2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
5 /* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
34 * 6. Redistributions of any form whatsoever must retain the following
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
62 #include <openssl/objects.h>
63 #include <openssl/evp.h>
66 #define M_check_autoarg(ctx, arg, arglen, err) \
67 if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \
69 size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \
75 else if (*arglen < pksize) \
77 EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/\
82 int EVP_PKEY_sign_init(EVP_PKEY_CTX
*ctx
)
85 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->sign
)
87 EVPerr(EVP_F_EVP_PKEY_SIGN_INIT
,
88 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
91 ctx
->operation
= EVP_PKEY_OP_SIGN
;
92 if (!ctx
->pmeth
->sign_init
)
94 ret
= ctx
->pmeth
->sign_init(ctx
);
96 ctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
100 int EVP_PKEY_sign(EVP_PKEY_CTX
*ctx
,
101 unsigned char *sig
, size_t *siglen
,
102 const unsigned char *tbs
, size_t tbslen
)
104 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->sign
)
106 EVPerr(EVP_F_EVP_PKEY_SIGN
,
107 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
110 if (ctx
->operation
!= EVP_PKEY_OP_SIGN
)
112 EVPerr(EVP_F_EVP_PKEY_SIGN
, EVP_R_OPERATON_NOT_INITIALIZED
);
115 M_check_autoarg(ctx
, sig
, siglen
, EVP_F_EVP_PKEY_SIGN
)
116 return ctx
->pmeth
->sign(ctx
, sig
, siglen
, tbs
, tbslen
);
119 int EVP_PKEY_verify_init(EVP_PKEY_CTX
*ctx
)
122 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->verify
)
124 EVPerr(EVP_F_EVP_PKEY_VERIFY_INIT
,
125 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
128 ctx
->operation
= EVP_PKEY_OP_VERIFY
;
129 if (!ctx
->pmeth
->verify_init
)
131 ret
= ctx
->pmeth
->verify_init(ctx
);
133 ctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
137 int EVP_PKEY_verify(EVP_PKEY_CTX
*ctx
,
138 const unsigned char *sig
, size_t siglen
,
139 const unsigned char *tbs
, size_t tbslen
)
141 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->verify
)
143 EVPerr(EVP_F_EVP_PKEY_VERIFY
,
144 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
147 if (ctx
->operation
!= EVP_PKEY_OP_VERIFY
)
149 EVPerr(EVP_F_EVP_PKEY_VERIFY
, EVP_R_OPERATON_NOT_INITIALIZED
);
152 return ctx
->pmeth
->verify(ctx
, sig
, siglen
, tbs
, tbslen
);
155 int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX
*ctx
)
158 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->verify_recover
)
160 EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT
,
161 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
164 ctx
->operation
= EVP_PKEY_OP_VERIFYRECOVER
;
165 if (!ctx
->pmeth
->verify_recover_init
)
167 ret
= ctx
->pmeth
->verify_recover_init(ctx
);
169 ctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
173 int EVP_PKEY_verify_recover(EVP_PKEY_CTX
*ctx
,
174 unsigned char *rout
, size_t *routlen
,
175 const unsigned char *sig
, size_t siglen
)
177 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->verify_recover
)
179 EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER
,
180 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
183 if (ctx
->operation
!= EVP_PKEY_OP_VERIFYRECOVER
)
185 EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER
, EVP_R_OPERATON_NOT_INITIALIZED
);
188 M_check_autoarg(ctx
, rout
, routlen
, EVP_F_EVP_PKEY_VERIFY_RECOVER
)
189 return ctx
->pmeth
->verify_recover(ctx
, rout
, routlen
, sig
, siglen
);
192 int EVP_PKEY_encrypt_init(EVP_PKEY_CTX
*ctx
)
195 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->encrypt
)
197 EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT
,
198 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
201 ctx
->operation
= EVP_PKEY_OP_ENCRYPT
;
202 if (!ctx
->pmeth
->encrypt_init
)
204 ret
= ctx
->pmeth
->encrypt_init(ctx
);
206 ctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
210 int EVP_PKEY_encrypt(EVP_PKEY_CTX
*ctx
,
211 unsigned char *out
, size_t *outlen
,
212 const unsigned char *in
, size_t inlen
)
214 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->encrypt
)
216 EVPerr(EVP_F_EVP_PKEY_ENCRYPT
,
217 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
220 if (ctx
->operation
!= EVP_PKEY_OP_ENCRYPT
)
222 EVPerr(EVP_F_EVP_PKEY_ENCRYPT
, EVP_R_OPERATON_NOT_INITIALIZED
);
225 M_check_autoarg(ctx
, out
, outlen
, EVP_F_EVP_PKEY_ENCRYPT
)
226 return ctx
->pmeth
->encrypt(ctx
, out
, outlen
, in
, inlen
);
229 int EVP_PKEY_decrypt_init(EVP_PKEY_CTX
*ctx
)
232 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->decrypt
)
234 EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT
,
235 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
238 ctx
->operation
= EVP_PKEY_OP_DECRYPT
;
239 if (!ctx
->pmeth
->decrypt_init
)
241 ret
= ctx
->pmeth
->decrypt_init(ctx
);
243 ctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
247 int EVP_PKEY_decrypt(EVP_PKEY_CTX
*ctx
,
248 unsigned char *out
, size_t *outlen
,
249 const unsigned char *in
, size_t inlen
)
251 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->decrypt
)
253 EVPerr(EVP_F_EVP_PKEY_DECRYPT
,
254 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
257 if (ctx
->operation
!= EVP_PKEY_OP_DECRYPT
)
259 EVPerr(EVP_F_EVP_PKEY_DECRYPT
, EVP_R_OPERATON_NOT_INITIALIZED
);
262 M_check_autoarg(ctx
, out
, outlen
, EVP_F_EVP_PKEY_DECRYPT
)
263 return ctx
->pmeth
->decrypt(ctx
, out
, outlen
, in
, inlen
);
267 int EVP_PKEY_derive_init(EVP_PKEY_CTX
*ctx
)
270 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->derive
)
272 EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT
,
273 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
276 ctx
->operation
= EVP_PKEY_OP_DERIVE
;
277 if (!ctx
->pmeth
->derive_init
)
279 ret
= ctx
->pmeth
->derive_init(ctx
);
281 ctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
285 int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX
*ctx
, EVP_PKEY
*peer
)
288 if (!ctx
|| !ctx
->pmeth
|| !(ctx
->pmeth
->derive
||ctx
->pmeth
->encrypt
||ctx
->pmeth
->decrypt
) || !ctx
->pmeth
->ctrl
)
290 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER
,
291 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
294 if (ctx
->operation
!= EVP_PKEY_OP_DERIVE
&& ctx
->operation
!= EVP_PKEY_OP_ENCRYPT
&& ctx
->operation
!= EVP_PKEY_OP_DECRYPT
)
296 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER
,
297 EVP_R_OPERATON_NOT_INITIALIZED
);
301 ret
= ctx
->pmeth
->ctrl(ctx
, EVP_PKEY_CTRL_PEER_KEY
, 0, peer
);
311 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER
, EVP_R_NO_KEY_SET
);
315 if (ctx
->pkey
->type
!= peer
->type
)
317 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER
,
318 EVP_R_DIFFERENT_KEY_TYPES
);
322 /* ran@cryptocom.ru: For clarity. The error is if parameters in peer are
323 * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return
324 * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1
325 * (different key types) is impossible here because it is checked earlier.
326 * -2 is OK for us here, as well as 1, so we can check for 0 only. */
327 if (!EVP_PKEY_missing_parameters(peer
) &&
328 !EVP_PKEY_cmp_parameters(ctx
->pkey
, peer
))
330 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER
,
331 EVP_R_DIFFERENT_PARAMETERS
);
336 EVP_PKEY_free(ctx
->peerkey
);
339 ret
= ctx
->pmeth
->ctrl(ctx
, EVP_PKEY_CTRL_PEER_KEY
, 1, peer
);
347 CRYPTO_add(&peer
->references
,1,CRYPTO_LOCK_EVP_PKEY
);
352 int EVP_PKEY_derive(EVP_PKEY_CTX
*ctx
, unsigned char *key
, size_t *pkeylen
)
354 if (!ctx
|| !ctx
->pmeth
|| !ctx
->pmeth
->derive
)
356 EVPerr(EVP_F_EVP_PKEY_DERIVE
,
357 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
360 if (ctx
->operation
!= EVP_PKEY_OP_DERIVE
)
362 EVPerr(EVP_F_EVP_PKEY_DERIVE
, EVP_R_OPERATON_NOT_INITIALIZED
);
365 M_check_autoarg(ctx
, key
, pkeylen
, EVP_F_EVP_PKEY_DERIVE
)
366 return ctx
->pmeth
->derive(ctx
, key
, pkeylen
);