2 * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/cryptlib.h"
12 #include <openssl/evp.h>
13 #include <openssl/objects.h>
14 #include <openssl/x509.h>
15 #include "crypto/evp.h"
16 #include "internal/provider.h"
17 #include "evp_local.h"
21 static int update(EVP_MD_CTX
*ctx
, const void *data
, size_t datalen
)
23 EVPerr(EVP_F_UPDATE
, EVP_R_ONLY_ONESHOT_SUPPORTED
);
27 static int do_sigver_init(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
28 const EVP_MD
*type
, const char *mdname
,
29 const char *props
, ENGINE
*e
, EVP_PKEY
*pkey
,
32 EVP_PKEY_CTX
*locpctx
= NULL
;
33 EVP_SIGNATURE
*signature
= NULL
;
34 EVP_KEYMGMT
*tmp_keymgmt
= NULL
;
35 const char *supported_sig
= NULL
;
36 char locmdname
[80] = ""; /* 80 chars should be enough */
40 if (ctx
->provctx
!= NULL
) {
41 if (!ossl_assert(ctx
->digest
!= NULL
)) {
42 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
45 if (ctx
->digest
->freectx
!= NULL
)
46 ctx
->digest
->freectx(ctx
->provctx
);
50 if (ctx
->pctx
== NULL
)
51 ctx
->pctx
= EVP_PKEY_CTX_new(pkey
, e
);
52 if (ctx
->pctx
== NULL
)
56 evp_pkey_ctx_free_old_ops(locpctx
);
59 * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark()
60 * calls can be removed.
64 if (locpctx
->keytype
== NULL
)
67 /* Ensure that the key is provided. If not, go legacy */
68 tmp_keymgmt
= locpctx
->keymgmt
;
69 provkey
= evp_pkey_make_provided(locpctx
->pkey
, locpctx
->libctx
,
70 &tmp_keymgmt
, locpctx
->propquery
, 0);
73 if (!EVP_KEYMGMT_up_ref(tmp_keymgmt
)) {
74 ERR_clear_last_mark();
75 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
78 EVP_KEYMGMT_free(locpctx
->keymgmt
);
79 locpctx
->keymgmt
= tmp_keymgmt
;
81 if (locpctx
->keymgmt
->query_operation_name
!= NULL
)
83 locpctx
->keymgmt
->query_operation_name(OSSL_OP_SIGNATURE
);
86 * If we didn't get a supported sig, assume there is one with the
87 * same name as the key type.
89 if (supported_sig
== NULL
)
90 supported_sig
= locpctx
->keytype
;
93 * Because we cleared out old ops, we shouldn't need to worry about
94 * checking if signature is already there.
96 signature
= EVP_SIGNATURE_fetch(locpctx
->libctx
, supported_sig
,
100 || (EVP_KEYMGMT_provider(locpctx
->keymgmt
)
101 != EVP_SIGNATURE_provider(signature
))) {
103 * We don't need to free ctx->keymgmt here, as it's not necessarily
104 * tied to this operation. It will be freed by EVP_PKEY_CTX_free().
106 EVP_SIGNATURE_free(signature
);
111 * TODO remove this when legacy is gone
112 * If we don't have the full support we need with provided methods,
113 * let's go see if legacy does.
117 /* No more legacy from here down to legacy: */
122 locpctx
->op
.sig
.signature
= signature
;
123 locpctx
->operation
= ver
? EVP_PKEY_OP_VERIFYCTX
124 : EVP_PKEY_OP_SIGNCTX
;
125 locpctx
->op
.sig
.sigprovctx
126 = signature
->newctx(ossl_provider_ctx(signature
->prov
));
127 if (locpctx
->op
.sig
.sigprovctx
== NULL
) {
128 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
132 ctx
->reqdigest
= type
;
134 mdname
= EVP_MD_name(type
);
137 && EVP_PKEY_get_default_digest_name(locpctx
->pkey
, locmdname
,
141 if (mdname
!= NULL
) {
143 * This might be requested by a later call to EVP_MD_CTX_md().
144 * In that case the "explicit fetch" rules apply for that
145 * function (as per man pages), i.e. the ref count is not updated
146 * so the EVP_MD should not be used beyound the lifetime of the
149 ctx
->reqdigest
= ctx
->fetched_digest
=
150 EVP_MD_fetch(locpctx
->libctx
, mdname
, props
);
155 if (signature
->digest_verify_init
== NULL
) {
156 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
159 ret
= signature
->digest_verify_init(locpctx
->op
.sig
.sigprovctx
,
160 mdname
, props
, provkey
);
162 if (signature
->digest_sign_init
== NULL
) {
163 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
166 ret
= signature
->digest_sign_init(locpctx
->op
.sig
.sigprovctx
,
167 mdname
, props
, provkey
);
172 evp_pkey_ctx_free_old_ops(locpctx
);
173 locpctx
->operation
= EVP_PKEY_OP_UNDEFINED
;
178 * TODO remove this when legacy is gone
179 * If we don't have the full support we need with provided methods,
180 * let's go see if legacy does.
184 if (ctx
->pctx
->pmeth
== NULL
) {
185 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE
);
189 if (!(ctx
->pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
)) {
193 if (EVP_PKEY_get_default_digest_nid(pkey
, &def_nid
) > 0)
194 type
= EVP_get_digestbynid(def_nid
);
198 EVPerr(EVP_F_DO_SIGVER_INIT
, EVP_R_NO_DEFAULT_DIGEST
);
204 if (ctx
->pctx
->pmeth
->verifyctx_init
) {
205 if (ctx
->pctx
->pmeth
->verifyctx_init(ctx
->pctx
, ctx
) <= 0)
207 ctx
->pctx
->operation
= EVP_PKEY_OP_VERIFYCTX
;
208 } else if (ctx
->pctx
->pmeth
->digestverify
!= 0) {
209 ctx
->pctx
->operation
= EVP_PKEY_OP_VERIFY
;
210 ctx
->update
= update
;
211 } else if (EVP_PKEY_verify_init(ctx
->pctx
) <= 0) {
215 if (ctx
->pctx
->pmeth
->signctx_init
) {
216 if (ctx
->pctx
->pmeth
->signctx_init(ctx
->pctx
, ctx
) <= 0)
218 ctx
->pctx
->operation
= EVP_PKEY_OP_SIGNCTX
;
219 } else if (ctx
->pctx
->pmeth
->digestsign
!= 0) {
220 ctx
->pctx
->operation
= EVP_PKEY_OP_SIGN
;
221 ctx
->update
= update
;
222 } else if (EVP_PKEY_sign_init(ctx
->pctx
) <= 0) {
226 if (EVP_PKEY_CTX_set_signature_md(ctx
->pctx
, type
) <= 0)
230 if (ctx
->pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
)
232 if (!EVP_DigestInit_ex(ctx
, type
, e
))
235 * This indicates the current algorithm requires
236 * special treatment before hashing the tbs-message.
238 if (ctx
->pctx
->pmeth
->digest_custom
!= NULL
)
239 return ctx
->pctx
->pmeth
->digest_custom(ctx
->pctx
, ctx
);
244 int EVP_DigestSignInit_ex(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
245 const char *mdname
, const char *props
, EVP_PKEY
*pkey
)
247 return do_sigver_init(ctx
, pctx
, NULL
, mdname
, props
, NULL
, pkey
, 0);
250 int EVP_DigestSignInit(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
251 const EVP_MD
*type
, ENGINE
*e
, EVP_PKEY
*pkey
)
253 return do_sigver_init(ctx
, pctx
, type
, NULL
, NULL
, e
, pkey
, 0);
256 int EVP_DigestVerifyInit_ex(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
257 const char *mdname
, const char *props
,
260 return do_sigver_init(ctx
, pctx
, NULL
, mdname
, props
, NULL
, pkey
, 1);
263 int EVP_DigestVerifyInit(EVP_MD_CTX
*ctx
, EVP_PKEY_CTX
**pctx
,
264 const EVP_MD
*type
, ENGINE
*e
, EVP_PKEY
*pkey
)
266 return do_sigver_init(ctx
, pctx
, type
, NULL
, NULL
, e
, pkey
, 1);
268 #endif /* FIPS_MDOE */
270 int EVP_DigestSignUpdate(EVP_MD_CTX
*ctx
, const void *data
, size_t dsize
)
272 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
275 || pctx
->operation
!= EVP_PKEY_OP_SIGNCTX
276 || pctx
->op
.sig
.sigprovctx
== NULL
277 || pctx
->op
.sig
.signature
== NULL
)
280 return pctx
->op
.sig
.signature
->digest_sign_update(pctx
->op
.sig
.sigprovctx
,
284 return EVP_DigestUpdate(ctx
, data
, dsize
);
287 int EVP_DigestVerifyUpdate(EVP_MD_CTX
*ctx
, const void *data
, size_t dsize
)
289 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
292 || pctx
->operation
!= EVP_PKEY_OP_VERIFYCTX
293 || pctx
->op
.sig
.sigprovctx
== NULL
294 || pctx
->op
.sig
.signature
== NULL
)
297 return pctx
->op
.sig
.signature
->digest_verify_update(pctx
->op
.sig
.sigprovctx
,
301 return EVP_DigestUpdate(ctx
, data
, dsize
);
305 int EVP_DigestSignFinal(EVP_MD_CTX
*ctx
, unsigned char *sigret
,
309 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
312 || pctx
->operation
!= EVP_PKEY_OP_SIGNCTX
313 || pctx
->op
.sig
.sigprovctx
== NULL
314 || pctx
->op
.sig
.signature
== NULL
)
317 return pctx
->op
.sig
.signature
->digest_sign_final(pctx
->op
.sig
.sigprovctx
,
318 sigret
, siglen
, SIZE_MAX
);
321 if (pctx
== NULL
|| pctx
->pmeth
== NULL
) {
322 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
326 if (pctx
->pmeth
->flags
& EVP_PKEY_FLAG_SIGCTX_CUSTOM
) {
328 return pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
329 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
)
330 r
= pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
332 EVP_PKEY_CTX
*dctx
= EVP_PKEY_CTX_dup(pctx
);
336 r
= dctx
->pmeth
->signctx(dctx
, sigret
, siglen
, ctx
);
337 EVP_PKEY_CTX_free(dctx
);
341 if (pctx
->pmeth
->signctx
!= NULL
)
345 if (sigret
!= NULL
) {
346 unsigned char md
[EVP_MAX_MD_SIZE
];
347 unsigned int mdlen
= 0;
349 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
) {
351 r
= pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
);
353 r
= EVP_DigestFinal_ex(ctx
, md
, &mdlen
);
355 EVP_MD_CTX
*tmp_ctx
= EVP_MD_CTX_new();
359 if (!EVP_MD_CTX_copy_ex(tmp_ctx
, ctx
)) {
360 EVP_MD_CTX_free(tmp_ctx
);
364 r
= tmp_ctx
->pctx
->pmeth
->signctx(tmp_ctx
->pctx
,
365 sigret
, siglen
, tmp_ctx
);
367 r
= EVP_DigestFinal_ex(tmp_ctx
, md
, &mdlen
);
368 EVP_MD_CTX_free(tmp_ctx
);
372 if (EVP_PKEY_sign(pctx
, sigret
, siglen
, md
, mdlen
) <= 0)
376 if (pctx
->pmeth
->signctx(pctx
, sigret
, siglen
, ctx
) <= 0)
379 int s
= EVP_MD_size(ctx
->digest
);
381 if (s
< 0 || EVP_PKEY_sign(pctx
, sigret
, siglen
, NULL
, s
) <= 0)
388 int EVP_DigestSign(EVP_MD_CTX
*ctx
, unsigned char *sigret
, size_t *siglen
,
389 const unsigned char *tbs
, size_t tbslen
)
391 if (ctx
->pctx
->pmeth
!= NULL
&& ctx
->pctx
->pmeth
->digestsign
!= NULL
)
392 return ctx
->pctx
->pmeth
->digestsign(ctx
, sigret
, siglen
, tbs
, tbslen
);
393 if (sigret
!= NULL
&& EVP_DigestSignUpdate(ctx
, tbs
, tbslen
) <= 0)
395 return EVP_DigestSignFinal(ctx
, sigret
, siglen
);
398 int EVP_DigestVerifyFinal(EVP_MD_CTX
*ctx
, const unsigned char *sig
,
401 unsigned char md
[EVP_MAX_MD_SIZE
];
403 unsigned int mdlen
= 0;
405 EVP_PKEY_CTX
*pctx
= ctx
->pctx
;
408 || pctx
->operation
!= EVP_PKEY_OP_VERIFYCTX
409 || pctx
->op
.sig
.sigprovctx
== NULL
410 || pctx
->op
.sig
.signature
== NULL
)
413 return pctx
->op
.sig
.signature
->digest_verify_final(pctx
->op
.sig
.sigprovctx
,
417 if (pctx
== NULL
|| pctx
->pmeth
== NULL
) {
418 ERR_raise(ERR_LIB_EVP
, EVP_R_INITIALIZATION_ERROR
);
422 if (pctx
->pmeth
->verifyctx
!= NULL
)
426 if (ctx
->flags
& EVP_MD_CTX_FLAG_FINALISE
) {
428 r
= pctx
->pmeth
->verifyctx(pctx
, sig
, siglen
, ctx
);
430 r
= EVP_DigestFinal_ex(ctx
, md
, &mdlen
);
432 EVP_MD_CTX
*tmp_ctx
= EVP_MD_CTX_new();
435 if (!EVP_MD_CTX_copy_ex(tmp_ctx
, ctx
)) {
436 EVP_MD_CTX_free(tmp_ctx
);
440 r
= tmp_ctx
->pctx
->pmeth
->verifyctx(tmp_ctx
->pctx
,
441 sig
, siglen
, tmp_ctx
);
443 r
= EVP_DigestFinal_ex(tmp_ctx
, md
, &mdlen
);
444 EVP_MD_CTX_free(tmp_ctx
);
448 return EVP_PKEY_verify(pctx
, sig
, siglen
, md
, mdlen
);
451 int EVP_DigestVerify(EVP_MD_CTX
*ctx
, const unsigned char *sigret
,
452 size_t siglen
, const unsigned char *tbs
, size_t tbslen
)
454 if (ctx
->pctx
->pmeth
!= NULL
&& ctx
->pctx
->pmeth
->digestverify
!= NULL
)
455 return ctx
->pctx
->pmeth
->digestverify(ctx
, sigret
, siglen
, tbs
, tbslen
);
456 if (EVP_DigestVerifyUpdate(ctx
, tbs
, tbslen
) <= 0)
458 return EVP_DigestVerifyFinal(ctx
, sigret
, siglen
);
460 #endif /* FIPS_MODE */