m_sigver.c 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169
  1. /*
  2. * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/evp.h>
  12. #include <openssl/objects.h>
  13. #include <openssl/x509.h>
  14. #include "internal/evp_int.h"
  15. #include "evp_locl.h"
  16. static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
  17. const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey,
  18. int ver)
  19. {
  20. if (ctx->pctx == NULL)
  21. ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
  22. if (ctx->pctx == NULL)
  23. return 0;
  24. if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) {
  25. if (type == NULL) {
  26. int def_nid;
  27. if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
  28. type = EVP_get_digestbynid(def_nid);
  29. }
  30. if (type == NULL) {
  31. EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST);
  32. return 0;
  33. }
  34. }
  35. if (ver) {
  36. if (ctx->pctx->pmeth->verifyctx_init) {
  37. if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0)
  38. return 0;
  39. ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX;
  40. } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0)
  41. return 0;
  42. } else {
  43. if (ctx->pctx->pmeth->signctx_init) {
  44. if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0)
  45. return 0;
  46. ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
  47. } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0)
  48. return 0;
  49. }
  50. if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
  51. return 0;
  52. if (pctx)
  53. *pctx = ctx->pctx;
  54. if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
  55. return 1;
  56. if (!EVP_DigestInit_ex(ctx, type, e))
  57. return 0;
  58. return 1;
  59. }
  60. int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
  61. const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
  62. {
  63. return do_sigver_init(ctx, pctx, type, e, pkey, 0);
  64. }
  65. int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
  66. const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
  67. {
  68. return do_sigver_init(ctx, pctx, type, e, pkey, 1);
  69. }
  70. int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
  71. size_t *siglen)
  72. {
  73. int sctx = 0, r = 0;
  74. EVP_PKEY_CTX *pctx = ctx->pctx;
  75. if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) {
  76. if (!sigret)
  77. return pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
  78. if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE)
  79. r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
  80. else {
  81. EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_dup(ctx->pctx);
  82. if (!dctx)
  83. return 0;
  84. r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx);
  85. EVP_PKEY_CTX_free(dctx);
  86. }
  87. return r;
  88. }
  89. if (pctx->pmeth->signctx)
  90. sctx = 1;
  91. else
  92. sctx = 0;
  93. if (sigret) {
  94. unsigned char md[EVP_MAX_MD_SIZE];
  95. unsigned int mdlen = 0;
  96. if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
  97. if (sctx)
  98. r = ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx);
  99. else
  100. r = EVP_DigestFinal_ex(ctx, md, &mdlen);
  101. } else {
  102. EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
  103. if (tmp_ctx == NULL || !EVP_MD_CTX_copy_ex(tmp_ctx, ctx))
  104. return 0;
  105. if (sctx)
  106. r = tmp_ctx->pctx->pmeth->signctx(tmp_ctx->pctx,
  107. sigret, siglen, tmp_ctx);
  108. else
  109. r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
  110. EVP_MD_CTX_free(tmp_ctx);
  111. }
  112. if (sctx || !r)
  113. return r;
  114. if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0)
  115. return 0;
  116. } else {
  117. if (sctx) {
  118. if (pctx->pmeth->signctx(pctx, sigret, siglen, ctx) <= 0)
  119. return 0;
  120. } else {
  121. int s = EVP_MD_size(ctx->digest);
  122. if (s < 0 || EVP_PKEY_sign(pctx, sigret, siglen, NULL, s) <= 0)
  123. return 0;
  124. }
  125. }
  126. return 1;
  127. }
  128. int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
  129. size_t siglen)
  130. {
  131. unsigned char md[EVP_MAX_MD_SIZE];
  132. int r = 0;
  133. unsigned int mdlen = 0;
  134. int vctx = 0;
  135. if (ctx->pctx->pmeth->verifyctx)
  136. vctx = 1;
  137. else
  138. vctx = 0;
  139. if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
  140. if (vctx) {
  141. r = ctx->pctx->pmeth->verifyctx(ctx->pctx, sig, siglen, ctx);
  142. } else
  143. r = EVP_DigestFinal_ex(ctx, md, &mdlen);
  144. } else {
  145. EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
  146. if (tmp_ctx == NULL || !EVP_MD_CTX_copy_ex(tmp_ctx, ctx))
  147. return -1;
  148. if (vctx) {
  149. r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx,
  150. sig, siglen, tmp_ctx);
  151. } else
  152. r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
  153. EVP_MD_CTX_free(tmp_ctx);
  154. }
  155. if (vctx || !r)
  156. return r;
  157. return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen);
  158. }