
= 0, sparamfncnt
= 0, gmdparamfncnt
= 0, smdparamfncnt
= 0;
58 if (keymgmt
== NULL
|| EVP_KEYMGMT_provider(keymgmt
) != prov
) {
59 ERR_raise(ERR_LIB_EVP
, EVP_R_NO_KEYMGMT_AVAILABLE
);
63 if ((signature
= evp_signature_new(prov
)) == NULL
) {
64 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
68 signature
->name_id
= name_id
;
69 signature
->keymgmt
= keymgmt
;
70 keymgmt
= NULL
; /* avoid double free on failure below */
72 for (; fns
->function_id
!= 0; fns
++) {
73 switch (fns
->function_id
) {
74 case OSSL_FUNC_SIGNATURE_NEWCTX
:
75 if (signature
->newctx
!= NULL
)
77 signature
->newctx
= OSSL_get_OP_signature_newctx(fns
);
80 case OSSL_FUNC_SIGNATURE_SIGN_INIT
:
81 if (signature
->sign_init
!= NULL
)
83 signature
->sign_init
= OSSL_get_OP_signature_sign_init(fns
);
86 case OSSL_FUNC_SIGNATURE_SIGN
:
87 if (signature
->sign
!= NULL
)
89 signature
->sign
= OSSL_get_OP_signature_sign(fns
);
92 case OSSL_FUNC_SIGNATURE_VERIFY_INIT
:
93 if (signature
->verify_init
!= NULL
)
95 signature
->verify_init
= OSSL_get_OP_signature_verify_init(fns
);
98 case OSSL_FUNC_SIGNATURE_VERIFY
:
99 if (signature
->verify
!= NULL
)
101 signature
->verify
= OSSL_get_OP_signature_verify(fns
);
104 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT
:
105 if (signature
->verify_recover_init
!= NULL
)
107 signature
->verify_recover_init
108 = OSSL_get_OP_signature_verify_recover_init(fns
);
111 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER
:
112 if (signature
->verify_recover
!= NULL
)
114 signature
->verify_recover
115 = OSSL_get_OP_signature_verify_recover(fns
);
118 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT
:
119 if (signature
->digest_sign_init
!= NULL
)
121 signature
->digest_sign_init
122 = OSSL_get_OP_signature_digest_sign_init(fns
);
125 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE
:
126 if (signature
->digest_sign_update
!= NULL
)
128 signature
->digest_sign_update
129 = OSSL_get_OP_signature_digest_sign_update(fns
);
132 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL
:
133 if (signature
->digest_sign_final
!= NULL
)
135 signature
->digest_sign_final
136 = OSSL_get_OP_signature_digest_sign_final(fns
);
139 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT
:
140 if (signature
->digest_verify_init
!= NULL
)
142 signature
->digest_verify_init
143 = OSSL_get_OP_signature_digest_verify_init(fns
);
146 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE
:
147 if (signature
->digest_verify_update
!= NULL
)
149 signature
->digest_verify_update
150 = OSSL_get_OP_signature_digest_verify_update(fns
);
153 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL
:
154 if (signature
->digest_verify_final
!= NULL
)
156 signature
->digest_verify_final
157 = OSSL_get_OP_signature_digest_verify_final(fns
);
160 case OSSL_FUNC_SIGNATURE_FREECTX
:
161 if (signature
->freectx
!= NULL
)
163 signature
->freectx
= OSSL_get_OP_signature_freectx(fns
);
166 case OSSL_FUNC_SIGNATURE_DUPCTX
:
167 if (signature
->dupctx
!= NULL
)
169 signature
->dupctx
= OSSL_get_OP_signature_dupctx(fns
);
171 case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS
:
172 if (signature
->get_ctx_params
!= NULL
)
174 signature
->get_ctx_params
175 = OSSL_get_OP_signature_get_ctx_params(fns
);
178 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS
:
179 if (signature
->gettable_ctx_params
!= NULL
)
181 signature
->gettable_ctx_params
182 = OSSL_get_OP_signature_gettable_ctx_params(fns
);
185 case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS
:
186 if (signature
->set_ctx_params
!= NULL
)
188 signature
->set_ctx_params
189 = OSSL_get_OP_signature_set_ctx_params(fns
);
192 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS
:
193 if (signature
->settable_ctx_params
!= NULL
)
195 signature
->settable_ctx_params
196 = OSSL_get_OP_signature_settable_ctx_params(fns
);
199 case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS
:
200 if (signature
->get_ctx_md_params
!= NULL
)
202 signature
->get_ctx_md_params
203 = OSSL_get_OP_signature_get_ctx_md_params(fns
);
206 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS
:
207 if (signature
->gettable_ctx_md_params
!= NULL
)
209 signature
->gettable_ctx_md_params
210 = OSSL_get_OP_signature_gettable_ctx_md_params(fns
);
213 case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS
:
214 if (signature
->set_ctx_md_params
!= NULL
)
216 signature
->set_ctx_md_params
217 = OSSL_get_OP_signature_set_ctx_md_params(fns
);
220 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS
:
221 if (signature
->settable_ctx_md_params
!= NULL
)
223 signature
->settable_ctx_md_params
224 = OSSL_get_OP_signature_settable_ctx_md_params(fns
);
232 && verifyrecfncnt
== 0
234 && digverifyfncnt
== 0)
235 || (signfncnt
!= 0 && signfncnt
!= 2)
236 || (verifyfncnt
!= 0 && verifyfncnt
!= 2)
237 || (verifyrecfncnt
!= 0 && verifyrecfncnt
!= 2)
238 || (digsignfncnt
!= 0 && digsignfncnt
!= 3)
239 || (digverifyfncnt
!= 0 && digverifyfncnt
!= 3)
240 || (gparamfncnt
!= 0 && gparamfncnt
!= 2)
241 || (sparamfncnt
!= 0 && sparamfncnt
!= 2)
242 || (gmdparamfncnt
!= 0 && gmdparamfncnt
!= 2)
243 || (smdparamfncnt
!= 0 && smdparamfncnt
!= 2)) {
245 * In order to be a consistent set of functions we must have at least
246 * a set of context functions (newctx and freectx) as well as a set of
247 * "signature" functions:
248 * (sign_init, sign) or
249 * (verify_init verify) or
250 * (verify_recover_init, verify_recover) or
251 * (digest_sign_init, digest_sign_update, digest_sign_final) or
252 * (digest_verify_init, digest_verify_update, digest_verify_final).
254 * set_ctx_params and settable_ctx_params are optional, but if one of
255 * them is present then the other one must also be present. The same
256 * applies to get_ctx_params and gettable_ctx_params. The same rules
257 * apply to the "md_params" functions. The dupctx function is optional.
259 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_PROVIDER_FUNCTIONS
);
265 EVP_SIGNATURE_free(signature
);
266 EVP_KEYMGMT_free(keymgmt
);
270 void EVP_SIGNATURE_free(EVP_SIGNATURE
*signature
)
272 if (signature
!= NULL
) {
275 CRYPTO_DOWN_REF(&signature
->refcnt
, &i
, signature
->lock
);
278 EVP_KEYMGMT_free(signature
->keymgmt
);
279 ossl_provider_free(signature
->prov
);
280 CRYPTO_THREAD_lock_free(signature
->lock
);
281 OPENSSL_free(signature
);
285 int EVP_SIGNATURE_up_ref(EVP_SIGNATURE
*signature
)
289 CRYPTO_UP_REF(&signature
->refcnt
, &ref
, signature
->lock
);
293 OSSL_PROVIDER
*EVP_SIGNATURE_provider(const EVP_SIGNATURE
*signature
)
295 return signature
->prov
;
298 EVP_SIGNATURE
*EVP_SIGNATURE_fetch(OPENSSL_CTX
*ctx
, const char *algorithm
,
299 const char *properties
)
301 struct keymgmt_data_st keymgmt_data
;
304 * A signature operation cannot work without a key, so we need key
305 * management from the same provider to manage its keys.
307 keymgmt_data
.ctx
= ctx
;
308 keymgmt_data
.properties
= properties
;
309 return evp_generic_fetch(ctx
, OSSL_OP_SIGNATURE
, algorithm
, properties
,
310 evp_signature_from_dispatch
, &keymgmt_data
,
311 (int (*)(void *))EVP_SIGNATURE_up_ref
,
312 (void (*)(void *))EVP_SIGNATURE_free
);
315 int EVP_SIGNATURE_is_a(const EVP_SIGNATURE
*signature
, const char *name
)
317 return evp_is_a(signature
->prov
, signature
->name_id
, name
);
320 int EVP_SIGNATURE_number(const EVP_SIGNATURE
*signature
)
322 return signature
->name_id
;
325 void EVP_SIGNATURE_do_all_provided(OPENSSL_CTX
*libctx
,
326 void (*fn
)(EVP_SIGNATURE
*signature
,
330 struct keymgmt_data_st keymgmt_data
;
332 keymgmt_data
.ctx
= libctx
;
333 keymgmt_data
.properties
= NULL
;
334 evp_generic_do_all(libctx
, OSSL_OP_SIGNATURE
,
335 (void (*)(void *, void *))fn
, arg
,
336 evp_signature_from_dispatch
, &keymgmt_data
,
337 (void (*)(void *))EVP_SIGNATURE_free
);
341 void EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE
*signature
,
342 void (*fn
)(const char *name
, void *data
),
345 if (signature
->prov
!= NULL
)
346 evp_names_do_all(signature
->prov
, signature
->name_id
, fn
, data
);
349 static int evp_pkey_signature_init(EVP_PKEY_CTX
*ctx
, EVP_SIGNATURE
*signature
,
353 void *provkey
= NULL
;
356 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
360 evp_pkey_ctx_free_old_ops(ctx
);
361 ctx
->operation
= operation
;
363 if (ctx
->engine
!= NULL
)
366 if (signature
!= NULL
) {
367 if (!EVP_SIGNATURE_up_ref(signature
))
370 int nid
= ctx
->pkey
!= NULL
? ctx
->pkey
->type
: ctx
->pmeth
->pkey_id
;
373 * TODO(3.0): Check for legacy handling. Remove this once all all
374 * algorithms are moved to providers.
376 if (ctx
->pkey
!= NULL
) {
377 switch (ctx
->pkey
->type
) {
383 signature
= EVP_SIGNATURE_fetch(NULL
, OBJ_nid2sn(nid
), NULL
);
388 if (signature
== NULL
) {
389 EVPerr(0, EVP_R_INITIALIZATION_ERROR
);
394 ctx
->op
.sig
.signature
= signature
;
395 if (ctx
->pkey
!= NULL
) {
397 evp_keymgmt_export_to_provider(ctx
->pkey
, signature
->keymgmt
, 0);
398 if (provkey
== NULL
) {
399 EVPerr(0, EVP_R_INITIALIZATION_ERROR
);
403 ctx
->op
.sig
.sigprovctx
= signature
->newctx(ossl_provider_ctx(signature
->prov
));
404 if (ctx
->op
.sig
.sigprovctx
== NULL
) {
405 /* The provider key can stay in the cache */
406 EVPerr(0, EVP_R_INITIALIZATION_ERROR
);
411 case EVP_PKEY_OP_SIGN
:
412 if (signature
->sign_init
== NULL
) {
413 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
417 ret
= signature
->sign_init(ctx
->op
.sig
.sigprovctx
, provkey
);
419 case EVP_PKEY_OP_VERIFY
:
420 if (signature
->verify_init
== NULL
) {
421 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
425 ret
= signature
->verify_init(ctx
->op
.sig
.sigprovctx
, provkey
);
427 case EVP_PKEY_OP_VERIFYRECOVER
:
428 if (signature
->verify_recover_init
== NULL
) {
429 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
433 ret
= signature
->verify_recover_init(ctx
->op
.sig
.sigprovctx
, provkey
);
436 EVPerr(0, EVP_R_INITIALIZATION_ERROR
);
441 signature
->freectx(ctx
->op
.sig
.sigprovctx
);
442 ctx
->op
.sig
.sigprovctx
= NULL
;
448 if (ctx
->pmeth
== NULL
449 || (operation
== EVP_PKEY_OP_SIGN
&& ctx
->pmeth
->sign
== NULL
)
450 || (operation
== EVP_PKEY_OP_VERIFY
&& ctx
->pmeth
->verify
== NULL
)
451 || (operation
== EVP_PKEY_OP_VERIFYRECOVER
452 && ctx
->pmeth
->verify_recover
== NULL
)) {
453 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
458 case EVP_PKEY_OP_SIGN
:
459 if (ctx
->pmeth
->sign_init
== NULL
)
461 ret
= ctx
->pmeth
->sign_init(ctx
);
463 case EVP_PKEY_OP_VERIFY
:
464 if (ctx
->pmeth
->verify_init
== NULL
)
466 ret
= ctx
->pmeth
->verify_init(ctx
);
468 case EVP_PKEY_OP_VERIFYRECOVER
:
469 if (ctx
->pmeth
->verify_recover_init
== NULL
)
471 ret
= ctx
->pmeth
->verify_recover_init(ctx
);
474 EVPerr(0, EVP_R_INITIALIZATION_ERROR
);
482 ctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
486 int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX
*ctx
, EVP_SIGNATURE
*signature
)
488 return evp_pkey_signature_init(ctx
, signature
, EVP_PKEY_OP_SIGN
);
491 int EVP_PKEY_sign_init(EVP_PKEY_CTX
*ctx
)
493 return evp_pkey_signature_init(ctx
, NULL
, EVP_PKEY_OP_SIGN
);
496 int EVP_PKEY_sign(EVP_PKEY_CTX
*ctx
,
497 unsigned char *sig
, size_t *siglen
,
498 const unsigned char *tbs
, size_t tbslen
)
503 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
507 if (ctx
->operation
!= EVP_PKEY_OP_SIGN
) {
508 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED
);
512 if (ctx
->op
.sig
.sigprovctx
== NULL
)
515 ret
= ctx
->op
.sig
.signature
->sign(ctx
->op
.sig
.sigprovctx
, sig
, siglen
,
516 SIZE_MAX
, tbs
, tbslen
);
521 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->sign
== NULL
) {
522 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
526 M_check_autoarg(ctx
, sig
, siglen
, EVP_F_EVP_PKEY_SIGN
)
527 return ctx
->pmeth
->sign(ctx
, sig
, siglen
, tbs
, tbslen
);
530 int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX
*ctx
, EVP_SIGNATURE
*signature
)
532 return evp_pkey_signature_init(ctx
, signature
, EVP_PKEY_OP_VERIFY
);
535 int EVP_PKEY_verify_init(EVP_PKEY_CTX
*ctx
)
537 return evp_pkey_signature_init(ctx
, NULL
, EVP_PKEY_OP_VERIFY
);
540 int EVP_PKEY_verify(EVP_PKEY_CTX
*ctx
,
541 const unsigned char *sig
, size_t siglen
,
542 const unsigned char *tbs
, size_t tbslen
)
547 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
551 if (ctx
->operation
!= EVP_PKEY_OP_VERIFY
) {
552 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED
);
556 if (ctx
->op
.sig
.sigprovctx
== NULL
)
559 ret
= ctx
->op
.sig
.signature
->verify(ctx
->op
.sig
.sigprovctx
, sig
, siglen
,
564 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->verify
== NULL
) {
565 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
569 return ctx
->pmeth
->verify(ctx
, sig
, siglen
, tbs
, tbslen
);
572 int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX
*ctx
, EVP_SIGNATURE
*signature
)
574 return evp_pkey_signature_init(ctx
, signature
, EVP_PKEY_OP_VERIFYRECOVER
);
577 int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX
*ctx
)
579 return evp_pkey_signature_init(ctx
, NULL
, EVP_PKEY_OP_VERIFYRECOVER
);
582 int EVP_PKEY_verify_recover(EVP_PKEY_CTX
*ctx
,
583 unsigned char *rout
, size_t *routlen
,
584 const unsigned char *sig
, size_t siglen
)
589 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
593 if (ctx
->operation
!= EVP_PKEY_OP_VERIFYRECOVER
) {
594 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED
);
598 if (ctx
->op
.sig
.sigprovctx
== NULL
)
601 ret
= ctx
->op
.sig
.signature
->verify_recover(ctx
->op
.sig
.sigprovctx
, rout
,
603 (rout
== NULL
? 0 : *routlen
),
607 if (ctx
->pmeth
== NULL
|| ctx
->pmeth
->verify_recover
== NULL
) {
608 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
611 M_check_autoarg(ctx
, rout
, routlen
, EVP_F_EVP_PKEY_VERIFY_RECOVER
)
612 return ctx
->pmeth
->verify_recover(ctx
, rout
, routlen
, sig
, siglen
);
615 int EVP_PKEY_encrypt_init(EVP_PKEY_CTX
*ctx
)
618 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->encrypt
) {
619 EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT
,
620 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
623 ctx
->operation
= EVP_PKEY_OP_ENCRYPT
;
624 if (!ctx
->pmeth
->encrypt_init
)
626 ret
= ctx
->pmeth
->encrypt_init(ctx
);
628 ctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
632 int EVP_PKEY_encrypt(EVP_PKEY_CTX
*ctx
,
633 unsigned char *out
, size_t *outlen
,
634 const unsigned char *in
, size_t inlen
)
636 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->encrypt
) {
637 EVPerr(EVP_F_EVP_PKEY_ENCRYPT
,
638 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
641 if (ctx
->operation
!= EVP_PKEY_OP_ENCRYPT
) {
642 EVPerr(EVP_F_EVP_PKEY_ENCRYPT
, EVP_R_OPERATON_NOT_INITIALIZED
);
645 M_check_autoarg(ctx
, out
, outlen
, EVP_F_EVP_PKEY_ENCRYPT
)
646 return ctx
->pmeth
->encrypt(ctx
, out
, outlen
, in
, inlen
);
649 int EVP_PKEY_decrypt_init(EVP_PKEY_CTX
*ctx
)
652 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->decrypt
) {
653 EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT
,
654 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
657 ctx
->operation
= EVP_PKEY_OP_DECRYPT
;
658 if (!ctx
->pmeth
->decrypt_init
)
660 ret
= ctx
->pmeth
->decrypt_init(ctx
);
662 ctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
666 int EVP_PKEY_decrypt(EVP_PKEY_CTX
*ctx
,
667 unsigned char *out
, size_t *outlen
,
668 const unsigned char *in
, size_t inlen
)
670 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->decrypt
) {
671 EVPerr(EVP_F_EVP_PKEY_DECRYPT
,
672 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
675 if (ctx
->operation
!= EVP_PKEY_OP_DECRYPT
) {
676 EVPerr(EVP_F_EVP_PKEY_DECRYPT
, EVP_R_OPERATON_NOT_INITIALIZED
);
679 M_check_autoarg(ctx
, out
, outlen
, EVP_F_EVP_PKEY_DECRYPT
)
680 return ctx
->pmeth
->decrypt(ctx
, out
, outlen
, in
, inlen
);