2
0

signature.c 25 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759
  1. /*
  2. * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <stdlib.h>
  11. #include <openssl/objects.h>
  12. #include <openssl/evp.h>
  13. #include "internal/numbers.h" /* includes SIZE_MAX */
  14. #include "internal/cryptlib.h"
  15. #include "internal/provider.h"
  16. #include "internal/core.h"
  17. #include "crypto/evp.h"
  18. #include "evp_local.h"
  19. static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov)
  20. {
  21. EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE));
  22. if (signature == NULL)
  23. return NULL;
  24. if (!CRYPTO_NEW_REF(&signature->refcnt, 1)) {
  25. OPENSSL_free(signature);
  26. return NULL;
  27. }
  28. signature->prov = prov;
  29. ossl_provider_up_ref(prov);
  30. return signature;
  31. }
  32. static void *evp_signature_from_algorithm(int name_id,
  33. const OSSL_ALGORITHM *algodef,
  34. OSSL_PROVIDER *prov)
  35. {
  36. const OSSL_DISPATCH *fns = algodef->implementation;
  37. EVP_SIGNATURE *signature = NULL;
  38. int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0;
  39. int digsignfncnt = 0, digverifyfncnt = 0;
  40. int gparamfncnt = 0, sparamfncnt = 0, gmdparamfncnt = 0, smdparamfncnt = 0;
  41. if ((signature = evp_signature_new(prov)) == NULL) {
  42. ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
  43. goto err;
  44. }
  45. signature->name_id = name_id;
  46. if ((signature->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL)
  47. goto err;
  48. signature->description = algodef->algorithm_description;
  49. for (; fns->function_id != 0; fns++) {
  50. switch (fns->function_id) {
  51. case OSSL_FUNC_SIGNATURE_NEWCTX:
  52. if (signature->newctx != NULL)
  53. break;
  54. signature->newctx = OSSL_FUNC_signature_newctx(fns);
  55. ctxfncnt++;
  56. break;
  57. case OSSL_FUNC_SIGNATURE_SIGN_INIT:
  58. if (signature->sign_init != NULL)
  59. break;
  60. signature->sign_init = OSSL_FUNC_signature_sign_init(fns);
  61. signfncnt++;
  62. break;
  63. case OSSL_FUNC_SIGNATURE_SIGN:
  64. if (signature->sign != NULL)
  65. break;
  66. signature->sign = OSSL_FUNC_signature_sign(fns);
  67. signfncnt++;
  68. break;
  69. case OSSL_FUNC_SIGNATURE_VERIFY_INIT:
  70. if (signature->verify_init != NULL)
  71. break;
  72. signature->verify_init = OSSL_FUNC_signature_verify_init(fns);
  73. verifyfncnt++;
  74. break;
  75. case OSSL_FUNC_SIGNATURE_VERIFY:
  76. if (signature->verify != NULL)
  77. break;
  78. signature->verify = OSSL_FUNC_signature_verify(fns);
  79. verifyfncnt++;
  80. break;
  81. case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT:
  82. if (signature->verify_recover_init != NULL)
  83. break;
  84. signature->verify_recover_init
  85. = OSSL_FUNC_signature_verify_recover_init(fns);
  86. verifyrecfncnt++;
  87. break;
  88. case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER:
  89. if (signature->verify_recover != NULL)
  90. break;
  91. signature->verify_recover
  92. = OSSL_FUNC_signature_verify_recover(fns);
  93. verifyrecfncnt++;
  94. break;
  95. case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT:
  96. if (signature->digest_sign_init != NULL)
  97. break;
  98. signature->digest_sign_init
  99. = OSSL_FUNC_signature_digest_sign_init(fns);
  100. break;
  101. case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE:
  102. if (signature->digest_sign_update != NULL)
  103. break;
  104. signature->digest_sign_update
  105. = OSSL_FUNC_signature_digest_sign_update(fns);
  106. digsignfncnt++;
  107. break;
  108. case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL:
  109. if (signature->digest_sign_final != NULL)
  110. break;
  111. signature->digest_sign_final
  112. = OSSL_FUNC_signature_digest_sign_final(fns);
  113. digsignfncnt++;
  114. break;
  115. case OSSL_FUNC_SIGNATURE_DIGEST_SIGN:
  116. if (signature->digest_sign != NULL)
  117. break;
  118. signature->digest_sign
  119. = OSSL_FUNC_signature_digest_sign(fns);
  120. break;
  121. case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT:
  122. if (signature->digest_verify_init != NULL)
  123. break;
  124. signature->digest_verify_init
  125. = OSSL_FUNC_signature_digest_verify_init(fns);
  126. break;
  127. case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE:
  128. if (signature->digest_verify_update != NULL)
  129. break;
  130. signature->digest_verify_update
  131. = OSSL_FUNC_signature_digest_verify_update(fns);
  132. digverifyfncnt++;
  133. break;
  134. case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL:
  135. if (signature->digest_verify_final != NULL)
  136. break;
  137. signature->digest_verify_final
  138. = OSSL_FUNC_signature_digest_verify_final(fns);
  139. digverifyfncnt++;
  140. break;
  141. case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY:
  142. if (signature->digest_verify != NULL)
  143. break;
  144. signature->digest_verify
  145. = OSSL_FUNC_signature_digest_verify(fns);
  146. break;
  147. case OSSL_FUNC_SIGNATURE_FREECTX:
  148. if (signature->freectx != NULL)
  149. break;
  150. signature->freectx = OSSL_FUNC_signature_freectx(fns);
  151. ctxfncnt++;
  152. break;
  153. case OSSL_FUNC_SIGNATURE_DUPCTX:
  154. if (signature->dupctx != NULL)
  155. break;
  156. signature->dupctx = OSSL_FUNC_signature_dupctx(fns);
  157. break;
  158. case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS:
  159. if (signature->get_ctx_params != NULL)
  160. break;
  161. signature->get_ctx_params
  162. = OSSL_FUNC_signature_get_ctx_params(fns);
  163. gparamfncnt++;
  164. break;
  165. case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS:
  166. if (signature->gettable_ctx_params != NULL)
  167. break;
  168. signature->gettable_ctx_params
  169. = OSSL_FUNC_signature_gettable_ctx_params(fns);
  170. gparamfncnt++;
  171. break;
  172. case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS:
  173. if (signature->set_ctx_params != NULL)
  174. break;
  175. signature->set_ctx_params
  176. = OSSL_FUNC_signature_set_ctx_params(fns);
  177. sparamfncnt++;
  178. break;
  179. case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS:
  180. if (signature->settable_ctx_params != NULL)
  181. break;
  182. signature->settable_ctx_params
  183. = OSSL_FUNC_signature_settable_ctx_params(fns);
  184. sparamfncnt++;
  185. break;
  186. case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS:
  187. if (signature->get_ctx_md_params != NULL)
  188. break;
  189. signature->get_ctx_md_params
  190. = OSSL_FUNC_signature_get_ctx_md_params(fns);
  191. gmdparamfncnt++;
  192. break;
  193. case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS:
  194. if (signature->gettable_ctx_md_params != NULL)
  195. break;
  196. signature->gettable_ctx_md_params
  197. = OSSL_FUNC_signature_gettable_ctx_md_params(fns);
  198. gmdparamfncnt++;
  199. break;
  200. case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS:
  201. if (signature->set_ctx_md_params != NULL)
  202. break;
  203. signature->set_ctx_md_params
  204. = OSSL_FUNC_signature_set_ctx_md_params(fns);
  205. smdparamfncnt++;
  206. break;
  207. case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS:
  208. if (signature->settable_ctx_md_params != NULL)
  209. break;
  210. signature->settable_ctx_md_params
  211. = OSSL_FUNC_signature_settable_ctx_md_params(fns);
  212. smdparamfncnt++;
  213. break;
  214. }
  215. }
  216. if (ctxfncnt != 2
  217. || (signfncnt == 0
  218. && verifyfncnt == 0
  219. && verifyrecfncnt == 0
  220. && digsignfncnt == 0
  221. && digverifyfncnt == 0
  222. && signature->digest_sign == NULL
  223. && signature->digest_verify == NULL)
  224. || (signfncnt != 0 && signfncnt != 2)
  225. || (verifyfncnt != 0 && verifyfncnt != 2)
  226. || (verifyrecfncnt != 0 && verifyrecfncnt != 2)
  227. || (digsignfncnt != 0 && digsignfncnt != 2)
  228. || (digsignfncnt == 2 && signature->digest_sign_init == NULL)
  229. || (digverifyfncnt != 0 && digverifyfncnt != 2)
  230. || (digverifyfncnt == 2 && signature->digest_verify_init == NULL)
  231. || (signature->digest_sign != NULL
  232. && signature->digest_sign_init == NULL)
  233. || (signature->digest_verify != NULL
  234. && signature->digest_verify_init == NULL)
  235. || (gparamfncnt != 0 && gparamfncnt != 2)
  236. || (sparamfncnt != 0 && sparamfncnt != 2)
  237. || (gmdparamfncnt != 0 && gmdparamfncnt != 2)
  238. || (smdparamfncnt != 0 && smdparamfncnt != 2)) {
  239. /*
  240. * In order to be a consistent set of functions we must have at least
  241. * a set of context functions (newctx and freectx) as well as a set of
  242. * "signature" functions:
  243. * (sign_init, sign) or
  244. * (verify_init verify) or
  245. * (verify_recover_init, verify_recover) or
  246. * (digest_sign_init, digest_sign_update, digest_sign_final) or
  247. * (digest_verify_init, digest_verify_update, digest_verify_final) or
  248. * (digest_sign_init, digest_sign) or
  249. * (digest_verify_init, digest_verify).
  250. *
  251. * set_ctx_params and settable_ctx_params are optional, but if one of
  252. * them is present then the other one must also be present. The same
  253. * applies to get_ctx_params and gettable_ctx_params. The same rules
  254. * apply to the "md_params" functions. The dupctx function is optional.
  255. */
  256. ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
  257. goto err;
  258. }
  259. return signature;
  260. err:
  261. EVP_SIGNATURE_free(signature);
  262. return NULL;
  263. }
  264. void EVP_SIGNATURE_free(EVP_SIGNATURE *signature)
  265. {
  266. int i;
  267. if (signature == NULL)
  268. return;
  269. CRYPTO_DOWN_REF(&signature->refcnt, &i);
  270. if (i > 0)
  271. return;
  272. OPENSSL_free(signature->type_name);
  273. ossl_provider_free(signature->prov);
  274. CRYPTO_FREE_REF(&signature->refcnt);
  275. OPENSSL_free(signature);
  276. }
  277. int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature)
  278. {
  279. int ref = 0;
  280. CRYPTO_UP_REF(&signature->refcnt, &ref);
  281. return 1;
  282. }
  283. OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature)
  284. {
  285. return signature->prov;
  286. }
  287. EVP_SIGNATURE *EVP_SIGNATURE_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
  288. const char *properties)
  289. {
  290. return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties,
  291. evp_signature_from_algorithm,
  292. (int (*)(void *))EVP_SIGNATURE_up_ref,
  293. (void (*)(void *))EVP_SIGNATURE_free);
  294. }
  295. EVP_SIGNATURE *evp_signature_fetch_from_prov(OSSL_PROVIDER *prov,
  296. const char *algorithm,
  297. const char *properties)
  298. {
  299. return evp_generic_fetch_from_prov(prov, OSSL_OP_SIGNATURE,
  300. algorithm, properties,
  301. evp_signature_from_algorithm,
  302. (int (*)(void *))EVP_SIGNATURE_up_ref,
  303. (void (*)(void *))EVP_SIGNATURE_free);
  304. }
  305. int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name)
  306. {
  307. return signature != NULL
  308. && evp_is_a(signature->prov, signature->name_id, NULL, name);
  309. }
  310. int evp_signature_get_number(const EVP_SIGNATURE *signature)
  311. {
  312. return signature->name_id;
  313. }
  314. const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature)
  315. {
  316. return signature->type_name;
  317. }
  318. const char *EVP_SIGNATURE_get0_description(const EVP_SIGNATURE *signature)
  319. {
  320. return signature->description;
  321. }
  322. void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx,
  323. void (*fn)(EVP_SIGNATURE *signature,
  324. void *arg),
  325. void *arg)
  326. {
  327. evp_generic_do_all(libctx, OSSL_OP_SIGNATURE,
  328. (void (*)(void *, void *))fn, arg,
  329. evp_signature_from_algorithm,
  330. (int (*)(void *))EVP_SIGNATURE_up_ref,
  331. (void (*)(void *))EVP_SIGNATURE_free);
  332. }
  333. int EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature,
  334. void (*fn)(const char *name, void *data),
  335. void *data)
  336. {
  337. if (signature->prov != NULL)
  338. return evp_names_do_all(signature->prov, signature->name_id, fn, data);
  339. return 1;
  340. }
  341. const OSSL_PARAM *EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig)
  342. {
  343. void *provctx;
  344. if (sig == NULL || sig->gettable_ctx_params == NULL)
  345. return NULL;
  346. provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig));
  347. return sig->gettable_ctx_params(NULL, provctx);
  348. }
  349. const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig)
  350. {
  351. void *provctx;
  352. if (sig == NULL || sig->settable_ctx_params == NULL)
  353. return NULL;
  354. provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig));
  355. return sig->settable_ctx_params(NULL, provctx);
  356. }
  357. static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation,
  358. const OSSL_PARAM params[])
  359. {
  360. int ret = 0;
  361. void *provkey = NULL;
  362. EVP_SIGNATURE *signature = NULL;
  363. EVP_KEYMGMT *tmp_keymgmt = NULL;
  364. const OSSL_PROVIDER *tmp_prov = NULL;
  365. const char *supported_sig = NULL;
  366. int iter;
  367. if (ctx == NULL) {
  368. ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
  369. return -1;
  370. }
  371. evp_pkey_ctx_free_old_ops(ctx);
  372. ctx->operation = operation;
  373. ERR_set_mark();
  374. if (evp_pkey_ctx_is_legacy(ctx))
  375. goto legacy;
  376. if (ctx->pkey == NULL) {
  377. ERR_clear_last_mark();
  378. ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
  379. goto err;
  380. }
  381. /*
  382. * Try to derive the supported signature from |ctx->keymgmt|.
  383. */
  384. if (!ossl_assert(ctx->pkey->keymgmt == NULL
  385. || ctx->pkey->keymgmt == ctx->keymgmt)) {
  386. ERR_clear_last_mark();
  387. ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
  388. goto err;
  389. }
  390. supported_sig = evp_keymgmt_util_query_operation_name(ctx->keymgmt,
  391. OSSL_OP_SIGNATURE);
  392. if (supported_sig == NULL) {
  393. ERR_clear_last_mark();
  394. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  395. goto err;
  396. }
  397. /*
  398. * We perform two iterations:
  399. *
  400. * 1. Do the normal signature fetch, using the fetching data given by
  401. * the EVP_PKEY_CTX.
  402. * 2. Do the provider specific signature fetch, from the same provider
  403. * as |ctx->keymgmt|
  404. *
  405. * We then try to fetch the keymgmt from the same provider as the
  406. * signature, and try to export |ctx->pkey| to that keymgmt (when
  407. * this keymgmt happens to be the same as |ctx->keymgmt|, the export
  408. * is a no-op, but we call it anyway to not complicate the code even
  409. * more).
  410. * If the export call succeeds (returns a non-NULL provider key pointer),
  411. * we're done and can perform the operation itself. If not, we perform
  412. * the second iteration, or jump to legacy.
  413. */
  414. for (iter = 1; iter < 3 && provkey == NULL; iter++) {
  415. EVP_KEYMGMT *tmp_keymgmt_tofree = NULL;
  416. /*
  417. * If we're on the second iteration, free the results from the first.
  418. * They are NULL on the first iteration, so no need to check what
  419. * iteration we're on.
  420. */
  421. EVP_SIGNATURE_free(signature);
  422. EVP_KEYMGMT_free(tmp_keymgmt);
  423. switch (iter) {
  424. case 1:
  425. signature =
  426. EVP_SIGNATURE_fetch(ctx->libctx, supported_sig, ctx->propquery);
  427. if (signature != NULL)
  428. tmp_prov = EVP_SIGNATURE_get0_provider(signature);
  429. break;
  430. case 2:
  431. tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt);
  432. signature =
  433. evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
  434. supported_sig, ctx->propquery);
  435. if (signature == NULL)
  436. goto legacy;
  437. break;
  438. }
  439. if (signature == NULL)
  440. continue;
  441. /*
  442. * Ensure that the key is provided, either natively, or as a cached
  443. * export. We start by fetching the keymgmt with the same name as
  444. * |ctx->pkey|, but from the provider of the signature method, using
  445. * the same property query as when fetching the signature method.
  446. * With the keymgmt we found (if we did), we try to export |ctx->pkey|
  447. * to it (evp_pkey_export_to_provider() is smart enough to only actually
  448. * export it if |tmp_keymgmt| is different from |ctx->pkey|'s keymgmt)
  449. */
  450. tmp_keymgmt_tofree = tmp_keymgmt =
  451. evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
  452. EVP_KEYMGMT_get0_name(ctx->keymgmt),
  453. ctx->propquery);
  454. if (tmp_keymgmt != NULL)
  455. provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
  456. &tmp_keymgmt, ctx->propquery);
  457. if (tmp_keymgmt == NULL)
  458. EVP_KEYMGMT_free(tmp_keymgmt_tofree);
  459. }
  460. if (provkey == NULL) {
  461. EVP_SIGNATURE_free(signature);
  462. goto legacy;
  463. }
  464. ERR_pop_to_mark();
  465. /* No more legacy from here down to legacy: */
  466. ctx->op.sig.signature = signature;
  467. ctx->op.sig.algctx =
  468. signature->newctx(ossl_provider_ctx(signature->prov), ctx->propquery);
  469. if (ctx->op.sig.algctx == NULL) {
  470. /* The provider key can stay in the cache */
  471. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  472. goto err;
  473. }
  474. switch (operation) {
  475. case EVP_PKEY_OP_SIGN:
  476. if (signature->sign_init == NULL) {
  477. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  478. ret = -2;
  479. goto err;
  480. }
  481. ret = signature->sign_init(ctx->op.sig.algctx, provkey, params);
  482. break;
  483. case EVP_PKEY_OP_VERIFY:
  484. if (signature->verify_init == NULL) {
  485. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  486. ret = -2;
  487. goto err;
  488. }
  489. ret = signature->verify_init(ctx->op.sig.algctx, provkey, params);
  490. break;
  491. case EVP_PKEY_OP_VERIFYRECOVER:
  492. if (signature->verify_recover_init == NULL) {
  493. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  494. ret = -2;
  495. goto err;
  496. }
  497. ret = signature->verify_recover_init(ctx->op.sig.algctx, provkey,
  498. params);
  499. break;
  500. default:
  501. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  502. goto err;
  503. }
  504. if (ret <= 0) {
  505. signature->freectx(ctx->op.sig.algctx);
  506. ctx->op.sig.algctx = NULL;
  507. goto err;
  508. }
  509. goto end;
  510. legacy:
  511. /*
  512. * If we don't have the full support we need with provided methods,
  513. * let's go see if legacy does.
  514. */
  515. ERR_pop_to_mark();
  516. EVP_KEYMGMT_free(tmp_keymgmt);
  517. tmp_keymgmt = NULL;
  518. if (ctx->pmeth == NULL
  519. || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL)
  520. || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL)
  521. || (operation == EVP_PKEY_OP_VERIFYRECOVER
  522. && ctx->pmeth->verify_recover == NULL)) {
  523. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  524. return -2;
  525. }
  526. switch (operation) {
  527. case EVP_PKEY_OP_SIGN:
  528. if (ctx->pmeth->sign_init == NULL)
  529. return 1;
  530. ret = ctx->pmeth->sign_init(ctx);
  531. break;
  532. case EVP_PKEY_OP_VERIFY:
  533. if (ctx->pmeth->verify_init == NULL)
  534. return 1;
  535. ret = ctx->pmeth->verify_init(ctx);
  536. break;
  537. case EVP_PKEY_OP_VERIFYRECOVER:
  538. if (ctx->pmeth->verify_recover_init == NULL)
  539. return 1;
  540. ret = ctx->pmeth->verify_recover_init(ctx);
  541. break;
  542. default:
  543. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  544. goto err;
  545. }
  546. if (ret <= 0)
  547. goto err;
  548. end:
  549. #ifndef FIPS_MODULE
  550. if (ret > 0)
  551. ret = evp_pkey_ctx_use_cached_data(ctx);
  552. #endif
  553. EVP_KEYMGMT_free(tmp_keymgmt);
  554. return ret;
  555. err:
  556. evp_pkey_ctx_free_old_ops(ctx);
  557. ctx->operation = EVP_PKEY_OP_UNDEFINED;
  558. EVP_KEYMGMT_free(tmp_keymgmt);
  559. return ret;
  560. }
  561. int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
  562. {
  563. return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN, NULL);
  564. }
  565. int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
  566. {
  567. return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN, params);
  568. }
  569. int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
  570. unsigned char *sig, size_t *siglen,
  571. const unsigned char *tbs, size_t tbslen)
  572. {
  573. int ret;
  574. if (ctx == NULL) {
  575. ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
  576. return -1;
  577. }
  578. if (ctx->operation != EVP_PKEY_OP_SIGN) {
  579. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
  580. return -1;
  581. }
  582. if (ctx->op.sig.algctx == NULL)
  583. goto legacy;
  584. if (ctx->op.sig.signature->sign == NULL) {
  585. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  586. return -2;
  587. }
  588. ret = ctx->op.sig.signature->sign(ctx->op.sig.algctx, sig, siglen,
  589. (sig == NULL) ? 0 : *siglen, tbs, tbslen);
  590. return ret;
  591. legacy:
  592. if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) {
  593. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  594. return -2;
  595. }
  596. M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
  597. return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
  598. }
  599. int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
  600. {
  601. return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY, NULL);
  602. }
  603. int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
  604. {
  605. return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY, params);
  606. }
  607. int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
  608. const unsigned char *sig, size_t siglen,
  609. const unsigned char *tbs, size_t tbslen)
  610. {
  611. int ret;
  612. if (ctx == NULL) {
  613. ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
  614. return -1;
  615. }
  616. if (ctx->operation != EVP_PKEY_OP_VERIFY) {
  617. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
  618. return -1;
  619. }
  620. if (ctx->op.sig.algctx == NULL)
  621. goto legacy;
  622. if (ctx->op.sig.signature->verify == NULL) {
  623. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  624. return -2;
  625. }
  626. ret = ctx->op.sig.signature->verify(ctx->op.sig.algctx, sig, siglen,
  627. tbs, tbslen);
  628. return ret;
  629. legacy:
  630. if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) {
  631. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  632. return -2;
  633. }
  634. return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
  635. }
  636. int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
  637. {
  638. return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER, NULL);
  639. }
  640. int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx,
  641. const OSSL_PARAM params[])
  642. {
  643. return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER, params);
  644. }
  645. int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
  646. unsigned char *rout, size_t *routlen,
  647. const unsigned char *sig, size_t siglen)
  648. {
  649. int ret;
  650. if (ctx == NULL) {
  651. ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
  652. return -1;
  653. }
  654. if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
  655. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
  656. return -1;
  657. }
  658. if (ctx->op.sig.algctx == NULL)
  659. goto legacy;
  660. if (ctx->op.sig.signature->verify_recover == NULL) {
  661. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  662. return -2;
  663. }
  664. ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.algctx, rout,
  665. routlen,
  666. (rout == NULL ? 0 : *routlen),
  667. sig, siglen);
  668. return ret;
  669. legacy:
  670. if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) {
  671. ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  672. return -2;
  673. }
  674. M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
  675. return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
  676. }