2
0

signature.c 25 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746
  1. /*
  2. * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <stdlib.h>
  11. #include <openssl/objects.h>
  12. #include <openssl/evp.h>
  13. #include "internal/numbers.h" /* includes SIZE_MAX */
  14. #include "internal/cryptlib.h"
  15. #include "internal/provider.h"
  16. #include "internal/core.h"
  17. #include "crypto/evp.h"
  18. #include "evp_local.h"
  19. static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov)
  20. {
  21. EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE));
  22. if (signature == NULL)
  23. return NULL;
  24. signature->lock = CRYPTO_THREAD_lock_new();
  25. if (signature->lock == NULL) {
  26. ERR_raise(ERR_LIB_EVP, ERR_R_CRYPTO_LIB);
  27. OPENSSL_free(signature);
  28. return NULL;
  29. }
  30. signature->prov = prov;
  31. ossl_provider_up_ref(prov);
  32. signature->refcnt = 1;
  33. return signature;
  34. }
  35. static void *evp_signature_from_algorithm(int name_id,
  36. const OSSL_ALGORITHM *algodef,
  37. OSSL_PROVIDER *prov)
  38. {
  39. const OSSL_DISPATCH *fns = algodef->implementation;
  40. EVP_SIGNATURE *signature = NULL;
  41. int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0;
  42. int digsignfncnt = 0, digverifyfncnt = 0;
  43. int gparamfncnt = 0, sparamfncnt = 0, gmdparamfncnt = 0, smdparamfncnt = 0;
  44. if ((signature = evp_signature_new(prov)) == NULL) {
  45. ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
  46. goto err;
  47. }
  48. signature->name_id = name_id;
  49. if ((signature->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL)
  50. goto err;
  51. signature->description = algodef->algorithm_description;
  52. for (; fns->function_id != 0; fns++) {
  53. switch (fns->function_id) {
  54. case OSSL_FUNC_SIGNATURE_NEWCTX:
  55. if (signature->newctx != NULL)
  56. break;
  57. signature->newctx = OSSL_FUNC_signature_newctx(fns);
  58. ctxfncnt++;
  59. break;
  60. case OSSL_FUNC_SIGNATURE_SIGN_INIT:
  61. if (signature->sign_init != NULL)
  62. break;
  63. signature->sign_init = OSSL_FUNC_signature_sign_init(fns);
  64. signfncnt++;
  65. break;
  66. case OSSL_FUNC_SIGNATURE_SIGN:
  67. if (signature->sign != NULL)
  68. break;
  69. signature->sign = OSSL_FUNC_signature_sign(fns);
  70. signfncnt++;
  71. break;
  72. case OSSL_FUNC_SIGNATURE_VERIFY_INIT:
  73. if (signature->verify_init != NULL)
  74. break;
  75. signature->verify_init = OSSL_FUNC_signature_verify_init(fns);
  76. verifyfncnt++;
  77. break;
  78. case OSSL_FUNC_SIGNATURE_VERIFY:
  79. if (signature->verify != NULL)
  80. break;
  81. signature->verify = OSSL_FUNC_signature_verify(fns);
  82. verifyfncnt++;
  83. break;
  84. case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT:
  85. if (signature->verify_recover_init != NULL)
  86. break;
  87. signature->verify_recover_init
  88. = OSSL_FUNC_signature_verify_recover_init(fns);
  89. verifyrecfncnt++;
  90. break;
  91. case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER:
  92. if (signature->verify_recover != NULL)
  93. break;
  94. signature->verify_recover
  95. = OSSL_FUNC_signature_verify_recover(fns);
  96. verifyrecfncnt++;
  97. break;
  98. case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT:
  99. if (signature->digest_sign_init != NULL)
  100. break;
  101. signature->digest_sign_init
  102. = OSSL_FUNC_signature_digest_sign_init(fns);
  103. break;
  104. case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE:
  105. if (signature->digest_sign_update != NULL)
  106. break;
  107. signature->digest_sign_update
  108. = OSSL_FUNC_signature_digest_sign_update(fns);
  109. digsignfncnt++;
  110. break;
  111. case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL:
  112. if (signature->digest_sign_final != NULL)
  113. break;
  114. signature->digest_sign_final
  115. = OSSL_FUNC_signature_digest_sign_final(fns);
  116. digsignfncnt++;
  117. break;
  118. case OSSL_FUNC_SIGNATURE_DIGEST_SIGN:
  119. if (signature->digest_sign != NULL)
  120. break;
  121. signature->digest_sign
  122. = OSSL_FUNC_signature_digest_sign(fns);
  123. break;
  124. case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT:
  125. if (signature->digest_verify_init != NULL)
  126. break;
  127. signature->digest_verify_init
  128. = OSSL_FUNC_signature_digest_verify_init(fns);
  129. break;
  130. case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE:
  131. if (signature->digest_verify_update != NULL)
  132. break;
  133. signature->digest_verify_update
  134. = OSSL_FUNC_signature_digest_verify_update(fns);
  135. digverifyfncnt++;
  136. break;
  137. case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL:
  138. if (signature->digest_verify_final != NULL)
  139. break;
  140. signature->digest_verify_final
  141. = OSSL_FUNC_signature_digest_verify_final(fns);
  142. digverifyfncnt++;
  143. break;
  144. case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY:
  145. if (signature->digest_verify != NULL)
  146. break;
  147. signature->digest_verify
  148. = OSSL_FUNC_signature_digest_verify(fns);
  149. break;
  150. case OSSL_FUNC_SIGNATURE_FREECTX:
  151. if (signature->freectx != NULL)
  152. break;
  153. signature->freectx = OSSL_FUNC_signature_freectx(fns);
  154. ctxfncnt++;
  155. break;
  156. case OSSL_FUNC_SIGNATURE_DUPCTX:
  157. if (signature->dupctx != NULL)
  158. break;
  159. signature->dupctx = OSSL_FUNC_signature_dupctx(fns);
  160. break;
  161. case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS:
  162. if (signature->get_ctx_params != NULL)
  163. break;
  164. signature->get_ctx_params
  165. = OSSL_FUNC_signature_get_ctx_params(fns);
  166. gparamfncnt++;
  167. break;
  168. case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS:
  169. if (signature->gettable_ctx_params != NULL)
  170. break;
  171. signature->gettable_ctx_params
  172. = OSSL_FUNC_signature_gettable_ctx_params(fns);
  173. gparamfncnt++;
  174. break;
  175. case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS:
  176. if (signature->set_ctx_params != NULL)
  177. break;
  178. signature->set_ctx_params
  179. = OSSL_FUNC_signature_set_ctx_params(fns);
  180. sparamfncnt++;
  181. break;
  182. case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS:
  183. if (signature->settable_ctx_params != NULL)
  184. break;
  185. signature->settable_ctx_params
  186. = OSSL_FUNC_signature_settable_ctx_params(fns);
  187. sparamfncnt++;
  188. break;
  189. case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS:
  190. if (signature->get_ctx_md_params != NULL)
  191. break;
  192. signature->get_ctx_md_params
  193. = OSSL_FUNC_signature_get_ctx_md_params(fns);
  194. gmdparamfncnt++;
  195. break;
  196. case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS:
  197. if (signature->gettable_ctx_md_params != NULL)
  198. break;
  199. signature->gettable_ctx_md_params
  200. = OSSL_FUNC_signature_gettable_ctx_md_params(fns);
  201. gmdparamfncnt++;
  202. break;
  203. case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS:
  204. if (signature->set_ctx_md_params != NULL)
  205. break;
  206. signature->set_ctx_md_params
  207. = OSSL_FUNC_signature_set_ctx_md_params(fns);
  208. smdparamfncnt++;
  209. break;
  210. case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS:
  211. if (signature->settable_ctx_md_params != NULL)
  212. break;
  213. signature->settable_ctx_md_params
  214. = OSSL_FUNC_signature_settable_ctx_md_params(fns);
  215. smdparamfncnt++;
  216. break;
  217. }
  218. }
  219. if (ctxfncnt != 2
  220. || (signfncnt == 0
  221. && verifyfncnt == 0
  222. && verifyrecfncnt == 0
  223. && digsignfncnt == 0
  224. && digverifyfncnt == 0
  225. && signature->digest_sign == NULL
  226. && signature->digest_verify == NULL)
  227. || (signfncnt != 0 && signfncnt != 2)
  228. || (verifyfncnt != 0 && verifyfncnt != 2)
  229. || (verifyrecfncnt != 0 && verifyrecfncnt != 2)
  230. || (digsignfncnt != 0 && digsignfncnt != 2)
  231. || (digsignfncnt == 2 && signature->digest_sign_init == NULL)
  232. || (digverifyfncnt != 0 && digverifyfncnt != 2)
  233. || (digverifyfncnt == 2 && signature->digest_verify_init == NULL)
  234. || (signature->digest_sign != NULL
  235. && signature->digest_sign_init == NULL)
  236. || (signature->digest_verify != NULL
  237. && signature->digest_verify_init == NULL)
  238. || (gparamfncnt != 0 && gparamfncnt != 2)
  239. || (sparamfncnt != 0 && sparamfncnt != 2)
  240. || (gmdparamfncnt != 0 && gmdparamfncnt != 2)
  241. || (smdparamfncnt != 0 && smdparamfncnt != 2)) {
  242. /*
  243. * In order to be a consistent set of functions we must have at least
  244. * a set of context functions (newctx and freectx) as well as a set of
  245. * "signature" functions:
  246. * (sign_init, sign) or
  247. * (verify_init verify) or
  248. * (verify_recover_init, verify_recover) or
  249. * (digest_sign_init, digest_sign_update, digest_sign_final) or
  250. * (digest_verify_init, digest_verify_update, digest_verify_final) or
  251. * (digest_sign_init, digest_sign) or
  252. * (digest_verify_init, digest_verify).
  253. *
  254. * set_ctx_params and settable_ctx_params are optional, but if one of
  255. * them is present then the other one must also be present. The same
  256. * applies to get_ctx_params and gettable_ctx_params. The same rules
  257. * apply to the "md_params" functions. The dupctx function is optional.
  258. */
  259. ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
  260. goto err;
  261. }
  262. return signature;
  263. err:
  264. EVP_SIGNATURE_free(signature);
  265. return NULL;
  266. }
  267. void EVP_SIGNATURE_free(EVP_SIGNATURE *signature)
  268. {
  269. int i;
  270. if (signature == NULL)
  271. return;
  272. CRYPTO_DOWN_REF(&signature->refcnt, &i, signature->lock);
  273. if (i > 0)
  274. return;
  275. OPENSSL_free(signature->type_name);
  276. ossl_provider_free(signature->prov);
  277. CRYPTO_THREAD_lock_free(signature->lock);
  278. OPENSSL_free(signature);
  279. }
  280. int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature)
  281. {
  282. int ref = 0;
  283. CRYPTO_UP_REF(&signature->refcnt, &ref, signature->lock);
  284. return 1;
  285. }
  286. OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature)
  287. {
  288. return signature->prov;
  289. }
  290. EVP_SIGNATURE *EVP_SIGNATURE_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
  291. const char *properties)
  292. {
  293. return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties,
  294. evp_signature_from_algorithm,
  295. (int (*)(void *))EVP_SIGNATURE_up_ref,
  296. (void (*)(void *))EVP_SIGNATURE_free);
  297. }
  298. EVP_SIGNATURE *evp_signature_fetch_from_prov(OSSL_PROVIDER *prov,
  299. const char *algorithm,
  300. const char *properties)
  301. {
  302. return evp_generic_fetch_from_prov(prov, OSSL_OP_SIGNATURE,
  303. algorithm, properties,
  304. evp_signature_from_algorithm,
  305. (int (*)(void *))EVP_SIGNATURE_up_ref,
  306. (void (*)(void *))EVP_SIGNATURE_free);
  307. }
  308. int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name)
  309. {
  310. return signature != NULL
  311. && evp_is_a(signature->prov, signature->name_id, NULL, name);
  312. }
  313. int evp_signature_get_number(const EVP_SIGNATURE *signature)
  314. {
  315. return signature->name_id;
  316. }
  317. const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature)
  318. {
  319. return signature->type_name;
  320. }
  321. const char *EVP_SIGNATURE_get0_description(const EVP_SIGNATURE *signature)
  322. {
  323. return signature->description;
  324. }
  325. void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx,
  326. void (*fn)(EVP_SIGNATURE *signature,
  327. void *arg),
  328. void *arg)
  329. {
  330. evp_generic_do_all(libctx, OSSL_OP_SIGNATURE,
  331. (void (*)(void *, void *))fn, arg,
  332. evp_signature_from_algorithm,
  333. (int (*)(void *))EVP_SIGNATURE_up_ref,
  334. (void (*)(void *))EVP_SIGNATURE_free);
  335. }
  336. int EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature,
  337. void (*fn)(const char *name, void *data),
  338. void *data)
  339. {
  340. if (signature->prov != NULL)
  341. return evp_names_do_all(signature->prov, signature->name_id, fn, data);
  342. return 1;
  343. }
  344. const OSSL_PARAM *EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig)
  345. {
  346. void *provctx;
  347. if (sig == NULL || sig->gettable_ctx_params == NULL)
  348. return NULL;
  349. provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig));
  350. return sig->gettable_ctx_params(NULL, provctx);
  351. }
  352. const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig)
  353. {
  354. void *provctx;
  355. if (sig == NULL || sig->settable_ctx_params == NULL)
  356. return NULL;
  357. provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig));
  358. return sig->settable_ctx_params(NULL, provctx);
  359. }
  360. static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation,
  361. const OSSL_PARAM params[])
  362. {
  363. int ret = 0;
  364. void *provkey = NULL;
  365. EVP_SIGNATURE *signature = NULL;
  366. EVP_KEYMGMT *tmp_keymgmt = NULL;
  367. const OSSL_PROVIDER *tmp_prov = NULL;
  368. const char *supported_sig = NULL;
  369. int iter;
  370. if (ctx == NULL) {
  371. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  372. return -2;
  373. }
  374. evp_pkey_ctx_free_old_ops(ctx);
  375. ctx->operation = operation;
  376. ERR_set_mark();
  377. if (evp_pkey_ctx_is_legacy(ctx))
  378. goto legacy;
  379. if (ctx->pkey == NULL) {
  380. ERR_clear_last_mark();
  381. ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
  382. goto err;
  383. }
  384. /*
  385. * Try to derive the supported signature from |ctx->keymgmt|.
  386. */
  387. if (!ossl_assert(ctx->pkey->keymgmt == NULL
  388. || ctx->pkey->keymgmt == ctx->keymgmt)) {
  389. ERR_clear_last_mark();
  390. ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
  391. goto err;
  392. }
  393. supported_sig = evp_keymgmt_util_query_operation_name(ctx->keymgmt,
  394. OSSL_OP_SIGNATURE);
  395. if (supported_sig == NULL) {
  396. ERR_clear_last_mark();
  397. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  398. goto err;
  399. }
  400. /*
  401. * We perform two iterations:
  402. *
  403. * 1. Do the normal signature fetch, using the fetching data given by
  404. * the EVP_PKEY_CTX.
  405. * 2. Do the provider specific signature fetch, from the same provider
  406. * as |ctx->keymgmt|
  407. *
  408. * We then try to fetch the keymgmt from the same provider as the
  409. * signature, and try to export |ctx->pkey| to that keymgmt (when
  410. * this keymgmt happens to be the same as |ctx->keymgmt|, the export
  411. * is a no-op, but we call it anyway to not complicate the code even
  412. * more).
  413. * If the export call succeeds (returns a non-NULL provider key pointer),
  414. * we're done and can perform the operation itself. If not, we perform
  415. * the second iteration, or jump to legacy.
  416. */
  417. for (iter = 1; iter < 3 && provkey == NULL; iter++) {
  418. EVP_KEYMGMT *tmp_keymgmt_tofree = NULL;
  419. /*
  420. * If we're on the second iteration, free the results from the first.
  421. * They are NULL on the first iteration, so no need to check what
  422. * iteration we're on.
  423. */
  424. EVP_SIGNATURE_free(signature);
  425. EVP_KEYMGMT_free(tmp_keymgmt);
  426. switch (iter) {
  427. case 1:
  428. signature =
  429. EVP_SIGNATURE_fetch(ctx->libctx, supported_sig, ctx->propquery);
  430. if (signature != NULL)
  431. tmp_prov = EVP_SIGNATURE_get0_provider(signature);
  432. break;
  433. case 2:
  434. tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt);
  435. signature =
  436. evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
  437. supported_sig, ctx->propquery);
  438. if (signature == NULL)
  439. goto legacy;
  440. break;
  441. }
  442. if (signature == NULL)
  443. continue;
  444. /*
  445. * Ensure that the key is provided, either natively, or as a cached
  446. * export. We start by fetching the keymgmt with the same name as
  447. * |ctx->pkey|, but from the provider of the signature method, using
  448. * the same property query as when fetching the signature method.
  449. * With the keymgmt we found (if we did), we try to export |ctx->pkey|
  450. * to it (evp_pkey_export_to_provider() is smart enough to only actually
  451. * export it if |tmp_keymgmt| is different from |ctx->pkey|'s keymgmt)
  452. */
  453. tmp_keymgmt_tofree = tmp_keymgmt =
  454. evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
  455. EVP_KEYMGMT_get0_name(ctx->keymgmt),
  456. ctx->propquery);
  457. if (tmp_keymgmt != NULL)
  458. provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
  459. &tmp_keymgmt, ctx->propquery);
  460. if (tmp_keymgmt == NULL)
  461. EVP_KEYMGMT_free(tmp_keymgmt_tofree);
  462. }
  463. if (provkey == NULL) {
  464. EVP_SIGNATURE_free(signature);
  465. goto legacy;
  466. }
  467. ERR_pop_to_mark();
  468. /* No more legacy from here down to legacy: */
  469. ctx->op.sig.signature = signature;
  470. ctx->op.sig.algctx =
  471. signature->newctx(ossl_provider_ctx(signature->prov), ctx->propquery);
  472. if (ctx->op.sig.algctx == NULL) {
  473. /* The provider key can stay in the cache */
  474. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  475. goto err;
  476. }
  477. switch (operation) {
  478. case EVP_PKEY_OP_SIGN:
  479. if (signature->sign_init == NULL) {
  480. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  481. ret = -2;
  482. goto err;
  483. }
  484. ret = signature->sign_init(ctx->op.sig.algctx, provkey, params);
  485. break;
  486. case EVP_PKEY_OP_VERIFY:
  487. if (signature->verify_init == NULL) {
  488. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  489. ret = -2;
  490. goto err;
  491. }
  492. ret = signature->verify_init(ctx->op.sig.algctx, provkey, params);
  493. break;
  494. case EVP_PKEY_OP_VERIFYRECOVER:
  495. if (signature->verify_recover_init == NULL) {
  496. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  497. ret = -2;
  498. goto err;
  499. }
  500. ret = signature->verify_recover_init(ctx->op.sig.algctx, provkey,
  501. params);
  502. break;
  503. default:
  504. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  505. goto err;
  506. }
  507. if (ret <= 0) {
  508. signature->freectx(ctx->op.sig.algctx);
  509. ctx->op.sig.algctx = NULL;
  510. goto err;
  511. }
  512. goto end;
  513. legacy:
  514. /*
  515. * If we don't have the full support we need with provided methods,
  516. * let's go see if legacy does.
  517. */
  518. ERR_pop_to_mark();
  519. EVP_KEYMGMT_free(tmp_keymgmt);
  520. tmp_keymgmt = NULL;
  521. if (ctx->pmeth == NULL
  522. || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL)
  523. || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL)
  524. || (operation == EVP_PKEY_OP_VERIFYRECOVER
  525. && ctx->pmeth->verify_recover == NULL)) {
  526. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  527. return -2;
  528. }
  529. switch (operation) {
  530. case EVP_PKEY_OP_SIGN:
  531. if (ctx->pmeth->sign_init == NULL)
  532. return 1;
  533. ret = ctx->pmeth->sign_init(ctx);
  534. break;
  535. case EVP_PKEY_OP_VERIFY:
  536. if (ctx->pmeth->verify_init == NULL)
  537. return 1;
  538. ret = ctx->pmeth->verify_init(ctx);
  539. break;
  540. case EVP_PKEY_OP_VERIFYRECOVER:
  541. if (ctx->pmeth->verify_recover_init == NULL)
  542. return 1;
  543. ret = ctx->pmeth->verify_recover_init(ctx);
  544. break;
  545. default:
  546. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  547. goto err;
  548. }
  549. if (ret <= 0)
  550. goto err;
  551. end:
  552. #ifndef FIPS_MODULE
  553. if (ret > 0)
  554. ret = evp_pkey_ctx_use_cached_data(ctx);
  555. #endif
  556. EVP_KEYMGMT_free(tmp_keymgmt);
  557. return ret;
  558. err:
  559. evp_pkey_ctx_free_old_ops(ctx);
  560. ctx->operation = EVP_PKEY_OP_UNDEFINED;
  561. EVP_KEYMGMT_free(tmp_keymgmt);
  562. return ret;
  563. }
  564. int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
  565. {
  566. return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN, NULL);
  567. }
  568. int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
  569. {
  570. return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN, params);
  571. }
  572. int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
  573. unsigned char *sig, size_t *siglen,
  574. const unsigned char *tbs, size_t tbslen)
  575. {
  576. int ret;
  577. if (ctx == NULL) {
  578. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  579. return -2;
  580. }
  581. if (ctx->operation != EVP_PKEY_OP_SIGN) {
  582. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
  583. return -1;
  584. }
  585. if (ctx->op.sig.algctx == NULL)
  586. goto legacy;
  587. ret = ctx->op.sig.signature->sign(ctx->op.sig.algctx, sig, siglen,
  588. (sig == NULL) ? 0 : *siglen, tbs, tbslen);
  589. return ret;
  590. legacy:
  591. if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) {
  592. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  593. return -2;
  594. }
  595. M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
  596. return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
  597. }
  598. int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
  599. {
  600. return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY, NULL);
  601. }
  602. int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
  603. {
  604. return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY, params);
  605. }
  606. int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
  607. const unsigned char *sig, size_t siglen,
  608. const unsigned char *tbs, size_t tbslen)
  609. {
  610. int ret;
  611. if (ctx == NULL) {
  612. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  613. return -2;
  614. }
  615. if (ctx->operation != EVP_PKEY_OP_VERIFY) {
  616. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
  617. return -1;
  618. }
  619. if (ctx->op.sig.algctx == NULL)
  620. goto legacy;
  621. ret = ctx->op.sig.signature->verify(ctx->op.sig.algctx, sig, siglen,
  622. tbs, tbslen);
  623. return ret;
  624. legacy:
  625. if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) {
  626. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  627. return -2;
  628. }
  629. return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
  630. }
  631. int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
  632. {
  633. return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER, NULL);
  634. }
  635. int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx,
  636. const OSSL_PARAM params[])
  637. {
  638. return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER, params);
  639. }
  640. int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
  641. unsigned char *rout, size_t *routlen,
  642. const unsigned char *sig, size_t siglen)
  643. {
  644. int ret;
  645. if (ctx == NULL) {
  646. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  647. return -2;
  648. }
  649. if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
  650. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
  651. return -1;
  652. }
  653. if (ctx->op.sig.algctx == NULL)
  654. goto legacy;
  655. ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.algctx, rout,
  656. routlen,
  657. (rout == NULL ? 0 : *routlen),
  658. sig, siglen);
  659. return ret;
  660. legacy:
  661. if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) {
  662. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  663. return -2;
  664. }
  665. M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
  666. return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
  667. }